Slashdot Mirror
On the GPL and Releasing Source Code
wally@smug continues: "We'd like to avoid having to ship a CD-ROM of source code with each product, so using a web site is the best solution for us. Obviously, for GPL programs that we have modified, we are going to have to release the source code on our website. That is pretty much clear.
The tricky part comes to the distribution of the source for everything else on the unit.
If we used (for example) Red Hat Linux, it is my understanding that we can not just link to the source on the Red Hat website, as Red Hat is a "commercial" distribution. Is this correct? (What exactly constitutes "commercial" under the GPL anyway?)
Or is section 3. (c) of the GPL talking about us being commercial, and not the original distribution? Of so, is our distribution "commercial" or not? (We are really selling the hardware unit and our own custom software that drives it, and not the distribution...)
How about if we just obtained each program/item from their original source on the web, and not from a distribution? Can we then just use hyperlinks to the source?
Ideas and comments would be greatly appreciated. "
I figure there will be a lot of future Linux-based solutions that will follow a similar model and, rather than being a computer that you control, will be more of a turnkey product that you buy and use (while the vendor is responsible for things like maintenance and administration). So for setups like this, source distribution becomes a bit of a problem (and a considerable nuisance to the vendor). What are ways such vendors can distribute such products yet still remain compliant to the GPL?
There is no need to include the source with every CD, as long as the source is available for a nominal fee or via FTP. With a lot of the Linux distro's you do not get the source (except for the kernel which is a must) but you can get the source from their FTP servers or from an expanded set of CDs.
Scuttlemonkey is a troll
The GPL does NOT state that the source code must be included with the distribution (otherwise things such as RPMs and other forms of binary distribution would be illegal) It only states that the source code must be available upon request for at least 3 years.
"Software is like sex- the best is for free"
-Linus Torvalds
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
So you can use section 3b instead of 3c if you for instance have an ftp or web site up at least three years from the release date containing the source code.
You can actually make money off GPL. :)
Here's how:
Release binaries.
Have source only available on CDROM's
Have a mandatory 'insurance' package for shipment and only release the source CD's by mail order
Still legal and GPL'd.. but dishonest
This is explained in the GPL as well..
Dacels Jewelers can't be trusted.
My interpretation of the GPL is that you don't have to make the source code available with the product nor do you have to even publish it on your website. It just has to be available if someone asks. The requesting user is responsbile for any costs incurred, so just have the source on CD somewhere and charge them the cost of a CD-R and the shipping. They, of course, can re-publish it on a website if they like. -Derek
Anyone who buys the CD can redistribute the
souce.
For every problem, there is at least one solution that is simple, neat, and wrong.
after all, the gpl doesn't really take say, embedded applications, where the end-user might not be able to modify the code in any significant way, into account. Is that a violation? I don't know---and I don't think anyone at the FSF has thought about it much. Incidentally, source code CD-ROMS for a nominal fee are probably the best approach in the scenario I've understood here.
My understanding is that as a provider of binaries that you must also provide sources. These sources can either be:
I belive there is a minimum number of years you need to make the sources available if you choose not to ship them with the product.
If I was shipping a product, I'd cut a CD-ROM and ship it with the product even if the product dosen't have a CD-ROM drive. It's cheep ($2.50 max, quantity 100) and satisfies the GNU Copyleft License. It provides adherence to the GNU Copyleft License. If somebody wants to publish the code on the web, they can purchase your product or get a copy of the CD-ROM from somebody who has and do so at their expense, not yours.
... the hardware and software are set up for a specific set of tasks, and users fiddling with the software setup would be a bad thing (and a potentially huge source of returns of "faulty" products). So users will not have an account or root password given to them (as it's not required to use the product).
Others have pointed out the ways you can distribute the source without using a source cd, so I won't bother that one. One of your other problems seemed to be that you were afraid that easy access to the source would encourage clients to tamper with the setup, and then complain that your product stopped working right. You are apparently shipping to a set of clients who are not overly concerned that they will not have root access. Are these people that will be inclined to muck about with the software on these boxes? Even if they did, couldn't you legalese something to the effect of "screwing with the box voids your warranty"?
Communication is only possible between equals
Putting the stuff on a publicly available ftp site counts only if that is where the original distribution occurs from. This is to avoid the "the source is lying on a 2400 Baud connected public web server with explicit routing required" effect. Either you hand out a source code CD to the GPLed parts, or a written offer, valid for three years, to deliver this at request.
Read the GPL for starters.
Now, all you have to do is make the source available, you could just have a little message in the back of the manual pointing them towards a P.O . BOX to send a request. Or you can make it easy and just put up a web page, but I say make em suffer.
You are required to keep it available for three years. You have to do this for every single version you ship. This will be difficult to manage.
A hyperlink to source offsite probably won't work... If the site goes away before three years are up, you will no longer be in compliance with the GPL.
All in all, I think shipping a source CDROM is the way to go.
