Dealing With a GPL Violation?

Sortova writes "For many years now I've been maintaining OpenNMS, a free and open source network management framework published under the GPL. A couple of years ago it came to our attention that a company called Cittio was using OpenNMS as part of their proprietary and commercial network management application. I talked with Jamie Lerner, the Cittio founder, and he assured me that Cittio was abiding by the GPL. However, we were recently contacted by a potential client who was also considering Cittio's Watchtower, and it appears that they are not disclosing that they are using GPL'd code or at least not in the clear and concise fashion required by the GPL, including the offer of source code for all of the code they are including and any changes being made to that code. Since the copyright for OpenNMS is held by a number of commercial companies, the Software Freedom Law Center is not able to help us defend or even investigate a potential violation. I was curious if anyone here on Slashdot had experienced anything similar or has any advice?"

You don't know they are in violation

[QuantumG]

For a start you claim:

When I brought up the fact that parts of Watchtower are based on OpenNMS, the client replied "I could not find one ounce of mention on their website to OpenNMS or any other Open Source code that is running on this product. That really irritates me." So what's all this then?

You also make the claim:

I should also mention that this client is in final negotiations with Cittio (they dropped their initial price considerably) so we're not talking a first contact cold call here - they are ready to close this deal without a single detail concerning their use of open source. Yes, and? They are not required to make any such disclosures. The GPL requires them to provide the source code or an offer to provide the source code when they distribute the software. As they haven't distributed any software yet, they are not required to provide any source code or offers to provide the source code.

FAIL.

Re:You don't know they are in violation

[LingNoi]

Not only that, they only have to provide the source code to the person they're redistributing to under the same license if they changed anything, that doesn't include you, because you're not their customer.

If there's something they've changed in your project then purchase a copy and put the changed code in your version, since any modified GPL code must be re-distributed as GPL code.

Re:You don't know they are in violation

[rsax]

From the linked site

"postgresql-8.0.2.tar.gz ... GNU General Public License (GPL)"

Wrong license. As mentioned on the PostgreSQL site page, the project uses the BSD license.

Re:You don't know they are in violation

[cbhacking]

Very true. A simple Google search for OpenNMS on cittio.com comes up with two pages (one linked in the parent). Each lists, with licenses, the open source projects they use. At the bottom of both pages they have "Contact us" info, one of them (not the one linked above) even has a mailto: link for questions about their open source components.

I'm a little surprised they don't provide links to the projects directly - either by project site or downloadable tarball - but it doesn't exactly look like they're hiding their use of OSS code. Technically just announcing that they use OSS (especially without linking to the projects, let alone any modifications they made) isn't enough for compliance, but the summary gave the impression that Cittio gave no indication that they use any OSS. This is patently false.

Re:You don't know they are in violation

Yes, and? They are not required to make any such disclosures. The GPL requires them to provide the source code or an offer to provide the source code when they distribute the software. As they haven't distributed any software yet, they are not required to provide any source code or offers to provide the source code.

question: who defines distribution?
answer: whoever has more money

Quoth the GPL:

You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. *disclaimer* i am not a gpl nut, in fact i'm hopinh this is the beginning of a trend that will kill the gpl. i plan to follow this story

Re:You don't know they are in violation

[LingNoi]

You're not their customer so they don't have to give you anything.

Only Cittio's customers (the ones receiving the product) could ask for the source code, because they're redistributing to them, not you. Cittio's customers could then re-distribute that GPL code however they wished.

Re:You don't know they are in violation

[LingNoi]

Do you seriously not know what distribution and re-distribution means? It has nothing to do with money.

Re:You don't know they are in violation

[Azh+Nazg]

question: who defines distribution?

answer: whoever has more money

-- Anonymous Coward

The GPLv3 is much, much more specific about that. Specifically:

c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it.

-- GPLv3, section 6

The GPLv3 also defines what 'distribution' is, by using the terms 'conveying' and 'propagating', instead, and then defining those (for some reason, redefining distribution is not kosher, legally speaking). Thus:

To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well.

To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying.

-- GPLv3, Section 0

Though I wonder why you are apparently anti-GPL, whatever your thoughts on it, I must insist that you at least discuss points relevant to the license itself. Thank you, however, for sharing your thoughts and opinions: if nothing else, you'll provide someone out there something good to think about.

Re:You don't know they are in violation

[QuantumG]

They don't have to provide this information on the website.. they have to provide it to their customers or whoever they actually distribute the software to.

the author states that there may be other files not being listed. He also states that he is not a customer and hasn't spoken to any customers.

Re:You don't know they are in violation

[tjstork]

The GPLv3 is much, much more specific about that. Specifically:

Yeah but what if the work is licensed GPL V2?

Re:You don't know they are in violation

[hedwards]

It looks like an honest oversight. It is an important distinction, but anybody that's going to use the code or binaries really ought to be looking at the license included in the distribution rather than what a third party says the license is.

Re:You don't know they are in violation

[cbhacking]

I'm aware of that. I'm just surprised that they bothered to list a bunch of OSS projects they use, but not link to them. I wouldn't expect a commercial entity to redistribute their modifications to non-customers, but I just found it curious. If nothing else, I'm surprised they don't link to the (descriptions of the) licenses themselves.

On a vaguely related note, if it turns out that this company is purely on the straight and level with regard to the GPL and other OSS licenses, I'd like to mention that I'm very pleased to see this kind of thing. The more exposure OSS gets, the better; some purists might complain about people who don't make their modifications open to literally everybody, but overall I believe commercial interest in (and, hopefully, support of) OSS projects is a good thing.

Re:You don't know they are in violation

[Azh+Nazg]

In that case, my comment is fairly meaningless; I suspect the GPLv2 has something about that, but I can't remember right now, and I don't really feel like doing the research at the moment. I'm about to head off to bed, so I hope that other, more insomniac Slashdotters can provide a more useful response.

Re:You don't know they are in violation

[gandhi_2]

Nice job sir!

FSF-style logical argument with a 4chan punchline!

You win many internets.

Re:You don't know they are in violation

[AccUser]

OK, so there is a page right there on their website that lists all the open source products that they use in their offering. How do I get to that page from their web-site? I googled, and whilst I can find that page, there doesn't seem to be a page that links to that page from in their web-site. I'm not saying that it is not there, it is just that I cannot find it, and I guess the OP couldn't either. The customer certainly didn't.

Re:You don't know they are in violation

[QuantumG]

Please read the entire thread before posting.

Re:You don't know they are in violation

[mysidia]

This is not entirely true.

For commercial distribution, the source has to either be included with every copy of the binary, OR the GPL requires a written offer which to any third party, including third parties who are not their customers.

If they chose option (b) for distribution of their source code, then they do have to give something to non-customers, in order to avoid violating the GPL.

That way their customers can re-distribute the binaries and pass along the offer to others.

See the GNU General Public license version 2 section 3.b: b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

Re:You don't know they are in violation

[Sortova]

I never claimed to be unaware of Cittio's use of OpenNMS. If you read my post my claim is that potential Cittio "clients", not me, are being kept in the dark about what open source software is being used as part of Watchtower. It is not up to the end user to suddenly find out that the code they are purchasing is based on open source work. The GPL clearly states "you must show them these terms so they know their rights." This is, apparently, not being done.

Re:You don't know they are in violation

[Knuckles]

The operative words in the paragraph you quoted are "accompany it [the binary]". Thus, AFAIK (and as the GP stated), they only need to give this offer to people to whom they give the binary. But you are right that this offer needs to extend to third parties (it just doesn't need to be shown to them).

Re:You don't know they are in violation

[Curien]

Potential customers don't have any rights under the GPL, so no notification is necessary. Only actual customers have rights under the GPL. Until you talk to an actual customer, you're wasting your time.

Re:You don't know they are in violation

[Sortova]

I disagree. According to the GPL "you must show them these terms so they know their rights." At what point? This client had already received at least two quotes from Cittio. If they choose this solution, the next step would be to issue a purchase order. Does Cittio then go "oh, before I invoice this, there's something you need to know". My argument would be that they need to make potential customers aware of their use of open source software before the purchase, not after it.

Re:You don't know they are in violation

[Ranger+Rick]

"So what's all this then?"

Well, that link says they're running OpenNMS 1.0.2, which, given the questions Cittio employees have asked on the OpenNMS mailing lists in the past, seems very unlikely (although technically possible). If they *are* using 1.0.2, they very likely *have* made modifications, 'cause that code has plenty of bugs that have been fixed in later OpenNMS releases. ;)

One thing that Tarus didn't really mention is that we (The OpenNMS Group) have had a few folks come to us wanting quotes to compare us to Cittio, and they've been rather surprised that Cittio is in fact already using OpenNMS under the covers. The problem is not with them using OpenNMS, OpenNMS is all about sticking not only to the letter but also the spirit of the GPL, and they can do whatever they want with it as long as they're complying with the distribution requirements of the license. The problem is whether Cittio *is* upholding their side of the GPL, and it's unclear whether they are -- and there are some signs that they might not be.

As for them not having to offer the source until they distribute the software, yes, that's true, but from what we've heard from existing Cittio customers, that is not being made clear to them. Not only that, but while the wording of the GPL may not make it obvious, the FAQ does:

The difference between this and "incorporating" the GPL-covered software is partly a matter of substance and partly form. The substantive part is this: if the two programs are combined so that they become effectively two parts of one program, then you can't treat them as two separate programs. So the GPL has to cover the whole thing.

If the two programs remain well separated, like the compiler and the kernel, or like an editor and a shell, then you can treat them as two separate programs--but you have to do it properly. The issue is simply one of form: how you describe what you are doing. Why do we care about this? Because we want to make sure the users clearly understand the free status of the GPL-covered software in the collection.

It seems likely that they've incorporated OpenNMS into their software at a lower-level than just screen-scraping it's output and stuffing it into their own UI. At that point, they should be prepared to provide the modified OpenNMS source to their customers. Not only that, but considering how tough companies are on open-source developers accidentally "tainting" open-source code with IP from their closed-source employers, it's more than a tad annoying that many closed-source companies taking advantage of open-source software are happy to use it, but ignore the spirit of sharing that is part of being in the community. "We won't say anything, but if you do ask us for the source, we'll fax it to you." ;)

Again, all this is unproven, and that's part of the reason Tarus posted, the question is -- what's the next step?

Re:You don't know they are in violation

[drv4doe]

At least someone gets the point. He's not asking for the code, he's citing that their code must be redistributed under the GPL and that their customers are probably aware of this. Certainly the can charge for the software they create, as they probably should after spending $20 million as they indicate on their website. However, they can't change the license from GPL to proprietary. Read the reference he provides.

There are comments on this discussion about sales folks selling software, not engineers. That is true and Cittio sales folks can and should articulate the value if the software provides the benefits they claim. They just can't change the license, is all. Which means they have to comply with the GPL and inform their customers and provide the source.

Re:You don't know they are in violation

[drv4doe]

He's not asking them to give him anything, he's asking them to comply with the GPL which states software that imbeds GPL code must also be released under the GPL. That is the essence of the GPL. The GPL was designed to fork. GPL software can be sold. It just can't be re-distributed under a different license.

Re:You don't know they are in violation

[drv4doe]

I had the same problem but using google foo I was able to find the page. The page is obviously outdated but that really isn't the point, I don't think. I think the point is that they're software isn't GPL even though the very foundation of what they distribute, is.

Re:You don't know they are in violation

[sumdumass]

Thats only true if they give the source code with the distribution of the program at the same time. If you use the "offer to get the source code", it is open and extended to anyone for some reason. Or least that is how the FSF interprets it. IF they distributed the offer to get the code, as states in section 3b of the GPLv2, they have to extent that to any third party.

