From 594a4f744dde8365c2a1da660e9cd524f89e8733 Mon Sep 17 00:00:00 2001 From: "Bradley M. Kuhn" Date: Tue, 9 May 2017 08:12:21 -0500 Subject: [PATCH] Remove extraneous material to just CCS examples. --- .../ccs-report-examples/ccs-examples.md | 463 +----------------- 1 file changed, 3 insertions(+), 460 deletions(-) diff --git a/presentations/ccs-report-examples/ccs-examples.md b/presentations/ccs-report-examples/ccs-examples.md index 8a99469..b4be755 100644 --- a/presentations/ccs-report-examples/ccs-examples.md +++ b/presentations/ccs-report-examples/ccs-examples.md @@ -1,452 +1,6 @@ -% A Practical Guide to Compliance with the GNU GPL -% Bradley M. Kuhn and Karen M. Sandler -% Thursday 19 January 2016 - - -# Audience - -+ Our goal here is to move faster or slower based on audience knowledge. - -+ There are folks in this audience who have worked with this stuff for years, - and those who are completely new. - -+ We want these presentations to be valuable to all of you. - -# Audience - -+ Please, don't be embarrassed: - + Ever GPL expert in the world, including us, started as a student who - knew none of this. - -+ This is a course; raise your hand if you are confused or have a question. - -+ We are glad to go "off-slides" and get your questions answered. - -# The Tutorial's Textbook - -+ This tutorial actually has a 125-page textbook. - -+ You can download it (PDF or online HTML browse, or the source code!) from - [copyleft.org/guide](https://copyleft.org/guide) - -+ The text is in integration and culmination of every freely licensed - material on copyleft (and GPL in particular) we could find. - -+ We don't mind if you read the text while we talk and raise your hand with questions. - -# How this Tutorial Go? - -+ Materials presented will mix the simple & complex. - -+ We cannot possibly cover the entire GPL and compliance procedures in merely - two hours. - + a full course could take a whole day or more. - + but we'll give you the key highlights. - -# Outline - -+ Discuss: motivations, origins, then a few of GPL's sections. - -+ Turn to focus to how it relates to meeting the requirements of the license - (aka compliance). - -+ If you haven't asked enough questions at that point, we'll then still have - lots of time at the end to take questions and answer them. - -# Why Listen To Us? - -+ Conservancy operates and practices license compliance activities extremely transparently. - -+ So you have access to drafters, interpreters, enforcers. - -+ Someday, we may (or already have) sit across the table from you. - -+ Our transparency does make your job easier. - -# The Mindset of GPL - -+ GPL protects software freedom. - -+ Ultimate goal: make sure every user has the four freedoms. - + Freedom to run the software. - + Freedom to study and modify the software. - + Freedom to share the software. - + Freedom to distribute modified versions. - -+ Every clause in GPL was designed to uphold one of these freedoms. - + Or, it's a compromise of drafting in adoption vs. freedom debate. - -# Using Copyright - -+ GPL is primarily a copyright license. - + Software is copyrighted. - + License grants key freedoms. - + Requirement prohibit activities that take away freedoms. - -+ General concept: copyleft. - -+ Specific implementation: GPL. - -# Conditional Permissions - -+ A copyleft license grants copyright permissions, conditionally. - -+ Think of the phrase: “provided that” - -+ “provided that”: appears (in some form) only - + 4 times in GPLv2 - + 9 times in GPLv3. - -# Compare To Proprietary Licenses - -+ Yes, the GPL has its requirements. - -+ But *none* of these activities are ever permitted under proprietary - licenses. - -+ If you don't like what the GPL requires you to do, then just use - proprietary software instead. - -+ That way, you know the answer to every “Am I allowed to?” question is “no” - -+ rather than: “yes, but only as long as you …” - -+ Many business advantages to copyleft... - -# The Technical Gap - -+ Understanding GPL well requires a some software expertise & legal - expertise. - -+ You don't have to be a professional on either side to grok it. - + but you're best off if you're a professional in one & an amateur - in the other. - -+ Most important technical concepts you need: - + source code, binaries, methods of distribution. - -# Modification As a Center Provision - -+ GPL's primary copyright hook is copyright controls on the right to modify. - -+ GPL's central tenant: - -+ You can make a modified version of various types privately as much as you'd like. - -+ When you distribute that modified version, you have requirements to meet. - -+ Technological considerations dictate necessity of more complex rules for -certain types of modifications. - -# GPLv2 § 2(a-b) - - -