Before that, the source wasn't online, but anyone who grabbed a phone or sent an email to their tech support crew, could get that kernel source as well.
Okay... I'll do the stupid things first, then you shy people follow.
Okay... I'll do the stupid things first, then you shy people follow.
[Zappa]
The GPL doesn't require you to do so. As long as the source is available.
Obviously, for GPL programs that we have modified, we are going to have to release the source code on our website. That is pretty much clear.
No, it isn't. As long as the source is available to anyone who asks for it, you're in the clear. For example, cheapbytes ( www.cheapbytes.com ) sell Linux CDs that contain binaries only. However, you can also purchase the source CD for $2-. If you have a CD burner, you can just burn and ship the source for anyone who asks for it, and charge a modest fee.
If we used (for example) Red Hat Linux, it is my understanding that we can not just link to the source on the Red Hat website, as Red Hat is a "commercial" distribution. Is this correct?
No, it's not at all correct. The problem is that it is woefully insufficient because you are not distributing it. The fact that someone else has the source on a public ftp site doesn't exhonerate you from your obligation to make the source available.
Section 3c is discussing a situation where Joe user gets a binary-only CD from, say Cheapbytes. He wants to loan it to his friend for copying. 3c says he's allowed to do that. This doesn't really apply to you, because you are distributing it commercially. It's not fair for you to expect Redhat to provide ftp services for your commercial venture. However, it would also be unfair to require Joe user to order the source from Cheapbytes (just in case his friend wanted it two years later), or to require Joe User to set up an ftp service.
If you already have an ftp/webserver, you could use that. Otherwise, you could just ship a "written offer" as outlined in the GPL, and burn/ship a CD for anyone who wants one ( probably almost noone, judging by the nature of the product )
Cheers,
Presumably if I have a web application that uses GPLed code then there is no need to distribute the source (since the binary was not distributed); but what about other fuzzy areas? How about embedded apps where it wouldn't even be possible to change the binary (think of DirectTV or something)? Kiosks that I own put have set up for public use? Kiosks that are leased out? A machine that I own but that is located on a customer's site. It is not clear exactly what constitutes distribution.
I think the delivery of sources and the conditions
of the provided warranty are separate issues.
The warranty conditions could state that
bug reports are only accepted if the bug
can be reproduced on an unmodified product.
Steffen
This is probably obvious, but before linking to RedHat's severs, it would be nice to obtain permission from them. It's doubtful their bandwidth would be hit hard enough they'd care, but it somehow doesn't seem right to just take it without asking. It's not free. Since their distribution is being used in this product I can imagine them accomodating the request fairly easily -- there could even be useful mutual advertising involved.
If I write a program in binary machine code, do I have to release the source?
Scuttlemonkey is a troll
and set up an ftp, http, tftp or whatever server on the machine, giving access to the source.
Either that, or if you are making an installation CD to go with it, just include the source on that.
Doing anything else may give people an excuse to accuse you of violating the GPL, which will do your company no good.
It's not as though a source CD is going to cost you anything significant, so if you don't do that, or something as good, it gives the definite impression that you are being disingenuous.
Debian: GNU/Linux done the Linux way
I know it's probably a bit late, but if you'd have chosen FreeBSD, the license would have allowed you to withhold source code as much as you wish. A lot of other "Appliance" companies are doing just this, for instance http://www.whistle.com/ and the GNATbox firewall (forgot URL).
Good luck, anyway!
Provide binary/source or binary only with the product, make the source available upon request, and (and this is the important bit) CHARGE source code SUPPORT.
;)
if someone "breaks" it by messing with the source code, then charge them the appropriate fees for support, by the hour.
doesn't seem like a problem to me.. in the documentation state something along the lines of "we will provide free support only for binaries supplied with this product. support for user-compiled binaries is available upon request, at additional cost" or similar. or just state that you straight out don't support user compiled binaries (depends if you want to make money out of it).
this works with redhat.
im sure if you try to recompile your redhat distro with the supplied source CD, and ring up redhat saying something to the effect of "whats a makefile? how do i configure it???" they will not provide that sort of support for free
the whole idea about making money out of open source is charging for *consulting*, but not the actual product.
just me..
smash
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
As I understand the GPL in very vague terms
you only have to supply sources to those programs
that you have actually modified. So if your hardware/software combination doesnt contain any
modified programs, is there a need to distribute
source AT ALL? Like for example, just because I'm
using the Linux kernel in a product, and I have
all the drivers already available and I havent
touched the kernel source, but I've made my own
programs to do whatever, there shouldnt be a need
to distribute source, because the GPL doesn't
come into effect... right?
If this is a modified Linux kernel, you must release source. If it is based on an already GPL program, you must release source. If it is your original code that just runs on Linux, you have the option of not licensing it under GPL. However, the Linux binaries you distribute must have source for them available, even if it is a webpage. Compiling a program under Linux does not a derrived work make.
