Dealing With a GPL Violation?

Sortova writes "For many years now I've been maintaining OpenNMS, a free and open source network management framework published under the GPL. A couple of years ago it came to our attention that a company called Cittio was using OpenNMS as part of their proprietary and commercial network management application. I talked with Jamie Lerner, the Cittio founder, and he assured me that Cittio was abiding by the GPL. However, we were recently contacted by a potential client who was also considering Cittio's Watchtower, and it appears that they are not disclosing that they are using GPL'd code or at least not in the clear and concise fashion required by the GPL, including the offer of source code for all of the code they are including and any changes being made to that code. Since the copyright for OpenNMS is held by a number of commercial companies, the Software Freedom Law Center is not able to help us defend or even investigate a potential violation. I was curious if anyone here on Slashdot had experienced anything similar or has any advice?"

Re:Bye bye my application

[Improv]

So long as they're not making it proprietary, what's the problem? We can both destroy markets and help the world by opening our source, and that's pretty awesome. If someone happens to make some money (maybe consulting, whatever), so be it.

Re:Bye bye my application

[mOdQuArK!]

Also, most solutions aren't going to be "perfect" for everyone, and if you're a demonstrably good programmer, you can contract your services at fairly healthy price levels to provide all sorts of custom solutions to the people who really like your open source software, but just want "a few tweaks".

Re:Do a little digging yourself, get a lawyer

[QuantumG]

He's already screwed himself by posting to Slashdot. If he is lucky Cittio will just ignore him. If he's not, they'll probably sue him for libel. His only defense then will be to show that he is right, and that will be pretty hard to do after Cittio have cleaned up any discrepancies they might have had in their distribution.. which they are sure to do before calling the lawyers.

Re:You've achieved your desired goal

[Bruce+Perens]

Dunno why you're replying to me instead of the OP

It's slashdot strategy. If late to a discussion, a reply to a high-ranked post will apppear higher than a reply to the article. But yes, it's really a reply to the article.

if he has been contributing code and not signing it over, then he owns the copyright on the work, period.

SFLC appears to have treated him as if he did not have a very significant portion of the program under his own copyright. I know that they have represented other authors who did not own the entire copyright of a program, but did own a significant portion of the work.

I don't think the OP even bothered to contact the SFLC..

That's possible, but the reason for rejecting him sounded like it could be for real.

Re:You don't know they are in violation

[cbhacking]

I'm aware of that. I'm just surprised that they bothered to list a bunch of OSS projects they use, but not link to them. I wouldn't expect a commercial entity to redistribute their modifications to non-customers, but I just found it curious. If nothing else, I'm surprised they don't link to the (descriptions of the) licenses themselves.

On a vaguely related note, if it turns out that this company is purely on the straight and level with regard to the GPL and other OSS licenses, I'd like to mention that I'm very pleased to see this kind of thing. The more exposure OSS gets, the better; some purists might complain about people who don't make their modifications open to literally everybody, but overall I believe commercial interest in (and, hopefully, support of) OSS projects is a good thing.

Re:You don't know they are in violation

[Ranger+Rick]

"So what's all this then?"

Well, that link says they're running OpenNMS 1.0.2, which, given the questions Cittio employees have asked on the OpenNMS mailing lists in the past, seems very unlikely (although technically possible). If they *are* using 1.0.2, they very likely *have* made modifications, 'cause that code has plenty of bugs that have been fixed in later OpenNMS releases. ;)

One thing that Tarus didn't really mention is that we (The OpenNMS Group) have had a few folks come to us wanting quotes to compare us to Cittio, and they've been rather surprised that Cittio is in fact already using OpenNMS under the covers. The problem is not with them using OpenNMS, OpenNMS is all about sticking not only to the letter but also the spirit of the GPL, and they can do whatever they want with it as long as they're complying with the distribution requirements of the license. The problem is whether Cittio *is* upholding their side of the GPL, and it's unclear whether they are -- and there are some signs that they might not be.

As for them not having to offer the source until they distribute the software, yes, that's true, but from what we've heard from existing Cittio customers, that is not being made clear to them. Not only that, but while the wording of the GPL may not make it obvious, the FAQ does:

The difference between this and "incorporating" the GPL-covered software is partly a matter of substance and partly form. The substantive part is this: if the two programs are combined so that they become effectively two parts of one program, then you can't treat them as two separate programs. So the GPL has to cover the whole thing.

If the two programs remain well separated, like the compiler and the kernel, or like an editor and a shell, then you can treat them as two separate programs--but you have to do it properly. The issue is simply one of form: how you describe what you are doing. Why do we care about this? Because we want to make sure the users clearly understand the free status of the GPL-covered software in the collection.

It seems likely that they've incorporated OpenNMS into their software at a lower-level than just screen-scraping it's output and stuffing it into their own UI. At that point, they should be prepared to provide the modified OpenNMS source to their customers. Not only that, but considering how tough companies are on open-source developers accidentally "tainting" open-source code with IP from their closed-source employers, it's more than a tad annoying that many closed-source companies taking advantage of open-source software are happy to use it, but ignore the spirit of sharing that is part of being in the community. "We won't say anything, but if you do ask us for the source, we'll fax it to you." ;)

Again, all this is unproven, and that's part of the reason Tarus posted, the question is -- what's the next step?

Re:You've achieved your desired goal

[Bruce+Perens]

I pointed to your comment only because _after_ more information was made available, it didn't seem so insightful

But it did get the original article author to give us the missing information :-)

The problem with being held very highly by some folks is that if some day they decide they disagree with me, I immediately go to the opposite pole and they consider me to be evil incarnate. Fortunately, most of them grow up eventually. I'd be most happy to be accepted as an often-knowledgable human being with faults. My notoriety is important, though, because it helps me to get people to listen about issues that are important to us.

I can live with Slashdot moderation. What I do have a problem with is that I can't get my damn submissions approved when they're important. Slashdot actually rejected a submission on the California "Open Voting" bill.

Bruce