Slashdot Mirror

← Back to Stories (view on slashdot.org)

SWSoft Out of Compliance With the GPL

Posted by kdawson on from the just-the-code-man dept.

MBCook writes "According to the Official Wine Wiki, SWSoft's Parallels 3.0 contains LGPL code. It seems that the new 3D acceleration features of Parallels 3.0 are based on Wine code (SWSoft isn't hiding this), but despite repeated requests they have not yet released their changes for the Wine developers. It has now been 22 days since SWSoft was first contacted on this issue; at the time they promised the code within 1-2 days. They have been contacted numerous time and currently say that they are waiting on 'legal department approval.'" Update: 07/03 00:06 GMT by KD : Reader something_wicked_thi notes that Parallels released the source code the next day.

14 of 419 comments (clear)

  1. Bullshit... by Eric+Damron · · Score: 4, Informative

    Mod Parent down

    The poster is a troll

    --
    The race isn't always to the swift... but that's the way to bet!
  2. legal approval? by timmarhy · · Score: 4, Insightful
    haha, what the fuck are they waiting for legal approval for? is legal going to tell them it's ok to violate someone elses copyright?

    This is why i hate software firms, stealing of gpl'd code is rife in the industry, yet software firms (i'm looking at you microsoft) are constantly pointing the finger at OSS as if THEY are the ones guilty of theift.

    the reality of the situation is that OSS is far more concious of copyright and patent issues then anyone else, and do far more then anyone to audit code for violations yet somehow have been slapped with this label of code stealers.

    --
    If you mod me down, I will become more powerful than you can imagine....
    1. Re:legal approval? by Antique+Geekmeister · · Score: 4, Interesting

      We can expect the lawyers of any company challenged this way to delay, delay, delay until the challenge actually costs them money, for example by scaring off investors or landing them in court. Publication of the modified source code can open up their trade secrets or optimizations, or even disabled feature sets enabled only for more expensive releases, to activation by hackers and competitors.

      I've seen at least one company do their damnedest to ignore the GPL and "forget" to notify their customers of GPL based code or modifications, or provide source, as a "trade secret". It led to a very serious argument between my supervisor and the company president, who liked us having some secret tools we could use to push our products. I wanted the GPL-based fixes to go into the next software release so we wouldn't have to keep patching things and they would just work from then on.

  3. This is craziness, calm down people... by alexhmit01 · · Score: 4, Informative

    First off, their are statutory damages, but generally only for registered copyrights. Also, it's not clear what "damages" the copyright owner, we don't know who, has suffered. Your relief is based upon damages, and maybe a punitive component, not I don't like you.

    The FSF requires copyright assigned because then there is a clear owner and clear damages, because the FSF with the GNU manifesto and other things has its defined benefit from GPL'd code. Makes it more likely you can gain relief... if they sue and ask for damages plus injunctive relief, there is a clear plaintiff, not "a bunch of hackers," that has standing.

    22 days is no a long time. Generally, if you are dealing in legal action, 30 days is standard. Sure, obnoxious lawyers demand things with 10 days to correct, but generally, 30 is normal.

    It appears to be a major screw-up, they released code based upon LGPL'd code. Legal needs to figure out what they did, what they are at risk for, and what they should do. They need to make certain that they can legally release code, and if that is sufficient.

    The copyright holders should hold their feet to the fire, but public shaming and getting half stories out seems a bit premature at this stage of the game. What damages can the Wine project have had from not having access to derivative versions of their software from this company in 22 days? Lots of things can crop of and cause things to take a few weeks. Everyone chill, and don't prejudge until we see a resolution.

    Everyone is "free to sue," but each wine copyright holder may or not have standing, and may or may not have sufficient damages to due and/or be granted injunctive relief. If you ask the court to stop them from distributing your software because they are doing so without a license, it's harder to claim that if various copyright holders have 10-15 lines of code.

    There is no "class" here for a class action lawsuit.

  4. Be patient by Rix · · Score: 5, Insightful

    22 days isn't very long, and it sounds like they're not entirely sure where they stand. Let them get proper legal advice, and then plan out what they'll release. The alternative is that they'll clamp down, pull the feature, and release nothing.

    1. Re:Be patient by kripkenstein · · Score: 5, Insightful

      Be patient
      Excellent advice in general, and in this case specifically. As the Wine project's wiki page says,

      This page is meant for keeping track of this, without starting legal action or a publicity campaign yet.
      ...but someone decided to post it to Slashdot, and the editors published it (effectively starting a 'publicity campaign' of sorts). That was really unnecessary. Sure, SWSoft said they would reply in 'days' and it has been weeks, but weeks is still very little time. I agree with the Wine people on that.

