Slashdot Mirror
Removing Proprietary Bits from Illegally Closed Open Source?
hahnfeld asks: "I maintain an Open Source (GPL) project which is fairly popular among commercial companies who produce proprietary add-ons for the software. Recently I found that someone was selling code derived from my product under a proprietary license. As a settlement, we finally agreed that his software (which had come a long way from the original Open Source base) will be released under the GPL. Obviously, I have plans to distribute the newly GPL'ed code from my project's site. Now that I've made the announcement, many commercial add-on authors are saying that they believe their code may be contained in the software and it is MY responsibility to remove it or they will come after ME. I've received everything from threats to insults from the commercial add-on authors, who believe the newly GPL'ed product will cut into their business. I've already notified everyone who has a proprietary add-on that I know about, and I'm planning on cleaning out anything I find. But short of not distributing the newly GPL'ed software, is there any way for me to protect myself in the event some proprietary code gets left in the GPL code?" As open source gains popularity, this issue is bound to strike another developer. In addition to seeking legal advice, what suggestions would you give to someone unfortunate enough to be in this position?
I'm not a professional programmer or anything, but I am in the process of learning, and I'm just wondering how one would go about actually identifying the proprietary bits of code.
Short of searching for "Proprietary code: Go!" comments, does anyone have any insight into this?
"Yeah, well, Dracula called and he's coming over tonight for you and I said okay."
Can't you countersue based on the fact that they shouldn't have added their proprietary code to a GPL'd software distribution in the first place?
stupid people suck
So what do you think the chances are that these guys have incorporated GPL source in their add-ons and are taking an aggressive stance to cover their asses?
Insn't this one of the senarios where assigning copyright to the FSF is helpful?
"Remember, any tool can be the right tool." -- Red Green
Ha ha ha. I'm sorry, but that is funny. After taking something they didn't legally own (your GPL'd software), they gave away something that they didn't own in settlement.
If it turns out that they didn't have copyright to all the code that they promissed to GPL, that settlement is invalid. You have a great case for taking them back to court.
And if other authors do own copyright on some of that code, you don't have the right to distribute it. Simple as that.
They added their proprietary code to a GPL'ed program and distributed it. The only legal way to do that is by GPL'ing their proprietary code, which they didn't.
Thus, you need not heed their meritless threats. Anything distribute along with your GPL'ed code should also be GPL'ed, and if it isn't, you can force it to be so (and you have the right to simply distribute it under the GPL).
The impact this has on their business is not your concern. Its their fault for incorporating their add-ons onto GPL'ed code. There should be no compromise here: you should force anything that was distributed with your GPL'ed code to be GPL'ed as well. Simply distribute the entire thing under the GPL, as is your right to do so. If they try to sue you, they don't have a leg to stand on because the GPL demands that any modification/add-ons to GPL'ed code be GPL'ed.
social sciences can never use experience to verify their statemen
Doesn't mean it is. You really need a good IP lawyer for this. If that's out of the question, I'd send each of the plugin companies a copy of the source, along with a letter stating that to the best of your knowledge, the code is yours and that you intend to GPL it. Give them 30 days to identify any code that they believe is theirs, with the option of declaring none. Tell them that if they do not respond in 30 days, their license to use your code will be terminated and they must cease marketing and supporting the product. Disclaimer - I am not a lawyer and this is not legal advice.
"Eve of Destruction", it's not just for old hippies anymore...
Do we really need GPL? Think about it. Most people who code open source/free softwares do it for the love of it. They do it because they get their kicks out of it when they see people actually using what they've written.
And most open source developers dont have the resources to spend thousands (or probably millions) in litigation fees.
So, if they've released code in GPL, and some company uses that code, and doesnt make their code GPL what can the developer do about it.
I used to hold the GPL in high esteem till I thought of it as this - "hey, you saw mine - now show me yours"
I mean, what if today I want to write some code and sell it. If I use someone else's code - I need to open up mine too. Face it - GPLed code doesnt fetch you money. So, just because some other person didnt want to make money off his hard work - I wont be able to do so either !!