Andrew G. Feinberg
Just because the screws for your hard drive are readily accessible doesn't stop the manufacturer from saying "Opening it up voids the warranty". You can say the same thing here. Installing modified versions of the included software voids the warranty.
To make it clear state the cost ( to the customer ) of recovering from such situations with your help, or even of having you optimize something for them.
Note: You will in all likelihood need to issue bug fixes for security violations at some point.
--= Isn't it surprising how badly I spell ?
is for users to be able to tinker with the code
and be free to share the code with others.
In this situation it seems like you want to
prevent this sort of use... understandable but
you will always have the "power user" who wants
to do more with it.
Here is how you do it to keep everybody happy.
1: Include the GPL itself with the documentation.
2: Include a link to your own FTP site with all the SRPMs piled high.
3: State within the warranty ( near the beginning, in bold letters ) that you don't cover modifications or recompilations of included software.
4: Include an offer to make such modifications for the user at a specific charge.
This complies with the GPL, makes your life simpler and makes the customer happy. Note that you should send the modified software ( whatever it is ) over to Sunsite so that it will be easily accessible even if your site is down ( All the really big archives mirror sunsite ).
--= Isn't it surprising how badly I spell ?
Analog Devices distibute a C cross compiler for some of their DSP products that is based on GNU C. The documentation states that you may request a copy of the GNU source on tape for $150. You may quite validly distribute GPL'd software offering to supply the source at a reasonable cost. If your tech support department is encharged with supplying any eventual requests they may charge at the same standard rate (plus materials and shipping) they would charge for, e.g., product repairs. That would be to the letter and the spirit of the GPL. It is unlikely that many people would request source from you, as they know it is widely available, but if they did, then you can legitemetly make this a profit centre. Note that you need not supply source for stand alone code (there is a lot of non open source available for Linux), nor need you supply source for a stand alone driver that is inserted into the kernel as a module (there are precedents for this as well). You DO need to supply source if you wish your driver to be include as part of the standard kernel, and this is the catch that blocks support of hardware devices when manufacturers do not want to reveal secrets, but it generally does not have relevance to Linux embedders.
You need to fundamentally change your philosophy. You are no longer a vendor of software (ie, manufacturer) but you sell people what they really need .... quality service based on a fantastic open source product developed cooperatively over the Internet. You change from a manufacturer to a service based company. Charge support contracts and a good hourly programming rate for the service of customizing the source code for them with the understanding that everyone will benefit from their contribution to the Open Source Internet community. This approach embraces the Internet. It embraces the future. Sell the CD like redhat does for $65 bucks for service of delivering the program and source code to the uninitiated Internet people. The same type person needs your support and help to succeed with the open source product that you are going to release. Everyone benefits from Open Source (even Microsoft if they would join the party :-)
What exactly is exposed? The guy probably knew the licence allready, and just wanted some clarifications, so that nobody would get upset by the actions of his company.
The GPL just protects users and developers from being screwed by monopolists.
I don't really see the problem in releasing the source anyway. Here's why:
Anyone who changes the source will more than likely know exactly what they are doing, and certainly not need any support. Put on a disclaimer if you like, but my guess is that the number of people wanting to modify and recompile your drivers will be in single figures.
But hey, you might get lucky. Suppose some technical guru spots a deep bug that she can fix, or sees a way to optimize the code to make it leaner, faster and more stable, or maybe finds a cool way to interface with other hardware that you never dreamed of. And the great thing about the GPL then is that you get these enhancements back to incorporate into your next release!
Basically, GPL is great for drivers and hardware support. You shouldn't waste any energy trying to obfuscate access to the source, since this will only throw away most of the considerable benefits that the GPL can bring.
For future projects, you may want to consider a BSD-style license. Code developed under it doesn't have this problem.
A BSD style license also doesn't prevent you from using pieces of your own code developed for an Open Source package (under the BSD license) in another system you develop commercially. You wrote it; you own it; you can use it.
With GPL, if this situation arises, you must forget you ever wrote the GPL code and "reengineer" it for your commercial development, or have someone else reengineer it. Costs you extra time, but AFAIK that's what you have to do to abide by the license and honor its source release terms.
Given this and a few other points, it seems to me that GPL is a good license for hobby developers; BSD is the better license for professional programmers.
External customers, then, are a bit more complex, as the GPL -does- apply to them. Here, though, the nature of Linux comes to your rescue. You are ONLY required to GPL changes to the kernel or changes to existing source code. Any drivers that you write as modules, along with any packages you write yourself, need not be GPL, and can be as closed as you want.
You're perfectly entitled to refer customers to Red Hat's site, or any other site, IMHO, The object of the GPL is that GPLed code is available. Who does the actual hosting of the site is, AFAICT, not relevent to the GPL.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Why? Upgrades.
If you upgrade the Linux you ship, you have to have another copy of the source available. Everybody has to be able to access their source code. Doing this on a Web site can be annoying and expensive. By shipping the CD, you don't have to keep holding onto the code yourself. Most other solutions require you to keep a copy of today's Linux fifty years down the line.
