Incorporate the compliance guide into main text of the book.
This required resectioning the entire compliance guide to be 'one level up'. It furthermore required a few other formatting and related changes.
This commit is contained in:
parent
16ffbf69c5
commit
9eb3c521b0
2 changed files with 54 additions and 58 deletions
|
@ -1,40 +1,38 @@
|
|||
\documentclass[letterpaper]{fixme}
|
||||
% compliance-guide.tex -*- LaTeX -*-
|
||||
|
||||
\title{A Practical Guide to GPL Compliance}
|
||||
\titleformatted{A Practical Guide to GPL Compliance}
|
||||
\date{August 26, 2008}
|
||||
\part{A Practical Guide to GPL Compliance}
|
||||
|
||||
\keywords{SFLC, software, freedom, law, center, free, open, source, gpl, compliance, violation}
|
||||
\begin{center}
|
||||
|
||||
\subject{SFLC's guide to better compliance with the GPL and related FOSS Licenses}
|
||||
{\parindent 0in
|
||||
This part is: \\
|
||||
\begin{tabbing}
|
||||
Copyright \= \copyright{} 2008 \= \hspace{.2in} Software Freedom Law Center. \\
|
||||
Copyright \= \copyright{} 2014 \= \hspace{.2in} Bradley M. Kuhn.
|
||||
\end{tabbing}
|
||||
|
||||
% The below is a horrible hack. What happens is that the HTML generator
|
||||
% (tex4ht) freaks out when \\ is used in the author field. tex4ht seems
|
||||
% to have some concept of ``author lists'' but I cannot figure out how to
|
||||
% use this. I added this code here (and keep carrying it over from doc to
|
||||
% doc) to get around that problem, but really it should be handled in the
|
||||
% LaTeX class. -- bkuhn
|
||||
\vspace{1in}
|
||||
|
||||
\ifx \generateHTML \isGeneratingHTML
|
||||
\author{
|
||||
<ul class="author"> \Hnewline
|
||||
<li>Bradley M. Kuhn</li>\Hnewline
|
||||
<li>Aaron Williamson</li>\Hnewline
|
||||
<li>Karen M. Sandler</li>\Hnewline
|
||||
</ul>\Hnewline}
|
||||
\else
|
||||
\author{Bradley M. Kuhn \\ Aaron Williamson \\ Karen M. Sandler }
|
||||
\fi
|
||||
Authors of this part are: \\
|
||||
|
||||
\begin{document}
|
||||
Bradley M. Kuhn \\
|
||||
Aaron Williamson \\
|
||||
Karen M. Sandler \\
|
||||
|
||||
\maketitle
|
||||
\vspace{3in}
|
||||
|
||||
Copyright \copyright{} 2008, Software Freedom Law Center. Licensed
|
||||
\href{http://creativecommons.org/licenses/by-sa/4.0/legalcode}{CC-BY-SA
|
||||
4.0 unported}.
|
||||
|
||||
\section{Executive Summary}
|
||||
The copyright holders of this part hereby grant the freedom to copy, modify,
|
||||
convey, Adapt, and/or redistribute this work under the terms of the Creative
|
||||
Commons Attribution Share Alike 4.0 International License. A copy of that
|
||||
license is available at
|
||||
\verb=https://creativecommons.org/licenses/by-sa/4.0/legalcode=. }
|
||||
|
||||
\end{center}
|
||||
|
||||
\bigskip
|
||||
|
||||
\chapter*{Executive Summary}
|
||||
|
||||
This is a guide to effective compliance with the GNU General Public
|
||||
License (GPL) and related licenses. In accordance with the Software
|
||||
|
@ -46,7 +44,7 @@ enforcement by copyright holders. It also outlines business practices and
|
|||
methods that lead to better GPL compliance. Finally, it recommends proper
|
||||
post-violation responses to the concerns of copyright holders.
|
||||
|
||||
\section{Background}
|
||||
\chapter{Background}
|
||||
|
||||
Early GPL enforcement efforts began soon after the GPL was written by
|
||||
Richard Stallman in 1989, and consisted of informal community efforts,
|
||||
|
@ -95,7 +93,7 @@ commercial distributors, redistributors, and resellers on how to avoid
|
|||
violations in the first place, and to respond adequately and appropriately
|
||||
when a violation occurs.
