Slashdot Mirror
Enforcing the GPL On Software Companies?
Piranhaa"I currently use an IPTV box that runs software by Minerva Networks. When you ssh into the box, you are greeted with a BusyBox v1.00 (ash) shell. It's clearly running a flavor of Linux (uname -apm outputs: Linux minerva_10_0_3_99 2.4.30-tango2-2.7.144.0 #29 Wed Mar 16 16:16:16 CET 2005 mips unknown). However, when you look at their Web site there is no publicly available source code. Since the GPL in both BusyBox and the Linux kernel require that anyone using and distributing the binaries of this software make source available to everyone, what would one do in order to enforce this? I've personally emailed Minerva and left voicemails with no reply."
The GPL itself says you should write to the FSF when someone is violating the GPL.
Here be signatures
IANAL but as I understand it the GPL requires that source is made available to customers, not everyone. Of course in this case they don't appear to be making it available to customers either.
most STBs that i am familiar with are largely stock linux builds, running a proprietry IPTV application on top. The GPL does not requre a standalone application that sits on the linux box be distributed as source code
that's a lie. You can't point at someone else's FTP site, there's also requirements for being able to reproduce binaries (this can include system images). They don't have to provide the sources for free, but they can't charge a profit for it.
Giving someone the binaries means you need to make the sources availiable to them, including build tools a lot of the time.
They are distributing the software and have to provide an offer of the source. I am sure this came up with distributions who were basing their distro off Ubuntu and assumed their customers could get the source from there.
When you think about it, it makes sense. Even if they base their software off a distribution from a known source that source might not be around when it is needed.
http://michaelsmith.id.au
The requirement is: if you distribute the binaries, you need to provide the source too. If they are using an unmodified vanilla kernel, they still need to respond at least with "grab the code from kernel.org".
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
Maybe the guys at http://gpl-violations.org/ can help.
He requested. Read the summary.
You could notify the authors (and copyright holders) of BusyBox.
Unlike Linus, they are pretty strict on companies infringing on the GPL, and have sued (and won) several times.
Take a look at gpl-violations.org or google "busybox gpl violation" for more information.
"Oh, a lesson in not changing history from Mr I'm-my-own-Grandpa." - Dr Hubert Farnsworth
No you don't. If you distribute any version of a GPLed piece of software, you must make the source available upon request to the person you distributed it to. Modification is irrelevant. Modification only matters when you modify something for your own use and do not distribute it- then you don't have to provide source because there's no one to provide it to.
However, this does not mean you need to put it up on a webpage for everyone to download, or provide it on the disk. The GPL requires only a written offer of source code upon request, at a cost of no more than shipping and the media. I have no idea if this particular vendor is complying, but not having a link on their webpage does not mean non-compliance.
I still have more fans than freaks. WTF is wrong with you people?
I don't recall there being a part of the GPL that says you have to put your source on a web server. If they send it to you upon contacting them that would suffice, right?
Sounds like you need to take the GPL quiz. This particular issue is addressed in Question 1 of said quiz.
Don't worry, you're definitely not alone in any misunderstandings of the GPL...lots of people think they understand all the legal aspects of it completely when they don't. I used to be guilty myself. Now I just don't claim to know everything about the GPL ;-).
The Right Reverend K. Reid Wightman,
It's an asinine thing to say but, if they just dropped their source for the shipping product in the /src dir like most linux distros do for whatever version kernel they're using, shouldn't it then put it in line with the GPL?
Non impediti ratione cogitationus.
Sometimes companies with hotshot lawyers deliberately put their head in the sand regarding the GPL. They want to use the code but don't want to make their changes public for "intellectual property" reasons, even if it's something as trivial as a few patches to fix some bugs in Linux or some existing drivers. They will "educate" staff as to why they can do what they do with GPL software "legally." The hotshot lawyer has it all figured out, and engineers don't really need to know the details. The excuse is that they "buy their Linux" from a 3rd party so that means that all the conditions of the GPL are not relevant for some lawyerish reason. Oh, and the GPL is "contentious" about what you actually have to do regarding distributing source.