If you really don't want to give everybody a disk, remember to version your Linux and other open code. Hand the customer a notice saying "This contains FredCo Open Source Distribution v1.0. Please contact FredCo at 800-555-5555 to purchase a source distribution of this software at a nominal fee, plus shipping and handling". Then, just have a couple of master disks (never just one) of FredCo OSD v1.0, and have a CD-burner around to copy these for customers. Upgrade your software? Cut a new set of master CDs, and rev the version number.
This may be cheaper in terms of materials, but you still have to have some business process in place for handling source requests.
--The basis of all love is respect
Distribute the source as assembler. Theres no rule saying you have to distribute something under GPL in the language you wrote it in. I mean you could even decompile your actual compiled C code and distribute that as the source. Only a f'ing lunatic would try to patch decompiled c code. Theres a million and one ways to get around the GPL. It sucks anyway. Long live the truly free licence: BSD
provide the source, of course on a server connected via a dialup slip connection on a 9600 baud modem. feel those BIG MEATY KILOBYTES speed their way down the line. hrrm, you could try a 300 baud, but I don't think it would be fast enough to go through the SLIP negotiation without timing out. heh, oh well. an idea anyway
My understanding is that your box will essentially be impossible to user upgrade since you don't provide user or root account access to the purchasers of your system. Is that right?
If so, source or no source, you have locked users into a position where they cannot use the source to solve problems with your box. I am not sure if this is legal or not under the GPL, but it is in direct contravention of the intent of the GPL.
I would encourage you to provide root access to the systems to purchasers that request it.
Geospatial Programmer for Rent
From the GPL, just below section 3: "The source code for a work means the preferred form of the work for making modifications to it." This means you can't distribute a program disassembly and such as the source code.
Why are these posts being moderated as flamebaits? These users are merely suggesting alternatives and solutions to the problem presented in the article. Please, Slashdotters, reveal to the rest of the world what is wrong with suggesting a solution that isn't Linux.
Looks like someone has an anti-FreeBSD itch this morning. Rob should take a look at this.
I've discussed this with Stallman, and he claims that in his interpretation of section 3b of the GPL, merely providing a URL where the source can be downloaded is not sufficient to comply with the terms of the License. As implied by the words ``physically performing the source distribution'', this section requires an offer for a physical shipment (e.g. by snail mail) of a CD (or tape or some other machine-readable media) containing the source.
Stallman was going to change this in version 3 of the GPL (in fact, that would have been the major change); but he inquired as to what the facilities for Internet access were like in Europe, and since he found that they were not nearly as good as in North America, he decided that version 3 of the GPL would (probably) not change this.
So you must either ship a CD with each unit sold, or accompany it with a written offer to do so on demand. Having an FTP site is convenient, but it is neither necessary nor sufficient.
As for the meaning of ``commercial'' in section 3c, my interpretation is that it refers to your being commercial (not RedHat). (The ratio legis here is probably this: if an individual writes a small change to a GPL'ed program and offers to distribute the source, and some big company includes that program in a distribution that sells millions of copy, we don't want the individual to be overwhelmed by requests for source distribution if the company merely transmits the offer. This is my personal explanation, nothing more.)
If you're rally serious about shipping a product, then your company must have legal counsel, right? You've dealt with contracts and leases and other legal documents in the past, right? Presumably it would be your lawyer's job to read and interpret the GPL and give your company competent LEGAL ADVICE about the licensing issues involved.
Please remember that Slashdot does not carry malpractice insurance and any advice you get from Slashdot readers (myself included) should be highly suspect, since most of us ARE NOT LAWYERS.
/peter
What you could try is this:
1) Post the code that you midified that is not
directly from the distribution you use on the
website.
2) contact another company (like cheapbytes) who
already sells copies of CDs with GPL software,
and thus already has to honor the GPL for stuff
they are already selling.
You migh tbe able to get a mutually beneficial
contract going where you refer customers to them
to get the original distribution source code
Since you have a contract with them, they are
providing it to your customers for you. As long
as the price is nominal (which it is for
some like cheapebytes) then it should still
satisfy.
Since whoever is selling CDs already has to honor
the GPL and provide the source for 3 years for
their normal sales, I am sure that at least one of
them would be willing to do it for you in exchange
for the publicity they would generate
(ie the offer would basically be advertising
to all of your customers)
just a thought
"I opened my eyes, and everything went dark again"
Mot users do not care about source code. You guys are so geeked out, you think everyone wants source. Most people don't even know where to plug in a mouse.
If you were running the project, it would be history because you would be releasing your hard work to the public, and would be broke in no time, as no one would then be required to pay.
> If I write a program in binary machine code, do I have to release the source?
Good question. A related what-if is if I design my own programming language, release the source in that language but don't release the compiler for that language. GPL states explicitly that compilers don't have to be included with the source. Seems like an easy loophole to me.