|
||||
|
||||
\section{Best Practices to Avoid Common Violations}
|
||||
\chapter{Best Practices to Avoid Common Violations}
|
||||
\label{best-practices}
|
||||
|
||||
Unlike highly permissive FOSS licenses (such as the ISC license), which
|
||||
|
@ -120,7 +118,7 @@ software.\footnote{This document addresses compliance with GPLv2,
|
|||
\S~\ref{lgpl} discusses the key differences between GPL and LGPL
|
||||
compliance.}
|
||||
|
||||
\subsection{Evaluate License Applicability}
|
||||
\section{Evaluate License Applicability}
|
||||
\label{derivative-works}
|
||||
Political discussion about the GPL often centers around the ``copyleft''
|
||||
requirements of the license. Indeed, the license was designed primarily
|
||||
|
@ -172,7 +170,7 @@ source for the GPL'd components and your modifications thereto, but not
|
|||
for independent proprietary applications. The procedures described in
|
||||
this document address this typical scenario.
|
||||
|
||||
\subsection{Monitor Software Acquisition}
|
||||
\section{Monitor Software Acquisition}
|
||||
|
||||
Software engineers should have the freedom to innovate and import useful
|
||||
software components to improve your product. However, along with that
|
||||
|
@ -210,7 +208,7 @@ the code. Fossology can help you build a catalog of the sources you have
|
|||
already used to build your product. You can then expand that into a more
|
||||
structured inventory and process.
|
||||
|
||||
\subsection{Track Your Changes and Releases}
|
||||
\section{Track Your Changes and Releases}
|
||||
|
||||
As we will explain in further detail below, the most important component
|
||||
to maintaining GPL compliance is inclusion of the complete and
|
||||
|
@ -229,7 +227,7 @@ scripts, engineers' notes, and documentation. Your developers will also
|
|||
benefit from a system that tracks the precise version of source that
|
||||
corresponds to any deployed binary.
|
||||
|
||||
\subsection{Avoid the ``Build Guru''}
|
||||
\section{Avoid the ``Build Guru''}
|
||||
|
||||
Too many software projects rely on only one or a very few team members who
|
||||
know how to build and assemble the final released product. Such knowledge
|
||||
|
@ -246,7 +244,7 @@ Make a rule that adding new components to the system without adequate
|
|||
build instructions (or better yet, scripts) is unacceptable engineering
|
||||
practice.
|
||||
|
||||
\section{Details of Compliant Distribution}
|
||||
\chapter{Details of Compliant Distribution}
|
||||
|
||||
In this section, we explain the specific requirements placed upon
|
||||
distributors of GPL'd software. Note that this section refers heavily to
|
||||
|
@ -256,7 +254,7 @@ and \href{http://www.fsf.org/licensing/licenses/gpl.html#section6}{GPLv3}.
|
|||
It may be helpful to have a copy of each license open while reading this
|
||||
section.
|
||||
|
||||
\subsection{Binary Distribution Permission}
|
||||
\section{Binary Distribution Permission}
|
||||
\label{binary-distribution-permission}
|
||||
|
||||
% be careful below, you cannot refill the \if section, so don't refill
|
||||
|
@ -305,7 +303,7 @@ in this section, but you may wish to refer back to this section after
|
|||
reading the thorough discussion of ``Corresponding Source'' that appears
|
||||
in \S~\ref{corresponding-source}.
|
||||
|
||||
\subsubsection{Option (a): Source Alongside Binary}
|
||||
\subsection{Option (a): Source Alongside Binary}
|
||||
|
||||
GPLv2~\S~3(a) and v3~\S~6(a) embody the easiest option for providing
|
||||
source code: including Corresponding Source with every binary
|
||||
|
@ -340,7 +338,7 @@ Please note that while selection of option (a) requires distribution on a
|
|||
physical medium, voluntary distribution via the Internet is very useful. This
|
||||
is discussed in detail in \S~\ref{offer-with-internet}.
|
||||
|
||||
\subsubsection{Option (b): The Offer}
|
||||
\subsection{Option (b): The Offer}
|
||||
\label{offer-for-source}
|
||||
|
||||
Many distributors prefer to ship only an offer for source with the binary
|
||||
|
@ -498,7 +496,7 @@ with your product but cannot actually deliver \emph{immediately} on that
|
|||
offer when your customers receive it, you should expect an enforcement
|
||||
action.
