Slashdot Mirror
Legal Group Releases Guide To GPL Compliance
An anonymous reader brings news that the Software Freedom Law Center has published a guide for compliance with the GNU General Public License. The purpose of the guide is to prevent "common mistakes" the SFLC has encountered during its various GPL violation investigations. Their suggestions include close scrutiny of software acquisitions, more precise tracking of changes and updates, and avoiding "build gurus." They also provide tips for dealing with a violation. The full guide is available at the SFLC's website.
Are first posts legal?
Any kind of legalese could do with such a guide.
Ignore this signature. By order.
but yes this does rather highlight all the obligations of the GPL, which is a good thing because a lot of companies don't realise what it actually entails.
When making a software product from open source software, one of the tasks is to find out about all the licenses and to be quite honest it is to avoid a lot of software that is GPL, which thankfully most isn't as far as the building blocks go.
GPL software is nice when you want to include a tool that the end user can use but is not central to your software. And, if you have to make alteration then ensuring that alteration is distributed alongside the source for that GPL software is good practice.
1. Way too long to be useful (preaching to the converted---only those in love with the GPL will get to the end, and it will only confirm things they already know)
2. Massively overwritten---about as concise as the Bible.
3. Very partisan; not clear instructions, as one would expect, but more a hidden manifesto on how they think you should run your development team.
4. Bad English in parts (learn how to use an apostrophe).
What is a build guru? Tried looking it up in various places but no luck...
GPL compliance need not be an onerous process.
They say at the end of a 15 page document.
Share and share alike.
Give me Classic Slashdot or give me death!
By the standards of legal advice, that paper is both terse and clear. Perhaps in the wide world of training webcasts, 30 second commercials, and authoritative voiceovers, 15 pages qualifies as a ponderous tome; but you have to keep that sort of thing in perspective.
The broad concept of the GPL isn't hard; but a quick guide to a few of the unintuitive points is a useful thing. The details of the source distribution requirements are a matter of considerable confusion in some quarters, as are the terms under which one can regain the licence after violation.
Those minutiae aside, though, I am very surprised by how much apparent confusion the GPL and other copyleft type licences inspire. There seem to be two main camps of misinterpretation. The copyleft=no copyright group seems to believe that anybody who doesn't do copyright the exact same way they do doesn't do copyright at all. Hence this group's lack of respect for the terms of the GPL and similar. The other extreme has a fear amounting to mania of the GPL, believing that the GPL is unknowably complicated, and will inevitably lead to having all the code you've ever written forcibly expropriated by armed communist penguins.
I don't understand the confusion because the GPL is a perfectly ordinary licence, from the legal perspective. Its purpose, socially, is quite interesting, and rather unusual; but the form "Copyright law says that you can't copy this without our permission, which we grant if you do foo and bar." is absolutely standard. People seem to go in expecting the legal side to be horribly mysterious, just because the social purpose is unusual. It is rather weird, really.
Dude - send a copy to the Utah State Attorney General's Office.
No, they did nothing wrong, but in 1999 when I was trying to explain that I wanted to put the GPL to use in my former classroom (all non public-domain copyrights are jointly held by a teacher and the State of Utah), most of the Dept'y Att'y General's responses consisted of "...I don't understand". I even pointed him to the GNU website), but he called back later and was still lost. Nice guy, sounded like a good lawyer, but he just couldn't wrap his brain around the concept.
Now that was nine years ago (!? Cripes I'm old),, and things may have changed, but pushing a copy of this new guide to all 50 US State Att'y General offices would, IMHO, not be a bad idea at all.
Quo usque tandem abutere, Nimbus, patientia nostra?
The GPL requires you to include the scripts used to control compilation and installation of the executable. It does not require you to provide the knowledge needed to use those scripts, if it's all in someone's head. So having "build gurus" doesn't necessarily put you out of compliance, though it might make it hard to demonstrate you are in compliance.
So... Is violating intellectual property laws a bad thing? Or is it only bad, if the property is that of an open-source programmer, but Ok, if it was created by a musician or an actor?
In Soviet Washington the swamp drains you.