[GPLv2§]2. You may modify your copy or copies of the Program or any -portion of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 above, -provided that you also meet all of these conditions: -
-
-a) You must cause the modified files to carry prominent notices stating -that you changed the files and the date of any change. -
-
-b) You must cause any work that you distribute or publish, that in -whole or in part contains or is derived from the Program or any -part thereof, to be licensed as a whole at no charge to all third -parties under the terms of this License. -

-
- -# GPLv3§5(a-c) - - -

-You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: -
-
-a) The work must carry prominent notices stating that you modified it, and -giving a relevant date. -
-
-b) The work must carry prominent notices stating that it is released under -this License and any conditions added under section 7. This requirement -modifies the requirement in section 4 to "keep intact all notices". -
-
-c) You must license the entire work, as a whole, under this License to anyone -who comes into possession of a copy. This License will therefore apply, -along with any applicable section 7 additional terms, to the whole of the -work, and all its parts, regardless of how they are packaged. This License -gives no permission to license the work in any other way, but it does not -invalidate such permission if you have separately received it. -

-
- -# GPLv2§2¶ penultimates - - -

-These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. -
-
-Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. -

- -
- -# GPLv3 §0 ¶1-5 - -

- "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. -
-
- "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. -
-
-To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. -
-
- A "covered work" means either the unmodified Program or a work based -on the Program. -

- -# Binaries (Object Code) are Modifications - -+ Software that the computer understands is different than software humans - read. - -+ There is often a process required to modify (and/or translate) the software - from human-readable - + This process can be done ahead of time. - -+ Separation of source and binary was the first way proprietary software - companies discovered to subjugate users. - + GPL uses the fact that binaries are modifications (which are often - distribution) to prevent that subjugation. - -# GPLv2 § 3(a-b) - - -

-

[GPLv2§]3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: -
-
-a) Accompany it with the complete corresponding machine-readable -source code, which must be distributed under the terms of Sections -1 and 2 above on a medium customarily used for software interchange; or, -
-
-b) Accompany it with a written offer, valid for at least three -years, to give any third party, for a charge no more than your -cost of physically performing source distribution, a complete -machine-readable copy of the corresponding source code, to be -distributed under the terms of Sections 1 and 2 above on a medium -customarily used for software interchange; -

-
- -# GPLv3 § 6(a-b) - - -

-[GPLv3 § ] 6. Conveying Non-Source Forms. -
-
-You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: -
-
-a) Convey the object code in, or embodied in, a physical product -(including a physical distribution medium), accompanied by the -Corresponding Source fixed on a durable physical medium -customarily used for software interchange. -
-
-b) Convey the object code in, or embodied in, a physical product -(including a physical distribution medium), accompanied by a -written offer, valid for at least three years and valid for as -long as you offer spare parts or customer support for that product -model, to give anyone who possesses the object code either (1) a -copy of the Corresponding Source for all the software in the -product that is covered by this License, on a durable physical -medium customarily used for software interchange, for a price no -more than your reasonable cost of physically performing this -conveying of source, or (2) access to copy the -Corresponding Source from a network server at no charge. -

-
- -# GPLv3 § 1 ¶ 1, 4-6 - - -

-The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. -
-
-The "Corresponding Source" for a work in object code form means all the -source code needed to generate, install, and (for an executable work) run the -object code and to modify the work, including scripts to control those -activities. However, it does not include the work's System Libraries, or -general-purpose tools or generally available free programs which are used -unmodified in performing those activities but which are not part of the work. -For example, Corresponding Source includes interface definition files -associated with source files for the work, and the source code for shared -libraries and dynamically linked subprograms that the work is specifically -designed to require, such as by intimate data communication or control flow -between those subprograms and other parts of the work. -
-
-The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. -
-
-The Corresponding Source for a work in source code form is that -same work. -