Re:You don't know they are in violation

[sumdumass]

You have that wrong. Section three says you can satisfy your obligations to distribute the source code under the GPL when you distribute a binary version (object code or executable) of the covered works by doing one of three things.

A: would be to pack the binerary and source together and give them out at the same time.
B: would be making an offer extended to any third party for at least three years to get the source.
C: would be to forwards the offer given to you to get the code assuming you didn't change anything.

Options A and C would be the only ones meeting your description of not having to give anything to anyone not directly a customer. B would require that the offer be extended to any third part regardless of their status as a customer.

Now if they are distributing their open source products in source form to be compiled, then 3 doesn't come into play. So a lot of details have to be considered before an absolute statement like your can be made.

Re:You don't know they are in violation

[LingNoi]

Developer -> Company -> User -> Whoever [Third Party]

-> = Distribution/Re-Distribution

It doesn't mean it's a free for all on asking for the source from the company, it means whoever you give to code to it has to say GPL, even if you're a third party such as "whoever" above.

Re:You don't know they are in violation

[sumdumass]

If a company decided to go with option b under clause three to maintain their compliance with the GPL's requirement for distributing the source code, then that company would have to extend that offer "to any third party" as it states. That would mean "company distributing" ---> "anyone" who asks for it even if they weren't their customer.

Re:You don't know they are in violation

[celtic_hackr]

But, has anyone asked them for the GPL software?
After all the GPL software they use is identified very publicly on their website. There is even a main menu subitem linking to the exact filenames of the GPL software they use?
While I didn't see any way of downloading from them, it would be a simple matter to Google for the code they use.
True, they are obligated under the GPL to give the code to anyone who asks, but has anyone asked?
I don't see how the poster has any issue here. They very prominently acknowledge their use of GPL software.
There is nothing in the GPL to say you must tell any "potential" customer you use GPL software in your product.
The simple test to find out if they are in compliance is to ask for the software that is under GPL that they use, and they use a lot of it. If they refuse then they are non-compliant, if they give it to you, they are not. Pretty basic and black and white.
So, to the poster, you want to know what you can do? Have a friend or coworker ask for the code. You'll know soon enough if you have a case or not. This is something you should have done before smearing them here on /.

So now go ahead and mod me down, I don't care because the truth had to be told.

I'm actually surprised Bruce didn't say something similar, but then he's a busy person.

Re:You don't know they are in violation

[agbinfo]

I'm curious. Why would a potential customer need to know that the software they license contains GPL'd software before they license it? If it's a concern for them, they can ask. If it's not a concern for them, and if it has no impact on their bottom line, why should they know before?

Re:You don't know they are in violation

[Sortova]

SImply because it is part of the license. We wrote code under the GPL and it is a requirement.

Re:You don't know they are in violation

[Knuckles]

Yes, and we were talking about 3 b), which states

3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: [...]

b) Accompany it with a written offer , valid for at least three years, to give any third party , for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange [...]

That is, as I read it, if you give away the binary you need to add into the package a written offer for the source, an offer that is also valid to third parties. It does, again as I read it and IANAL, not say that the offer needs to be addressed to those same third parties that it extends to -- the offer just needs to "accompany" the binary.

Re:You don't know they are in violation

[QuantumG]

Go find an actual customer and get remote access to the machine they have installed the software on. Look for copies of your software and whether that software is in compliance. Once you have the information, draft an email requesting compliance and outlining how the company is not in compliance and send it to the SFLC with a kind request for them to look it over before sending it to the company.

Re:You don't know they are in violation

[agbinfo]

Simply because it is part of the license.

What's part of the license? To inform the licensee "before" the distribution occurs? That can be done at the signing of the contract and still be valid as far as the GPL is concerned - IANAL - otherwise this would make it impossible to download GPL software from the Web.

In any case, good luck with OpenNMS.

Re:You don't know they are in violation

[imp]

Close.

If they ship the actual source code with each product they ship you are correct, although customers are allowed to redistribute the code under the terms of the GPL. this can be tedious to have 100% compliance with, however, since you have to do it even for patches you send out. ANY time you ship a binary, you also have to ship the source.

If they are accompanying the software with a written offer, it must be valid for ANY THIRD PARTY to obtain the source code.

What has often been claimed is that you can ship a binary and then only give out source to that when your customers ask for it. That's not what the GPL says. Either ship the code and binaries together and have no further obligation to the customer or anybody else. *OR* ship the binary with the offer to provide the code to any third party that asks for it.

Re:You don't know they are in violation

[Curien]

You can disagree all you want; you're wrong. This isn't a matter of opinion, but of what the GPL says.

You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.

Only recipients of the program have any rights under the GPL. If you are a potential recipient but haven't actually received anything yet, you're still not a recipient.

If you're going to continue the argument, please provide actual quotes (not made-up ones like in your earlier post) from the GPLv2 which supports your claim. (Hint: You won't find any.)

Re:You don't know they are in violation

[botchagalupe]

Yes they are... OpenNMS is a trademark that has not been listed on their site.

Re:You don't know they are in violation

[Sortova]

You obviously misunderstood my earlier post.

In this case we have serious concerns about the behavior of a particular company, Cittio. Perhaps these concerns are unfounded, but my question was to ask for advice concerning how to go about, perhaps, getting rid of these concerns. The GPL is a license based on copyright law, and thus doesn't even take affect until a "copy" is distributed, so of course Cittio is under no legal obligation to reveal how they are using OpenNMS until they actually provide the code.

Now, I should note that they have configured a demo system for this client to use on the client's hardware. While I am most definitely not a lawyer, that could be construed as "distribution", although it could be argued that no ownership has changed hands. In any case, the fact that their use of OpenNMS was not clearly disclosed (as is recommended by the GPL Violations Vendor FAQ) was enough to cause us some concern. If there is nothing to hide, why not be up front about it?

This happened right after we received a query from a Cittio software engineer looking to compile one of our GPL'd libraries. Now, if they are truly using OpenNMS in an unmodified fashion, why the question? Can't they just use OpenNMS as distributed? Again, there is probably a simple answer, but I am at a loss as to how to get it.

It seems that your recommendation (along with many others) is to just forget about it or to hire a lawyer. Neither is very useful to me.

Re:You don't know they are in violation

[palegray.net]

First, the word is "embeds." Second, see see this comment by another poster for clarification of the actual requirements of the GPL concerning source availability. By the way, who says any code is being redistributed under a different license?

Re:You don't know they are in violation

[palegray.net]

This is getting really irritating. Who says their software isn't licensed under the GPL? Are you one of their customers? Read this post by another poster to get educated on the source distribution requirements of the GPL.

Re:You don't know they are in violation

[mysidia]

Are you sure they don't provide source?

Sounds to me like the primary complaint is it isn't advertised that it's GPL. The GPL doesn't require you advertise your products as containing GPL software, the BSD license is the license that contains an advertising clause.

The GPL has no requirement about what you advertise, or how you sell the software. But once you finally get the application, the GPL terms must be very clearly disclosed, all notices presented, source code made available, etc.

In a commercial application that fully complies with the GPL: either the code is included with your distribution of the software (I.E. media containing source code is included with media containing program, or for example, source code packages are provided on the same private FTP server as the binaries), OR a written offer is included with your distribution of the software. Full stop.

There is NO "ask" in a GPL compliant package. If you have the program, but don't have the source, and you have to ask for the code without the benefit of a written offer (distributed alongside the binary package), then a violation of the GPL has already occured.

Merely quietly providing people who ask later (after the fact) with the source doesn't correct a GPL violation. Prominently informing software users of the license terms is also a requirement of the GPL.

"Ask"ing is different from following the instructions provided in a written offer. With a written offer, the publisher will have provided you specific terms in advance, an agreement to provide source, that is not recantable. Whereas "ask" implies you have no copy of any offer, and they may merely say "no" with relative impunity.

There is nothing in the GPL that requires a publisher to continue to provide source, except when the program is distributed, _or_ a written offer for that source were made in the past 3 years is being redeemed.

This doesn't allow just any third parties to redeem an offer for source code they need a copy of the offer, for information such as cost per copy, publisher's e-mail address, subject line to use, etc.

Re:You don't know they are in violation

[JoelKatz]

This is not the FSF's position, nor is it sane. What the GPL intends, and what makes sense, is that you cannot be refused the source code simply because you aren't the person the offer was originally extended to. That is, the offer must be transferable.

The distribution could include a "coupon" for the source code, so long as the coupon is transferable. That wouldn't mean they'd have to give anyone the source code just because they asked for it.

Re:You don't know they are in violation

[Curien]

You obviously misunderstood my earlier post.

OK.

Now, I should note that they have configured a demo system for this client to use on the client's hardware. While I am most definitely not a lawyer, that could be construed as "distribution"

I think it certainly qualifies as distribution.

It seems that your recommendation (along with many others) is to just forget about it or to hire a lawyer.

My advice is to find out what they give to their customers. The lack of documentation in the demo install may have been an oversight; the only way to find out is to see a full installation.

Re:You don't know they are in violation

[sumdumass]

Wow.. What FSF are you thinking of?

I found this on their site in the faqs about licensing page you can go look too.

What does "written offer valid for any third party" mean in GPLv2? Does that mean everyone in the world can get the source to any GPL'ed program no matter what?

        If you choose to provide source through a written offer, then anybody who requests the source from you is entitled to receive it.

        If you commercially distribute binaries not accompanied with source code, the GPL says you must provide a written offer to distribute the source code later. When users non-commercially redistribute the binaries they received from you, they must pass along a copy of this written offer. This means that people who did not get the binaries directly from you can still receive copies of the source code, along with the written offer.

        The reason we require the offer to be valid for any third party is so that people who receive the binaries indirectly in that way can order the source code from you.


They have attempted to narrow it down a bit, but it still says the same sentiment. Any third party means just that.

Re:You don't know they are in violation

[sumdumass]

The point in the "extends to any third party" is so that any third party can get the source code form you if they redistribute your binaries. So even though you only give the offer to the people you distribute to, it is valide to anyone asking for it after that for up to three years since the last distribution of it. My suggestion is to pack the source away somehow with the binary and you won't have to deal with it.

Look this up on the FSF's license faq page. What does "written offer valid for any third party" mean in GPLv2? Does that mean everyone in the world can get the source to any GPL'ed program no matter what? it will explain it a little better then I could.

Re:You don't know they are in violation

[JoelKatz]

I guess my recollection was in error. The FSF does take a nonsensical position about this. I'll add this to the long list of nonsensical positions the FSF takes.

The clearest way to see that this is nonsense is to ask yourself this question -- without a copy of the written offer and without having directly distributed to how, how could the distributor possibly know exactly what source code to give you?

It only makes sense if they can be required to show you a copy of the written offer.

Thanks for the correction.

Re:You don't know they are in violation

[Knuckles]

I don't know what you are arguing about. I agree that the point of the clause is that any third party can get the code. But this STILL does not mean that the original producer of the code has to tell the whole world about the source as soon as he distribute binaries -- a point which you also don't seem to dispute, since you, too, wrote "so even though you only give the offer to the people you distribute to, it is valide to anyone asking for it". Which, to emphasize once more, is exactly what I wrote, twice. However, the poster of the message I originally replied to seemed to have an opposing opinion, and I just corrected it. Nothing more.

Re:You don't know they are in violation

[sumdumass]

Perhaps I do not understand your post as clearly as you do. With comments like It does, again as I read it and IANAL, not say that the offer needs to be addressed to those same third parties that it extends to I think most people would see it to be somewhat confusing.

The bottom line is, as soon as you distribute the code with the writen offer, any third party can ask for the source and be entitled to it. This could be one minute after or however long. It can be 10 times as many people asking for the source then you have distributed to. The intent of the offer applies as soon as you use the GPL in that way. Now, I think your point might be more along the lines that you don't have to give anyone but your customers the specific offering in writing. That much is true, but you would be obligated to give the source code to anyone who asks afterwards, even if it is one minute after you distribute your product in this manor.