If you distribute someone's code which is under GPL, then you have to make available the source code.
You don't have to make available your own source code unless your code is a derivative of GPL code.
In this instance, they should be supplying the source code to the kernel and any other GPL applications they have bundled. That's the whole point to OpenSource and the GPL.
If they have altered the Kernel or BusyBox, which are both GPL'd, they have to release those alterations when they distribute. They don't have to release their application unless it was built using a GPL library, and that sort of kicks in at about readline, most of the basic libraries are LGPL.
LGPL you can link to and include without, having to release the source code of your library. Though if you alter a LGPL file though, you have to release your alteration, when you distribute. You still have to distribute (or make available) the source code to the LGPL when you distribute the binary.
So, yes where is the source code is what a lot of customers may be wondering, and any developers who have copyright over the code, may also be wondering why their code is being used outside of the license they gave for the use of it.
A developer who owns the copyright to GPL code, can distribute the code under another license if they so choose, they don't GPL it to themselves, They are the copyright holder, they can use it anyway they see fit inside of the law.
Often you will see copyright taken by the project lead on a GPL project because of this, but it doesn't always happen. At which point you sort of run the gauntlet of tainted copyright code, unless you keep clear distinction. So, if you distribute your code under a different license, but part of the application is GPL'd and someone else's that could be problematic. Linus would find it hard to sell Linux under a License other than the GPL, because not all the code is his.
So, there are two groups that are put out here, the consumer and the developers of the GPL code. The rest of us can just munch popcorn, and watch from the sidelines, we don't have a stake in it.
The FSF will of course normally help, but the companies license is with the author of the software. The FSF can't do any enforcement and can't really help if they don't own the copyright to the code. Do clear work to prove the case and then contact the authors of the software with all he information you have. One important thing to do is to ensure you request the source code in writing in a registered letter and keep a copy of it.
If you want news from today, you have to come back tomorrow.
I'd be a Pointy Haired Boss and comply with any request for GPL'd code by sending the requester the code...printed on paper. ;)
WTF?
The GPL applies only to GPL code ... in this case the Linux kernel and the Busybox code. It is a license that lets some people, who did not write that code, nevertheless use the code ... often without any fee. The only "restriction or rule" is that the code must not be hidden if you re-distribute it. Since you received the source code yourself, and you did not write it ... you are obliged to give it to other people under those same conditions.
Why should there not be such a condition? It isn't your code, you didn't write it ... and the source is already public anyway so how on earth does it hurt you to give the source out when you distribute your product?
Ikarys, you either have a lot of fun trolling this way, or you've not looked into the history of the GPL and the other licenses. Your posting history shows that you enjoy doing these drive-by instigations, but nevertheless, some newer folks on Slashdot may not know enough to realize why some folks say this.
GPL was formed to protect developers and users against restrictive licenses that prevented them from seeing or modifying their programs. It's a bit paranoid, but with reason. The DRM being inflicted on software, the security by obscurity, the locking in of software by refusing to permit non-vendor software to be installed, the refusal to allow others to modify and publish the software, all have been a real problem with other licenses.
GPL has effectively prevent hardware/software lockins, by Netgear and Linksys. The new GPLv3 will block patent lockins, such as those espoused by Microsoft, and DRM lockins, used by Tivo. None of the other licenses would have prevented this. We've also seen very specific abuses of the other licenses already, such as the Microsoft abuse of the MIT license on Kerberos to break non-Microsoft published Kerberos clients. And the GPL has already helped several companies that I'm aware of from simply adding on their own modifications, refusing to publish their modifications, deliberately making it inoperable with other's versions, and locking clients in this way.
