Typo fixes and wordsmith.
This commit is contained in:
parent
61b1aba3c5
commit
21dcc7b2d8
1 changed files with 192 additions and 163 deletions
|
@ -41,7 +41,7 @@ Sponsored by the Free Software Foundation \\
|
|||
|
||||
Columbia Law School, New York, NY, USA \\
|
||||
\vspace{.1in}
|
||||
Wednesday 21 January 2003
|
||||
Wednesday 21 January 2004
|
||||
}
|
||||
|
||||
\vspace{.7in}
|
||||
|
@ -85,7 +85,6 @@ any medium, provided this notice is preserved.
|
|||
|
||||
\begin{abstract}
|
||||
|
||||
|
||||
This one-day course presents the details of five different GPL compliance
|
||||
cases handled by FSF's GPL Compliance Laboratory. Each case offers unique
|
||||
insights into problems that can arise when the terms of GPL are not
|
||||
|
@ -101,6 +100,15 @@ that deal with Free Software on a regular basis. However, technical
|
|||
managers and executives whose businesses use or distribute Free Software
|
||||
will also find the course very helpful.
|
||||
|
||||
\bigskip
|
||||
|
||||
These course materials are merely a summary of the highlights of the
|
||||
course presented. Readers of this material should assume that they have
|
||||
missed the bulk of the material, as the detailed discussion of these case
|
||||
studies is the most illuminating part about them. Merely reading this
|
||||
material is akin to matriculating into a college course and read only the
|
||||
textbook instead of going to class.
|
||||
|
||||
\end{abstract}
|
||||
|
||||
\tableofcontents
|
||||
|
@ -124,58 +132,61 @@ propagate throughout the distribution chain of the software.
|
|||
As we have learned, the assurance that Free Software under GPL remains
|
||||
Free Software is accomplished through various terms of GPL: \S 3 ensures
|
||||
that binaries are always accompanied with source; \S 2 ensures that the
|
||||
sources are adequate, complete and usable; \S 6 and \S 7 ensures that the
|
||||
sources are adequate, complete and usable; \S 6 and \S 7 ensure that the
|
||||
license of the software is always GPL for everyone, and that no other
|
||||
legal agreements or licenses trump GPL; \S 4 ensures that the GPL can be
|
||||
enforced.
|
||||
legal agreements or licenses trump GPL. It is \S 4, however, that ensures
|
||||
that the GPL can be enforced.
|
||||
|
||||
In fact, \S 4 is where we begin our discussion of GPL enforcement. This
|
||||
Thus, \S 4 is where we begin our discussion of GPL enforcement. This
|
||||
clause is where the legal teeth of the license are rooted. As a copyright
|
||||
license, GPL governs only the activities governed by copyright law ---
|
||||
copying, modifying and redistributing computer software. Unlike most
|
||||
copyright licenses, GPL gives wide grants of permission for engaging with
|
||||
these activities. Such permissions continue and all parties may exercise
|
||||
until such time as one party violates the terms of GPL\@. At the moment
|
||||
of such a violation --- the engaging of copying, modifying or
|
||||
redistributing in ways not permitted by GPL --- \S 4 is invoked.
|
||||
them until such time as one party violates the terms of GPL\@. At the
|
||||
moment of such a violation (i.e., the engaging of copying, modifying or
|
||||
redistributing in ways not permitted by GPL) \S 4 is invoked. While other
|
||||
parties may continue to operate under GPL, the violating party loses their
|
||||
rights.
|
||||
|
||||
Specifically, \S 4 terminates the violators rights to continue engaging
|
||||
Specifically, \S 4 terminates the violators' rights to continue engaging
|
||||
in the permissions that otherwise granted by GPL\@. Effectively, their
|
||||
permission go back to the copyright defaults --- no permission to copy,
|
||||
modify, or redistribute the work. Meanwhile, \S 5 points out that if
|
||||
if the violator has no rights under GPL --- as they will not once they
|
||||
have violated it --- then they otherwise have no right and are prohibited
|
||||
by copyright law from engaging in the activities of copying, modifying
|
||||
and distributing.
|
||||
permissions go back to the copyright defaults --- no permission is granted
|
||||
to copy, modify, nor redistribute the work. Meanwhile, \S 5 points out
|
||||
that if if the violator has no rights under GPL --- as they will not once
|
||||
they have violated it --- then they otherwise have no rights and are
|
||||
prohibited by copyright law from engaging in the activities of copying,
|
||||
modifying and distributing.
|
||||
|
||||
\section{Ongoing Violations}
|
||||
|
||||
In conjunction with \S 4's termination of violators' rights, there is one
|
||||
final industry fact is added to the mix: rarely, does on engage in a
|
||||
single, solitary act of copying, distributing or modifying software.
