SFLC Finds One New GPL Violation Per Day

eldavojohn writes "In July, the Software Freedom Law Center (SFLC) leveled the finger at Microsoft for a GPL violation but how often does this actually happen? Sunday, Brad M. Kuhn (tech director at the SFLC) stated in his blog that since August of 2009 he has been finding about one per day. So why is it that we have only covered a handful of these cases in the news? Brad offers sage wisdom; surprisingly, he recommends, 'Don't go public first. Back around late 1999, when I found my first GPL violation from scratch, I wanted to post it to every mailing list I could find and shame that company that failed to respect and cooperate with the software freedom community. I'm glad that I didn't do that, because I've since seen similar actions destroy the lines of communication with violators, and make resolution tougher.' Public shame is evidently not always the best answer. Ars has a few more details and notes that (in accordance with Brad's advice) lawsuits are usually a dead last resort."

closed up

[runyonave]

hardcore closed source company is alwyas going to have violations. Also it's Microsoft.

Re:closed up

[jellomizer]

open source project have violations too. Using someones patented ideas, calling a library that isn't GNU compatible. The program is performing a function that is illegal such as DRM disabling. That is why you need to be civil with dealing with people for violations. As chances are you have made a mistake and created a violation yourself.

Re:closed up

[tnk1]

Be civil and *document*. If it does come to court, your kind requests (in writing) to desist, as well as your flexibility in helping them identify and correct their violation will help make the case that you have taken the needed steps to protect your property without being an asshole. Their response, or lack thereof, will then be a building block in your case should it come to that.

Remember, civil court is usually just a judge and that judge may react somewhat differently if it is clear you are a jerk. While it is true that they may have to rule in your favor even if you are a jerk, they are unlikely to make it easy on you. There are many things judges can to to move things along that are at their discretion.

Treat every communication for violation as it it was going to be entered into evidence, but remember, court costs money and (more importantly) time. You are much better off if you are getting violators to comply without taking it to that level.

Re:closed up

[jim_v2000]

Who can sue over a GPL violation? Doesn't it have to be the author of the code?

Re:closed up

[imp]

I've been involved in an open source project (FreeBSD) for a long time. There have been a number of complaints about GPL violations in the past. These complaints are usually made in private. That helps a lot. Often times the compaints are wrong (The GPL code that was alleged to have been taken and improperly included in FreeBSD turned out to have been taken from BSD 4.4lite and incorporated into the GPL code was the worst example). There have also been cases where the same code appeared in drivers in multiple places. Again, that wasn't a GPL violation because both places took the code from a common data sheet. Sometimes supposed violations are cleaned up out of an abundance of caution: it isn't clear the code is improperly included, but the code in question is easy to rewrite and/or icky to start with.

There are also times where GPL code is improperly imported code from BSD as well. Even when these are found it isn't always worth it to complain. Sometimes the gain from complaining is so small that it is easier to just let the folks use the code and not worry too much about it. Sometimes having the code out there and improperly licensed is better than getting it removed from the code base.

In general, I've found that most people that aren't lawyers don't know the law or the provenance of the code very well. By complaining in private, you get a chance to learn a bit about both. You also give people a chance to make it right. With large open source projects, the chances for accidental mistakes are high. The projects are generally keen to avoid the mistakes in the first place, and even keener on making sure that they get ironed out after the facts. Turns out most companies have a similar view and will do the right thing when asked (but sometimes it takes a little time, which is OK: the GPL never said instantly on demand).

Of course, this begs the question about the validity of the License to use GPL software after a violation has occurred, the scope to which license is lost, how to get it back, etc. GPLv2 is silent on the issue, while GPLv3 gives you one shot to fix it (but that's likely insufficient for large companies that have multiple product lines done by disjoint sets of people all of whom aren't educated on the finer points of incorporating GPL software into their products).

Re:closed up

[bws111]

If you have an agreement with your distributor that says you get source, you have standing to sue. The GPL is not such an agreement - that agreement is between the copyright holder and the distributor, or the copyright holder and you, but not you and the distributor. You have no standing to sue based on an agreement between him and HIS supplier.

Re:closed up

AFAIK its pretty much only the US, Australia, Japan and South Korea that considers those patents valid, the rest of the world doesn't. (The vaguely unspecified countries in europe would be all EU members AFAIK)

Ofcourse those countries are important enough to make it a problem, but personally i don't mind just ignoring the patents and simply not distribute anything to those countries, (If anyone wants to distribute software in the US he can hire a lawyer, i'd rather not care though)

Going to court and going public

[Corporate+T00l]

It's not really surprising that going to court and going public are really last resort sort of things. Court is expensive, and most people considering them to be a "roll of the dice". Actually negotiating with your counterparty in a contract dispute is always cheaper and more productive.

