guide/Case-Study-Ethics/new-case-study-ethics.tex

1978 lines
88 KiB
TeX
Raw Normal View History

% Tutorial Text for the Detailed Study and Analysis of GPL and LGPL course
%
% Copyright (C) 2003, 2004 Free Software Foundation, Inc.
% Verbatim copying and distribution of this entire document is permitted in
% any medium, provided this notice is preserved.
\documentclass[11pt]{book}
% FILTER_PS: \input{generate-ps-file}
% FILTER_PDF: \input{generate-pdf-file}
% FILTER_HTML: \input{generate-html-file}
% NOT FOUND \input{one-inch-margins}
\usepackage{enumerate}
\usepackage[dvips]{graphicx}
%\setlength\parskip{0.7em}
%\setlength\parindent{0pt}
\newcommand{\defn}[1]{\emph{#1}}
%\pagestyle{empty}
\begin{document}
\frontmatter
\begin{titlepage}
\begin{center}
%\vspace{.5in}
\vfill
\includegraphics{fsf-logo.eps}
\vfill
{\Large
{\sc GPL Compliance Case Studies} \\
\vfill
%\vspace{.7in}
% \vspace{.3in}
Stanford University, Stanford, CA, USA \\
\vspace{.1in}
Wednesday, 25 August 2004
}
% \vspace{.7in}
\vfill
{\large
Bradley M. Kuhn
Executive Director
Free Software Foundation
}
\vspace{.3in}
{\large
Daniel Ravicher
Senior Counsel
Free Software Foundation
President and Executive Director
Public Patent Foundation
}
\end{center}
\vfill
{\parindent 0in
Copyright \copyright{} 2003, 2004 \hspace{.2in} Free Software Foundation, Inc.
\vspace{.3in}
Verbatim copying and distribution of this entire document is permitted in
any medium, provided this notice is preserved.
}
\end{titlepage}
\pagestyle{plain}
\pagenumbering{roman}
\chapter*{GPL Compliance Case Studies}
\textit{Stanford University, Stanford, CA 25 August 2004}
\begin{tabular}[t]{ll}
09:00 - 09:25 & Registration / Check-in / Continental Breakfast\\
&\\
09:25 - 09:30 & Welcome\\
&\\
09:30 - 09:45 & Overview of FSF's GPL Compliance Lab\\
&\textit{Bradley M. Kuhn}\\
&\\
09:45 - 10:40 & GPL Violation Case Study A\\
&\textit{Bradley M. Kuhn}\\
&\\
10:40 - 11:00 & GPL Violation Case Study B\\
&\textit{Bradley M. Kuhn}\\
&\\
11:00 - 11:10 & Q \& A\\
&\\
11:10 - 11:20 & Break\\
&\\
11:20 - 11:50 & GPL Violation Case Study C\\
&\textit{Bradley M. Kuhn}\\
&\\
11:50 - 12:10 & GPL Violation Case Study D\\
&\textit{Bradley M. Kuhn}\\
&\\
12:10 - 12:20 & Good Practices for GPL Compliance\\
&\textit{Bradley M. Kuhn}\\
&\\
\end{tabular}
\begin{tabular}[t]{ll}
12:20 - 12:30 & Q \& A\\
&\\
12:30 - 14:00 & Lunch and Lecture ``GPL 3: Prospects and Process''\\
& \textit{Prof. Eben Moglen}\\
&\\
14:00 - 15:40 & Ethical Considerations and Legal Practices\\
&\textit{Daniel Ravicher}\\
&\\
15:40 - 15:50 & Q \& A\\
&\\
15:50 - 16:00 & Break\\
&\\
16:00 - 17:30 & Current Issues in Free Software\\
& \textit{Prof. Eben Moglen}\\
&\\
17:30 - 18:00 & Q \& A\\
\end{tabular}
\pagebreak
% =====================================================================
% START OF SECOND DAY SEMINAR SECTION
% =====================================================================
\chapter*{Preface}
This one-day course presents the details of five different GPL
compliance cases handled by FSF's GPL Compliance Laboratory. Each case
offers unique insights into problems that can arise when the terms of
GPL are not properly followed, and how diplomatic negotiation between
the violator and the copyright holder can yield positive results for
both parties.
Attendees should have successfully completely the course, a ``Detailed
Study and Analysis of the GPL and LGPL,'' as the material from that
course forms the building blocks for this material.
This course is of most interest to lawyers who have clients or
employers that deal with Free Software on a regular basis. However,
technical managers and executives whose businesses use or distribute
Free Software will also find the course very helpful.
\bigskip
These course materials are merely a summary of the highlights of the
course presented. Please be aware that during the actual GPL course, class
discussion supplements this printed curriculum. Simply reading it is
not equivalent to attending the course.
\tableofcontents
\mainmatter
\pagenumbering{arabic}
\chapter{Overview of FSF's GPL Compliance Lab}
The GPL is a Free Software license with legal teeth. Unlike licenses like
the X11-style or various BSD licenses, GPL (and by extension, the LGPL) is
designed to defend as well as grant freedom. We saw in the last course
that GPL uses copyright law as a mechanism to grant all the key freedoms
essential in Free Software, but also to ensure that those freedoms
propagate throughout the distribution chain of the software.
\section{Termination Begins Enforcement}
As we have learned, the assurance that Free Software under GPL remains
Free Software is accomplished through various terms of GPL: \S 3 ensures
that binaries are always accompanied with source; \S 2 ensures that the
sources are adequate, complete and usable; \S 6 and \S 7 ensure that the
license of the software is always GPL for everyone, and that no other
legal agreements or licenses trump GPL. It is \S 4, however, that ensures
that the GPL can be enforced.
Thus, \S 4 is where we begin our discussion of GPL enforcement. This
clause is where the legal teeth of the license are rooted. As a copyright
license, GPL governs only the activities governed by copyright law ---
copying, modifying and redistributing computer software. Unlike most
copyright licenses, GPL gives wide grants of permission for engaging with
these activities. Such permissions continue, and all parties may exercise
them until such time as one party violates the terms of GPL\@. At the
moment of such a violation (i.e., the engaging of copying, modifying or
redistributing in ways not permitted by GPL) \S 4 is invoked. While other
parties may continue to operate under GPL, the violating party loses their
rights.
Specifically, \S 4 terminates the violators' rights to continue
engaging in the permissions that are otherwise granted by GPL\@.
Effectively, their rights revert to the copyright defaults ---
no permission is granted to copy, modify, nor redistribute the work.
Meanwhile, \S 5 points out that if the violator has no rights under
GPL, they are prohibited by copyright law from engaging in the
activities of copying, modifying and distributing. They have lost
these rights because they have violated the GPL, and no other license
gives them permission to engage in these activities governed by copyright law.
\section{Ongoing Violations}
In conjunction with \S 4's termination of violators' rights, there is
one final industry fact added to the mix: rarely, does one engage in a
single, solitary act of copying, distributing or modifying software.
Almost always, a violator will have legitimately acquired a copy of a
GPL'd program, either making modifications or not, and then begun
distributing that work. For example, the violator may have put the
software in boxes and sold them at stores. Or perhaps the software
was put up for download on the Internet. Regardless of the delivery
mechanism, violators almost always are engaged in {\em ongoing\/}
violation of GPL\@.
In fact, when we discover a GPL violation that occurred only once --- for
example, a user group who distributed copies of a GNU/Linux system without
source at one meeting --- we rarely pursue it with a high degree of
tenacity. In our minds, such a violation is an educational problem, and
unless the user group becomes a repeat offender (as it turns out, they
never do), we simply forward along a FAQ entry that best explains how user
groups can most easily comply with GPL, and send them on their merry way.
