Who Enforces the Open Source Licenses?

sams asks: "Every few days now it seems that yet another corporate entity has tried to push the bounds of what is allowed under the open source licenses (GPL, etc..) so the question is: If a company violates the GPL license on a product, who will enforce the license? Who will take the violating company(s) to court to protect the open source intellectual work of others? Probably not the writers of the software, who probably can't afford a long drawn out trial with a company? The EFF? Ideas?" We've already had a close call with the Sun/Blackdown fiasco, and this has probably discussed in that topic. However, there is a high possibility that something like this will happen again, and we would do well to discuss this further.

Legal Firepower vs Developer Interest

[Wellspring]

This is certainly a problem, I agree. I don't think we CAN enforce the GPL-- not in the current legal climate. No individual developer or group of developers-- or the FSF-- can match in dollars spent on lawyers and months spent on courtroom time the power of a potential violator-- at least not until Congress passes tort reform (and would Clinton sign it-- I think not). So we can't really rely on legalism to protect Open Source software.

But that's ok. The key element to making an Open Source product work is mindshare. Closing up the source, embracing and extending, not giving credit where credit is due-- these are tactics that are counterproductive and alienate the network effects that make Open Source so attractive for businesses.

So even if this does happen, I wouldn't worry. We should fight to stop violations, but in the end, the power of the GPL is not in its language or legalisms, but in the community and mass entrepenurism that it makes possible. Break faith with the community, and you lose the one reason to go GPL in the first place.

Re:Legal Firepower vs Developer Interest

[DaveHowe]

No individual developer or group of developers-- or the FSF-- can match in dollars spent on lawyers and months spent on courtroom time the power of a potential violator
True - but I suspect a good try could be had to send suitable "cease and desist" letters to the vendors, rather than $BIG_CORPORATION, in the hope the resulting bad publicity and the thought of being a co-defendant in a court case will reduce the avenues of sale for the offending product.
For that matter, there must be SOME lawyers that would be willing to take on SUN or COREL both for a fraction of the damages and for the publicity they would get as a "defender of public software shamefully stolen".
--

Re:Legal Firepower vs Developer Interest

[Anonymous+Codger]

Be careful what you wish for. Tort reform as it has been proposed would make it HARDER to sue, not easier. Tort reform would be good for big business, neutral for small business, bad for lawyers, and bad for consumers.

That's not to say that some reform isn't desirable, but what's been proposed is just CYA for the big boys.

Re:Legal Firepower vs Developer Interest

[jkorty]

A corporation couldn't completely coopt GPL'ed software away from us, but it could do so partially. Perhaps the most important design point of the GPL is that it requires improvements from whatever source to go back to the community. Stolen software by definition fails this test. Nothing is more discouraging to a public-spirited developer than to see lots of enhancements made to their cool software, but each appearing in a seperate, sealed, proprietary package, unmergable and unimprovable by those that get the itch to do so, while all the while the common publicly-available base sits there, rotting away, ignored by all but the origional developer. By forcing contributions to be public, I feel that this feature of the GPL is the single greatest factor accounting for the growth of free software in the world today and is the driving engine for the success of the bazaar model, simply because it requires those with the itch to improve to contribute their work to others that develop that same itch to improve.

Re:Legal Firepower vs Developer Interest

[the+eric+conspiracy]

For that matter, there must be SOME lawyers that would be willing to take on SUN or COREL both for a fraction of the damages and for the publicity they would get as a "defender of public software shamefully stolen".

Indeed. The loss by many large corporations to lawsuits brought under a variety of contingency agreements is in fact proof that large corporations are vulnerable, no matter how big and powerful they are. Johns-Manville and Dow Corning are bankrupt. Phillip-Morris is hurting. Union Carbide was decimated. Hooker Chemical no longer exists.

If somebody does violate the GPL, they ARE vulnerable.

Re:Legal Firepower vs Developer Interest

[DaveHowe]

You've been eating too much Christmas fruitcake if you think that an el-cheapo lawyer is going to beat Sun or Microsoft.
Who says they *have* to win? $BIG_COMPANY has to tie up lawyers, take the bad publicity, and RISK a judge making a ruling against them that costs them all their profits. Similarly, any of $BIG_COMPANY'S major Vendors will look twice at the package, not wanting to be caught up as a co-defendant or having to recall product, and then start looking at the GPL tree the product came from (which may even have incorporated 3rd party workalikes to the $BIG_CORP product by then, and wonder just WHY they have to pay $BIG_CORP 2/3 of the sales price if they can just *download* the same thing from the web and sell it for half the $BIG_CORP product price, and *still* make more from the deal?
yes, $BIG_CORP could retaliate by making $OTHER_PRODUCT more expensive for the vendor if he doesn't play ball, but MS have already found out about what happens when you get caught at that one.