Going public, even after going to court, also sours the atmosphere, creating emotional contention that makes an actual agreement less likely. Look at out-of-court settlements with undisclosed terms and no party admitting fault. Once you get out of the public light, you can get people to sit down and discuss and actually come to a mutual agreement since the emotions have been toned down. If you're all fury and anger, you're not really in a position to negotiate someone into a corrective action.

Re:Behind the scenes or not

[sakdoctor]

Stallman in a bikini.

Ok, there's your nightmare material for tonight.

Re:Behind the scenes or not

I like keeping my software free for everyone for ever. I'm glad you enjoy end users being robbed of their freedom.

Re:Ah yes

[MobileTatsu-NJG]

Ah yes, another one of these stories. Expect to see some references to M$, people defending GPL and people advocating BSD. All in all, everyone will agree that respecting open source licenses is very important. Next thread, something about RIAA, same people demanding their right to download copyrighted music.

Pathetic.

Result of proper GPL usage: More software for the public to use.

Result of copyright abuse: Less content in the public domain.

One is about the world that is, the other is about the world that should be. What's pathetic is the lack of understanding you have of the people you're criticizing.

Lets be civilized -- Investigate before accussing.

[iYk6]

Don't forget, there might not be a problem in the first place. If you are looking around, and see someone else's GPL code in a proprietary product, make sure you find the original owner and talk to them before you go around shouting at the hill tops how evil the proprietary company is.

It is entirely possible that the code was appropriately licensed by the original owner. Just because something is GPL, does not mean that it can not also be licensed for a specific user, usually for money. Think Quake.

Even if the project itself is not licensed for their use, maybe whoever wrote that part of the project re-licensed their contribution to a proprietary company.

Haduh!

[hunteke]

In U.S. culture at least, we have little notion of how to let the "other side" save face. Saving face, or not 100% embarrassing folks when they've obviously messed up, is critically important in many negotiations, both exactly political, and locally among friends. The old adage "it's not what you say, it's how you say it," still rings true. People aren't stupid, and most would rather not be insinuated as such. People do, however, make mistakes, either semi-intentionally, unknowingly. (Analogous to driving, right? That's why they call crashes "accidents".)

Ridiculing folks gets folks nowhere. In the long run, most would agree that having businesses around and prospering is a good thing. (Let's not get into a debate about size of businesses for now.) A healthy business affords jobs to the local community, a service to those who need it, and acts as a community partner. A dead business does no such thing. A friendly reminder is often more than enough to get someone to clean up there act. I know it sure is for me.

Re:Behind the scenes or not

[asdf7890]

GPL is about forcing future software to also be free. Not using it doesn't rob anyone of anything.

GPL is about forcing future software that uses on GPLed code to also be free. You don't want to be held by the GPL? Then don't use GPLed code. Is it really that difficult?

Got GPLed code in your project by accident? Then you didn't do due diligence properly. Your fault, not the GPL's fault.

Got GPLed code in your project by no fault of your own (bad contractor, used a library or other source that itself broke GPL, or some such reason)? That does sometimes happen and here you need to discuss it with the owner of the affected code.

Re:Behind the scenes or not

[shutdown+-p+now]

May I advance a humble proposal that any post along the lines of "GPL is better than BSDL" or "BSDL is better than GPL" is modded Flamebait and/or Troll on sight? Personally, I'm sick of these endless and pointless fights over nothing, where arguments boil down to who is "more free", with either side persisting in the claim that their definition of "free" is the One and Only True Free.

Re:Behind the scenes or not

[Blakey+Rat]

What freedom are end users losing if a company includes public domain code in their software? Please provide realistic and practical examples that prove you've thought about the concept longer than 15 milliseconds.

Re:Behind the scenes or not

[TheRaven64]

You don't want to be held by the GPL? Then don't use GPLed code. Is it really that difficult?

Yes, sometimes. Here's a concrete example. I library that I wrote uses libavcodec. My library is MIT licensed, and someone who uses my library also uses an Apache licensed library (I can't remember it's name; something for parsing MPEG-4 atoms) and released his code under the BSD license. Libavcodec is normally LGPL, so this is fine. Unfortunately, there are half a dozen or so optional files in libavcodec (e.g. some MMX optimisations) that are GPL'd. Some distributions include these in their binary versions. They then can't distribute this application as well without violating the GPL (because the Apache license is not compatible with GPLv2).

The GPL'd files are not included in the build of libavcodec on my machine, nor on the machine of the person who wrote the application using my library, but his code can't be shipped with Debian because the person who maintains an upstream package chose to incorporate some GPL'd code into their stock build of a library.

Re:Behind the scenes or not

[WNight]

They lose the freedom to tinker with what would have been open, whatever it was that the company theoretically closed.

If that's the component they're struggling to fix it could be all-important.

I found a minor bug in Rubygems the other day simply by reading the source. If it wasn't available I'd still be wondering what was supposed to happen and tweaking my code trying to make it work.