So it seems that some confusion was going in and out. It appears that we might have been making separate points.

Re:You don't know they are in violation

[sumdumass]

To be fair, I sort of got burnt on this a couple of years ago. It is an easy thing to mistake which is why I wanted to make sure you knew.

I think you can get around it by zipping or compressing the source code and shipping it with the binary somewhere and if someone asks for it, just send them instructions on how to find it. I'm not sure there is a requirement of making the location of the source obvious, just the copyright and GPL notices.

Re:You don't know they are in violation

[Knuckles]

I dunno, I thought what I wrote was pretty straightforward, as far as talking about legal language can be: "It does [...] not say that the offer needs to be addressed to those same third parties that it extends to".

Especially as my first post in this thread was in direct reply to poster mysidia's clearly wrong statement, "OR the GPL requires a written offer which to any third party, including third parties who are not their customers."

Re:You don't know they are in violation

[sumdumass]

You see, I'm lost again, are you talking about the "written piece of paper the offer is printed on" or "the offer itself"? The piece of paper, sure, the offer itself, it applies to any third party which means whether they got the paper or not, your supposed to give them the source upon request. I don't even have to see your offer or any binary program you supplied, all I would have to do is know you made the offer to someone per the GPL instructions and I can get the source.

Re:You don't know they are in violation

[Knuckles]

I mean exactly what it says in GPLv2 Section 3 b) :) I just rephrased it because the guy I replied to didn't seem to get it. I'm sorry that my rephrasing confuses you, since AFAICT you did get the original meaning of 3b anyway, and there is no need for you to let yourself be confused by me.

I refrain from trying to rephrase again, because the second and third sentence your latest post (the one I'm replying to right now) says more or less what I would have said.

Re:You don't know they are in violation

[plague3106]

No, and third party means any party receiving software form the company, regardless of how many other companies. Unless the OP received the code from the client in question, there's no obligation. If you didn't get the binaries, either directly or indirectly, there is no force of honoring the written request. Read very carefully what you quoted again.

Re:You don't know they are in violation

[sumdumass]

Lol.. I don't mean to frustrate you. But I hope you can see the confusion between "the written offer" and "what the offer embodies" when the intent of the offer is to let any one regardless of their association with you have access to the code. I see now how that was separated and we are saying the same thing. It was just difficult for me to see it before. This is probably because I looked at the emphasis of what the offer did rather then the distribution of the offer itself.

Re:You don't know they are in violation

[sumdumass]

"any third party" doesn't mean specific third parties. It mean anyone even removed from your offering. That's why people who never heard of Tivo let alone purchased one were pissed when Tivo originally attempted to builk out on distributing their source (this is before the vendor locking and all). Anyone familiar with more then the highlights of that scenario knows how this stuff was playing out.

Re:You don't know they are in violation

[Knuckles]

:) Sorry for not being clearer, I tried my best -- English is not my first language. The license provision itself is already confusing, and coming to terms with confusing legal issues in language even more so.

Re:You don't know they are in violation

[plague3106]

Try reading this very, very carefully: " If you commercially distribute binaries not accompanied with source code, the GPL says you must provide a written offer to distribute the source code later. When users non-commercially redistribute the binaries they received from you, they must pass along a copy of this written offer. This means that people who did not get the binaries directly from you can still receive copies of the source code, along with the written offer."

In other words, you have to be able to trace your binary back to the vendor to have the written offer apply. It doesn't say they have to give the code to anybody. So if I never received their binaries, I can't request the code. Go ask a lawyer.

Re:You don't know they are in violation

[sumdumass]

Perhaps you should tell the FSF about this and see what their opinion is going to be. I happen to know they will think you are wrong as is evident by this FAQ they have listed. IT says

What does "written offer valid for any third party" mean in GPLv2? Does that mean everyone in the world can get the source to any GPL'ed program no matter what?

        If you choose to provide source through a written offer, then anybody who requests the source from you is entitled to receive it.

        If you commercially distribute binaries not accompanied with source code, the GPL says you must provide a written offer to distribute the source code later. When users non-commercially redistribute the binaries they received from you, they must pass along a copy of this written offer. This means that people who did not get the binaries directly from you can still receive copies of the source code, along with the written offer.

        The reason we require the offer to be valid for any third party is so that people who receive the binaries indirectly in that way can order the source code from you.

Read that first line carefully. It doesn't say that only people who got the binary gets access to the code, it says anybody. I know you skipped that because it didn't agree with you. The part you cited is only a reason for this anybody part. It isn't a requirement to trace usage back. The term user as used by the FSF isn't an end user of the program, it can be anyone who uses the program or source code of the program for any reason that is compatible with the GPL. A use who uses portion of the source code in their product is a user just the same as someone who has downloaded a binary executable from you. IF you don't like it, then don't distribute under that section of the GPL. IT isn't complicated.

Re:You don't know they are in violation

[plague3106]

Well, the FSF is entitled to their opinion. Also, the very next paragraph seems to contractict that. At the end of the day, it doesn't matter should it go to court. I have a feeling a court would not interperate the way they'd like.

Re:You don't know they are in violation

[sumdumass]

I have a feeling that if you look at it objectively, like a court would. The first answer would be the answer and the next would be reasoning behind it. But you also have to understand that the GPL is a "copyright license" that give permission to use the stuff protect by copyright. This would mean that a user in the sense of the GPL would have to be someone who uses what it protected by the copyright. In short, that would be the end user who uses the source or distributes the program without a dependency on each other.

You see, it is the nature of the copyright and the permissive license that causes it to be this way. A court would have to look at it that way too. Now practically speaking, the written offers details on how to get the source would be confined to the written offer which doesn't need to be distributed outside the binary. But If I saw the details on a friends computer and asked for the source, you would be obligated to give it to me regardless of whether I got the binary from them or not.

Re:You don't know they are in violation

[plague3106]

I am looking at it objectively. I don't entirely disagree with your point either, which is that context should be taken into account. However, in contract law, I think you pretty much end up looking at just want the contract says, not what a supplemental faq says.

As you point out, the GPL is a distribution license; it only applies when you distibute the software. So unless your friend gives you a copy of the binaries (which he would then have to include a copy of the "offer for source"), they aren't obligated to give you the source. That's my reading of the GPL itself.

I good exercise would be to see if V3 changes the wording on this to make it more clear; if it does, I'd say it's because they reconize the "hole" they allowed with V2.

Re:You don't know they are in violation

[sumdumass]

I am looking at it objectively. I don't entirely disagree with your point either, which is that context should be taken into account. However, in contract law, I think you pretty much end up looking at just want the contract says, not what a supplemental faq says.

Well, sort of. When there is a dispute over contractual obligations due to ambiguous wording, they often look at communications to see if they can determine the intent of the clause in dispute. Seeing how this contract is one sided in the creation, the faq sheets involved with it would be a sort of explanation for the cookie cutter document so anyone taking the license would be doing so with the interpretations and understanding that the author (FSF) of the document- which would be explained by the faq sheet. How much weight and how important it is, would be dependent on several factors like how ambiguous the wording of the document is, when the faq was modified last, how long you have had access to it and many more things.

Think of the Faq as more of a X=y+1 which is part of the communications that allow you to understand the intent of the document which would be somewhat necessary to anyone who decided to use it.

That being said, with or without the FAQ sheet, in strict contract law, the GPLv2 does say give anyone access. But as a distribution license, the requirement to give the source code is on you, not the recipient. No use has to accept the GPL in order to get covered works or the source code for it and use it for their own means. You are only subject to the GPL when YOU do something that copyright would otherwise prohibit. So the onus is on your to make the source available to any third party as it says, not any third party that has met a set of goals.

I took your advice and looked at the v3 wording and it does specifically mention anyone "who possesses object code" as apposed to any third party. So it appears, at least to me, that they realized that the GPLv2 said this in a way not too many people wanted it to. You may call it a hole, I think it is more of a cave in to pressure from the community who probably didn't like it too much. The GPLv3 ended up being a big compromise on a lot of things when considering they earlier drafts compared to the final version. The second draft still had it as "any third party".

Re:You don't know they are in violation

[vux984]

Read that first line carefully. It doesn't say that only people who got the binary gets access to the code, it says anybody.

Yes, the written offer applies to *anyone*... anyone who has the written offer can make use of it, regardless of where they got it, ie -- even if they didn't get it directly from the company that originally created the written offer.

They are saying in the FAQ that "yes, its possible that anyone in the world may come back and ask for the source", because by making a written offer, and giving it to someone, that someone else may in turn pass it on to anyone... so at the end of the day, anyone might have it. And you have to honor anyone who has it.

Technically however, you do actually have to have received the offer to act on it. So not its not automatically available to EVERYONE.

That said, pretty much anyone can GET an offer if the distribution was wide enough, and someone who had received it was willing to redistribute it. Like in the case of Tivo, for example.

However, if I take GPL code, modify it and redistribute to some close friends in binary form along with a written offer for source, YOU can't get the source unless either I give you the software/written offer or they do. If none of us are willing to redistribute to you, you can't get the offer. And when you come asking for the source I can tell you where to stuff it.

The term user as used by the FSF isn't an end user of the program, it can be anyone who uses the program or source code of the program for any reason that is compatible with the GPL

Precisely. If you aren't a 'user' of the program because no one will distribute to you a copy, then you don't qualify for the written offer of the source. If you can legally get a copy, then we'll talk.

IT isn't complicated.

Precisely. ;)

Re:You don't know they are in violation

[sumdumass]

You took and awfully long way of saying that the meaning of

If you choose to provide source through a written offer, then anybody who requests the source from you is entitled to receive it.

is supposed to really anyone anyone who can prove they got the program. This isn't the case because of the implicit wording, then anybody who requests the source from you is entitled to receive it. If it said anyone who received the product from anywhere, then I could agree. But it simply doesn't say that in the GPLv2 wording which would your denial because only your friends have access to it wrong.

Precisely. If you aren't a 'user' of the program because no one will distribute to you a copy, then you don't qualify for the written offer of the source. If you can legally get a copy, then we'll talk.

Here is the thing, the license places obligations on the person distributing it. When you do so in that manner, you have taken on the obligation to give the source code to any third party who requests it. But more importantly, it places no obligation to verify you have access to the program or that you recieved it from any source . This is important because I could effectively lock someone into a non-disclosure or some other agreement by the fear of retaliation if they distributed the software. In the example of your friends having your GPLed program, if giving them their copy actually counted as distribution, then all I would need to do is use the program to find the written offer. I wouldn't need to own it, I wouldn't need to install it myself, I wouldn't need to verify any of thing like where I got it from or that I have it installed. All I would need to do is find out in some legal way that you have distributed the covered work and opted to use the written offer for the source code. If this happens to be because I used it at work and my boss happens to be one of your friends, it doesn't matter.

Look at the wording. The GPLv2 says "any third party" the license fact says "anyone". There is no pretext to "any". Any means any, not "only these", or "only those". There is no "if they meet some requirement", no "if they did something special", nothing but the use of "any" implicitly. Any is the same as whatever and whatsoever. It isn't a limiting term in and of itself and nothing has been presented in the sentence to limit it's intended meaning. "Any", for the purposes of this conversation means "any".

Re:You don't know they are in violation

[vux984]

After rereading the FAQ, and the GPLv2, I agree with you.

They claim they only want to ensure that if you've come onto the binaries you are able to get the source, but yes, they way it is written, they are deliberately overshooting that mark... so that even if you you don't have the binaries you can still request and receive the source.

