Slashdot Mirror

← Back to Stories (view on slashdot.org)

Enforcing the GPL On Software Companies?

Posted by kdawson on from the four-words-software-freedom-law-center dept.

Piranhaa"I currently use an IPTV box that runs software by Minerva Networks. When you ssh into the box, you are greeted with a BusyBox v1.00 (ash) shell. It's clearly running a flavor of Linux (uname -apm outputs: Linux minerva_10_0_3_99 2.4.30-tango2-2.7.144.0 #29 Wed Mar 16 16:16:16 CET 2005 mips unknown). However, when you look at their Web site there is no publicly available source code. Since the GPL in both BusyBox and the Linux kernel require that anyone using and distributing the binaries of this software make source available to everyone, what would one do in order to enforce this? I've personally emailed Minerva and left voicemails with no reply."

14 of 480 comments (clear)

  1. Re:To quite true by Max+Threshold · · Score: 5, Informative

    He requested. Read the summary.

  2. Re:Write to the FSF. by kie · · Score: 5, Informative

    http://www.gpl-violations.org/

    might be a good place to start.

    --
    living the dream
  3. Re:They is no such requirement... by AuMatar · · Score: 5, Informative

    No you don't. If you distribute any version of a GPLed piece of software, you must make the source available upon request to the person you distributed it to. Modification is irrelevant. Modification only matters when you modify something for your own use and do not distribute it- then you don't have to provide source because there's no one to provide it to.

    However, this does not mean you need to put it up on a webpage for everyone to download, or provide it on the disk. The GPL requires only a written offer of source code upon request, at a cost of no more than shipping and the media. I have no idea if this particular vendor is complying, but not having a link on their webpage does not mean non-compliance.

    --
    I still have more fans than freaks. WTF is wrong with you people?
  4. Re:They is no such requirement... by giminy · · Score: 5, Interesting

    Sounds like you need to take the GPL quiz. This particular issue is addressed in Question 1 of said quiz.

    Don't worry, you're definitely not alone in any misunderstandings of the GPL...lots of people think they understand all the legal aspects of it completely when they don't. I used to be guilty myself. Now I just don't claim to know everything about the GPL ;-).

    --
    The Right Reverend K. Reid Wightman,
  5. Big Companies and Hotshot Lawyers by Anonymous Coward · · Score: 5, Interesting

    Sometimes companies with hotshot lawyers deliberately put their head in the sand regarding the GPL. They want to use the code but don't want to make their changes public for "intellectual property" reasons, even if it's something as trivial as a few patches to fix some bugs in Linux or some existing drivers. They will "educate" staff as to why they can do what they do with GPL software "legally." The hotshot lawyer has it all figured out, and engineers don't really need to know the details. The excuse is that they "buy their Linux" from a 3rd party so that means that all the conditions of the GPL are not relevant for some lawyerish reason. Oh, and the GPL is "contentious" about what you actually have to do regarding distributing source.

  6. Re:Notify the authors by Anonymous Coward · · Score: 5, Informative

    From busybox.net:
    "The email address gpl@busybox.net is the recommended way to contact the Software Freedom Law Center to report BusyBox license violations."

    Contacting the busybox developers and the SFLC is the first to do. Then post all information you know at the technical mailing list of gpl-violations.org.

    thats at least what i did to get to the Hammer MyShare GPL sources -> http://blog.nas-central.org/2008/06/18/on-the-news-gpl-violation-of-bell-supermico/

  7. Re: GPL makes me angry. by Anonymous Coward · · Score: 5, Insightful

    For a FOSS license GPL seems to be very unfree - imposing restrictions or rules... just a crock of sh!t really. GPL makes me angry. MIT or BSD for the win. GPL for the sux.

    WTF?

    The GPL applies only to GPL code ... in this case the Linux kernel and the Busybox code. It is a license that lets some people, who did not write that code, nevertheless use the code ... often without any fee. The only "restriction or rule" is that the code must not be hidden if you re-distribute it. Since you received the source code yourself, and you did not write it ... you are obliged to give it to other people under those same conditions.