It is only the cases of {\em ongoing\/} GPL violation that warrant our
active attention. We vehemently pursue those cases where dozens, hundreds
or thousands of customers are receiving software that is out of
compliance, and where the company continually offers for sale (or
distributes gratis as a demo) software distributions that include GPL'd
components out of compliance. Our goal is to maximize the impact of
enforcement and educate industries who are making such a mistake on a
large scale.
In addition, such ongoing violation shows that a particular company is
committed to a GPL'd product line. We are thrilled to learn that someone
is benefiting from Free Software, and we understand that sometimes they
become confused about the rules of the road. Rather than merely
giving us a post mortem to perform on a past mistake, an ongoing violation
gives us an active opportunity to educate a new contributor to the GPL'd
commons about proper procedures to contribute to the community.
Our central goal is not, in fact, to merely clear up a particular violation.
In fact, over time, we hope that our compliance lab will be out of
business. We seek to educate the businesses that engage in commerce
related to GPL'd software to obey the rules of the road and allow them to
operate freely under them. Just as a traffic officer would not revel in
reminding people which side of the road to drive on, so we do not revel in
violations. By contrast, we revel in the successes of educating an
ongoing violator about GPL so that GPL compliance becomes a second-nature
matter, allowing that company to join the GPL ecosystem as a contributor.
\section{How are Violations Discovered?}
Our enforcement of GPL is not a fund-raising effort; in fact, FSF's GPL
Compliance Lab runs at a loss (in other words, it is subsided by our
donors). Our violation reports come from volunteers, who have encountered,
in their business or personal life, a device or software product that
appears to contain GPL'd software. These reports are almost always sent
via email to $<$license-violation@fsf.org$>$.
Our first order of business, upon receiving such a report, is to seek
independent confirmation. When possible, we get a copy of the software
product. For example, if it is an offering that is downloadable from a
Web site, we download it and investigate ourselves. When it is not
possible for us to actually get a copy of the software, we ask the
reporter to go through the same process we would use in examining the
software.
By rough estimation, about 95\% of violations at this stage can be
confirmed by simple commands. Almost all violators have merely made an
error and have no nefarious intentions. They have made no attempt to
remove our copyright notices from the software. Thus, given the
third-party binary, {\tt tpb}, usually, a simple command (on a GNU/Linux
system) such as the following will find a Free Software copyright notice
and GPL reference:
\begin{quotation}
{\tt strings tpb | grep Copyright}
\end{quotation}
In other words, it is usually more than trivial to confirm that GPL'd
software is included.
Once we have confirmed that a violation has indeed occurred, we must then
determine whose copyright has been violated. Contrary to popular belief,
FSF does not have the power to enforce GPL in all cases. Since GPL
operates under copyright law, the powers of enforcement --- to seek
redress once \S 4 has been invoked --- lie with the copyright holder of
the software. FSF is one of the largest copyright holders in the world of
GPL'd software, but we are by no means the only one. Thus, we sometimes
discover that while GPL'd code is present in the software, there is no
software copyrighted by FSF present.
In cases where FSF does not hold copyright interest in the software, but
we have confirmed a violation, we contact the copyright holders of the
software, and encourage them to enforce GPL\@. We offer our good offices
to help negotiate compliance on their behalf, and many times, we help as a
third party to settle such GPL violations. However, what we will describe
primarily in this course is FSF's first-hand experience enforcing its own
copyrights and GPL\@.
\section{First Contact}
The Free Software community is built on a structure of voluntary
cooperation and mutual help. Our community has learned that cooperation
works best when you assume the best of others, and only change policy,
procedures and attitudes when some specific event or occurrence indicates
that a change is necessary. We treat the process of GPL enforcement in
the same way. Our goal is to encourage violators to join the cooperative
community of software sharing, so we want to open our hand in friendship.
Therefore, once we have confirmed a violation, our first assumption is
that the violation is an oversight or otherwise a mistake due to confusion
about the terms of the license. We reach out to the violator and ask them
to work with us in a collaborative way to bring the product into
compliance. We have received the gamut of possible reactions to such
requests, and in this course, we examine four specific examples of such
compliance work.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\chapter{Davrik: Modified GCC SDK}
In our first case study, we will consider Davrik, a company that
produces software and hardware toolkits to assist OEM vendors, makers
of consumer electronic devices.
\section{Facts}
One of Davrik's key products is a Software Development Kit (``SDK'')
designed to assist developers building software for a specific class of
consumer electronics devices.
FSF received a report that the SDK may be based on the GNU Compiler
Collection (which is an FSF-copyrighted collection of tools for software
development in C, C++ and other popular languages). FSF investigated the
claim, but was unable to confirm the violation. The violation reporter
was unresponsive to follow-up requests for more information.
Since FSF was unable to confirm the violation, we did not pursue it any
further. Bogus reports do happen, and we do not want to burden companies
with specious GPL violation complaints. FSF shelved the matter until
more evidence was discovered.
FSF was later able to confirm the violation when two additional reports
surfaced from other violation reporters, both of whom had used the SDK
professionally and noticed clear similarities to FSF's GNU GCC\@. FSF's
Compliance Engineer asked the reporters to run standard tests to confirm
the violation, and it was confirmed that Davrik's SDK was indeed a
derivative work of GCC\@. Davrik had ported to Windows and added a number
of features, including support for a specific consumer device chipset and
additional features to aid in the linking process (``LP'') for those
specific devices. FSF explained the rights that the GPL afforded these
customers and pointed out, for example, that Davrik only needed to provide
source to those in possession of the binaries, and that the users may need
to request that source (if \S 3(b) was exercised). The violators
confirmed that such requests were not answered.
FSF brought the matter to the attention of Davrik, who immediately
escalated the matter to their attorneys. After a long negotiation,
Davrik acknowledged that their SDK was indeed a derivative work of
GCC\@. Davrik released most of the source, but some disagreement
occurred over whether LP was a derivate work of GCC\@. After repeated
FSF inquiries, Davrik reaudited the source to discover that FSF's
analysis was correct. Davrik determined that LP included a number of
source files copied from the GCC code-base.
\label{davrik-build-problems}
Once the full software release was made available, FSF asked the violation
reporters if it addressed the problem. Reports came back that the source
did not properly build. FSF asked Davrik to provide better build
instructions with the software, and such build instructions were
incorporated into the next software release.
At FSF's request as well, Davrik informed customers who had previously
purchased the product that the source was now available by announcing
the availablity on its Web site and via a customer newsletter.
Davrik did have some concerns regarding patents. They wished to include a
statement with the software release that made sure they were not granting
any patent permission other than what was absolutely required by GPL\@.
They understood that their patent assertions could not trump any rights
granted by GPL\@. The following language was negotiated into the release:
\begin{quotation}
Subject to the qualifications stated below, Davrik, on behalf of itself
and its Subsidiaries, agrees not to assert the Claims against you for your
making, use, offer for sale, sale, or importation of the Davrik's GNU
Utilities or derivative works of the Davrik's GNU Utilities
(``Derivatives''), but only to the extent that any such Derivatives are
licensed by you under the terms of the GNU General Public License. The
Claims are the claims of patents that Davrik or its Subsidiaries have
standing to enforce that are directly infringed by the making, use, or
sale of an Davrik Distributed GNU Utilities in the form it was distributed
by Davrik and that do not include any limitation that reads on hardware;
the Claims do not include any additional patent claims held by Davrik that
cover any modifications of, derivative works based on or combinations with
the Davrik's GNU Utilities, even if such a claim is disclosed in the same
patent as a Claim. Subsidiaries are entities that are wholly owned by
Davrik.
