Slashdot Mirror
Vidomi GPL Violation Case Resolved
Andy Tai writes: "The Vidomi GPL violation case, previously mentioned at slashdot as the "first legal test of the GPL", has been resolved without going to court. Vidomi has split their program into two programs and released the source code of the encoder, which links to other GPLed libraries, under the GPL. The FSF has approved the resulting arrangement as compliant with the GPL." See the original story.
As long as the program as distributed is compiled and linked against the LGPL version of B, they're fine. If/when they distribute a copy of B to be used with D, they should distribute the LGPL version. The fact that it works with GPL versions of B too is a happy side effect, and there is no guarantee that later versions of B will still work. If later GPL versions of B break binary compaitibility with the LGPL version, they can't upgrade, since they're only allowed to distribute versions linked with the LGPL version.
To use a real-world example: Thousands of commercial, proprietary, closed source software packages were distributed linked to the Motif libraries. Then LessTif was released under the GPL; this did not force all Motif-based programs to be licensed under the GPL. The fact that Motif program "Foo" happens to be functional if you replace Motif with a GPL library is irrelevant, since Foo is not distributed as linked with LessTif. The binary compatibility does not make Foo a derivative work of the GPL code. If LessTif offered a feature *NOT* in Motif, Foo could not legally use it without becoming a derivative work of the LessTif, with all that entails, but as long as they stick to distributing based on Motif Foo is fine, license-wise.
----
----
Open mind, insert foot.
Copyright says that the recipients don't have any ownership of the code at all. GPL says you have ownership, but with some responsibilities. Seems to me that the GPL is less restrictive (you own it and can produce derivative works, etc) than copyright. I think you have the wrong idea about copyright, including the idea of "derivative works".
I can see why you use the term "infect". But "protect" would work just as well, as would "enhance". I expect that you use "infect" because you have a bias, probably one that you copy from other people. If this is the case, you might consider reading about copyright, and engaging your brain before opening your mouth (or typing =-).
Screw right or wrong. Simply put, the company isn't meeting it's obligations if it doesn't make it's best effort to prevent this sort of thing. They accepted those obligations when they assumed ownership (not copyright) of their copy of the library's code.
I really don't understand why you're picking on the GPL with this scenario. I expect that LGPL'd libraries infrequently switch to GPL. It seems much more likely that a commercial vendor would require a a new license fee for every version they released, regardless of whether you get anything more for your money.
For example, consider the mozilla/netscape split. Mozilla ended up recreating everything from scratch, because some of Netscape's code was integrated with closed-source products. That sounds like a much worse "infection" than your infectious-GPL example. At least in the LGPL->GPL example, one could continue using the LGPL'd code if one wanted, because one *owns* the code.
If you ever create anything worth owning, I expect you'll come to appreciate the purpose of the GPL and LGPL, and quit acting so high an mighty about your decision to disagree with them on an ideological level. You'll might even come to agree with them if you ever wish to own something you created after signing an intellectual property release for your employer.
The GPL and LGPL are well concieved licenses, and were produced with legal advisors. They are *not*, as you claim, ridiculous.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
So, putting 2 and 2 together, why can't the GPL be enforced in the same way? The lawyers get a cut, and the GPL gets enforced without the FSF or anyone else spending a penny.
--
Consider this scenario:
Distro "A" includes shared LGPL lib "B". Company "C" releases closed-source binary "D" that dynamically links against "B".
But, wait! Distro "A"'s *latest* version uses a new version of "B" that is binary-compatible with the previous version, yet is released under the GPL.
What is company "C" to do? All of a sudden they are distributing software that *could* be in violation of the GPL. (Yes, they could statically link that lib or do version checking. But is it really their responsibility to do so? What do they do about the copies already out there?)
Press Release from the FSA
For immediate release.
Due to the ever increasing potential for GPL code violations, the Open Source community has formed an alliance with your best interests in mind. Details below:
Keep it Legal --it is fast and easy!
Businesses copy code every day. Many of them get caught, don't let this happen to you!
Remember, all it takes is one disgruntled employee to trigger an audit.
Keep your code legal, release early and often! If in doubt about the legal issues surrounding your code just follow these three easy steps to make sure all your code is in compliance with the GPL.
1. Download a copy of our code inspector software. Its powerful search capability will find suspect code quickly and easily. Just point and click your potential problems away.
2. Contact the FSA for a free no risk consultation. Get help with your licensing problems from the people who know licenses best, the FSA.
3. Release any code through our dedicated portal and licensing service. Fast, painless and legal.
Do it today, before it is too late.
Blogging because I can...
Well, the FSF has a history of forgiving companies
and groups for initial mistakes with the GPL so long as they choose to become compliant. The latest one
was KDE/Qt debacle. The FSF seems to use its
leniency as a bargaining chip to bring people into
GPL compliance. IMHO, not a bad tactic.
That said, I am not seeing any indication of FSF
position in this case wrt past violations. They
may yet go to court, though I'd guess they have
better use for their money. OTOH, that press release
had "Open Source" all over it, so maybe RMS will
be pissed enough...
