Slashdot Mirror
Embedded Device Manufacturers Ignoring GPL
swillden writes "Iain Barker and some other Linux Kernel Mailing List readers have discovered that several manufacturers of DVD players based on the Sigma Designs EM8500 chipset are distributing Linux, both in the devices and as binary-only firmware upgrades, but not providing source. Apparently, Sigma Designs provides its customers with a copy of the kernel as part of a chipset SDK, and those customers are making and selling devices without complying with the terms of the GPL. It's not clear if this is because Sigma didn't tell its customers about the GPL and their obligations, or if they're all ignoring it on their own. Maybe they've all bought licenses from SCO and therefore don't have to comply with the GPL? The LKML post contains a list of some of the infringers."
*Takes bait*
It doesn't matter if you don't modify the kernel; if you distribute it, you must provide source.
Bruce
Bruce Perens.
Considering that they mostly got away with stealing the xvid group's work with thier x-card, Sigma's got a history of ignoring licensing requirements on Free software. I wouldn't be surprised to learn that they had been telling their customers that it was all their own proprietary code, no linux about it.
When information is power, privacy is freedom.
It really pisses me off how overzealous you Linux people are. The GPL is there to protect freedom, not make it so companies are unable to use it to do business. Calm down for a bit and see what's going on before you react liek this next time.
Actually, from what I understand, the BSD license is more appropriate for businesses who do not wish to disclose their modifications.
Join the TWIT army now!
No reason to wait... This kind of thing has happened many times before. You send 'em a "comply or desist" letter, which should weed out all those infringing due to ignorance. So far, all GPL infringment cases have been settled out of court, which is why everybody's saying it's "untested in court". In reality, no lawyer in their right mind would actually try to fight the GPL. It's not like this issue's never come up before.
-3Suns
~~~~
The Revolution will be Slashdotted
I would have thought somebody of your stature wouldn't have made such a simple mistake. The GPL doesn't state that distributors have to supply source with all products, only that it is supplied on request. Thus the company does nothing wrong until it refuses to release the source upon a request.
Hey Bruce, do you know if anyone is doing anything about these violators?
Off the top of my head they've modified GRUB, VideoLan, and KHTML and aren't distributing the source code or including a written offer for the source code in the distribution.
Dinivin
You have to distribute source whether or not it's a derivative work.
Not exactly true. You do not have to DISTRIBUTE the source, you can make the source available on request and that is good enough.
See paragraph 2 of the GPL Preamble (...or can get it if you want it.) as well as Item 3, Sub-Item B of the main body:
"b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,"
In short, you DON'T have to distribute the source WITH the product. Making it available via a download would satisfy.
-Charles
Learning HOW to think is more important than learning WHAT to think.
I didn't write the RPL(it was written by Scott Shattuck at Technical Pursuit--but I helped with some of the legal research and also helped walk the license through the OSI approval process.
The fact that they're distributing it just as a binary is not in itself a GPL violation. The GPL doesn't require that you actually include the source code, but rather that you make the source code accessible without much hassle. So who knows, maybe if you called one of these companies asking for the source code they would send you a file or a CD or something with the source code on it! In that case they would be totally in-line with the GPL.
However, I would bet that that's not really the case and they don't make the source code available as easily as that. In that case there probably should be some complaining about it as they would be in violation of the GPL. Even if that were the case though, I doubt they would be opposed to changing their practices to make that code available, especially since (from what people have been saying) they don't seem to have modified the code very much.
why can't you just ignore the GPL?
As a user... you can ignore the GPL. You can use the software as you see fit.
As a distributer of GPL'ed software - you have to get permission from the copyright holder to copy the software, or, if you'd like, follow the terms of the GPL.
With an EULA, you have to get permission from the copyright holder to copy the software. (Fat chance). Or.... nothing. EULA's don't give you permission to copy software at all.
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
Bruce
Bruce Perens.
Is in compliance, or at least appear to be.
Bruce
Bruce Perens.
The GPL doesn't state that distributors have to supply source with all products, only that it is supplied on request.
To comply fully with the GPL you have to offer the source code. The GPL is quite explicit about this: when you distribute a binary, you have to tell people how they can get the source code and the offer has to accompany the binary distribution.
