Removing Proprietary Bits from Illegally Closed Open Source?

hahnfeld asks: "I maintain an Open Source (GPL) project which is fairly popular among commercial companies who produce proprietary add-ons for the software. Recently I found that someone was selling code derived from my product under a proprietary license. As a settlement, we finally agreed that his software (which had come a long way from the original Open Source base) will be released under the GPL. Obviously, I have plans to distribute the newly GPL'ed code from my project's site. Now that I've made the announcement, many commercial add-on authors are saying that they believe their code may be contained in the software and it is MY responsibility to remove it or they will come after ME. I've received everything from threats to insults from the commercial add-on authors, who believe the newly GPL'ed product will cut into their business. I've already notified everyone who has a proprietary add-on that I know about, and I'm planning on cleaning out anything I find. But short of not distributing the newly GPL'ed software, is there any way for me to protect myself in the event some proprietary code gets left in the GPL code?" As open source gains popularity, this issue is bound to strike another developer. In addition to seeking legal advice, what suggestions would you give to someone unfortunate enough to be in this position?

How to tell?

[breon.halling]

I'm not a professional programmer or anything, but I am in the process of learning, and I'm just wondering how one would go about actually identifying the proprietary bits of code.

Short of searching for "Proprietary code: Go!" comments, does anyone have any insight into this?

Re:How to tell?

[DeadSea]

If you could tell which parts were proprietary, then this wouldn't be much of an ask slashdot question, now would it.

Here is what sounds like happened:
Some unscrupulous person without any regard to copyright holders' rights took code from multiple sources, used it and released it as their own. The sources included a GPLed project and various bits of code from proprietary sources. The result may have been useful, but it was using stolen GPL code as well as code stolen from other developers trying to make a profit.

It sounds like any number of people could have gone after this product, as several people hold copyright over portions of it. Unfortunatly, that means that the code is not distributable under any license. By GPLing the product, it sounds like the author is opening himself up from the other side, allowing the folks who own the copyright on the proprietary code to sue.

My advice: Don't redistribute the code yourself. If the person who wrote it wants to distribute it, they have to distribute the source too. Let them take the flack. They should be the ones that are hit by the lawsuits. At the very least, get a written statement from them that all the code in the package that was not taken from GPLed sources was written by them. That way you can pass the buck if you do get sued.

Re:How to tell?

[doofusclam]

Funnily enough you're so correct. I used to work for a major european bank in Cheltenham UK and was subcontracted to IBM UK.

We had to build a system that replaced the paper in the process of a salesman going to your house, signing a deal for life assurance or whatever and that going onto the banks internal systems. This involved a web UI at the salesman end, another UI at the bank end (for validating date and manual approval) and a transport. The transport was the usual IBM MQ, bits of xml validation, PDF generation and database shenanigans. I wrote that bit. The simplest bit was the UI - a simple VB program that showed important bits from the xml for the operator to check (that had to do this due to UK law). One of IBMs programmers, fresh out of college with a certificate for everything, used no parameters in the VB code at all - he put parameters in XML throughout the code, with all the sloowwww parsing involved. To view a new policy took *45 seconds* on a decent pc rather than the sub-second response for a properly written app.

He had done the usual dumb schmuck consultant error - he assumed because something was on his CV HE HAD TO USE IT. XML is a hot skill. So rather than pass an integer to a subroutine, he create a new xmldocument, added the integer to it (under numerous levels of XML), passed this, decoded the xml and retrieved the integer.

Big consultancies like IBM are full of n00b graduates who know everything but only superficially. The world would be better without them.

seany

Re:How to tell?

[anthony_dipierro]

I'm not a professional programmer or anything, but I am in the process of learning, and I'm just wondering how one would go about actually identifying the proprietary bits of code.

Just release it and see who sues. As long as you respond quickly to any cease and desist orders, most contributors won't actually file lawsuits.

Countersue

[Geckoone]

Can't you countersue based on the fact that they shouldn't have added their proprietary code to a GPL'd software distribution in the first place?

Sic the FSF on 'em

[Vinson+Massif]

So what do you think the chances are that these guys have incorporated GPL source in their add-ons and are taking an aggressive stance to cover their asses?

Insn't this one of the senarios where assigning copyright to the FSF is helpful?

Re:Sic the FSF on 'em

[coaxial]

Isn't this one of the senarios where assigning copyright to the FSF is helpful?

Why should I ever voluntarily give up my rights to something I made?

He should get a lawyer. Plain and simple; and if he can't afford one, the FSF will still help him. You really think that they'll say "Nah. We'll pass. We'll let this case go to trial so when you lose everyone can use The Giant Club of Precedent to blugeon our precious "copyleft" (It's a joke! Get it? "Copyleft" instead of "Copyright"! Ha! Ha! Man who doesn't like legal documents filled with jokes written by an overweight long haired nasally geek! Now why doesn't anyone take us seriously?) into oblivion."

Re:Sic the FSF on 'em

[Vinson+Massif]

Lemme guess, you write the VB 'gimmie 30 bux' shareware crap that permeates tucows (get it? tucows == two cows, what a hoot!).

If you don't wish to give up your s/w, don't use any open licence. Simple.

The copyright assignment of GNU licensed s/w diminishes noone and allows the FSF to act to protect that copyright, regardless of what duristiction it occurs in.

So, on the blinding chance that you write something good, and a corp decides to illegally take it from you, best of luck pursuing them on your own.

Good laugh.

[Henry+V+.009]

Ha ha ha. I'm sorry, but that is funny. After taking something they didn't legally own (your GPL'd software), they gave away something that they didn't own in settlement.

If it turns out that they didn't have copyright to all the code that they promissed to GPL, that settlement is invalid. You have a great case for taking them back to court.

And if other authors do own copyright on some of that code, you don't have the right to distribute it. Simple as that.

Re:Good laugh.