|
||||
Almost always, a violator will have legitimately acquired a copy a GPL'd
|
||||
program --- either made modifications or not --- and then begun a ongoing
|
||||
activity of distributing that work. For example, the violator may have
|
||||
put the software in boxes and sold them at stores. Or perhaps the
|
||||
software was put up for download on the Internet. Regardless of the
|
||||
delivery mechanism, violators almost always are engaged in {\em ongoing\/}
|
||||
final industry fact added to the mix: rarely, does one engage in a single,
|
||||
solitary act of copying, distributing or modifying software. Almost
|
||||
always, a violator will have legitimately acquired a copy a GPL'd program,
|
||||
either making modifications or not, and then began a ongoing activity of
|
||||
distributing that work. For example, the violator may have put the
|
||||
software in boxes and sold them at stores. Or perhaps the software was
|
||||
put up for download on the Internet. Regardless of the delivery
|
||||
mechanism, violators almost always are engaged in {\em ongoing\/}
|
||||
violation of GPL\@.
|
||||
|
||||
In fact, when we discover a GPL violation that occurred only once --- for
|
||||
example, a user group who distributed copies of a GNU/Linux system without
|
||||
source at a meeting once --- we rarely pursue it with a high degree of
|
||||
diligence. In our minds, that is an educational problem, and unless the
|
||||
user group becomes a repeat offender (as it turns out, the never do) we
|
||||
simply send an FAQ entry that best explains how user groups can most
|
||||
easily comply with GPL, and send them on there merry way.
|
||||
source at one meeting --- we rarely pursue it with a high degree of
|
||||
tenacity. In our minds, such a violation is an educational problem, and
|
||||
unless the user group becomes a repeat offender (as it turns out, the
|
||||
never do) we simply forward along an FAQ entry that best explains how user
|
||||
groups can most easily comply with GPL, and send them on there merry way.
|
||||
|
||||
It is only the cases of {\em ongoing\/} GPL violation that warrant our
|
||||
active attention. We vehemently pursue those cases where dozens, hundreds
|
||||
or thousands of customers are receiving software that is out of
|
||||
compliance, and the company continually puts for sale (or distributes
|
||||
gratis as a demo) software distributions that include GPL'd components out
|
||||
of compliance. Our goal is to maximize the impact of enforcement and
|
||||
educate industries who are making a mistake on a large scale.
|
||||
compliance, and where the company continually puts for sale (or
|
||||
distributes gratis as a demo) software distributions that include GPL'd
|
||||
components out of compliance. Our goal is to maximize the impact of
|
||||
enforcement and educate industries who are making such a mistake on a
|
||||
large scale.
|
||||
|
||||
In addition, such ongoing violation shows that a particular company is
|
||||
committed to a GPL'd product line. We are thrilled to learn that someone
|
||||
|
@ -186,40 +197,41 @@ gives us an active opportunity to educate a new contributor the GPL'd
|
|||
commons about proper procedures to contribute to the community.
|
||||
|
||||
Our central goal is not, in fact, to merely clear up particular violation.
|
||||
Over time, we hope that our compliance lab will be out of business. We
|
||||
seek to educate the businesses that engage in commerce related to GPL'd
|
||||
software to obey the rules of the road and allow them to operate freely
|
||||
under them. Just as a traffic officer would not revel in reminding people
|
||||
which side of the road to drive in, so we do not revel in violations. By
|
||||
contrast, we revel in the successes of educating an ongoing violator about
|
||||
GPL so that GPL compliance becomes a second-nature matter, and they join
|
||||
the GPL ecosystem as contributors.
|
||||
In fact, over time, we hope that our compliance lab will be out of
|
||||
business. We seek to educate the businesses that engage in commerce
|
||||
related to GPL'd software to obey the rules of the road and allow them to
|
||||
operate freely under them. Just as a traffic officer would not revel in
|
||||
reminding people which side of the road to drive on, so we do not revel in
|
||||
violations. By contrast, we revel in the successes of educating an
|
||||
ongoing violator about GPL so that GPL compliance becomes a second-nature
|
||||
matter, allowing that company to join the GPL ecosystem as a contributor.
|
||||
|
||||
\section{How are Violations Discovered?}
|
||||
|
||||
Our enforcement of GPL is not a fund-raising effort; in fact, FSF's GPL
|
||||
compliance lab runs at a loss (in other words, it is subsided by our
|
||||
Compliance Lab runs at a loss (in other words, it is subsided by our
|
||||
donors). Our violation reports come from volunteers, who have encountered
|
||||
in their business or personal life, a device or software product that
|
||||
appears to contain GPL'd software; these reports are usually sent via
|
||||
email to $<$license-violation@fsf.org$>$.
|
||||
appears to contain GPL'd software. These reports are almost always sent
|
||||
via email to $<$license-violation@fsf.org$>$.
|
||||
|
||||
Our first order of business, upon receiving such a report, is to seek
|
||||
independent confirmation. When possible, we get a copy of the software
|
||||
product. For example, if it is an offering that is downloadable from a
|
||||
website, we download it and investigate ourselves. When it is not
|
||||
possible for us to actually get a copy of the software, we ask the
|
||||
reporter to go through the same process we use in examining the software.