My former understanding was that the offer was extended to anyone who had the software. But you are right, while they rationalize that they only really want to protect people who have the binaries, they've created this protection by entitling anyone to request the software, whether they have the binaries or not.

The upshot of this is that if you want to 'restrict' distribution of GPL code, you must distribute it with the source code. ie... suppose I give mary a copy of my gpl program with the source code on a separate CD and she installs the binaries on her laptop, and leaves the source in a cabinet on her desk. Then ... you come along and read about the software on a blog... you can't request the source. Or if you use Mary's laptop you can't request the source.

However, if I don't give Mary a source CD, and instead provide a 'written offer' then you can request the source, even if you've never met Mary nor seen or laptop.

Thanks for enlightening me.

-best regards

Asked before -- the answer is the same

[whoever57]

If you want legal advice, get a lawyer.

Re:Asked before -- the answer is the same

If you want legal advice, get a lawyer. If you want good legal advice, get a lawyer.
If you want hilariously bad legal advice, ask Slashdot.

Re:Asked before -- the answer is the same

[__aaclcg7560]

The RIAA doesn't know that their lawyers are looking for jobs on Slashdot. :P

Re:Asked before -- the answer is the same

[D4MO]

Was that legal advice?

Re:Asked before -- the answer is the same

[BigJClark]

But we're all lawyers here on slashdot. and engineers.

Re:Asked before -- the answer is the same

[AftanGustur]

If you want legal advice, get a lawyer.

And money, don't forget the money.

Check out the SFLC guidelines.

[Estanislao+Mart�nez]

The SFLC's Legal Issues Primer for Open Source and Free Software Projects covers this. You probably want to give it a read.

Still, if it's really important, ask a lawyer, don't ask Slashdot.

Re:Check out the SFLC guidelines.

[Corpuscavernosa]

How about a lawyer on Slashdot? There's gotta be one who knows what he's talking about?

(I'm one that admittedly realizes that I have no familiarity with these issues)

Re:Check out the SFLC guidelines.

[Protonk]

You you really listen to legal advice on slashdot? I wouldn't. I would not listen to advice that came from someone where I had no means of verifying their credentials, no recourse if they were wrong and no good way to show people later that I operated in good faith.

Re:Check out the SFLC guidelines.

[Corpuscavernosa]

I completely agree. Believe me, there's no way in hell I'd act upon it. It would simply be interesting and a possible starting point for my own research.

Re:Check out the SFLC guidelines.

[42forty-two42]

They wouldn't dare admit it, for fear of being held liable for it as legal advice.

Re:Check out the SFLC guidelines.

[Protonk]

That's a pretty fair response. I didn't even think of it that way. I guess slashdot could be considered a wikipedia type starting point for some more particular questions like that even if it does seem very much based on the luck of the draw.

Re:Check out the SFLC guidelines.

[Kjella]

Oh, I've seen several lawyers here but they always point out that they're not your lawyer and that this is not legal advice. Can't really blame them either, if someone took a fairly unqualified slashdot post and applied that uncritically as legal advice in a specific case I wouldn't want to stand responsible for it either. It'd be like taking a doctor's general advice and applying it as your personal medical diagnosis, what's in general good advice may not be for you.

Re:Check out the SFLC guidelines.

[sumdumass]

I don't think it is as much about following the legal advise as much as it is looking for avenues to explore. Asking a lawyer to write a letter is ultimately cheaper then asking one to file suit. Finding that you mistook something to mean something that others don't believe has the same meaning allows you to rethink your legal standing in the first place.

Asking slashdot allows at least the ability to walk into a proper lawyers office somewhat informed.

Bye bye my application

[icepick72]

I understand the joy of coding and excitement of creating your own applications for free, but I can never understand how programmers stand to watch their creations being usurped for commercial purposes. Whether it's abiding by the GPL or not, somebody else is making money from your creation. You would think the original programmer would have the wherewithal to market their own creation instead of leaving it for someone else. Even if you don't take the money for yourself, donate it back to the FSF or to another worthwhile cause. Maybe it's a case of lack of resources to start your product running. Maybe we need a group that can fill this niche for open source products. Maybe they already exist. If so I'd like to see discussion about it.

Re:Bye bye my application

[QuantumG]

Cause selling a solution is just as much, if not more, work than creating one?

And it is something that is done by sales people, not programmers?

Re:Bye bye my application

[Improv]

So long as they're not making it proprietary, what's the problem? We can both destroy markets and help the world by opening our source, and that's pretty awesome. If someone happens to make some money (maybe consulting, whatever), so be it.

Re:Bye bye my application

[mOdQuArK!]

Also, most solutions aren't going to be "perfect" for everyone, and if you're a demonstrably good programmer, you can contract your services at fairly healthy price levels to provide all sorts of custom solutions to the people who really like your open source software, but just want "a few tweaks".

Re:Bye bye my application

[GrahamCox]

You would think the original programmer would have the wherewithal to market their own creation instead of leaving it for someone else

Why would you think that? People are usually good at some things, not at others. I think it's very likely that a person good at programming and software design wouldn't necessarily be good at (or even interested in) running a business, accounting, marketing, all the legal stuff, etc. It's also very hard to find people to come in with you who are, based only on your software/coding expertise. I speak from experience.

Re:Bye bye my application

[wolf87]

I recently developed a small package of statistical tools & made it available under lesser GPL. I made the decision to open-source it for several reasons. First, I wanted to make it easily available to other researchers wrestling with the same problem I was. Second, I wanted to see if anyone could take what I had done and extend it into a better set of tools. Third, having it freely available, code and all, helps to get my name out there and build my reputation. There are plenty of reasons to put out applications without making money from it.

Re:Bye bye my application

[theophilosophilus]

So long as they're not making it proprietary, what's the problem? We can both destroy markets and help the world by opening our source, and that's pretty awesome. If someone happens to make some money (maybe consulting, whatever), so be it. Why is destroying markets a good goal? I think a better choice of words would be "revolutionize" or "reinvigorate." OSS doesn't destroy a market - it just makes it more competitive. See this post.

Re:Bye bye my application

[jmv]

So by this reasoning, Linus should be crying night and day because people and companies are making billions from using/selling Linux?

Re:Bye bye my application

[eggbert.net]

People who are good at business get paid.
People who are good at programming get screwed?

My time, knowledge, and skill are not worthless and I would want to be paid. The GPL is great but FOSS programmers could exclude companies that use their software from the license and require an that those companies take an additional license so the programmer can get paid.

Also ... a software patent would be useful here ... and potentially beyond :)

Re:Bye bye my application

[cbhacking]

Considering how many programmers have trouble just covering all the tasks that go into producing a polished product (I'm terrible at user interfaces, for an extremely broad example - I'm far more comfortable with back-end code), I'd be amazed if even 10% of programmers who try to develop and market their own product get anywhere. I suppose there must be exceptions - Irfanview is a great program that AFAIK is backed by only one person (it's distributed for free and source isn't available, however; this probably cuts down on the extraneous headaches quite effectively) - but in general it doesn't work that way. What, do you imagine that everybody at the Mozilla Foundation is there to write code? Even if you ignore the related tasks (going through bug reports, running various forms of tests across the code, even writing documentation), you've got people who handle money, who handle marketing, who handle legal issues...

Don't ever fall into the trap of assuming just because you're a 1337 programmer who wrote some truly awesome program/utility/library/framework, you know anything about promoting its use in the real world.

Re:Bye bye my application

[fr0st0]

I agree [GrahamCox]. Also, the ultimate underlying motivation of the programmers and the GPL, CCL, etc. is to increase information. Open and Free programmers are like anyone else in that they do what they do for a multitude of reasons (social, relative notoriety, etc. [see the first few chapters of 'Wealth of Networks']) but at the end of the day it all serves to expand the knowledge horizon of everyone, indirectly or directly. That combination of selfishness(in that more information benefits you) and selflessness (in that it also benefits everyone else) is the underlying sense of purpose that attracts the users and motivates the developers alike.

Re:Bye bye my application

[pclminion]

Whether it's abiding by the GPL or not, somebody else is making money from your creation.

This is a stupid, juvenile concern. If it offended me that others would use my code, I would not release it. The only purpose of releasing code under GPL or any other communist license is personal gratification and egotism.

Re:Bye bye my application

[Antique+Geekmeister]

I'll say. It's a big source of revenue for RedHat, SuSE, Xen, and lots of other open source software vendors.

Re:Bye bye my application

[pionzypher]

My time, knowledge, and skill are not worthless and I would want to be paid.

Then FOSS isn't what you're looking for as far as a suitable license for your stuff.

The GPL is great but FOSS programmers could exclude companies that use their software from the license and require an that those companies take an additional license so the programmer can get paid.

We taking for FO out of the FOSS now?

I can absolutely agree that programmers deserve pay for code that they are commissioned to do. Or for code that they are selling. I have to take exception with releasing code under a *Free* and *Open* license, and then wanting to limit it and/or close it up from certain individuals. There are other licenses out there, other options for those wishing to limit who can use a particular piece of software.
*shrug*

Re:Bye bye my application

[Hal_Porter]

No, good GPL programmers sign over their work to the collective farm, err FSF and patents are a tool of greedy kulaks. That is why the GPLv3 forces you to license them for free to everyone. You should work solely for the betterment of society - money is an obsolete concept in this new Socialist age of plenty.

Re:Bye bye my application

[soulfury]

People who are good at business get paid.
People who are good at programming get screwed?
Yes, people who are good at programming get laid. Fair enough.

Re:Bye bye my application

[Improv]

The "software-in-a-box" market is based on artificial scarcity, and we don't need it. We will probably always need folk like sysadmins (which companies tend to hire directly) and consultants (sometimes direct, sometimes using big companies like IBM) to fine-tune things to our needs, but the traditional software company will hopefully die within the next 20 years.

Of course, there are many ways to conceptualise these markets, and the difference between our conceptualisations is where the difference sits.

Re:Bye bye my application

[asc99c]

I think you are muddling things up here. There is a lot more to making money than having an idea and a lot more to having a sellable product than just having a product. Just looking at the Cittio website, their own product is based on dozens of open source components, most of which are fairly major pieces of work. Cittio has taken the extra step of building them all together and putting on nice front ends that allows someone to do a task easily. They have made something that people are willing to pay money for. They have also no doubt invested money in marketing and selling the end result, and providing support and guarantees to their customers.

Isn't the idea that an idea is worth a lot of money exactly why we all get so riled up about patent trolls?

During the day I develop commercial software - sometimes I make use of LGPL / BSD licenced software. I'm reasonably good at this and am paid more than I need to get by. When I have the spare time and inclination I also contribute to open source software. I don't feel any need to be paid for this as I am already benefitting from other free software, and I hope other developers benefit from my own freely provided work. If someone can make money off it, good for them.

Re:Bye bye my application

[babbling]

The thing is that if someone is selling your GPLed thingy, or support for it:
1. You can do it too, and anything they add comes back to you.
2. You're more qualified than they are to sell/support it, since you wrote it.

Re:Bye bye my application

[bug1]

Its not the "commercial purposes" that are the cause of the problem, its the ethics of _some_ of the people who apply those commercial purposes, companies who violate the GPL will probably violate any other license as well, so its enforcment that is the problem, not the license.

The theory behind Software Freedom is that everyone (except copyright holders) is equal, commercial users have to compete with each other, and copyleft is supposed to be about encouraging the software to develop, not necessarily the programmers finances.