[nuggz]

If it turns out that they didn't have copyright to all the code that they promissed to GPL, that settlement is invalid. You have a great case for taking them back to court.

Good point. The person who gave that code to you, who said they owned it is in trouble, they gave you code they didn't own. But just because they screwed up, doesn't mean you're off the hook.

If you don't know for sure that you can distribute this code, don't. They notified you of the problem, you should not ignore it. Otherwise you lose the "I didn't know" defense.

Their in fault, not you

[dh003i]

They added their proprietary code to a GPL'ed program and distributed it. The only legal way to do that is by GPL'ing their proprietary code, which they didn't.

Thus, you need not heed their meritless threats. Anything distribute along with your GPL'ed code should also be GPL'ed, and if it isn't, you can force it to be so (and you have the right to simply distribute it under the GPL).

The impact this has on their business is not your concern. Its their fault for incorporating their add-ons onto GPL'ed code. There should be no compromise here: you should force anything that was distributed with your GPL'ed code to be GPL'ed as well. Simply distribute the entire thing under the GPL, as is your right to do so. If they try to sue you, they don't have a leg to stand on because the GPL demands that any modification/add-ons to GPL'ed code be GPL'ed.

Re:Their in fault, not you

[ivan256]

if it isn't, you can force it to be so (and you have the right to simply distribute it under the GPL).

Not true. They can pull the code instead of releasing it under the GPL. They own the copyright, and they decide which license it is distributed under. If this not a GPL compatible license then it will have to be removed.

The rights always belong to the copyright holder. The same rights that give the GPL power also allow these companies not to GPL their software.

As an aside, and in response to the original poster: Comments like the parent to this one are exactly why you should disregard any legal advice given in this story and talk to a lawyer. This guy sounded like he knew what he was talking about, but if you listened to him you may have been financially liable. Ignore everybody's copyright advice here and talk to a professional. The FSF has lawyers for exactly this reason, and you should call them.

Re:Their in fault, not you

[sql*kitten]

They added their proprietary code to a GPL'ed program and distributed it. The only legal way to do that is by GPL'ing their proprietary code, which they didn't.

Not technically true. It's perfectly legal to distribute a GPL'd program and an entirely closed-source .so or .dll containing proprietary code, and a GPL'd wrapper layer allowing the GPL'd code to call the proprietary code without ever cross-contaminating the sources. This is, IIRC, how certain hardware manufacturers supply their Linux kernel drivers.

Re:Their in fault, not you

[dh003i]

Bullshit. They may have the copyright to their work, but they can don't get to choose whether or not to GPL their software (if its based on GPL'ed software). They can choose to distribute it and GPL it, or not to distribute it at all.

Once they've distributed it, that choice is over. If they distribute it and don't GPL it, they're in violation of the license, and can be forced to release it under the GPL. The people who've already bought it have the right to see the source, as that code is based around GPL'ed code.

You can't "take back" a distribution once you've released it into the world or on the net. Thousands of people have already bought it, and thus will have the right to see the source, as the GPL grants.

Re:Their in fault, not you

[nuggz]

Not true. They can pull the code instead of releasing it under the GPL. They own the copyright, and they decide which license it is distributed under. If this not a GPL compatible license then it will have to be removed.

I don't think so, they already distributed it, they either comply with the GPL, or they have violated the authors copyright.

Re:Their in fault, not you

[ivan256]

Bullshit. They may have the copyright to their work, but they can don't get to choose whether or not to GPL their software (if its based on GPL'ed software).

There are other circumstances involved here, namely that these companies weren't necissarily aware that the code was GPLed due to the deceptive practices of a third party.

If they distribute it and don't GPL it, they're in violation of the license, and can be forced to release it under the GPL.

Just because that is a possible outcome doesn't mean it's the only outcome. Remedies for the license breach would be decided by a judge if the two parties could not come to terms on their own. You don't know wether the judge would force the code open or not.

I'm not saying that the code becoming available isn't the right outcome, but if you assume that the outcome will be what you've decided is the "right" outcome, you could open yourself up to a whole slew of other legal troubles.

Re:Their in fault, not you

[Bouncings]

Not true. They can pull the code instead of releasing it under the GPL. They own the copyright, and they decide which license it is distributed under. If this not a GPL compatible license then it will have to be removed.

No, in order to distribute their code (which they've already done), they already released their code under GPL and he's licensed to use it under GPL.

Re:Their in fault, not you

[dh003i]

There are other circumstances involved here, namely that these companies weren't necissarily aware that the code was GPLed due to the deceptive practices of a third party.

Irrelevant. Its their responsibility to determine what license the code is under. Such finger-pointing routines wouldn't work if you gave me a piece of EULA'ed code under a "deceptive practice" and led me to believe it was public domain. I'd still have to (once informed it was EULA'ed) comply.

Why even bother trying to negotiate with them? Just release everything under the GPL. The GPL gives you the right to release their code under the GPL, as they based their code around modified GPL'ed code, or added their code to GPL'ed code to make a product. Thus, the GPL gives you the right to distribute that code under the GPL.

If they decide to sue, use the GPL as a defense. They had no right to release their code under a EULA in the first place if they based it around GPL'ed code. They may try to sue you for violating their EULA or intellectual property or whatever, but you can use as a valid defense that they never had the right to release the code under that license in the first place, because of the GPL.

This is not the problem of the person who submitted this article. He's doing everything by the book. This is the problem of greedy or negligent corporations which are now whining because they have to comply with a license they had gotten away with violating.

Re:Their in fault, not you

[ameoba]

sounds like a great idea. I should go into MSFT some time with my friend, steal the Windows source code & integrate it with a GPLed project. When the lawyers come to my door, I'll tell them that it's MSFT's job to keep their code safe.

The big problem here is that, unlike physical property, which can potentially be returned when stolen, once somebody's code gets out in the wild there's virtually no chance of them preventing it from circulating to all who want it, destroying whatever competetive advantage the code may have given them.