The real "Libtards" are the Libertarians!
They have done so. It's $32 per device. RD
The big difference is that the people who are violating the GPL are distributing the GPL code in a product. When you redistribute or sell the code, you have a different set of obligations than a user does. The GPL allows the end user to do almost anything.
Thanks,
Bruce
You're half right. You don't need to offer the source code yourself; you may direct people who ask for the source to somebody else's FTP site. However the source stops being available from there, you still have to provide it.
But it's not so relevant. What is relevant: if they distribute it, they _have_ to include the GPL license, the copyright statements and an offer that describes where the source code can be obtained.
If they don't tell their customer that the software is GPL licensed, they're already wrong.
kernel source printed out
The GPL says machine-readable source code. That could for example be a CD. But certainly not printed on paper.
Do you care about the security of your wireless mouse?
3(b) of the GPL says the written offer must apply to any third party, not just the person who got the binary.
Bruce
Bruce Perens.
linux zealots at their best, foaming at the mouth whenever someone doesn't follow their every command.
You're trolling, but this raises some worthwhile points, so I'll respond anyway.
In the first place, this is no different whatsoever from the behavior of any copyright holder -- just try distributing DVD players running Windows CE without a license, and see if Microsoft doesn't get peeved.
In the second place, no one has to follow the commands of the "Linux zealots". Anyone can opt out of the GPL by simply not distributing GPL'd code. Don't distribute, and you won't be subject to the terms of the license.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Just read up in the GPL and you will find that you in fact cannot distribute the Kernel regardless of the fact that you did or did not do modifications to it.
That is, unless you accept the GPL, which clearly states that you have to distribute the source with it, or, a written offer, valid for three years.
This requirement cannot be fulfilled by providing links to third parties distributing the source (e.g. kernel.org). This is because these third parties are not under your control and could cease to offer their services before the three years are up.
So yes, even if your kernel is absolutely unmodified you have to provide the source if you distribute it.
(This is not a huge issue...it's not like people will be swarming to download your source. Most users will have no interest in getting the source from you.)
They do not appear to have modified busybox (as far as I can tell). They have included a number of GNU utilities (and claim that they are unmodified and, hence, don't have to distribute the source).
Dinivin
The GPL is not so hard to understand and is hardly ambiguous...
/ maine-speech.html
This is the short and very clear deduction from the GPL text by the person that made the arangement for this copyright, Eben Moglen.
He said it in here:http://emoglen.law.columbia.edu/publications
The GPL, whose language you've been referred to, is not quite as elegant a license as I would like but it is pretty short; yet I can put it more simply for you. It says: ``Take this software; do what you want with it--copy, modify, redistribute. But if you distribute, modified or unmodified, do not attempt to give anybody to whom you distribute fewer rights than you had in the material with which you began. Have a nice day.'' That's all. It requires no acceptance, it requires no contractual obligation. It says, you are permitted to do, just don't try to reduce anybody else's rights.
So stick by it or have a chance to get sued...
..... or is it copyright law which is being violated here? Copyright law says you need permission from somebody to distribute copies of stuff. The GPL is permission to distribute copies of stuff as long as you comply with certain conditions. If somebody has been distributing binaries without making the source code available, then the permission granted by the GPL is automatically withdrawn.
.config file to be released.
..... even a load of IFs and GOTOs that would compile to produce the same object code probably would do ..... there'd be more than enough work for all the lawyers in the USA sorting out who had violated whose copyright!
If these companies are simply distributing binaries compiled from unmodified sources available on a site such as kernel.org, then there is not much of a case, because the source is already available elsewhere. They might be able to weasel out of their obligation by claiming someone else already has fulfilled it for them. However, if the kernel source has been in any way modified, then the GPL certainly requires source code to be made available in order for permission to copy to be granted. And it could be argued that the act of configuring the kernel constitutes a modification, or at least requires for the
Of course, the whole thing might start to get unbelievably messy if someone were to reverse-engineer this firmware and post a source code listing somewhere
Je fume. Tu fumes. Nous fûmes!
