Slashdot Mirror

← Back to Stories (view on slashdot.org)

German Court Finds Fantec Responsible For GPL Violation On Third-Party Code

Posted by timothy on from the keep-your-friends-close dept.

ectoman writes "Are firms responsible for GPL violations on code they receive from third parties? A German court thinks so. The Regional Court of Hamburg recently ruled that Fantec, a European media player maker, failed to distribute 'complete corresponding source code' for firmware found in some of its products. Fantec claims its third-party firmware supplier provided the company with appropriate source code, which Fantext made available online. But a hackathon organized by the Free Software Foundation Europe discovered that this source code was incomplete, and programmer Harald Welte filed suit. He won. Mark Radcliffe, an IP expert and senior partner at DLA Piper who specializes in open source licensing issues, has analyzed the case—and argued that it underscores the need for companies to implement internal GPL compliance processes. 'Fantec is a reminder that companies should adopt a formal FOSS use policy which should be integrated into the software development process,' he writes. 'These standards should include an understanding of the FOSS management processes of such third-party suppliers. The development of a network of trusted third-party suppliers is critical part of any FOSS compliance strategy.'"

2 of 228 comments (clear)

  1. Premptive STFU to GPL haters by Anonymous Coward · · Score: 5, Insightful

    So they got caught violating an oss license? (TBH they were just being lazy by relying on their supplier's word. You've got to know and own the product you sell.)

    Imagine how much shit they'd be in if they'd been caught violating copyright on a piece of closed source software. Ask anyone who's dealt with the BSA to comment on how friendly and fair they are.

    1. Re:Premptive STFU to GPL haters by Anonymous Coward · · Score: 5, Insightful

      Actually at the core of the issue here is not really the GPL. At the core is that they got the code from another company and relied on that company adhering to the license.

      Basically the ruling says that when you got the code from a third party, you cannot rely on the third party acting correctly when determining whether your use of the code complies with the license. If the third party violated the license (in this case, by not providing the complete source code), it doesn't protect you from the responsibility of checking the correct licensing yourself when redistributing the code.

      That it was about GPL code is only tangential to the issue (although it's almost certainly the reason why it ended up on Slashdot).

      Basically the scheme is the following: A gives code to B under a given license. B then gives the code to C in a way that violates A's license. C relies on B having followed A's license and figures out that redistribution in a certain way would not violate A's license. However since B's analysis rests on the false assumption that B complied, it turns out that C's redistribution of the code also violates A's license. But with a closer inspection, C could have found out that B didn't comply. The court ruling now says that C is responsible for violating the license.

      Here A is whoever owns the copyright for the code in question, B is Fantec's firmware supplier, C is Fantec, the license is the GPL, and the violation is not distributing the complete corresponding source code.