The GPL protects the freedom of users, and other developers. The sacrifice of what is not freedom over the software, but power over its modification, comes at the benefit of retaining such power over the rest of GPL freedom, and I find it very handy.
FSF and gpl-violations.org are co-operating closely. gpl-violations and FSF have handled some cases regarding busybox before and have handled them successfully (i.e., out-of-court settlements have been achieved).
And a settlement resulting in GPL compliance - that's what enforcing the GPL is all about.
As Eben Moglen, legal counsel to the FSF for many years, put it (in a keynote address in October 2006):
---
When I went to work for Richard Stallman in 1993, he said to me at the first instruction over enforcing the GPL, "I have a rule. You must never let a request for damages interfere with a settlement for compliance."
I thought about that for a moment and I decided that that instruction meant that I could begin every telephone conversation with a violator of the GPL with magic words: We don't want money. When I spoke those words, life got simpler. The next thing I said was, We don't want publicity.
The third thing I said was, We want compliance. We won't settle for anything less than compliance, and that's all we want.
Now I will show you how to make that ice in the wintertime. And so they gave me compliance.
---
http://www.geof.net/blog/2006/12/10/eben-moglen
Last year BusyBox successfully enforced their copyrights in at least two instances. While the terms of the settlements have not been disclosed, I'm sure the SFLC will be happy to get involved again.
As the parent says, only the copyright holder can actually take any legal action.
For busybox, you can see on http://busybox.net/license.html that:
"BusyBox's copyrights are enforced by the Software Freedom Law Center (you can contact them at gpl@busybox.net)"
This an effective process, but a slow one (expect it to take 6 months+ for any response on past experience).
For the linux kernel, lkml is perhaps an appropriate place.
FSF can't help, since they don't own any of the software.
You perhaps want to consider how you're wording your requests. If a polite (or impolite) request for source code has been refused, you might want to try a different track, pointing out that the hardware contains software that they have no valid license to distribute and is hence illegal, and would they like to discuss this further before you contact the copyright owner.
Under copyright law, there is absolutely no requirement for them to provide the source code. One possible legal conclusion is that they pay court decided damages to the copyright owners for illegal distribution to date, and cease further distribution. If they wish to continue distribution, it's likely that they're only available option is to open the source code, especially since their are often multiple copyright holders, especially in the linux kernel.
(Disclaimer, I'm not a lawyer, and some points will vary between jurisdictions.)
Different product, but I've seen and heard indications that my Docomo P903iTV by panasonic is running on top of Linux. I can't find any mention of Linux in the manuals, let alone an offer of source for the kernel, etc., or any indication of a way to access a shell, etc.
There is a java API, called, I think, iAppli. I haven't found much on getting dev stuff for it in the manuals, but it can be found on the web. I think. I haven't actually tried it yet, and it doesn't look like they make it easy to figure out where to start.
While I'm complaining, the USB adaptor is "not guaranteed to work with Macs or Linux". The sales guy I talked to seemed almost proud to say that and seemed quite anxious to discourage me from buying the adaptor to see if I can even mount the internal flash or the microSD card. I let him discourage me because money is really tight.
If anyone knows anything about this phone, I'd appreciate some pointers.
Lousy Japanese market. The government promotes Linux. Industry likes Linux in industry as long as it's nowhere near the consumer market. Marketing is strictly under the thumb of Microsoft/iNTEL. Can't get a Linux eeePC (not that I'm that anxious to buy an iNTEL processor) in Japan because "this is Japan, of course!" (Implicitly, otaku are expected to be happy to pay the Microsoft tax.)
Irrelevant. If they distribute binaries without providing access to source they violate the GPL. The 'We only do hardware' argument is utterly bogus.
If they shipped copies of Windows on there in violation of the license do you think that Microsoft would accept such an argument? Same thing.
more...
extern warranty;
main()
{
(void)warranty;
}
How can we decry copyrights as evil, when we keep trying to enforce the GPL? What if a company wants to use that piece of code, and not release the source for it? Information wants to be free, you know.