In the case of a computer with Linux, if you give it away you fall under 3(c) of the GPL, and only have to pass on the source-code offers that were given you. If you sell it, you fall under 3(a) and 3(b), so you either distribute the source code with the computer or make an offer to do so valid for 3 years.
Me, I'd wipe the disk, put on a fresh install, and give the buyer the CD set.
Bruce
Bruce Perens.
Nope, the GPL says "offer [...] to give any third party [...] a complete machine-readable copy of the corresponding source code". That could for example be a little slip of paper, saying "You can download the Linux kernel source at $company_url".
There's normally already lots of little slips inside a generic DVD player package, saying things like "If you can read this, your warranty is void" and other stuff, so one more shouldn't bring the cost up by too much.
why can't you just ignore the GPL?
You can. The GPL even says so. Section 5 says:
However, if you don't accept the GPL, then ordinary copyright law applies, and copyright law says that you're not allowed to make copies of a copyrighted work without permission of the copyright holder. So, you can use GPL code without accepting the GPL, but you have no right to distribute it.
Section 5 goes on:
If you want to make and distribute copies, you have to get permission. The GPL will grant you that permission, but only with some caveats. Or you can contact the copyright holder(s) and negotiate some other agreement that gives you permission. If you don't want to do either of those, then you can't distribute the code without opening yourself up to lawsuits.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Quote from the GPL:
Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.
In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.
As long as any GPL'd source that is modified is rereleased under the GPL, which may very well be none, the worst violation I see is forgetting to include a link to the source code provided by whoever gave them the binaries, which is required if you make redistribute a unmodified binary-only version of a GPL'd program.
Great now we can get some DVD code and keys
Who cares? CSS is so thoroughly cracked that today's open source decryption code doesn't even need any keys. It just looks at the encrypted stream and does a ciphertext-only attack to recover the keys, which it then uses to decrypt the data. CSS sucks.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
As far as a contract goes, I'm still convinced that it's null and void because there's no consideration involved.
In which case you would have no right to sell your derivative work whatsoever.
If a contract is void, that doesn't mean one side automatically gets everything it wants. The kernel developers still retain the rights to their code. If a company wanted to use the developers' work to make a product, and the GPL were void, the company would still need to deal privately with the developers to obtain suitable licenses.
I recently read the additional header that Linus Torvalds put into the kernel at it's origination. In that header, he indicated that simply running an application, using usual system calls, did not automaticly force the code to be GPL'd too. As far as I could understand, his intention was to allow closed-source and open-source code to live together, under the hope that they could play nice, and that modifications that a "closed-source" shop might want to make to the kernel should be made public for all to see and absorbed. I personally view this as a nice balance, you shouldn't be forced to do anything with your code if you are simply using services provided by the kernel as part of it's open API
My understanding of that quote, and the following quote from Linus Torvalds from a Google search of the mailing list:
leads me to believe that this (distributing embedded systems)might be alright.... Calling a kernel service from closed-source code does not necessarily cause it to be GPL'd too.How are the manufacturers using the kernel? Are they simply providing the stock embedded 2.4.XX kernel with their application set to run on startup through init?....I don't view that as an automatic violation....especially if they have not modified the kernel in any way, and are simply including a binary to run as an application
The real question, it appears to me, is did they modify the kernel or include their code in such a way that they've linked directly into the kernel.
It seems that there's more homework that needs to be done before painting these companies as crooks. This will be more of a problem as more companies start using Linux too!.... This type of scare tactic is only going to send them running for the cover of MS or Windriver.... Let's keep an open mind, communicate, and use the GPL in a responsible manner. I don't believe that just because it's embedded, it's automaticly all GPL'd.
I can't lie under oath. And I have to deal with discovery - the fact that the court can force me to give my opinion whether it is to the customer's advantage or not.
So, when I think my testimony would damage them, I have once or twice told a customer - you don't want me to work on this any longer, and you don't want to know why. And they know not to probe farther.
Thanks
Bruce
Bruce Perens.
The GPL states that those that distribute GPLed software must provide the source to the recipients of the distributions upon request. That does NOT mean that they have to make the source available on their website. It means that people you receive the ditribution, in the form of the DVD player, must receive the source upon request.
