Slashdot Mirror
Possible GPL Violation?
An Anonymous Coward wrote to inform us of a new Chinese Linux distro, Blue Point Linux 1.0RC, which includes support for Chinese characters. The bad news is the developers, who have based their effort on Red Hat's are alleged to have forgotten to include the modified kernel source. Coward asks: "Don't they violate the GPL?". Some people over at the BP Forum apparently have some thoughts. What do you think: is this against the terms of the GPL? (Can someone translate this?)
Thanks
Bruce
Bruce Perens.
Thanks
Bruce
Bruce Perens.
Bruce
Bruce Perens.
Yes but look at what he was responding to. I calmy and without flaming pointed out that what the person I was responding to said was not true and in fact was unfairly moderated. Still, I take a 2-point hit (offtopic, troll) because I chose to stand up and say that the moderators are wrong and a misdeed should be undone.
This is simple proof that Slashdot moderation does not work.
THIS is an important thing, smelling so bad I can hardly breath. I went to the website and poked around and saw "antionline says this, happyhacker that about our product" and decided to start up the old whois.
Seems to me that if your story is true, there is another pile of people who would happily use this to make someone's day bad.
UUH, wait, it gets better (from the website):
High-tech author and engineer Carolyn Meinel, whose Happy Hacker Web site has been hacked on several occasions, commented, "Hackers wanting to take down my Web site are out of luck. These digital vandals, who have recently hacked several prominent corporate and government Web sites, continue their onslaught against my site, but they've been unsuccessful since I've implemented BRICKHouse."
whois www.3rdpig.com:
Registrant:
Systems Advisory Group Enterprises, Inc (SAGE) (3RDPIG-DOM)
2201 Civic Circle, Suite 1001
Amarillo, TX 79109
US
Domain Name: 3RDPIG.COM
Administrative Contact:
Barreras, Rhonda (RB6088) rhonda@SAGE-INC.COM
806-354-8185 (FAX) 806-354-8366
Technical Contact, Zone Contact:
Knight, Chris (CK5577) chris@SAGE-INC.COM
806-354-8185 (FAX) 806-354-8366
Billing Contact:
Geiger, Lynn (LG4869) lynng@SAGE-INC.COM
806-354-8185 (FAX) 806-354-8366
Record last updated on 24-Mar-99.
Record created on 11-Jul-97.
Database last updated on 11-Oct-99 03:52:52 EDT.
Domain servers in listed order:
DNS1.WURLD.NET 206.61.52.11
DNS2.WURLD.NET 206.61.52.12
and whois www.happyhacker.org
Registrant:
Happy Hacker (HAPPYHACKER3-DOM)
PO Box 1520
Cedar Crest, NM 87008-1520
US
Domain Name: HAPPYHACKER.ORG
Administrative Contact:
Meinel, Carolyn (CM5166) cpm@RT66.COM
505.281.9675 (FAX) 505.281.9269
Technical Contact, Zone Contact:
Knight, Chris (CK5577) chris@SAGE-INC.COM
806-354-8185 (FAX) 806-354-8366
Billing Contact:
Meinel, Carolyn (CM5166) cpm@RT66.COM
505.281.9675 (FAX) 505.281.9269
Record last updated on 23-Mar-99.
Record created on 29-Oct-97.
Database last updated on 11-Oct-99 03:52:52 EDT.
Domain servers in listed order:
DNS1.WURLD.NET 206.61.52.11
DNS2.WURLD.NET 206.61.52.12
The GPL is more balanced. It says "You want to use my software? Then give me the same license terms I gave you." That says quid-pro-quo to me. The BSD license, in contrast, says "use me and don't give anything back". That's hardly a quid-pro-quo.
Thanks
Bruce
Bruce Perens.
I'll admit I only took a glance, but not including src is by no means a violation of the GPL. I can release hundreds of programs w/o src, and do so rightfully under the GPL...the GPL simply states that src must be made available per request.
Now, if you ask for the mods and they say nay, THEN it's a violation.
