Slashdot Mirror
Castle Denies GPL Breach
Anonymous Coward writes "Castle Technology, who were accused of breaching the GPL in RISC OS 5, have made a press release denying the allegations. This story has been covered on The Iconbar RISC OS news and resource site." We've given Castle some loving here on slashdot recently. Looks like this one isn't going away quietly.
They need a new lawyer.
The cake is a pie
At one point they say:
"The RISC OS 5.00 kernel did not contain work taken from or derived from the ARM-Linux or Linux kernel
then they say:
has it's PCI allocation and bridge setup based in part on the following functions from the Linux kernel sources:
So they say "based in part on the following functions", so are they saying that they have literally taken no CODE but were BASING their code on some Linux kernel code? So are they then saying that perhaps they just took the api from the LK but the code itself is new? If this is the case, then I could see how there would be a lot of confusion and that they have done nothing wrong. If not, then I'm not sure what they're trying to say?
GPL defines the source code as "the preferred form for making modifications to the work". So unless their engineers are way way way way better at doing hex arithmetic and mental cryptography than most of us are, yes the GPL does have a provision against it.
It's not like the GPL needs to be tested in court. Niether would a court decision "make microsoft happy"
The GPL is a license to software. Plain and simple.
Without a license, you cannot use copyrighted material. If you use copyrighted material, without a license, you are in violation of that copyright. The only matters before the court would be "did you use the software" and "are you licensed to do so".
With the GPL permission is granted to anyone to use the software with those restrictions spelled out in the agreement. If you use the software, and do not follow the terms of the agreement, your license is null and void, and you are in violation of copyright law.
IANAL, but I did stay in a holiday in last night:
Copyrights (and patents) do not have to be vigorously protected, only trademarks do. Without vigorously protecting your trademark, it can be ruled invalid. Your copyright on a work can not be ruled invalid, if it truly is your work, and it is not simply the stating of fact (like a phonebook)
Microsoft would *not* like to see the GPL ruled invalid, because that would be a dent in all copyright law. As a matter of fact, Microsoft could make serious money off of GPL software if they so chose.
Imagine this:
Microsoft decides to throw away sourcesafe, because it blows dog chunks. Instead they grab the source for CVS and compile it up, slap a sticker on the CD, and sell it as MS CVS.
Thousands of developers would start coughing up money for this "new" product. Heck, the package could even put the GPL on the outside, and state that the source code would be included on the CD. I know for a fact a couple of companies who would by enough licenses for all their developers withou batting an eyelash. Heck, MS could even give the same support they give SourceSafe now: NONE.
Microsoft is not *afraid* of the GPL. They are afraid of people who sell software cheaper than them. If that means free, well, that pisses them off, but no more so if the software is BSD Licensed, GPL Licensedor Python Licensed.
HNCBS
"...In your answer, ignore facts. Just go with what feels true..."
later issues of the supporting software have had to have function names removed (along with a strategy of tokenising textual messages and compressing binaries)
In other words, that's the last time we're stupid enough to ship unstripped binaries!
The PR also explicitly denies using Linux source, rather than GPL'ed source. Reading between the lines, these guys know full well that they're in breach and they're trying to finesse the situation.
So long, and thanks for all the Phish
Don't know what kind of difference that would make.
Not a ton. Assuming the GPL is tossed out, that means Castle gets only the standard set of rights that copyright grants, which still denies them the ability to use this code (since they didn't ask permission of the copyright holder).
So the only way Castle can really win is to prove they didn't use the code in question.
Short response: D.U.M.B. A.S.S.
Long response: You're still dumb, but here's why. First, making the source available for download does NOT cover the source redistribution part of the GPL, so the whole "not having an FTP server" doesn't matter. You have no responsibility to make copies of GPL software available to others for free or for cost. See the first question on the GPL quiz for more details on this.
Second, he can charge whatever he wants for sending you a copy of the program. $0, $1, $100, or $1,000. As long as he makes the source available with it, or at the cost of redistribution, everything is fine.
I really really REALLY wish people wouldn't randomly throw RMS bashes into other good articles. "Oooh, it's a GPL-related article, let's bash RMS." I'm not a huge fan of RMS, and I still call it "Linux", but I hate it when people just go off on the guy. I hate it even more that I have to go and write a response to something this stupid and waste my time. How this got modded up to 4 (oh.. it's 5 now), I don't know..