The thread started with a request by an owner of the DVD player, to Liteon, for the source. The request was refused. If that's not a clear violation, I don't know what is.
Also, as Bruce Perens pointed out in another comment, the GPL requires that you offer to provide the source code to anyone, not just people who own the DVD player.
Human/Ranger/Zangband
It is not a violation to include proprietary kernel modules, nor to have proprietary code in user space. From what I can see, that is where it's highly likely the vendor code lives.
Does anyone have any evidence to the contrary?
As far as a contract goes, I'm still convinced that it's null and void because there's no consideration involved.
And you'd be wrong. Time to go back to law school. See Contracts - Cases and Comment sizth edition, by Dawson et al. page 370.
"Consideration confers a benefit on the promisor or causes a detriment to the promisee...." In this case, the promisee is the redistributor of the GPL'd work, who is required to perfrom an act that he has no legal duty to perform - provide access to the source code along with the binary. There is consideration, therefore the GPL stands as a valid contract on that point.
People don't seem to realize that there are two sides to this equation. The GPL is commercially very useful, because it provides the copyright holder with a means to restrain his competition and potential customers. With the BSD license, a competitor or potential customer can run away with your product, with no obligation to fulfill any sort of quid-pro-quo. With the GPL, the competition and customers either have to follow the rules and release the derivative works that they distribute with your code, or they have to come to you to buy a commercial license that lets them out of the GPL obligations.
Thus, I often wonder if most people who find BSD licensing more acceptable just don't release much free software of their own.
But then, I have gotten a number of emails of the form so-and-so stole my code in their product, but I guess it's my own damn fault because I used BSD licensing. Some people don't seem to think this through until it's too late.
Bruce
Bruce Perens.
A EULA claims to restrict your right to use software that you own. It's based on the nonsensical idea that by default you have no right to use software that you own - since this claim is not true, EULAs are bunk.
The GPL enhances your right to copy and make derivative works of software. It's based on the observation that, under copyright law, by default you have no right to make such copies or derivative works: "You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License."
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
And of late there has been an effort among the kernel developers to hide some kernel symbols from proprietary drivers. There's a macro you can use to control what symbols are exported, and what they are exported to.
Modules don't directly make system calls, so what Linus says about them is probably moot. I can not conclusively tell you today that proprietary run-time loadable device drivers for Linux are legal. I've studied the problem a lot, looked at the relevant cases, and talked with lots of lawyers about it. And the result is that I can find no legislation, no case law, and nothing in the license that would make them legal. Thus, I tell my customers not to engage in making them.
Bruce
Bruce Perens.
You obviously have a very badly screwed moral system, if you believe that in any context (including business) stealing and cheating can be moral.
The GPL offers another option to business as a source of software. As such it is pro-business and pro-humanity.
Contribute to civilization: ari.aynrand.org/donate
In this case the kernel would be GPL, but stock. You can get it anywhere. Your drivers would be non-GPL. They're your own business. Aren't they?
There are two questions here. First, "Do you have to distribute the kernel sources?" and second, "Are your drivers GPL."
The answer to the first is yes. According to the GPL, you *must* either ship source with the device or provide a written offer, valid for at least three years, to provide the source to anyone who asks for it. IMO, it would probably be easiest just to include a CD with the sources in the box.
The answer to the second is maybe, and this is one of those "maybes" where you need an attorney's advice (IANAL). Here's my understanding of the issues:
In general, I think the GPL would view a stock kernel plus your drivers (assuming they're kernel modules), distributed embedded in a device, as a derivative work, not a mere aggregation, and your drivers would have to be GPLd or you'd be infringing on the Linux copyrights.
However, Linus has long maintained that binary-only kernel modules are not infringing as long as they were originally written for some other platform and merely ported to Linux, as opposed to being written explicitly for Linux. If you're going to be writing Linux drivers from scratch for this project, they will likely have to be released as GPL.
However, even if you're just porting your existing drivers, it's not really clear that Linus Torvalds' opinion on this matter is even relevant. If *all* of the kernel copyright holders agree with him, then you're probably safe, but there's a good chance that a contributor who disagrees can come after you anyway, particularly if your code touches his.