Now look at it for $UNKNOWN_LAWYERs view. he gets national publicity, and a reputation of being a champion of the people against the big corporations; not bad for a few hours in court. And assuming he either wins, or $BIG_CORP decides to settle rather than having the PR Nightmare of being caught with their hands in the cookie jar, he gets his costs and possibly more from the deal - not to mention all the work as people recognise him as someone going to bat against big companies, and bringing their contingency-fee cases for faulty products and bad workmanship.
--

Close call?

[Dj]

A "close call in the Sun/Blackdown fiasco"?

Um, close as in "not an open source license and not a contractual issue but a good ettiquette issue"?... Oh close call as in actually nothing at all to do with a close call. Funny how you don't say mention Corel and their Linux distribution instead and it's actually involving open source and a license violation?

Oh, I forgot, Corel Friend, Sun Enemy, Fire Hurt Mongo.

:)

For FSF-copyrighted code

[Jonas+�berg]

For FSF-copyrighted code, they will stand up and go to court against whoever violated the GPL. There has been incidents in the past, but they have always been solved out-of-court though. The FSF lawyers tells us that this is why we should recommend that GNU software is copyrighted by the FSF (and the reason I assign my copyrights to the FSF); I don't honestly know how it will be handled otherwise (a class-action suit by all developers?), someone with more knowledge about US law can probably enlighten.

No central body, but...

[SmileyBen]

There may not be any central body to enforce the GPL, but if it comes to it and there's a clear cut case where someone is infringing it then even the big companies had better watch out - with the recent IPOs there are a lot of very wealthy geeks, many of which have already stated that if it came to it they'd happily use some of their money on lawyers for the big fight...

Re:No central body, but...

[SurfsUp]

with the recent IPOs there are a lot of very wealthy geeks, many of which have already stated that if it came to it they'd happily use some of their money on lawyers for the big fight...

Exactly right. There are already a half-dozen $Billion companies whose business plans and future stock price depends on defending the GPL licence. Consider this scenario:

Megacorp A snarfs a bagful of GPL code B into their proprietary product C and pretends they wrote it themselves.

Random Geek D notices something about Megacorp A's product C that reminds him of GPL'd code B and decides to investigate further. Disassembly reveals an exact correspondence to said GPL'd code.

Geek D contacts GPL code B's author E, who flies into a righteous rage. After calming down, author E posts the news on Slashdot. Things heat up.

Mega-wealthy geek F reads the slashdot article and immediately contacts author E with an offer to bankroll whatever legal action is required.

Meanwhile, outrage builds and a class-action suit is launched as well

Faced with a public relations disaster and the likelihood of losing badly in court, Megacorp A quickly decides to settle. The settlement amount is paid into a non-profit fund for future defences of the GPL

Geeks D and E are now famous and land high-paying jobs at a linux startup that goes public a year later, making them rich

Geeks F's company's stock doubles on news of the settlement, making him twice as wealthy.

Everybody lives happily ever after. Except Megacorp A, which have known better in the first place

Does it matter?

[Psiren]

If a company releases or uses GPL code, it is more than likely that they are trying to join in on the "we use open-source software" bandwagon. This would mean that they want people like us to like them. Purposely violating the GPL is not going to acheive this.

If its a closed source product that has used GPL code thats a different matter. It's also more difficult to detect. But if its open source, its open source for a reason. To please us. Therefore all we need to do is apply a little pressure, and get them them to sort things out. They are not going to try and alienate us, because there would be no reason for going GPL in the first place.

Granted, I gloss over some problems here, including license incompatibilities etc, but you get my jist.

The royal family of course....

Prince Charles has been known to do so.....

QE2 herself loves RedHat and hates Solaris and the ol Queen Mum...well she has copies of the GPL hanging in her private art gallery in Buckingham Palace...

We Don't Need To

[DreamerFi]

Remember Brent Spar? I'm sure Shell does.

The first company to really clusterfuck on this issue will be made into toast - with the mindshare Open Source has in the press increasing everyday, a company had better be very careful when doing something stoopid.

-John

Copyright holders

[apilosov]

Legally, the only people who can bring a copyright infringement lawsuits are the holders of the copyright in question. That is, only authors of software can sue for license violation.

For all "GNU" software (different from software released under GNU GPL), FSF is the copyright holder, and FSF will fight in court if needs be. (As they did when NeXT tried to bundle gcc pieces with their Objective C compiler).