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
a) Provide the source with the binaries or a download next to the binaries - only needs to be available for those you give binaries to and as long as the binary download is up.
b) Provide a written offer for source - must be available for 3 years and for anyone, since the offer may be passed on under c)
c) Non-commercially and occasionally - to pass on an offer as given in b)
So you can give it just to those with binaries, but then you must give it or make it available for download immidiately. If you go for the written offer, anyone can ask for the source.
Live today, because you never know what tomorrow brings
I think it's real easy:
If you're an end user of GPL code, you're always free to modify and improve it.
If you're an end user of BSD code, you can't do anything with it. Oh sure I can maybe somehow, somewhere find the BSD source code that the proprietary tool is using somewhere, but I still couldn't incorporate any changes in any way. With BSD you only have freedom if you use pure BSD software with source. If you restrict yourself to pure BSD software, the BSD license works like a really crappy version of the GPL. The BSD license benefits those who produce software, for each non-free software copy the company sells the company and its employees benefit and the end-users and society loses. Thanks, but it gives me no comfort to know this leash was made with Open Source(tm).
Live today, because you never know what tomorrow brings
I would hope not, I don't want to give source code to my friends when they use my computer to check their myspace.
-The world would be a better place if everyone had a hoverboard
you're like the guy on the Garden State Parkway who drives 65 in the left lane to keep everyone else from speeding. at most you should drop a note to the copyright holders, and then stay the hell out of it.
Minerva is attracting your attention because they like to advertise themselves. The box is made from some reference design (the ones I'm familiar with are based on a Sigma chip) that a hardware vendor makes light modifications to (there are several candidate companies for your box). The Minerva software is put on top of that, and it's possible - but unlikely - that other software from your ISP or a system integrator acting for them - has been included. Sigma has opened much of its code, and the uclinux site hosts a Sigma variant (the Sigma chip is a SoC processor / video decoder). You will need an arm cross-compiler. You can then see for yourself how much of the rest of the code on your box has changed. Certainly busybox won't have. The GPL violation, in this case, is mostly that not everyone in the distribution chain is hosting the modified software. http://www.uclinux.org/pub/uClinux/ports/arm/EM8500/
The Busybox devs are a hyper-active active enforcer of the GPL, and it's amazing that anyone still tries to get around it with that project. These guys sue everybody who misues their work, and has been very successful in that effort.
Sorry, but exactly when did Title 17 begin including or referencing the GPL?!?!? Copyright law does not say anything about providing source code. It merely says that you must have a license. It does not dictate what the license says, nor does it say you must follow the terms of the license.
Quite simply, if you are not following the terms of a license when distributing a copyrigthed work, you are in violation of copyright statutes and can be held civilly and criminally liable.
If you buy a dvd or cd, you are granted a license to perform the work non-publically, and not make and sell copies. If you violate the license by publicly performing the work or copying it and putting it on a P2P network, you've violated both copyright law and the terms of the license. Criminal penalties apply to the violation of the letter of the law (no distribution or performance without license) and civil responsibility results from the breach of license terms.
More to the point, if you buy a volume licensed Windows CD, you can make as many copies as you need to within your business to support installation activities. You will still get busted by the FBI for uploading the CD ISO to a P2P network. Just because you are licensed for SOME redistribution or copying rights does not mean you have ALL rights and no criminal responsibility if you violate the license.
Your premise has absolutely nothing in modern copyright law to stand on, its silly and stupid.
I have a business proposition for you. Why dont you go into the business of selling "music appliances"?
See, now you dont actually need to license the distribution rights from the RIAA!
Good luck with that.
The rest of your post is just nonsense tripe.
You are a troll or an idiot or both.
And if they aren't making any modifications to said source code, they may be able to get away with referring you to somewhere else that the code is available...
Oh, and you're only required to give source code to people to whom you give binaries; not anyone else.
- "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'