Have you looked at the product, does it make any sense? I doubt it, and the gpl infringment seems very clear if they really don't provide source code and follow the gpl. Looking on their business modell they will never be able to. Hey Bruce, if you ever looked for an easy target, they seem to be.
I tried to find out more from their website, but the marketing bubble there didn't describe more than a normally configured internet host should accomplish. (i.e. Web server with Custom Gateway Interface (CGI) server-side programming,SMTP anti spamming - Restricts access to mail server from unauthorized users sic!)
But look at an article at zdnet He ripped out Linux's security kernel, rewrote it "180 degrees" and made access dependent on processes running on the system, rather than on the user.
The president and CTO of brickhouse tells such brilliant security enhancing ideas like not to have you business data on your webserver or not to start your webserver as root. (first link on the links section)
And following some link at the links-section, I found a story (at www.amarillonet.com) where the newspaper had to print a correction cause cpm had given some unprofable statements about some hackers in order to promote the product.
If I was SAGE, I would get some other promoters.
wow.. take a minute to think for a second. The GPL doesn't require the code be with the product, but be available when requested, at a fee of whatever is needed to pay transportation costs (or free). That means if these guys simply put an ftp up with the modified code, and let you know its availalbe, they shouldn't have a problem. Here's my proof.. (I really hate /. always jumping the gun..). From v1 of the GPL (cuz I was just looking at it.. thanks RMS and neelakanth (is it neel?) for finding v1 for me)...
3. You may copy and distribute the Program (or a portion or derivative of it, under Paragraph 2) in object code or executable form under the terms of Paragraphs 1 and 2 above provided that you also do one of the following:
a) accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Paragraphs 1 and 2 above; or,
b) accompany it with a written offer, valid for at least three years, to give any third party free (except for a nominal charge for the cost of distribution) a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Paragraphs 1 and 2 above; or,
c) accompany it with the information you received as to where the corresponding source code may be obtained. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form alone.)
"Open Source?" - Press any key to continue
After you have gotten a copy of the binary software, you must see if there is source code for all GPL software, or if there is a clear written offer for the source code distributed along with the binary software (perhaps on the CD itself). If neither of these exist, the GPL is being violated.
Then, you should contact the manufacturer and ask for source code (for the kernel modifications, or whatever). Then if you don't get the source code, that's a GPL violation too.
Don't listen to anyone who calls it "whining" to protest a GPL violation. Remember that the Linux kernel and applications are copyrighted property of some thousands of contributors, and they have a right to enforce their license, which requires that source code be distributed upon request.
Under the GPL, if source code is not distributed with the product, the distributor of the binary code must give source code to anyone who requests it, not just people who have received the binary code. But we must see a copy of the binary product to determine conclusively whether or not source code is distributed.
Thanks
Bruce Perens
Bruce Perens.
the name openlinux.org is mentioned many times on their main page.(The email addresses all go there) and if you look up the domain registration, you'll see that at least the ppl who registered the domain name is from caldera. I wonder how Caldera is related with BP?
%whois openlinux.org
[rs.internic.net]
The Data in Network Solutions' WHOIS database is provided by Network
Solutions for information purposes, and to assist persons in obtaining
information about or related to a domain name registration record.
Network Solutions does not guarantee its accuracy. By submitting a
WHOIS query, you agree that you will use this Data only for lawful
purposes and that, under no circumstances will you use this Data to:
(1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail
(spam); or (2) enable high volume, automated, electronic processes
that apply to Network Solutions (or its systems). Network Solutions
reserves the right to modify these terms at any time. By submitting
this query, you agree to abide by this policy.
Registrant:
Caldera, Inc. (OPENLINUX4-DOM)
240 West Center Street
Orem, UT 84057
US
Domain Name: OPENLINUX.ORG
Administrative Contact, Technical Contact, Zone Contact:
Orcutt, David (DO331) edo@CALDERASYSTEMS.COM
(801) 523-7143
Billing Contact:
Cooper, Doug (DC1630) doug@CALDERA.COM
(801) 226-1675
Record last updated on 03-Aug-98.
Record created on 03-Aug-98.
Database last updated on 10-Oct-99 10:17:35 EDT.