This statement does not negate, limit or restrict any rights you already
have under the GNU General Public License version 2.
\end{quotation}
This quelled Davrik's concerns about other patent licensing they sought to
do outside of the GPL'd software, and satisfied FSF's concerns that Davrik
give proper permissions to exercise teachings of patents that were
exercised in their GPL'd software release.
Finally, a GPL Compliance Officer inside Davrik was appointed to take
responsibility for all matters of GPL compliance inside the company.
Darvik is responsible for informing FSF if the position is given to
someone else inside the company, and making sure that FSF has direct
contact with Darvik's Compliance Officer.
\section{Lessons}
This case introduces a number of concepts regarding GPL enforcement.
\begin{enumerate}
\item {\bf Enforcement should not begin until the evidence is confirmed.}
Most companies who distribute GPL'd software do so in compliance, and at
times, violation reports are mistaken. Even with extensive efforts in
GPL education, many users do not fully understand their rights and the
obligations that companies have. By working through the investigation
with reporters, the violation can be properly confirmed, and {\bf the
user of the software can be educated about what to expect with GPL'd
software}. When users and customers of GPL'd products know their
rights, what to expect, and how to properly exercise their rights
(particularly under \S 3(b)), it reduces the chances for user
frustration and inappropriate community outcry about an alleged GPL
violation.
\item {\bf GPL compliance requires friendly negotiation and cooperation.}
Often, attorneys and managers are legitimately surprised to find out
GPL'd software is included in their company's products. Engineers
sometimes include GPL'd software without understanding the requirements.
This does not excuse companies from their obligations under the license,
but it does mean that care and patience are essential for reaching GPL
compliance. We want companies to understand that participating and
benefiting from a collaborative Free Software community is not a burden,
so we strive to make the process of coming into compliance as smooth as
possible.
\item {\bf Confirming compliance is a community effort.} The whole point
of making sure that software distributors respect the terms of GPL is to
allow a thriving software sharing community to benefit and improve the
work. FSF is not the expert on how a compiler for consumer electronic
devices should work. We therefore inform the community who originally
brought the violation to our attention and ask them to assist in
evaluation and confirmation of the product's compliance. Of course, FSF
coordinates and oversees the process, but we do not want compliance for
compliance's sake; rather, we wish to foster a cooperating community of
development around the Free Software in question, and encourage the
once-violator to begin participating in that community.
\item {\bf Informing the harmed community is part of compliance.} FSF asks
violators to make some attempt --- such as via newsletters and the
company's Web site --- to inform those who already have the products as
to their rights under GPL\@. One of the key thrusts of GPL's \S 1 and
\S 3 is to {\em make sure the user knows she has these rights\/}. If a
product was received out of compliance by a customer, she may never
actually discover that she has such rights. Informing customers, in a
way that is not burdensome but has a high probability of successfully
reaching those who would seek to exercise their freedoms, is essential
to properly remedy the mistake.
\item {\bf Lines between various copyright, patent, and other legal
mechanisms must be precisely defined and considered.} The most
difficult negotiation point of the Davrik case was drafting language
that simultaneously protected Davrik's patent rights outside of the
GPL'd source, but was consistent with the implicit patent grant in
GPL\@. As we discussed in the first course of this series, there is
indeed an implicit patent grant with GPL, thanks to \S 6 and \S 7.
However, many companies become nervous and wish to make the grant
explicit to assure themselves that the grant is sufficiently narrow for
their needs. We understand that there is no reasonable way to determine
what patent claims read on a company's GPL holdings and which do not, so
we do not object to general language that explicitly narrows the patent
grant to only those patents that were, in fact, exercised by the GPL'd
software as released by the company.
\end{enumerate}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\chapter{Bracken: a Minor Violation in a GNU/Linux Distribution}
In this case study, we consider a minor violation made by a company whose
knowledge of the Free Software community and its functions is deep.
\section{The Facts}
Bracken produces a GNU/Linux operating system product that is sold
primarily to OEM vendors to be placed in appliance devices used for a
single purpose, such as an Internet-browsing-only device. The product
is almost 100\% Free Software, mostly licensed under GPL and related
Free Software licenses.
FSF found out about this violation through a report first posted on a
Slashdot\footnote{Slashdot is a popular news and discussion site for
technical readers.} comment, and then it was brought to our attention again
by another Free Software copyright holder who had discovered the
same violation.
Bracken's GNU/Linux product is delivered directly from their Web site.
This allowed FSF engineers to directly download and confirm the
violation quickly. Two primary problems were discovered with the
online distribution:
\begin{itemize}
\item No source code nor offer for source code was provided for a number
of components for the distributed GNU/Linux system; only binaries were
available
\item An End User License Agreement (``EULA'') was included that
contradicted the permissions granted by GPL\@
\end{itemize}
FSF contacted Bracken and gave them the details of the violation. Bracken
immediately ceased distribution of the product temporarily and set forth
a plan to bring themselves back into compliance. This plan included the
following steps:
\begin{itemize}
\item Bracken attorneys would rewrite the EULA to comply with GPL and
would vet the new EULA through FSF before use
\item Bracken engineers would provide source side-by-side with the
binaries for the GNU/Linux distribution on the site (and on CD's, if
ever they distributed that way)
\item Bracken attorneys would run an internal seminar for its engineers
regarding proper GPL compliance to help ensure that such oversights
regarding source releases would not occur in the future
\item Bracken would resume distribution of the product only after FSF
formally restored Bracken's distribution rights
\end{itemize}
This case was completed in about a month. FSF approved the new EULA
text. The key portion in the EULA relating to GPL read as follows:
\begin{quotation}
Many of the Software Programs included in Bracken Software are distributed
under the terms of agreements with Third Parties (``Third Party
Agreements'') which may expand or limit the Licensee's rights to use
certain Software Programs as set forth in [this EULA]. Certain Software
Programs may be licensed (or sublicensed) to Licensee under the GNU
General Public License and other similar license agreements listed in part
in this section which, among other rights, permit the Licensee to copy,
modify and redistribute certain Software Programs, or portions thereof,
and have access to the source code of certain Software Programs, or
portions thereof. In addition, certain Software Programs, or portions
thereof, may be licensed (or sublicensed) to Licensee under terms stricter
than those set forth in [this EULA]. The Licensee must review the
electronic documentation that accompanies certain Software Programs, or
portions thereof, for the applicable Third Party Agreements. To the
extent any Third Party Agreements require that Bracken provide rights to
use, copy or modify a Software Program that are broader than the rights
granted to the Licensee in [this EULA], then such rights shall take
precedence over the rights and restrictions granted in this Agreement
solely for such Software Programs.
\end{quotation}
FSF restored Bracken's distribution rights shortly after the work was
completed as described.
\section{Lessons Learned}
This case was probably the most quickly and easily resolved of all GPL
violations in the history of FSF's Compliance Lab. The ease with which
the problem was resolved shows a number of cultural factors that play a
role in GPL compliance.
\begin{enumerate}
\item {\bf Companies that understand Free Software culture better have an
easier time with compliance.} Bracken's products were designed and
built around the GNU/Linux system and Free Software components. Their
engineers were deeply familiar with the Free Software ecosystem, and
their lawyers had seen and reviewed GPL before. The violation was
completely an honest mistake. Since the culture inside the company had
already adapted to the cooperative style of resolution in the Free
Software world, there was very little work for either party to bring the
product into compliance.