Probably I'm not being able to express my logic properly, but we sure need something more than GPL and something more to define the *real* meaning of open source.
Ouch. Sounds like you got bait & switched... I hope you have the part where they've 'settled' in writing...
;)
Seems to me that it's _their_ responsibility to keep track of what they did to the code, not yours. When you release something under the GPL, you're still the owner of the copyright. But I believe that whoever then modifies the software has the copyright on their code (derivative work?).
You shouldn't have to keep track of someone else's patches. Is Linus responsible if DRM _isn't_ added into the kernel?
Keep your packets off my GNU/Girlfriend!
This is slightly OT but ...
Could this be prevented if there were a metadata system which tracked license & ownership of code (at least at a per-method level)?
You'd have to plug (convenient) support into the IDEs and code repositories, but it seems like it would be an improvement.
Corollary to Moore's Law: The IQ of new computer owners is declining.
The software being discussed seems to be EveryAuction. Is that correct? (Hahnfeld's email address is listed at the beginning of the Slashdot story as matth@everysoft.com.)
Let me get this straight...are they saying that their code is contained in the original GPL product that you put together, and it must be removed or they will ($gratuitous_threat)?
Or are they saying they think their code is included in the derived product that you just settled on, that is soon to be released under the GPL?
There's a difference there. If it's your original product, how did their proprietary stuff get there? Did you hack into their networks, swipe their proprietary code, and add it to your open source project?
If it's the derived product that is being released as part of the settlement, the "how did it get there" question applies, but I'd also ask some more questions. How do they know they have code there? Did they collaborate on the add-on? Did they at any time give any code for any reason to the person who is settling with you? Under what terms?
There's also this point: You're not releasing the code under the GPL. The developer is the derived product is releasing it. Why would all these other companies want to block him from distributing his project for free, by coming after you?
($gratuitous_IANAL_message), but it seems to me like they might have GPL-protected code in the products they've derived off your project, so it seems like they are using nasty and unpleasant tactics to try to scare you into backing off or whatever.
Get a good IP lawyer, and if one isn't available I'd definitely be hooking up with the FSF to see if they can provide any assistance.
I should have picked out the nickname Demosthenes!Tecumseh.
<ianal>
I'd send a nice general "cover" letter to the company in question that used your GPL'd code as the basis for their extended code.
I'd thank them for recognizing and adhering to licensing restrictions, in this case the GPL. I'd mention that you, too, want to adhere to all licensing restrictions. Thus, if they incorporated others works that are bound by other specific licenses besides the GPL to make clear to you exactly which parts of the code are restricted in non-GPL ways.
If they don't have the time to mark other's code, at the very least they could mark code which is unambiguously "yours+their extensions".
Be prepared at any time in the future to remove chunks of code from the GPL project if some third party presents irrefutable evidence that such code is under their copyright and that they do not wish to distribute their code that way. Kinda like old RSA code used to be.
Someone may argue that you didn't properly adhere to the licensing agreements for that code, but that's where you have to be able to demonstrate that you made a good faith effort to adhere to all of the restrictions that you knew about. If the company did not inform you of those restrictions and you asked them to do so, then it will be more difficult to fault you. After all, it is that company that made agreements with the other licensors, NDAs, etc. and it is their responsibility to adhere to those agreements when giving code over to you.
</ianal>"Provided by the management for your protection."
If the application was GPL in the first place, please explain how anyone can write a proprietary extension for it and then prevent you, the original author of the software or assignee of copyright for the code (?) from distributing those extensions. Either you're leaving something out or these people are off their rockers-- or maybe they think there will be a high rate of return on their investment in copyright lawyers.
BTW, would future authors of these sorts of "Ask Slashdot" questions, please do a little self-promotion and include the name of the software in question? These discussions are nearly worthless when I can't do some Googling for background info.
I do not have a signature
Let me get this straight: You have the software company who was distributing the product containing your GPL'd code, and you have other coders who have contributed to the project, and who do not want their proprietary code made public. Now, either the other coders knew they were working with your code and may have been aware of the GPL licensing, or they didn't.
