Slashdot Mirror
Legal Group Releases Guide To GPL Compliance
An anonymous reader brings news that the Software Freedom Law Center has published a guide for compliance with the GNU General Public License. The purpose of the guide is to prevent "common mistakes" the SFLC has encountered during its various GPL violation investigations. Their suggestions include close scrutiny of software acquisitions, more precise tracking of changes and updates, and avoiding "build gurus." They also provide tips for dealing with a violation. The full guide is available at the SFLC's website.
Any kind of legalese could do with such a guide.
Ignore this signature. By order.
but yes this does rather highlight all the obligations of the GPL, which is a good thing because a lot of companies don't realise what it actually entails.
When making a software product from open source software, one of the tasks is to find out about all the licenses and to be quite honest it is to avoid a lot of software that is GPL, which thankfully most isn't as far as the building blocks go.
GPL software is nice when you want to include a tool that the end user can use but is not central to your software. And, if you have to make alteration then ensuring that alteration is distributed alongside the source for that GPL software is good practice.
1. Way too long to be useful (preaching to the converted---only those in love with the GPL will get to the end, and it will only confirm things they already know)
2. Massively overwritten---about as concise as the Bible.
3. Very partisan; not clear instructions, as one would expect, but more a hidden manifesto on how they think you should run your development team.
4. Bad English in parts (learn how to use an apostrophe).
What is a build guru? Tried looking it up in various places but no luck...
GPL compliance need not be an onerous process.
They say at the end of a 15 page document.
Share and share alike.
Give me Classic Slashdot or give me death!
By the standards of legal advice, that paper is both terse and clear. Perhaps in the wide world of training webcasts, 30 second commercials, and authoritative voiceovers, 15 pages qualifies as a ponderous tome; but you have to keep that sort of thing in perspective.
The broad concept of the GPL isn't hard; but a quick guide to a few of the unintuitive points is a useful thing. The details of the source distribution requirements are a matter of considerable confusion in some quarters, as are the terms under which one can regain the licence after violation.
Those minutiae aside, though, I am very surprised by how much apparent confusion the GPL and other copyleft type licences inspire. There seem to be two main camps of misinterpretation. The copyleft=no copyright group seems to believe that anybody who doesn't do copyright the exact same way they do doesn't do copyright at all. Hence this group's lack of respect for the terms of the GPL and similar. The other extreme has a fear amounting to mania of the GPL, believing that the GPL is unknowably complicated, and will inevitably lead to having all the code you've ever written forcibly expropriated by armed communist penguins.
I don't understand the confusion because the GPL is a perfectly ordinary licence, from the legal perspective. Its purpose, socially, is quite interesting, and rather unusual; but the form "Copyright law says that you can't copy this without our permission, which we grant if you do foo and bar." is absolutely standard. People seem to go in expecting the legal side to be horribly mysterious, just because the social purpose is unusual. It is rather weird, really.
Dude - send a copy to the Utah State Attorney General's Office.
No, they did nothing wrong, but in 1999 when I was trying to explain that I wanted to put the GPL to use in my former classroom (all non public-domain copyrights are jointly held by a teacher and the State of Utah), most of the Dept'y Att'y General's responses consisted of "...I don't understand". I even pointed him to the GNU website), but he called back later and was still lost. Nice guy, sounded like a good lawyer, but he just couldn't wrap his brain around the concept.
Now that was nine years ago (!? Cripes I'm old),, and things may have changed, but pushing a copy of this new guide to all 50 US State Att'y General offices would, IMHO, not be a bad idea at all.
Quo usque tandem abutere, Nimbus, patientia nostra?
The GPL requires you to include the scripts used to control compilation and installation of the executable. It does not require you to provide the knowledge needed to use those scripts, if it's all in someone's head. So having "build gurus" doesn't necessarily put you out of compliance, though it might make it hard to demonstrate you are in compliance.
So... Is violating intellectual property laws a bad thing? Or is it only bad, if the property is that of an open-source programmer, but Ok, if it was created by a musician or an actor?
In Soviet Washington the swamp drains you.
Imagine I was a musician, and I wrote some software that helped me create music. If that software I wrote relied on a GPL operating system and some GPL software (but only by calling existing functions and using existing utilities, without modifying any of its source code), and then released my music to the world from time to time, would I be under any obligation to release the source code to the software I wrote?