Domain servers in listed order:
NS.CALDERA.COM 207.179.18.1
NS2.CALDERA.COM 207.179.18.252
Of course, I have not seen the product and will need to examine it along with someone who can read Chinese before I can say for sure that the GPL's being violated.
Bruce
Bruce Perens.
ok, i browsed through the bp forum and only found
... no to mention that you have
... (ok, there's some rambling here and
- -
one thread relating to the GPL violation. here's
a rough translation: ( the words in parentheses
are added by myself )
title: i'm very dissapointed...
name: blue
the kernel source being close-source already
voilates the GPL. the chinesenization
technology is for "bp linux" only is also a
bad since a lot of people like mandrake,
openlinux, slackware, turbolinux, redhat,
debian
promised (opensource) before... ok i know
promises are not enforced by law, and doing
opensouce in china is very difficult, but i
believe the only way to continue the
development is to play by the opensource rules.
is making some rpm ( for other distributions )
really so hard? how about the CLE project in
taiwan? they are also very complete.
bp is really the most techanically suited
chinese solution right now, and i don't want
to see it being ruined by short-sightedness.
title: Re. i'm very dissapointed.
name: hahalee
yeah, look at CLE 0.9 -- already a few hundred
Megabytes. A lot need to be modified in a
distribution, like the hz de/coding in Pine,
debug in kmail and system scripts etc... we can't
depend on other distributors to maintain the
packages. anyway, if you like the distribution
like the preview version, feel free to continue
using it.
about opensource, what we promised was to include
source in the release version. this is just a
relatively stable debug version. the opensource
theory
i'm tired of translation ).
-----------------------------------------------
so basically i think this is just like the Corel
Beta version thing. ghost already left a message
in bp forum informing the developers that they
have made slashdot headline from GPL violation.
i'm sure this will be resolved very soon.
IANAL (honest, I'm not), but I think one would back me on this. Fortunately or unfortunately, it comes down to the most anal wording considerations of the contract. It is an actual written contract and supersedes what an employer thinks it ought to mean, and particularly it supersedes what RMS _wanted_ it to mean.
As such, the contract makes absolutely no distinction regarding employees whatsoever. You yourself gave me one of the final keys to the probable outcome of this in court, when you apparently talked to a lawyer and learned that distribution was from 'one legal entity to another legal entity'. Now, corporations might want to write their OWN contracts (and have) to lay claim to the IP of their employees, but they don't have the power to stop a person being a legal entity just because that person is an employee. Therefore, it looks like 'distribution' within a company remains totally subject to the GPL's provisions regarding distribution, because the GPL says _nothing_ about 'unless it's a beta' or 'unless it's within a company that wants to preserve its intellectual property'.
I don't think this is an accident. I think RMS wanted it this way. So would I. His license is a subtle and direct way of preserving lines of communications over source code, and to make special cases where you don't have to share defeats the purpose. It's written so there are no loopholes regarding that, but it is also written to not be too unmanageable for the source writer. The basic rule remains "binaries == source == complete rights under the contract", and is quite clear, concerning itself with no other issues at all. That's a strength and gives the contract focus.
Non-internet source code distribution could also legitimately include shipping costs. So you'd have three elements: media, labor/handling and shipping. The media and shipping costs are tough to pull highway robbery for, you can easily find the cost of a CD-R and a DHL letter pack in the market from which the distributor is distributing from. If they deviate too far from that amount, it would never hold up in court.
The labor/handling charges they've got a little more flexibility with. If the average hourly wage is 6USD for a technician, and they charge 300USD for labor, again no court would accept it.
----
----
Open mind, insert foot.
Regarding copyright infringement lawsuits, given all of the money behind Linux these days, one would think that we would be able to find significant financial support for enforcing our copyrights, as we did in correcting the Linux trademark issue. There is also some chance that we can bring a criminal, not civil, prosecution in some forms of copyright piracy.
But the sad fact is that it may simply not be possible to enforce the GPL in some nations, China included. You certainly can enforce it, though, if the Chinese company decides to sell its product in another nation that has conventional copyright laws.