How does one fix a currupted disk? Unless you are absolutely positive that some user isn't going to "unplug" box and it is going to be on an UPS... Do they send the box back to you? Personaly I would give them the root password and say if you use this and it doesn't work afterwords its your tough beans...
we see the viral nature of the GPL. Your product is ruined and your freedom has been subverted by the Stallmanites. The FSF now owns you.
I know of a company that is "leasing" boxes running modified linux & squid and they don't think that they need to supply source since they aren't "selling" the box. I think that this is a clear violation of the GPL. Does anyone concur?
I'd like to see them taken to task if they are violating...and get their source! We can't have companies sucking off the open source community (taking & not giving).
-core
At the risk of getting flamed to a Krispy Kitty...
The way I read the request, the gentleman assumes that just because it runs under Linux, it has to be GPL'd. While this is true for changes to the kernel code, didn't Linus say that binaries linked against the kernel did NOT have to be GPL'd? Maybe I didn't read the request closely enough, but it didn't sound like they were making changes to the kernel, so there would be no requirement for releasing the product under the GPL.
Or did I get into a bad batch of catnip?
...diving into his asbestos covered kitty-condo.
Meow.
Windows is the Acme of computing -- in the Wile E. Coyote sense.
This is what I'd do. You already planned to make the source available via FTP; this is a Good Thing. Now, you'll have to include a slip of paper with your products that states "To get the source code to this program, go to ftp://whatever.your.server.is and download via anonymous FTP" or whatever scheme you plan to use."
That should be enough. You do have to make the source freely available, but that should not be a problem at this point.
Let's see if I have this straight...
I have a bundled product that runs on Linux. (A hardware box, so it has my product, linux, and any other required hardware)
Now when I release this product, it is my burden to mirror the Linux distribution even though I've not modified this particular standard distribution at all?
Cobalt Micro (the Qube guys) only have thier source available on thier FTP server. They don't include a CD, the source is not on the hard drive of the Qube already, and I certainly couldn't find reference to the source in thier docs. Also, while the source *is* available, I was told by tech support that recompiling could void my warrently.
So it seems clear that all you NEED to do is put the source on a public FTP server. You don't have to actually ship it with your product, and you don't have to actually the use of said code.
I don't know what the device is you're selling, so this may not really apply:
Why not let the customer have root and readily available source code? Just make it clear that customer modified software is not supported, and that if a device is returned "defective" because of customer modification, they will be CHARGED for the service (nothing unusual there, no warrantee covers user modifications). Set up the root account so that that disclaimer is repeated when they log in.
When a device is returned, run a CRC on the system software to detect such modifications.
There have been several occasions where I wish I had access to device firmware either to correct misfeatures or bugs (My DSS reciever for example has a couple of race conditions, including a lock-up. Interestingly, there is evidently a watchdog timer that resets after the lockup.)
Maybe a greater proportion in the old days, but I'm sure some still do.
:).
I can still remember many of those ol 6502 and 65x816 opcodes and their cycle counts, and I/O addresses for the Apple II and IIGS.
e.g. 2c 30 C0 AD 70 C0 AD 64 C0 30 FB 10 F3
I only used assemblers when I was in my late teens- to make a disk caching program. I've declined even further - now I'm using stuff like Perl (gasp!). Getting old and lazy I guess
Cheerio,
Link.
Oh please....you are comparing your site with that of Yahoo or some huge internet portal/search engine/retail outlet.
His point is valid...For your server Linux is fine, for a huge server, BSD takes it.
Also, if I can't say that BSD is better because XYZ Corp is using it, you can't say Linux is better because Burlington Coat Factory, or company ABC uses it instead of Windows.
Well, the flip side of that is that is't really hard to resist bumping down what we disagree with.
I have a theory. I bet that within any group there are a few fanatics. And that the bigger the group the more the absolute number of fanatics.
And I believe that a fanatic is more apt to bump down something he disagrees with than to bump up something he agrees with. Why? Because the negative affect sticks in his craw--affects him--more than the positive one does.
If this is all true, and there are more pro-Linux folks than pro-BSD folks, then you would expect to see more anti-Linux statements zapped than you would see anti-BSD statements zapped. Right? Is this happening?
The copyright belongs to the AUTHOR.
What has been GPL'ed and gone to the public will remain GPL'ed. The Gift goes on.
But the Author can also release the GPL'ed code identical or derivatives under another license.
You just can't take OTHER Authors' code and relicense it without their permission.
What problem?
If all people were great and good then there wouldn't be a need for any licensing or even copyright. Unfortunately that is not the case.
If you don't mind stuff you released for free to be taken and made proprietary by someone else then fine, the BSD license is for you.
I wouldn't like to give away stuff to some "charitable" organisation, only to find it being sold to the rich for profit.
Go ahead if you don't mind working for the M'soft's of the world for free, only to see them stomp on you.
Feel free to give all you have to the bottomless pits of the world.
