Kororaa Accused of Violating GPL

AlanS2002 writes "The Kororaa Project, a pre-configured binary install method for Gentoo Linux which bundles nVidia's and ATI binary drivers in its Kororaa Xgl Live CD , has put its Live CD on hold after being accused of violating the GPL. The issue appears to be the distribution of the Linux Kernel and nVidia's/ATI binary drivers together. When the binary drivers are built the GPL'ed code is included in the binary result, which is a violation."

GPL and the copyright laws

Is there any basis in the copyright law for the claim that bundling binary drivers in the same binary
as a GPL kernel is copyright violation, while having them as separate downloads is OK ?

This seems like a very naive interpretation of the "derived work". Are there any laws or precedents
that support it ?

Why not wait to see if this is an issue?

[khasim]

Before you go on about how evil the GPL is, why not wait until there is some clarification on the issue.

So far, an un-identified person sent an email to someone distributing a Live CD making certain claims.

As far as I can see, no one has said whether that person has any code of his/her own in that Linux distribution. Nor has anyone who would be able to say one way or the other been quoted.

Personally, I'd wait until Linus or ATI said that this was wrong before going off on how evil the GPL is.

Re:All the more reason...

[EmoryBrighton]

All the more reason... To avoid the GPL. I thought it was supposed to make things simpler, not have all of these caveats and 'gotchas'. I understand the next version of the GPL is supposed to eliminate these, but then there's the problem with dealing with multiple versions of the GPL.

It's sadly true... The GPL is far too restrictive. I do not believe the FSF will ever 'force' any of the major GPU makers to open source the software.

... but they could always switch to the FreeBSD kernel, they already have a Gentoo/FreeBSD project going on.

Don't confuse "Free".

[khasim]

If you can't tell if you're free or not, are you really free?

So, if I can't piss on the cheese at the local deli, I'm not really "Free", am I?

The GPL is about making the code Free so that anyone can use it and improve it ... PROVIDED that they share any changes they've made IF they distribute those changes.

There are other licenses that are more "Free", depending upon your point of view.

While I agree flying off the handle is probably not the best course of action at the moment, railing against the GPL for creating a situation like this where it really is quite difficult to see if there is a violation or not I would think is perfectly acceptable.

Maybe. But then, as soon as any restriction is placed upon any code, you create edge cases. That's nothing new. Which is why we have "expert" lawyers in the field of "intellectual property" law.

Because there are edge cases is no reason to claim that the GPL is evil.

Certainly not when this case rests on one un-identified individual sending one email to one distribution.

Re:There's more restricition in BSD

[mangu]

To be fair, though, that is "more restriction"

Well, that depends. Let's say you are in a country whose constitution states that "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures shall not be violated". If you are a police officer, you would say that's *more* restriction, if you are an average citizen, you would say that's *less* restriction.

If I were selling software, I would say the GPL licence is more restrictive than BSD, as a software user and developer, I think the GPL is less restrictive than BSD. After all, it's the BSD licence that restricts me from seeing the Nokia OS source code.

Re:One man's "useful" is another man's "treacherou

[DrJimbo]

Alef said:

What if I distribute the kernel with instructions on how to add add proprietary module? Would that be OK?

Fine. No problem.

What if I then distribute the kernel with a helper script that downloads the modules when the user runs it?

Also fine. This is what the distro's I've used do.

What if these modules would reside on the same CD as the kernel, and the script simply copies them from a specific directory instead of copying them from a server?

My understanding is that this would be a violation. Maybe you could squeak by if the module were distributed on a separate cd. I think a separate cd would be fine if the end user compiles the "shim" which combines the Linux code with the closed source bits.

What if I also include a helper script that automatically installs the modules when the user runs it?

This is certainly a violation.

And what if this script is a boot script?

Again, a certain violation.

But, oh wait, that sounds an awful lot like what kororaa does already...?

Yes. That's why there is a problem.

Where did I cross the line?

When you distributed the closed source module along with the GPL'ed kernel on the same medium along with a script to install the module.

Also, in most of the distros I've used, the end user has had to actually do the final compilation of the "shim" which combines the closed source and open source code. I think there would be a problem with distributing a binary "shim" without all of the source but I am not certain.

Re:Whaaa?

[mrsbrisby]

You are wrong. I'll only speak in regards to Nvidia, though I believe ATI is the same. There are two parts to the Nvidia driver. One is the actual binary driver and one si the kernel interface. Nvidia provides source for the interface and that is wht gets compiled. Nvidia also ditributes precompiled interfaces for serveral distro's kernels. If there is a GPL violation, then Nvidia has been violating copyright for a long time.