    Why should there not be such a condition? It isn't your code, you didn't write it ... and the source is already public anyway so how on earth does it hurt you to give the source out when you distribute your product?

  8. Re: GPL makes me angry. by Antique+Geekmeister · · Score: 5, Insightful

    Ikarys, you either have a lot of fun trolling this way, or you've not looked into the history of the GPL and the other licenses. Your posting history shows that you enjoy doing these drive-by instigations, but nevertheless, some newer folks on Slashdot may not know enough to realize why some folks say this.

    GPL was formed to protect developers and users against restrictive licenses that prevented them from seeing or modifying their programs. It's a bit paranoid, but with reason. The DRM being inflicted on software, the security by obscurity, the locking in of software by refusing to permit non-vendor software to be installed, the refusal to allow others to modify and publish the software, all have been a real problem with other licenses.

    GPL has effectively prevent hardware/software lockins, by Netgear and Linksys. The new GPLv3 will block patent lockins, such as those espoused by Microsoft, and DRM lockins, used by Tivo. None of the other licenses would have prevented this. We've also seen very specific abuses of the other licenses already, such as the Microsoft abuse of the MIT license on Kerberos to break non-Microsoft published Kerberos clients. And the GPL has already helped several companies that I'm aware of from simply adding on their own modifications, refusing to publish their modifications, deliberately making it inoperable with other's versions, and locking clients in this way.

    The GPL protects the freedom of users, and other developers. The sacrifice of what is not freedom over the software, but power over its modification, comes at the benefit of retaining such power over the rest of GPL freedom, and I find it very handy.

  9. Re:End User Not Owner? by BokLM · · Score: 5, Interesting

    What if the end-user, the guy with the box, doesn't own it? Suppose the IPTV company maintains ownership of the box? Than the end-user wouldn't need to be provided with the code?

    That's what free.fr (a french isp renting box running linux and other GPL software) is doing. But this is sort of a grey area here, the GPL doesn't talk about ownership, it talks about distribution, and this is up to the judge to decide whether it is distribution or not in this case. Here some people are going to sue free.fr because they refuse to distribute the sources they modified, we'll see what happens ...

    --
    wtf.n0x.org
  10. Make sure to notify the FSF and gpl-violations.org by walter_f · · Score: 5, Interesting

    FSF and gpl-violations.org are co-operating closely. gpl-violations and FSF have handled some cases regarding busybox before and have handled them successfully (i.e., out-of-court settlements have been achieved).

    And a settlement resulting in GPL compliance - that's what enforcing the GPL is all about.

    As Eben Moglen, legal counsel to the FSF for many years, put it (in a keynote address in October 2006):

    ---
    When I went to work for Richard Stallman in 1993, he said to me at the first instruction over enforcing the GPL, "I have a rule. You must never let a request for damages interfere with a settlement for compliance."

    I thought about that for a moment and I decided that that instruction meant that I could begin every telephone conversation with a violator of the GPL with magic words: We don't want money. When I spoke those words, life got simpler. The next thing I said was, We don't want publicity.

    The third thing I said was, We want compliance. We won't settle for anything less than compliance, and that's all we want.

    Now I will show you how to make that ice in the wintertime. And so they gave me compliance.
    ---

    http://www.geof.net/blog/2006/12/10/eben-moglen

  11. Re:PHB by Antique+Geekmeister · · Score: 5, Interesting

    It is, isn't it? While Richard Stallman certainly did not write all of it, the document shows his experience and intelligence at dealing with odd interactions. It's what I'd expect from someone so deeply involved in creating gcc and glibc and emacs, and the development of so many other GNU software tools.

    Richard does not put in the odd language or strange requirements for no reason: he's usually quite correct in being paranoid of those strange cases, because as an experienced programmer and now an experienced political activist he's seen compelling reasons to handle them specifically. It's why code by older programmers often is longer and more extensive than the simpler, cleaner, but more trusting software written by less experienced developers. The new developers with exciting new approaches often haven't learned the lessons of our experience, and by the time they've done all the patching to avoid the same pitfalls, their code will be as arcane as ours.

  12. License enforcement by jogu · · Score: 5, Informative

    As the parent says, only the copyright holder can actually take any legal action.