But we still haven't seen if the company is simply confused about the GPL.
Thanks
Bruce
Bruce Perens.
But again, we don't know yet if these people are just confused about the GPL as Corel was, and think they can wait for the end of their Beta tests to release source or something.
Thanks
Bruce
Bruce Perens.
A lot of people have trouble understanding that beta-tests are distribution. But when you transfer a copyrighted work between two different legal entities, that's distribution. So, the first time beta code goes to someone who doesn't work for your company, you must fulfill your GPL obligations. Your intent to distribute source later doesn't matter, it's a violation now.
Thanks
Bruce
Bruce Perens.
Thanks
Bruce
Bruce Perens.
Actually, the FSF has Eben Moglen, a professor at Columbia, as their general council. I also think that RMS is eager to get a GPL test case so that he can see if it holds up, and if it doesn't, what needs to be fixed. Hell, NeXT took one look at the GPL and decided to not even try to fight it.
Actually, if they give someone _inside_ of the company a beta or alpha or random coyrighted hack, as a binary, then that is distribution, and they'd have to give the person source under the GPL, or at least make it available. ;) ) ...a clear statement of what the program wants to grow to become. Given that, there can be direction and clarity. Without it, you might have a perfectly bugless program that was just a pile of unrelated functionality.
The trick is, in this situation it's probably being given to another programmer anyway- so it's _assumed_ that they're getting the source (to work on). But the point is an important one- there's no distinction between alpha, beta and final, and no distinction between inside the company and outside it, as far as GPL applying. When you give a person a binary you let them have source, that's the bottom line. It most certainly applies within a company as well. To control this, only give binaries and source to people who need it to work on, and who agree with you not to distribute it more widely yet. That has to be voluntary because the GPL specifically authorizes anyone to redistribute further on their whim, and doing so is also in the spirit of the license.
You can explain to your programmer that you want the program to be more finished and whole before the world sees it. Suggesting that the bugs should be fixed first is not a good idea, because that brings thoughts of 'many eyes/easy bugs' and is an argument for going widely public instantly. Instead, a better argument for voluntarily keeping a distribution limited at first is that in early stages, the 'essence' of the program is very blurry and weak. You want to have the program stand on its own and seem original and worthwhile, bugs or no bugs, by the time you're really putting it out there. Otherwise people might not understand what it wants to be, and the open source interaction might pull it in many unhelpful directions.
One might even say that a GPLed program doesn't need a buglist so much as a manifesto (ducks
Clarification: If you get the code from them, and then you ask for the modifications, and are rejected.
I haven't looked to see if they're a "Wide open FTP server" or if they're a CD only kinda thing, but they are only required to give the mods to the people they distributed it to, upon request.
e.g., if you buy the binaries from FooBarOnlineCDSales.com, and it doesn't include the source, only FooBarOnlineCDSales.com is required to give you the mods. If they don't have them, then they damn well better get them (pronto) from whoever THEY got the code from, so as to be able to meet the GPL's requirements.
Now if its an FTP server, they have a hard time proving they DIDN'T supply you, and they need to make it available to one and all who ask.
The GPL states that the code must be freely available. So if they post it on a web/ftp server they'll be fine. Or if they include an address that someone can write for the source, then thats ok too...
:-)
Just ask Linuxcare about their boot/root credit card cd gimmick at LWE
Get a life, not a lifestyle. - Hikem Bey
are somewhat of a dissapointment to me. I thought that the "great nation of USA" should be a little more cultivated than to still be afraid of the "Red Danger".
Can't you people still see it.. socialism, communism, marxism... it's all just governments... the people that populate the country in question are still humans, and diserve nothing else than to be treated as such
---
Killroy Woz Here
Over at 3rd Pig they've got a RedHat kernel (from the 4.1 distro i believe) that's been hacked up to use process based security. They've been running a public test and haven't released the code even though they have been asked. I don't know if they give you the source when you purchase it, but at the price they charge (~$10k+) i don't think i'll find out.