You do not know what you are talking about.

NVidia cannot produce a GPL violation because NVidia is not redistributing NVidia's software. They are the copyright older. If you give someone else NVidia's software then you are redistributing it.

GPL only applies to redistribution.

The interface you can treat as LGPL.

You're confused. GPL and LGPL are redistribution licenses. They are not usage licenses.

Linus explicitly said that some of the interfaces are stable and do not constitute aggregation. Of those interfaces, all of the syscall-exported interfaces and a few kernel-internal interfaces.

So the question is basically can someone link a closed source binary to a LGPL binary then link the LGPL binary to a GPL binary?

You can link anything you want. Usage cannot be restricted by licenses unless you sign them.

Linking anything to GPL-covered works is GPL (except with certain exceptions). Even if it's LGPL'd- if linked, anyone you distribute the linked binary to must have the right to redistribute it under the GPL (although the LGPL is more permissive). If you cannot guarantee that right, then you cannot distribute it to them.

Hence the reason NVidia doesn't distribute linked code, just "patches".

It's also the reason KORORAA cannot link and apply these "patches" and then redistribute the patched program. That's copyright violation.

This is a rare case where I doubt the FSF would even attempt to pursue as it could very easily lead to a court decision against the GPL.

You are not a lawyer. Or a judge for that matter.

KORORAA doesn't have the right to redistribute Linux. They can assume that right if they meet the FSF's requirements (as outlined the GNU GPL v2). If they do not or cannot meet those requirements, then they do not have any right to redistribute Linux.

Cold war era tactics.

[droopycom]

The FSF tactic is akin to the cold war era use of atomic weapon: disuasion.

In practice, the FSF is drawing the line. Its enough for the FSF to say they are going to file a lawsuit, and the offending company usually back down.

This is dangerous, they are playing with the "gray area". At some point one stupid company is going to go for a fight to define what the GPL really means, and then the supreme court will decide after 5 years of lawsuit (because I'm pretty sure they would not stop at a lower court)

It would be much better if they were using technical definitions of what you can do with software than philosophicals one.

I'm not a fucking lawyer, for god sake. How am I supposed to know what the GPL means by linking if its not in technical terms ?

A modest proposal...

Where do you draw the line between code and data? Other posters have already pointed out that the nvidia binary "driver" is loaded by a GPL'd stub. Under that model, the driver itself is just data. Once you make that conceptual leap, it begs the question: how do you define "source code" for data?

I'll make a brief aside here to remind you that any interpreted "program" is both code and data. To the interpreter, it's just data. The interpreter loads some text (just data), builds the parse tree (still data), and instantiates the various code objects it represents (STILL data). However, once you actually jump to an address and start executing that data, it becomes a program.

So now I'll repeat my previous rhetorical question: how do you define "source code" for data? Here's my modest proposal:

/* bscg -- binary source code generator
  * bscg is Copyright (C) 2006 by PUBLIC DOMAIN.
  * bscg is provided AS-IS and with NO WARRANTY.
  * There are no restrictions on use, modification, copying or distribution
  * of this program; you are permitted to change its license, provided that
  * you do not attempt to remove the ORIGINAL version from the public domain.
  */
#include <stdio.h>
#include <string.h>
unsigned char buf[1024];
int
main (int argc, char **argv)
{
  int i, got, count = 0;
  FILE *f = (argc < 2 || !strncmp (argv[1], "-", 2)) ?
    fdopen (0, "rb") : fopen (argv[1], "rb");
  if (f == NULL)
    {
      perror ("Unable to open file");
      return 1;
    }
  printf ("/* TODO: insert your copyright statement (e.g. GPLv2) */\n");
  printf ("#include <stdio.h>\n");
  printf ("static const char data[] = {");
  while (!feof (f) && (got = fread (buf, 1, sizeof (buf), f)) > 0)
    for (i = 0; i < got; ++i)
      {
        if (count++ % 8 == 0)
          putchar ('\n');
        printf (" '\\x%02x',", 0xff & buf[i]);
      }
  printf ("\n};\n");
  printf ("int\nmain (int argc, char** argv)\n{\n");
  printf (" fwrite (data, 1, sizeof(data), stdout);\n");
  printf (" return 0;\n");
  printf ("}\n\n");
  fclose (f);
  return 0;
}

Just compile this program and feed it the binary you need to "decompile". It will output a C program that you can ship as the "source code" for the binary. If you plan to ship your binary with GPL'd code, be sure to license the newly generated source code under the GPL or a compatable license. Oh yeah, and a word of warning: the source code will probably be significantly larger than the binary, even if you gzip it.