    For busybox, you can see on http://busybox.net/license.html that:

    "BusyBox's copyrights are enforced by the Software Freedom Law Center (you can contact them at gpl@busybox.net)"

    This an effective process, but a slow one (expect it to take 6 months+ for any response on past experience).

    For the linux kernel, lkml is perhaps an appropriate place.

    FSF can't help, since they don't own any of the software.

    You perhaps want to consider how you're wording your requests. If a polite (or impolite) request for source code has been refused, you might want to try a different track, pointing out that the hardware contains software that they have no valid license to distribute and is hence illegal, and would they like to discuss this further before you contact the copyright owner.

    Under copyright law, there is absolutely no requirement for them to provide the source code. One possible legal conclusion is that they pay court decided damages to the copyright owners for illegal distribution to date, and cease further distribution. If they wish to continue distribution, it's likely that they're only available option is to open the source code, especially since their are often multiple copyright holders, especially in the linux kernel.

    (Disclaimer, I'm not a lawyer, and some points will vary between jurisdictions.)

  13. Re:End User Not Owner? by bipbop · · Score: 5, Interesting

    Working at a company with multiple physically distant colos, our legal dept informed us that we could not alter GPL code and push it to the servers without distributing the source publicly, because copying it over to the physically distant servers could be (and was presumed to be) "distribution". So, even "owning" every box it ran on, and giving binaries to no one else, legal felt distribution was taking place--or at least, felt it was a serious enough interpretation that they wouldn't want us to get sued after assuming it was false.

  14. Re:Not available to everyone by Anonymous Coward · · Score: 5, Interesting

    Yeah, that is correct. I am work for a company which I won't name(Not the company that the OP is talking about) that uses exactly this provision in the GPL to keep Source Code off of the main Website. I know that sounds bad, but the real reason is that we don't actually have 100% of the source code our self.

    One of the original developers that worked on this product got lazy and originally most of the smaller parts of the system were actually pulled into the project in binary form from several different Linux distributions. The problem is we too this day don't know for sure where he got all of this stuff. We have been weeding it out of the image as time goes on but I know that even today there are a few things that are just being pulled into new images in binary form. I know that currently most of the stuff still in binary form is stuff that could be replaced with BusyBox but we don't like the busybox version for one reason or another.

    But one really interesting thing I have learned is since we actually see all of the code requests come in is that so far nobody has really wanted to the code for a practical reason. All of the requests have been done for "GPL Activism". In the majority of cases when people ask for code they just wanted to see if we would let them have it. I only one case that I know of did anyone go so far as actually getting code. I am rather sure we just shipped him a burned CD with all of the code on it. But after he got it he told us that he didn't really want the code, he just wanted to see if we would give it to him just like all of the other requests.

    In most cases these forms of source code dumps don't really give you much of anything useful. What you end-up with is a source code package on company server that may or may not have anything really useful the to rest of the open source community included in it. Someone could diff the public version and these private forks, generate patches and see if anything would be useful to merge into the mainline. But that is a lot of work for something that you don't even know is worthwhile from the get go. I will tell you that the majority of the software included in our firmware isn't modified.

    I feel instead that when the company in question makes changes it's FAR more important that they submit patches to the mainline developers for possible inclusion. This is what we are actually doing, we have been working very closely with normal maintainers to add some major new networking features to Linux. And I know patches are going into the mainline version. I guess in the end what would most people rather have... Some files on a webserver that might have something really useful buried inside them or companies working with developers to get new features added to the mainline source code. I feel that this pressure to have source code posted on websites would be better spent trying to actually get a real dialog between these companies and the open source developers. Working with a developer is always going to be harder than just slapping up some source code on a webserver. Which is why I feel that it's just an easy out in many cases but doesn't really help the community.

    p.s. Our biggest sort-of competitor also uses open source software... They allow everyone to download the software in binary form. But if you want source code... you have to Wire Transfer ~$50 to former a USSR country... which in and of itself is a violation of the GPL. And given some of the features that they have added is to software packages that they don't even list as being included really makes me wonder what you get for $50...