Slashdot Mirror
MS Pulls Windows 7 Tool After GPL Violation Claim
Sam notes an Ars story on Microsoft pulling the Windows 7 USB/DVD Download Tool from the Microsoft Store website after a report indicating that the tool incorporated open source code in a way that violated the GNU's General Public License. Whether the software giant is actually violating the GPL, a widely used (including by the Linux kernel) free software license, is not confirmed. "We are currently taking down the Windows USB/DVD Tool from the Microsoft Store site until our review of the tool is complete," a Microsoft spokesperson told Ars. The fact the company pulled the tool doesn't bode well, so we'll have to watch closely to see what the company puts back on its servers.
Seriously, preview your story summaries editors!
"...so we'll have to watch closely to see what the company puts it back on its servers."
Who thinks that "it" makes sense?
Now now, calm down a moment. Imagine what would happen if they *didn't* pull the code- there would be a veritable shitstorm in the Free Software community. This is the smart, rational thing to do.
On a side note, this really acknowledges the power of the GPL- if even a single report says that there is a GPL violation and this causes Microsoft (its 'arch nemesis) to pull a tool for their newly launched apple-of-their-eye.
Check out my sci-fi book "Lacuna" at http://goo.gl/MVxX8
Replying to my own post here, but also remember that this is exactly what ReactOS did when there was a similar allegation by Microsoft- and were largely applauded for it. Again, it's the sane, rational thing to do and in my eyes doesn't admit any guilt whatsoever. That doesn't mean a GPL violation isn't there, mind, but it means that if there is one this is exactly how it should be handled.
Check out my sci-fi book "Lacuna" at http://goo.gl/MVxX8
Right... or they are being smart, pulling the tool, and investigating whether they are violating the GPL. Like they said.
It was a "Jump to Conclusions" mat. You see, it would be this mat that you would put on the floor... and would have different CONCLUSIONS written on it that you could JUMP TO.
This is actually a good example of why Microsoft (and others) may dislike the GPL - how precisely do you determine that it is not a GPL violation? Clearly people like the parent will not be convinced no matter what Microsoft says (yeah, that post was pretty insightful...), so how can they possibly win here, other than by releasing the code, something they do not typically want to do? Even if they do that, they still get a black eye (i.e. that recent kernel code fiasco).
Yes, because Microsoft's mode of operation is to steal GPL code and try to claim it's theirs until they get caught, at which point they fess up and pretend it was a mistake. Right... I mean, just look at all the other times they stole GPL code!
If in fact that tool used GPL code, it was just some lazy or dishonest developer who used a bunch of code from the Internet and pretended it was his. No proprietary software company would let that slide. Yes, that includes the company we all love to hate.
Pft. Clearly even MS are using GPL software. Doesn't get much more mainstream than that.
The same problem applies to any license? Suppose MS accuses someone of using their code, how can that be determined? If an author or musician accuses someone of copying them how can that be determined? It is an intrinsic problem of copyright, not a problem with the GPL.
When I was working in an MS technology shop I found many cases of our programmers cutting and pasting code from other sources on the internet. Quite a lot of it came from MS itself and explicitly said that it could not be used. What do you do now? Rip the code out? But we've already shipped the code. Should we demand that the customers give it back until we can rip the code out? What if we still want to use the code? Should we approach MS and try to negotiate a different license? What if they say no?
There's no difference here. The GPL is quite easy to understand as licensing documents go. I think we can all agree that if code licensed only under the GPL was in the application, it would be a breach of the licensing terms; just like when various people in my company appropriated MS code. The resolution is exactly the same.
The moral of the story is: don't use code whose licensing terms are unacceptable to you. It doesn't matter what the license is. It doesn't matter what political forces caused the terms of the license to be created. If you don't agree to it, don't use it. This is the one thing that is the same for all licenses.
What you forget is that GPL code is owned by the author, not some magical GPL entity. One author might well want to kick up a fuss, while another may want to deal with it quietly. Others might go to the SFLC, whose policy *is* discretion first (and that's what I believe the earlier articles were referring to).
Whether or not to kick up a stink, demand compensation/removal of the tool, prosecution etc. is in the hands of the copyright holder, not the SFLC (although the holder may choose to hand it over to them for the purposes of dealing with the case).
And no it's not enough to pull the application, if you've distributed the binary and you've used GPL code you're obligated to release that code.
No, you're not automatically obligated to do any such thing. What happens is that you may be infringing on the copyrights on the GPL'd code, so it's up to the copyright holders to decide what to do: ignore it, negotiate a (presumably non-GPL) license agreement with you, or take you to court. And if the latter, the judge will decide what the punishment should be--most likely it'll be "stop distributing the software and pay the copyright holder $$$$$". It's unlikely that the punishment would be "publish the source code to your app that used GPLed code."
Indeed. The summary assertion that "The fact the company pulled the tool doesn't bode well" is really daft. Of course they'd pull it, there's been a claim made against it - if they keep distributing it whilst they investigate the potential for damages rises with every download. Pulling the tool is not an admission of anything other than the fact that an accusation has been made and they're investitaging it.
They do have strict auditing practices in place, specifically regarding interoperability, buffer overflows (and the like), and checking to ensure the code hasn't been wholesale copy/pasted from public libraries.
However, they cannot ensure that someone hasn't copied a dozen lines of code from some other obscure program. They don't have the worlds entire source-code archive sitting in a database waiting to do comparison searches.
Furthermore, i find the ENTIRE situation very, very unlikely. It's almost as if it was all orchestrated. The story that we're supposed to buy is that:
1. Some random pundit was rooting through Microsoft functions because he "felt there was too much code there".
2. Pundit noticed some code that, despite it not having any reference to ImageReader, and despite this individual having nothing to do with ImageReader, immediately recognised that a dozen-line ReadBytes method was "obviously lifted from the CodePlex-hosted (yikes) GPLv2-licensed ImageMaster project".
3. No evidence is ever produced that there are any references to ImageReader, CodePlex, or anything else in the source. The researcher simply magically recognised the source code from a project that he'd had nothing to do with and never seen before.
I'm not buying it at all. This feels intentional.
"The true measure of a person is how they act when they know they won't get caught." - DSRilk
Uhh.. Your logic is at best... strange.
Being aware of the GPL does not mean you are aware that any given piece of software is licensed under it, much less a few snippets of code from said application.
There are three possible scenarios I can think of off the top of my head that are all highly likely here, none of which would make Microsoft aware of the fact they were violating the GPL (if that is even the case, which isn't even proven yet).
1) Microsoft hired a contractor or 3rd party to produce the code. The 3rd party used GPL code, but did not tell them. Yes, Microsoft is still liable, but they're not willfully liable.
2) Microsoft produced the tool for internal use. This is a valid use of the GPL'd code and doesn't require source to be distributed with it. Some other department, unaware that GPL'd code was used, got ahold of the tool and decided to use it externally. The original developers are unaware of the new use. Again, Microsoft is not willfully infringing.
3) An employee decides to take a shortcut and use GPL'd code without telling his bosses, takes credit for the code, and thinks nobody will ever find out. Microsoft is unwillful because even thought the employee wilfully infringed, the company had no knowledge. Yes, they're still liable, just not willfully so.
There are probably many other possible scenarios too... but I can't be bothered to spend more than a couple minutes thinking about it.
So perhaps you should think your arguments through before jumping to the conclusion of "it must be willful".
If you need web hosting, you could do worse than here