      As for why they are waiting for 'confirmation from their legal department' or such, who knows, perhaps the lawyers just need to sign off on it and one of them is on vacation. Or perhaps the code contains snippets from other code sources and they need to ascertain some issues first. It does make sense to be careful before publishing source code - although, true, they should have been careful *before* distributing the binaries.
  5. Contant the CEO by SolitaryMan · · Score: 5, Informative

    Write to the CEO (Sergey Beloussov) directly: sb@swsoft.com He is pretty responsive actually.

    As a former employee, I should say that part of the problem is developers, that choose libraries for the project without looking into the license. I didn't work on Parallels project, so I don't know how exactly it is there, but in our project I several time had to tell people that they can't use some library, because it is GPL and they were like "Hmm, never thought of looking at it from this perspective". Most of them just used to take and use whatever is available

    --
    May Peace Prevail On Earth
  6. Not the GPL, Wine uses LGPL... by Swift+Kick · · Score: 4, Informative

    The headline is *wrong*.

    Wine uses LGPL 2.1, not the latest GPL or even the latest version of the LGPL.

    WineHQ states that "The licensing terms are the GNU Lesser General Public License" on their main page, which links to the Licensing page where they have the text for the LGPL v2.1 (http://www.winehq.org/site/license).

    I read their copy of the LGPL 2.1, and other than requesting that copies of the library and its source be distributed with the project that uses it, I don't see where it says that the source for the entire project making use of the library has to be released as well, unless it can be demonstrated that significant changes have been made to the library to use it in the project or that the project relies completely on it to make it unusable if removed.

    Now, correct me if I am wrong, but I don't think anyone has actually seen any of the Parallels sourcecode, so no one can actually say how much or even if Parallels has modified Wine to use it in their software.

    While they admit they use Wine DLLs in a forum post (http://forum.parallels.com/showthread.php?t=12648 ), the statement is somewhat confusing, since it can be intepreted that they're using only Wine DLLs or that they actually changed some of Wine code to suit them. Are we going after Parallels simply because of a forum post and a timeline on a wiki?

    Does Parallels really have to release their source code if no one can conclusively know if or how they have modified Wine source?

    --
    "We'll need 2000 crickets, 4 cans of Easy Cheese, and the fluid from 18 glowsticks for this plan to work...." - ph0n1c
    1. Re:Not the GPL, Wine uses LGPL... by xoboots · · Score: 4, Informative

      Hi.

      I'm no expert but I do work on projects that use LGPL. From my experiences, I have the following answer for you based on the following reasoning:

      1) LGPL is by far the most permissive of the FSF licenses.
      2) The point of the LGPL is to allow developers to separately license independent code that they write/use from the LGPL code that they may want to include. In contrast to the GPL, independently developed parts of a delivered product can be licensed separately from the LGPL'd code (ie: the LGPL does not have the so-called "viral" nature of the GPL)
      3) LGPL does have specific requirements. For example, LGPL'd code that is modified must be redistributed in source form. Not surprisingly, unmodified LGPL code must also be redistributed.
      4) Interestingly and importantly, a product that includes LGPL'd code must be built in such a way that it is *possible* for end-users to swap-out and otherwise replace the distributed LGPL'd portions of the codebase with complementary versions of their choosing. Eg: if parallels ships a particular wine dll, then as a user, I should be able to replace that dll with a comparable one of my choosing. If that can only be accomplished by applying patches to standard versions of the LGPL'd codebase (ie: if the distributed product modified the LGPL code) then the necessary changes for the LGPL portions must be made available. In short, modified LGPL'd source code must be redistributed. Of course, non LGPL'd source code need only be redistributed based on the license it was granted under.

      The way I see it, point 4 is the crux of the issue. So, if it is true that I can't use parallels without being able to swap in my own version of the wine code that parallels uses just because parallels has made material changes to the wine code that are necessary but which they haven't made public, then the LGPL is being violated. As an LGPL developer, I don't care if you use my code in your project. The only meaningful stipulation is that if you modified my LGPL'd software in such a way that your other code is dependent on those changes, you must make those changes available to everyone you distribute your code to. Failing to do so means that you have effectively usurped the share-alike basis of the LGPL by instilling yourself as the only entity capable of incorporating the LGPL code into your software. IMHO, this is the main difference between LGPL and BSD code -- both are "non-viral" but the LGPL insists on share-alike and (perhaps more meaningfully) restricts products that would attempt to limit how users incorporate LGPL'd portions of the codebase.

      Before I close I want to address why this should be important. Let's say that software company X produces product Y using LGPL'd software Z. Say I have a license for Y but that X has gone out of business. In the intervening time, Z has undergone some important updates (perhaps security related). If as a user I can't update my legally acquired Y unless the defunct X does so, then I am out-of-luck. The LGPL is meant to protect users so that they don't fall prey to the whims of their vendors for portions of their software that should be (would be) otherwise openly available to them.

