Slashdot Mirror
Abusing the GPL?
"How, you may ask?
Integrate the highly useful GPL code we're eyeing into our only slightly more complex (but much more lucrative) project, thereby saving us at least 30% of the coding involved. The company then go all the way to production with it, but instead of finally compiling the actual project for distribution, they instead compile a bunch of incomprehensible gobbledygook that just happens to compile to the same bytecode. You know the game: globally replace every function name, variable name, and so on from our code with nonsensical names (or random characters), remove all of the comments, and any other form of obfuscation they can introduce. They will then GPL the obfuscated gobbledygook, which isn't much more useful to anyone than reverse-engineered bytecode would be (it is a complex project). 'Voila!' All the benefits of a huge GPL project and countless thousands of volunteer hours and unreadable, incomprehensible source tree.
For the record: I do not think this is right yet, I have not been able to find any precedent for why the GPL should protect against this kind of abuse.
I'm not trying to snitch on my company -- or lose my job, which is why I am posting anonymously -- but hopefully some lawyers out there could point out some iron-clad legal reason preventing this sort of thing. I've read the GPL through at least a dozen times since yesterday, and so far it looks like our lawyer is right. I have not found any relevant linkage either, as I have mentioned. Links to extended legal analyses of the GPL from a technical standpoint (if any exist) would be the most helpful. All help is appreciated."
To find out whether the gobbletygook you distribute is source code or not is simple: if you normally add features to the program by editing the gobbletygook, it's source. If you instead edit the stuff that you compiled to gobbletygook and then recompile it, then the stuff you distributed isn't source and it's a clear-cut GPL violation.
Why did it take so many posts for someone to point this out? Do people not read the GPL?
What a day to be without moderator points...
For those too lazy to read the whole thing, read section three, point #3 very carefully. Just because something compiles does NOT mean that it is source according to the GPL. That you would not do development on the obfuscated gobbledegook clearly shows that the obfuscated version is NOT the preferred form for modification. I would be highly suspicious that your lawyer is insufficiently anal when reading contracts if they missed this.
As for precedent, can anyone find a discussion of GPL'ed yacc/bison grammars? This would fit exactly the case above - the original source that must be distributed is the .y file, not the result of compiling the .y to a .c file. Unfortunately, I don't think that anyone has ever been tempted to rip off a GPL'ed grammar.
The GPL states:
That term was written to prevent exactly the sort of obfuscation the attorney is proposing. Obfuscated code is demonstrably not the preferred version for creating modifications. So, what is being proposed is a GPL violation, and your company's attorney missed that part of the license. The talk about incidental resources isn't germane, it actually seems to be intended to confuse, because what is being proposed clearly is a derivative work, and the company attorney is acknowledging that when he suggests that the obfuscated code be GPL-ed.But there are simpler remedies than legal ones. If the free software developer community hears about a product using obfuscated code to circumvent the GPL, they will retaliate by creating a non-obfuscated version and using it to compete with your company's product. They are experienced at reverse-engineering, they have excellent tools for code reformatting and analysis, and there are a many programmers who will be angry enough to work on this.
If your employer wants to unashamedly take advantage, they are simply buying a lawsuit. The free software community does have the resources to bring one - it would probably be brought by law professor Eben Moglen of Columbia University. He wants more legal tests of the GPL, and would love to make an example of your employer. Don't go there.
Bruce
Bruce Perens.
From my reading, that is not the problem. It appeared that the company did release the code with source as GPL along with their product. They just obfuscated it before releasing it. That is not directly a GPL violation.
There have been cases before of obfuscated GPL code (Some video drivers in the Linux Kernel I believe) but those were original source from the manufacturer.
This article is about taking someone elses GPL code, obfusacting it, then re-releasing it with GPL intact.
There is nothing so silly as other peoples traditions, and nothing so sacred as our own.
I just had an idea.
What if they claim that the obstafacation (sp?) is part of a copy-protection plan and that anybody whom writes a program to un-do it is violating the DMCA.
Could they sue even though the code is in fact GPL?
-J
I don't see how this violates the spirit of the GPL, since there are no provisions in it for the quality or readibility of code.
.asm file that is just the disassembly of your binary isn't very useful for preserving the right to modify the program. Neither is deliberately and cleverly obfuscated source.
The "spirit" of the GPL is about being able to make modifications to the code. That is one of the rights that the GPL is trying to preserve. It isn't just about being able to get a free copy of the code you can compile (and if you're lucky for different platforms).
As at least a dozen other posts under this article have already said, there is language in the GPL providing for quality -- or at least editability. The source must be in the "preferred form" for editing. Because releasing a
The authors of the GPL understood that "openess" depended on at least the level of usability that was present when the code was written. Hopefully we've cleared this up (and this guy's company lawyer has been sacked).
The enemies of Democracy are
Yes, it does:
'The source code for a work means the preferred form of the work for making modifications to it.'
Incomprehensible gobbledygook does not the preferred form make, any more than machine code.
What a lot of people appear to miss a lot of the time is that the GPL is _not_ one of those 'thrown together in a week' opensource licenses. It was developed over several years, and reviewed and rereviewed by the FSF legal counsel. It doesnt have holes like this.