Doesn't mean we're selfish/unprofessional not to.
Cheerio,
Link.
Put the sources on your closed, inaccessable box.
If selling the haradware with the contents usable
is distributing binaries, then putting the source
on there, in exactly the same form, is distributing the source.
I'm working on distributing an embedded linux system myself. It would seem that there would be a difference between software that the user can "see" and copy and software that the user never sees (ie, you never agree to a software licence when you use your microwave, but the software is there). The system I'm using has 2megs of flash with no telnet access and ftp access only to update the flash image (any file sent overwrites the flash, and get and ls don't do anything)
That is exactly what is happening and that is why Slashdot-style moderation does not work.
:)
I should write an essay on this.
I used to work in a maintence shop where the vendor would ship their product to us as source code. I was closed source in that there were license restrictions, but the programmers had full access to it.
The reason it was shipped that way is that the vendor supported a large number of organizations, each of which had some unique requirements. So the vendor would ship the source, say of an upgrade, and then we would apply our local mods to it.
The vendor took no responsibility for any of the code we changed, but if there was a bug in their code they took responsibility for the problem.
If we applied a mos and it hosed up the system, all we had to do was download (or pull out of a local source libray) the plain vanilla flavored code the vendor shipped and start over.
There are numerous benefits to this sort of arrangement:
1) bugs were found more rapidly, easing the support load on the vendor and the clients
2) enhancements the customers' programmers developed were often incorporated intot he code base, adding value for future distributions
3) the vendor did not have to ship a version for every customer, just a base version
4) the customer could set up the system to exactly match their needs.
While my example was not open source, it still runs on collaboration. Collaboration is a good thing.
So you may be able to use a similar model for your system. If your code has a bug, you fix it for the customer. If the customer makes a modification, they take full responsibility if it breaks. Just make sure that this is explicitly spelled out.
So ship the source, if a customer hoses it up, let them recompile or reinstall the binary. If they do not know how, charge them for training and/or support. In the long run I think you will benefit more from this approach than any other due to the advantages I listed above.
putting the 'B' in LGBTQ+
Ever see one of those ancient machines with a row of toggle switches for setting bits and a push button to step to the next address? That will surely put hair on your chest.
---
Peace,
vilvoy
How much of a pain in the add the license is. It is not protecting them, it is burdening them. It is not called the GPV for nothing. It has wormed its way in and infected his product. A truly free license would not have done that.
Comsider this:
I'm a developer. I want software to be free. I buy into a lot of what RMS, ESR, etc say. I know that in order for free software to propagate, it has to prove it's better than its proprietary counterparts. I therefore want to give free software an advantage: my work can only be included in other free software projects. I don't want to work for Microsoft for free. If Microsoft wants to use my code, they can pay me, but if Alan Cox wants to use my code for some drivers he's working on, he can feel free to do so. So, I go to hire a lawyer to draft me a license that outlines these terms, but wait! There's already a license I can use that suits my purpose: the GNU General Public License. Richard Stallman just saved me a bunch of lawyer's fees.
The BSD license is a good license, but it's ahead of its time. When all software is free, and the thought that it should be proprietary becomes generally absurd, the BSDL will be the perfect solution for everyone. However, not all software is free, and free software developers want to separate themselves from proprietary companies. These developers don't want to work for Company X for free, but they are willing to share their work with others like them. So they choose the GPL.
When all software is free (as in speech), I'll start writing BSD-licensed software. Until then, it's GPL for me.
--------
"I already have all the latest software."
Probably because the initial question was about Linux. If this was an automotive site and someone asked "How do I drop the transmission on my Chevy?" I would consider a response of "Buy a Ford." to be potential flamebait.
Note also that the post that created this thread was moderated up to 3 as Insightful.
I wish I had caught this thread earlier, for I have some important points to make...
Many have pointed out that you do not need to send a cd with each system, as long as you make the source code available on demand for three years.
Well, this is not as easy as it seems. Consider, for instance, that your company go bankrupt tomorrow. That's a nasty legal liability on your shoulders... What if you completely change your business focus? After all, things in the computer business change a lot. You'll be saddled with maintaining this source code and a formal channel to provide it on demand for three full years *after* you stopped selling the product.
Also, you have to remember that you'll need to keep control of the versions of the software you ship your product with. If you distribute three different revisions of the product in a single month, just for the sake of correcting three different bugs, that's three versions of the source code you'll have to keep for three years, and be able to identify which corresponds to what your client bought. Of course, you could ignore this and stay illegal and vulnerable to a class-action lawsuit. You don't want that, do you?
All in all... you should have gone BSD. No, this is not a flame bait, it's just my personal opinion. Based on the above.
(8-DCS)
In the previous sections it's indicated that one must distribute the sources in a *physical medium* or offer distribution at a nominal charge.