Re:Bye bye my application

[boolithium]

Ok, I guess I'll be the one to rant about the doctrine here (where is my soap box). I think you are implying that for an application to be successful it must also be marketable. In my understanding of the whole gnu philosophy that is not the case. It neither matters that the commercial market accepts it or rejects it. The point of the code is to be useful to someone. In this instance I can't be sure if the GPL has been violated, and I believe in these gray areas a company will usually win in a legal case. The GPL is not a much without a good legal team behind it, and the FSF can't blow their resources on every case. Violations will happen. Still think of all the other people using and improving the code that aren't in violation. Some may not have the resources to purchase commercial software, but none the less have the need. To me open sourced software means that a hospital in Africa can keep patient records in a database, because there are applications they can run and improve on themselves. So if some of my code is used in such a manner, I feel it was well worth it. And since I have yet to write a single piece of perfect code, I'm glad someone else can doctor it. Because it is GPL they can't turn around and sell it without releasing that code. I have no problem with them selling it. Nor do they need to provide binaries to anyone. As long as other parts of their application operate independently they can leave that code out. But the code will still have the freedom to evolve, because it is still out there. That is why a coder would give away their code freely (as in free not beer).

Re:Bye bye my application

[zermous]

Because some of us dont view it as an usurpation, but rather as the greatest fulfillment of our code's potential. You dont deserve to profit from your child's success. You just want to see it succeed.

Re:Bye bye my application

[Angostura]

The "software-in-a-box" market is based on artificial scarcity

Interesting assertion, but I would like to see your working. In which commodity is the artificial scarcity?

Re:Bye bye my application

[element-o.p.]

There are a few really simple tools that I've written and posted on-line under the GPL. In my case, I wrote a program (well, a few scripts, actually) to solve a problem that I found interesting. I'm busy enough as it is, so I don't particularly want to take the time that it would take to market and sell the code myself, but I would like to see it used by others who can benefit from it. Furthermore, I use a lot of open source software myself, so in my mind at least, I see that I owe something back to the Open Source community.

If a company were to use my scripts in a commercial project, then I would be glad because first, my software is doing something useful, second, I get bragging rights for the original project, and third, hopefully they can take the original code and make it better. Who knows; if something like this were to happen, then having contributed to a commercial project may help me land a job somewhere, some day.

Re:Bye bye my application

[Darinbob]

Yes, creating is fun, selling is a pain. Actually, creating the alpha version of a product is fun, but fleshing it out and making it a viable reliable product with a full set of user documentation and a support process and usable interface is a lot of work that I'd rather be paid for than to do for free.

Re:Bye bye my application

[HellYeahAutomaton]

I can never understand how programmers stand to watch their creations being usurped for commercial purposes

They are acting out of charity, and simultaneously driving down the value of their own work and that of their peers. There *can* be some kind of business motive for this, as illustrated in http://www.wired.com/techbiz/it/magazine/16-03/ff_free
so long as there something that the programmer can profit from (ala the razor blade model, but in software it equates to
having to deal with the *suckage* tech support service business model), if not, it is purely a race to the bottom.

It's hard to not believe: "Hurrah for the companies that wish to exploit these misguided idealists!"

Re:Bye bye my application

[Improv]

In my framework, the artificial scarcity, "stock software", is artificially scarce. An IP-rule-based-economy ignores the marginal cost of distribution being zero and tries to keep there being a market for stock software that resembles physical objects, which is unnecessary and which the open source movement aims to undermine. At the very least, when the distribution/unit production cost is zero, it makes sense to consider it a highly nontraditional "market", perhaps having development costs supported by public grants or off of margins from the market that I do think will always exist on some level (the consulting/customising market). If the open source movement can continue after the traditional software market collapses, that would be great too.

Re:Bye bye my application

[Stephen+Samuel]

Well, it's like the old communities that used to do 'barn-raisings'... When a new pioneer came into the area, the local neighbors would all gather together and help them build their barn. It had a number of beneficial effects for the community:

• no one person had all the skills needed to build a barn
• More people in the area with barns meant more resources for the entire community.
• it was a community-building exercise.
• over time, every body got helped anyways.

The one improvement of GPL software over barns, however, is that -- when someone comes up with a better way of making a door, everybody gets the new software door on their barn.

i.e. if I release my code to GPL, and somebody makes a new -- much nicer -- user interface, I get that new and improved interface. I don't have to be my own UI expert to get that.

and the advantage of having a community support my code instead of myself means that I can go on to the things that I am interested in..

and then, there's the old standby of just wanting to get my code out and used by somebody else. It essentially doesn't cost me anything, so why not? I can be like the dog with the straw, but why??? ... and if somebody can make some money supporting it, more money to the -- just as long as they don't expect me to do extra work for them for free.

Re:Bye bye my application

[JoelKatz]

The whole point of almost all economic activity is to drive down the price of everything, so that over time everyone can have more and more. A computer as powerful as the one I'm now using would have cost millions of dollars ten years ago. The television I picked up three days ago for $1,000 would have cost over $10,000 just four years ago. Maybe more and more available for less and less is progress.

You see it as a race to the bottom. But if you look at it as a race to provide more for them same price, it's a race to the top.

Do a little digging yourself, get a lawyer

[cbhacking]

First issue: are you SURE they're in violation? This could be as simple as calling their support line and asking how you can get the source code (this assumes you've confirmed that GPLed code is included). If you can't get to the support people without being a customer, search their website for any indications and/or try and get a demo.

Once you're reasonably sure they're in violation, consult a lawyer who knows IP law, preferably one familiar with the GPL in particular. Even on Slashdot, I'm not going to try giving you advice beyond that. It's not cheap, but there's a decent chance of getting legal expenses awarded in court.

Re:Do a little digging yourself, get a lawyer

[cbhacking]

Oh, and document EVERYTHING. Every email, every phone call (you may need to tell the other party if you record the call, I don't know the law in your area), every letter, every step of your research. I'm guessing a single subpoena would get all the evidence you need, but no point taking risks when money is at stake (as it will be if this goes to court).

Re:Do a little digging yourself, get a lawyer

[QuantumG]

He's already screwed himself by posting to Slashdot. If he is lucky Cittio will just ignore him. If he's not, they'll probably sue him for libel. His only defense then will be to show that he is right, and that will be pretty hard to do after Cittio have cleaned up any discrepancies they might have had in their distribution.. which they are sure to do before calling the lawyers.

Re:Do a little digging yourself, get a lawyer

[SanityInAnarchy]

You supposedly want "freedom" and yet you throw a fit when some entity takes your software and uses it to their advantage.

When "freedom" is defined as freedom for the end-user, I think they do pretty well.

Fucking patchouli-stinking communist.

Must be trolling hour. My turn! Fucking long-haired, crack-smoking, Metallica-wannabe anarchist.

I'm not so goddamn arrogant as to think I can dictate how you use my inventions.

Cool! So what do you do for a day job? Where did you find a company that's not so goddamn arrogant as to think it can dictate how the end-user can use your inventions?

For that matter, why the fuck did you use BSD, then? If you really want us to "use it as you see fit", follow sqlite's fine example and release public domain. I might even maintain the GPL fork.

Let me know when you want to have an actual discussion. Or we can just flame each other like retards.

Re:Do a little digging yourself, get a lawyer

[QuantumG]

Let me know when you want to have an actual discussion. Or we can just flame each other like retards. Welcome to Slashdot.

Re:Do a little digging yourself, get a lawyer

[91degrees]

He has another defence - That the harm caused by the post was negligible.

Re:Do a little digging yourself, get a lawyer

[Sortova]

I wasn't really asking for legal advice on Slashdot. While I am at times stupid, I am not that stupid (grin). I was actually looking to see if there were other suggestions and other courses of action. If you read my post, I make two claims: that it appears that Cittio is not making clients aware of their rights under the GPL (it was a client who was unaware that OpenNMS was used as part of Cittio, not me) and that it appears that at least one of their developers is doing more with the OpenNMS code than just packaging it, which suggests (and note I say "suggests") that they may be using OpenNMS code as part of their application. Neither claim is libelous.

Re:Do a little digging yourself, get a lawyer

[Steve+Hamlin]

they'll probably sue him for libel. His only defense then will be to show that he is right, and that will be pretty hard to do after Cittio have cleaned up any discrepancies they might have had in their distribution

Several problems with your statement:

1. In the U.S.A. (where both Cittio and OpenNMS Group are based), it is not "truth is the ONLY defense", but rather "truth is ALWAYS a defense." There are many other defenses. Intent matters, and in some cases, it must also be shown that the intent was malicious, meaning that the statements were known to be false or there was reckless disregard for whether the statements were false.

2. If Cittio "cleans up any discrepancies they might have had", they still have the problem of the discrepancies they DID have. Just because Cittio will have cured the GPL violation doesn't mean the author didn't have a violation at the time about which to complain. Which, if true, would be a defense against the libel claim.

3. If Cittio "cleans up any discrepancies they might have had", then GREAT! That is the prefered outcome in most GPL enforcement cases.

Would Cittio go for libel?

Legal matters belong in the hands of lawyers. Most lawyers I talk to, their first bit of advice is "shutup, don't say a word and let me handle it".

Re:Would Cittio go for libel?

[erroneus]

Medical matters belong in the hands of God. Most gods I talk to, their first bit of advice is "pray and do what I say."

Do you see the problem with that statement?

Re:Would Cittio go for libel?

Medical matters belong in the hands of God. Most gods I talk to, their first bit of advice is "pray and do what I say."

Do you see the problem with that statement?

Other than the fact that this God you refer to is nothing more than a fairy tail?

Re:Would Cittio go for libel?

[RicardoGCE]

Other than the fact that this God you refer to is nothing more than a fairy tail?

Greatest typo ever.

Post it on slashdot!!!

[syousef]

1. Write GPL software
2. Discover GPL software license has been violated
3. Post all over slashdot asking legal advice
4. Whine about why no lawyer will touch your case with a barge pole
5. ????
6. Profit

If you're in a situation that might need a lawyer, contact one. Asking for help on /. is going to do your case more harm than good.

Are you suprised?

[bigredradio]

Are you suprised? Come on, you publish the SOURCE code. That's a lot easier to steal than DRM software and media.

What are you trying to accomplish?

Do you want money? Recognition? Revenge? Perhaps you should begin a PR campaign to get the word out. Their website has lots of big corporations listed as clients, I'll bet those companies would would be interested in knowing that the product that they paid big money for could be taken away from them because Cittio is in violation of the GPL. What about calling their Investors and having a chat with them?

This is well documented already!!!

[jamesh]

The instructions for what to do if you think you have found a gpl violation are here. There is no mention of posting to slashdot on that page. There is a mention of checking your facts first... some companies get a bit cross (eg they'll take you to court) if you write anything bad about their product which isn't completely true. (i'm not saying it isn't, i'm just saying you don't appear to have done your homework yet).

You've achieved your desired goal

[Bruce+Perens]

You got your concern on the front page of Slashdot. That means that the company will make sure they're doing everything right, because all of their customers are going to ask them about it now.

That said, it's not at all clear that you had anything to complain about. If SFLC won't help you for the reason you gave, that means you don't have any standing in the matter. You can't sue anyone about it. So, there's not much use in complaining.

IMO, you should make real sure that you at least own the copyright of your own work before you contribute any more.

Bruce

Re:You've achieved your desired goal

[QuantumG]

Dunno why you're replying to me instead of the OP but seeing as you are, I don't think he has no legal standing.. if he has been contributing code and not signing it over, then he owns the copyright on the work, period. The SFLC might not be interested because there are other contributors to the work and they'd have to get everyone together to have a strong case, but I don't think the OP even bothered to contact the SFLC.. everything he's said has the ring of a complete lack of research.. especially seeing as the first thing the FSF and the SFLC tell you when it comes to copyright violations is to make sure you have your facts straight and to not go sprouting your inexpert opinion all over your blog.

Re:You've achieved your desired goal

[Bruce+Perens]

Dunno why you're replying to me instead of the OP

It's slashdot strategy. If late to a discussion, a reply to a high-ranked post will apppear higher than a reply to the article. But yes, it's really a reply to the article.

if he has been contributing code and not signing it over, then he owns the copyright on the work, period.