Re:Their in fault, not you

[ivan256]

No, in order to distribute their code (which they've already done), they already released their code under GPL and he's licensed to use it under GPL.

Again, there's outside circumstances here. Because there was a deceptive third party involved that was distributing this software under another (non-GPL) license, these add-on vendors may not have known they were contributing to GPL software, and would likely not be bound by the terms it it went to court. Most judges won't hold a participent to contract terms they were unaware of due to the deception of another party. An arrangement will have to be made, wether it's forced by a court or mutually agreed upon by both authors, but there's a very good chance that the outcome will not involve the code in question becoming available.

Re:Their in fault, not you

[TRACK-YOUR-POSITION]

The same rights that give the GPL power also allow these companies not to GPL their software.

Why do you mention that? If there was no right to create proprietary software, meaning no government control or regulation of ideas, then the GPL wouldn't be necessary. The purist free software advocate would gladly give up the GPL if it meant the end to all copyright holder rights to restrict information.

Re:Their in fault, not you

[dh003i]

Big big difference here, in that these other corporations ALLOWED their code to be incorporated into the code by this other company. If they wanted their code not to be GPL'ed, they had the OBLIGATION to make sure that that other company wasn't integrating/mixing their code with GPL'ed code in a way in which the GPL doesn't allow (unless you distribute it under the GPL). Again, THEIR responsibility.

If this person distributes the code under the GPL, then these other companies can sue this company for fraud and misrepresentation, and get compensation for the value of their software lost.

But the code is now out there, incorporated with GPL'ed code. That means it has to be distributed under the GPL, and anything else is a violation of the GPL. We have the right to distribute it under the GPL.

Re:Their in fault, not you

[0x0d0a]

Um...no.

If I steal the Mona Lisa and give it to you and the police can't find me, that doesn't mean that you can keep the painting openly. Just because I'm legally liable for all sorts of crimes does *not* mean that you then have the right to do whatever you want with the Mona Lisa. If you attempt to, I dunno, chop up the Mona Lisa *knowing* that it's stolen, *you* will be liable for that crime (though I'm still liable for all the things I've done).

In this case, you are definitely incorrect.

Re:Their in fault, not you

[dh003i]

Why are people coming up with all these irrelevant analogies?

The other companies in question chose to allow company X to integrate its code with theirs. Its code happened to be integrated with GPL'ed code, which means that anything it MUST be released under the GPL, as MUST anything else it integrates with (ref. to GPL). The other companies had the obligation to make sure that company X didn't have any GPL'ed code. They didn't do that. THEIR FAULT. Now they pay the price. They are OBLIGATED to distribute their code under the GPL because they "knew or SHOULD HAVE KNOWN that the code they were merging with had GPL'ed code in it". In other words, the burden is on them.

These other companies seem to be claiming that "they didn't know the code they were merging with was GPL". This seems like turning a blind eye to the problem. If you merge code with someone else, its your responsibility to look over their code and make sure you won't be violating any licenses by doing so. In other words, these other companies were in a situation where they said "don't ask don't tell". They willed themselves to be ignorant of any problems. THEIR FAULT.

Re:Their in fault, not you

[0x0d0a]

Why are people coming up with all these irrelevant analogies?

This is from a guy who's .sig is "To ruin the net to save Disney is the equivalent of burning down the library of Alexandria to save monastic scribes"? :-)

The other companies in question chose to allow company X to integrate its code with theirs.

Quite likely. However, you have no way of knowing what this agreement included. It could be an informal verbal agreement, where he gets no particular legal rights. It could be a written one prohibiting redistribution of their own source as part of the agreement, which means that if he tries to redistribute the source, the license they grant him becomes invalid. This is quite common.

Its code happened to be integrated with GPL'ed code, which means that anything it MUST be released under the GPL, as MUST anything else it integrates with (ref. to GPL). The other companies had the obligation to make sure that company X didn't have any GPL'ed code. They didn't do that. THEIR FAULT. Now they pay the price. They are OBLIGATED to distribute their code under the GPL because they "knew or SHOULD HAVE KNOWN that the code they were merging with had GPL'ed code in it". In other words, the burden is on them.

This is simply stupid. If I produce a license, say that's something like this, the only person who gets screwed over is the person licensing it, if he intends to merge with GPLed code. There's no implied license, as you seem to feel is the case. The merging person simply does not have the ability to produce a derivative work an apply both the license he was granted at the same time, because doing so would violate clauses of one or the other licenses.

Re:Their in fault, not you

[Anonymous+Brave+Guy]

Bullshit. They may have the copyright to their work, but they can don't get to choose whether or not to GPL their software (if its based on GPL'ed software). They can choose to distribute it and GPL it, or not to distribute it at all.

But by the sounds of it, the third parties' code was never based on GPL'd code.

As I read this, the poster made a GPL app, call it G. Someone else took this, and made another app derived from it, D. In D was also included some third party code, call it T. G is GPL'd, and the copyright holder for G therefore has the right to go after the makers of D for licence infringement. However, it sounds as though the makers of D have tried to GPL it. If they don't own the rights to the other third party code in it (from T) then they would not normally have that right (which would belong to the copyright holders of T, if they chose to do it). There is no way that the original poster can force the third party authors of T to release their code under the GPL if it isn't derived from GPL code itself.

What this seems to come down to is that the authors of the derived app D are screwed, because they've got GPL'd stuff they can't make proprietary and proprietary stuff they can't GPL in their code, and thus they can't distribute it at all under any licence.

But, of course, this is just a speculation based on the summary here, and it should go without saying that the OP needs to contact someone who can actually make a proper appraisal of the legal situation.