\item {\bf When people in key positions understand the Free Software
nature of their software products, compliance concerns are as
mundane as minor software bugs.} Even the most functional system or
structure has its problems, and successful business often depends on
agile response to the problems that do come up; avoiding problems
altogether is a pipe dream. Minor GPL violations can and do happen
even with well-informed redistributors. However, resolution is
reached quickly when the company --- and in particular, the lawyers,
managers, and engineers working on the Free Software product lines
--- have adapted to Free Software culture that the lower-level
engineer already understood
\item {\bf Legally, distribution must stop when a violation is
identified.} In our opinion, Bracken went above and beyond the call of
duty by ceasing distribution while the violation was being resolved.
Under GPL \S 4, the redistributor loses the right to distribute the
software, and thus they are in ongoing violation of copyright law if
they distribute before rights are restored. It is FSF's policy to
temporarily allow distribution while compliance negotiations are ongoing
and only in the most extreme cases (where the other party appears to be
negotiating in bad faith) does FSF even threaten an injunction on
copyright grounds. However, Bracken --- as a good Free Software citizen
--- chose to be on the safe side and do the legally correct thing while
the violation case was pending. From start to finish, it took less
than a month to resolve. This lapse in distribution did not, to FSF's
knowledge, impact Bracken's business in any way.
\item {\bf EULAs are a common area for GPL problems.} Often, EULAs
are drafted from boilerplate text that a company uses for all its
products. Even the most diligent attorneys forget or simply do not
know that a product contains software licensed under GPL and other
Free Software licenses. Drafting a EULA that accounts for such
licenses is straightforward; the text quoted above works just fine.
The EULA must be designed so that it does not trump rights and
permissions already granted by GPL\@. The EULA must clearly state
that if there is a conflict between it and GPL, with regard to GPL'd
code, the GPL is the overriding license.
\item {\bf Compliance Officers are rarely necessary when companies are
educated about GPL compliance.} As we saw in the Davrik case, FSF asks
that a formal ``GPL Compliance Officer'' be appointed inside a
previously violating organization to shepherd the organization to a
cooperative approach to GPL compliance. However, when FSF
sees that an organization already has such an approach, there is no
need to request that such an officer be appointed.
\end{enumerate}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\chapter{Vigorien: Security, Export Controls, and GPL Compliance}
This case study introduces how concerns of ``security through obscurity''
and regulatory problems can impact GPL compliance matters.
\section{The Facts}
Vigorien distributes a back-up solution product that allows system
administrators to create encrypted backups of file-systems on
Unix-like computers. The product is based on GNU tar, a backup utility
that replaces the standard Unix utility simply called tar, but has
additional features.
Vigorien's backup solution added cryptographic features to GNU tar, and
included a suite of utilities and graphical user interfaces surrounding
GNU tar to make backups convenient.
FSF discovered the violation from a user report, and determined that the
cryptographic features were the only part of the product that constituted
a derivative work of GNU tar; the extraneous utilities merely made
shell calls out to GNU tar. FSF requested that Vigorien come into
compliance with GPL by releasing the source of GNU tar, with the
cryptographic modifications, to its customers.
Vigorien released the original GNU tar sources, but kept the cryptographic
modifications proprietary. They argued that the security of their system
depending on keeping the software proprietary and that regardless, USA
export restrictions on cryptographic software prohibited such a release.
FSF disputed the first claim, pointing out that Vigorien had only one
option if they did not want to release the source: they would have to
remove GNU tar from the software and not distribute it further. Vigorien
rejected this suggestion, since GNU tar was an integral part of the
product, and the security changes were useless without GNU tar.
Regarding the export control claims, FSF proposed a number of options,
including release of the source from one of Vigorien's divisions overseas
where no such restrictions occurred, but Vigorien argued that the problem
was insoluble because they operated primarily in the USA\@.
The deadlock on the second issue was resolved when those cryptographic
export restrictions were lifted shortly thereafter, and FSF again raised
the matter with Vigorien. At that point, they dropped the first claim and
agreed to release the remaining source module to their customers. They
did so, and the violation was resolved.
\section{Lessons Learned}
\begin{enumerate}
\item {\bf Removing the GPL'd portion of the product is always an
option.} Many violators' first response is to simply refuse to
release the source code as GPL requires. FSF offers the option to
simply remove the GPL'd portions from the product and continue along
without them. Every case where this has been suggested has led to
the same conclusion. Like Vigorien, the violator argues that the
product cannot function without the GPL'd components, and they
cannot effectively replace them.
Such an outcome is simply further evidence that the combined work in
question is indeed a derivative work of the original GPL'd component.
If the other components cannot stand on their own and be useful without
the GPL'd portions, then one cannot effectively argue that the work as a
whole is not a derivative of the GPL'd portions.
\item {\bf The whole product is not always covered.} In this case,
Vigorien had additional works aggregated. The backup system was a suite
of utilities, some of which were GPL and some of which were not. While
the cryptographic routines were tightly coupled with GNU tar and clearly
derivative works, the various GUI utilities were separate and
independent works merely aggregated with the distribution of the
GNU-tar-based product.
\item {\bf ``Security'' concerns do not exonerate a distributor from GPL
obligations, and ``security through obscurity'' does not work anyway.}
The argument that ``this is security software, so it cannot be released
in source form'' is not a valid defense for explaining why the terms of
the GPL are ignored. If companies do not want to release source code
for some reason, then they should not base the work on GPL'd software.
No external argument for noncompliance can hold weight if the work as
whole is indeed a derivative work of a GPL'd program.
The ``security concerns'' argument is often floated as a reason to keep
software proprietary, but the computer security community has on
numerous occasions confirmed that such arguments are entirely specious.
Security experts have found --- since the beginnings of the field of
cryptography in the ancient world --- that sharing results about systems
and having such systems withstand peer review and scrutiny builds the
most secure systems. While full disclosure may help some who wish to
compromise security, it helps those who want to fix problems even more
by identifying them early.
\item {\bf External regulatory problems can be difficult to resolve.}
GPL, though grounded in copyright law, does not have the power to trump
regulations like export controls. While Vigorien's ``security
concerns'' were specious, their export control concerns were not. It is
indeed a difficult problem that FSF acknowledges. We want compliance
with GPL and respect for users' freedoms, but we certainly do not expect
companies to commit criminal offenses for the sake of compliance. We
will see more about this issue in our next case study.
\end{enumerate}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\chapter{Haxil, Polgara, and Thesulac: Mergers, Upstream Providers and Radio Devices}
This case study considers an ongoing (at the time of writing) violation
that has occurred. By the end of the investigation period, three
companies were involved and many complex issues arose.
\section{The Facts}
Haxil produced a consumer electronics device which included a mini
GNU/Linux distribution to control the device. The device was of interest
to many technically-minded consumers, who purchased the device and very
quickly discovered that Free Software was included without source.
Mailing lists throughout the Free Software community erupted with
complaints about the problem, and FSF quickly investigated.
FSF confirmed that FSF-copyrighted GPL'd software was included. In
addition, the whole distribution included GPL'd works from hundreds of
individual copyright holders, many of whom were, at this point, up in
arms about the violation.