|
||||
reporter to go through the same process we would use in examining the
|
||||
software.
|
||||
|
||||
By rough estimation, about 95\% of violations at this stage can be
|
||||
confirmed by simple commands. Since almost all violators have merely made
|
||||
an error, and have no nefarious intentions, they have made no attempt to
|
||||
remove our copyright notices from the software. Given the third-party
|
||||
binary, {\tt tpb}, usually, a simple command (on a GNU/Linux system) such
|
||||
as the following will find an Free Software copyright notice and GPL
|
||||
reference:
|
||||
confirmed by simple commands. Almost all violators have merely made an
|
||||
error and have no nefarious intentions. They have made no attempt to
|
||||
remove our copyright notices from the software. Thus, given the
|
||||
third-party binary, {\tt tpb}, usually, a simple command (on a GNU/Linux
|
||||
system) such as the following will find a Free Software copyright notice
|
||||
and GPL reference:
|
||||
\begin{quotation}
|
||||
{\tt string tpb | grep Copyright}
|
||||
{\tt strings tpb | grep Copyright}
|
||||
\end{quotation}
|
||||
In other words, it is usually more than trivial to confirm that GPL'd
|
||||
software is included.
|
||||
|
@ -229,17 +241,17 @@ determine whose copyright has been violated. Contrary to popular belief,
|
|||
FSF does not have the power to enforce GPL in all cases. Since GPL
|
||||
operates under copyright law, the powers of enforcement --- to seek
|
||||
redress once \S 4 has been invoked --- lies with the copyright holder of
|
||||
the software. FSF is one of the largest copyright holders in the world
|
||||
of GPL'd software, but we are by no means the only one. Thus, we
|
||||
sometimes discover that while GPL'd code is present in the software,
|
||||
there is no software copyrighted by FSF.
|
||||
the software. FSF is one of the largest copyright holders in the world of
|
||||
GPL'd software, but we are by no means the only one. Thus, we sometimes
|
||||
discover that while GPL'd code is present in the software, there is no
|
||||
software copyrighted by FSF present.
|
||||
|
||||
In cases where FSF does not hold copyright interest in the software, but
|
||||
we have confirmed a violation, we contact the copyright holders of the
|
||||
software, and encourage them to enforce GPL\@. We offer our good offices
|
||||
to help negotiate compliance on their behalf, and many times we help as a
|
||||
third party to settle such GPL violations. However, what we will
|
||||
describe in this course is FSF's first-hand experience enforcing its own
|
||||
third party to settle such GPL violations. However, what we will describe
|
||||
primarily in this course is FSF's first-hand experience enforcing its own
|
||||
copyrights and GPL\@.
|
||||
|
||||
\section{First Contact}
|
||||
|
@ -249,7 +261,7 @@ cooperation and mutual help. Our community has learned that cooperation
|
|||
works best when you assume the best of others, and only change policy,
|
||||
procedures and attitudes when some specific event or occurrence indicates
|
||||
that a change is necessary. We treat the process of GPL enforcement in
|
||||
the same way; our goal is to encourage violators to join the cooperative
|
||||
the same way. Our goal is to encourage violators to join the cooperative
|
||||
community of software sharing, so we want to open our hand in friendship
|
||||
to them.
|
||||
|
||||
|
@ -263,7 +275,7 @@ compliance work.
|
|||
|
||||
|
||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||
\chapter{Case Study: Davrik's Modified GCC}
|
||||
\chapter{Davrik: Modified GCC SDK}
|
||||
|
||||
In our first case study, we will consider Davrik, a company that produces
|
||||
software and hardware toolkits to assist OEM vendors who products consumer
|
||||
|
@ -287,13 +299,13 @@ with specious GPL violation complaints. FSF shelved the matter until
|
|||
more evidence was discovered.
|
||||
|
||||
FSF was later able to confirm the violation when two additional reports
|
||||
surfaced from other violation reports, both of whom had used the product
|
||||
surfaced from other violation reporters, both of whom had used the SDK
|
||||
professional and noticed clear similarities to FSF's GNU GCC\@. FSF's
|
||||
Compliance Engineer asked the reporters to run standard tests to confirm
|
||||
the violation, and it was confirmed that the product was indeed a
|
||||
derivative work of GCC, ported to Windows and with a number of features
|
||||
added, including support for a specific consumer device chipset and
|
||||
additional features to aid in the linking process (``LP'') for the
|
||||
the violation, and it was confirmed that Davrik's SDK was indeed a
|
||||
derivative work of GCC\@. Davrik had ported to Windows and added a number
|
||||
of features, including support for a specific consumer device chipset and
|
||||
additional features to aid in the linking process (``LP'') for those
|
||||
specific devices. FSF explained the rights that the GPL afforded these
|
||||
customers and pointed out, for example, that Davrik only needed to provide
|
||||
source to those in possession of the binaries, and that the users may need
|
||||
|
@ -303,18 +315,18 @@ confirmed that such requests were not answered.
