Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Takes Responsibility For GPL Violation

Posted by Soulskill on from the owning-up dept.

An anonymous reader writes with an update to the news we discussed last weekend that a Windows 7 utility seemed to contain GPL code: "Microsoft has confirmed that the Windows 7 USB/DVD tool did, in fact, use GPL code, and they have agreed to release the tool's source code under the terms of GPLv2. In a statement, Microsoft said creation of the tool had been contracted out to a third party and apologized for not noticing the GPL code during a code review."

11 of 364 comments (clear)

  1. obvious! by Narcocide · · Score: 3, Interesting

    DUH! Easier to gain forgiveness than permission. We know Microsoft knows that well. There was always a chance nobody would notice. It makes me wonder how much other GPL code they've ripped off over the years without getting caught.

  2. Death of one old bag of baloney? by rewt66 · · Score: 2, Interesting

    If I recall correctly, MS at one point tried to say that, if something like this happened, you'd have to release all your source code. Now we find that MS knows that you only have to release the source code of the program in question. Big difference. (Of course, if this was in Windows itself, the difference would not matter much to MS...)

  3. Re:cluess about licensing... by Bruce+Perens · · Score: 4, Interesting

    Yes. But you'd be shocked at the testimony I read, as an expert witness, from engineers and their managers. Incompetence is rampant. Unfortunately, the cases are settled and sealed, so I can't show you.

    --
    Bruce Perens.
  4. Re:Good on MS by CokoBWare · · Score: 5, Interesting

    It's the integrity of how they handled the situation... someone pointed out the possible GPL violation... they pull the tool and let everyone know they're looking into it... then they announce they've looked into it and as a result, they're going to release the source code in accordance with the GPL, something MS would rather not do, to honor the licence, and the community need for the tool.

    Integrity = Awesome, in my humble opinion...

  5. Fair Play by Dartz-IRL · · Score: 2, Interesting

    That's all that need be said. Microsoft realised it was in the wrong, and took steps to correct it. They didn't stonewall, they didn't hide. I must admit to being pleasantly surprised. Microsoft themselves place great importance on respecting software licenses/copyright, and it's nice to see them practice when it comes to other people's copyrights.

    --
    So there I was, scribbling down some notes off the PC screen by hand, when I reached for the keyboard and Ctrl-S'd.
  6. Re:Good on MS by mysidia · · Score: 2, Interesting

    Except 2012 was a miscalculation and the real year is supposedly 2220.

  7. Re:Code Review by Anonymous Coward · · Score: 2, Interesting

    Having been through a Black Duck review as part of an acquisition, I can say they catch *everything*. 1x1 transparent gif, the kind used by every website in the world? It's in their database. 20 lines of code from a project you never heard of that are similar to 30 lines of code in your project? Flagged. However, BD generates a lot of false positives (how many different ways are there to make a 1x1 transparent gif?). I'd bet that if MS used BD, BD flagged the code as a violation and the violation got lost in the false positives.

  8. Re:"When I worked at Microsoft..." by Anonymous Coward · · Score: 2, Interesting

    Not the OP, but I work at Microsoft and can vouch for his/her statements. As a company we're paranoid beyond belief about intentionally or accidentally including someone else's code. We aren't even supposed to read patents, for fear that we might become "tainted".

    Sorry for posting AC, but I'd like to /remain/ employed at Microsoft for the time being.

  9. Re:Code Review by GregNorc · · Score: 2, Interesting

    Question: how can you tell GPL code is GPL code unless you know that it's GPL code? My point is that code reviews are cool, but they cannot catch things that the reviewers don't know to look for. And it's impossible for anyone to be familiar with every piece of GPL'd code out there, and it's impossible to build a database of such code. The best way to handle it was the way that they handled it. Someone found the error, told MS, and MS became compliant by releasing the code.

    It's called MOSS. Free for educational use, though a company like Microsoft would need a site license, but it would probably pay for itself when you factor in the money paid to PR firms to compensate for blunders like this.

    I mean, I don't think anyone seriously thinks MS intended to steal GPL code. But if you have subcontractors writing shitty code, and you're forced to acknowledge this publicly, that have a very real cost - it undermimes your image as a respectable software company.

  10. Re:Good on MS by blowdart · · Score: 4, Interesting

    Well exactly. In this case Microsoft paid for what they believed was closed source code, it was a third party vendor that broke the GPL, but because Microsoft released the executable, well they're responsible.

    Which raises a question - how do you check these things? If the vendor cut and pasted code in, and removed comments that identified its source and the source's licensing agreement how do you spot this? It's not feasible to download every single open source project and start a diff against every single file they contain, so how do you do it?

  11. FAT filesystem? by ebydav · · Score: 2, Interesting

    Since it's used to set up a USB flash drive, does the tool happen to contain code to read/write to a FAT filesystem? Would be interesting to see that particular arrow removed from their patent quiver...