GPL arguably has more complex goals than BSD, so it really isn't realistic to expect the GPL to be simpler than, or even as simple as, the BSD licence. Making sure that your licence is as short as possible, without compromising your goals, is always good; but compromising your goals just to make your licence simpler is perverse at best.
Complexity isn't the issue with the GPL: it's the legalese. And because of the legalese, I am not confident to use it or any software using that license for commercial use without legal advice; which increases the cost of using GPL software on a commercial level. This extra cost is factored in when evaluating and comparing against software under other licenses.
Large corporations (which probably do way more business than you or whomever you're speaking for) don't have that problem. Reasonable business operators recognize that you should not be "confident to use" any software without complete understanding of the terms of the relevant licenses. This goes for any software license. In this way the new BSD license is deceptively simple and framing this issue as though it only affected the GPL is unfair.
Digital Citizen
> [as a user] would I be under any obligation to release the source code to the software I wrote?
No, as a user of GPL software, as opposed to a (re)developer or distributor, you do not engage any of the relevant conditions of the GPL with respect to provision of the source code.
As the ex-FSF's Eben Moglen has said on many occasions (paraphrased but close), "The GPL is not a usage license, but a distribution license". That's a very clearcut distinction, and Eben has written the book in this area.
There is a small corner case to watch out for, however, and that's static linking with GPL libraries --- a few people call this "derivation" despite the fact that you're only an end user and are only aggregating the GPL library functions statically with your code, so the issue is slightly grey. However, most linkage with GPL libraries is dynamic, and even Richard Stallman has conceded that legally, dynamic linking cannot ever be derivation but only mere usage. No doubt Eben put him straight on that. "Aggregation is not derivation" appears in the FSF's own explanatory materials.
On the whole then, the answer is "No, you're safe", unless you go out of your way to use static linking, which would open you up to the possibility of occasional arguments within the community, although probably not legal ones.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
Where would I find Richard Stallman saying this? Where would I find Eben Moglen talking about this? In other words, what's your source?
Digital Citizen
What if someone takes your code and patents a part of it? BSD then says you cannot claim the patent or protect yourself from it.
And patent law says you can't use your BSD code.
It therefore doesn't matter if you feel confident in obeying the BSD. Your feelings will not make a hill of beans difference. And you will be disallowed.
They imply that people should be more careful because compliance is pursued in the courts these days more often. They don't say that they are the ones pursuing it.
Look, as an author of software released under the GPL, I appreciate that efforts in the community as a whole are being made to bring people into compliance. What I don't appreciate is uncertainty and FUD. This document is 15 pages that will lead to people not using GPL code or finding it necessary to find "experts" and/or to "indemnify" themselves as the document suggests. So much for Anyone can stand on the shoulders of Giants.
What ever happened to "give the code back if someone asks"? How did we get to this point of implying that it's so hard, you better not unless you have indemnity? I have to give you physical media if I'm distributing GPL2 software, Internet distribution isn't enough???? All of my build scripts better be perfect or else! My "whole firmware image"? What is going on here?
- If we have to give physical media, then that's a minimum requirement someone must have. Little guys need not apply
- Build scripts perfect means forget it if your just learning. Come back when you have mastered the art to the degree we arbitrarily say is enough.
- Firmware Image is a specific term, and incorrectly used here. A Firmware Image is an aggregation, I don't need to give you scripts and code for all of it. And if you say I do, your just wrong and you'll scare the crap out of 80% of Taiwan.
Then I look at the enforcement actions of the group writing the document and I wonder if the way this is being done is -actually- in the best interest of the community. I have great respect for the people involved, Eben Moglen is an Icon in Free Software, but his goals cannot be achieved if the requirements are seen by people we intend to include as simply an arbitrary stick the unlucky get hit with. And that's what it looks like now. Really.
I have to wonder if people who complain about the GPL (or, for that matter, most software licenses I've dealt with) being confusing have ever actually read it. I read and understood the GPL when I was in 9th grade. Sure it took me a few reads, but any legal document, or for that matter most any book is like that.
Can you give a specific example of language you find confusing in the GPL?
I think, perhaps, people simply are daunted by the idea of "so much" language that all has meaning to be understood, not the actual quality of that language.
the other people doing what you meant them to do rather than what they WANT you to mean.
If the GPL 2 had been followed in spirit, why would MS have had to give Novell patent rights to put in the GPL rather than put them in there themselves? Because MS didn't want to obey the spirit of the patent gifting in GPL and finessed it.