|
|||
FSF brought the matter to the attention of Davrik, who immediately
|
||||
escalated the matter to their attorneys. After a long negotiation, Davrik
|
||||
acknowledged that their SDK was indeed a derivative work of GCC\@. Davrik
|
||||
released most of the source, but some disagreement occurred over whether LP
|
||||
was a derivate work of GCC\@. After repeated FSF inquiries, Davrik
|
||||
released most of the source, but some disagreement occurred over whether
|
||||
LP was a derivate work of GCC\@. After repeated FSF inquiries, Davrik
|
||||
reaudited the source and discovered that FSF's analysis was correct and
|
||||
determined that LP include a number of source files copied from the GCC
|
||||
determined that LP included a number of source files copied from the GCC
|
||||
code-base.
|
||||
|
||||
\label{davrik-build-problems}
|
||||
Once the full software release was made available, FSF asked the
|
||||
violation reporters if it addressed the problem. Reports came back that
|
||||
in fact the source did not properly build. FSF asked Davrik to provide
|
||||
better build instructions with the software, and such build instructions
|
||||
were incorporated into the next software release.
|
||||
Once the full software release was made available, FSF asked the violation
|
||||
reporters if it addressed the problem. Reports came back that the source
|
||||
did not properly build. FSF asked Davrik to provide better build
|
||||
instructions with the software, and such build instructions were
|
||||
incorporated into the next software release.
|
||||
|
||||
At FSF's request as well, Davrik informed customers who had previously
|
||||
purchased the product that the source was now available, by announcing
|
||||
|
@ -350,11 +362,11 @@ have under the GNU General Public License, Version 2.
|
|||
|
||||
This quelled Davrik's concerns about other patent licensing they sought to
|
||||
do outside of the GPL'd software, and satisfied FSF's concerns that they
|
||||
give no permissions to exercise teachings of patents that were not already
|
||||
give proper permissions to exercise teachings of patents that were
|
||||
exercised in their GPL'd software release.
|
||||
|
||||
Finally, a GPL Compliance Officer inside Davrik was appointed who is
|
||||
responsible for all matters of GPL Compliance inside the company. Darvik
|
||||
responsible for all matters of GPL compliance inside the company. Darvik
|
||||
is responsible for informing FSF if the position is given to someone else
|
||||
inside the company, and making sure that FSF has direct contact
|
||||
information with Darvik's Compliance Officer.
|
||||
|
@ -371,22 +383,23 @@ This case introduces a number of concepts regarding GPL enforcement.
|
|||
GPL education, many users do not fully understand their rights and the
|
||||
obligations that companies have. By working through the investigation
|
||||
with reporters, the violation can be properly confirmed, and {\bf the
|
||||
user of the software can be educated about what to expect as a user}.
|
||||
When users and customers of GPL'd products know their rights, what to
|
||||
expect, and how to properly exercise their rights (particularly under \S
|
||||
3(b)), it reduces the chances for user frustration and inappropriate
|
||||
community outcry about an alleged GPL violation.
|
||||
user of the software can be educated about what to expect with GPL'd
|
||||
software}. When users and customers of GPL'd products know their
|
||||
rights, what to expect, and how to properly exercise their rights
|
||||
(particularly under \S 3(b)), it reduces the chances for user
|
||||
frustration and inappropriate community outcry about an alleged GPL
|
||||
violation.
|
||||
|
||||
\item {\bf GPL compliance requires friendly negotiation and
|
||||
cooperation.} Often, attorneys and managers are legitimately surprised
|
||||
to find out GPL'd software is included in their company's products.
|
||||
Engineers sometimes include GPL'd software without understanding the
|
||||
requirements. This does not excuse companies from their obligations
|
||||
under the license, but it does mean that care and patience are
|
||||
essential for reaching GPL compliance. We want companies to understand
|
||||
that participating and benefiting from a collaborative Free Software
|
||||
community is not a burden, so we strive to make the process of coming
|
||||
into compliance when a problem occurs as smooth as possible.
|
||||
\item {\bf GPL compliance requires friendly negotiation and cooperation.}
|
||||
Often, attorneys and managers are legitimately surprised to find out
|
||||
GPL'd software is included in their company's products. Engineers
|
||||
sometimes include GPL'd software without understanding the requirements.
|
||||
This does not excuse companies from their obligations under the license,
|
||||
but it does mean that care and patience are essential for reaching GPL
|
||||
compliance. We want companies to understand that participating and
|
||||
benefiting from a collaborative Free Software community is not a burden,
|
||||
so we strive to make the process of coming into compliance as smooth as
|
||||
possible.