Re:Their in fault, not you

[dh003i]

Yes, but company T ALLOWED company D to integrate company T's code with company D's GPL-modified code. Thus, company T agreed to allow their code to be GPL'ed. They should have researched it and made sure none of D's code was based around GPL'ed software. In this case, it seems like they turned a blind eye: in other words, they either knew or should have known that D's code was based off of GPL'ed code. Thus, they're liable, and should have to GPL the relevant portions of the code.

Re:Their in fault, not you

[Anonymous+Brave+Guy]

Yes, but company T ALLOWED company D to integrate company T's code with company D's GPL-modified code. Thus, company T agreed to allow their code to be GPL'ed.

I'm sorry, but that sounds like the hopeful philosophy of a GPL fan, not the legal advice of an informed lawyer. There are so many holes in that argument that even I can spot, I can't believe it would -- or should -- ever hold up in court.

Re:Their in fault, not you

[Anonymous+Brave+Guy]

If [the third parties] decide to sue, use the GPL as a defense.

Summary finding against the defendant who breaches the rights of the third parties, I'm guessing. You just lost.

The fact that the people making the derived product gave it to you under a licence agreement they had no right to agree does not automatically excuse you from any obligations you have if you're in posession of code that belongs to third parties. If those parties have also actually told you that you are breaching their rights, and a court finds that you have persisted in doing so, I don't think you have much of a leg to stand on in any major Western legal system, even those that might allow a defence of ignorance initially.

Just because they say it's your responsiblity...

[HotNeedleOfInquiry]

Doesn't mean it is. You really need a good IP lawyer for this. If that's out of the question, I'd send each of the plugin companies a copy of the source, along with a letter stating that to the best of your knowledge, the code is yours and that you intend to GPL it. Give them 30 days to identify any code that they believe is theirs, with the option of declaring none. Tell them that if they do not respond in 30 days, their license to use your code will be terminated and they must cease marketing and supporting the product. Disclaimer - I am not a lawyer and this is not legal advice.

EveryAuction?

[Futurepower(R)]

The software being discussed seems to be EveryAuction. Is that correct? (Hahnfeld's email address is listed at the beginning of the Slashdot story as matth@everysoft.com.)

Practical Suggestions

[4of12]

<ianal>

I'd send a nice general "cover" letter to the company in question that used your GPL'd code as the basis for their extended code.

I'd thank them for recognizing and adhering to licensing restrictions, in this case the GPL. I'd mention that you, too, want to adhere to all licensing restrictions. Thus, if they incorporated others works that are bound by other specific licenses besides the GPL to make clear to you exactly which parts of the code are restricted in non-GPL ways.

If they don't have the time to mark other's code, at the very least they could mark code which is unambiguously "yours+their extensions".

Be prepared at any time in the future to remove chunks of code from the GPL project if some third party presents irrefutable evidence that such code is under their copyright and that they do not wish to distribute their code that way. Kinda like old RSA code used to be.

Someone may argue that you didn't properly adhere to the licensing agreements for that code, but that's where you have to be able to demonstrate that you made a good faith effort to adhere to all of the restrictions that you knew about. If the company did not inform you of those restrictions and you asked them to do so, then it will be more difficult to fault you. After all, it is that company that made agreements with the other licensors, NDAs, etc. and it is their responsibility to adhere to those agreements when giving code over to you.

</ianal>

Um...

[ichimunki]

If the application was GPL in the first place, please explain how anyone can write a proprietary extension for it and then prevent you, the original author of the software or assignee of copyright for the code (?) from distributing those extensions. Either you're leaving something out or these people are off their rockers-- or maybe they think there will be a high rate of return on their investment in copyright lawyers.

BTW, would future authors of these sorts of "Ask Slashdot" questions, please do a little self-promotion and include the name of the software in question? These discussions are nearly worthless when I can't do some Googling for background info.

Either/or

[TheSHAD0W]

Let me get this straight: You have the software company who was distributing the product containing your GPL'd code, and you have other coders who have contributed to the project, and who do not want their proprietary code made public. Now, either the other coders knew they were working with your code and may have been aware of the GPL licensing, or they didn't.

If they were aware of the licensing restrictions on the code they were working with, then they are morally in the wrong and a court will probably rule against them.

If they were not so aware, as in if the software company concealed the knowledge of GPL restrictions from them, or had them working on a separate segment of the code which was included in the project but not directly involved with the GPL, then it's the software company's fault in scheduling conflicting licenses. It is not YOUR responsibility to PUBLISH the source code, it is that company's; you might only be distributing that source, and perhaps not even that. The software company would have the options of:

(1) Withdrawing the program from the market completely;
(2) Replacing your GPL'd code with equivalent proprietary code, and keeping the codebase secret;
(3) Replacing the other coders' proprietary code with open-sourceable code (or licensing their code for open-source use) and publishing the codebase;
(4) Publishing the codebase as-is, and risk being sued by the other coders;
(5) Keeping the codebase secret, and risk being sued by you.

I do not see any way a court would hold you liable for making the software company publish the code; it was not your decision to tie their code up with yours. If it does head to court, though... Get a good lawyer.

Re:GPL - What's the use?

[ivan256]

The GPL is about giving power to the developer, not to the user. The idea was that the developer would use that power in the best interests of the user, but that's not part of the license unless your best interests are the same as the ones previously defined by the FSF. If you want a license that is designed to give power to the users you should use the BSD license.

Clearly, the GPL and licenses like it are the "*real* meaning of open source" though, since they force the code to remain open forever. Wether that's a good thing or not is another question.

"hey, you saw mine - now show me yours"?

[TheSHAD0W]

No, it's "hey, you USED mine - now let me USE yours."

You always have the option not to use the GPL'd code. There are closed-source alternatives for pretty much anything GPL'd software can do. Of course, you have to pay for it. Further, most GPL authors are willing to license their code for proprietary use -- again, if the money is right.

GPL'd code is not FREE code. There is a price. If it's not the price you want to pay, then don't buy it!

Re:GPL - What's the use?