So even though the GPL2 was simpler than GPL3, it was too simple to stand a malicious attacker.
The original phrase was "Copyleft: All rights reversed". The "reversed" means that the rights of the end user are protected more so than the rights of the developer (the more natural beneficiary of copyright) - to wit, the end user is preserved the rights to run the program for any reason, share the program, examine and learn from the source code, and build and distribute derivatives.
Berkeley et. al. focus on protecting the rights of the developer more than the end user - to wit, the developer can create proprietary products from such code and deny the above freedoms to their end users.
Since libertarian principles focus on individual liberty over corporate or state interests, I firmly believe that copyleft is clearly the more libertarian license, and choose it over the alternatives for my own modest endeavors. Its popularity indicates that I am not alone.
Oddly enough, I've been called "right-wing" on several occasions, but never "left-wing" (though it truth I'm neither). Go figure.
Your opinion may (and almost certainly will ;-) differ.
Proponents of 'Copyleft' often criticise the patent system with reference to the responsibility the say it has to 'promote the arts and crafts'.
In what way does the prevention of selling code with free code built in as part of it 'promote the arts and crafts'? The availability of products on the market is undeniably smaller as a result.
Unless they argue that everyone who would otherwise be employed in a company is now instead producing the same products for free, which is a stretch.
Jawohl! Sieg!
If you don't like that, get your copyright laws changed. It is that which defines what constitutes a "derivative".
Since copyright was written for books, movies and music, static linking is taken the exact same as taking a chapter from a book and putting it in your own. Or taking a five minute segment of a movie or the entire riff from a song and using it in your song or movie.
These are considered the same because, as far as copyright (because it is being applied not on SOURCE as it is with music/movies/books but on the binary object file) is concerned, they are doing the same thing.
So fix copyright:
a) source only is copyright
this may be too much, but linking object code is not copyright controlled then
b) static linking is not covered by copyright
this would allow me to get a new copyright on MS Office 2007 however, if I can add a new executable to replace the Microsoft one. Heck, maybe wrapping it in a new caller (a' la Wine) would be enough.
c) put up with it
because you break the bits of copyright you want to keep as your own very personal privilege.
But it is NOT, repeat NOT, a problem with GPL. It's a problem with copyright on computer programs. Period.
GPL'ed software is notoriously by geeks for geeks. The original GPL was clear enough, as this document indicates things are getting confusing.
This is not a signature.
It's not like we're making any money off their work, nor are they giving back the changes so people can learn from them.
If they'd rather pay someone a potload of cash than play nice, fair play to them and fuck off.
PS you'd better read that developer license REAL good. Remember: MS put in their IM system and the Passport login acceptance that they owned equal rights to ANYTHING you discussed over IM or other MS protocol that went through their servers.
They DID change this but only because people yelled and screamed. AFTER READING EACH CHANGE.
So make sure you aren't giving up any rights you need.
E.g. If they audit you, will they get access that will allow them to see what you're doing and take the idea?
Think carefully.
Nice FUD, Mr Troll. Total bullshit, of course.
The BSD doesn't protect you from someone else patenting your code.
And protecting it costs words.
Words some BSDers would complain "makes it more complicated!".
The problem is that copyright itself is contrary to libertarian principles.
BSDL and similar licenses take minimal advantage of copyright themselves, but allow downstream developers to apply as strict a copyright policy as they wish to any derivative works.
The GPL relies more on copyright for enforcement, but is designed to limit the ways in which downstream developers can apply more restrictive copyright and patent policies to GPL-derived works.
Whether you prefer the BSDL or GPL mostly comes down to whether you believe the ends justify the means. The GPL comes much closer to achieving the ultimate goal of undermining copyright restrictions, but at the expense of relying on a means (copyright itself) that the more "public domain"-style advocates find unjustifiable.
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
I'd mod you +1 interesting if I could. :-) Thanks for the insight into libertarian principles. However...
I don't follow this. The late, great wireless driver controversy was specifically about a BSD-licensed driver being changed to GPL, and the consensus seems (I believe) to be that this is not permitted - only the copyright holder can change the license once under BSD.
Or am I missing your point?
was infected by MS closed source EULA? I mean you never got THAT version of the code back.
And if you're going to say "we still had the code" well, you still have the original code if it's added to GPL.