|
||||
|
||||
\item {\bf Confirming compliance is a community effort.} The whole point
|
||||
of making sure that software distributors respect the terms of GPL is to
|
||||
|
@ -404,21 +417,21 @@ This case introduces a number of concepts regarding GPL enforcement.
|
|||
violators to make some attempt --- such as via newsletters and the
|
||||
company's website --- to inform those who already have the products as
|
||||
to their rights under GPL\@. One of the key thrusts of GPL's \S 1 and
|
||||
\S 3 is to {\em make sure the user knows he has these rights\/}. If a
|
||||
product was received out of compliance by a customer, they may never
|
||||
actually discover that they had such rights. Informing them, in a way
|
||||
that is not burdensome but has a high probability of successfully
|
||||
\S 3 is to {\em make sure the user knows she has these rights\/}. If a
|
||||
product was received out of compliance by a customer, she may never
|
||||
actually discover that she had such rights. Informing customers, in a
|
||||
way that is not burdensome but has a high probability of successfully
|
||||
reaching those who would seek to exercise their freedoms, is essential
|
||||
to properly remedy the mistake.
|
||||
|
||||
\item {\bf Lines between various copyright, patent, and other legal
|
||||
mechanisms must be precisely defined and considered.} The most
|
||||
difficult negotiation point of this compliance case was drafting
|
||||
language that simultaneously protected the Davrik's patent rights
|
||||
outside of the GPL'd source, but was consistent with the implicit patent
|
||||
grant in GPL\@. As we discussed in the first course in this series,
|
||||
there is indeed an implicit patent grant with GPL, thanks to \S 6 and \S
|
||||
7. However, many companies become nervous and wish to make the grant
|
||||
difficult negotiation point of the Davrik case was drafting language
|
||||
that simultaneously protected the Davrik's patent rights outside of the
|
||||
GPL'd source, but was consistent with the implicit patent grant in
|
||||
GPL\@. As we discussed in the first course in this series, there is
|
||||
indeed an implicit patent grant with GPL, thanks to \S 6 and \S 7.
|
||||
However, many companies become nervous and wish to make the grant
|
||||
explicit to assure themselves that the grant is sufficiently narrow for
|
||||
their needs. We understand that there is no reasonable way to determine
|
||||
what patent claims read on a company's GPL holdings and which do not, so
|
||||
|
@ -431,6 +444,11 @@ This case introduces a number of concepts regarding GPL enforcement.
|
|||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||
\chapter{Bracken: a Minor Violation in a GNU/Linux Distribution}
|
||||
|
||||
In this case study, we consider a minor violation made by a company whose
|
||||
knowledge of the Free Software community and it functions is deep.
|
||||
|
||||
\section{The Facts}
|
||||
|
||||
Bracken produces a GNU/Linux operating system product that is sold
|
||||
primarily to OEM vendors to be placed in appliance devices that are used
|
||||
for a single purpose, such as an Internet-browsing-only device. The
|
||||
|
@ -439,8 +457,8 @@ related Free Software licenses.
|
|||
|
||||
FSF found out about this violation through a report first posted in a
|
||||
comment on a Slashdot\footnote{Slashdot is a popular news and discussion
|
||||
site for technical readers.} comment, and then later brought to our
|
||||
attention by another Free Software copyright holder who had discovered the
|
||||
site for technical readers.} comment, and then was brought to attention
|
||||
again by another Free Software copyright holder who had discovered the
|
||||
same violation.
|
||||
|
||||
Bracken's GNU/Linux product is delivered directly from their website.
|
||||
|
@ -458,7 +476,7 @@ online distribution:
|
|||
contradicted the permissions granted by GPL\@.
|
||||
\end{itemize}
|
||||
|
||||
FSF contacted Bracken and gave them the details of the violation. Bracken
|
||||
FSF contacted Bracken and gave them the details of the violation. Bracken
|
||||
immediately ceased distribution of the product temporarily, and set forth
|
||||
a plan to bring themselves back into compliance. This plan included the
|
||||
following steps:
|
||||
|
@ -473,14 +491,14 @@ following steps:
|
|||
ever they distributed that way).
|
||||
|
||||
\item Bracken attorneys would run an internal seminar for its engineers
|
||||
regarding GPL proper compliance, to help ensure that such oversights
|
||||
regarding proper GPL compliance, to help ensure that such oversights
|
||||
regarding source releases would not occur in the future.
|
||||
|
||||
\item Bracken would resume distribution of the product only after FSF
|
||||
formally restored Bracken's distribution rights.
|
||||
\end{itemize}
|
||||
|
||||
This work was completed in the matter of about a month. FSF approved the
|
||||
This case was completed in the matter of about a month. FSF approved the
|
||||
new EULA text. They key portion in the EULA relating to GPL read as
|
||||
follows:
|
||||
|
||||
|
@ -511,7 +529,7 @@ completed as described.