Meanwhile, Haxil was in the midst of being acquired by Polgara. Polgara
was as surprised as everyone else to discover the product was based on
GPL'd software; this fact had not been part of the disclosures made during
acquisition. FSF contacted Haxil, Polgara, and the product managers
who had transitioned into the ``Haxil division'' of the newly-merged
Polgara company. Polgara's General Counsel's office worked with FSF on
the matter.
FSF formed a coalition with the other primary copyright holders
to pursue the enforcement effort on their behalf. FSF communicated
directly with Polgara's representatives to begin working through the
issues on behalf of itself and the Free Software community at large.
Polgara pointed out that the software distribution they used was mostly
contributed by an upstream provider, Thesulac, and Haxil's changes to that
code base were minimal. Polgara negotiated with Thesulac to obtain the
source, although the issue moved very slowly in the channels between
Polgara and Thesulac.
FSF encouraged a round-table meeting so that high bandwidth communication
could occur between FSF, Polgara and Thesulac. Polgara and Thesulac
agreed, and that discussion began. Thesulac provided nearly complete
sources to Polgara, and Polgara made a full software release on their
Web site. At the time of writing, that software still has some build
problems (similar to those that occurred with Davrik, as described in
Section~\ref{davrik-build-problems}). FSF continues to negotiate with
Polgara and Thesulac to resolve these problems, which have a clear path to
a solution and are expected to resolve.
Similar to the Vigorien case, Thesulac has regulatory concerns. In this
case, it is not export controls --- an issue that has since been resolved
--- but radio spectrum regulation. Since this consumer electronic device
contains a software-programmable radio transmitter, regulations in (at
least) the USA and Japan prohibit release of those portions of the code
that operate the device. Since this is a low-level programming issue, the
changes to operate the device are a derivative work of the kernel named
Linux. This situation remains unresolved at the time of writing, although
FSF continues to negotiation with Thesulac and the Linux community
regarding the problem.
\section{Lessons Learned}
\begin{enumerate}
\item {\bf Community outrage, while justified, can often make negotiation
more difficult.} FSF has a strong policy never to publicize names of
GPL violators if they are negotiating in a friendly way and operating in
good faith toward compliance. Most violations are honest mistakes, and
FSF sees no reason to publicly admonish violators who genuinely want to
come into compliance with GPL and to work hard staying in compliance.
This case was so public in the Free Software community that both Haxil's
and Polgara's representatives were nearly shell-shocked by the time FSF
began negotiations. There was much work required to diffuse the
situation. We empathize with our community and their outrage about GPL
violations, but we also want to follow a path that leads expediently
to compliance. In our experience, public outcry works best as a last
resort, not the first.
\item {\bf For software companies, GPL compliance belongs on a corporate
acquisition checklist. } Polgara was truly amazed that Haxil had used
GPL'd software in a major new product line but never informed Polgara
during the acquisition process. While GPL compliance is not a
particularly difficult matter, it is an additional obligation that comes
along with the product line. When planning mergers and joint ventures,
one should include lists of GPL'd components contained in the products
discussed.
\item {\bf Compliance problems of upstream providers do not excuse a
violation for the downstream distributor.} To paraphrase \S 6, upstream
providers are not responsible for enforcing compliance of their
downstream, nor are downstream distributors responsible for compliance
problems of upstream providers. However, engaging in distribution of
GPL'd works out of compliance is still just that: a compliance problem.
When FSF carries out enforcement, we are patient and sympathetic when
the problem appears to be upstream. In fact, we urge the violator to
point us to the upstream provider so we may talk to them directly. In
this case, we were happy to begin negotiations with Thesulac. However,
Polgara still has an obligation to bring their product into compliance,
regardless of Thesulac's response.
\item {\bf It behooves upstream providers to advise downstream
distributors about compliance matters.} FSF has encouraged Thesulac to
distribute a ``good practices for GPL compliance'' document with their
product. Polgara added various software components to Thesulac's
product, and it is conceivable that such additions can introduce
compliance. In FSF's opinion, Thesulac is in no way legally responsible
for such a violation introduced by their customer, but it behooves them
from a marketing standpoint to educate their customers about using the
product. We can argue whether or not it is your coffee vendor's fault
if you burn yourself with their product, but (likely) no one on either
side would dispute the prudence of placing a ``caution: hot'' label on
the cup.
\item {\bf FSF enforcement often avoids redundant enforcement cases from
many parties.} Most Free Software systems have hundreds of copyright
holders. Some have thousands. FSF is in a unique position as one of
the largest single copyright holders on GPL'd software and as a
respected umpire in the community, neutrally enforcing the rules of the
GPL road. FSF works hard in the community to convince copyright
holders that consolidating GPL claims through FSF is better for them,
and more likely to yield positive compliance results.
A few copyright holders engage in the ``proprietary relicensing''
business, so they use GPL enforcement as a sales channel for that
business. FSF, as a community-oriented, not-for-profit organization,
seeks only to preserve the freedom of Free Software in its enforcement
efforts. As it turns out, most of the community of copyright holders
of Free Software want the same thing. Share and share alike is a
simple rule to follow, and following that rule to FSF's satisfaction
usually means you are following it to the satisfaction of the entire
Free Software community.
\end{enumerate}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\chapter{Good Practices for Compliance}
Generally, from the experience of GPL enforcement, we glean the following
general practices that can help in GPL compliance for organizations that
distribute products based on GPL'd software:
\begin{itemize}
\item Talk to your software engineers and ask them where they got the
components they use in the products they build. Find out if GPL'd
components are present.
\item Teach your engineering staff to pay attention to license documents.
Give them easy-to-follow policies to get approval for using a Free
Software component.
\item Build a ``Free Software Licensing'' committee that handles requests
and questions about GPL and other Free Software licenses.
\item Add ``What parts of your products are under GPL or other Free
Software licenses?'' to your checklist of questions to ask when you
consider mergers, acquisitions, or joint ventures.
\item Encourage your engineers to participate collaboratively with GPL'd
software development. The more knowledge about the Free Software world
your organization has, the better equipped it is to deal with this
rapidly changing field.
\item When someone points out a potential GPL violation in one of your
products, do not assume the product line is doomed. GPL is not a virus;
merely having GPL'd code in one part of a product does not necessarily
mean that every related product must also be GPL'd. And, even if some
software needs to be released that was not before, the product will
surely survive. In FSF's enforcement efforts, we have not yet
seen a product line die because source was released to customers in
compliance with GPL.
\end{itemize}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\backmatter
\appendix
\chapter{The GNU General Public License}
\begin{center}
{\parindent 0in
Version 2, June 1991
Copyright \copyright\ 1989, 1991 Free Software Foundation, Inc.
\bigskip
59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
\bigskip
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
}
\end{center}
\begin{center}
{\bf\large Preamble}
\end{center}
The licenses for most software are designed to take away your freedom
to share and change it. By contrast, the GNU General Public License is
intended to guarantee your freedom to share and change Free
Software---to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of Free Software, we are referring to freedom, not price.
Our General Public Licenses are designed to make sure that you have the
freedom to distribute copies of Free Software (and charge for this service
if you wish), that you receive source code or can get it if you want it,
that you can change the software or use pieces of it in new Free programs;
and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid anyone to
deny you these rights or to ask you to surrender the rights. These
restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether gratis or
for a fee, you must give the recipients all the rights that you have. You
must make sure that they, too, receive or can get the source code. And
you must show them these terms so they know their rights.