[yeti+(dn)]

The purpose of GPL is really to draw a clear line between proprietary and free software. I.e. to assure code won't migrate from one world to the other in no direction.

By the nature of proprietary software, you can't make it free. By being able to take free code and incorporate it in propriatary app (probably with some added value), code would continually move from the free world into the proprietary. In other words, the proprietary codebase would be all code (proprietary + free), while the free codebase will contain the free code only. This would doom free code to become and/or remain marginal.

With a clear separation you now have two basic possibilities: use free code creating more free code and use proprietary creating more proprietary.

If you want to sell your code you can. But you can't sell other's code, and I don't see anything wrong in it.

Star Office

[Jahf]

In many ways this mirrors the story of Star Office. OpenOffice is a version that has proprietary code stripped (a couple fonts, some print drivers and ADAbas are the most obvious parts) while the commercial Star Office product still contains some code that can not be Open Sourced.

It's taking Sun years to replace the code that doesn't have an OS license. Unless you find it worth your time to rewrite lots of other peoples' code, I would suggest you either get the person who "opened" it for you to fix this or come to an alternate agreement with them.

Make them tell you what to remove...

[Picass0]

IANAL, but it seems to me the company that stole your code has an obligation to point out what code they added to yours. Have them give you some documentation of what code they added, and then filter out everything you cannot account for.

Also, if this is a matter of Plug-in publishers bullying you, cripple plug ins. If they want to still market their products, they will begin to panic when they realize they are not supported under new versions of your program. If they won't play nice, take your ball and go. Make them beg to get back in the game.

But that's just my opinion.

Re:idea for tool builders: metadata

[Jerf]

A neat idea but unfortunately, even "per-line" or "per-char" is the wrong dimension to measure. You'd really need to keep track of it per patch (or per commit in CVS terms, or whatever).

A contribution to a work means that part ownership of the copyright of that work goes to the contributer. (There are some interesting potential legal landmines with regard to what would constitute a "work": Single source file? Whole distribution? My guess as a non-lawyer is a court would go with "All of the above".)

The only way to strip out a propreitary bit of code would be to roll back through a source-control program, remove all the commits from the source history, and rebuild the program with new, non-owned code. So you'd need a way to mark commits as "proprietary", and roll them out.

Another thing you could try is keeping two trees, one "pure", and one with the proprietary stuff, and make sure to factor out any differences such that you can swap in the pure or proprietary code at any time. Takes a bit more design, but hey, that's true of most open source anyhow.

Willful violation

[nuggz]

But you didn't intend to violate their copyright. You didn't know you were violating their copyright.

I think this would be similar to purchasing stolen items. You don't get to keep them, but if you really didn't know it was stolen, you likely won't be punished, beyond losing the items that didn't belong to you, either.

Use your rights, damn it

[coyote-san]

I'm pissed. Who's your chickenshit lawyer so we can all avoid him ourselves?

EACH AND EVERY ONE OF THESE COMPANIES threatening you if you publish their propietary code has, indirectly, admitted to ripping you off. THEY are the ones who should be sweating, they have no right to the code that they wrote proprietary extensions to and it's black letter law that you have the right to order them to immediately cease and desist any and all future infringement of YOUR code.

This may put the companies out of business, or expose them to massive suits for non-performance. IT'S NOT YOUR RESPONSIBILITY. They are violating your IP rights, you have the unconditional right to order them to stop regardless of the consequences to them.

It won't take them long to realize that they have two options. One, they can lay off everyone (you've killed their product!) and sue the original infringer for damages while their clients sue them. They can't threaten you for exercising your own rights, especially after they tried to do it to you!

Or two, they can pay you a reasonable fee for the right to use the code in a proprietary product. Say, something between $20k-$50 plus the right to distribute the code in the infringing product today under any and all licenses you choose. If they want to pull code out, they can... at their expense. Just because something is released under the GPL doesn't mean you can't also license it for proprietary use.

Meanwhile expect to see the original infringer get hit with massive suits for fraud. They may think they pulled a fast one on you, but as long as you stand up for your rights you may yet have the last laugh as that company is forced into bankruptcy for stealing your code and presenting it as its own.

(IANAL disclaimer, etc.)

Re:Use your rights, damn it

[coyote-san]

As you said, only if they don't redistribute the changes. That covers in-house use and pure client/server "black box" implementations (where the GPL code sites on a server, never exposed to the client), but not distribution to clients of compiled or other derived products.

Since these companies are claiming that the code released by the primary infringer contains their propietary code, I don't see how any of them can make meaningful claims that they aren't distributing their changes - if they weren't distributing the changes, how did the primary infringer get the code to provide to this guy? Maybe there's a reasonable explanation out of this paradox, but it seems that the burden of proof is on them to defend their use of his code at this point.

(N.B., this doesn't mean that he has any right to their code either - but these intimidation tactics have got to stop. Everyone is entitled to their IP rights, not just companies with an arrogant attitude.)

um... this is more of a "Tell Slashdot"

[fist_187]

I'm not trying to discount the problem that you're having... I just think that regardless of what advice you take from this forum, you should also seek the advice of a lawyer.

This issue is definitely something the GPL crowd would like to be aware of, and its good that you posted it, but I think your best advice would come from a legal professional.

Simple!

[The+Iconoclast]

To remove all the proprietary bits from you software, simple bitwise-AND your program with the INVERSE proprietary bitmask!

Gosh! A single line of C code, what's Ask Slashdot coming to these days?!?!

FreeSoftware = !(PROPRIETARY BITMASK) && YourSoftware;

Unfortunately, case law does not agree

[Royster]

In the MySQL v. Nusphere case, the judge was unconcerned with the period of time after Nusphere released its code in accoprdance with the GPL. The judge ruled that the court would focus its attention on the 4 month period of time when Nusphere was in violation and not pay attention to the later period when they were were in compliance.

