Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dealing With a GPL Violation?

Posted by kdawson on from the enforcing-it dept.

Sortova writes "For many years now I've been maintaining OpenNMS, a free and open source network management framework published under the GPL. A couple of years ago it came to our attention that a company called Cittio was using OpenNMS as part of their proprietary and commercial network management application. I talked with Jamie Lerner, the Cittio founder, and he assured me that Cittio was abiding by the GPL. However, we were recently contacted by a potential client who was also considering Cittio's Watchtower, and it appears that they are not disclosing that they are using GPL'd code or at least not in the clear and concise fashion required by the GPL, including the offer of source code for all of the code they are including and any changes being made to that code. Since the copyright for OpenNMS is held by a number of commercial companies, the Software Freedom Law Center is not able to help us defend or even investigate a potential violation. I was curious if anyone here on Slashdot had experienced anything similar or has any advice?"

19 of 204 comments (clear)

  1. You don't know they are in violation by QuantumG · · Score: 5, Informative
    For a start you claim:

    When I brought up the fact that parts of Watchtower are based on OpenNMS, the client replied "I could not find one ounce of mention on their website to OpenNMS or any other Open Source code that is running on this product. That really irritates me." So what's all this then?

    You also make the claim:

    I should also mention that this client is in final negotiations with Cittio (they dropped their initial price considerably) so we're not talking a first contact cold call here - they are ready to close this deal without a single detail concerning their use of open source. Yes, and? They are not required to make any such disclosures. The GPL requires them to provide the source code or an offer to provide the source code when they distribute the software. As they haven't distributed any software yet, they are not required to provide any source code or offers to provide the source code.

    FAIL.

    --
    How we know is more important than what we know.
    1. Re:You don't know they are in violation by LingNoi · · Score: 3, Insightful

      Not only that, they only have to provide the source code to the person they're redistributing to under the same license if they changed anything, that doesn't include you, because you're not their customer.

      If there's something they've changed in your project then purchase a copy and put the changed code in your version, since any modified GPL code must be re-distributed as GPL code.

    2. Re:You don't know they are in violation by LingNoi · · Score: 5, Insightful

      You're not their customer so they don't have to give you anything.

      Only Cittio's customers (the ones receiving the product) could ask for the source code, because they're redistributing to them, not you. Cittio's customers could then re-distribute that GPL code however they wished.

    3. Re:You don't know they are in violation by mysidia · · Score: 5, Informative

      This is not entirely true.

      For commercial distribution, the source has to either be included with every copy of the binary, OR the GPL requires a written offer which to any third party, including third parties who are not their customers.

      If they chose option (b) for distribution of their source code, then they do have to give something to non-customers, in order to avoid violating the GPL.

      That way their customers can re-distribute the binaries and pass along the offer to others.

      See the GNU General Public license version 2 section 3.b: b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

  2. Asked before -- the answer is the same by whoever57 · · Score: 5, Insightful

    If you want legal advice, get a lawyer.

    --
    The real "Libtards" are the Libertarians!
  3. Check out the SFLC guidelines. by Estanislao+Mart�nez · · Score: 5, Informative

    The SFLC's Legal Issues Primer for Open Source and Free Software Projects covers this. You probably want to give it a read.

    Still, if it's really important, ask a lawyer, don't ask Slashdot.

    --

    Are you adequate?

    1. Re:Check out the SFLC guidelines. by 42forty-two42 · · Score: 4, Informative

      They wouldn't dare admit it, for fear of being held liable for it as legal advice.

  4. Bye bye my application by icepick72 · · Score: 4, Insightful

    I understand the joy of coding and excitement of creating your own applications for free, but I can never understand how programmers stand to watch their creations being usurped for commercial purposes. Whether it's abiding by the GPL or not, somebody else is making money from your creation. You would think the original programmer would have the wherewithal to market their own creation instead of leaving it for someone else. Even if you don't take the money for yourself, donate it back to the FSF or to another worthwhile cause. Maybe it's a case of lack of resources to start your product running. Maybe we need a group that can fill this niche for open source products. Maybe they already exist. If so I'd like to see discussion about it.

    1. Re:Bye bye my application by QuantumG · · Score: 3, Insightful

      Cause selling a solution is just as much, if not more, work than creating one?

      And it is something that is done by sales people, not programmers?

      --
      How we know is more important than what we know.
    2. Re:Bye bye my application by GrahamCox · · Score: 5, Insightful

      You would think the original programmer would have the wherewithal to market their own creation instead of leaving it for someone else

      Why would you think that? People are usually good at some things, not at others. I think it's very likely that a person good at programming and software design wouldn't necessarily be good at (or even interested in) running a business, accounting, marketing, all the legal stuff, etc. It's also very hard to find people to come in with you who are, based only on your software/coding expertise. I speak from experience.

    3. Re:Bye bye my application by wolf87 · · Score: 5, Insightful

      I recently developed a small package of statistical tools & made it available under lesser GPL. I made the decision to open-source it for several reasons. First, I wanted to make it easily available to other researchers wrestling with the same problem I was. Second, I wanted to see if anyone could take what I had done and extend it into a better set of tools. Third, having it freely available, code and all, helps to get my name out there and build my reputation. There are plenty of reasons to put out applications without making money from it.