I would think that if they modified a linux kernel, they would have to release the source. (Don't flame me as i haven't really read up on the liscences and i'm just expressing my opinion.)
My
It's long been a practiced for lesser developed nations to try to bootstrap themselves into the modern world by acquiring technology hook or crook from more developed nations. This can take the form of pirating, industrial and governmental espionage (anyone who thinks the Chinese haven't been spying here is badly mistaken), getting licenses to manufacture XYZ and then reneging on terms limiting the disclosure to third parties etc.
Software piracy, GPL violations etc. are only the tip of the iceberg.
Nor is China the first, nor will they be the last to do this. They may in fact be the WORST though by virtue of their size and their represive government.
The only way to deal with the issue is by hitting them where it hurts, in the pocketbook. If GPL is being violated we need to complain to the same trade organizations that put pressue on China for all their other acts of international piracy, and complain to senators/congressmen about the favorable trade agreements that are being pushed through. Make no mistake about it. The current Chinese government is not your friend.
As always, a comment like this shouldn't get an answer, but then ...
This is not only offtopic, this is completly absurd.
First, technokrat is no copy of slashdot, it has an similar look. So what, this look is a proven way to deliver this kind of information.
Technocrat delivers A DIFFERENT KIND OF INFORMATION.
Second, why do you whine about copiing in a threat about GPL. You haven't understood anything.
Third, HAVE YOU EVER LOOKED AT THE HEADERS OF AT LEAST ONE THIRD OF THE POSTERS ON SLASHDOT? THEY ALL ADVERTISE AN URL!!!!
O.K., I can deal with the concern about a Linux distribution not including source, even if it might be a bit premature.
What's with all this China-bashing, though? Sure, China's got its problems... but it's not like this is the first time someone's done this. To say it's happened because "the Chinese make their own rules" or "the Chinese don't believe in intellectual property" is speculation at best, and bigotry at worst.
They screwed up. Westerners have done the same thing, and I doubt anyone would argue that (as a possibly inaccurate example) the guys at Corel are godless commies because they didn't provide the source to their distribution.
---
Consult, v. t. To seek another's approval of a course already decided on.
Are the Chinese even signatory to any of the treaties that govern these things? If they're not, then the license doesn't have any power in China (and may not in most of the world anyway) and they're not violating it.
Typical - on the one hand we have people saying that the GPL is communism, and on the other people blaming communism for violation of the GPL.
I've just had a look at the first half of the forum (too long, got to do some work). All of them are about installation problems and packages available in the distribution. I found 2 comments about source code availablilty. The first one is in English "Isn't it Linux? Please Open Source!" and was regarded as a flame in the one reply (also in English). The second one is in Chinese, posted by a RealLinux (0 byte(s) ReaLinux 10/8/99 2:04 pm). The title of the post says "No source code, I don't need BluePoint". There's one reply by a Simon (23 byte(s) simon 10/8/99 11:19 pm) saying "Good! Then go ahead..." (original reply in English).
It seems like it's not seen as an issue at all on the forum.
Are you really a BSD user, or just some idiot trying to make BSD look bad? When Linux zealots loved to try to degrade BSD users, this was exactly what they did. Sometimes I can't tell if its these users just reversing it (since they know everyone hates it and makes BSD, as it made Linux before, look bad).. or more likely.. just some little @$%!ing brat.
Now, the GPL has every right to exist, and users have every right to make sure other obide by it. I'm sure if you go rape some child they're parents will happily get the government to put the full force of the law down on your... But this isn't as severe, which is why no ones going to jail or such. Violations still deserve attention, to be takn with concern (while staying calm) and not to ridicule the license because some people are inept and try to ignore it.
"Open Source?" - Press any key to continue
That applies if you don't distribute source code with the product.
Bruce
Bruce Perens.
At least one author would be the complaintant, and would claim infringement of a specific part of the kernel that he clearly wrote. A single function would be enough.
ii) Does this mean that you have to give back the binary because they had no right to distribute in the first place (ie you are doing yourself harm by complaining)?