|
||||
|
||||
\subsubsection{Option (c): Noncommercial Offers}
|
||||
\subsection{Option (c): Noncommercial Offers}
|
||||
|
||||
As discussed in the last section, GPLv2~\S~3(c) and GPLv3~\S~6(c) apply
|
||||
only to noncommercial use. These options are not available to businesses
|
||||
|
@ -508,7 +506,7 @@ the offer they received from the vendor; they must provide their own offer
|
|||
or corresponding source to their distributees. We talk in detail about
|
||||
upstream software providers in \S~\ref{upstream}.
|
||||
|
||||
\subsubsection{Option 6(d) in GPLv3: Internet Distribution}
|
||||
\subsection{Option 6(d) in GPLv3: Internet Distribution}
|
||||
|
||||
Under GPLv2, your formal provisioning options for Corresponding Source
|
||||
ended with \S~3(c). But even under GPLv2, pure Internet source
|
||||
|
@ -543,7 +541,7 @@ v2. Indeed, many such important clarifications are included in v3 which
|
|||
together provide a compelling reason for authors and redistributors alike
|
||||
to adopt GPLv3.
|
||||
|
||||
\subsubsection{Option 6(e) in GPLv3: Software Torrents}
|
||||
\subsection{Option 6(e) in GPLv3: Software Torrents}
|
||||
|
||||
Peer-to-peer file sharing arose well after GPLv2 was written, and does not
|
||||
easily fit any of the v2 source provision options. GPLv3~\S~6(e)
|
||||
|
@ -555,7 +553,7 @@ provision obligations for non-peer-to-peer binary distributions. Finally,
|
|||
you should ensure that binaries and source are equally seeded upon initial
|
||||
peer-to-peer distribution.
|
||||
|
||||
\subsection{Preparing Corresponding Source}
|
||||
\section{Preparing Corresponding Source}
|
||||
\label{corresponding-source}
|
||||
|
||||
Most enforcement cases involve companies that have unfortunately not
|
||||
|
@ -568,7 +566,7 @@ you have followed those principles in your development, you can meet the
|
|||
following requirements with ease. If you have not, you may have
|
||||
substantial reconstruction work to do.
|
||||
|
||||
\subsubsection{Assemble the Sources}
|
||||
\subsection{Assemble the Sources}
|
||||
|
||||
For every binary that you produce, you should collect and maintain a copy
|
||||
of the sources from which it was built. A large system, such as an
|
||||
|
@ -583,7 +581,7 @@ required for your Corresponding Source releases. Collecting
|
|||
subdirectories of GPL'd and LGPL'd components is the first step toward
|
||||
preparing your release.
|
||||
|
||||
\subsubsection{Building the Sources}
|
||||
\subsection{Building the Sources}
|
||||
|
||||
Few distributors, particularly of embedded systems, take care to read the
|
||||
actual definition of Corresponding Source in the GPL\@. Consider
|
||||
|
@ -651,7 +649,7 @@ Details about what differs when the work is licensed under LGPL is
|
|||
discussed in \S~\ref{lgpl}, and specific details that are unique to
|
||||
GPLv3's installation instructions are in \S~\ref{user-products}.
|
||||
|
||||
\subsubsection{What About the Compiler?}
|
||||
\subsection{What About the Compiler?}
|
||||
|
||||
The GPL contains no provision that requires distribution of the compiler
|
||||
used to build the software. While companies are encouraged to make it as
|
||||
|
@ -686,7 +684,7 @@ about where you got it, what version it was, and who to contact to acquire
|
|||
it, regardless of whether your compiler is FOSS, proprietary, or
|
||||
internally developed.
|
||||
|
||||
\subsection{Best Practices and Corresponding Source}
|
||||
\section{Best Practices and Corresponding Source}
|
||||
|
||||
\S~\ref{best-practices} and \S~\ref{corresponding-source} above are
|
||||
closely related. If you follow the best practices outlined above, you
|
||||
|
@ -710,7 +708,7 @@ build system and no source tracking. Address these issues by installing a
|
|||
revision system, telling your developers to use it, and requiring your
|
||||
build guru to document his or her work!
|
||||
|
||||
\section{When The Letter Comes}
|
||||
\chapter{When The Letter Comes}
|
||||
|
||||
Unfortunately, many GPL violators ignore their obligations until they are
|
||||
contacted by a copyright holder or the lawyer of a copyright holder. You
|
||||
|
@ -720,7 +718,7 @@ under the GPL\@. This section outlines a typical enforcement case and
|
|||
provides some guidelines for response. These discussions are
|
||||
generalizations and do not all apply to every alleged violation.