Vidomi has splited their program into two programs
I assume they splited off the part that included the spell and grammar checker.
---------------------------------------------
Recursive: Adj. See Recursive.
This brings up an even larger issue: if there is something that can only be accomplished one way, and people are likely to find the solution independently, should such a thing even be copyrightable (if that's a word)?
It seems to me that the purpose of copyright is to prevent freeloaders from ruining a system. I guess I'm thinking along these lines because I've been using the gnutella network lately and there is a lot of discussion on how to keep freeloaders from ruining that system, but I digress... :-)
When looked at this way, the GPL and proprietary licenses both use copyrights to keep their respective developement systems working properly. Companies like MS charge money so they can pay their employees and shareholders, while GPL'ed projects force code users to release the code for changes or additions. Both, in their own ways, allow for the continued development of the software, while avoiding a "Tragedy of the Commons" type of situation by making freeloading difficult.
However, I think it is clear that in a situation like you have described, there is no freeloading involved, so a copyright should not apply. I'm not sure how copyright law actually works, though, so this is just speculation. I seem to remember that patents are only supposed to be granted for works that are not obvious to an expert in the field (not like this matters in practice). Perhaps copyrights work the same. Do any lawyers out there have more info?
--------------------------
"Any fool can make a rule, and any fool will mind it."
"Any fool can make a rule, and any fool will mind it."
--Henry David Thoreau
Considering the grey-area of what constitutes 'stolen code', I don't think there will ever be a way of being 100% sure. Is taking a clever 2 line 'for' loop from someone elses code (that doesn't contribute greatly to the core functionality of either the GPL or the code-stealer's product) stealing? This has probably been discussed at length at /. before, but I thought it was worth pointing out that nothing is black and white (or whatever colors you've set in your terminal ;).
.. with all the DCMA bruhaha going on, the core issue is trying to catch 100% of all infractions. I'd think it to be slightly hypocritical to suggest that the GPL community should go all out to ensure 100% compliance given the resistance to similar efforts from the content/media industry. I think 10% of technical infractions (and I'll argue that they are the visible, obvious, easy to detect infractions) of both the GPL and DCMA misuse constitutes 90% of the loss for both licences/acts. In the case of media, the loss is revenue and control, in the case of GPL, the benifits of collaberation, credit, and revenue to the original authors of code. In fact, if it can be prooven that not writing up tons of technical barriers and legal restrictions beyond the core purposes of the GPL doesn't damage the community to a large extent, it'd be good fodder to throw back to the backers of the DCMA .. you'd be able to say, 'Chill ... we know there is some misuse, but we're still in business and benifiting off of the existance of the GPL. Same should go for the DCMA.' You know, like J-walking .. its technically illigal but not econmically or socially viable to persure means of ensuring 100% compliance. In other words, the possible loss in value resulting from infractions of the GPL and DCMA are not worth the inconvenience of pursuing 100% compliance.
.. okay, putting on my flame retardant suit now. Interesting question tho .. I've thought about this a few times myself.
Okay, so once you can really define what is 'stolen' code, I'd imagine that it shouldn't be too hard to:
- check the symbols in the binary to see if there are any symbols that match up against the GPL'd lib in question
- check what the binaries are dynamically linking against (although I doubt you'd be so lazy as to link against a GPL library dynamically and not expect to be caught)
- check the strings in the binary to see if they contain any strings known in the GPL'd code in question
Of course, this assumes you already have a suspicion that a binary might be violating the GPL of software 'X'.
I almost wonder if it shouldn't be a convention to include some sort of static char buffer 'watermark' in GPL'd libs/APIs, so you could search a suspect binary. Granted, the stealer could recompile the GPL'd libs without the string, or just steal code verbatim, but like I said, its impossible to get 100% certainty.
You know what tho
Just a few thoughts
"Old man yells at systemd"
Actually, this is exactly the main method of "getting around" the GPL. The only drawback is that this involves some increased latency so its not really suitable for high-performance software.
Since it isn't actually linked with the GPL'd code but rather uses bog-standard IPC, then there really isn't anything that can be done, unless someone wants to try and make the GPL applicable to anything that a GPL'd program talks to, which I'm pretty sure would never fly.
disgruntled employees
A large number of software copyright violations are not found by audits, but by ex-employees. This won't get every company that does this, but it can get a surprising amount.
The unethical developer woould put it in on purpose in case they were let go under poor terms.
-no broken link
The original author of VirutuaDub put up a page about Vidomi where he mentioned that SloMedia infringed seven projects (VirtualDub, FlaskMPEG, DVD2AVI, MPEG2DEC, AC3DEC, XingMP3, smart deinterlacer). Does the newly GPLed source cover all the infringing projects or just VirtuaDub.
Either way the VirtuaDub author seems just as pissed as most of the Slashdotter here about how they nver released the original source.
--
The point of the GPL is to ensure that open-source programs remain open-source and freely modifiable.