If they were aware of the licensing restrictions on the code they were working with, then they are morally in the wrong and a court will probably rule against them.
If they were not so aware, as in if the software company concealed the knowledge of GPL restrictions from them, or had them working on a separate segment of the code which was included in the project but not directly involved with the GPL, then it's the software company's fault in scheduling conflicting licenses. It is not YOUR responsibility to PUBLISH the source code, it is that company's; you might only be distributing that source, and perhaps not even that. The software company would have the options of:
(1) Withdrawing the program from the market completely;
(2) Replacing your GPL'd code with equivalent proprietary code, and keeping the codebase secret;
(3) Replacing the other coders' proprietary code with open-sourceable code (or licensing their code for open-source use) and publishing the codebase;
(4) Publishing the codebase as-is, and risk being sued by the other coders;
(5) Keeping the codebase secret, and risk being sued by you.
I do not see any way a court would hold you liable for making the software company publish the code; it was not your decision to tie their code up with yours. If it does head to court, though... Get a good lawyer.
No, it's "hey, you USED mine - now let me USE yours."
You always have the option not to use the GPL'd code. There are closed-source alternatives for pretty much anything GPL'd software can do. Of course, you have to pay for it. Further, most GPL authors are willing to license their code for proprietary use -- again, if the money is right.
GPL'd code is not FREE code. There is a price. If it's not the price you want to pay, then don't buy it!
And not even in google cache!
cat yourproggy.cpp | grep -v "10100010111010001001" > /dev/null /dev/null
make
Man you write some efficient code! Talk about compact!
IP Lawyer? I know what a lawyer is, but I don't know what the heck "intellectual property" is. In this particular case maybe you meant to say "a lawyer well-versed in copyright litigation".
In many ways this mirrors the story of Star Office. OpenOffice is a version that has proprietary code stripped (a couple fonts, some print drivers and ADAbas are the most obvious parts) while the commercial Star Office product still contains some code that can not be Open Sourced.
It's taking Sun years to replace the code that doesn't have an OS license. Unless you find it worth your time to rewrite lots of other peoples' code, I would suggest you either get the person who "opened" it for you to fix this or come to an alternate agreement with them.
It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
Projects seem to go one of two ways on code ownership issues: contributors assign ownership to the project maintainer (e.g. FSF projects), or contributors retain ownership of files they wrote (e.g. Linux kernel). Given that people are threatening you, it sounds like you're wanting to take ownership of the contributed code and distribute it.
The FSF have some good information on how to run a project, including a section on legal matters that covers getting the appropriate paper work from contributors before you integrate their code. Unfortunately I don't see how you get access to the actual text of the documents to replicate this process for yourself. Perhaps you could make your project an FSF project?
Answer at the end so you'll actuly read my advice(0).
Ok camapny A wrote modification from your GPLed software and now you're goingn to put it up under te GPL on your website but company B is saying it contains there pripitory code? Tell them to go screw themselfs assumeing tis is US Copyright. Comany A is the one that broke the law and the only thing the courts can do is take away and destroy any copys of it you have.
Read Copyright law.
http://www.copyright.gov/title17/
fact 1. Copyright is not exclusive like Patents and trade marks. If two people come up wit the same patent or trademark idepently only one of them gets it but ir two people come up with the same copywriteable work indentantly both get thare own copyright for it. Diffrant editions of books have seperate copyrights.
Fact 2. Illigaly created works are in the public demain.(2)
The important thing to bring up in any lawsuit you get into is that company A are the only ones that broke the law not you(1). Hopefully you made some chage to thare code befor releaseing it(adding the required this software is GPLed message or something) Then you can say that your new version is based of of Companys A work and not company B's closed source work. Remember you can't copyright ideas(3).
footnotes:
0:The only ways to truely pervent frivolous lasuits is to ether kill the procicuters or kill yourself.