All the more reasons to assign your copyright to FSF, I'd think.

Re:Tough to get legal fees

[sjames]

Why wouldn't there be monitary damages? OF COURSE I am willing to license any of my code for use in a proprietary system for only 40 billion dollars. Since all of the proprietary vendors seem to feel it's OK to assume for purposes of asessing damages that the 'pirate' would have paid the full license cost if not for the 'theft', I will assume that they would have cheerfully given me 40 billion dollars if not for their 'piracy'. Perhaps we could settle out of court for a penny on the dollar?

A close call with Sun/Blackdown?

[stange]

Oh please.

There was no close call with Sun and Blackdown. Sun was completely within their rights to do what they did with the software. Was it rude to not give some credit to Blackdown? Of course, but the GPL doesn't prevent rudeness (Heck, Christmas doesn't prevent rudeness either). The Blackdown folks need to get thicker skins; just because your "partner" goes and uses the product to the full extent of your contract, you don't start whining. Welcome to the business world.

Dear /., stop editorializing in the story summaries. You often don't have a clue what you're writing about, and the additional verbosity just makes /. harder to read.

Re:A close call with Sun/Blackdown?

[jflynn]

I quite agree that there was no point to or basis for a court case in the Sun/Blackdown matter.

However, open source developers do not develop for money as their primary reward, as do corporate developers. Open source development is a social activity more than a business. It's for fun, not work. For this reason I think that social rules can be just as important as legal rules, if you want *effective* open source development. Not crediting the Blackdown folks was ethically akin to not paying their own developers -- a stupid mistake if you want further development. Sun should be civil towards those doing work for them, Blackdown's reaction was justified. That most of them think Java on Linux is important enough to continue after Sun apologized speaks well of their tolerance.

Choosing a freer licence

Perhaps we should just adopt a licence that doesn't draw so much controversy. The GPL is a daily source of fights and confusions. Free licences shouldn't have that, and it obvious that the GPL has its detractors who claim that the GPL is not free. So why don't we pick something people don't threaten to go to court about, or to punch your lights out over?

Re:Choosing a freer licence

[mindstrm]

You know so many people quote the 'Free as in Freedom, not free beer'... but I think some still don't get it.

The GPL is about the CODE being free, as in having freedom. Pretend it's a living thing.. it is FREE... it can go where it wants, but nobody can restrain it.It's about your freedom to do anything you want with it.

OSS companies should contribute

[Jjaks]

I think that it would be a good idea if there were an organization of some sort that kept an eye on Open Source legal issues. Companies like Red Hat or SuSe that are comitted to OSS could then contribute funds to demonstrate just how comitted they are.

Course of action

[Noryungi]

How to win your GPL-based lawsuit against big corporations, in 5 easy steps:

1. Publish all relevant details on your web site, including both the GPL-covered version of the software and either a copy or a link to the non-GPL-covered version. Include, if at all possible, a useful comparison of functionalities, diff of sources, etc. In short, try to obtain as much information as possible about the alleged violation. Make sure you triple-check everything before going any further.
   
2. Send a polite e-mail to company/individual, requesting that they "cease and desist", respect the terms of the GPL, publish full source code and/or modifications from your version, and acknowledge you as rightful "owner" and maintainer of the software. Since most companies will try to ignore you, prepare several polite copies of the same e-mail, and send to relevant authorities in the company (CEO, legal department, marketing department, etc...). Make sure to publish both e-mails and responses on your web site. I believe most companies will settle at this stage, especially if you explain very clearly what you intend to do if they do not comply (see below).
   
3. Try to get the news published on Slashdot and other public-discussion forum -- this will raise awareness of your case very, very, very fast. Include links to both GPL-protected version and non-GPL version. Make sure people can look at the evidence you have gathered on your web site. Put mirrors up if your site is slashdotted. =)
   
4. If no answer (or the wrong kind of answer) is received from the company: post entire stories on your web site, including links, etc. Contact both FSF, Slashdot, and most users of your software and (politely) ask them their help in setting up a legal defense fund. If your software is included in large Linux/Open Source distributions (for instance: Red Hat, Debian, Mandrake, SuSE), ask these companies to contribute as a gesture of goodwill. Make sure you send the entire story to on-line and off-line media (for instance the NY Times and Salon).
   
5. You have won: the GPL-violating company now face (a) the wrath of Internet zealots (Mmmmm... the taste of the Ping Of Death in the morning...), (b) a legal suit that could prove very costly and financially damaging and (c) a public-relations nightmare. No sane company is going to expose its backside to the kind of hellfire you have just created. Just make sure you have got everything right before unleashing this kind of thing on an innocent company, though...
   

