Slashdot Mirror
Google Didn't Ship Relicensed Java Code After All
RedK writes "In a follow up to yesterday's news about Google apparently relicensing confidential Oracle code found in Java under the ASL, it seems that the blogger who initially reported the issue was plain wrong, as the files he indicated were in breach of Oracle's copyright do not actually ship with Android. Google has also deleted many of these files, which were mostly used as unit tests."
If Google distributed the source at any point, it's a copyright violation, whether or not it shipped in a handset.
I'll do a couple of follow-up posts on my blog these days to respond to some of the misconceptions and misinformation out there.
My blog never made a specific claim about Android devices containing certain code. From a copyright law point of view, however, putting software online for everyone to download means "to distribute", or "to ship", such code, and distributing, or shipping, infringing code makes someone liable.
Ed Burnette, whose post is referenced here, does not seem to understand even basic copyright-related terminology and concepts. He's wrong on almost everything he wrote and I'll debunk itI already left some comments below his article.
It's also wrong, as stated above, that Google "deleted" those files. They are still in the Froyo (Android 2.2) and Gingerbread (2.3) trees. At least they were when I last checked, which was yesterday. They are just not in the tree for future versions.
There is so much out there that's wrong, and I'll deal with it step by step.
this is pure speculation but...
one wonders whether Eric Schmidt's (former Sun executive) and his very probable push for Java on Android was not behind his resignation. From any angle Android's Java reliance seams like a bad move.
it seems that the blogger who initially reported the issue was plain wrong
Florian Mueller produced two blatantly erroneous stories in about as many days. I hope this high error rate keeps Slashdot from promiscuously posting his stuff for a while. I'm not counting on miracles, but this guy was given two chances on Slashdot and he blew it badly each time. Even if Slashdot's goal is to troll for eyeballs, they can find someone more competent to do the trolling.
I hope Google gets its way on court, scales up the Dalvik VM and we stop using anything coming from Oracle. Tomcat would run happily on it and we would use a completely Free/Free/No patents virtual machine. Kind of like they are doing with WebM. That would result in companies becoming really careful when trying to take open source code and screw up with it.
When his defense asked, "Which computer has Jon Johansen trespassed upon?" the answer was: "His own."
Yes, they are liable, but liable for what? What damages case can you make for files that aren't actually used?
Fines/Damages/Fees/"Whatever your legal system calls it" usually depend on how often you copied it and what money you made from it.
So if there are only those files, all they did was making them available in the source code repository, so that might be some large one-time sum.
If that code was in every single android device or only many android devices had code somehow based on this one or derived from it or otherwise extending the copyright of those file to what is shipped with those devices, then Oracle could have hope to get some money for every single Android devices shipped. Both from google and from the manufacturers, who might want to get that money back from google.
I think this difference is relevant.
found in the unit test area? Does that mean EMI (who owns the copyrights for the Beatles songs) could sue Google for copyright violation and get a percentage for each android handset even though the song "All You Need is Love" is not used in Android in any way whatsoever?
this seems like a perfectly valid counter to the zdnet piece:
http://www.engadget.com/2011/01/21/android-source-code-java-and-copyright-infringement-whats-go/
From a legal perspective, it seems very likely that these files create increased copyright liability for Google, because the state of our current copyright law doesn't make exceptions for how source code trees work, or whether or not a script pasted in a different license, or whether these files made it into handsets. The single most relevant legal question is whether or not copying and distributing these files was authorized by Oracle, and the answer clearly appears to be "nope" -- even if Oracle licensed the code under the GPL. Why? Because somewhere along the line, Google took Oracle's code, replaced the GPL language with the incompatible Apache Open Source License, and distributed the code under that license publicly. That's all it takes -- if Google violated the GPL by changing the license, it also infringed Oracle's underlying copyright. It doesn't matter if a Google employee, a script, a robot, or Eric Schmidt's cat made the change -- once you've created or distributed an unauthorized copy, you're liable for infringement.*
My blog never made a specific claim about Android devices containing certain code.
That's not what your blog post reads like. If they're not part of the codebase used on an Android device, you should have explicitly stated so, seeing as quite obviously "The Android versions of those files" by default suggests that those files are a part of the Android OS.