|
||||
|
||||
\subsection{Communication Is Key}
|
||||
\section{Communication Is Key}
|
||||
|
||||
GPL violations are typically only escalated when a company ignores the
|
||||
copyright holder's initial communication or fails to work toward timely
|
||||
|
@ -752,7 +750,7 @@ generally find that FOSS developers and their lawyers are willing to
|
|||
have a reasonable dialogue and will work with you to resolve a violation
|
||||
once you open the channels of communication in a friendly way.
|
||||
|
||||
\subsection{Termination}
|
||||
\section{Termination}
|
||||
|
||||
Many redistributors overlook GPL's termination provision (GPLv2~\S~4 and
|
||||
GPLv3~\S~8). Under v2, violators forfeit their rights to redistribute and
|
||||
|
@ -812,7 +810,7 @@ Given that much discussion of v3 has focused on its so-called more
|
|||
complicated requirements, it should be noted that v3 is, in this regard,
|
||||
more favorable to violators than v2.
|
||||
|
||||
\section{Standard Requests}
|
||||
\chapter{Standard Requests}
|
||||
|
||||
As we noted above, different copyright holders have different requirements
|
||||
for reinstating a violator's distribution rights. Upon violation, you no
|
||||
|
@ -859,13 +857,13 @@ unlikely to find a better value or more generous license terms for similar
|
|||
software elsewhere. Treat the copyright holders with the same respect you
|
||||
treat your corporate partners and collaborators.
|
||||
|
||||
\section{Special Topics in Compliance}
|
||||
\chapter{Special Topics in Compliance}
|
||||
|
||||
There are several other issues that are less common, but also relevant in
|
||||
a GPL compliance situation. To those who face them, they tend to be of
|
||||
particular interest.
|
||||
|
||||
\subsection{LGPL Compliance}
|
||||
\section{LGPL Compliance}
|
||||
\label{lgpl}
|
||||
|
||||
GPL compliance and LGPL compliance mostly involve the same issues. As we
|
||||
|
@ -888,7 +886,7 @@ engineering for debugging such modifications'' to the library. Therefore,
|
|||
you should take care that the EULA used for the Application does not
|
||||
contradict this permission.
|
||||
|
||||
\subsection{Upstream Providers}
|
||||
\section{Upstream Providers}
|
||||
\label{upstream}
|
||||
|
||||
With ever-increasing frequency, software development (particularly for
|
||||
|
@ -942,7 +940,7 @@ burden of the vendor's inattention to GPL compliance. Ask the right
|
|||
questions, demand an account of your vendors' compliance procedures, and
|
||||
seek indemnity from them.
|
||||
|
||||
\subsection{User Products and Installation Information}
|
||||
\section{User Products and Installation Information}
|
||||
\label{user-products}
|
||||
|
||||
GPLv3 requires you to provide ``Installation Information'' when v3
|
||||
|
@ -984,7 +982,7 @@ with GPLv2, the license gives you clear provisions that you can rely on
|
|||
when you are forced to cut off support, service or warranty for a customer
|
||||
who has chosen to modify.
|
||||
|
||||
\section{Conclusion}
|
||||
\chapter{Conclusion}
|
||||
|
||||
GPL compliance need not be an onerous process. Historically, struggles
|
||||
have been the result of poor development methodologies and communications,
|
||||
|
@ -1008,8 +1006,6 @@ ready-made for their products.
|
|||
|
||||
\vfill
|
||||
|
||||
\end{document}
|
||||
|
||||
% LocalWords: redistributors NeXT's Slashdot Welte gpl ISC embedders BusyBox
|
||||
% LocalWords: someone's downloadable subdirectory subdirectories filesystem
|
||||
% LocalWords: roadmap README upstream's Ravicher's Fossology readme CDs iPhone
|
||||
|
|
|
@ -97,7 +97,7 @@ attending the course.
|
|||
|
||||
\input{gpl-lgpl}
|
||||
|
||||
%\input{compliance-guide}
|
||||
\input{compliance-guide}
|
||||
|
||||
%\input{enforcement-case-studies}
|
||||
|
||||
|
|
Loading…
Reference in a new issue