Removing Proprietary Bits from Illegally Closed Open Source?

hahnfeld asks: "I maintain an Open Source (GPL) project which is fairly popular among commercial companies who produce proprietary add-ons for the software. Recently I found that someone was selling code derived from my product under a proprietary license. As a settlement, we finally agreed that his software (which had come a long way from the original Open Source base) will be released under the GPL. Obviously, I have plans to distribute the newly GPL'ed code from my project's site. Now that I've made the announcement, many commercial add-on authors are saying that they believe their code may be contained in the software and it is MY responsibility to remove it or they will come after ME. I've received everything from threats to insults from the commercial add-on authors, who believe the newly GPL'ed product will cut into their business. I've already notified everyone who has a proprietary add-on that I know about, and I'm planning on cleaning out anything I find. But short of not distributing the newly GPL'ed software, is there any way for me to protect myself in the event some proprietary code gets left in the GPL code?" As open source gains popularity, this issue is bound to strike another developer. In addition to seeking legal advice, what suggestions would you give to someone unfortunate enough to be in this position?

Re:Their in fault, not you

[ivan256]

if it isn't, you can force it to be so (and you have the right to simply distribute it under the GPL).

Not true. They can pull the code instead of releasing it under the GPL. They own the copyright, and they decide which license it is distributed under. If this not a GPL compatible license then it will have to be removed.

The rights always belong to the copyright holder. The same rights that give the GPL power also allow these companies not to GPL their software.

As an aside, and in response to the original poster: Comments like the parent to this one are exactly why you should disregard any legal advice given in this story and talk to a lawyer. This guy sounded like he knew what he was talking about, but if you listened to him you may have been financially liable. Ignore everybody's copyright advice here and talk to a professional. The FSF has lawyers for exactly this reason, and you should call them.

EveryAuction?

[Futurepower(R)]

The software being discussed seems to be EveryAuction. Is that correct? (Hahnfeld's email address is listed at the beginning of the Slashdot story as matth@everysoft.com.)

Re:How to tell?

[DeadSea]

If you could tell which parts were proprietary, then this wouldn't be much of an ask slashdot question, now would it.

Here is what sounds like happened:
Some unscrupulous person without any regard to copyright holders' rights took code from multiple sources, used it and released it as their own. The sources included a GPLed project and various bits of code from proprietary sources. The result may have been useful, but it was using stolen GPL code as well as code stolen from other developers trying to make a profit.

It sounds like any number of people could have gone after this product, as several people hold copyright over portions of it. Unfortunatly, that means that the code is not distributable under any license. By GPLing the product, it sounds like the author is opening himself up from the other side, allowing the folks who own the copyright on the proprietary code to sue.

My advice: Don't redistribute the code yourself. If the person who wrote it wants to distribute it, they have to distribute the source too. Let them take the flack. They should be the ones that are hit by the lawsuits. At the very least, get a written statement from them that all the code in the package that was not taken from GPLed sources was written by them. That way you can pass the buck if you do get sued.

Re:Their in fault, not you

[sql*kitten]

They added their proprietary code to a GPL'ed program and distributed it. The only legal way to do that is by GPL'ing their proprietary code, which they didn't.

Not technically true. It's perfectly legal to distribute a GPL'd program and an entirely closed-source .so or .dll containing proprietary code, and a GPL'd wrapper layer allowing the GPL'd code to call the proprietary code without ever cross-contaminating the sources. This is, IIRC, how certain hardware manufacturers supply their Linux kernel drivers.

Re:Their in fault, not you

[dh003i]

Bullshit. They may have the copyright to their work, but they can don't get to choose whether or not to GPL their software (if its based on GPL'ed software). They can choose to distribute it and GPL it, or not to distribute it at all.

Once they've distributed it, that choice is over. If they distribute it and don't GPL it, they're in violation of the license, and can be forced to release it under the GPL. The people who've already bought it have the right to see the source, as that code is based around GPL'ed code.

You can't "take back" a distribution once you've released it into the world or on the net. Thousands of people have already bought it, and thus will have the right to see the source, as the GPL grants.

one

I am one of the authors who's NON GPL code has been used in the derivitave product.

Let me elaborate.
Everyauction has a GPL auction script.
I have an auction package that is not Everyauction and uses NO GPL code.
Now another company writes a program that is a derivitave of Everyauction code and was released on a propriatary basis. This company ALSO used some of my code in his new program.

Everyauction has settled with this other company to GPL the product.

I say NOT WITH MY CODE, you must remove my code first..
There are other authors of seperate programs who's code was also included. None of which care to donate their work to either GPL script.