Slashdot Mirror

← Back to Stories (view on slashdot.org)

GPL Violations On Windows Go Unnoticed?

Posted by kdawson on from the not-in-my-back-yard dept.

Scott_F writes "I recently reviewed several commercial, closed-source slideshow authoring packages for Windows and came across an alarming trend. Several of the packages I installed included GPL and LGPL software without any mention of the GPL, much less source code. For example, DVD Photo Slideshow (www.dvd-photo-slideshow.com) included mkisofs, cdrdao, dvdauthor, spumux, id3lib, lame, mpeg2enc, and mplex (all of which are GPL or LGPL). The company tried to hide this by wrapping them all in DLLs. There are other violations in other packages as well. Based on my testing of other software, it seems that use of GPL software in commercial Windows applications is on the rise. My question is how much are GPL violations in the Windows world being pursued? Does the FSF or EFF follow up on these if the platform is not GPL? How aware is the community of this trend?" This new method of detecting GPL violations could help here.

11 of 445 comments (clear)

  1. Well.. by WhatAmIDoingHere · · Score: 5, Insightful

    Did you try to contact the company? If not, that would be the first step.

    --
    Not a Twitter sockpuppet... but I wish I was.
    1. Re:Well.. by HappySmileMan · · Score: 5, Informative

      I sent an email yesterday telling them that they were in violation of the GPL and that the story reached slashdot, didn't say much else and don't know much, but decided to inform them before they get a bunch of "OMG j00 r copyright n00b" emails.

    2. Re:Well.. by Anonymous Coward · · Score: 5, Insightful

      Yes, GPL software does not need to be accompanied by the source, but it does need to be accompanied by an offer to give you the source. The original article suggests that there was no such offer.

  2. new method of detecting GPL violations by chalkyj · · Score: 5, Informative

    Should be linking to http://developers.slashdot.org/article.pl?sid=07/0 8/25/1648253 I guess.

  3. Probably common by Jugalator · · Score: 5, Informative

    I hate being a pessimist, but packaging OSS in binaries without mentioning it is probably being incredibly common.

    --
    Beware: In C++, your friends can see your privates!
  4. Be sure to report it. by kebes · · Score: 5, Informative

    At a minimum, document everything and send a report to the GPL-violations homepage (in particular, refer to contact info). That website tracks GPL violations and is in contact with the FSF. They will probably pass the information along to those whose copyright is being infringed, so that they can take direct action.

    The normal course of action is that the authors of the GPL code will send friendly "please comply with the license" messages. Usually the infringing party will comply with the GPL before threat of lawsuits are mentioned.

    It's definitely unfortunate that consistent policing of proprietary vendors is necessary (they, of all people, should know better!)... but ultimately I think most projects can be made to comply with the GPL without too much trouble, once they are uncovered.

    So, in short, document your findings and notify the appropriate people!

    1. Re:Be sure to report it. by Vulva+R.+Thompson,+P · · Score: 5, Informative

      This snippet from the FAQ is probably worth posting for others that run into this issue (before posting on Digg or Slashdot). Note the last paragraph, emphasis mine:

      "How can I help gpl-violations.org ?

      Firstly by not reacting to a technical GPL violation in an extreme fashion. Secondly by checking the violation is indeed a violation.

      Join the mailing lists, discuss issues there first. Be polite but firm when dealing with companies and remember that the goal is to ensure a company stops violating the GPL and does not violate it again, rather than to leave a smoking crater at the location of their HQ... at least not on the first offence.

      Keep records of conversations with companies. Co-ordinate with others. A company faced with eight different stories will find it hard to deal with. A company faced with a single accurate information source can respond better.

      Beware the "public shaming" bomb. It's easy to let off, but very hard to defuse if you made a mistake or the issue turned out to be minor and is rapidly resolved. In addition companies may become very defensive in such cases and decide to "tough it out". We want to build bridges and giving a company no way to avoid losing face hinders that, especially in certain cultures."