What Cobalt does is a violation of this, and I think they must be warned immediately. Also, with the increasing number of distributions, there is a need to check whether ALL the source is really available in a physical medium. Probably FSF is working on this, sure we are going to aid them by reporting such violations, won't we? Let's e mail the nasty Qube guys and remind them to read the license!
That's the only way to ensure sanity. (and freedom)
--exa--
If you include the source on CD, it shows good will and openness and pretty much avoids any risk that people will think you are trying to get around the GPL.
I wouldn't worry that people in large numbers recompile and alter your software; it's way too much work. For anything important, you should probably checksum the binaries on the deployed system and integrate checksum checks into your support structure (you can do this by hand or use the rpm system for it).
With GPL, if this situation arises, you must forget you ever wrote the GPL code and "reengineer" it for your commercial development, or have someone else reengineer it.
Incorrect. Any code you write is yours; you own the copyright, and you can use that code however you like. Once you publish under the GPL, the code you released is available to everyone else, and they are bound by the GPL. And if anyone contributes code, their code is unavailable to you for non-GPL use.
But your code is yours.
Given this and a few other points, it seems to me that GPL is a good license for hobby developers; BSD is the better license for professional programmers.
I disagree-- the GPL is for professional programmers, also. Here are the differences between the GPL and GSDL:
GPL: For people who want their code available to everyone, but don't want other people to use their code for proprietary (binary-only) purposes; has its roots in the political ideology that information is most efficient if everyone has equal access to it.
BSDL: For people who want their code available to everyone, but don't care if other people use their code in proprietary (binary-only) products. Politically agnostic.
Note that the licenses don't have anything to do with you, only what other people can do with your code. The BSDL is a noble license-- it assumes the best of human nature. The GPL is rather cynical, but for cynical folks like me, protects code from hijacking.
Some people see the GPL as forcing FSF morals on other people. However, this is logically flawed, as illustrated by the following sorite:
1. BSDL allows for binary-only distribution of BSDL-derived works.
2. Binary-only distributions do not include the source-- no source-code is available for use.
3. The GPL allows for free distribution of binaries.
So, from a BSDL standpoint, the GPL is as good as binary-only distributions. Actually, it's even better, because, though you can't mix GPL code into a BSDL product, you can look at the code for ideas on implementation, and for technical details that would otherwise remain hidden.
It's up to you which license you use. The GPL protects your investment by disallowing other people to hijack it; the BSD allows for maximum freedom for your code. Use the one that serves your purpose best.
Also, you might look at the Artistic license (Perl), or the NPL (Mozilla project) for other licensing ideas. I don't advocate creating a new license; use one that's there, and suits your purpose.
Microsoft is to software what Budweiser is to beer.
My suggestion, if they dont have root, you could just put the source in an obvous location, but chown it all to root, and set it all to be: ;chmod 600 *
-rw---------- root root
chown root *
:-)
Then it's there, but they don't have access, and can't recompile. That and don't you have to have root to correctly recompile and load the new binaries on?
-Paul
Your bias shows through the veneer if objectivity.
Consider, for instance, that your company go bankrupt tomorrow. That's a nasty legal liability on your shoulders...
Not really. There are several ways around this. First and foremost is to find a friendly site to house the code for you; then you do not have to worry about it yourself.
Second, you don't have to "maintain" the code. Code "maintenance" is fixing bugs, making minor improvements, etc. This is merely storing the code in a publicly-accessible way. This is not hard in today's connected world.
Third, if your company no longer wants to mess with the code, and just plain doesn't want it, you can assign the code to someone else. Contact the FSF; they will gladly help assign copyright to an amenable person or organization.
If you don't like the idea of assigning the code to an individual, release the code to the public domain. You'll still have to supply source, but there are many sites on the web that do nothing but archive public-domain software. This will fulfill your source-code obligation-- just put in a note that includes the GPL, with the amendment that the code is now in the public domain.
If anyone else has contributed to the code, and the code is not 100% yours, you have the option of assigning the code to the person (or persons) that contributed, or asking for them to join you in re-assignment or release to the public domain.
Don't let the BSD rhetoric blind you. The GPL is a perfectly good method of licensing your source code. So is the BSDL. (So don't let the GPL rhetoric blind you, either.) It depends on your purpose, as I've outlined (in depth) elsewhere in this discussion.
Microsoft is to software what Budweiser is to beer.
should be to install a UPS. I'm surprised that you are doing all that stuff and have no backup power system.
The easiest way to deal with this is to buckle down and ship a source code CD with the distribution. Also include a setup program so they can re-install the software on the system if needed. (That's just good customer service-- it's not required.)
You are only required by the GPL to supply the source code to the people you supplied with the binaries. If you ship the source code outright, you've met your obligation.
Now, you can supply the source as a patch against specific kernels (if it is kernel-level source). That way, you're guaranteed to filter out the uneducated.
Microsoft is to software what Budweiser is to beer.