Imagine I was a musician, and I wrote some software that helped me create music. If that software I wrote relied on a GPL operating system and some GPL software (but only by calling existing functions and using existing utilities, without modifying any of its source code), and then released my music to the world from time to time, would I be under any obligation to release the source code to the software I wrote?
GPL arguably has more complex goals than BSD, so it really isn't realistic to expect the GPL to be simpler than, or even as simple as, the BSD licence. Making sure that your licence is as short as possible, without compromising your goals, is always good; but compromising your goals just to make your licence simpler is perverse at best.
Complexity isn't the issue with the GPL: it's the legalese. And because of the legalese, I am not confident to use it or any software using that license for commercial use without legal advice; which increases the cost of using GPL software on a commercial level. This extra cost is factored in when evaluating and comparing against software under other licenses.
Large corporations (which probably do way more business than you or whomever you're speaking for) don't have that problem. Reasonable business operators recognize that you should not be "confident to use" any software without complete understanding of the terms of the relevant licenses. This goes for any software license. In this way the new BSD license is deceptively simple and framing this issue as though it only affected the GPL is unfair.
Digital Citizen
its called copyleft for a reason. It represents a typical left-wing approach to control thought and expression. Resist GPL -- support Berkeley, Apache, and the many other more libertarian licenses.
GNU: Free as in Freedom?
Nah, not unless you believe in Democratic as in Democratic People's Republic of Korea.
> [as a user] would I be under any obligation to release the source code to the software I wrote?
No, as a user of GPL software, as opposed to a (re)developer or distributor, you do not engage any of the relevant conditions of the GPL with respect to provision of the source code.
As the ex-FSF's Eben Moglen has said on many occasions (paraphrased but close), "The GPL is not a usage license, but a distribution license". That's a very clearcut distinction, and Eben has written the book in this area.
There is a small corner case to watch out for, however, and that's static linking with GPL libraries --- a few people call this "derivation" despite the fact that you're only an end user and are only aggregating the GPL library functions statically with your code, so the issue is slightly grey. However, most linkage with GPL libraries is dynamic, and even Richard Stallman has conceded that legally, dynamic linking cannot ever be derivation but only mere usage. No doubt Eben put him straight on that. "Aggregation is not derivation" appears in the FSF's own explanatory materials.
On the whole then, the answer is "No, you're safe", unless you go out of your way to use static linking, which would open you up to the possibility of occasional arguments within the community, although probably not legal ones.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
Where would I find Richard Stallman saying this? Where would I find Eben Moglen talking about this? In other words, what's your source?
Digital Citizen
What if someone takes your code and patents a part of it? BSD then says you cannot claim the patent or protect yourself from it.
And patent law says you can't use your BSD code.
It therefore doesn't matter if you feel confident in obeying the BSD. Your feelings will not make a hill of beans difference. And you will be disallowed.
The GPL v3 requires divulging all trade secrets with a product. Because of this, a number of businesses especially those in embedded systems, are just completely ditching GPL libraries and operating systems altogether. Instead, they are moving to Windows CE, Windows XP embedded, QNX, or another completely closed source OS.
For example, one company I am acquainted with has a catalyst for a factory chemical reaction, the machine is sold to other businesses for some product manufacturing. Any GPL v3 software that is included in their embedded systems would force this business to give up the exact details of its catalyst making, something that has been researched and refined for a number of years now and is one of their core trade secrets. They were using Linux, but their counsel told them to recode using Windows CE because all it would take would be one GPL v3 licensed app to pollute a distribution, and they would be forced to give up their crown jewels to anyone (including their competition and foreign rivals) just for the asking.
Another hazy area is using Linux for embedded hardware storage modules for encryption keys. GPL v3 licensed apps require divulging of all secrets (keys included), so it is fundamentally impossible under the GPL v3's terms to use any software licensed under this license for any security sensitive tasks without risking massive legal consequences.
They imply that people should be more careful because compliance is pursued in the courts these days more often. They don't say that they are the ones pursuing it.