Wrong. The point of the GPL is that users of software have complete and total freedom with the software they've been given not the next version or the one after but the version that was distributed to them.
I don't see why using it as a lever to get a company to release proprietary source code they never intended to open would do any good.
If the proprietary code is made up of seven different Free Software components then the users of the software are supposed to get the source for the software.
--
No one can be forced to license their code under the GPL, even if they have violated the license. If a company violates the GPL, either deliberately or by misunderstanding the requirements, it is a copyright violation and should be handled as any other copyright violation. They really have two choices when it comes to resolving this: open up the violating code, or stop distributing it. They chose to take the second option and stop distributing the program in a manner that violates the GPL. Compliance has been enforced.
I think the important thing to take away from all this is that Professor Moglen writes his legal documents in LaTeX.
The evaluation of an action as 'practical' . . . depends on what it is that one wishes to practice.
Vidomi has splited their program into two programs
This news makes me so happy, I shited my pants. The original GPL violation made me so agry I spited.
Stupid like a fox!
Much of the debate between Vidomi and proponents of the GPL has been prolonged by Vidomi's incessant questioning of what exactly consitutes linkage. They have maintained from the very beginning that they don't think they're doing anything wrong, since the GPL code is in a separate DLL.
Of course, as many have pointed out, this is a fallacy - a DLL is, after all, another form of library - even if the code is not statically linked, it's linked nonetheless. The LGPL is designed as a less restrictive form of the GPL specifically for this purpose - enabling the distribution of a library without the "release your source" requirements of the GPL. Since Avery did not use the LGPL, we can assume that he intended the full requirements of the GPL to apply. In this case, fortunately, Vidomi has conceded.
Unfortunately, I can see future confusion arising the same question - what constitutes linkage? It's fairly trivial, for example, to write a small standalone application that links directly with a GPL library/DLL, and listens on a local TCP port. On receiving encoded commands from the TCP, it translates these to function calls into the GPL code, and returns the results back over the TCP connection - RPC style. Can the offending company, having written a trivial RPC layer, then release the source code for the server program, while keeping the client code closed-source?
Although the client is making extensive use of GPL code, it's not linked with it... it's in a completely different process. In fact, it could be on a completely different machine.
This strikes me as a relatively easy way for companies to get around the requirements of the GPL. Anyone have any thoughts on this?
Strags
Given that Microsoft has been spitting out FUD in large quantities about the viral quality of GPL and Open Source, this result actually proves them wrong, in the way that everyone always said it would:
All any developer need do, to use Open Source software, is invoke it as a separate program from the commercial program. All a company need do is keep all the stuff not part of its main line of business (the "crown jewels") in a commercial separate program and keep as GPL all the stuff that it doesn't need to control.
As an example, let's say the City of Seattle was reselling a computer program for electricity bill subrogation (a real example). They could have the really nifty stuff in a commercial program and leave most of it as GPL. The advantage is it's easier to resell - anyone who wants to can custom-code most of it, so long as it's not in the commercial section, which helps sell it, while letting the seller keep control of the proprietary code they sweated blood and research time to develop. Coders at the buyer are happy, cause they can fix bugs more often, and the seller is happy, cause more people buy their software.
End result is: GPL means more market!
--- Will in Seattle - What are you doing to fight the War?
Here is a question that has been nagging me - how is it possible to safeguard against closed-source developers stealing GPL'd code?
In cases like this, it's pretty easy to find out a violation took place. But what about a major closed-source project that uses pieces of GPL-d code? What if an embedded OS developer decided to use some Linux kernel code, without attribution, in a proprietary system? Would it be possible to detect the violation (looking for patterns in the binary, for example)?
Would it be possible to compel the company to show its source to a court in the event of a lawsuit?
The GPL may be enforceable, but that is cold comfort unless it is possible to detect and combat the use of stolen code.
A customer service representative will be with me shortly.
If all this should have a reason, we would be the last to know.
Thats the general procedure.
To behave ethically you must always alert the wrongdoing part and then let them correct it anyway they want to.
Then if you have been harmed economically while the wrongdoing was taking place you can ask to be compensated for this. In this case the code was free so it's not the case here.
Take patents as an example. If someone is breaking your patent you must always let them fix that. You can't just sue the ass of them.
That is not morally defendable, maybe they did it by mistake or some other circumstances we don't know about.
Atlest this is the case in all western countries witch has similuar laws.
One of the biggest dissapointments I have in the US judicial system, is that it does not generally foster an attitude of compromise.
I think it is great that Vidomi and the FSF were able to work together to find a middle ground that fits the definition of the GPL
One of the best ways of complying with a license, is doing just that... finding ways to comply. Perhaps not a viscerally satisfying ending, but certainly one that is in the spirit of the open source community. If only all the GPL issues could be resolved with as little intervention of the legal establishment.
In a similar vien, make sure you write to the people at linuxda.com, and make them politely aware that what they are currently doing does not conform to the behavior expected by the open source community.
"Don't worry about the problems you have in mathematics, I assure you mine are much greater." - Einstein c.1919