Your physical mailbox at home is full of CDROMs sent to you for free. Apparently it is economic to send CDROMs to non-computer people in the hope that they will use them. It is therefore undoubtedly the case that companies would line up around the block for a list of *developers* who have *asked* for a CDROM, ie professional computer people who purchase products, who have money, and who are guaranteed to actually use the CDROM they are sent as something other than a coaster.
You could make the process of asking for a copy of the sources very easy, just a matter of either filling out a form on the web, calling an 800 number, or sending a postcard. Maybe require $5 (using a credit card order form on the web) just as a proof of seriousness, or maybe not. Then you take this list, and you SELL it to a "freebie" computer magazine targetted at developers. Or to a computer catalog company. Or to a Linux software vendor. Or whatever. They send everyone their magazine or catalog or whatever, along with a CDROM containing (a) your sources (ie what the person actually asked for), plus (b) anything else they want to put on that disk, eg demo products, advertisements, a copy of their linux distribution, a copy of their catalog, whatever.
If you cannot find a dozen companies that would pay oodles for this privilege, then your company needs a new marketing dept.
Cygnus' eCOS is another option, though it would require more porting effort. Cygnus -- which started out as a company that supported GPLed software exclusively -- recognized that the GPL was inappropriate for embedded operating systems, and drafted a license which allowed developers such as yourself to use it without giving away the farm.
--Brett Glass
I am thinking of this question in terms of a security box that is designed to be installed by employees or off-site contractors for the purposes of secure communication with the employer. The box might provide IP firewall security combined with an encrypted and authenticated VPN.
From the point of view of the Internet, the box is an IP address spewing encrypted data to another box and ignoring anyone else who tries to talk to it. From the point of view of the box's user, it's a direct feed to or from someone's corporate LAN.
Some of the data inside the box are secret information which are only known to the employer--and if asymmetric cryptography system is used with a key generated on the box itself, the information may be unknown by _anyone_. Any change in the software running on the box might permit disclosure of this secret information, either intentionally or accidentally (although if I were designing a hardware system, I'd put the secret data on an NVRAM chip which is erased automatically when you open the case or whatever else is required to load new software onto the thing).
In this case, obtaining root access or modifying the software on the boxes would be fair grounds for termination of employment or a breach-of-confidentiality lawsuit...probably both.
Is the GPL incompatible with an agreement between the end-user and the software vendor that says "you can do anything you want with your copy of this software, but if you modify the software installed on _this_ specific machine, you will be prosecuted"?
I don't think the GPL imposes such a restriction as long as the software that the hardware runs on is owned by the employer/box vendor and not the end user.
>Someone should take the *BSD source, change the symantics of a single line of code, and relicense it under a proprietary license (eg. the M$ EULA). The BSD license allows it. Oh? What's this?
Many companys have.
You can find BSD copywrites in Apple's Darwin, Microsoft's FTP, and Gosh, even GNU/Linux have taken BSD code and re-licensed it.
>The BSD license isn't that great after all?
The BSD licensed code is good enough for GNU/Linux to take and re-license. So, why do *YOU* have some problem that BSD licensed code is somehow bad?
There are MANY users of OpenSource who look at the rights of people are more important than the rights of objects. Personally, my right to use a tool (source code) as I damn well see fit is more important than the way the someone wants to force me to use it.
If it was said on slashdot, it MUST be true!
You should talk with the man who came up with the GPL, and should know the most about it.
Richard M. Stallman
You can find information on how to contact him at: http://www.gnu.org/
"God prevent we should ever be twenty years without a revolution." -- Thomas Jefferson
In other words, if you distribute Linux by mailing it to people, then you have to mail them the source code, too. If you distribute it by letting them download it, then it's OK just to let them download the source code from your FTP site.
--
The basis of GPL is that you can take the source and recompile and have the new version working. Just giving the source to the system but no ability (no root passwd etc) to put their modifications in is, IMO a really really fundamental violation of the whole underlying ideology of GPL. You should also provide (on request) the way to put the modified versions on the boxes.
Where would you post it? I agree, and I have plenty of gripes (and praise) about /. but no good place to vent them. Vying for CmdrTaco's attention is not an adequate solution. /. could benefit from a permanent "reflection" area where people can discuss this kind of thing. Constructively, of course. :-)
If not, how about we set up an unofficial one, or maybe create an alt.slashdot-issues group.
What does it mean to make the binaries available?
Here's another interesting licensing dilemma -
If I develop something and want it to be freely available and usable in source form for any free projects, but licen$able for any commercial projects, which license (other than my own) model is available for this? Troll Tech's QT, or Sun's "Community" license perhaps?
And what are the ramifications if some of my sources are based on GPL or BSD licensed code?
I would love to develop code for free always, anytime, anywhere, but I don't have that luxury. My kids need food and clothes, my banker needs his house payments, my wife needs her credit cards, and I - unfortunately - need to earn $. The result is that I generally only have time to develop code I get paid for. I'm sure others are in a similar situation. What is the best solution that promotes and supports the Open Source community and still helps us developers improve our bank account balances?