Solitaire doesn't run better just because it's open sourced so many users might not even notice, but the ones who poke around or fix anything would. It's the difference between a usable machine and one completely covered into anti-tampering epoxy.

Re:Behind the scenes or not

[Xtifr]

Seconded here. I've been listening to the "debates" for years and years and haven't heard anything new from either side in so long I can't remember. Lets just short-circuit the whole thing here: BSD fans want to legalize slavery and murder, and GPL fans want to set up communist dictatorships and destroy the world's economy. As long as someone can "prove" that I'm evil no matter which one I support, I figure I might as well go whole-hog and be totally evil by supporting both, each in their own place. Ia! Ia! Cthulhu fhtagn! :)

Re:Behind the scenes or not

[Rennt]

You may choose to define "free" however you like (this is an acknowledged problem with the term), however when the context is free software, the Free Software Definition is fairly well established.

• run the program, for any purpose (freedom 0)
• study how the program works, and adapt it to your needs (freedom 1)
• redistribute copies so you can help your neighbor (freedom 2)
• improve the program, and release your improvements to the public, so that the whole community benefits (freedom 3)

You are, of course, also free NOT to release your own work under the GPL. Meanwhile, imposing your sense of freedom on others reduces their freedoms no matter which license you choose.

Now you did not actually reveal what your ideal "free" licence is, but I will share with you Rennt's Law: "The probability that anyone arguing that the GPL is not "free" is really just pissed that BSD is not as popular is exactly 1".

Re:Behind the scenes or not

[bws111]

Not as cut-and-dried as you might think. First, it is not just modifying that is a problem, it is linking with. Here is a real example. My company developed a fairly large system for internal use, which linked to some GPL components. This system contains some trade secrets. All perfectly legal under the GPL, and not evil. Several years go by, and the company decides to contract out some work. This contracted work means the contractor needs a copy of this software: extremely big problem. Because of the GPL'ed code, we must provide source to the software, including the trade secrets. Furthermore, unlike normal business deals where we have confidentiality agreements with contractors, we can't stop them from releasing the source code. This resulted in two things: a delay in the project while the software was recoded to remove all GPL components, and a new company rule saying no GPL code, period.

Re:Behind the scenes or not

[TheRaven64]

BSD and MIT, yes. Apache, no. The GPLv3 has a specific exemption for the clauses in the Apache license that are not compatible with the GPLv2. You can not use GPLv2 code and Apache Licensed code in the same project.

Re:How is not using GPL'd code difficult?

[TheRaven64]

You're missing the point. The question was whether it is hard to avoid GPL'd code. I did not use any GPL'd code when writing my library. The person writing an application using it did not use any GPL'd code. The person creating the package for Debian was unable to do so because of the GPL. Now, I'm fine with Debian not carrying this code. I don't use Debian, and there aren't many Debian users whose opinions I care about. I don't lose anything. Only Debian users (and maybe users of a few other systems with similar policies) lose out.

It looks like other optional files in libavcodec are GPL'd, and apparently you wish they are LGPL or other more permissive license.

Simply not including those files in the package build would also work. I don't have any of them enabled in my system. I have no expectations about being able to use GPL'd code. If you'd read and understood my post, you'd have noted that I specifically said that I was not using these files, nor was I distributing them. The problem is not mine, it belongs to downstream distributors who find that the GPL has snuck in via the actions of another package maintainer.

Re:GPL is about fixing public domain.

[Ash-Fox]

I'm looking at http://www.winehq.org/history which I assume you're hopefully going to agree, is likely a reliable source.

It's very incomplete. Part of the story is how the WineX developers and such promised that they would contribute work on DX to Wine, which is discussed in detail on the mailing lists. This lead to a huge amount of developer stagnation in the area as everyone was just waiting on the "patches" that would bring all this new functionality.

Years pass and it ends up becoming obvious that the WineX/cedega developers had no intention of keeping their promise despite their continuous reassurances, thus causing a huge amount of stagnation in development in Wine's development in the Direct X area, during this time a lot of the developers felt that this was a catalyst that should push the licensing changes to prevent something like this (and other events noted in Wine's history) from ever happening again, where it took them more years to get where they are today which, in many ways, is still lacking compared to Cedega who had a large head start due to deceiving the WineHQ people who are still playing catch up.

A lot of these events are not documented on the website and other places except in discussions on the WineHQ mailing lists as it doesn't help very much with a 'professional' image of Wine by ranting on about all the booboos Wine had.

Had Wine been licensed the way it is today, quite a few negative incidents could have been avoided and Wine would have been better off today.

I've tried searching for mailing list entries, but there doesn't seem to be a lot of stuff out there, at least that Google is showing up.

It's all there, I just don't want to spend a few hours looking through the archives, but I'm sure there are those on Slashdot that do 'obsess' enough over this to do so.