Of course, I am not a lawyer -- but you don't need to be one to see this kind of thing unfolding.

Just imagine this: "Mr Gates, how do you explain your enormous company violated the rights of Mr John Q. LoneHacker, the creator of BlaBlaBla, by stealing his intellectual property, which was protected under the GPL?". =)

Just my $0.02...

Re:Course of action

[coats]

Make that 6

. You miss one important possibility which has been pushed to the limits by the Software Publishers Association and the Church of Scientology: the Copyright Act permits very aggressive ex parte action by the plaintiff. According to the precedents set by the SPA and the CoS, it is entirely within the realm of legality for the plaintiff to roll up to the offender's place of business with a Federal Marshal and several eighteen-wheelers, and cart off every computer in the place for investigation of copyright violations, at the plaintiff's leisure in a warehouse of the plaintiff's choosing.

IANAL, either, but that's what's been happening!

Larger companies might help

[DanaL]

VALinux and RedHat probably have the cash now to fight a long, legal fight.

And don't forgot, now that IBM, Compaq and other big companies are taking an interest in Free Software, and releasing some of their code, they'll have an interest, and the resources, to make sure people don't abuse their licenses.

Dana

GPL is viral...

[gott]

If I have a GPL'd product from which someone else derives a work, and they release it under a non-GPL'd license, then, due to the license they agreed to in order to use my code in the fisrt place, their code is under the GPL even if they don't expressly say so. Therefore, I can use their code whereever I want. They are then responsible for bringing the suit. My defense is then my original code with it's license and proof that their work is derived from mine. Therefore, the burden is on them to defend their non-GPL license by court actions (similar to defending a trademark).

Re:Legal Firepower v/s *self-destruct*

[jordang]

But by that very logic - if the GPL fails, that is if it is found invalid on its face, than any provision or clause of it is equally invalid. The self-destruct clause would therefore be invalid and not applicable.

Jordan

When Samba's GPL was broken...

[larard]

I recall that the samba project once had somebody break the GPL. A third party sold their own version of the Software without releasing their altered source, i.e. a clear GPL violation. The samba team contacted the FSF who lent them a lawyer...

and all ended well in the world of free software, or something like that.

Sorry I can't provide links to the article but I don't have time to search for where I might have read about it at the moment. Linear Algebra exam in 1 hour...

Hope this provides some case history for this subject.

Re:For FSF-copyrighted code -- not always true

[Bryan+Ischo]

Not always true. I discovered a very specific and very blatant violation of the GPL - a guy was selling a library that was released under the GPL in binary-only form, with some "enhancements" (which were trivial it turned out), with a specific license forbidding all of the things that the GPL requires (such as decompilation), and without source code.

I wrote him to let him know that he was violating the GPL, and what steps he might take to correct this (i.e. what clauses of his license would need to be removed and how he would have to make source code available) and he responded with a very rude "who gives you the right to tell me what to do" type email.

So I wrote the FSF about it, and they didn't really do anything. They looked into it a little bit but said that unless the original author of the code wanted to sue (and he didn't - he had since written a new version of the lib and was basing a commercial, non-GPL'ed product on it, and couldn't care less about his old code and the GPL violation), they couldn't do anything.

And that was that.

BTW, in case you are wondering, the library was Hashjava, the guilty party is Neil Aggarwal, the URL for the guilty product (Obfuscate & Obfuscate Pro) is
http://www.JAMMConsulting.com/servlets/JAMMServlet /ObfuscatePage


If you've got the time and the inclination, write Neil and give him hell.

Ideological fights, ideological confusions

[twit]

The main cause for contention with respect to the GPL is its ideological leaning. More specifically, it's seen as anti-business. Which, to a certain extent, it is.

RMS sees the interests of the developer and the corporation as, while not entirely orthogonal, at least not congruent. For that matter, I agree with him: if my company loses money on my employment, I'm out on my ass. My good judgement can be overridden at every turn. Any work that I do on their time, whether incorporated into client work or not, is their property. (I wonder if this post is their property, since I'm doing it at work - most likely, it is).

Is the GPL unenforceable? As much as any license, I presume. The power of a license dispute is that it almost invariably ties up the code in question prior to the suit being resolved. Given that the time between product revisions is much shorter than the time to go to trial, the business logic against using GPL'ed code surreptitiously is impeccable.