|
|||
|
||||
\section{Lessons Learned}
|
||||
|
||||
This case was probably them most quickly and easily resolved of all GPL
|
||||
This case was probably the most quickly and easily resolved of all GPL
|
||||
violations in the history of FSF's Compliance Lab. The ease with which
|
||||
the problem was resolved shows a number of cultural factors that play a
|
||||
role in GPL compliance.
|
||||
|
@ -520,13 +538,13 @@ role in GPL compliance.
|
|||
|
||||
\item {\bf Companies that understand Free Software culture better have an
|
||||
easier time with compliance.} Bracken's products were designed and
|
||||
build around the GNU/Linux system and Free Software components. Their
|
||||
built around the GNU/Linux system and Free Software components. Their
|
||||
engineers were deeply familiar with the Free Software ecosystem, and
|
||||
their lawyers had seen and reviewed GPL before. The violation was
|
||||
completely an honest mistake, and since the culture inside the company
|
||||
had already adapted to the cooperative style of resolution to problems
|
||||
in the Free Software world, there was very little work for either
|
||||
party to bring the product into compliance.
|
||||
completely an honest mistake. Since the culture inside the company had
|
||||
already adapted to the cooperative style of resolution in the Free
|
||||
Software world, there was very little work for either party to bring the
|
||||
product into compliance.
|
||||
|
||||
\item {\bf When people in key positions understand the Free Software
|
||||
nature of their software products, compliance concerns are as mundane as
|
||||
|
@ -534,26 +552,26 @@ role in GPL compliance.
|
|||
its problems, and successful business often depends on agile response to
|
||||
the problems that do come up; avoiding problems altogether is a pipe
|
||||
dream. Minor GPL violations can and do happen even with well-informed
|
||||
redistributors, but when the company --- and in particular, the lawyers,
|
||||
managers, and engineers working on the Free Software product lines --
|
||||
have adapted to the cooperate Free Software culture, resolving such
|
||||
problems are merely a mundane details of typical operation and resolved
|
||||
just as easily.
|
||||
redistributors. However, when the company --- and in particular, the
|
||||
lawyers, managers, and engineers working on the Free Software product
|
||||
lines --- have adapted to the cooperative Free Software culture,
|
||||
resolving such problems is merely a mundane detail of typical operation
|
||||
and resolution is reached quickly.
|
||||
|
||||
\item {\bf Legally, distribution must stop when a violation is
|
||||
identified.} In our opinion, Bracken went above and beyond the call by
|
||||
ceasing distribution while the violation was being resolved. Under GPL
|
||||
\S 4, the redistributor loses the right to distribute the software, and
|
||||
thus they are in ongoing violation of copyright law as they distribute.
|
||||
It is FSF's policy to temporarily allow distribution while compliance
|
||||
negotiations are ongoing and only in the most extreme cases where the
|
||||
other party appears to be negotiating in bad faith does FSF even
|
||||
threaten an injunction on copyright grounds. However, Bracken --- as a
|
||||
good Free Software citizen --- chose to be on the safe side and do the
|
||||
legally correct thing while the violation case was pending. Since from
|
||||
start to finish it took less than am month to resolve, this lapse in
|
||||
distribute did not, to FSF's knowledge, impact their business in any
|
||||
way.
|
||||
identified.} In our opinion, Bracken went above and beyond the call of
|
||||
duty by ceasing distribution while the violation was being resolved.
|
||||
Under GPL \S 4, the redistributor loses the right to distribute the
|
||||
software, and thus they are in ongoing violation of copyright law if
|
||||
they distribute before rights are restored. It is FSF's policy to
|
||||
temporarily allow distribution while compliance negotiations are ongoing
|
||||
and only in the most extreme cases (where the other party appears to be
|
||||
negotiating in bad faith) does FSF even threaten an injunction on
|
||||
copyright grounds. However, Bracken --- as a good Free Software citizen
|
||||
--- chose to be on the safe side and do the legally correct thing while
|
||||
the violation case was pending. Since from start to finish it took less
|
||||
than am month to resolve, this lapse in distribution did not, to FSF's
|
||||
knowledge, impact Bracken's business in any way.
|
||||
|
||||
\item {\bf EULAs are a common area for GPL problems.} Often, EULAs are
|
||||
drafted from boilerplate text that a company uses for all its products.
|
||||
|
@ -562,8 +580,8 @@ role in GPL compliance.
|
|||
licenses. Drafting a EULA that accounts for such licenses is
|
||||
straightforward; the text quoted above works just fine. The EULA must
|
||||
be designed so that it does not trump and rights and permissions already
|
||||
granted by GPL\@, and it must be certain that if there is a conflict
|
||||
between EULA and GPL, with regard to GPL'd code, that the GPL is the
|
||||
granted by GPL\@, and it clearly state that if there is a conflict
|
||||
between the EULA and GPL, with regard to GPL'd code, that the GPL is the
|
||||
overriding license.