We protect your rights with two steps: (1) copyright the software, and (2)
offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain that
everyone understands that there is no warranty for this Free Software. If
the software is modified by someone else and passed on, we want its
recipients to know that what they have is not the original, so that any
problems introduced by others will not reflect on the original authors'
reputations.
Finally, any Free program is threatened constantly by software patents.
We wish to avoid the danger that redistributors of a Free program will
individually obtain patent licenses, in effect making the program
proprietary. To prevent this, we have made it clear that any patent must
be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
\begin{center}
{\Large \sc Terms and Conditions For Copying, Distribution and
Modification}
\end{center}
\begin{enumerate}
\addtocounter{enumi}{-1}
\item
This License applies to any program or other work which contains a notice
placed by the copyright holder saying it may be distributed under the
terms of this General Public License. The ``Program,'' below, refers to
any such program or work, and a ``work based on the Program'' means either
the Program or any derivative work under copyright law: that is to say, a
work containing the Program or a portion of it, either verbatim or with
modifications and/or translated into another language. (Hereinafter,
translation is included without limitation in the term ``modification.'')
Each licensee is addressed as ``you.''
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
\item You may copy and distribute verbatim copies of the Program's source
code as you receive it, in any medium, provided that you conspicuously
and appropriately publish on each copy an appropriate copyright notice
and disclaimer of warranty; keep intact all the notices that refer to
this License and to the absence of any warranty; and give any other
recipients of the Program a copy of this License along with the Program.
You may charge a fee for the physical act of transferring a copy, and you
may at your option offer warranty protection in exchange for a fee.
\item
You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
\begin{enumerate}
\item
You must cause the modified files to carry prominent notices stating that
you changed the files and the date of any change.
\item
You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
\item
If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
\end{enumerate}
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
\item
You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
\begin{enumerate}
\item
Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
\item
Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
\item
Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
\end{enumerate}
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
\item
You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
\item
You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
\item
Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
\item
If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the Free Software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
\item
If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
\item
The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and ``any
later version,'' you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
\item
If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our Free Software and
of promoting the sharing and reuse of software generally.
\begin{center}
{\Large\sc
No Warranty
}
\end{center}
\item
{\sc Because the program is licensed free of charge, there is no warranty
for the program, to the extent permitted by applicable law. Except when
otherwise stated in writing the copyright holders and/or other parties
provide the program ``as is'' without warranty of any kind, either expressed
or implied, including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose. The entire risk as
to the quality and performance of the program is with you. Should the
program prove defective, you assume the cost of all necessary servicing,
repair or correction.}
\item
{\sc In no event unless required by applicable law or agreed to in writing
will any copyright holder, or any other party who may modify and/or
redistribute the program as permitted above, be liable to you for damages,
including any general, special, incidental or consequential damages arising
out of the use or inability to use the program (including but not limited
to loss of data or data being rendered inaccurate or losses sustained by
you or third parties or a failure of the program to operate with any other
programs), even if such holder or other party has been advised of the
possibility of such damages.}
\end{enumerate}
\begin{center}
{\Large\sc End of Terms and Conditions}
\end{center}
\vfill
\pagebreak[4]
\section*{Appendix: How to Apply These Terms to Your New Programs}
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
Free Software which everyone can redistribute and change under these
terms.
To do so, attach the following notices to the program. It is safest to
attach them to the start of each source file to most effectively convey
the exclusion of warranty; and each file should have at least the
``copyright'' line and a pointer to where the full notice is found.
\begin{quote}
one line to give the program's name and a brief idea of what it does. \\
Copyright (C) yyyy name of author \\
This program is Free Software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
\end{quote}
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
\begin{quote}
Gnomovision version 69, Copyright (C) yyyy name of author \\
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. \\
This is Free Software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
\end{quote}
The hypothetical commands {\tt show w} and {\tt show c} should show the
appropriate parts of the General Public License. Of course, the commands
you use may be called something other than {\tt show w} and {\tt show c};
they could even be mouse-clicks or menu items---whatever suits your
program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a ``copyright disclaimer'' for the program, if
necessary. Here is a sample; alter the names:
\begin{quote}
Yoyodyne, Inc., hereby disclaims all copyright interest in the program \\
`Gnomovision' (which makes passes at compilers) written by James Hacker. \\
signature of Ty Coon, 1 April 1989 \\
Ty Coon, President of Vice
\end{quote}
This General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications
with the library. If this is what you want to do, use the GNU Library
General Public License instead of this License.
\chapter{The GNU Lesser General Public License}
\begin{center}
{\parindent 0in
Version 2.1, February 1999
Copyright \copyright\ 1991, 1999 Free Software Foundation, Inc.
\bigskip
59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
\bigskip
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
\bigskip
[This is the first released version of the Lesser GPL. It also counts
as the successor of the GNU Library Public License version 2, hence
the version number 2.1.]
}
\end{center}
\begin{center}
{\bf\large Preamble}
\end{center}
The licenses for most software are designed to take away your freedom to
share and change it. By contrast, the GNU General Public Licenses are
intended to guarantee your freedom to share and change Free Software---to
make sure the software is free for all its users.
This license, the Lesser General Public License, applies to some specially
designated software packages---typically libraries---of the Free Software
Foundation and other authors who decide to use it. You can use it too,
but we suggest you first think carefully about whether this license or the
ordinary General Public License is the better strategy to use in any
particular case, based on the explanations below.
When we speak of Free Software, we are referring to freedom of use, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of Free Software (and charge for
this service if you wish); that you receive source code or can get it if
you want it; that you can change the software and use pieces of it in new
Free programs; and that you are informed that you can do these things.
To protect your rights, we need to make restrictions that forbid
distributors to deny you these rights or to ask you to surrender these
rights. These restrictions translate to certain responsibilities for you
if you distribute copies of the library or if you modify it.
For example, if you distribute copies of the library, whether gratis or
for a fee, you must give the recipients all the rights that we gave you.
You must make sure that they, too, receive or can get the source code. If
you link other code with the library, you must provide complete object
files to the recipients, so that they can relink them with the library
after making changes to the library and recompiling it. And you must show
them these terms so they know their rights.
We protect your rights with a two-step method: (1) we copyright the
library, and (2) we offer you this license, which gives you legal
permission to copy, distribute and/or modify the library.
To protect each distributor, we want to make it very clear that there is
no warranty for the Free library. Also, if the library is modified by
someone else and passed on, the recipients should know that what they have
is not the original version, so that the original author's reputation will
not be affected by problems that might be introduced by others.
Finally, software patents pose a constant threat to the existence of any
Free program. We wish to make sure that a company cannot effectively
restrict the users of a Free program by obtaining a restrictive license
from a patent holder. Therefore, we insist that any patent license
obtained for a version of the library must be consistent with the full
freedom of use specified in this license.
Most GNU software, including some libraries, is covered by the ordinary
GNU General Public License. This license, the GNU Lesser General Public
License, applies to certain designated libraries, and is quite different
from the ordinary General Public License. We use this license for certain
libraries in order to permit linking those libraries into non-Free
programs.
When a program is linked with a library, whether statically or using a
shared library, the combination of the two is legally speaking a combined
work, a derivative of the original library. The ordinary General Public
License therefore permits such linking only if the entire combination fits
its criteria of freedom. The Lesser General Public License permits more
lax criteria for linking other code with the library.
We call this license the ``Lesser'' General Public License because it does
Less to protect the user's freedom than the ordinary General Public
License. It also provides other Free Software developers Less of an
advantage over competing non-Free programs. These disadvantages are the
reason we use the ordinary General Public License for many libraries.