SFLC appears to have treated him as if he did not have a very significant portion of the program under his own copyright. I know that they have represented other authors who did not own the entire copyright of a program, but did own a significant portion of the work.

I don't think the OP even bothered to contact the SFLC..

That's possible, but the reason for rejecting him sounded like it could be for real.

Re:You've achieved your desired goal

[QuantumG]

Well, FSF have advised me in the past that any copyright is defensible, no matter how small it is in comparison to the rest of the work. Of course, if I asked them to defend me they would ask if I can assign them the entire copyright for the entire work and when I said no they'd bow out. That's just *their* policy, and one the SFLC has inherited it seems (which means it really was Eben Moglen's policy), but it doesn't mean you *can't* sue. I expect it is a cost saving measure. If you don't have copyright over the entire work then the defendant can file briefs claiming that the particular part of the work under dispute is not owned by the plaintiff and, even if it is trivial to show that they are in violation of copyright of a portion of the work that *is* owned by the plaintiff, it will take weeks and require the writing of very detailed, technical and lengthy briefs... i.e., it'll cost a lot of money.

So I guess if the only way you're going to afford to enforce your license is to get the help of the SFLC then you better get your ducks in a row.

Re:You've achieved your desired goal

[Sortova]

The history of OpenNMS is pretty long and convoluted. It was started by a company called Oculan, and I was an employee of theirs when they decided to stop publishing their code under the GPL. I wanted to keep the project alive, and thus I took over maintaining the code in 2002. So all of the original "1.0" code is copyright Oculan (and that IP is now owned by Raritan) while almost all of the other changes are copyright "The OpenNMS Group". Both companies are commercial entities, although OpenNMS is never licensed outside of the GPL. According to Daniel B. Ravicher at the SFLC (who I contacted in 2005): "SFLC unfortunately cannot generally represent for profit entities". The fact that the SFLC won't defend us doesn't mean that we "don't have any standing in the matter". We do own the copyright to our work, but it is a derivative work based on the GPL and it is very unclear how such things can be defended since it is based on the work of other (duly noted in every copyright notice in the OpenNMS code).

Re:You've achieved your desired goal

[dreamchaser]

Bruce,
          I have a great deal of respect for you, but why piggyback on the top post? Your name alone gets most of your comments modded up; there is no need to resort to such confusing tactics. You spoke the the submitter but replied to someone else.

Re:You've achieved your desired goal

[i.r.id10t]

Ya know, for folks like you Bruce there should just be an automatic moderation of +10 "well known and trusted to be insightful and informative" to any post you make...

Re:You've achieved your desired goal

[Rary]

Ya know, for folks like you Bruce there should just be an automatic moderation of +10 "well known and trusted to be insightful and informative" to any post you make...

They should just give him his own personal karma rating.

"Karma: I'm Bruce fucking Perens".

Re:You've achieved your desired goal

[sumdumass]

You forgot to add biatch to the end of that.

But I disagree with the sentiment being passed by that. Comments should be taken for what their worth not what notoriety a person making them might have. I have had disagreements with Bruce in the past and found some of his comments lacking in this respect. But this isn't to say that he isn't a great guy or anything, it is to say that the comments in itself need to merit the praise more then the person making it.

I can illustrate this with the comments that brought about this all hail Bruce thread. Given the information at the time, he concluded incorrectly that the SFLC didn't think he had proper legal standing to file suit and hence proper standing to complain. It turns out after you follow through the thread, that the reasons his case wasn't taken up was because the SFLC doesn't want to support a commercial or for profit entity in which the op seems to be.

Now as for the information at hand when the comment was made, it was insightful but now that more information is available, it seems pointless to keep it that way. Meta moderation will probably take car of it and even if it doesn't, it doesn't really matter. But an automatic I'm important would/could elevate a misunderstanding that would/could do more harm then good in this case.

Re:You've achieved your desired goal

[Bruce+Perens]

I have had disagreements with Bruce in the past and found some of his comments lacking in this respect.

Your slashdot user name is "sumdumass" and you want respect? :-)

The original article claims that the copyright is held by more than one commercial company. Implying not all by him. I took that to mean "not siginificantly by him" because I find it difficult to believe that he is a viable commercial company and has to ask Slashdot for legal advice.

Re:You've achieved your desired goal

[sumdumass]

Your slashdot user name is "sumdumass" and you want respect? :-)

I don't want respect just because I manages to make a name for myself. I would want it for my accomplishments and comments. If someone wants to respect me for my name, then I am fine with the whoreshiping some dumb ass. Spelling intended, for I think the action deserves the merit more then the person doing that action. Perhaps I have a fucked up way of looking at things?

The original article claims that the copyright is held by more than one commercial company. Implying not all by him. I took that to mean "not siginificantly by him" because I find it difficult to believe that he is a viable commercial company and has to ask Slashdot for legal advice.

I didn't take what you said to be incorrect, or even flawed given the information you had at the time. I attempted to make that clear in my post that it was reasonable for you to come to your conclusions. This isn't an attack on you or what you said.

However my comment was addressing the idea that a person can say anything and have it be insightful or moderated up somehow simply because of who they are or what they are apart of. I pointed to your comment only because _after_ more information was made available, it didn't seem so insightful then yet we had a thread started almost in worship over you in which they explicitly stated you should be modded up in everything you post. I know it is tough being a god to people, In my other life, I am one too (not in f/OSS though). But I dislike the idea of this worship and people thinking just because our lips uttered something, it is worth listening to more then someone else's words. I think we need less kings or royalty and more open and honest discussion in order to get the best of the community at large. And this sentiment really goes beyond this discussion too. We are often inundated with thoughtless idiocies spouted by the famous and semi famous that really have no merits outside their fame. To us smart people, we can see how stupid or ridiculous they look, to their followers, it is insightful and promising.

Re:You've achieved your desired goal

[Bruce+Perens]

I pointed to your comment only because _after_ more information was made available, it didn't seem so insightful

But it did get the original article author to give us the missing information :-)

The problem with being held very highly by some folks is that if some day they decide they disagree with me, I immediately go to the opposite pole and they consider me to be evil incarnate. Fortunately, most of them grow up eventually. I'd be most happy to be accepted as an often-knowledgable human being with faults. My notoriety is important, though, because it helps me to get people to listen about issues that are important to us.

I can live with Slashdot moderation. What I do have a problem with is that I can't get my damn submissions approved when they're important. Slashdot actually rejected a submission on the California "Open Voting" bill.

Bruce

Re:You've achieved your desired goal

[Ranger+Rick]

The original copyright of the OpenNMS 1.0 code was created by Oculan (they had a dual strategy: open-source OpenNMS, commercial packaged OpenNMS-as-appliance). They have since gone out of business, and Raritan bought the intellectual property to sell as another product, so they don't have much reason to give us copyright to the grandfather of our shared code, they still have a vested interest in it. =)

However, OpenNMS pure-open-source development has continued on quite a bit since (2002?) when Sortova went off on his own to keep the open-source product alive. A large part of the code is now copyright The OpenNMS Group, which is our for-profit company supporting OpenNMS training/support/custom-dev, along with plenty of code copyrighted by tons of other committers.

The OpenNMS Group is certainly viable, and has written plenty of the code in today's OpenNMS codebase, but like many small "don't charge for a stupid enterprise version of free software" companies, legal funds to go after such things are slim. We're profitable, and growing, but we're not VC funded; would we rather fund our developer's conference or pay a bunch of lawyers to enforce something that folks Doing The Right Thing should be doing anyways?

It seems, however, that to enforce that copyright, we need to be more organized. We'd love to create an Apache-like not-for-profit "foundation" to own the copyright so we can be proper stewards of the code and not have things fragmented between us, other community members who have submitted code, and Raritan/Oculan. With the history of the original codebase, though, it's not terribly possible to do it 100% at the moment. We're doing what we can.

Believe me, there's nothing we'd love more than for this to not be an issue of The OpenNMS Group "controlling" the code. We believe in doing things right by way of the GPL, and just want to make sure others using the code do the same.

Re:You've achieved your desired goal

[Bruce+Perens]

Off the top of my head I can think of three organizations that accept assignments of GPL code: FSF, SPI, and SFLC said they would start something to do this last year but I don't know its name. There is also the Apache foundation if you like their license. All four have their own lawyers.

IMO the only reason to make your own foundation is if you want to own a special right that nobody else has, like the right to vend proprietary licenses. There is not much point in this since the other copyright holder won't budge.

Bruce

Contrary Opinion

[Brandybuck]

When you place something into a public commons, other people will take advantage of it without contributing back. That's the nature of reality. There's even an economic term for this: the tragedy of the commons. The core of the FSF's philosophy is that software should not be owned, but that it should be a public common. By using the GPL you are implicitly agreeing with this. That is fine, so long as you know what you are getting into. But to get all pissy after the fact that someone is taking advantage of what you have given away is pure arrogance.

If you don't want people abusing your software, then don't release it into the commons. Be honest with yourself and keep it proprietary. But if you do release it as Free Software, then don't start suing people of trivial legal details. Save the lawyers for the truly egregious stuff.

Life is too short for lawsuits.

Re:Contrary Opinion

[Antique+Geekmeister]

I think you've misread the tragedy of the commons. It's when a few or even many user begins to take slightly more than their share that you get "the tragedy of the commons". It's what the GPL is designed to avoid, and is precisely why the GPL is often more effective in protecting the commons than the BSD or Apache licenses. There is no "giving back" requirement in the original story of the commons, although "giving back" can extend the lifetime of the cocmmons by quite a lot, even making it permanent and avoiding the tragedy if done properly.

That said, he hasn't sued, so get off the high horse. Documenting *everything*, and a simple cease and desist letter from a competent intellectual property lawyer may be all that's needed if they're really in violation. If they are in violation, that competent lawyer needs to help drag their butt into court. If it were my code, I wouldn't ask on Slashdot, I'd ask the EFF and the FSF for recommendationsn for lawyers, and I'd ask over on Groklaw, not Slashdot.

Re:Contrary Opinion

[jdh3.1415]

I don't think you're familiar the GPL.

By placing software under the GPL, the author is specifying explicit terms under which the software can be copied and distributed. If Cittio has included GPL software into another program, distributes this program, and does not include an offer to provide the source code, then Cittio is illegally violating these terms.

Re:Contrary Opinion

[Brandybuck]

The tragedy of the commons always occurs in a true common, because there is no control over allocation of the property. People overgraze their sheep in the meadow because if they don't their neighbors will and then their sheep won't graze at all. In real life commons, you usually end up with authoritarian control over the common (such as the village lord, local commisar, faceless bureaucrat, etc).

The GPL is different, in that you cannot diminish the value of the good by overuse. Which actually makes the legal sticks in the license wholly unneccesary. Why should their be rules against overgrazing when it's impossible to overgraze? The only thing being "protected" are the author's fragile moral sensibilities. If he would only grow up we wouldn't need the GPL, we could get away with true public domain software.

p.s. No, the original poster didn't sue. But sending cease and desist letters from competent intellectual property lawyers is STILL a threat to sue. If you don't plan to sue, don't use a lawyer!

Re:Contrary Opinion

[Brandybuck]

Oh, I am VERY familiar with the GPL. I just disagree with the philosophy underlying it. The purpose of a license is to allow you to threat people with lawsuits for violation. If you have no desire to threaten people with lawsuits, then use a significantly more permissive license than the GPL.

It's nice and warm and fuzzy that you are asking people nicely to keep your software open for the downstream. Don't corrupt that soft speaking with big legal sticks.