So either complain about both or neither.
our source is available on request in the form of microfilm. we regret that our reasonable fee for providing this service costs more than the product itself. our code is copyrighted and you may not transfer our source to different media.
"On the whole then, the answer is "No, you're safe", unless you go out of your way to use static linking, which would open you up to the possibility of occasional arguments within the community, although probably not legal ones."
And if you're in a legal jurisdiction that doesn't consider static linking a copyright controlled process, you're OK. AFAIK, this includes a grand total of Nil jurisdictions.
So you will be in legal problems.
But that's not GPL giving you gyp, it's copyright.
I'm not sure I agree with that consensus entirely, and I'm not a lawyer of any sort (which should be assumed -- this is the Internet after all), but there is at least one important distinction to be made: the driver wasn't significantly altered in any way, but rather just re-labeled as GPL. In other words, the license and authorship of the original work were being misrepresented. This isn't the same as if BSDL code had been incorporated into a GPL project (retaining all the relevant attribution and license notices), where the result is a mix of BSDL and GPL code, and following both licenses reduces to just following the GPL.
One can't simply relicense BSDL code under more restrictive terms, but the BSDL places no restrictions on distributors beyond retaining the copyright notices and license of the original code; ergo, BSDL code can be incorporated into a larger codebase with an arbitrarily restrictive overall license. GPL code, by contrast, can only be incorporated into a codebase with a license no more restrictive than the GPL itself.
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
I believe his point is that you can modify BSD licensed works, and license your changes under the more restrictive GPL. The BSD disclaimer still holds, and the additional one does as well. What you cannot generally do is remove the BSD disclaimer or copyright notice. The original author still holds copyright over the parts you didn't change!
The wireless controversy was a great deal trickier than a mere Slashdot summary can contain: some places in the source code suggested it was available under BSD or GPL, rather than both, and that led to a Linux kernel hacker picking GPL and dropping the dual offer, much to the outrage of the BSD developers who felt unable to accept those changes into their projects.
I Browse at +4 Flamebait
Open Source Sysadmin
1.Companies who release software (usually embedded into a hardware device) and then claim "we are working on releasing the source code but its going to take time"
2.Build systems where one "master makefile" builds the entire project (usually with a "master config file" that selects which model you are building for, what features are turned off and on etc)
3.Companies who use a version of GCC and/or binutils that isn't publicly available and then dont release source code or binaries for that version, thus making it harder to recreate the binaries they are shipping (I wonder if creating a CPU with a new or altered instruction set, porting Linux to this CPU and then releasing kernel source but not GCC or binutils would be a GPL violation or not...)
4.Companies who release source code for one firmware revision and then dont release source code for other firmware revisions (*cough*Motorola Z6*cough*)
and 5.Companies who claim a need to "sanitize" GPL code before its released (this most likely includes removing any comments that reference internal intranet email addresses, web URLs, machine names, internal processes etc but may also include removal of pieces that are used only by or removal of comments/changing of code of pieces related to proprietary hardware so as not to release any more hardware details than they have to. Will likely also include removing anything embarrassing such as swear words)
Section 7.1 of the article covers an often-overlooked part of the LGPL. If you include LGPL libraries as part of your application, the EULA must permit reverse engineering to debug the application if the end user modifies the library and uses the modified version, instead of the version that came with the software.
I suspect that there is a lot of software out there that includes LGPL libraries, but has a blanket "no reverse engineering" clause in the license agreement.
Not on Slashdot.
Did you get the changes to BSD code MS did to get it to work in Windows?
No.
So your "problem" here is that you aren't as fucked as you are with closed source and you don't like it.
PS if you HAD to give source code with binary to get a copyright on it, this would be a lot simpler:
a) ex CSS: you can't use the code except to learn with until copyright expires
b) GPL: you can use the code to learn with before copyright expires in your own work under some conditions
c) BSD: you can use the code to learn with before copyright expires and in your own work under some fewer conditions
The problem here is really that you aren't a BSD fan you are a closed source fan and the GPL is the antithesis of that.
If not, you're lying and you must make it available in ways that you yourself use it.
Else your customers may say "we're making your program available but we're not sharing any more than de minimis sections via bittorrent, so since none of those sections are copyright infringement the entirety is not either as long as it remains discrete. Ergo, we aren't committing copyright infringement".
You like?
The problem is that copyright itself is contrary to libertarian principles.
And this is why libertarians (such as myself) should be for the copyleft licenses.