Newbie lawyers looking at it for a few hours always misinterpret it. They dont have the technical savvy, nor the persistence to grasp the actual meaning and how thorough the GPL actually is when it comes to accomplishing its task.
The current MySQL AB/Nusphere legal issue isnt the first court case on the GPL because nobody has tried to violate the GPL before. It's because everyone else has realized they dont have a chance in court, and have given up rather than trying to persue a case which their lawyers have eventually realized they will lose.
1. Is it in violation of the GPL? This question is not a simple one, but such actions may very well be violation of the GPL. If this matter reached court, the question would center on whether the process applied to the GPL'd code constituted part of the process to create the derivative work, as derivitive work is defined in the GPL. For example, an expert might argue that code obfuscation can be part of the compilation process. It is oversimplified to say that laws are reinterpreted on the fly to capture the intent of the law. What is true is that these sorts of questions - for example, what constitutes compilation - are likely to be viewed in a manner which assists the obvious intent of the applicable contract/law.
2. If it is a violation, can it be proved? Probably. Our company works for lawyers on code plagiarism cases all the time. There are many algorithms you can apply to show statistically significant relationships between a body of code and its obfuscated counterpart. The same should be possible with bytecode. Once a reasonable basis for suspicion is established, plaintiffs could get discovery of the company's code repositories and depose employees under oath.
Christian Hicks
Elysium Digital, L.L.C.
http://www.elys.com
It might be gramatical, but it's not germane. I suspect it was intended to obfuscate.
Bruce Perens.
First of all, IAAL. Second, the GPL's definitional distinction between source and object/executable form relies on two key terms that cannot be objectively measured: "preferred" and "normally". I defy you to provide me with objective metrics for measuring what is "normally distributed...with the major components...of the operating system on which the executable runs." Equally imnpossible is a definitive response to the question "what is the preferred form of the work for making modifications to it?"
In order to impart meaning to the GPL distinction between source vs. object/executable, one must go on a fact-finding parade to measure industry practice, and other wishy-washy standards. In the context of a dispute over a GPL'd bit of code, you can be damn sure that the GPL will collapse under the weight of this fact-finding process, and that the party with more patience and money will win that battle.
There are some things that lawyers understand better than geeks, believe it or not. We are (generally) excellent at spotting weakness in prospective arguments. In the case of the GPL, there are drafting holes big enough to drive a Trident submarine through. I've said it before, and I'll say it again: the GPL won't hold water in a dispute. The reason no one has given you any precedent (as per your request) is that the GPL has not been truly tested in court. Since the GPL eschews the lessons that lawyers have learned about drafting in the past (largely in order to score points with geeks by being colloquial in manner and sounding un-lawerly), it cripples itself with imprecision and ambiguities. The weakness in its core definition of source vs. object/executable is merely one of many fatal flaws in the document. To be perfectly frank, the GPL is a POS contract and I would arguably be liable for malpractice if I advised a client to use it for reason other than their unbending adherence to open source dogma.
In conclusion, you are likely to see many companies "abusing" the GPL. Rather than use the loaded term "abusing", I would prefer to characterize this behavior as "exploiting" the unsophisticated and niave drafting of the GPL's language.
Since I said "IAAL", I must also say that the above does not represent a formal legal opinion, that I do not represent you (the reader) as your lawyer, and that you should not treat this message as my legal advice to you. Laugh all you want -- I'm just sticking to my ethical directives, kids.
Eh. It doesn't really matter. What does matter is that he's got a legal theory as to how the GPL can be sidestepped. It might not hold up in court. But that doesn't matter until it gets to court. There's no Bad Law Fairy who's gonna come out of the sky and put things right. Somebody is going to have to mount a legal challenge to this abuse. That somebody has to have legal standing in the case and deep pockets. Now, don't all raise your hands at once!
OK, I just ran out of irony. Look, the mod system worked -- maybe not as fast as you liked, but it did. Don't feel bad because you didn't get to put on your Arnold mask and mod all the lamers down. It's just a damned filtering tool, not a way to Rebalance Universal Morality.Now, the fact that this intermediate bytecode is legal C or whatever other language the original was written in doesn't make it source. It just means that that is the internal syntax of this intermediate stage. This is because the defining characteristic of source code is that it is human readable. It is what the developer wrote and would use to modify it himself. WHen you preprocess this in such a way that it is no longer suitable for human reading and maintaining, it ceases to be source...and ceases to meet the GPL source requirement.
I highly recomend that anyone who is going to talk about this actually READ the GPL
From the GPL:
-Steve
"I opened my eyes, and everything went dark again"
You may be a lawyer, but no other lawyers seem to agree with you.
:) When the company goes out of business it'll show they were lying.
I went across the hall at work yesterday and asked two lawyers who I often see over lunch about this. They said that while "preferred" and such terms are often fairly vague and cases hinge on those, in this case, where you can simply show the inability of the company to use the obfuscated code, and the obfuscating programs used, that it's dead simple.
Too bad modern judges can't hand down rulings that really cut to the heart of the problem...
Ruling that the company must delete all other source code and forever maintain the project using only this source code and other code in this form would quickly show if this was the preferred method.
(With creative and honest judges we could get by with a lot less of your type.)