As has been said: They don't have to give the code

[Anonymous+Freak]

...out on the web. Nothing in the GPL says that a licensee has to freely offer the code to absolutely anyone free of charge, to anyone that asks, in the manner the asker chooses. It says that they have to offer the code, in a manner of their choosing to anyone that asks.

In a commercial hardware product, that means that the company can insist on only distributing the code by sending it to you as a bunch of floppy disks, for all the GPL cares.

Now, once someone has the code, that person can then re-distribute the GPLed code however they feel.

One example: My Toshiba HD DVD Player (don't laugh, it was a present,) contains GPL code. Toshiba doesn't make this fact obvious. It's buried in the manual for the product. Toshiba doesn't make the code available on their website, because they're not required to. To quote the GPL 2.0 that my Toshiba uses:

b) Accompany it with a written offer, valid for at least three
        years, to give any third party, for a charge no more than your
        cost of physically performing source distribution, a complete
        machine-readable copy of the corresponding source code, to be
        distributed under the terms of Sections 1 and 2 above on a medium
        customarily used for software interchange...

The internet isn't the only medium customarily used for software interchange. And they are allowed to charge a reasonable fee for duplication and distribution. (See GPL section 1.) If they really felt ornery, they would be perfectly within their rights to charge you for the physical cost of a bunch of floppies, and the time (at minimum wage, or even higher,) some flunky had to spend copying onto those floppies.

BSD troll strikes again..

More off-topic crap from the BSD user/troll community..

Re:BSD troll strikes again..

Ironically, I use Linux, and have never, ever touched BSD. But hey, whatever it takes to argue, eh?

Sony Mylo GPL source?

[Technomancer]

Sony has just released second generation device,Mylo-2, both Mylo-1 and Mylo-2 are Linux based and locked tight. Where are the kernel sources? GPLed userland sources? Nobody seems to notice or nobody cares.

Re:Sony Mylo GPL source?

[Technomancer]

Great! Thanks.

Re:As has been said: They don't have to give the c

[Bill,+Shooter+of+Bul]

I think the time for floppies has passed. They are no longer customarily used to distribute software. But they could buy a hard drive and put the code on it and charge you for it.

Just write it up

[Ecyrd]

I've found out that filing a ticket on the company's public issue tracker (so that their other customers can see it, too) helps.

Also, writing a polite email which details exactly how they are breaking the GPL and which steps they should take to correct the issue, might help a lot. It's sometimes just simple misunderstanding of the GPL. Sometimes on the part of the author, sometimes on the part of the user - but in any case, the act of detailing the alleged breach of license will clarify the issue.

Re:Just write it up

[Antique+Geekmeister]

You want this on paper as well, to keep a legally verifiable copy, and say that you sent it via email and paper. Even if it is not from a lawyer, a copy on paper shows you took it a lot more seriously than just a random email.

Re:Just write it up

[Jedi+Alec]

Also, writing a polite email which details exactly how they are breaking the GPL and which steps they should take to correct the issue, might help a lot. It's sometimes just simple misunderstanding of the GPL. Sometimes on the part of the author, sometimes on the part of the user - but in any case, the act of detailing the alleged breach of license will clarify the issue.

Why go straight on the offensive? By detailing their offenses, you're pretty much saying you're already convinced they're in the wrong, which tends to put people on the defensive.

What's wrong with simply asking "Hey guys, i see you're using GPL'd software, which is great. Could you give me some more information on how you make the source code available to your customers?"

Additionally

[einhverfr]

In addition to getting a lawyer, you also want to get other OpenNMS copyright holders (particularly the commercial companies) in the loop. This helps increase the leverage and the resources available to fight. And they will bring in more lawyers, in all liklihood.

Re:As has been said: They don't have to give the c

[elec1cele]

The internet isn't the only medium customarily used for software interchange. And they are allowed to charge a reasonable fee for duplication and distribution. (See GPL section 1.) If they really felt ornery, they would be perfectly within their rights to charge you for the physical cost of a bunch of floppies, and the time (at minimum wage, or even higher,) some flunky had to spend copying onto those floppies.

I think saying floppies are a "medium customarily used for software interchange" is at this point a bit of a stretch. I don't know of any major software that is currently available via floppies. Also the Majority of PC's no longer come with a floppy drive. Much like reel to reel tapes (yes I know some palces still have some but mostly for "legacy" support) floppies are now a thing of the past.

Show and Tell ( ... anyone? )

[remitaylor]

You must have been absent all of those days in kindergarten when they emphasized *sharing*

Typical situation:
  * programmer needs X (to "scratch own itch")
  * programmer makes X and realized that, wow, other people might want to use it or contribute to it
  * programmer releases source
  * FIN

A few things might happen:
  * people contribute to X and make it better, for friggin FREE!
  * companies use X - programmer helped out other human beings
      * depending on license X was released under, if companies make their own improvements, they have to release the source code ... once again ... making your software better for FREE

You can be a douche bag and spend lot of time packaging EVERY projects you EVER make, and charging $19.95 for it ... or you can be productive, not worry about trying to sell every piece of code you've EVER written, and release the code as open source to help other programmers.

Make something seriously cool that's worth marketing and selling ... SELL IT.

But if you don't get how anyone might want to ... I dunno ... share with the community to help others ... then what the friggin Hell are you doing on slashdot? Seriously? Well. Nevermind ... I suppose we all need some flamebait, now and again, eh?

As a side note ... the more open source software you release, the better the chances of someone actually being helped by it, the better the chance of it becoming well known or used ... the more visitors your site gets ... the more you SELL SELL SELL to your visitors ( commercial software or support or consulting )

I follow a lot of what the writers of my favorite libraries do/blog and I'd love nothing more than to, one day, release projects that help others, as I've been helped by so, so, so many open source projects.

Finally, I'd reiterate that a lot of the open source projects our there are there because someone made something to scratch his/her own itch ... then released it. Many of these projects would be VERY hard to sell, and would take TIME to sell ... so, instead, people offer them up to others to use / improve / etc. But, for those of use who prefer licenses like the GPL, the code is offered up such that any improvements need to be open source, as well ... thus, everyone can work to make it better! If you want to be able to sell your own "Professional" or "Advanced" version of your software, release it under a license that lets you do so.

A lot of these projects would NOT SELL on their own. Other people use them because they exist, but, if they didn't exist for free, the companies would likely program it themselves. When a company uses your code in their software, you simply end up getting more exposure and ... hell ... they might even hire you for programming / consulting. Honestly, where's the downside?

People like you would rather have an apple rot than give it away to others. If your apple's ripe and you're not going to eat it ... see if someone else wants it. If you're a programmer, I bet you've got atleast a dozen finished or half-finished project that you're not making ANY money from, nor are you ever likely to. Don't you understand that you could open source them and ... maybe someone'll find them via google one day and you'll have helped someone else? You might even get a patch in the email one day from someone who's dramatically improved your code ... or just from someone thanking you for releasing it! At the very least, it'll make you feel good about yourself whereas, if you hadn't released the code, you never would've felt good about helping that person. It's really that simple.

</rant>

Re:Show and Tell ( ... anyone? )

[zakeria]

I agree with all you've mentioned but I do have a little gripe with OSS.. I'm a developer and have been for 25 years, it's how I make a living but I'm finding it harder to make a living from development of software & games because of the OSS community; NOW don't get me wrong here I do provide a lot of OSS myself and have contributed thousands of unpaid hours to the cause but what I'm starting to see and be affected by in the wallet is OSS recreating what I've already created for free thus rendering my hard earned labour useless and not very worthwhile. It was once a great thing to be able to sit at home and be your own boss but those days are numbered, I'm sure a lot of developers feel this pinch it's not enough to be a single developer now, you need a mighty company behind you to make any kind of real world income. I can't live on love alone.

Re:Show and Tell ( ... anyone? )

[TheLink]

This is called competition. It means you have to make stuff that not just anyone can recreate easily.

If you don't like so much competition, you'll have to find a different market which is not as competitive - try making furniture or cakes, or wedding photography.

Or find a niche which is either not as competitive (customers will still use you even if you're not as good), or where you are better than the rest.

Well, it's not as bad as some computer hardware sectors. Look at AMD, it's not as if their CPUs are that crap. Their CPUs are significantly better than their previous year's CPUs, and in fact before Intel's Core stuff they were much faster than Intel's P4 stuff. But now AMD is losing 600 million dollars or more. And they still have to invest billions to keep up whether or not they can sell the chips they make.

Just because you put in lots of work and $$$ doesn't guarantee you profits, as AMD has found out even if you do quite good work, it might not be "good enough". Commodity high tech = crazy market.

I've proposed to various OSS people before for them to make a payment site where people can more easily to donate money to individual developers. But nobody really seemed interested - it's a fair bit of work (legal etc). And it might end up a bit more about marketing yourself with the usual politics, but who knows OSS devs might still get a bit more money :).

Right now if I wanted to give some driver developer some $$$, it's pretty hard.

What's the menu path to that?

[ribman]

So what's all this then? http://www.cittio.com/products/open_source_components.html Yes, that link works fine, but I stepped back up their menu to see how prominently they link to it for the public's sake and I can't find it ... ? Can you describe the menu clicks to get to it? If it's not in the menu or linked somehow, then it is not really a public page - it's only visible if someone gives you the direct link. (like you did)
(Not that I support either case regarding the greater debate raised here.)

Re:What's the menu path to that?

[ribman]

Found the answer to my own question ....
It's not under Products - Watchtower
It's at: Technology - Open Source Components, so yes, that's up on the main menu, though sideways from Watchtower.

Re:As has been said: They don't have to give the c

[simong]

It's a good point. When GPL 2 was written, the Internet wasn't as mature as it is now, and the main method of physically transporting data would have been floppies. That's been superceded by CDs and now by the 'net, so it would take someone who was genuinely obstructive to break out the HD 1.44s and send out code in that way. Hmm, I really should bin that box of floppies one day...

Re:As has been said: They don't have to give the c

[jamesh]

In a commercial hardware product, that means that the company can insist on only distributing the code by sending it to you as a bunch of floppy disks, for all the GPL cares.

This goes against the spirit of the GPL.... To take your example to the extreme, suppose that they made the code available via 3of9 barcode in printed format? stone tablet (mailed to you via overnight delivery at your expense)? 8" floppy disks? download via modem @ 300bps at $19.95/minute? Maybe stone tablets aren't machine readable but the rest are.

It's the "complete machine-readable copy of the corresponding source code" and "a medium customarily used for software interchange" you quoted that explain it. How many computers have floppy disks these days? Mine doesn't. When was the last time you saw anyone exchange code on a floppy disk?

Re:As has been said: They don't have to give the c

[Androclese]

Not trying to be a smart-arse, but BIOS updates and SATA drivers still have to be installed with a floppy.

Did Cittio Actually Violate the GPL?

[SwashbucklingCowboy]

The guy writes:

From the client "Oh, Watchtower told us that they used some open source apps but did not mention as to what they used". When I brought up the fact that parts of Watchtower are based on OpenNMS, the client replied "I could not find one ounce of mention on their website to OpenNMS or any other Open Source code that is running on this product. That really irritates me." I should also mention that this client is in final negotiations with Cittio (they dropped their initial price considerably) so we're not talking a first contact cold call here - they are ready to close this deal without a single detail concerning their use of open source.

So what? The GPL does not require that someone disclose prior to distribution that code is licensed under the GPL or that the distributee can access the code. Where's the violation?

This sounds like either ignorance of the GPL, sour grapes, or both.

Re:Did Cittio Actually Violate the GPL?

[drv4doe]

Probably a bit of sour grapes, yes, but if you read the GPL reference, the issue is the license under which Watch Tower is be sold isn't GPL.

Re:Did Cittio Actually Violate the GPL?