MySQL, with the assitance of the FSF, tried to argue that once the GPL had been breached, Nusphere could not remedy that by releasing all of its modified source and that they needed to renegotiate a new license. The court did not accept that argument.

MySQL v. Nusphere trial reference?

[Adam+J.+Richter]

There was a hearing for a preliminary injunction in February 2002 where the question was whether Nusphere's use of the code between then and the trial would cause irreperable harm (i.e., so that just assessing monetary damages at the end of the trial would not be good enough and an injunction was required before that). If the trial has actually occurred, as would have to be the case if the court truely ruled that Nusphere could remedy its breach by releasing all of its modified source, then could you post a reference for the actual trial? I see lots of documents about the preliminary hearing on google, but none about the trial having occurred.

I am not a lawyer. Do not use this as legal advice.

Re:MySQL v. Nusphere trial reference?

[Royster]

The case was settled before it reached trial. It was settled in part because of the opinion of the judge ruling of the judge in the preliminary injunction stage. The judge found no harm at all, much less irreparable harm, after Nusphere released the source.

Re:MySQL v. Nusphere trial reference?

[Adam+J.+Richter]

The case was settled before it reached trial. It was settled in part because of the opinion of the judge ruling of the judge in the preliminary injunction stage. The judge found no harm at all, much less irreparable harm, after Nusphere released the source.

The question of "no harm at all" would not have been before the court for a preliminary injunction, only irreparability.

I could believe that the judge might have determined that there was no irreperable harm from the copyright component and then might have decided for the purposes of the preliminary injunction hearing only to accept arguments about the irreparability of the trademark infringement (and I think it would be a lot easier to argue that trademark infringement is irreperable). But if you claim the judge ruled about something I don't think could have been considered to be before the court at that hearing, then you I'd need to see specific references to be convinced that this isn't a case of your recollection being skewed.

I'm not a lawyer, so don't take this a legal advice.

Re:MySQL v. Nusphere trial reference?

[Royster]

You're right to be sceptical of my recollection. I spent some time yesterday looking for a copy of this preliminary ruling and I couldn't find it. But something caused these parties to settle.

Frequently when a judge lays out his reasoning in a preliminary motion, it gives the parties a clue as to what issues the judge thinks are significant in the case to come. In judging a preliminary ruling, the judge assumes facts in dispute in favor of the non-moving party. This can often tip the moving party as to how much they can expect if they can actually prove the facts they assert.

not a question for slashdot.

[Inominate]

How about asking someone who isn't going to simply pull answer out of thier ass, and instead ask someone who might know? i.e. a lawywer.

"Hi, I've been threatened with a lawsuit, seeing as how most of you know nothing about the law, I'd like to know what you think I should do?"

You might as well ask a magic 8-ball.

Give FSF Co-ownership

[dh003i]

Give the FSF co-ownership of your copyright. This way, they can enforce it or you can enforce it, and both they and you can negotiate with violators.

This way, you still own the copyright, but if you're somehow unable to defend it, the FSF can do so.

Re:Give FSF Co-ownership

[0x0d0a]

This push the FSF does to "give us ownership of your code so that you can get legal defense" is a little disturbing. In most cases they already have legal power to do revisions to your license (GPL v3). I'm more than a bit uncomfortable with how much IP power they're accumulating. Oh, it's fine now, but what about 50 years from now when Stallman's dead, and some big company manages to buy off a majority of the members in the thing? They already have more IP power than any other single organization I can think of, and it's growing rapidly.

The FSF is a single point of failure for the GPL. They're also the source of my single sense of unhappiness with it.

Linus feels the same way -- he's gone GPL v2 only, which eliminates their revision power as regards the Linux kernel.

Re:Give FSF Co-ownership

[dh003i]

WRONG. The FSF doesn't have the power to do anything with your license. The GPL just says "version X.x of the GPL OR any later version". In other words, the USER GETS TO CHOOSE which one to follow, according to the FSF. That's better, as it gives the user more FREEDOM. Thus you're concerns and those of Linus are completely unwarranted on this matter. The end-user being able to choose which version of the GPL gives the end user more FREEDOM. Also, note, that the copyright author not the GPL grants the user the right to choose which version of the GPL to use. I.e,. the author can say "version 3" which means version 3, or they can say "version 3 or later," which means version 3 or any later version, at the user's choice. The GPL itself does not say "you may abide by this version of the GPL or any later version at your choice" (Though I'd argue it should, since this gives the user more freedom).

As I also said, I think that you should give co-ownership to any organization which stands up for the freedoms you want to protect, including the FSF, OSI, EFF, etc. This way, there is no single point of failure.

Re:Give FSF Co-ownership

[0x0d0a]

WRONG

Do tell.

The FSF doesn't have the power to do anything with your license.

Ah. We'll see.

The GPL just says "version X.x of the GPL OR any later version.

Yes, that's precisely what I'm objecting to.

In other words, the USER GETS TO CHOOSE which one to follow, according to the FSF.

Which is completely meaningless, because anyone that gets their hands on your code can then use the revision if they want. You have zero guarantees that, say, Red Hat or SuSE won't be granted rights to use the source without reopening it. Don't laugh -- this has been brought up as possible material for the GPLv3, and is why Linus refuses to grant revision ability to the FSF.

That's better, as it gives the user more FREEDOM.

Meaningless semantics. It has a legal, practical impact that we both recognize and that I and many others have an issue with. Saying that this is "better" because it's a "freedom" issue is simply meaningless. Should I be allowed to shoot you because it's a "freedom" issue?

Thus you're concerns and those of Linus are completely unwarranted on this matter.

Oh. Thanks for straightening Torvalds and me out.

The end-user being able to choose which version of the GPL gives the end user more FREEDOM.

As stated above, semantic arguments are meaningless for our situation.

Also, note, that the copyright author not the GPL grants the user the right to choose which version of the GPL to use.