  7. For a lawyers opinion by Actually,+I+do+RTFA · · Score: 5, Insightful

    It is LGPL'd not GPL'd code. The license expressly states that the reason for the LGPL is to allow proprietary software to use the library in some ways. Maybe they are sitting down with their lawyers to ensure compliance absent releasing the source. Maybe they have several contributors and need to sort out the rights so they don't get sued. Heck, maybe they are seeking clairity on this point from the license:

    When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.

    Point is, lawyers are slow, and companies often use them to prevent negative, unforseen consequences. Give them more time before crucifying/boycotting/etc. instinctively.

    --
    Your ad here. Ask me how!
    1. Re:For a lawyers opinion by SanityInAnarchy · · Score: 4, Insightful

      The license expressly states that the reason for the LGPL is to allow proprietary software to use the library in some ways.

      But if I understand this, they have modified the library itself, and not released their changes. The LGPL lets you link with a library, including using the library's official header files, without your program being considered a derivative work of the library -- your own code does not have to be LGPL'd.

      However, the library itself is still LGPL'd, and anything you do with it must still have source code released.

      Point is, lawyers are slow, and companies often use them to prevent negative, unforseen consequences. Give them more time before crucifying/boycotting/etc. instinctively.

      I'm sorry, the time lawyers have to work this out is before the software is released. They are now in violation.

      Let's say I start beating the shit out of you, and you tell me to stop. Should I stop, or should I call my lawyer and wait a week for him to tell me it's OK to stop (during which time I'm still kicking you)? The correct answer is I should stop, and for that matter, I should never have started. My lawyer should have told me not to kick you in the first place.

      --
      Don't thank God, thank a doctor!
  8. Re:The GPL: Intellectual Theft by Antique+Geekmeister · · Score: 4, Interesting

    [ Technical note: You don't normally defrag ext2 or ext3: neither need it. ]

    I've seen very similar complaints from folks who never understood or had the GPL carefully explained to them. Yes, if you build on top of someone else's code base (such as a Linux kernel, which is under GPL) and send that modified tool to your customers, then you have to send along your modifications to your customers. This is how Linux the kernel, and the GNU softwaer on which so much of Linux the operating system, became so powerful and effective.

    If you're going to compete in that world, and reap the benefits of the software, you'll have to have some real addition to sell on top of it. This may be continuing technical innovation in your product line: this may be unique support for its use: it may be customization services for your customers. But yeah, you can't change 2 lines of code to break compatibility with anyone else's products and pretend it's the same product, then keep it secret. (That's basically what Microsoft did with Kerberos in Active Directory: it's been worked around in MIT's source code.) Nor can you reap 1000 man-weeks of development time, add 2 weeks for a cute new feature, and deny the others who provided that 1000 man-weeks the opportunity to test or include that feature.

    If your source code is so precious that only you can be allowed to see or use it, then you are massively vulnerable to software theft. And frankly, that kind of secrecy makes your code untrustworthy: what precisely are you scared of people seeing? That you've hacked your libraries to work around a hardware bug that should never have been there? Or that your security model is a sad, sad joke? Or that your much vaunted "new feature" is something that has been in place for 4 years, but was never published? (Yes, I've seen all of these happen.)

  9. Re:You are a liar by Sparks23 · · Score: 4, Informative

    True, but the issue here is not GPL'd code, but LGPL'd (Limited GPL, or Library GPL) code. GPL means all your code must be open/released, or you cannot use the GPL'd code in your project; that's the situation you describe above. LGPL'd code can be linked in proprietary projects where the source is not available, but any *changes* you make to the LGPL'd code must be released/contributed back. The LGPL was originally created for libraries that should be usable in proprietary software, but which you don't want closed/proprietary forks of, but it's been used for other things as well.

    In this case, it sounds as though SWSoft has taken LGPL'd code, modified it to do more stuff in some way and then used that for the 3d accleration support in Parallels 3.0... that's all fine, and Parallels itself doesn't need the source opened. But they have not contributed those changes to the actual LGPL code -- their own modifications, bugfixes, etc. -- back to Wine, and that is *not* okay under the license. So Wine wants the code contributed back, and SWSoft is stalling, which is the problem.

    --
    --Rachel
  10. Re:The GPL: Intellectual Theft by paranoidgeek · · Score: 4, Interesting

    Has any of the /. staff thought writing an addition/plugin/module/whatever to slash that identifies these troll posts and stop them from being posted ? Most of these have been around for ages, and posted many times (although i couldn't find that many from /., mainly because [AFAIK] google will not index threads that are hidden).

    Shouldn't be that hard, define some way of calculating the distance between texts, allow users to flag posts as repeat troll, when enough similar flagged posts are found add it to the list, and finally check new posts against the list at post time.

    But OTOH, this is probably a little overkill for something that is already dealt with rather well by the existing modding system.

    --
    Lima India November Uniform X-ray