However, the Lesser license provides advantages in certain special
circumstances.
For example, on rare occasions, there may be a special need to encourage
the widest possible use of a certain library, so that it becomes a
de-facto standard. To achieve this, non-Free programs must be allowed to
use the library. A more frequent case is that a Free library does the
same job as widely used non-Free libraries. In this case, there is little
to gain by limiting the Free library to Free Software only, so we use the
Lesser General Public License.
In other cases, permission to use a particular library in non-Free
programs enables a greater number of people to use a large body of Free
software. For example, permission to use the GNU C Library in non-Free
programs enables many more people to use the whole GNU operating system,
as well as its variant, the GNU/Linux operating system.
Although the Lesser General Public License is Less protective of the
users' freedom, it does ensure that the user of a program that is linked
with the library has the freedom and the wherewithal to run that program
using a modified version of the library.
The precise terms and conditions for copying, distribution and
modification follow. Pay close attention to the difference between a
``work based on the library'' and a ``work that uses the library.'' The
former contains code derived from the library, whereas the latter must be
combined with the library in order to run.
\begin{center}
{\Large \sc GNU Lesser General Public License} \\
{\Large \sc Terms and Conditions For Copying, Distribution and
Modification}
\end{center}
\begin{enumerate}
\addtocounter{enumi}{-1}
\item
This License Agreement applies to any software library or other program
which contains a notice placed by the copyright holder or other authorized
party saying it may be distributed under the terms of this Lesser General
Public License (also called ``this License''). Each licensee is addressed
as ``you.''
A ``library'' means a collection of software functions and/or data
prepared so as to be conveniently linked with application programs (which
use some of those functions and data) to form executables.
The ``library,'' below, refers to any such software library or work which
has been distributed under these terms. A ``work based on the library''
means either the library or any derivative work under copyright law: that
is to say, a work containing the library or a portion of it, either
verbatim or with modifications and/or translated straightforwardly into
another language. (Hereinafter, translation is included without
limitation in the term ``modification.'')
``Source code'' for a work means the preferred form of the work for making
modifications to it. For a library, complete source code means all the
source code for all modules it contains, plus any associated interface
definition files, plus the scripts used to control compilation and
installation of the library.
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of running a
program using the library is not restricted, and output from such a
program is covered only if its contents constitute a work based on the
library (independent of the use of the library in a tool for writing it).
Whether that is true depends on what the library does and what the program
that uses the library does.
\item
You may copy and distribute verbatim copies of the library's complete
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the notices
that refer to this License and to the absence of any warranty; and
distribute a copy of this License along with the library.
You may charge a fee for the physical act of transferring a copy,
and you may at your option offer warranty protection in exchange for a
fee.
\item
You may modify your copy or copies of the library or any portion of it,
thus forming a work based on the library, and copy and distribute such
modifications or work under the terms of Section 1 above, provided that
you also meet all of these conditions:
\begin{enumerate}
\item
The modified work must itself be a software library.
\item
You must cause the files modified to carry prominent notices stating
that you changed the files and the date of any change.
\item
You must cause the whole of the work to be licensed at no charge to
all third parties under the terms of this License.
\item
If a facility in the modified library refers to a function or a table
of data to be supplied by an application program that uses the
facility, other than as an argument passed when the facility is
invoked, then you must make a good faith effort to ensure that, in the
event an application does not supply such function or table, the
facility still operates, and performs whatever part of its purpose
remains meaningful.
(For example, a function in a library to compute square roots has a
purpose that is entirely well-defined independent of the application.
Therefore, Subsection 2d requires that any application-supplied function
or table used by this function must be optional: if the application does
not supply it, the square root function must still compute square roots.)
\end{enumerate}
These requirements apply to the modified work as a whole. If identifiable
sections of that work are not derived from the library, and can be
reasonably considered independent and separate works in themselves, then
this License, and its terms, do not apply to those sections when you
distribute them as separate works. But when you distribute the same
sections as part of a whole which is a work based on the library, the
distribution of the whole must be on the terms of this License, whose
permissions for other licensees extend to the entire whole, and thus to
each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest your
rights to work written entirely by you; rather, the intent is to exercise
the right to control the distribution of derivative or collective works
based on the library.
In addition, mere aggregation of another work not based on the library
with the library (or with a work based on the library) on a volume of a
storage or distribution medium does not bring the other work under the
scope of this License.
\item
You may opt to apply the terms of the ordinary GNU General Public License
instead of this License to a given copy of the library. To do this, you
must alter all the notices that refer to this License, so that they refer
to the ordinary GNU General Public License version 2, instead of to this
License. (If a newer version than version 2 of the ordinary GNU General
Public License has appeared, then you can specify that version instead if
you wish.) Do not make any other change in these notices.
Once this change is made in a given copy, it is irreversible for that
copy, so the ordinary GNU General Public License applies to all subsequent
copies and derivative works made from that copy.
This option is useful when you wish to copy part of the code of the
library into a program that is not a library.
\item
You may copy and distribute the library (or a portion or derivative of it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you accompany it with the complete
corresponding machine-readable source code, which must be distributed
under the terms of Sections 1 and 2 above on a medium customarily used for
software interchange.
If distribution of object code is made by offering access to copy from a
designated place, then offering equivalent access to copy the source code
from the same place satisfies the requirement to distribute the source
code, even though third parties are not compelled to copy the source along
with the object code.
\item
A program that contains no derivative of any portion of the library, but
is designed to work with the library by being compiled or linked with it,
is called a ``work that uses the library.'' Such a work, in isolation, is
not a derivative work of the library, and therefore falls outside the
scope of this License.
However, linking a ``work that uses the library'' with the library creates
an executable that is a derivative of the library (because it contains
portions of the library), rather than a ``work that uses the library.''
The executable is therefore covered by this License. Section 6 states
terms for distribution of such executables.
When a ``work that uses the library'' uses material from a header file
that is part of the library, the object code for the work may be a
derivative work of the library even though the source code is not.
Whether this is true is especially significant if the work can be linked
without the library, or if the work is itself a library. The threshold
for this to be true is not precisely defined by law.
If such an object file uses only numerical parameters, data structure
layouts and accessors, and small macros and small inline functions (ten
lines or less in length), then the use of the object file is unrestricted,
regardless of whether it is legally a derivative work. (Executables
containing this object code plus portions of the library will still fall
under Section 6.)
Otherwise, if the work is a derivative of the library, you may distribute
the object code for the work under the terms of Section 6. Any
executables containing that work also fall under Section 6, whether or not
they are linked directly with the library itself.
\item
As an exception to the Sections above, you may also combine or link a
``work that uses the library'' with the library to produce a work
containing portions of the library, and distribute that work under terms
of your choice, provided that the terms permit modification of the work
for the customer's own use and reverse engineering for debugging such
modifications.
You must give prominent notice with each copy of the work that the library
is used in it and that the library and its use are covered by this
License. You must supply a copy of this License. If the work during
execution displays copyright notices, you must include the copyright
notice for the library among them, as well as a reference directing the
user to the copy of this License. Also, you must do one of these things:
\begin{enumerate}
\item
Accompany the work with the complete corresponding machine-readable
source code for the library including whatever changes were used in
the work (which must be distributed under Sections 1 and 2 above);
and, if the work is an executable linked with the library, with the
complete machine-readable ``work that uses the library,'' as object
code and/or source code, so that the user can modify the library and
then relink to produce a modified executable containing the modified
library. (It is understood that the user who changes the contents of
definitions files in the library will not necessarily be able to
recompile the application to use the modified definitions.)