Look, as an author of software released under the GPL, I appreciate that efforts in the community as a whole are being made to bring people into compliance. What I don't appreciate is uncertainty and FUD. This document is 15 pages that will lead to people not using GPL code or finding it necessary to find "experts" and/or to "indemnify" themselves as the document suggests. So much for Anyone can stand on the shoulders of Giants.
What ever happened to "give the code back if someone asks"? How did we get to this point of implying that it's so hard, you better not unless you have indemnity? I have to give you physical media if I'm distributing GPL2 software, Internet distribution isn't enough???? All of my build scripts better be perfect or else! My "whole firmware image"? What is going on here?
- If we have to give physical media, then that's a minimum requirement someone must have. Little guys need not apply
- Build scripts perfect means forget it if your just learning. Come back when you have mastered the art to the degree we arbitrarily say is enough.
- Firmware Image is a specific term, and incorrectly used here. A Firmware Image is an aggregation, I don't need to give you scripts and code for all of it. And if you say I do, your just wrong and you'll scare the crap out of 80% of Taiwan.
Then I look at the enforcement actions of the group writing the document and I wonder if the way this is being done is -actually- in the best interest of the community. I have great respect for the people involved, Eben Moglen is an Icon in Free Software, but his goals cannot be achieved if the requirements are seen by people we intend to include as simply an arbitrary stick the unlucky get hit with. And that's what it looks like now. Really.
I have to wonder if people who complain about the GPL (or, for that matter, most software licenses I've dealt with) being confusing have ever actually read it. I read and understood the GPL when I was in 9th grade. Sure it took me a few reads, but any legal document, or for that matter most any book is like that.
Can you give a specific example of language you find confusing in the GPL?
I think, perhaps, people simply are daunted by the idea of "so much" language that all has meaning to be understood, not the actual quality of that language.
the other people doing what you meant them to do rather than what they WANT you to mean.
If the GPL 2 had been followed in spirit, why would MS have had to give Novell patent rights to put in the GPL rather than put them in there themselves? Because MS didn't want to obey the spirit of the patent gifting in GPL and finessed it.
So even though the GPL2 was simpler than GPL3, it was too simple to stand a malicious attacker.
Proponents of 'Copyleft' often criticise the patent system with reference to the responsibility the say it has to 'promote the arts and crafts'.
In what way does the prevention of selling code with free code built in as part of it 'promote the arts and crafts'? The availability of products on the market is undeniably smaller as a result.
Unless they argue that everyone who would otherwise be employed in a company is now instead producing the same products for free, which is a stretch.
If you don't like that, get your copyright laws changed. It is that which defines what constitutes a "derivative".
Since copyright was written for books, movies and music, static linking is taken the exact same as taking a chapter from a book and putting it in your own. Or taking a five minute segment of a movie or the entire riff from a song and using it in your song or movie.
These are considered the same because, as far as copyright (because it is being applied not on SOURCE as it is with music/movies/books but on the binary object file) is concerned, they are doing the same thing.
So fix copyright:
a) source only is copyright
this may be too much, but linking object code is not copyright controlled then
b) static linking is not covered by copyright
this would allow me to get a new copyright on MS Office 2007 however, if I can add a new executable to replace the Microsoft one. Heck, maybe wrapping it in a new caller (a' la Wine) would be enough.
c) put up with it
because you break the bits of copyright you want to keep as your own very personal privilege.
But it is NOT, repeat NOT, a problem with GPL. It's a problem with copyright on computer programs. Period.
GPL'ed software is notoriously by geeks for geeks. The original GPL was clear enough, as this document indicates things are getting confusing.
This is not a signature.
It's not like we're making any money off their work, nor are they giving back the changes so people can learn from them.
If they'd rather pay someone a potload of cash than play nice, fair play to them and fuck off.
PS you'd better read that developer license REAL good. Remember: MS put in their IM system and the Passport login acceptance that they owned equal rights to ANYTHING you discussed over IM or other MS protocol that went through their servers.
They DID change this but only because people yelled and screamed. AFTER READING EACH CHANGE.
So make sure you aren't giving up any rights you need.
E.g. If they audit you, will they get access that will allow them to see what you're doing and take the idea?