-
- -# What's a GPL Violation? - -+ GPL (both v2 and v3) require: - + The whole work licensed under GPL. - + (which means all copyrighted material added must be under - GPL-compatible licenses.) - + Complete, Corresponding Source (CCS) of that work provided, under GPL. - -+ The licenses terminate upon violation … - + … thus failure to comply means lost distribution rights. - + … enforcement uses this rights termination as leverage to - restore compliance. - -# Enforcement is Technical - -+ Copyleft's policy goals related to technical acts. - + modifying, building, and installing software is a technical process. - -+ In embedded systems, this process is rarely straightforward. - + Yet GPL requires that such be possible. - -+ In enforcement, we talk about “the CCS adequately meeting GPL's requirements” - -# Compliance-Friendly Development - -+ Use revision control ... - - ... to pull in vendor branch. - - ... to tag releases. - -+ Avoid "Build Guru" ... - - ... by documenting build process. - - ... and versioning it, too. - -# GPL Binary Requirements - -(v2 § 3, v3 § 6) - -+ Four options: - - Source alongside binary (v2/v3). - - Offer for source (v2/v3). - - Internet side-by-side distribution (v3). - - Torrent distribution (v3). - -# Source Alongside Binary - -+ Simplest option - -+ **Obligations end at distribution time.** - -+ Physical media required. - -# Offer For Source - -+ Useful if not shipping CD already. - -+ Lasts three years. - -+ Mail fulfillment required (not in v3). - -# Side-By-Side Distribution - -+ Not in GPLv2, pedantically speaking. - -+ Always been considered compliant for v2. - -+ v3 clarifies this. - -# Peer-to-Peer Distribution - -+ v2 obviously couldn't consider this. - -+ v3 allows distribution of equally seeded source and binary. - -# Preparing Corresponding Source - -(v2 § 3, v3 § 1) - -+ Make sure all sources are present. - - revision system helps a lot here. - -+ Build scripts - - make sure someone skilled in art can build it. - -# Termination - -(v2 § 4, v3 § 8) - -+ v2 is automatic and permanent. - -+ v3 has auto-reinstatement. - - 60 day self-correction timeout. - - 30 day penalty-less after notice. - -+ Usually, you need copyright holder to reinstate. - -# Actual Enforcement - -+ [*The Principles of Community-Oriented GPL Enforcement* at sfconservancy.org/linux-compliance/principles.html](https://sfconservancy.org/linux-compliance/principles.html). - -+ Send a Letter, carefully finding right person. - -+ Communication is key. - -+ Ask for CCS candidates. - - -# The "Rounds" - -+ Ideally (it's only happened to me twice) the first source release is - perfect. - + but we don't live in an ideal world. - -+ The worst I've ever experienced is 22 rounds. - -+ We send detailed reports. +% Examples of CCS Reports +% Bradley M. Kuhn +% Tuesday 9 May 2017 # No Build Instructions @@ -745,21 +299,10 @@ same work. to email NAME@COMPANY.com , which is how the above instructions for downloading the source were received. - - - # More Info / Talk License -+ URLs / Social Networking / Email: - - Pls. support Conservancy: [sfconservancy.org/supporter/](https://sfconservancy.org/supporter/) - - If you hold copyrights in Linux, Debian, Samba, or BusyBox, you can - join our enforcement coalition. [Contact us!](https://sfconservancy.org/linux-compliance/about.html) - - [*The Guide*](https://copyleft.org/guide) is available & [welcomes contributions at copyleft.org](https://copyleft.org). - - Conservancy: [sfconservancy.org](https://sfconservancy.org/) & [@conservancy](https://twitter.com/conservancy/). - - Me: [faif.us](http://faif.us) & [ebb.org/bkuhn](http://ebb.org/bkuhn) - - Slides: [ebb.org/bkuhn/talks](http://ebb.org/bkuhn/talks/ELC-2015/pristine-example.html).

Presentation and slides are: Copyright © Bradley M. Kuhn (2008–2011, 2015, 2017), Karen M. Sandler (2017), and are licensed under the Creative Commons Attribution-Share Alike 4.0 International License.