1:"Exclusive rights in copyrighted works36
Subject to sections 107 through 121, the owner of copyright under this title has the exclusive rights to do and to authorize any of the following:
(1) to reproduce the copyrighted work in copies or phonorecords;
(2) to prepare derivative works based upon the copyrighted work;
(3) to distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending;
(4) in the case of literary, musical, dramatic, and choreographic works, pantomimes, and motion pictures and other audiovisual works, to perform the copyrighted work publicly;
(5) in the case of literary, musical, dramatic, and choreographic works, pantomimes, and pictorial, graphic, or sculptural works, including the individual images of a motion picture or other audiovisual work, to display the copyrighted work publicly; and
(6) in the case of sound recordings, to perform the copyrighted work publicly by means of a digital audio transmission."
2:"... protection for a work employing preexisting material in which copyright subsists does not extend to any part of the work in which such material has been used unlawfully."
3:"In no case does copyright protection for an original work of authorship extend to any idea, procedure, process, system, method of operation, concept, principle, or discovery, regardless of the form in which it is described, explained, illustrated, or embodied in such work."
IANAL, but it seems to me the company that stole your code has an obligation to point out what code they added to yours. Have them give you some documentation of what code they added, and then filter out everything you cannot account for.
Also, if this is a matter of Plug-in publishers bullying you, cripple plug ins. If they want to still market their products, they will begin to panic when they realize they are not supported under new versions of your program. If they won't play nice, take your ball and go. Make them beg to get back in the game.
But that's just my opinion.
But you didn't intend to violate their copyright. You didn't know you were violating their copyright.
I think this would be similar to purchasing stolen items. You don't get to keep them, but if you really didn't know it was stolen, you likely won't be punished, beyond losing the items that didn't belong to you, either.
I'm pissed. Who's your chickenshit lawyer so we can all avoid him ourselves?
EACH AND EVERY ONE OF THESE COMPANIES threatening you if you publish their propietary code has, indirectly, admitted to ripping you off. THEY are the ones who should be sweating, they have no right to the code that they wrote proprietary extensions to and it's black letter law that you have the right to order them to immediately cease and desist any and all future infringement of YOUR code.
This may put the companies out of business, or expose them to massive suits for non-performance. IT'S NOT YOUR RESPONSIBILITY. They are violating your IP rights, you have the unconditional right to order them to stop regardless of the consequences to them.
It won't take them long to realize that they have two options. One, they can lay off everyone (you've killed their product!) and sue the original infringer for damages while their clients sue them. They can't threaten you for exercising your own rights, especially after they tried to do it to you!
Or two, they can pay you a reasonable fee for the right to use the code in a proprietary product. Say, something between $20k-$50 plus the right to distribute the code in the infringing product today under any and all licenses you choose. If they want to pull code out, they can... at their expense. Just because something is released under the GPL doesn't mean you can't also license it for proprietary use.
Meanwhile expect to see the original infringer get hit with massive suits for fraud. They may think they pulled a fast one on you, but as long as you stand up for your rights you may yet have the last laugh as that company is forced into bankruptcy for stealing your code and presenting it as its own.
(IANAL disclaimer, etc.)
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
I'm not trying to discount the problem that you're having... I just think that regardless of what advice you take from this forum, you should also seek the advice of a lawyer.
This issue is definitely something the GPL crowd would like to be aware of, and its good that you posted it, but I think your best advice would come from a legal professional.
Somewhere on this page I have hidden my signature.
To remove all the proprietary bits from you software, simple bitwise-AND your program with the INVERSE proprietary bitmask!
Gosh! A single line of C code, what's Ask Slashdot coming to these days?!?!
FreeSoftware = !(PROPRIETARY BITMASK) && YourSoftware;
Quando Omni Flunkus Moritati
The agreement you made with that other guy could be invalid. If he agreed to give you someone elses code, the agreement definatelly is and you can
a>Remove the code like thay say (if you still want to distribute)
-or-
b> Have the guy you made the agreement with remove the code either willingly or through the courts.
If it's no big deal and it's not a lot of code, just do it. It's the quickest and most pain-free way...
/* oops I accidentally made a comment, sorry */
Just how are you supposed to be able to tell what is proprietary code? Unless they thoughtfully marked each block they touched, and each file they added with some helpful comment to allow you to identify it then they are indulging in a catch-22. If their code is marked, fine, remove it. If it isn't, sorry, they need to identify it so you can remove it. It is not up to you to have to guess what is proprietary and what is not.