[SwashbucklingCowboy]

I read the blog entry. His complaints indicate he doesn't understand the GPL.

Re:As has been said: They don't have to give the c

[dreamchaser]

Not really. You can use USB fobs too, or a bootable CD. For that matter, I can update my BIOS directly from Windoze these days. You may not have been trying to be a smart arse, but you *are* incorrect.

Set Up a Not-For_Profit

[John+Hasler]

> Since the copyright for OpenNMS is held by a number of commercial companies, the Software
> Freedom Law Center is not able to help us defend or even investigate a potential
> violation.

Work with the other companies to establish a not-for-profit corporation and donate the copyrights to it.

Re: Floppy requirement

[InvisiBill]

Not trying to be a smart-arse, but BIOS updates and SATA drivers still have to be installed with a floppy. No they don't. I've installed Windows XP (i386 and amd64) and updated the BIOS on my AN9 32X/Barracuda 7200.10 without even having a floppy drive in the system. Award has had a WinFlash program for years, and even Dell has Windows executables for BIOS updates now (which reboot into a DOS-like mode to do the actual update). Drivers for mass storage devices can be slipstreamed right into your install CD. RAID Slipstreamer is probably the easiest method, if your device is supported.

Re:As has been said: They don't have to give the c

[mcvos]

This goes against the spirit of the GPL.... To take your example to the extreme, suppose that they made the code available via 3of9 barcode in printed format? stone tablet (mailed to you via overnight delivery at your expense)? 8" floppy disks? download via modem @ 300bps at $19.95/minute? Maybe stone tablets aren't machine readable but the rest are.

Quoting the same bit from GPL 2.0 again:

"Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange..."

Are bar codes customary for software interchange? 8" floppies? 300bps modem? Is $19.95/minute really your cost of physically performing source distribution?

How many computers have floppy disks these days? Mine doesn't. When was the last time you saw anyone exchange code on a floppy disk?

Neither does my new one, but my old PC still have a floppy drive, and very recently floppies were still being used for software distribution. A company still doing it now would be living in the past if you ask me, but if it's acceptable to its customers, what do you care? If you're a customer and don't have a floppy drive, ask them to provide the source in a more accessible form. If they don't, I guess a judge may have to decide whether floppies are still customary enough these days. It's old technology, but not completely gone yet.

GPL violation doesn't relicense other code to GPL

[Steve+Hamlin]

If there's something they've changed in your project then purchase a copy and put the changed code in your version, since any modified GPL code must be re-distributed as GPL code.

Incorrect - please don't perpetuate the myth that the GPL 'infects' other code and causes it be relicensed as GPL against the author's will - it doesn't. And you will be violating the copyright of the infringer, which makes you no better than them.

You are sort of right: the GNU GPL does say that "any modified GPL code must be re-distributed as GPL code." But the imprecise language means you are confusing the meaing of 'must'.

In this case, the 'must' DOESN'T mean that any code that modifies the original GPL code is automatically (re)licensed under the GPL.

The 'must' means that if you don't license your modified and distributed code as required by the GPL, then you do not have re-distribution rights under the GPL license for the original code, and since you don't have any other license or basis for re-distributing the copyrighted GPL code, you are committing copyright infringement of the original GPLed code.

Solutions to this copyright violation: cease-and-desist, or pay infringement damages, or both since infringement has usually already happened. But in no case is the company REQUIRED to license its patches under the GPL - they just need to stop distributing, and probably pay damages for past distrbutions without a license.

-----

If a company violates the GPL by:

1. distributing binaries of GPL-licensed software,
2. that contain source code changes from upstream,
3. which source code the company won't make available to users to whom the company distributed the binaries,

Then:

4. the GPL simply doesn't provide any re-distribution rights that allow the company to distribute the copyrighted upstream software,
5. thus the company is in violation of the copyrights on the upstream software,
6. thus the company must:
6a. cease distributing their modified software, or
6b. pay infringement damages.

-----

Q: Does the GPL require that source code of modified versions be posted to the public?
A: The GPL does not require you to release your modified version, or any part of it. You are free to make modifications and use them privately, without ever releasing them.
But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the program's users, under the GPL.
Thus, the GPL gives permission to release the modified program in certain ways, and not in other ways; but the decision of whether to release it is up to you.(emphasis added)

Q: If I know someone has a copy of a GPL-covered program, can I demand he give me a copy?
A: No. The GPL gives him permission to make and redistribute copies of the program if he chooses to do so. He also has the right not to redistribute the program, if that is what he chooses.

Now you know why...

[meshmaster]

Know you know why everyone should avoid GPL junk like a plague and move over and only use stuff with MIT liscenses.

Re:As has been said: They don't have to give the c

[McDutchie]

Nothing in the GPL says that a licensee has to freely offer the code to absolutely anyone free of charge, to anyone that asks, in the manner the asker chooses. It says that they have to offer the code, in a manner of their choosing to anyone that asks.

That's still not correct. It says that at minimum, they have to offer the code, in a manner that's customarily used for distributing software, to anyone to whom they have already distributed the binaries.

On today's Internet that means they could hide the source behind a password-protected area only accessible to consumers. It would probably also still be quite acceptable to send a CD upon request to customers only. Of course, consumers then have the freedom to pass it on to anyone they choose, so the effect of such restrictions would be limited, but still, in a story like this, this is a very relevant rule.

Re:As has been said: They don't have to give the c

[Darinbob]

Hmm, we still have some devices in the lab that "customarily" use floppies for data transfer or upgrades. I think a majority of PC users still have floppy drives available to them. The GPL doesn't say "customarily used on PCs". It also doesn't say "preferred software interchange" or "easy to use software interchange" or "include a usable build script" or "prominently displayed offer to supply source code", etc. The letter of the law here is the GPL, not the FSF FAQ or community sentiment.

But then, corporations are not going to make themselves extra work here. Their goal is not to hide the GPL code, but to make this convenient for themselves and save money. So they're not going to use floppies if they can help it, and they're not going to waste time trying to inconvenience the person who asked for source code. The most convenient and inexpensive method for most companies would be just to add a line somewhere saying "contact us" and then they work out details for those 3 or 4 people who actually do.

Re:As has been said: They don't have to give the c

[e03179]

Speaking about going against the spirit of the GPL. Could someone add, say, 7.63 yottabytes of contributed code to a GPL product in order to prevent anyone else from really working with it? You know...making the new code basically unaccessible for 99.999999999934% of programmers?

And don't forget the testing

[EmbeddedJanitor]

The real crazy thing about GPL is that copyright, and thus GPL, only protects the rights of the author. I've written many k lines of code reelased under GPL and the copyright holders have the rights to this code, including releasing it under other licenses.

This code would be far less valuable if it had not been tested by hundreds of people throughout the world, some of which have spend hundreds of hours on testing. These people have made a huge investment and contribution, yet they have no rights.

Product development and selling are also huge skills, often far harder than programming, and are part of code being successful.

Re:As has been said: They don't have to give the c

[Anonymous+Freak]

In my post, I had originally written the same thing, that they could hide it for just customers.

But then I actually read the GPL to double check my facts, and found this little nugget (emphasis mine:)

b) Accompany it with a written offer, valid for at least three
        years, to give any third party, for a charge no more than your
        cost of physically performing source distribution, a complete
        machine-readable copy of the corresponding source code, to be
        distributed under the terms of Sections 1 and 2 above on a medium
        customarily used for software interchange...

Now, the section a) immediately above it does say that they could distribute the code only to paying customers, but that they would have to include the source code with the product. (I suppose if their piece of hardware comes with a CD of drivers/etc, they could just put the source in some random folder on the disc...) But if they don't include the source with the product, then they have to offer the code to "any third party".

And, yes... I know floppies aren't often used for software interchange, but they are customarily used for it. I just bought a new motherboard that came with its SATA RAID drivers for Windows XP on a floppy disk. (Vista can finally load drivers from USB stick or CD during setup, but XP, even with SP3, still can't.) My point (I'm not writing this last part for you, McDutchie, but for the other 5 replies that jumped solely on my floppy reference,) was that they don't have to make it available in a manner particularly convenient for the average person.

You're wrong

[celtic_hackr]

I follow your meaning, it was my initial interpretation of the language, but you're wrong. Any one can ask for it. Here it is:

What does this "written offer valid for any third party" mean? Does that mean everyone in the world can get the source to any GPL'ed program no matter what? If you choose to provide source through a written offer, then anybody who requests the source from you is entitled to receive it. If you commercially distribute binaries not accompanied with source code, the GPL says you must provide a written offer to distribute the source code later. When users non-commercially redistribute the binaries they received from you, they must pass along a copy of this written offer. This means that people who did not get the binaries directly from you can still receive copies of the source code, along with the written offer. The reason we require the offer to be valid for any third party is so that people who receive the binaries indirectly in that way can order the source code from you.

http://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html#WhatDoesWrittenOfferValid

Re:You're wrong

[mysidia]

Anyone who requests the source pursuant to the received written offer. The document you are linking to is part of a FAQ, which is not the license.

FAQs can be very misleading, and certainly aren't part of the license. If there's ambiguity in the license itself, then the interpretation that is valid is the looser one (that requires fewer things of the licensee)

You still need a copy of the written offer to know where to send your request.

Re:As has been said: They don't have to give the c

[jimicus]

The most convenient and inexpensive method for most companies would be just to add a line somewhere saying "contact us" and then they work out details for those 3 or 4 people who actually do.

No they wouldn't.

They'd put a line saying "contact us" and then when you call customer support, you'll spend hours going around in circles trying to explain to the agent what source code is, what the GPL is, what software licensing is, telling them that their player certainly DOES have source code somewhere and that you're not asking for proprietary bits that they've written, just the parts that are covered under the GPL.

And then your telephone call will be cut off because you've wandered way off script and the customer service agent has their performance figures to think about.

Re:As has been said: They don't have to give the c

[jimicus]

Could someone add, say, 7.63 yottabytes of contributed code to a GPL product in order to prevent anyone else from really working with it? You know...making the new code basically unaccessible for 99.999999999934% of programmers?

They could, but it's pretty unlikely because there are lots of other ways around it which are far easier.

The most obvious way is to put a stub into the GPL code which uses some form of IPC to communicate with another, proprietary program which does the donkey work.

Another trick I've heard of (which really does violate the spirit if not the letter of GPLv2) is to distribute source code of which contains a C preprocessor command #INCLUDE_REAL_CODE_HERE - and they hacked the compiler to put in the real code on seeing that preprocessor command. But they're not distributing a compiler so they don't need to give you the hacked compiler. IIRC GPLv3 accounts for that by saying that if some strange means of compilation is necessary to get the code to work, you have to distribute this as well.

Hunh!?

[celtic_hackr]

That FAQ is the FSF's FAQ hosted on gnu.org. This is the official interpretation and the one that would have to be used in any court proceeding. Sure a judge may rule anything, and they have, but this is the official and **correct** interpretation of that section of the GPL v2. Certainly it would be nice if it hadn't been open to multiple interpretations. Another good reason to use GPL v3 going forward. Lastly, I know where to write to they have contact information on their webpage. I still think the original poster didn't do his homework before slashdotting this company, I don't see anything wrong with what they have done, but I'm no client so can't say whether they are or aren't in compliance and this kind of controversy and behavior from F/OSS developers/maintainers does the entire F/OSS community no good in relations to corporate and commercial relations. I know several companies that have used F/OSS software but haven't read or understood the GPL completely, and I have had to instruct them in what their obligations are. They have all been cooperative and ready to make the proper changes and accreditation once informed. I'm more of a person who likes to trust that people are willing to do the right thing when they know what it is. This company on the surface appears to be doing the right thing. So, I say "innocent until proven guilty". When I see some proof they might not be fulfilling the GPL then I'll change my verdict to guilty.