All of this is much less problematic if your code is application code, not kernel code, because the Linux COPYING file explicitly modifies the terms of the GPL to exclude programs that use normal system calls. So if you're just writing Linux apps, not modifying the kernel or writing kernel modules, you're cool.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Bruce
Bruce Perens.
Nvidia only gets away with this because they don't ship the Linux kernel. The end user combines nvidia's drivers with the kernel, creating an "incompatible" combination that can be used by the end user but may not be further redistributed.
Most embedded device manufacturers are going to be distributing the kernel with their modules. Since the modules link to the kernel as shipped, the modules must be GPL'd.
The BSD license asks for credit in the form of maintaining the copyright notice and credits. The GPL asks for other people's work to be GPL'd. It seems to me that both ask for something in return... The BSD license is like Public Domain, except you get credit for your work.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I'd recommend mencoder if you don't mind the command line. A quick mencoder -ovc [insert codec here] -oac [insert audio codec here] -o somename.avi dvd://[number] and you're set. My current setup supports a straight copy, XViD, QuickTime, and several others which I'm not sure what they are...
You are incorrect.
This is an exception to the GPL that the Linux Kernel contains in its copyright clause.
You are incorrect. The Linux kernel COPYING file is the standard text of the GPL, with 2 provisos before the preamble (would that be a prepreamble then?), namely to explitely state that syscall interface is fair-use / a GPL boundary:
And secondly to state that the version of the GPL which applies to the kernel is v2 unless otherwise explicitely stated:
So you're quite misinformed.
OTOH, Linus has said he does not consider loading of binary modules into the linux kernel to be a licence violation, however, TTBOMK, he said nothing about the distribution of binary modules with the kernel. Further, not all the kernel copyright holders agree with Linus, eg IIRC Alan Cox appears not to hold the view and his comments on the issue tend to be along the lines of "Go ask your lawyer".
I use Friend/Foe + mod-point modifiers as a karma/reputation system.
I purchased this DVD player late last summer and discovered the Linux kernel present on the upgrade BIOS disc.
This is the response I got from them:
----
From: DCTW_Service@liteonit.com
Subject: Re: Request for GPL Code
Dear Sir,
Sorry at the present, we don't provide the source code.
Thanks for your understanding.
Best Regards!
----
Of course, my understanding isn't important. The copyright owner's understanding is what matters.
I decided to e-mail the folks at the FSF for a follow up. I assumed that was the place to go, though I admit even today, that I'm not exactly sure sometimes.
Here was the response from them:
----
From: license-violation@fsf.org Subject: [gnu.org #114549] Linux GPL Code Violation - LiteOn Phomaster LVD-2001
For some reason, your mail never reached my inbox (indeed, the web interface to our RequestTracker seems to be having a bit of a hard time with it too). So, sorry for the late response.
We've already seen a few violations which look to be the same product as this under different packaging. We will add LiteOn to the list of people to write to about this. Thanks for the report.
--
-Dave "Novalis" Turner
GPL Compliance Engineer
Free Software Foundation
----
The whole process was really quite daunting from my perspective. It is my understanding that the Linux Kernel is not a GNU product (though much of the software in a typical linux distrubtion is). Being a linux/GPL/FSF/GNU newbie, it took me quite a bit of time to hunt down a place to submit my complaint. Does anybody know of a database of copyright owners who use the GPL, and more importantly a convenient location for notifying said individuals when a breach is found or suspected? Even the FSF site didn't have a spot that was blaringly obvious to someone who had never visited the site before for reporting GPL violations of their software.
I will say, its nice to see some attention being payed to this with regard to my DVD player. Not to advertise for the theifs, but its a great player...the new BIOS even allows one to play ogg encoded files written to a DVD or CF card. I'm interested, obviously, in getting my hands on the code and potentially flashing the BIOS with my own handy-work...maybe see if I can get the thing to take a hard drive or wireless network adapter in its PC card slot.
"God is dead!" - Nietzsche
"Nietzsche is dead!" - God
It depends on whether the distribution is commercial or not. If it's a noncommercial distribution, you can tell people to get the source from wherever you got it from (kernel.org) under 3(c). But you can only choose 3(c) if it's noncommercial, so an embedded hardware company would need to follow 3(a) or (b), either giving the source with the binary or giving a written offer, valid for 3 years, to get the source under the GPL for a nominal charge.