True. Unfortunately, a very rarely exercised option. Torvalds does it, and a number of other people, but not enough to put a firm clamp on the FSF running amok. On the up side, just as the GPL virally spreads through code, the version-restricted GPL virally spreads through the regular GPL, so I'm fairly comfortable that this is not a problem. Eventually everyone will be forced into a single version of the license.

Though I'd argue it should, since this gives the user more freedom.

Okay, I could point out that the GPL is designed to allow the developer freedom, and the BSD license the user freedom, and by your logic the BSD license would be superior, but it's a semantic argument, as I said above. "More freedom"...who cares? The practical impact is what matters.

As I also said, I think that you should give co-ownership to any organization which stands up for the freedoms you want to protect, including the FSF, OSI, EFF, etc. That way, there is no single point of failure.

That's idiotic. Most people using the GPL specifically use it because they do *not* want a BSD-style license. Giving co-ownership does nothing but add another point of failure (where the thing could be relicensed by a single corrupt party to be closed source). It does *not* add additional robustness to your license -- it significantly decreases it.

you've got a lawyer already, use it

[ameoba]

You obviously have a lawyer already, since you managed to reach a settlment with the GPL violator, why not continue to use his services? Slashdot can't really give you good legal advice, what we -can- help you with is comming up with the technical solutions to actually achieve what your lawyers decides is the best course of action.

In general, I'd avoid any solution that relies on NDAs. There are too many ways that too many people could get hamstrung and/or tied up in court for too long by them, especially if any of the commercial developers consider themselves in competition, not to mention what they could do to you in the future (of course your future work is ALWAYS going to be suspect, if you ever venture into any of the areas covered by stolen code).

At first thought, I'd say expect the developers of the commercial add-ons to follow your site, and stand up and go over the code, identifying their code. The problem being that you'd potentially be giving competetors eachother's code, potentially allowing both of them to steal the competitor's code AND sue you for giving their code to their competitor. Of course, any halfway decent lawyer should easily spot things like this.

Perhaps what you need to do is pull out sections of code that you would like to add to the main codebase and then post small sections, which should be enough for the owner to identify the code, but not enough to give away any significant functionality. If a developer can send you the code that follows it, throw that module away. To me, a 90 day period would seem sensible since, as I mentioned earlier, any commercial developer that fails to check your site/release-notes/mailing-list in that long isn't serious. Again, the lawyer can figure out the finer points here.

Re:EXACTLY

[HotNeedleOfInquiry]

I don't disagree with anything you've said. And I also use the services of lawyers as needed. That said, there is a big, fat, grey area of life that involves negotiating deals and contracts. I almost always handle these things myself. The sad thing about getting a legal opinion is that there's a good chance that your advisary is getting the opposite legal opinion from his attorney.

Mod Parent Up

[hughk]

I'm not sure if the AC is genuine, but he has a valid point. If the AC developed some code which was combined by a third party with the GPLed code and the third-party released the merged software as propriatary.

Its an interesting point because the AC acted in good faith and it is that third-party who did the dirty. However if the code isn't attributed during the merge, it becomes very difficult to say which bit came from where.

My view is that the merger was the same as the third-party inadvertantly disclosing AC's proprietary software. The third-party becomes responsible for any tidying up.

No

[anthony_dipierro]

But short of not distributing the newly GPL'ed software, is there any way for me to protect myself in the event some proprietary code gets left in the GPL code?

No. But depending on the financial status of the company violating your copyright, and whether or not your "settlement" was legally binding settlement, you could possibly sue for incidental damages or something.

If you don't have a real "settlement," you could mitigate your potential damages and pay for a full code review and then turn the charges over to the copyright infringer.

Re:Just because they say it's your responsiblity..

[0x0d0a]

I'm also not a lawyer. However, at the very least I suspect this would have to be certified mail, and I strongly suspect that you cannot nullify someone's copyright by doing this.

I think what would happen if you tried this is that you'd piss off/scare the parties involved, they'd retain a lawyer, they'd start sending nasty notes and look at taking legal action with you. Which is what they should do.

Basically, it comes down to this. The original guy infringed the GPL. He needs to stop distributing the code. You may be able to sue him for damages for using your code without license. It doesn't mean that he can give away other code that he doesn't own, however.

Re:Already slashdottet?

[0x0d0a]

You know, if you aren't keeping it private for one reason or another, it might be interesting to know how you figured out that the guy was using GPLed software. Whether it was an inadvertent forum post (and he didn't understand the GPL) or whether you did an Xvid-style binary code comparison...

Re:You're screwed [kinda]

[0x0d0a]

I'm curious. Is licensing like water? That is, if I GPL a complete work, and then part of that code isn't copyrighted by me, is the GPLing still valid as regards the part that I do own?

I wonder if this has even ever been hammered out before. Probably, but it would take a lawyer to track down the case law.

It could be that the entire deal was bad the moment the guy tried to GPL the code he didn't own, so you'd want a revised agreement first.

Also, if he wrote the code under NDA from the propriatary people, they *might* be able to claim that his code exposes important knowledge about their own software that constitutes a trade secret (If someone wrote part of a driver for, say, Nvidia, I suspect this could be the case).

Re:one

[0x0d0a]

[sigh]. Things were so much simpler in the Dark Ages. You and the EveryAuction guy and the other authors go out and beat the snot out of the guy who illegally grabbed all your code.

Re:You're screwed [kinda]

[0x0d0a]

That wasn't really what I was asking.

if you take GPL'd code and make somethin else, the finished product, even if it no longer does the same thing it did before, must be gpl'd

I realize that.

My question (I'll restate and perhaps be clearer) :

A = The guy that wrote the original GPL work.
B = The guy that illegally grabbed the GPL stuff, then merged it with propriatary stuff, then illegally tried to GPL someone else's code.

I am, for the moment, ignoring the fact that B is already in hot water for distributing a derivative work containing GPLed code under a non-GPL license. We all agree that B is already in hot water for doing that.