Think carefully.
Nice FUD, Mr Troll. Total bullshit, of course.
The BSD doesn't protect you from someone else patenting your code.
And protecting it costs words.
Words some BSDers would complain "makes it more complicated!".
surprise to the Hot on the heels of
was infected by MS closed source EULA? I mean you never got THAT version of the code back.
And if you're going to say "we still had the code" well, you still have the original code if it's added to GPL.
So either complain about both or neither.
our source is available on request in the form of microfilm. we regret that our reasonable fee for providing this service costs more than the product itself. our code is copyrighted and you may not transfer our source to different media.
"On the whole then, the answer is "No, you're safe", unless you go out of your way to use static linking, which would open you up to the possibility of occasional arguments within the community, although probably not legal ones."
And if you're in a legal jurisdiction that doesn't consider static linking a copyright controlled process, you're OK. AFAIK, this includes a grand total of Nil jurisdictions.
So you will be in legal problems.
But that's not GPL giving you gyp, it's copyright.
1.Companies who release software (usually embedded into a hardware device) and then claim "we are working on releasing the source code but its going to take time"
2.Build systems where one "master makefile" builds the entire project (usually with a "master config file" that selects which model you are building for, what features are turned off and on etc)
3.Companies who use a version of GCC and/or binutils that isn't publicly available and then dont release source code or binaries for that version, thus making it harder to recreate the binaries they are shipping (I wonder if creating a CPU with a new or altered instruction set, porting Linux to this CPU and then releasing kernel source but not GCC or binutils would be a GPL violation or not...)
4.Companies who release source code for one firmware revision and then dont release source code for other firmware revisions (*cough*Motorola Z6*cough*)
and 5.Companies who claim a need to "sanitize" GPL code before its released (this most likely includes removing any comments that reference internal intranet email addresses, web URLs, machine names, internal processes etc but may also include removal of pieces that are used only by or removal of comments/changing of code of pieces related to proprietary hardware so as not to release any more hardware details than they have to. Will likely also include removing anything embarrassing such as swear words)
More useless rules from the silly gnu cultists.
GNU does not equal FREEDOM as the license rules and the pdf document in the article testify.
From the article's PDF: "Political discussion about the GPL often centers around the "copyleft" requirements of the license. Indeed, the license was designed primarily to embody this licensing feature."
Finally acknowledgment from the horses mouth that GPL is a COMMUNIST leftist style CULT!
If you love freedom vote with your fingers, use BSD based software and other really free licenses (ISC, Apache, MIT, etc...) that provide real freedom from interference by the busy bodies in the GPL CULT and at Richard Stallman's cult headquarters, The Software Freedom Law Center (SFLC).
If you want to connect at the hip and submit to the COLLECTIVE of the GPL BORG COMMUNITY then fine, do that, but you may come to regret it especially if you put a lot of effort into your software development and value your livelihood.
Section 7.1 of the article covers an often-overlooked part of the LGPL. If you include LGPL libraries as part of your application, the EULA must permit reverse engineering to debug the application if the end user modifies the library and uses the modified version, instead of the version that came with the software.
I suspect that there is a lot of software out there that includes LGPL libraries, but has a blanket "no reverse engineering" clause in the license agreement.
Did you get the changes to BSD code MS did to get it to work in Windows?
No.
So your "problem" here is that you aren't as fucked as you are with closed source and you don't like it.
PS if you HAD to give source code with binary to get a copyright on it, this would be a lot simpler:
a) ex CSS: you can't use the code except to learn with until copyright expires
b) GPL: you can use the code to learn with before copyright expires in your own work under some conditions
c) BSD: you can use the code to learn with before copyright expires and in your own work under some fewer conditions
The problem here is really that you aren't a BSD fan you are a closed source fan and the GPL is the antithesis of that.
If not, you're lying and you must make it available in ways that you yourself use it.
Else your customers may say "we're making your program available but we're not sharing any more than de minimis sections via bittorrent, so since none of those sections are copyright infringement the entirety is not either as long as it remains discrete. Ergo, we aren't committing copyright infringement".
You like?