Maybe you can admit you were wrong or at the very least unclear in certain places, rather than quite childishly trying to bullshit your way out of this?
It's also wrong, as stated above, that Google "deleted" those files. They are still in the Froyo (Android 2.2) and Gingerbread (2.3) trees. At least they were when I last checked, which was yesterday. They are just not in the tree for future versions.
That's kind of how source repositories work when you delete things.
Statutory damages, probably. "The basic level of damages is between $750 and $30,000 per work," but "statutory damages are only available in the United States for works that were registered with the Copyright Office prior to infringement." If they can't claim statutory damages, they would probably only be able to claim either lost earnings, or whatever profit Google made from the infringing distribution, neither of which are likely to add up to very much.
Please name one Android device that ships with this code.
I'm looking for clarity regarding the impact of any possible infringement. Willful infringement of code central to Android devices could stop shipments. Incidental infringement of peripheral code is another matter. It should be resolved, of course, but would have little impact on the market.
Do Android devices contain infringing code? Do they contain infringing code that could be easily replaced? Or do they contain infringing code that is central to their operation?
...and a GPL infraction is generally handled by allowing the offending party to make right rather than continuing to drag their names through the mud or sue them for some obscene damages.
GPL violators generally get treated much nicer than anyone else that violates some license.
A Pirate and a Puritan look the same on a balance sheet.
Sounds much like you're trolling. Copyrighted files can be distributed if the copyright holder allows it.
Have you got your LWN subscription yet?
What you said was:
Android contains, under the Apache license, code that is essentially just decompiled code of Oracle/Sun software that was never licensed to Apache.
Now, with some creative interpretation, you can likely indeed weasel out of it and say that this doesn't really mean that files were shipped to end users as part of Android. But it certainly wasn't the impression from your original post, and nowhere did you highlight that very important detail. What more, you contrasted your newly discovered files with PolicyNodeImpl.java, from which the "decompiled unlicensed copy" story started - and why it wasn't big deal back in the day was that it didn't ship on devices.
A lot of readers interpreted your words in the same way as TFA, which leaves one to wonder if that was an honest mistake (but then why not just admit that and correct the story?), an attempt to sound more sensationalist than it really is by omitting details that make it mundane, or deliberate FUD. I was one of those readers, and I now have to apologize to fellow Slashdot readers for spreading this misinformation. Are you going to apologize for starting it?
The burden of proof goes the other way. Oracle would need to prove that this distribution did cause damage. It is not Google's (or anyone else's) job to prove lack of damages. They could maybe get server logs to determine # of downloads, but that's only useful for statutory damages.
The files discovered in the Android code repository are unequivocally Oracle's IP, with an inappropriately modified license. This means, that for these at least, Google is almost certainly liable for infringement. However, since none of those files ever went into an Android handset, their presence, in a legal sense, is most likely completely irrelevant with regards to Oracle's main aim, which is to extract court-mandated royalties from Google and/or handset manufacturers for each Android device they produce. It would be like the RIAA trying to collect royalties on music that I wrote and produced on my own, because they found pirated music on one of my computers.
Does that sound about right, or am I way off-base here?
Yes, it is. The correct name is AOSP, or more correctly, the AOSP repository. You could get away with 'Android repository' but that would be confusing. Android is a term given to a set of derived operating systems. It is neither open source nor a codebase (most Android distributions are closed source).
It's also wrong, as stated above, that Google "deleted" those files. They are still in the Froyo (Android 2.2) and Gingerbread (2.3) trees. At least they were when I last checked, which was yesterday. They are just not in the tree for future versions.
Wow Florian, that's a creative interpretation of "not deleted". I presume that you mean, a user can still check out an older repository version and that version would contain the files in question. Let me make an equally creative counter-proposition. If the files were deleted from the tip of the repository but not from the history, that simply provides a historical record of exactly what was deleted. You can't make the information vanish from the past you know, unless you are also proposing some kind of time travel. You can only make information vanish from the present, that is, tip of tree.
Have you got your LWN subscription yet?
You can be sure the damage award would not be zero even if nobody ever used it.