|
||||
|
||||
\item {\bf Compliance Officers are rarely necessary when companies are
|
||||
|
@ -601,15 +619,15 @@ a derivative work of GNU tar; the extraneous utilities merely made
|
|||
compliance with GPL by releasing the source of GNU tar, with the
|
||||
cryptographic modifications, to its customers.
|
||||
|
||||
Vigorien released the GNU tar sources, but kept the cryptographic library
|
||||
proprietary. They argued that the security of their system depending on
|
||||
keeping the software proprietary and that regardless, USA export
|
||||
restrictions on cryptographic software prohibited such a release. FSF
|
||||
disputed the claim on the first count, pointing out that Vigorien's had
|
||||
only one option if they did not want to release the source: they would
|
||||
have to remove GNU tar from the software and not distribute it further.
|
||||
Vigorien rejected this suggestion, since GNU tar was an integral part of
|
||||
the product and the security changes were useless without GNU tar.
|
||||
Vigorien released the original GNU tar sources, but kept the cryptographic
|
||||
modifications proprietary. They argued that the security of their system
|
||||
depending on keeping the software proprietary and that regardless, USA
|
||||
export restrictions on cryptographic software prohibited such a release.
|
||||
FSF disputed the first claim, pointing out that Vigorien had only one
|
||||
option if they did not want to release the source: they would have to
|
||||
remove GNU tar from the software and not distribute it further. Vigorien
|
||||
rejected this suggestion, since GNU tar was an integral part of the
|
||||
product and the security changes were useless without GNU tar.
|
||||
|
||||
Regarding the export control claims, FSF proposed a number of options,
|
||||
including release of the source from one of Vigorien's divisions overseas
|
||||
|
@ -629,18 +647,26 @@ did so, and the violation was resolved.
|
|||
|
||||
\item {\bf Removing the GPL'd portion of the product is always an option.}
|
||||
Many violators' first response is to simply refuse to release the source
|
||||
code as GPL required. FSF offers the option to simply remove the GPL'd
|
||||
code as GPL requires. FSF offers the option to simply remove the GPL'd
|
||||
portions from the product and continue along without them indefinitely.
|
||||
Every case where this has been suggested has led to the same conclusion.
|
||||
Like Vigorien, the violator argues that the product cannot function
|
||||
without the GPL'd components and they cannot effectively replace them.
|
||||
|
||||
Such an outcome of course is further evidence that the combined work in
|
||||
Such an outcome is simply further evidence that the combined work in
|
||||
question is indeed a derivative work of the original GPL'd component.
|
||||
If the other components cannot stand on their own and be useful without
|
||||
the GPL'd portions, then one cannot effectively argue that the work as a
|
||||
whole is not a derivative of the GPL'd portions.
|
||||
|
||||
\item {\bf The whole product is not always covered.} In this case,
|
||||
Vigorien had additional works aggregated. The backup system was a suite
|
||||
of utilities, some of which were GPL and some of which were not. While
|
||||
the cryptographic routines were tightly coupled with GNU tar and clearly
|
||||
derivative works, the various GUI utilities were separate and
|
||||
independent works merely aggregated with the distribution of the
|
||||
GNU-tar-based product.
|
||||
|
||||
|
||||
\item {\bf ``Security'' concerns do not exonerate a distributor from GPL
|
||||
obligations, and ``security through obscurity'' does not work anyway.}
|
||||
|
@ -662,11 +688,11 @@ did so, and the violation was resolved.
|
|||
by identifying them early.
|
||||
|
||||
\item {\bf External regulatory problems can be difficult to resolve.}
|
||||
GPL, though copyright law, does not have the power to trump regulations
|
||||
like export controls. While Vigorien's ``security concerns'' were
|
||||
specious, their export control concerns were not. It is indeed a
|
||||
difficult problem that FSF acknowledges. We want compliance with GPL
|
||||
and respect for users' freedoms, but we certainly do not expect
|
||||
GPL, though grounded in copyright law, does not have the power to trump
|
||||
regulations like export controls. While Vigorien's ``security
|
||||
concerns'' were specious, their export control concerns were not. It is
|
||||
indeed a difficult problem that FSF acknowledges. We want compliance
|
||||
with GPL and respect for users' freedoms, but we certainly do not expect
|
||||
companies to commit criminal offenses for the sake of compliance. We
|
||||
will see more about this issue in our next case study.
|
||||
\end{enumerate}
|
||||
|
@ -676,8 +702,8 @@ did so, and the violation was resolved.
|
|||
\chapter{Haxil, Polgara, and Thesulac: Mergers, Upstream Providers and Radio Devices}
|
||||
|
||||
This case study considers an ongoing (at the time of writing) violation
|
||||
that occurred. By the end of the investigation period, three companies
|
||||
were involved and many complex issues arose.
|
||||
that has occurred. By the end of the investigation period, three
|
||||
companies were involved and many complex issues arose.
|
||||
|
||||
\section{The Facts}
|
||||
|
||||
|
@ -695,10 +721,10 @@ arms about the violation.