Anyone sending threats gets a form letter. "I intend to release this code under the GPL on dd/mmm/yyyy, if you have proprietary code you do not wish disclosed please send me a patch removing the code or some other reasonable means for me to identify and remove it. Failure to do so implies informed consent to publish under the GPL."
Sadly, chances are you will wind up in court anyway, so have a lawyer on retainer and primed to deal with people who will almost certainly try to bully you with legal harrassment.
In the MySQL v. Nusphere case, the judge was unconcerned with the period of time after Nusphere released its code in accoprdance with the GPL. The judge ruled that the court would focus its attention on the 4 month period of time when Nusphere was in violation and not pay attention to the later period when they were were in compliance.
MySQL, with the assitance of the FSF, tried to argue that once the GPL had been breached, Nusphere could not remedy that by releasing all of its modified source and that they needed to renegotiate a new license. The court did not accept that argument.
I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
I know what a lawyer is, but I don't know what the heck "intellectual property" is.
Then that would make you an idiot.
So to recap, people here ARE NOT LAWYERS, and if you want legal advice about someone making threatening statements about you breaking the law, I would strongly urge you to start taking this seriously by talking to a person who can give you a serious, and correct, answer. The fifty different ideas presented here have been refuted and re-refuted fifty times each, which should give you a hint: none of the arguments seem to be able to hold their own.
And for god's sake, stop asking questions about very complicated legal issues while providing only the barest and most vague details and then expecting people who have no legal knowledge or training (like the above poster so graciously admitted) to solve your problem in pretty, neat paragraphs.
I am not a lawyer. Do not use this as legal advice.
How about asking someone who isn't going to simply pull answer out of thier ass, and instead ask someone who might know? i.e. a lawywer.
"Hi, I've been threatened with a lawsuit, seeing as how most of you know nothing about the law, I'd like to know what you think I should do?"
You might as well ask a magic 8-ball.
Give the FSF co-ownership of your copyright. This way, they can enforce it or you can enforce it, and both they and you can negotiate with violators.
This way, you still own the copyright, but if you're somehow unable to defend it, the FSF can do so.
social sciences can never use experience to verify their statemen
The GPL infects everything it comes into direct contact with - put GPL code into a proprietry app, the app must go GPL, put add on proprietry code into a GPL app, the add on code must go GPL.
Methinks this only applies where the code is mixed though - if you never used their code and they never used yours, noone should be claiming rights over anyone else's stuff. I'm not sure about seperately developed plugins, but a plugin developed without any use of the main app's source is quite rare
I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
I am one of the authors who's NON GPL code has been used in the derivitave product.
Let me elaborate.
Everyauction has a GPL auction script.
I have an auction package that is not Everyauction and uses NO GPL code.
Now another company writes a program that is a derivitave of Everyauction code and was released on a propriatary basis. This company ALSO used some of my code in his new program.
Everyauction has settled with this other company to GPL the product.
I say NOT WITH MY CODE, you must remove my code first..
There are other authors of seperate programs who's code was also included. None of which care to donate their work to either GPL script.
You obviously have a lawyer already, since you managed to reach a settlment with the GPL violator, why not continue to use his services? Slashdot can't really give you good legal advice, what we -can- help you with is comming up with the technical solutions to actually achieve what your lawyers decides is the best course of action.
In general, I'd avoid any solution that relies on NDAs. There are too many ways that too many people could get hamstrung and/or tied up in court for too long by them, especially if any of the commercial developers consider themselves in competition, not to mention what they could do to you in the future (of course your future work is ALWAYS going to be suspect, if you ever venture into any of the areas covered by stolen code).
At first thought, I'd say expect the developers of the commercial add-ons to follow your site, and stand up and go over the code, identifying their code. The problem being that you'd potentially be giving competetors eachother's code, potentially allowing both of them to steal the competitor's code AND sue you for giving their code to their competitor. Of course, any halfway decent lawyer should easily spot things like this.