I don't think that under the GPL a distributor can compel someone to whom the product was distributed to destroy the product. But the distributor has infringed even if the product is later destroyed.
iii) What is 'reasonable cost'? Could a company legitamately claim that the cost of production of a one-off CDROM or DVDROM is of the order of $100,000 and charge that for the source? After all, commercially pressed CDs are the norm for software distribution.
$100,000 is not a reasonable cost. At the most you could charge for the media and an hour's labor by an operator to write the medium.
Thanks
Bruce
Bruce Perens.
Just delete the "But" and read the paragraph without it.
Thanks
Bruce
Bruce Perens.
True.. and of course that's why whatever I write, software or written word, goes under a BSD style license (I don't like OCL). Actually.. I'll be writing a lot about differences in license if I ever get my project organized enough...
Everyone knows it, but telling supporters in their face wont always make you friends. The GPL serves as a lobbying tool for FSF, BSD serves as a license to improve the community (in my opinion). I see the BSDL and the GPL in a similar fashion as what happened with the hippies/yippies. The hippies started the trend, they reacted, they caused their revolution to begin. However, they weren't politicial, just doing what they wanted and thought was best. The yippies, the generation after, liked the hippy ideas but wanted to add heir political force to it... add their twist. Yippies marched, yippies screamed against vietnam. Yippies got the attention of the press as revolutionary, while the hippies were just ignored.
Sound familar? BSD has done revolutionary things technologicly, GPL done the political work. Why is it that Linux users are generally so bent on getting media in any possible fashion, yet BSD users aren't so interested in the ego of the printed page? Linux is evolutionary, BSD was revolutionary.
If you go BSD, you allow the open source world to evolve from your code, and the closed source to use that code as a starting point, and then improve (and they always do. The bugs they find, and other code as submitted as gratitude back to the origionators). Sometimes, you just have to have lots of respect for them.
The GPL takes the open code, forces businesses to see it but not have it (taunt them), and then makes a big media blitz where companies are lead to believe GPL'ing means instant free developers, customers.. capital. Its not true.. but they have one heck of a story to tell.
That's my opinion of it. FSF is a lobbying group, but I doubt they would deny that. However, I still respect and in general uphold the views of the GPL community, and I understand decency. Yours was at the edge.. and I probably would have given it 1 off (because it sounded like a cheer for the insultish attitude of the origional poster), or more likely.. just ignored it.
"Open Source?" - Press any key to continue
http://ftp.openunix.org:81/pub/bluepoint/starprevi ew/FAQ.TXT section 3.10.3: (translated) chinese package and patch: "due to space limitation, no source code is included in this beta version, but we promise to include source code in the formal release, and you can find the source code on our homepage." Please don't be so critical of everything related to china before you get the facts.
IANAL, but... Let's just hope that no major corporations discover how flimsy a protection the GPL really is.
Legal and accurate though it might be, the GPL has a fatal shortcoming as a protectant of open source rights, namely that it costs money to enforce.
I'm sure many of you are familiar with the practice among American convicts of filing spurious lawsuits against the prison system in an attempt to wear it down. Inmates have filed civil rights claims against everything from the temperature of the bathwater to the flavor of peanut butter served in the cafeteria. These lawsuits are not serious, but they cannot be prevented because the right to sue has been tied by the courts to the rights of free speech. The upshot is that DA's offices are exhausted in some counties with the sheer expense of filing counterclaims and motions to dismiss.
If someone really wanted to demolish the open source protections on a product, all they would have to do is reverse this tactic. A lot of open source programmers and "foundations" just don't have the money to fight more than a handful of costly legal battles. All a company would have to do would be to publish and illegally patent hundreds of modules that broke the GPL on an open source product. Then build the product out of the patented "proprietary" modules. Challengers to the legality of this maneuver would have to prove one by one that the modules were not legal, costing them thousands of dollars. And if they suceed for some module, well, it's simple enough to produce a legitimately proprietary version for one small part. Pretty soon you exhaust the original open source devs and they give up. Viola!
What we need, as other have said, is some sort of fund to hire crack lawyers. Like the ACLU, except for open source.
-konstant
-konstant
Yes! We are all individuals! I'm not!