|
|||
|
||||
Meanwhile, Haxil was in the midst of being acquired by Polgara. Polgara
|
||||
was as surprised as everyone else to discover the product was based on
|
||||
GPL'd software; it had not been part of the disclosures made during
|
||||
GPL'd software; this fact had not been part of the disclosures made during
|
||||
acquisition. FSF contacted both Haxil and Polgara, and product managers
|
||||
who had transitioned into the ``Haxil division'' of newly merged Polgara
|
||||
company worked and Polgara's General Counsel's office worked with FSF on
|
||||
who had transitioned into the ``Haxil division'' of the newly-merged
|
||||
Polgara company and Polgara's General Counsel's office worked with FSF on
|
||||
the matter.
|
||||
|
||||
FSF meanwhile formed a coalition with the other primary copyright holders
|
||||
|
@ -738,8 +764,8 @@ regarding the problem.
|
|||
\begin{enumerate}
|
||||
|
||||
\item {\bf Community outrage, while justified, can often make negotiation
|
||||
more difficult.} FSF has a strong policy to not publicized names of GPL
|
||||
violators if they are negotiating in a friendly way and operating in
|
||||
more difficult.} FSF has a strong policy never to publicize names of
|
||||
GPL violators if they are negotiating in a friendly way and operating in
|
||||
good faith toward compliance. Most violations are honest mistakes, and
|
||||
FSF sees no reason to publicly admonish violators who genuinely see to
|
||||
come into compliance with GPL and to work hard staying in compliance.
|
||||
|
@ -758,19 +784,21 @@ regarding the problem.
|
|||
during the acquisition process. While GPL compliance is not a
|
||||
particularly difficult matter, it is an additional obligation that comes
|
||||
along with the product line. When planning mergers and joint ventures,
|
||||
include lists of GPL'd components contained in the products discussed.
|
||||
one should include lists of GPL'd components contained in the products
|
||||
discussed.
|
||||
|
||||
\item {\bf Compliance problems of upstream providers do not excuse a
|
||||
violation for the downstream distributor.} To paraphrase \S 6, upstream
|
||||
providers are not responsible for enforcing compliance of their
|
||||
downstream, nor are downstream distributors responsible for compliance
|
||||
problems of upstream providers. However, engaging in distribution of
|
||||
GPL'd works out of compliance is still just that --- a compliance
|
||||
problem. When FSF carries out enforcement, we are patient and
|
||||
sympathetic when the problem appears to be upstream. In fact, we urge
|
||||
the violator to point us to the upstream provider to talk to them, and
|
||||
in this case we were happy to begin negotiations with Thesulac. However,
|
||||
Polgara still has an obligation to bring their product into compliance.
|
||||
GPL'd works out of compliance is still just that: a compliance problem.
|
||||
When FSF carries out enforcement, we are patient and sympathetic when
|
||||
the problem appears to be upstream. In fact, we urge the violator to
|
||||
point us to the upstream provider so we may talk to them directly. In
|
||||
this case we were happy to begin negotiations with Thesulac. However,
|
||||
Polgara still has an obligation to bring their product into compliance,
|
||||
regardless of Thesulac's response.
|
||||
|
||||
\item {\bf It behooves upstream providers to advise downstream
|
||||
distributors about compliance matters.} FSF has encouraged Thesulac to
|
||||
|
@ -779,7 +807,7 @@ regarding the problem.
|
|||
product, and it is conceivable that such additions can introduce
|
||||
compliance. In FSF's opinion, Thesulac is no way legally responsible
|
||||
for such a violation introduced by their customer, but it behooves them
|
||||
from a business standpoint to educate their customers about using the
|
||||
from a marketing standpoint to educate their customers about using the
|
||||
product. We can argue whether or not it is your coffee vendor's fault
|
||||
if you burn yourself with their product, but (likely) no one on either
|
||||
side would dispute the prudence of placing a ``caution: hot'' label on
|
||||
|
@ -803,6 +831,7 @@ regarding the problem.
|
|||
simple rule to follow, and following that rule to FSF's satisfaction
|
||||
usually means you are following it to the satisfaction of the entire
|
||||
Free Software community.
|
||||
|
||||
\end{enumerate}
|
||||
|
||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||
|
@ -853,4 +882,4 @@ distribute products based on GPL'd software:
|
|||
% LocalWords: Lessig Lessig's UCITA pre PDAs CDs reshifts GPL's Gentoo glibc
|
||||
% LocalWords: TrollTech administrivia LGPL's MontaVista Davrik Davrik's Darvik
|
||||
% LocalWords: Darvik's Slashdot sublicensed Vigorien Vigorien's Haxil Polgara
|
||||
% LocalWords: Thesulac Polgara's Haxil's Thesulac's
|
||||
% LocalWords: Thesulac Polgara's Haxil's Thesulac's SDK CD's
|
||||
|
|
Loading…
Reference in a new issue