Slashdot Mirror
FSF Files Suit Against Cisco For GPL Violations
Brett Smith writes "This morning the Free Software Foundation filed suit against Cisco for violations of the GPL and LGPL. There's a blog post with background about the case. The full complaint is available too." The short version, as excerpted by reader byolinux, is that "in the course of distributing various products under the Linksys brand Cisco has violated the licenses of many programs on which the FSF holds copyright, including GCC, binutils, and the GNU C Library. In doing so, Cisco has denied its users their right to share and modify the software."
They allow abusive entities such as the Free Software Foundation to go after Cisco. If only the software was distributed without cumbersome GLP and LGPL licensing restrictions, and was truly free like software wants to be, then Cisco wouldn't have been forced to violate the licenses.
For shame.
If only there were some way to find out. It's hard to say for sure, but based on this:
I'm thinking maybe they did.
I've worked at Cisco, and the general attitude among many (not all) is that they don't care about GPL violations. Linux is used as it's the fastest path to get the products out.
The reason why this will be unsettling to Cisco is because some of the products have integrated key IOS files in order to retain backwards compatibility. Which means that those files now fall under the GPL. And the only way to integrate them is to use various Linux API's. That is, key files are derived works from the GPL. From the bootstrap code on up.
But, since these files are key to IOS as well, one could take the view that IOS is now under the GPL.
One could try to maintain that those files need to be dual-licensed. However, though some hold that to be valid, I don't believe such a dual license has ever been held up in court. So that might get interesting if the FSF wanted to push it. In any case, it could be a useful bargaining chip.
In any case, those files don't have the appropriate copyrights stating how they are licensed.
The amusing part here is that this has come about mostly because of Cisco's dedication to using as much H1-B/L1 labor as possible. It's been those guys who have mostly (not entirely) done this work in order to get things done quickly. And believe me, protestations about the licensing have been ignored completely when they've been raised. Hack-it-in quickly and damn the lawyers has been the attitude.
It's very amusing to see that Cisco's use of cheap labor has come back to bite them in a way that has the potential to cost them more money than if they had done things in the right fashion originally.
Yes, usually it is just costs + compliance.
But this time, they seem to be pissed (from the stuff they filled with the court, the URI is in the press release):
"Prayer to Relief"
[...]
(2) That the Court order Defendant to pay Plaintiff's actual and consequential damages in-curred, in an amount to be determined at trial or, in the alternative, statutory damages as set forth in 17 U.S.C. 504(c);
(3) That the Court order Defendant to account for and disgorge to Plaintiff all profits derived by Defendant from its unlawful acts;
[...]
In other words: OUCH!
If you read the article, you'll see that they did. They've been working with Cisco for the last five years on it, but according to the FSF never became fully compliant:
As we always do in violation cases, we began a process of working with Cisco to help them understand their obligations under our licenses, and how they could come into compliance. Early on it seemed likely that we could resolve the issues without any fuss.
While we were working on that case, though, new reports came in. Other Cisco products were not in full compliance either. We started talking to the company about those as wellâ"and that's how a five-years-running game of Whack-a-Mole began. New issues were regularly discovered before we could finish addressing the old ones.
During this entire time, Cisco has never been in full compliance with our licenses. At first glance, the situation might look good. It's not difficult to find "source code" on the Linksys site. But you only have to dig a little deeper to find the problems. Those source code downloads are often incomplete or out-of-date. Cisco also provides written offers for source, but we regularly hear about requests going unfulfilled.
Despite our best efforts, Cisco seems unwilling to take the steps that are necessary to come into compliance and stay in compliance. We asked them to notify customers about previous violations and inform them about how they can now obtain complete source code; they have refused to do this, along with the other reasonable demands we have made to consider this case settled. The FSF has put in too many hours helping the company fix the numerous mistakes it's made over the years. Cisco needs to take responsibility for its own license compliance.
No no no.
Cisco has violated copyright law by distributing GPLed FSF code under terms other than specified in the only available license. The ownership and licensing of IOS code is not affected by this in any way. This is the past.
Now for the future. If Cisco wants to keep distributing IOS code mixed with FSF code, there is only one way of doing it. That is to release the code under the GPL, because the FSF doesn't offer any other licenses. Only the IOS code which is mixed with FSF code needs to be released under the GPL. This has no effect on any other IOS code (older or in other products or whatever).
This is not exactly "put some code on the web for download."
If you mean that Linksys/Cisco could have avoided this at any time in the past five years by releasing the code, you are probably right. The FSF is easy to get along with. It is anybody's guess what they need to offer the FSF now to make it go away.
This is why free licenses such as BSD should be adopted for any commercial project.
Cisco didn't "adopt" the GPL; quite the opposite, they're trying to avoid it. However, they put *themselves* in a position where they'll either be forced to or be guilty of breaking the license terms.
Avoid viral licenses such as *GPL.
Who should? The people who wrote the original code? Maybe they don't want companies like Cisco using it if it means closing the code off and not returning anything. That's their choice.
Cisco? They knew- or should have known- the implications of the GPL and had- as you imply- the choice of using BSD-licensed software instead.
Perhaps there wasn't a BSD-licensed version of what they were looking for? If so, tough shit! No-one's under any obligation to provide them with that for free. Cisco could of course pay someone to write it (and release it under the BSD license if they so wish). Or they're free to use the GPLed code and adhere to the terms it was released under.
But they thought they could get away with using the no-cost GPL code without honouring the obligations. They knew what they were doing.
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
Don't buy a linksys, but do buy one of the ones with similar hardware.
When I bought my Asus WL-500g Premium it shipped with the complete modified linux source in a folder on the CD that contained the usual windows-crapware you seem to get with every product these days (you know, the outdated copy of acrobat reader, some documentation wrapped in a shiny executable and such).
I did install OpenWRT on it, and I'm very happy with the result. I'm also happy with Asus for actually shipping the source, but I never did write them a line and told them. Maybe I should.
c++;
Yes, it could be a misunderstanding. Especially when FSF has spent five years communicating with Cisco trying to resolve the issue peacefully. If there's a misunderstanding, the people at Cisco need to get some working brains...
The reason why this will be unsettling to Cisco is because some of the products have integrated key IOS files in order to retain backwards compatibility. Which means that those files now fall under the GPL.
This is false. Releasing GPL code can never automatically force other code to be licensed under the GPL. What it does mean is that someone was distributing code without a license, and may be liable for copyright infringement damages. If they *had* licensed their other code under the GPL, they wouldn't have been liable.
In general, a number of GPL-using authors tend to be okay with someone who has infringed doing a subsequent GPL-based release as a way to clear the air (and often then forgive previous damage caused by earlier infringements), but (a) they need not forgive the damages in such a case, (b) the infringer need never do a GPL-based release of their own code, instead simply paying damages.
Cisco is being REALLY REALLY stupid here and I just don't understand why.
I've done a lot of commercial software that uses LGPL and GPL code, and its not rocket science. RMS himself even says that "mere aggregation" is not a problem.
Here are the rules:
if its LGPL, link to it, but don't modify it. If you need to modify it, make the modification in the form of a generic API extension and call it from the application. Make your extensions public.
If it is GPL, make it a service and call it through a socket.
If it is a kernel module, there seems to be some wiggle room there, otherwise make a public mini-driver and a proprietary user space app.
How hard is that? Jeez, if you screw up GPL compliance, you are not paying attention.
Get the name right. It's Gnu/Cisco.
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.