  5. FSF pursues all violations by Brett+Smith · · Score: 5, Informative

    The FSF investigates and pursues GPL violations on its software on all platforms. I've handled violations on Windows, MacOS X, GNU/Linux, and embedded devices. We provide complete instructions for reporting violations on our web site; if you're finding any kind of violation on FSF-copyrighted software, please don't hesitate to contact us.

    -- Brett Smith, FSF Licensing Compliance Engineer

  6. fsf is a fair weather friend by Speare · · Score: 5, Informative

    The FSF will only work to enforce the GPL if the GPL code in question is signed over to the FSF. While I can understand that legal logic, I have a hard time with the concept of creating something, keeping a copyright in force, and then signing the copyright away for no benefit to myself. The only benefit would be that the FSF would then fight when someone uses it in an "unauthorized" manner. If I'm not going to hold my own copyright, why not just specifically disavow copyright and let it enrich everybody via the public domain?

    This is the root of my problem with GNU in general: why show everybody how you achieved and developed a certain technological capability, without letting people actually use that method? If you only want certain people to be able to use that method, then only show those certain people how it's done. I think it's just a bit petty to show the code but not authorize its use. The "unauthorized" user can't steal it because you will always have it. The "unauthorized" user can extend it and keep those extensions hidden, but I fail to see how that really hurts me: I can extend my copy too. If I give an ice cream cone to my brother, I can't dictate to him how he eats it.

    --
    [ .sig file not found ]
  7. Re:welcome! by Maximum+Prophet · · Score: 5, Funny

    Is it a new rule on /. that EVERY article has to include a comment featuring the tired, stale "overlords" joke?
    Yes. What slashdot should do is have a link to the auto-joke creation page, where it takes the subject and automatically creates the Overlord, Beowolf, and in Soviet Russia jokes. Once those are taken care of by an AI, people won't feel the need to repeat them.

    I for one welcome our Auto-Joke Creation Overlords, but imagine a Beowolf cluster of them. In Soviet Russia, the auto-joke creates you!!!
    --
    All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
  8. Addressing a few comments... by Scott_F · · Score: 5, Informative

    Just to address a few comments so far:

    - Selling GPL and LGPL software is fine ("nominal fee" clause). The issue is that some of the packages that they are using are GPL'd and the company is LINKING against them. When you link to a GPL package when compiling your software, even if it is a DLL (same address space, symbols resolved in memory), the work becomes one as a whole and the whole package must be GPL. If the package is not GPL'd, it is a violation, even if you provide a license file (which they don't). When you link to a LGPL package, you do NOT need to LGPL your software BUT you need to provide a copy of the LGPL, a way for them to download the source to the LGPL package, and the object files used to link the software as a whole (this last one is heavily overlooked).

    - It doesn't matter how popular a software package is. They are still violating the terms of the GPL and LGPL at $60 per sale. "But the code is free!" ... no. Someone else wrote it and copyrighted it. If you want to sell software, you had better properly license or write everything yourself or you're cheating people out of their time.

    - I did not contact the company because I am not a copyright holder in any of the packages whose licenses are being ignored. I contacted all of the projects to let them know of the violations. I have also contacted the FSF for ANOTHER software package (Wondershare DVD Slideshow Builder) who is using vcdimager in addition to most of the above named packages (ffmpeg, dvdauthor, mplex, spumux, mencoder). There are still a few others who I've found just in this category of software who are using GPL/LGPL software.

    - The spirit of the GPL isn't just to let code proliferate (not that I am a spokesman for the GPL.. I don't know how it wants to be remembered... :-P). It is to let code freely proliferate (free as in speech, not beer). Any time a copyright issue comes up, it will always be a legal one because that is the nature of the beast. Copyrights exist due to laws. You can also argue that the company is bottling up the spirit of the GPL and selling it. (OK, that last one was rediculous).

    This company and a couple others I'd seen make no mention of the GPL, LGPL, or any other licensing terms and provide no means to download the source code for the LGPL packages.

    The reason this came up is because almost every package I installed seemed to contain these exact packages. The companies are profiting from GPL / LGPL software without respecting the licenses.

    -Scott