\item
Use a suitable shared library mechanism for linking with the library.
A suitable mechanism is one that (1) uses at run time a copy of the
library already present on the user's computer system, rather than
copying library functions into the executable, and (2) will operate
properly with a modified version of the library, if the user installs
one, as long as the modified version is interface-compatible with the
version that the work was made with.
\item
Accompany the work with a written offer, valid for at least three
years, to give the same user the materials specified in Subsection 6a,
above, for a charge no more than the cost of performing this
distribution.
\item
If distribution of the work is made by offering access to copy from a
designated place, offer equivalent access to copy the above specified
materials from the same place.
\item
Verify that the user has already received a copy of these materials or
that you have already sent this user a copy.
\end{enumerate}
For an executable, the required form of the ``work that uses the library''
must include any data and utility programs needed for reproducing the
executable from it. However, as a special exception, the materials to be
distributed need not include anything that is normally distributed (in
either source or binary form) with the major components (compiler, kernel,
and so on) of the operating system on which the executable runs, unless
that component itself accompanies the executable.
It may happen that this requirement contradicts the license restrictions
of other proprietary libraries that do not normally accompany the
operating system. Such a contradiction means you cannot use both them and
the library together in an executable that you distribute.
\item
You may place library facilities that are a work based on the library
side-by-side in a single library together with other library facilities
not covered by this License, and distribute such a combined library,
provided that the separate distribution of the work based on the library
and of the other library facilities is otherwise permitted, and provided
that you do these two things:
\begin{enumerate}
\item
Accompany the combined library with a copy of the same work based on
the library, uncombined with any other library facilities. This must
be distributed under the terms of the Sections above.
\item
Give prominent notice with the combined library of the fact that part
of it is a work based on the library, and explaining where to find
the accompanying uncombined form of the same work.
\end{enumerate}
\item
You may not copy, modify, sublicense, link with, or distribute the
library except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense, link with, or distribute the
library is void, and will automatically terminate your rights under this
License. However, parties who have received copies, or rights, from you
under this License will not have their licenses terminated so long as
such parties remain in full compliance.
\item
You are not required to accept this License, since you have not signed
it. However, nothing else grants you permission to modify or distribute
the library or its derivative works. These actions are prohibited by
law if you do not accept this License. Therefore, by modifying or
distributing the library (or any work based on the library), you
indicate your acceptance of this License to do so, and all its terms and
conditions for copying, distributing or modifying the library or works
based on it.
\item
Each time you redistribute the library (or any work based on the
library), the recipient automatically receives a license from the
original licensor to copy, distribute, link with or modify the library
subject to these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties with
this License.
\item
If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the library at all. For example, if a patent license
would not permit royalty-free redistribution of the library by all those
who receive copies directly or indirectly through you, then the only way
you could satisfy both it and this License would be to refrain entirely
from distribution of the library.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply, and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the Free Software distribution system which is implemented
by public license practices. Many people have made generous
contributions to the wide range of software distributed through that
system in reliance on consistent application of that system; it is up to
the author/donor to decide if he or she is willing to distribute
software through any other system and a licensee cannot impose that
choice.
This section is intended to make thoroughly clear what is believed to be
a consequence of the rest of this License.
% \pagebreak[4]
\item
If the distribution and/or use of the library is restricted in certain
countries either by patents or by copyrighted interfaces, the original
copyright holder who places the library under this License may add an
explicit geographical distribution limitation excluding those countries,
so that distribution is permitted only in or among countries not thus
excluded. In such case, this License incorporates the limitation as if
written in the body of this License.
\item
The Free Software Foundation may publish revised and/or new versions of
the Lesser General Public License from time to time. Such new versions
will be similar in spirit to the present version, but may differ in
detail to address new problems or concerns.
Each version is given a distinguishing version number. If the library
specifies a version number of this License which applies to it and ``any
later version,'' you have the option of following the terms and
conditions either of that version or of any later version published by
the Free Software Foundation. If the library does not specify a license
version number, you may choose any version ever published by the Free
Software Foundation.
\item
If you wish to incorporate parts of the library into other Free programs
whose distribution conditions are incompatible with these, write to the
author to ask for permission. For software which is copyrighted by the
Free Software Foundation, write to the Free Software Foundation; we
sometimes make exceptions for this. Our decision will be guided by the
two goals of preserving the Free status of all derivatives of our Free
software and of promoting the sharing and reuse of software generally.
\begin{center}
{\Large\sc
No Warranty
}
\end{center}
\item
{\sc Because the library is licensed free of charge, there is no
warranty for the library, to the extent permitted by applicable law.
Except when otherwise stated in writing the copyright holders and/or
other parties provide the library ``as is'' without warranty of any
kind, either expressed or implied, including, but not limited to, the
implied warranties of merchantability and fitness for a particular
purpose. The entire risk as to the quality and performance of the
library is with you. should the library prove defective, you assume
the cost of all necessary servicing, repair or correction.}
% \pagebreak[4]
\item
{\sc In no event unless required by applicable law or agreed to in writing
will any copyright holder, or any other party who may modify and/or
redistribute the library as permitted above, be liable to you for
damages, including any general, special, incidental or consequential
damages arising out of the use or inability to use the library
(including but not limited to loss of data or data being rendered
inaccurate or losses sustained by you or third parties or a failure of
the library to operate with any other software), even if such holder or
other party has been advised of the possibility of such damages.}
\end{enumerate}
\begin{center}
{\Large\sc End of Terms and Conditions}
\end{center}
\vfill
\pagebreak[4]
\section*{How to Apply These Terms to Your New Libraries}
If you develop a new library, and you want it to be of the greatest
possible use to the public, we recommend making it Free Software that
everyone can redistribute and change. You can do so by permitting
redistribution under these terms (or, alternatively, under the terms of
the ordinary General Public License).
To apply these terms, attach the following notices to the library. It is
safest to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least the
``copyright'' line and a pointer to where the full notice is found.
\begin{quote}
one line to give the library's name and a brief idea of what it does. \\
Copyright (C) year name of author \\
This library is Free Software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or (at
your option) any later version.
This library is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this library; if not, write to the Free Software Foundation,
Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
\end{quote}
Also add information on how to contact you by electronic and paper mail.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a ``copyright disclaimer'' for the library, if
necessary. Here is a sample; alter the names:
\begin{quote}
Yoyodyne, Inc., hereby disclaims all copyright interest in the program \\
`Gnomovision' (which makes passes at compilers) written by James Hacker. \\
signature of Ty Coon, 1 April 1990 \\
Ty Coon, President of Vice
\end{quote}
That's all there is to it!
\end{document}
% LocalWords: proprietarize redistributors sublicense yyyy Gnomovision EULAs
% LocalWords: Yoyodyne FrontPage improvers Berne copyrightable Stallman's GPLs
% LocalWords: Lessig Lessig's UCITA pre PDAs CDs reshifts GPL's Gentoo glibc
% LocalWords: TrollTech administrivia LGPL's MontaVista OpenTV Mitek Arce DVD
% LocalWords: unprotectable protectable Unfreedonia chipset CodeSourcery Iqtel
% LocalWords: impermissibly Bateman faire minimis Borland uncopyrightable Mgmt
% LocalWords: franca downloadable Davrik Davrik's Darvik
% LocalWords: Slashdot sublicensed Vigorien Vigorien's Haxil Polgara
% LocalWords: Thesulac Polgara's Haxil's Thesulac's SDK CD's