Look at the dispute between Symantec and McAfee. McAfee had to do a white-room rewrite of their antivirus software - *twice* - to avoid it being contaminated by a hundred-odd lines stolen by a programmer who had previously worked at Symantec. This was much cheaper and faster, believe it or not, than going out and litigating the matter to a settlement.

While free software advocates may not have the resources to reverse-engineer each and every possible violator, the stick is so much bigger than the carrot as to make it very difficult to rationalize using GPLed code on a systematic basis. I'm sure that small fragments have been grafted in by individual programmers, out of convenience or laziness, but violations are most likely to be individual, not organizational. (Of course, this was the case with McAfee, too).




--

Defenders Of The Public Interest

[Effugas]

When an Open Source license such as the GNU Public License is violated, whose rights take a beating?

I grant the obvious--the original developer of the software is definitely in an ugly situation.

But why? Open Source Licenses are (by definition) distribution contracts. The original developer obviously has their own code, so how
much harm can come from a "licensee" refusing to return the developer's own code?

Ah, but the whole concept is that the developer isn't demanding the return of his own code, but rather the new code layered upon his own publically licensed work.

Therein lies the key. It is not merely the developer who is being deprived of content--it is the entire market of software users who are being deprived of that which they have every right to use. It is the horde of developers who wish to "scratch their itch" and improve upon an up-and-coming(or long-established!) codebase to which they have been so generously granted access to. It is the none-too-small number of investors--both large and small--who have put forth their money based upon a business model whose prime component is open access to the core software components and all future developments therein.

Open Source is indeed a public (if not natural) resource--possibly one of the few that is not depleted by usage but rather strengthened by it. However, it is alas not immune to the dangers of hoarding, pollution, and sheer misuse. Indeed, to paraphrase John Philpot Curran, eternal vigilance is the price of software liberty. Should the general perception become that the most basic precepts of Open Source licenses were being routinely ignored, both the stream of new open projects and the third party flow of incremental improvements to existing projects would dry up, as the latter group would feel no obligation to the former, and the former would notice.

Vigilance against such a situation--both real and generated by media manipulators(see Microsoft's aborted faux Letters To The Editor campaign)--is critical to the survival of the Open Source movement, and to the rights which have been granted to the public as a whole.

Is not the defense of public rights the raison d'etre of Government itself? The strip mining of communal codebases is something we've been spared thus far--should our "vigilante slashdotting" fail to sway an entrenched competitor, the involvement of government agencies and government lawyers is not something we should shy away from. There are a number of issues to consider, but Judge Jackson has shown that the U.S. Government can most assuredly "get it" when it comes to the socioeconomic issues surrounding the technology industry.

I'm not naive--although an attacking company would be harmed far more than we would by sheer public disapproval, it'd be better for everyone involved if we never had to travel down this route. Conviction does not negate the crime. However, a public statement of the willingness of government to defend us may have the peculiar effect of preventing us from needing their defense, and that is something I feel may be of value.

I'm interested in what the rest of you think about this. Feel free to disagree, or to provide insight as to what would be necessary to deal with the issues that I have brought up.

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com

Re:Defenders Of The Public Interest

[Effugas]

If you're going to be so pretentious as to use a gratuitously foreign phrase, you could at least respect your readers and the language enough to spell it properly: raison d'être.

You're lucky I know so many french people, or else I'd have to make some grossly inappropriate comment like "*ARGH* FRENCH PEOPLE".

Actually, to be honest, I just didn't remember how to write the character in HTML, and didn't think it mattered all *that* much. Consider it...raison d'être as expressed in the American character set. What, you think Russia(R-U-S-S-I-A) is the actual Cyrillic character set? ;-)

Bah. I suppose I should thank you for keeping me honest. I'll try to use the correct accents next time.

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com

Re:Defenders Of The Public Interest

[Effugas]

*COUGH* -- ``American'' character set?

Yup, go look up ASCII. American subset, English Character Set. As far as I know, no American coined words outside of [a-z].

Hurm. Actually, genuine question--do modified characters show up in Perl regex's when Locale isn't set?

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com

Re:Defenders Of The Public Interest

[Tom+Christiansen]

do modified characters show up in Perl regex's when Locale isn't set

I don't know what that really means. But I bet the answer to your question resides in the perllocale(1) manpage from the latest developer releases.

Re:Defenders Of The Public Interest

[Effugas]

do modified characters show up in Perl regex's when Locale isn't set
I don't know what that really means.

Does [a-z] catch e with a grave/aigu?
Does [d-e]?
Does [e-f]?

Does the Locale setting matter?