For an inadvertent inclusion of an incorrect license on GPLed code? I can't be sure of what you suggest at all, in fact the opposite seems considerably more likely. Looks to me like you're pretty far out on a limb on this, I would suggest backing slowly away.
Have you got your LWN subscription yet?
Usually the infringed party contacts the infringing party and allows them to correct the error, since mistakes happen. It's the polite, non-douchebag way to behave, particularly since the goal of the GPL is spreading code. In legal terms, it's called "good-faith".
Oracle, of course, is a douchebag, and as such does things the douchebag way.
Thus, Oracle gets slammed for being a douchebag.
It's like seeing a guy hit on your girlfriend, and instead of telling the guy she's spoken for, you sucker-punch him. You're a douchebag if you behave that way, plain and simple. That's how Oracle operates.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
My blog never made a specific claim about Android devices containing certain code.
That's not what your blog post reads like. If they're not part of the codebase used on an Android device, you should have explicitly stated so,
Being in the repository is being part of the codebase.
seeing as quite obviously "The Android versions of those files" by default suggests that those files are a part of the Android OS.
The repository is the OS. It's just not the binary that the end-user receives. It is the OS the developer receives when they modify Android, or develop apps for it, or downloads it for whatever reason they choose to. That's how Open Source works.
It's also wrong, as stated above, that Google "deleted" those files. They are still in the Froyo (Android 2.2) and Gingerbread (2.3) trees. At least they were when I last checked, which was yesterday. They are just not in the tree for future versions.
That's kind of how source repositories work when you delete things.
Which is another way of saying, he's absolutely correct. The files are still there and still violating copyright. I'm not sure exactly how that's supposed to be a rebuttal.
Happy to clarify. I was talking about misuse of mod points. The purpose of mod points is to rate posts by their content (as opposed to holding an overall popularity vote on the author). Rating a reasonable contribution to a discussion as a "troll" post constitutes misuse because it means an unjustified rating, with the effect that readers are less likely to get access to useful information. It's anti-social behavior because it adversely affects the quality of the information people are likely to see here.
From any angle Android's Java reliance seams like a bad move.
.NET.
Any sensible move would have had them developing to a more open platform like
I'm a big tall mofo.
Take Linux, fork it, and redistribute it under the Apache license...
Google didn't take Linux and redistribute it under the Apache license or anything remotely like that. See what I mean about "spin"?
Yes, they did "something remotely like that". They took Oracle's copyrighted files, changed the copyright (which they do not have the right to do) then redistributed them under that license (which they do not have the right to do.
That's exactly like taking something else under the GPL (like Linux) and changing its license, and redistributing it. See what I mean about facts?
...silly accusations against the victim, solely because they are Oracle.
Haha, that's rich. Oracle... victim... like it wasn't Oracle who sued Google over using Java, thus pissing off the entire free software and open source community in one go...
Right. I'm weeping for Larry at this very moment or maybe not.
And again, you are proving my point. Google violated Oracle's license, but because it's Oracle that's being wronged (and Google that's doing the wrong, but Slashdot's hate for Oracle exceeds their love for Google), then fuck them.
*THAT'S* the very definition of "spin".
Most GPL violations are solved with a quick appology and direct remediation of the violation. Typically the violation is the failure to disclose source and such disclosure then happens. Damaged or headers are not uncommon, and in case of individual stupidity (not every guy checking stuff into version control is a jet-fuel genius) or honest mistake (not every guy checking stuff into version control is fully versed in copyright law), then reasonable people just go "eh, dude, that needs to be fixed" and then someone else replies "ok, cool, I'll fix that".
So the change of license was wrong, and needs to be fixed. Neither license is particularly incompatible with the other. Reasonable people, finding an issue _this_ minor are expected to act reasonably.
Of course Orace is involved so that's expecting rather a lot.
For the most part, if the actual complaint was this mis-licensing, between typical and reasonable GPL entities, then there would have been a check-in with the corrected headers.
So no matter what the other facts may be, the damage threshold is nascent to non-existent, and the "reasonable behavior" test has not been met by Oracle.
This whole thing is Oracle FUD to damage Android for no apparent reason than the fact that Oracle doest that kind of thing.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press