Litigious bastards
It is very harmful for you to pretend to be someone who would know about these issues, and then spread misinformation about them, when in fact you are not who you claim to be.
Litigious bastards
Who the hell is modding this obvious troll up?
Have you noticed that not only is he not Bruce Perens, having a "." in front of his name and a much high ID but more to the point has no idea what he's talking about and just makes stuff up at random? Dud you READ the crap in the post you moderated?
Sigma cannot satisfy Section 3 of the GPL by simply providing the source on the internet. They must be prepared to provide it by mail as well, if requested by someone who received the binary. See: GPL FAQ.
Like Digital Freedoms? Then donate to EFF before they're gone.
As long as there are people willing to give their work away for free, there's no market for competition to that work. In markets where the free stuff doesn't exist there are opportunities to sell proprietary software.
At least that used to be true before the GPL. With the BSD license, that would still be true. But now the popularity of the GPL license makes it difficult to even do that.
Anyway, this post is brief because you called me a troll and I find it unproductive to carry on arguing with people who capriciously apply labels like that. My other post was already modded -1 troll (unfairly IMHO). If you want to "attack people, not ideas" then carry on, but I will decline to participate.
-a
- is available here, http://www.duke.edu/~java32/bravo/bravohacking.htm l.
Having worked in the Embedded Linux field for quite some time now, I have some perspective. It's not 100% gospel as I don't have anything but an add-on driver set for an obsolete SBC from Versalogic to my name as for kernel stuff. It is MY understanding (and the general understanding of the embedded world using Linux the "right" way...) that binary kernel modules are "okay"- there's no written exemption included with the rest of the licensing for it, but there's numerous references that can be found on the Internet that Linus and others didn't plan on pursuing that situation and that they were not going to worry about breaking binary compatibility with modules at any version release. Static linkage is purely a violation of the GPL if you do not provide the sources back to the world at large- it's linkage pure and simple and under the terms of the license grant, you have to provide source or stop distribution altogether.
It's a big grey area, but if you're using modules, it's a lot better and you're likely to not garner complaints like this if you do.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
If it was past the 3-year timeframe specified in the GPL and you hadn't been distributing the program since you lost the source, you'd've presented the text of the GPL with the relevant paragraph highlighted, and the judge would've dismissed their case or found for you.
Within the 3-year limit, it'd depend. If you'd distributed the program with source and merely made the source available on it's own, again they'd lose because the 3-year-limit paragraph wouldn't apply. If you weren't including the source with the program and it wasn't available anywhere else, well, technically you'd be in trouble for failing to live up to your end of the GPL but practically it'd depend on what happened. In general you wouldn't be held liable for events beyond your reasonable control. Still, backups are a very good idea.
We make a big deal of companies failing to live up to the terms of the GPL, but the author has responsibilities under the terms of the GPL too and we'd better live up to them just as much as we expect everyone else to.
Anyone remember when Sigma released an MPEG4 encoder that was 90% of XVID's code? It took a month to straighten out and ended with Sigma GPL'ing their encoder.
Come on mods, how many of you are gonna keep modding this .Bruce Perens up?
Am I allowed to do this?
No
where does the ownership lies? the original owner?
They own the portions they wrote, you own your modifications. The version that includes both is jointly owned. They can't relicense it without your approval and you can't relicense it without theirs.
Companies that do the dual-licensing thing take great care to make sure that they have clear ownership of all of the code. They do this either by not accepting patches or by only accepting patches whose authors sign over copyright.
IANAL so maybe one could enlighten me on where does the copyright ownership lies regarding derivative work?
IANAL either, but my understanding is what I've told you. If a hypothetical company wants to buy a non-GPL license from you, they also have to negotiate the rights from every other contributor.
In the case of projects with many, many contributors (like Linux), this means that, in practice, negotiating a non-GPL license isn't feasible. In some single-owner cases it's also not feasible, when the owner just doesn't want to license. For example, the copyrights that have been assigned to the FSF should never be licensed under any other terms than the GPL.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.