Perhaps what you need to do is pull out sections of code that you would like to add to the main codebase and then post small sections, which should be enough for the owner to identify the code, but not enough to give away any significant functionality. If a developer can send you the code that follows it, throw that module away. To me, a 90 day period would seem sensible since, as I mentioned earlier, any commercial developer that fails to check your site/release-notes/mailing-list in that long isn't serious. Again, the lawyer can figure out the finer points here.
my sig's at the bottom of the page.
Its an interesting point because the AC acted in good faith and it is that third-party who did the dirty. However if the code isn't attributed during the merge, it becomes very difficult to say which bit came from where.
My view is that the merger was the same as the third-party inadvertantly disclosing AC's proprietary software. The third-party becomes responsible for any tidying up.
See my journal, I write things there
But short of not distributing the newly GPL'ed software, is there any way for me to protect myself in the event some proprietary code gets left in the GPL code?
No. But depending on the financial status of the company violating your copyright, and whether or not your "settlement" was legally binding settlement, you could possibly sue for incidental damages or something.
If you don't have a real "settlement," you could mitigate your potential damages and pay for a full code review and then turn the charges over to the copyright infringer.
I'm also not a lawyer. However, at the very least I suspect this would have to be certified mail, and I strongly suspect that you cannot nullify someone's copyright by doing this.
I think what would happen if you tried this is that you'd piss off/scare the parties involved, they'd retain a lawyer, they'd start sending nasty notes and look at taking legal action with you. Which is what they should do.
Basically, it comes down to this. The original guy infringed the GPL. He needs to stop distributing the code. You may be able to sue him for damages for using your code without license. It doesn't mean that he can give away other code that he doesn't own, however.
May we never see th
You are being screwed over. And you may have to defend yourself in court if you don't stop them. SEEK LEGAL COUNSEL. NOW.
> To ruin the net to save Disney is the equivalent of
;-)
> burning down the library of Alexandria to save
> monastic scribes
Ahh, I'd always wondered what had happened...
I would say your safest bet is not to distribute that code. You obviously have your own Open Source version and you like some of the features that the 3rd party added. But, it sounds like it is a legal spagetti mess. I'd save myself the trouble and work with what code I had, and what code I knew where it came from. If you like the features that they've incorporated, find a way to add it by coding yourself or ask someone to help.
/.
1. Send the source to your new release to known plug-in makers with a notice of a 90 day window to review for code that may belong to them.
2. Make a new release (not the one you have in mind now), with a notice that says that those who are possibly affected that are not on your list should contact you within 30 days for a review copy, followed by a 60 day time to review.
Neither of these will free you of the possibility that someone will come later and claim ownership of some this or that of code, but it should put you in the clear on having made an attempt beforehand.
I'm no expert in US law (I don't live there), but even with my basic knowledge of how it works and reading the obviously simplified summary here, I can see that most of the posts offering legal advice here are way off base. The scary thing is that equally off-base people are clearly moderating them up because they sound convincing, regardless of their legal correctness!
It seems to me that the only sensible action for the original poster to take immediately (aside from speaking to a lawyer again) can be some sort of legal move to force those who derived from his GPL'd work to either GPL the derivative (if they can) or stop distributing it. If the derived work cannot be GPL'd because it also includes indepently licensed third-party bits, then that narrows the options to one.
I don't understand why the OP is so keen to host the derived now-supposedly-GPL'd work using his own resources, though. He gains no obvious benefit from doing so, and if US law allows for penalties for distributing code contrary to its licence, it seems to leave him open to action by the third parties if they are being ripped off. If US law actually says that the OP can distribute something just because someone told him it was GPL'd, even though it actually wasn't, it would be about the only legal system in the Western world that did...
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Suppose I write a library, which I choose to distribute under some licence that forbids giving away the source code. Are you saying that I must check the intentions of everyone buying my library, to make sure that they aren't planning to GPL it and give away the code, and that if I fail to do so, my code automatically becomes GPL'd?
Could you please cite even the slightest shred of copyright law in your chosen jurisdiction or even common sense that supports this claim?
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.