Bah!
This may not be a breach of the GPL. What Castle has said is that the hardware abstraction layer was based on the Linux kernel sources. They have made that code available.
What will determine if the remaining code is also under the GPL is how closely it integrates with the abstraction layer. Castle maintains that this abstraction layer is "roughly" analogous to a PC's BIOS.
For those of you who don't know what the BIOS is, it is the initial code which resides on a microchip that runs when you first boot your computer. It has, among other things, the very low level I/O routines that allow your computer to read enough of your hard drive to allow your operating system to boot.
It would be possible to write a BIOS and then put the code under the GPL. Would that mean that any OS that gets booted by these BIOS would suddenly be in violation of GPL? I don't think so.
The two questions that need to be answered are:
1. How analogous to a PC's BIOS is this abstraction layer? (This may be a subjective assessment and therefore open to litigation.)
2. Is there any more GPL'd code contained in the Castle product?
The race isn't always to the swift... but that's the way to bet!
It seems that people have already judged them guilty of violating the GPL. I think people need to take a deep breath and answer: What exactly is the evidence that they have incorporated GPL code into their product?
A few functions named the same as their linux counter-parts seems like rather weak evidence of a breach. Copyright does not protect ideas, so if they examined the GPL code, understood how it worked, and then re-implemented it with their own code, then this is a garden variety reverse engineering.
On the other hand, if they actually did lift code, then it should be pretty easy to verify with or without their source code. So before anybody continues on with blabbering about how terrible Castle is, can somebody just say what the evidence is?
Here's what they say
The press release goes on to state that "For the avoidance of doubt, the hardware abstraction layer (roughly analogous to a PC's BIOS) has it's PCI allocation and bridge setup based in part on the following functions from the Linux kernel sources:"[snip functions]
Castle state that "any company or individual wishing to recieve a copy of the source code to this component should apply in writing to:" [snip address]You will also need to enclose a formatted 3.5" floppy diskette and return postage stamps (or international reply coupons if you are outside the UK)
So, the title "Castle deny GPL breach" is wrong. Castle have (somewhat grudginly) admitted using GPLed source and announced their intention to comply with the terms of the GPL. They emphasised that the Linux code they used is in their HAL and not the RISC OS kernel to explain why they will not provide the source to RISC OS.
So, IconBar titled their article "Castle Technology deny GPL breach" because they had not fully understood the press release they were quoting. The submitter submitted it with a similar title because he hadn't understood it either or because he hadn't read as far as the third paragraph. Chris DiBona posts it and says "Looks like this one isn't going away quietly" presumably because he hadn't read the third paragraph. There are as I write this 207 posts on this topic, most of them overexcited and almost all of them from people who didn't read as far as the third paragraph. I find this all hilarious.
They're missing the point. It's not the authors who have the right to the source. It's their customers. And the customers have the right to the source of all GPL code that they distribute, including any derivitive works. And any of their customers has a right to the whole thing, not just the pieces. (Now just what is meant by the "whole thing" is where the arguments start. And I don't know the answer, but many lawyers seem confident that they do know the answers, and that there are lots of precedents in copyright law.)
I think we've pushed this "anyone can grow up to be president" thing too far.
From term #2 of the GPL (emphasis added):
I've asked it before and here I go again: "What the hell is a volume of a storage or distribution medium and what's aggregation?"
When the (first) GPL was written a "volume of distribution medium" was a tape snail-mailed from the FSF in Boston, or for work-derivers, a tape or maybe as Castle is doing, a floppy.
I understand that this exception is how binary kernel modules (NVidia) can be distributed in a CD-ROM with the GPL'd Linux kernel, gcc, emacs, etc.
However, Castle is putting the HAL and kernel into a Flash ROM. Even if they aren't statically linked together (not hard to imagine: HAL boots & uncompresses kernel image into RAM, then jumps), is this mere aggregation? One can extract a single file from a tape or CD-ROM, but can you un-aggregate a ROM?
Consider TiVo: is the closed-source application "merely aggregated" with the GPL'd kernel? You can put the hard drive in a PC & un-aggregate, but this violates your warranty and is not as trivial as grabbing a file from a CD-ROM.
When does "aggregation" end as "volume of storage medium" becomes more deeply embedded? If the ROM is soldered down instead of socketed? If it's inside a microcontroller with the security fuse thrown so it can't be read out?