My question relates to the second bit: B has made an invalid license in trying to GPL the derivative code he made. It contains non-GPLed code that he does not own which he does not have the right to GPL, thus the derivative project cannot be GPLed as a whole. He attempted to GPL the derivative work as a whole. This license is necessarily *invalid*.

I believe that the derivative work contains three sections of code. The propriatary code from the third party, the GPL code from A, and some additions from B.

Now, B has made this invalid licensing under the GPL of his derivative work as a whole. Since this is invalid with respect to the propriatary extensions, my question is whether his license is still in place (and binds him) as regards his *own* contributions to the derivative work, or whether the entire thing simply goes out the window.

If B makes three licenses that say:

"I am licensing A's contribution under the GPL", that's valid
"I am licensing B's contribution under the GPL" this is valid, as he's the copyright holder
"I am licensing third party propriatary bits under the GPL", this is not valid.

However, the first two licenses still hold (though only the second one is important).

This guy made a *single* license that applies to the work as a whole. Are his own contributions to the derived work now GPLed or not?

No Remedy, but a treatment

[oldstrat]

/.
1. Send the source to your new release to known plug-in makers with a notice of a 90 day window to review for code that may belong to them.

2. Make a new release (not the one you have in mind now), with a notice that says that those who are possibly affected that are not on your list should contact you within 30 days for a review copy, followed by a 60 day time to review.


Neither of these will free you of the possibility that someone will come later and claim ownership of some this or that of code, but it should put you in the clear on having made an attempt beforehand.

Jeez this is scary

[Anonymous+Brave+Guy]

I'm no expert in US law (I don't live there), but even with my basic knowledge of how it works and reading the obviously simplified summary here, I can see that most of the posts offering legal advice here are way off base. The scary thing is that equally off-base people are clearly moderating them up because they sound convincing, regardless of their legal correctness!

It seems to me that the only sensible action for the original poster to take immediately (aside from speaking to a lawyer again) can be some sort of legal move to force those who derived from his GPL'd work to either GPL the derivative (if they can) or stop distributing it. If the derived work cannot be GPL'd because it also includes indepently licensed third-party bits, then that narrows the options to one.

I don't understand why the OP is so keen to host the derived now-supposedly-GPL'd work using his own resources, though. He gains no obvious benefit from doing so, and if US law allows for penalties for distributing code contrary to its licence, it seems to leave him open to action by the third parties if they are being ripped off. If US law actually says that the OP can distribute something just because someone told him it was GPL'd, even though it actually wasn't, it would be about the only legal system in the Western world that did...

You're in dreamland

[Anonymous+Brave+Guy]

Big big difference here, in that these other corporations ALLOWED their code to be incorporated into the code by this other company. If they wanted their code not to be GPL'ed, they had the OBLIGATION to make sure that that other company wasn't integrating/mixing their code with GPL'ed code in a way in which the GPL doesn't allow (unless you distribute it under the GPL). Again, THEIR responsibility.

Suppose I write a library, which I choose to distribute under some licence that forbids giving away the source code. Are you saying that I must check the intentions of everyone buying my library, to make sure that they aren't planning to GPL it and give away the code, and that if I fail to do so, my code automatically becomes GPL'd?

Could you please cite even the slightest shred of copyright law in your chosen jurisdiction or even common sense that supports this claim?

Re:You're in dreamland

[dh003i]

Well, I was under the impression that they entered into a specific agreement with the other company, allowing them to use their source code. That means they should have been aware of whether or not the other company had GPL'ed source.

Re:You're in dreamland

[Anonymous+Brave+Guy]

How does that follow at all? Every time a major vendor sells a product with a licence agreement, they enter into a contract with the buyer. Are they assumed to be aware of how that buyer intends to use the product, and to give up all rights they would otherwise have over it? You are basically arguing that not only to EULAs have no legal validity -- which we all know is a largely untested area of law anyway -- but that it is the vendor's responsibility to be aware of the wishes of every buyer, which turns established practice on its head. Where is the legal or moral basis for this?

Re:You're in dreamland

[dh003i]

In this specific case, the company set up an agreement with another compnay to let them merge source codes. It was a specific agreement they negotiated, and they were either aware or should have been aware that the other company incorporated GPL'ed code.

Re:You're in dreamland

[Anonymous+Brave+Guy]

It was a specific agreement they negotiated, and they were either aware or should have been aware that the other company incorporated GPL'ed code.

So you keep saying, but if there was a specific agreement, did it allow for the release of source code under terms compatible with the GPL? And why were they aware or should they have been aware of the relevance of the GPL here? What do you know about this case that the rest of us don't?

Re:You're in dreamland

[dh003i]

Well, gee, they're agreeing to allow company X to integrate company X's code with their own. Thus, they should have had knowledge of company X's code, and should have made inquiries to determine if company X had any code in it that was under the GPL, or any other code which has specific distribution requirements.

Re:You're in dreamland

[Anonymous+Brave+Guy]

I give up. You're either much better informed about the exact details of this than the rest of us, or just incredibly stupid (or naive).

If I agree to let someone else use my code for some compensation, then I generally have some sort of licence agreement or other contract that specifies how they may use it. It is that agreement that governs whether or not they may GPL it, distribute it, or whatever. The fact that I haven't checked their whole business out (as if I had any right or ability to do that anyway) does not mean they are exempt from the agreement, nor that they may use my code in ways not specified in that agreement (or otherwise allowed to them in law). If this were not the case, the whole software business would fall apart, as no-one could afford to sell their code to a wide market since they'd have to check out every single buyer's intent.

You are arguing that the complete opposite is true, that the obligation to understand how things are used rests with the seller and not the buyer. You have totally failed to justify your position based on any legal references anywhere, and you are arguing for a position that would be totally impractical if you actually tried to implement it. Why do you bother?