That's what I meant. (And YES, I'm regretting this entire thread! This wasn't what I came to discuss :-)

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com

Re:Defenders Of The Public Interest

[Effugas]

CONTEXT
Does [a-z] catch e with a grave/aigu?
Does [d-e]?
Does [e-f]?

RESPONSE

No, not really, although that certainly has been discussed.


Well FAQ me...;-)

Seriously, aside from ugly issues(are accented characters greater than, less than, or equal to their non accented equivalents), I don't think [:alpha:] is should be mandated. Perl's general concept is that things should behave as expected; [a-zA-Z] should grab all alphabetical characters, accented or not, if only because that's what the programmer is most likely to desire. "Give me all characters in this range that aren't accented" is a far less common operation than "give me all alphanumeric characters".

--Dan

Re:Pro Bono

[Surak]

In addition, if the suit is against a large company, most IP attorneys will take a case "on contingency", especially if they think they can win.

Basically, the idea is that you are going after a big "Bucket O' Money" and all the lawyer wants is his or her third of that money. Basically, if the lawsuit is worth enough money (millions) and it looks like you have adequate proof to win, many IP attorneys will take the case on contingency

However, please note that I am not a lawyer, althouh I play one on the 'Net.

Distribute their binaries for them for free.

[Bluedove]

If they've hijacked GPL code which explicitly states it and its offshoots are GPL'd, then take whatever you can get of this guy's code (source and or binaries) and start distributing it. Let him take you to court, and lose.

The problem is the solution!

[sterno]

Why are issues being raised about who will legally defend GPL'd software? The reason is that big money making corporations have finally realized the value of open source software. Those companies who try to breach the GPL will have two things combatting them:

1) Other corporations using the GPL software will sue them in order to level the playing field. For example, if Red Hat tried to do something that violated the GPL of linux, VA Linux, SUSE, Debian, IBM, Compaq and a few others would show up at their doorstep with a big pack of lawyers. It is corporate interest that threatens the GPL and it is the same interest that will protect it.

2) Evil Bad Corporation (unrelated to Microsoft), decides that it wants to take a piece of GPL'd software and put a bunch of modifications on it, then sell it under a closed or heavily modified OS license. Now, the question is, WHY ON GOD's GREEN EARTH WOULD YOU WANT TO DO THIS??? If you did this, and your product was successful you've just set yourself up for a nasty fall. If you get sued, and somebody can afford the attorneys, you will lose, and with it will go your lock on the source code. Your empire will crumble quickly.

One other thing to consider is that not only would the breaching of the license be a civil legal issue, it might also be considered criminal because of breach of copyright. I'm not sure about that one but it seems at least vaguely plausible.

---

Re:Closed source using GPL will get found out

[Ice+Tiger]

Saying closed source that uses GPL will never get found out is untrue. Basically like any secret the more people that know it the less secure it becomes.

Two such ways the news can possibly leak is: a) A disgruntled employee gets fired or leaves and leaks the news. b) A person is recruited from outside the company and does not agree with this and leaks.

Once the news is leaked will not this source get out and the brown stuff hit the fan.

Re:Corporate vs Open Source

[Tom+Christiansen]

Free Software is *NOT* "freeware"

I think I've got déjà lu:

I am not now nor have I ever been a member of the so-called `goodware' movement. I am the founding father of `Good Software' movement, which is completely different.

-- Gilbert Oram Dawson

Know what I mean? :-)

man 1 slashdot

[Tom+Christiansen]

CONTEXT

Does [a-z] catch e with a grave/aigu?
Does [d-e]?
Does [e-f]?

RESPONSE

No, not really, although that certainly has been discussed.g I think what you want is /[[:alpha:]]/, which only works in the very latest release. Otherwise, you'll need to use the use locale pragma (which doesn't refer to a salad dressing, actually :-) in conjunction with something like /\w/ or /[^\W\d_]/, and maybe a call to the POSIX::setlocale as well.

SEE ALSO

perlre(1), perllocale(1), perldelta(1), perlsec(1), and utf8(3),

EXAMPLES

[Following in an excerpt from the 5.005_63 release of Perl's perlre(1) manpage. --tchrist]

The POSIX character class syntax, [:class:], is also available. The available classes and their backslash equivalents (if available) are as follows:

alpha
alnum
ascii
cntrl
digit\d
graph
lower
print
punct
space\s
upper
word\w
xdigit

For example use [:upper:] to match all the uppercase characters. Note that the [] are part of the [::] construct, not part of the whole character class. For example: [01[:alpha:]%] matches one, zero, any alphabetic character, and the percentage sign.

If the utf8 pragma is used, the following equivalences to Unicode \p{} constructs hold:

alphaIsAlpha
alnumIsAlnum
asciiIsASCII
cntrlIsCntrl
digitIsDigit
graphIsGraph
lowerIsLower
printIsPrint
punctIsPunct
spaceIsSpace
upperIsUpper
wordIsWord
xdigitIsXDigit

For example [:lower:] and \p{IsLower} are equivalent.

If the utf8 pragma is not used but the locale pragma is, the classes correlate with the isalpha(3) interface (except for `word', which is a Perl extension, mirroring \w).

The assumedly non-obviously named classes are:

• cntrl: Any control character. Usually characters that don't produce output as such but instead control the terminal somehow: for example newline and backspace are control characters. All characters with ord() less than 32 are most often control classified as characters.
• graph: Any alphanumeric or punctuation character.
• print: Any alphanumeric or punctuation character or space.
• punct: Any punctuation character.
• xdigit: Any hexadecimal digit. Though this may feel silly (/0-9a-f/i would work just fine) it is included for completeness.

You can negate the [::] character classes by prefixing the class name with a '^'. This is a Perl extension. For example:

POSIXtrad. Perlutf8 Perl

[:^digit:]\D& nbsp;\P{IsDigit}
[:^space:]\S&nbs p;\P{IsSpace}
[:^word:]\W&nbsp ;\P{IsWord}

The POSIX character classes [.cc.] and [=cc=] are recognized but B supported and trying to use them will cause an error.

SIGNATURE

Libraries not viral: A Dick and Jane Story

[Tom+Christiansen]

You cannot catch the Stallman virus simply from writing code that conforms to an API that happens to have a GPL'd instantiation. If that were the case, then a script or program (call it "Mom") that calls a GPL'd script or program (call it "Dick") would be itself GPL'd. Moreover, any other scripts or programs (call it "Jane") that "Mom" calls from the same place that she calls "Dick" would themselves be free of contamination.

As you see, mere aggregation with the infected Jack does not pass the virus back up to Mom, nor over to his sister Jane. Aggregation does not infect. This is true whether Dick and Jane are programs, or whether they are libraries. It doesn't matter. I'll say it once more for the logic-impaired: Aggregation does not infect. Otherwise they are trying to dictate what is or is not legitimate use. Copyright law does not permit this.

If the FSF shows up to break your kneecaps, as another poster semi-amusingly seemed to imply might happen, and so you feel need a more legalistic way around this library infection issue, here's why you're safe.

It's time to let go of your fear. The virus doesn't transmit across library aggregation. The reign of terror is ended, and the black death is put back into its bottle. You are now free. Code in peace.

Re:Tough to get legal fees

[cduffy]

Umm.

One way to make money off GPLed software is to sell (nonexclusive) non-GPL licenses to folks who ask (mostly businesses with GPL-paranoid lawyers).

If someone puts my GPLed software under a non-GPL license without buying a license to do so, I just lost income.

So one can have both income and freedom, and be quite unhappy 'bout losing either.

Re:Cannot pirate free software

[Gromer]

Not at all. 'Pirating' just means duplicating and distributing software in violation of its license agreement. The only software you can't do that with is public-domain software, which has no license and isn't the same thing as free software at all. Free software, as embodied by the GPL, is under a number of license restrictions on its distribution and use, and can therefore be pirated. E.g. if a company takes a GPL'd piece of software, modifies it, and sells it without the source, that would be piracy, or something similar, under the terms of the GPL.

Depends on what you're trying to do

[/]

If you don't have any money and aren't interested in personally extracting some from the person violating your copyright, you might be able to sign your collection rights over to a company or agency with the money and time to pursue this (sort've like doing it on contingency, except they get %100 and you get the satisfaction of having the violation stopped). It helps if the violation actually concerns a piece of software that's known to be worth something. The Caldera/DRDos lawsuit comes to mind.

You might even go as far as to ask the violator's competitors about whether they'd like to get in on the legal escapades (since they'll probably want to do anything to tear their rival down). But for that to work, your own software will have to be in a separate market from theirs, since they won't want to tear their rival down only to prop you up even further.

The sun/blackdown FIASCO?

[mindstrm]

The only thing wrong here was that Sun was a bit rude, by not mentioning the blackdown people.
It was not a GPL issue, and not an OSS issue. The terms of their porting were clear from the beginning.
And sun apologized..
so what's this 'fiasco' you are talking about?

Re:Tough to get legal fees

[mindstrm]

I would venture to say that the following series of events will take place at some point in the future. The first ones have happened before.

1) Company X will release some claim/license/software/something that appears to violate GPL.
2) The OSS community will go balistic and spam the shit out of them. (in other words, after this point, they can't claim they don't know about the issue)
3) Company X will state that the GPL is invalid or some such thing, or that it doesn't apply to them.
4) The original license holders will make a big damn fuss about it (or others will convince them to) and the whole OSS community will go into a flaming rage because it's challenging their license.
5) Class-action won't be necessary.... the authors will have all the backing they need to fight the case.

Note.. this is one reason why using a single license like GPL can be good... once we set court precedent.... it helps a lot.

Re:Go with BSD

[rking]

"Stallman's agenda is obvious."

You disagree with the person who said it was hidden then?

"He wants no one to own their own work."

Well, if we confine this to situations where the work is a piece of software and where ownership means the ability to restrict distribution then yes, I think that's a fair comment. I guess nobody thinks that he's trying to hide that?

"I can't recall the URL, but I read some great stuff from a BSD developer on his realization that Stallman is just a power hungry freak."

Well.. I'm glad you enjoyed yourself... not sure if you were trying to make some sort of point? You read somewhere, but you don't know where, that someone else has a low opinion of Stallman, is that it?

"The GPL is a virus."

Not really, at least it only affects those that choose to enter into the bargain - use GPL'd code and in return you have to GPL the works you derive from it.

"It is the number one reason that these other licenses keep popping up, and will continue to do so"

Which other licences? Whatever they are, why would people not need them if the GPL didn't exist, presumably their licencing needs would stay the same?

"GNU is a cult. They all follow RMS in lock step, and if you don't agree, they say that you are not enlightened. It is a software cult, fairly benign, but a cult nonetheless."

Hmmm.. not sure what you're getting at here. Care to say what you mean by a "cult" in this paragraph?

Who can enforce the GPL

[Merk00]

Only the copyright holder would be able to enforce the GPL. Anyone else, whether the FSF or Red Hat, would not have legal standing to bring a suit. This would basically be a case in which there would need to be enforcement of a contract. The contract would be the GPL and the contracting parties would be the copyright holder and the violator.

Even though the FSF could not sue the violator, the copyright holder could have the FSF represent them as their lawyer in court. This would help to transfer the financial burden away from the copyright holder.

Simply changing the name of the copyright holder to the FSF would not give them enough standing to sue because it was requires signed documentation that the copyright is being transfered to a new party (see the GNU website for more.

There isn't much chance of recieving monetary damages in an Open Source case because it is required to register a copyright with the copyright office (is that the USPTO?). All that a court could legally do is order a company to comply with the GPL, which is what is intended in the first place.

Matt Leese

Only the copyright holder

[Arandir]

Only the copyright holder is entitled to sue for copyright infringement. This is basic law in virtually every nation. You can't sue your neighbor across the street for stealing the apples of your neighbor down the way. Only the person who is damaged can sue.

If your software is not in the public domain, then please, please, don't claim that you have given it away or are not the owner. This will be used against you in court. "Your honor, the plaintiff has an entire website arguing that he doesn't own the vimacs software..."

So what happens with Megasloth infringes upon the license of John Q. Hacker's tiny perl script? Without John's permission, the FSF, Slashdot readers, OSI, or anyone else is allowed to initiate a lawsuit. However, John Q. Hacker can initiate the suit. And anyone who subitted copyrighted code to the project can join in. Then funds are gathered from all the indigant bystanders from the FSF, Slashdot, OSI, etc.

Beg your pardon?

[cduffy]

If I'm writing free software and I want anyone to use it under any license, I put it under a BSD-like license. If I'm writing free software and I want the derivitive works to be free, I use the GPL. But let's say someone really wants to hoarde something developed as a derivitive of my code... why NOT let them pay for the privilidge?

And it's not just about people making money. If folks want to make money off my code and follow the GPL (a la Cygnus, TiVo, WilburWorks, etc etc) they're free to do so, UNLESS THEY WANT TO HIDE THOSE DERIVITIVE WORKS.

Sheesh!

Re:Tough to get legal fees

[sjames]

When an open source developer sues a company for breach of copyright, their loss is loss of freedom of the code

Not actually, unless the company managed to erase all existing copies but theirs. It would be a suit to recover the income that would have been made had they opted to license (non exclusivly) the code for closed source use. Opening their source and restoring the proper copyright notices is adequate to avoid future royalties, but the existing proprietary sales must be addressed since they still made money based on violating the GPL.

Re:How to defeat this GPL violation, maybe

[MikeBabcock]

http://www.fsf.org/philosophy/licen se-list.html