  5. Do a little digging yourself, get a lawyer by cbhacking · · Score: 4, Informative

    First issue: are you SURE they're in violation? This could be as simple as calling their support line and asking how you can get the source code (this assumes you've confirmed that GPLed code is included). If you can't get to the support people without being a customer, search their website for any indications and/or try and get a demo.

    Once you're reasonably sure they're in violation, consult a lawyer who knows IP law, preferably one familiar with the GPL in particular. Even on Slashdot, I'm not going to try giving you advice beyond that. It's not cheap, but there's a decent chance of getting legal expenses awarded in court.

    --
    There's no place I could be, since I've found Serenity...
    1. Re:Do a little digging yourself, get a lawyer by cbhacking · · Score: 3, Informative

      Oh, and document EVERYTHING. Every email, every phone call (you may need to tell the other party if you record the call, I don't know the law in your area), every letter, every step of your research. I'm guessing a single subpoena would get all the evidence you need, but no point taking risks when money is at stake (as it will be if this goes to court).

      --
      There's no place I could be, since I've found Serenity...
    2. Re:Do a little digging yourself, get a lawyer by QuantumG · · Score: 5, Interesting

      He's already screwed himself by posting to Slashdot. If he is lucky Cittio will just ignore him. If he's not, they'll probably sue him for libel. His only defense then will be to show that he is right, and that will be pretty hard to do after Cittio have cleaned up any discrepancies they might have had in their distribution.. which they are sure to do before calling the lawyers.

      --
      How we know is more important than what we know.
  6. This is well documented already!!! by jamesh · · Score: 4, Informative

    The instructions for what to do if you think you have found a gpl violation are here. There is no mention of posting to slashdot on that page. There is a mention of checking your facts first... some companies get a bit cross (eg they'll take you to court) if you write anything bad about their product which isn't completely true. (i'm not saying it isn't, i'm just saying you don't appear to have done your homework yet).

  7. You've achieved your desired goal by Bruce+Perens · · Score: 5, Informative
    You got your concern on the front page of Slashdot. That means that the company will make sure they're doing everything right, because all of their customers are going to ask them about it now.

    That said, it's not at all clear that you had anything to complain about. If SFLC won't help you for the reason you gave, that means you don't have any standing in the matter. You can't sue anyone about it. So, there's not much use in complaining.

    IMO, you should make real sure that you at least own the copyright of your own work before you contribute any more.

    Bruce

    --
    Bruce Perens.
    1. Re:You've achieved your desired goal by Sortova · · Score: 3, Informative

      The history of OpenNMS is pretty long and convoluted. It was started by a company called Oculan, and I was an employee of theirs when they decided to stop publishing their code under the GPL. I wanted to keep the project alive, and thus I took over maintaining the code in 2002. So all of the original "1.0" code is copyright Oculan (and that IP is now owned by Raritan) while almost all of the other changes are copyright "The OpenNMS Group". Both companies are commercial entities, although OpenNMS is never licensed outside of the GPL. According to Daniel B. Ravicher at the SFLC (who I contacted in 2005): "SFLC unfortunately cannot generally represent for profit entities". The fact that the SFLC won't defend us doesn't mean that we "don't have any standing in the matter". We do own the copyright to our work, but it is a derivative work based on the GPL and it is very unclear how such things can be defended since it is based on the work of other (duly noted in every copyright notice in the OpenNMS code).

    2. Re:You've achieved your desired goal by Rary · · Score: 3, Funny

      Ya know, for folks like you Bruce there should just be an automatic moderation of +10 "well known and trusted to be insightful and informative" to any post you make...

      They should just give him his own personal karma rating.

      "Karma: I'm Bruce fucking Perens".

      --

      "You cannot simultaneously prevent and prepare for war." -- Albert Einstein

  8. As has been said: They don't have to give the code by Anonymous+Freak · · Score: 5, Informative

    ...out on the web. Nothing in the GPL says that a licensee has to freely offer the code to absolutely anyone free of charge, to anyone that asks, in the manner the asker chooses. It says that they have to offer the code, in a manner of their choosing to anyone that asks.

    In a commercial hardware product, that means that the company can insist on only distributing the code by sending it to you as a bunch of floppy disks, for all the GPL cares.

    Now, once someone has the code, that person can then re-distribute the GPLed code however they feel.

    One example: My Toshiba HD DVD Player (don't laugh, it was a present,) contains GPL code. Toshiba doesn't make this fact obvious. It's buried in the manual for the product. Toshiba doesn't make the code available on their website, because they're not required to. To quote the GPL 2.0 that my Toshiba uses:

    b) Accompany it with a written offer, valid for at least three
            years, to give any third party, for a charge no more than your
            cost of physically performing source distribution, a complete
            machine-readable copy of the corresponding source code, to be
            distributed under the terms of Sections 1 and 2 above on a medium
            customarily used for software interchange...


    The internet isn't the only medium customarily used for software interchange. And they are allowed to charge a reasonable fee for duplication and distribution. (See GPL section 1.) If they really felt ornery, they would be perfectly within their rights to charge you for the physical cost of a bunch of floppies, and the time (at minimum wage, or even higher,) some flunky had to spend copying onto those floppies.

    --
    Another non-functioning site was "uncertainty.microsoft.com."
    The purpose of that site was not known.