More permissible licenses like BSD do NOTHING to change the current status of copyright laws.
Copyleft licenses, such as GPL, provide the real impetus for changing the current state of copyright in two ways:
1) they restore, partially, what you would have without copyright (for the licensed work itself, this is no different than BSD);
2) they (at least when it becomes widespread enough) give motivation to commercial entities to scrap or weaken copyright---since stronger copyright does mean stronger copyleft, automatically, and once a minefield of copylefted works have been created, the only way for them to maintain anything proprietary may be by abolishing copyright altogether (since without copyright, they can always use technological means to substitute the law, where as legal requirements of copyleft licenses cannot be bypassed as easily).
To put it simply, copyleft is the best way to fight copyright, both in the short term (after all, this is why RMS went with copyleft, rather than trying to advocate for copyright reform), and perhaps even in the long term (this is pure speculation on my part).
Ah yes, the GNU Cult Members can't handle accurate criticisms so they censor my comments by moderating the parent comment down. Typical communist control. That's another indication of how you really don't value freedom!
To be a true freedom fighter *YOU MUST* allow others who disagree with you to voice their opinions in the public space *without moderating* them down. Have the guts to hear contrary opinions!
As I said, it comes down to the end justifying the means. Yours is one common view, but there is just as much support for the view that claiming copyright (as one must do to utilize "copyleft" licenses) is wrong regardless of the motivation, or that doing so undermines your ultimate goal.
In my opinion, if one fails to stick to one's principles throughout the entire effort one runs a strong risk of becoming the enemy, and simply replacing one tyranny with another. I have seen this already where some have argued that all software should be required to be GPL, which goes rather beyond a simple lack of copyrights into forced distribution of source code. Personally I don't use the BSDL or GPL; everything I write for myself is in the public domain.
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
As I said, it comes down to the end justifying the means. Yours is one common view, but there is just as much support for the view that claiming copyright (as one must do to utilize "copyleft" licenses) is wrong regardless of the motivation, or that doing so undermines your ultimate goal.
I am guessing we (or, the two opposing camps) actually have different "ultimate goals".
The way I see it, the ultimate goal for a libertarian has to be the abolition of copyright system itself (and thanks to international agreements, this is going to have to be a global thing). Releasing one's works into the public domain does very little to achieve this ultimate goal, since other participants and powerful players in the system do not have a motivation to ditch copyright in this case. Poisoning the copyright system with the mechanics of copyleft achieves what public domain can't.
But, I can see how some purists would rather shun the entire system altogether. For them, the ultimate goal is to be free of copyright themselves, not to free the world from copyright.
Well, as for myself, I subscribe to the view that sometimes, peace needs a war---and such a war (to wit, "war to end all wars", although that particular one didn't quite work out) is more than justified.
I have seen this already where some have argued that all software should be required to be GPL
This is precisely what I am hoping would happen. That, once enough software and libraries are under GPL (or some other sort of copyleft license), then proprietary software companies would have no option other than to use GPL themselves (in which case copyright law itself would have been perverted beyond recognition), or, as is more likely to happen, they would lobby for abolition of copyright themselves, at least in software.
And if this phenomenon could spread to all aspects of culture, copyright abolition would no longer be mere pipe dream.
That's not going to happen. No matter how many GPL libraries you write the proprietary software companies will just continue to write their own code in-house, or employ third-party libraries under more palatable licenses. It will never be more profitable for them to abolish copyright entirely rather than simply avoid the use of GPL software.
You're right -- our goals are very different. My goal as a libertarian is to abolish the concept of "legitimate", systematic aggression entirely. Copyright is simply one example of such aggression out of many.
In my opinion it would be futile to attempt to force the non-libertarian majority to follow libertarian principles; moreover, any such effort would eliminate -- at least in the view of the general populace -- the primary distinction between libertarians and non-libertarians, which is an absolute opposition to the initiation and/or escalation of coercion.
If we are willing to turn to aggression to achieve our goals, why shouldn't others do the same? It's not just a matter of being a "purist"; I don't believe that the goal -- mine or yours -- can be achieved sustainably in the first place via unprincipled methods.
The world will be free of copyright only when the vast majority of individuals believe that copyright is wrong and are willing to resist any attempt to enforce such claims on themselves or others. That state cannot be achieved by force, and it's exceedingly difficult to persuade someone that you consider copyright to be wrong when your methods are fully dependent on it.
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat