Convenient how you ignored the other FAQ and stoop to an ad-hominem attack:
I just found out that a company has a copy of a GPL'ed program, and it costs money to get it. Aren't they violating the GPL by not making it available on the Internet?
No. The GPL does not require anyone to use the Internet for distribution. It also does not require anyone in particular to redistribute the program. And (outside of one special case), even if someone does decide to redistribute the program sometimes, the GPL doesn't say he has to distribute a copy to you in particular, or any other person in particular.
What the GPL requires is that he must have the freedom to distribute a copy to you if he wishes to. Once the copyright holder does distribute a copy program to someone, that someone can then redistribute the program to you, or to anyone else, as he sees fit.
In summary, the only way to avoid being required to give source to any third party under GPL2 is by distributing source with the binaries, or by compiling from unmodified source available elsewhere.
Unfortunately, it doesn't seem entirely clear what "any third party" means in this context. It could mean "anyone who has received a binary directly or indirectly" or "anyone in the entire world."
According to this FAQ, "If you choose to provide source through a written offer, then anybody who requests the source from you is entitled to receive it." This seems to support the "anyone in the entire world" definition.
However, this FAQ says: "And (outside of one special case), even if someone does decide to redistribute the program sometimes, the GPL doesn't say he has to distribute a copy to you in particular, or any other person in particular." This seems to support the "anyone who has received a binary directly or indirectly" definition. Unfortunately, I couldn't find a description of that one special case.
A user can't sue a company violating the GPL, only the copyright holder can do that. It would be up to the Webkit developers to pursue a lawsuit if they chose to.
That's usually true, though there are exceptions. However, since Google uses Webkit extensively, they've almost certainly contributed to it and therefore hold copyrights on parts of it.
WebKit is extensively Apple code. The only part that is LGPL is WebCore and JavaScriptCore. The rest was originally all Apple. With the various ports, a collaboration between parties using the BSD license has ensued. WebKit2 is Apple. All the ports from WebKit2 comply with the BSD License or they don't use it. Read the damn source code once in a while to grasp how much actual Code Apple has provided with the BSD license for the world to use. It's a helluva lot of code. The same now goes for Google. Without these two parties who are competitors in the mobile space Mozilla and Opera wouldn't have gotten off their asses to catch up. Hell, the HTML 5 spec was written by Google and Apple when they submitted it.
I think you missed the point. I wasn't trying to invoke some kind of pissing contest about who contributed more code. The point is that if Apple has violated the LGPL by failing to release source of any part of Webkit, any of the other copyright holders of any Webkit code could potentially sue Apple for copyright infringement. It's extremely unlikely it would come to that, but the fact remains that just because Apple has contributed a lot to the project doesn't mean they can ignore the copyright licenses of other contributors.
Apple's had other priorities than making sure the source was on the site immediately, and now the point is moot because the sources were published today.
Exactly what sources were published today? Source for all LGPL components of iOS up to and including version 4.3.3? Which versions of JavaScriptCore and WebCore are in iOS 4.3.3? If Apple did get around to publishing the source today, maybe it was because they wanted to avoid more bad publicity.
I don't personally have the time or desire to match up the versions and release dates, so I am taking Harald Welte's word that there are missing releases. I do expect Apple to respond, especially since their iOS 4.3 source download page is clearly outdated. If they haven't intentionally changed their policy and practices, it should be easy to clear up the confusion.
In fact, it's always been perfectly acceptable to run proprietary programs on GNU/Linux systems, linked with GlibC, which is under the LGPL and communicating with Linux, which is under the GPL.
That's because the kernel has an explicit copyright notice stating that calls from userspace code via public APIs is not constituted as forming derived work.
Whether it is "perfectly acceptable" or not in general is hard to tell, because GPL is murky on this point. It boils down to the definition of "derived work" in copyright, and that is also non-trivial. Heck, it is still an open question if linking to a shared library (within a single process) produces a derived work, for example - even RMS himself admitted that it may not in some circumstances, despite him claiming otherwise for some time.
Userspace programs running on Linux (or any other kernel) are not derived works of the kernel. This is not because of anything Linus says, but is based on US copyright case precedents such as Baystate Technologies, Inc. v. Bentley Systems, Inc. Linus put a note at the top of Linux's COPYING file above the GPL just to clarify things, though it wasn't legally required. As another example, GPL programs like the GIMP can be distributed for Windows without having license compatibility problems, just as proprietary programs can be distributed for Linux.
GlibC is under the LGPL, which is specifically designed to allow linked programs to be under any license, even if it is incompatible wit the LPGL. There is little controversy that a program which dynamically loads an LGPL library is not a derivative work of the library and can therefore be distributed under any license. It is even possible to statically link the incompatibly-licensed program with an LGPL library if done correctly.
So, to sum it up, I'll again say that it has never been hard to tell that it's perfectly acceptable to distribute proprietary userspace programs that run on GNU/Linux systems, linking with GlibC and using Linux system calls. There has been plenty of FUD from the likes of Microsoft implying that any software running on GNU/Linux becomes "infected" with the "GPL virus," but let's not give it any credence.
You're right. I didn't notice that the LGPL had "the same user" where the standard GPL has "any third party," and made a bad assumption. Yet another reason not to choose LGPL.
The GPL v2 doesn't say that distributing one binary of a GPL-licensed work to one person requires the distributor to offer the source to everyone in the world either. The Official FAQ explains this. Though distributing a binary of a GPL work implicitly grants a license to everyone, it does not require the distributor to offer source to everyone, but only those who received a binary from the distributor, either directly or indirectly.
Though LGPL 2.1 and GPL 2.0 have different wording, it's pretty clear that the neither is intended to require a distributor to provide source to those who did not receive a binary, which would be an unreasonable burden. In the typical case, it is not difficult to provide sources on a public website to everyone, but no FSF license has ever required this AFAIK.
Anything's possible and Apple's simply not explaining what they're doing, but it looks fishy. They've apparently violated their previous principle of always releasing source for Webkit at the same time as binaries and are letting people speculate as to why rather than clearly explain their position.
they are legally required to make available source code of any LGPL-licensed components to whomever they have distributed binaries
You need to read your licenses better, or stop believing people who don't know what they are talking about. The only provision in the LGPL for only giving source to people you have given binaries to is if you give the source and binaries together. If you don't give source and binaries together, then you are required to give source to any party that requests it.
I'm not entirely sure what your point is or what you're disputing, but I think you're saying that distributing a binary of an LGPL-licensed library to anyone requires the distributor to offer to source to everyone. This is not the case. The relevant section from LGPL 2.1:
4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.
If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.
"Offering access to copy from a designated place" does not imply a public web site, though that's obviously the most common method. There is nothing saying that source must be provided to anyone who did not receive a binary. For example, a password-protected FTP account would fulfill the requirement if the person who received the binary had the password for the FTP account.
Even if it turns out Apple has not violated any licenses, they have changed their release practices and given no explanation. It's just one more example of very poor interaction with FLOSS communities outside themselves. Given Apple's clear anti-copyleft attitude in general, it's odd they chose to base Webkit on an LGPL project, but certainly not surprising when they try to avoid copyleft requirements.
In contrast, while it's not good that Google is delaying releasing Android 3, at least they've explained this clearly. They've also clearly explained how they largely avoided copyleft components in Android. The fact that this allows them to delay releasing source isn't good, but at least they were upfront about it.
A user can't sue a company violating the GPL, only the copyright holder can do that. It would be up to the Webkit developers to pursue a lawsuit if they chose to.
That's usually true, though there are exceptions. However, since Google uses Webkit extensively, they've almost certainly contributed to it and therefore hold copyrights on parts of it.
More importantly, Google probably hasn't done it too. It's not good that they're delaying the release of Android 3 source , but it's probably not violating any license. The specifically chose non-copyleft code as the basis for Android (with the obvious exception of Linux).
I'm sure Google and Google employees own many iDevices. They might decided to take on Apple over this, since they rely on Webkit. They'd also make sure other iDevice users knew about it.
In other words, "We'll release the source when we're damn well good and ready."
If that's what their attitude has become, they're itching for a fight, since they are legally required to make available source code of any LGPL-licensed components to whomever they have distributed binaries. If they don't make the sources available, any iPhone owner could take them to court. Apple and Steve Jobs are no strangers GPL violation. NeXT wrote an Objective C frontend for GCC and didn't want to release the source for it, but were eventually forced to do so. Apple bought NeXT and got Jobs and all the NeXT code and used it as the basis for OSX and Xcode. You'd think they'd have learned their lesson by now.
(That said, I reckon their bluetooth stack depends sufficiently on BlueZ that their userspace becomes derived from that GPL code - stuffing IPC between your code and GPL code does NOT, of itself, mean your code escapes from the GPL; but that still doesn't mean they'd have to release their code).
"Stuffing IPC" between something under the GPL and something under a different license certainly does isolate the other-licensed code from the GPL. If that weren't the case, it would be nearly impossible to distribute anything under a GPL-incompatible license to run on a GNU/Linux system. Any time you piped output from Bash into the incompatibly-license program, you'd violate the GPL. Thankfully, the GPL is not viral in that way. In fact, it's always been perfectly acceptable to run proprietary programs on GNU/Linux systems, linked with GlibC, which is under the LGPL and communicating with Linux, which is under the GPL.
It would really be fun if Apple decided not to release it and there were a class action lawsuit by all iDevice users, to whom Apple owes source for any LGPL parts of Webkit. Google would definitely back that.
Yeah, it's equally impossible to prove that Anonymous did or did not do it. What I'm still trying to figure out is whether turning "anonymous" into a proper noun has any meaning. What could it possible mean to name something "that which is not identified by name," or "that of unknown name."
Even odder is to intrude into ally's airspace, conduct a combat operation on its soil and kill one or more of its residents without even bothering to warn them about it. In most cases, that would spark a major international incident. It's always been a stretch to call Pakistan a US ally or friendly territory.
I can't say I understand the issue either, but I wish I did. What this illustrates is Computer Science is quite distinct from software development and programming, though many conflate them. You don't have to know much physics to be a technician or do most engineering either.
Anyone who has read TFA will not find this the least bit insightful, though the Slashdot headline is extremely misleading as usual. Sony said they had been the "victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes," but did not blame Anonymous for that. They said they were under a DDOS attack from Anonymous at the same time as the security breach and the two events may or may not have been related.
I was rather curios about the 'dead code' elimination... That would seem to me to be one of the first things to go solve, if nothing is pointing to that particular code portion, simply do not compile it. I must be missing something where that would not be one of the first targets to eliminate.
Dead code elimination is certainly a worthy goal, though not necessarily easy in a highly dynamic language like Javascript.
Slashdot Mirror
If it really didn't require any creativity, you wouldn't need a human to write it.
Convenient how you ignored the other FAQ and stoop to an ad-hominem attack:
I just found out that a company has a copy of a GPL'ed program, and it costs money to get it. Aren't they violating the GPL by not making it available on the Internet?
No. The GPL does not require anyone to use the Internet for distribution. It also does not require anyone in particular to redistribute the program. And (outside of one special case), even if someone does decide to redistribute the program sometimes, the GPL doesn't say he has to distribute a copy to you in particular, or any other person in particular.
What the GPL requires is that he must have the freedom to distribute a copy to you if he wishes to. Once the copyright holder does distribute a copy program to someone, that someone can then redistribute the program to you, or to anyone else, as he sees fit.
In summary, the only way to avoid being required to give source to any third party under GPL2 is by distributing source with the binaries, or by compiling from unmodified source available elsewhere.
Unfortunately, it doesn't seem entirely clear what "any third party" means in this context. It could mean "anyone who has received a binary directly or indirectly" or "anyone in the entire world."
According to this FAQ, "If you choose to provide source through a written offer, then anybody who requests the source from you is entitled to receive it." This seems to support the "anyone in the entire world" definition.
However, this FAQ says: "And (outside of one special case), even if someone does decide to redistribute the program sometimes, the GPL doesn't say he has to distribute a copy to you in particular, or any other person in particular." This seems to support the "anyone who has received a binary directly or indirectly" definition. Unfortunately, I couldn't find a description of that one special case.
A user can't sue a company violating the GPL, only the copyright holder can do that. It would be up to the Webkit developers to pursue a lawsuit if they chose to.
That's usually true, though there are exceptions. However, since Google uses Webkit extensively, they've almost certainly contributed to it and therefore hold copyrights on parts of it.
WebKit is extensively Apple code. The only part that is LGPL is WebCore and JavaScriptCore. The rest was originally all Apple. With the various ports, a collaboration between parties using the BSD license has ensued. WebKit2 is Apple. All the ports from WebKit2 comply with the BSD License or they don't use it. Read the damn source code once in a while to grasp how much actual Code Apple has provided with the BSD license for the world to use. It's a helluva lot of code. The same now goes for Google. Without these two parties who are competitors in the mobile space Mozilla and Opera wouldn't have gotten off their asses to catch up. Hell, the HTML 5 spec was written by Google and Apple when they submitted it.
I think you missed the point. I wasn't trying to invoke some kind of pissing contest about who contributed more code. The point is that if Apple has violated the LGPL by failing to release source of any part of Webkit, any of the other copyright holders of any Webkit code could potentially sue Apple for copyright infringement. It's extremely unlikely it would come to that, but the fact remains that just because Apple has contributed a lot to the project doesn't mean they can ignore the copyright licenses of other contributors.
Apple's had other priorities than making sure the source was on the site immediately, and now the point is moot because the sources were published today.
Exactly what sources were published today? Source for all LGPL components of iOS up to and including version 4.3.3? Which versions of JavaScriptCore and WebCore are in iOS 4.3.3? If Apple did get around to publishing the source today, maybe it was because they wanted to avoid more bad publicity.
I don't personally have the time or desire to match up the versions and release dates, so I am taking Harald Welte's word that there are missing releases. I do expect Apple to respond, especially since their iOS 4.3 source download page is clearly outdated. If they haven't intentionally changed their policy and practices, it should be easy to clear up the confusion.
In fact, it's always been perfectly acceptable to run proprietary programs on GNU/Linux systems, linked with GlibC, which is under the LGPL and communicating with Linux, which is under the GPL.
That's because the kernel has an explicit copyright notice stating that calls from userspace code via public APIs is not constituted as forming derived work.
Whether it is "perfectly acceptable" or not in general is hard to tell, because GPL is murky on this point. It boils down to the definition of "derived work" in copyright, and that is also non-trivial. Heck, it is still an open question if linking to a shared library (within a single process) produces a derived work, for example - even RMS himself admitted that it may not in some circumstances, despite him claiming otherwise for some time.
Userspace programs running on Linux (or any other kernel) are not derived works of the kernel. This is not because of anything Linus says, but is based on US copyright case precedents such as Baystate Technologies, Inc. v. Bentley Systems, Inc. Linus put a note at the top of Linux's COPYING file above the GPL just to clarify things, though it wasn't legally required. As another example, GPL programs like the GIMP can be distributed for Windows without having license compatibility problems, just as proprietary programs can be distributed for Linux.
GlibC is under the LGPL, which is specifically designed to allow linked programs to be under any license, even if it is incompatible wit the LPGL. There is little controversy that a program which dynamically loads an LGPL library is not a derivative work of the library and can therefore be distributed under any license. It is even possible to statically link the incompatibly-licensed program with an LGPL library if done correctly.
So, to sum it up, I'll again say that it has never been hard to tell that it's perfectly acceptable to distribute proprietary userspace programs that run on GNU/Linux systems, linking with GlibC and using Linux system calls. There has been plenty of FUD from the likes of Microsoft implying that any software running on GNU/Linux becomes "infected" with the "GPL virus," but let's not give it any credence.
However if you go to http://www.opensource.apple.com/source/JavaScriptCore/ and http://www.opensource.apple.com/source/WebCore/, you will find the directories that were missing (and more). Could it be that someone at Apple just didn't update a web page? If you were developing WebKit most likely you would have gotten the code through code repository.
I think that the fact that the iOS 4.3 source download page is not up to date with http://www.opensource.apple.com/source/JavaScriptCore/ and http://www.opensource.apple.com/source/WebCore/ is separate from the claim that iOS versions 4.3.1, 4.3.2 and 4.3.3 have not been accompanied by a source release. However, I don't see an easy way to map WebCore and JavaScriptCore versions to iOS versions.
You're right. I didn't notice that the LGPL had "the same user" where the standard GPL has "any third party," and made a bad assumption. Yet another reason not to choose LGPL.
The GPL v2 doesn't say that distributing one binary of a GPL-licensed work to one person requires the distributor to offer the source to everyone in the world either. The Official FAQ explains this. Though distributing a binary of a GPL work implicitly grants a license to everyone, it does not require the distributor to offer source to everyone, but only those who received a binary from the distributor, either directly or indirectly.
Though LGPL 2.1 and GPL 2.0 have different wording, it's pretty clear that the neither is intended to require a distributor to provide source to those who did not receive a binary, which would be an unreasonable burden. In the typical case, it is not difficult to provide sources on a public website to everyone, but no FSF license has ever required this AFAIK.
Anything's possible and Apple's simply not explaining what they're doing, but it looks fishy. They've apparently violated their previous principle of always releasing source for Webkit at the same time as binaries and are letting people speculate as to why rather than clearly explain their position.
they are legally required to make available source code of any LGPL-licensed components to whomever they have distributed binaries
You need to read your licenses better, or stop believing people who don't know what they are talking about. The only provision in the LGPL for only giving source to people you have given binaries to is if you give the source and binaries together. If you don't give source and binaries together, then you are required to give source to any party that requests it.
I'm not entirely sure what your point is or what you're disputing, but I think you're saying that distributing a binary of an LGPL-licensed library to anyone requires the distributor to offer to source to everyone. This is not the case. The relevant section from LGPL 2.1:
"Offering access to copy from a designated place" does not imply a public web site, though that's obviously the most common method. There is nothing saying that source must be provided to anyone who did not receive a binary. For example, a password-protected FTP account would fulfill the requirement if the person who received the binary had the password for the FTP account.
Even if it turns out Apple has not violated any licenses, they have changed their release practices and given no explanation. It's just one more example of very poor interaction with FLOSS communities outside themselves. Given Apple's clear anti-copyleft attitude in general, it's odd they chose to base Webkit on an LGPL project, but certainly not surprising when they try to avoid copyleft requirements.
In contrast, while it's not good that Google is delaying releasing Android 3, at least they've explained this clearly. They've also clearly explained how they largely avoided copyleft components in Android. The fact that this allows them to delay releasing source isn't good, but at least they were upfront about it.
A user can't sue a company violating the GPL, only the copyright holder can do that. It would be up to the Webkit developers to pursue a lawsuit if they chose to.
That's usually true, though there are exceptions. However, since Google uses Webkit extensively, they've almost certainly contributed to it and therefore hold copyrights on parts of it.
Am I the only to see a very simple explanation that the author has missed?
Apple's own iOS 4.3 source download page references the unreleased sources of JavaScriptCore and WebCore.
More importantly, Google probably hasn't done it too. It's not good that they're delaying the release of Android 3 source , but it's probably not violating any license. The specifically chose non-copyleft code as the basis for Android (with the obvious exception of Linux).
I'm sure Google and Google employees own many iDevices. They might decided to take on Apple over this, since they rely on Webkit. They'd also make sure other iDevice users knew about it.
In other words, "We'll release the source when we're damn well good and ready."
If that's what their attitude has become, they're itching for a fight, since they are legally required to make available source code of any LGPL-licensed components to whomever they have distributed binaries. If they don't make the sources available, any iPhone owner could take them to court. Apple and Steve Jobs are no strangers GPL violation. NeXT wrote an Objective C frontend for GCC and didn't want to release the source for it, but were eventually forced to do so. Apple bought NeXT and got Jobs and all the NeXT code and used it as the basis for OSX and Xcode. You'd think they'd have learned their lesson by now.
(That said, I reckon their bluetooth stack depends sufficiently on BlueZ that their userspace becomes derived from that GPL code - stuffing IPC between your code and GPL code does NOT, of itself, mean your code escapes from the GPL; but that still doesn't mean they'd have to release their code).
"Stuffing IPC" between something under the GPL and something under a different license certainly does isolate the other-licensed code from the GPL. If that weren't the case, it would be nearly impossible to distribute anything under a GPL-incompatible license to run on a GNU/Linux system. Any time you piped output from Bash into the incompatibly-license program, you'd violate the GPL. Thankfully, the GPL is not viral in that way. In fact, it's always been perfectly acceptable to run proprietary programs on GNU/Linux systems, linked with GlibC, which is under the LGPL and communicating with Linux, which is under the GPL.
It would really be fun if Apple decided not to release it and there were a class action lawsuit by all iDevice users, to whom Apple owes source for any LGPL parts of Webkit. Google would definitely back that.
Yeah, it's equally impossible to prove that Anonymous did or did not do it. What I'm still trying to figure out is whether turning "anonymous" into a proper noun has any meaning. What could it possible mean to name something "that which is not identified by name," or "that of unknown name."
Even odder is to intrude into ally's airspace, conduct a combat operation on its soil and kill one or more of its residents without even bothering to warn them about it. In most cases, that would spark a major international incident. It's always been a stretch to call Pakistan a US ally or friendly territory.
I can't say I understand the issue either, but I wish I did. What this illustrates is Computer Science is quite distinct from software development and programming, though many conflate them. You don't have to know much physics to be a technician or do most engineering either.
If you'd read TFA, you'd know that a DDOS is exactly what Sony accused Anonymous of. They accused an unknown entity of the "theft."
Anyone who has read TFA will not find this the least bit insightful, though the Slashdot headline is extremely misleading as usual. Sony said they had been the "victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes," but did not blame Anonymous for that. They said they were under a DDOS attack from Anonymous at the same time as the security breach and the two events may or may not have been related.
I was rather curios about the 'dead code' elimination... That would seem to me to be one of the first things to go solve, if nothing is pointing to that particular code portion, simply do not compile it. I must be missing something where that would not be one of the first targets to eliminate.
Dead code elimination is certainly a worthy goal, though not necessarily easy in a highly dynamic language like Javascript.