Incorporate the compliance guide into main text of the book.

This required resectioning the entire compliance guide to be 'one level up'.
It furthermore required a few other formatting and related changes.
This commit is contained in:
Bradley M. Kuhn 2014-02-20 12:46:33 -05:00
parent 16ffbf69c5
commit 9eb3c521b0
2 changed files with 54 additions and 58 deletions

View file

@ -1,40 +1,38 @@
\documentclass[letterpaper]{fixme} % compliance-guide.tex -*- LaTeX -*-
\title{A Practical Guide to GPL Compliance} \part{A Practical Guide to GPL Compliance}
\titleformatted{A Practical Guide to GPL Compliance}
\date{August 26, 2008}
\keywords{SFLC, software, freedom, law, center, free, open, source, gpl, compliance, violation} \begin{center}
\subject{SFLC's guide to better compliance with the GPL and related FOSS Licenses} {\parindent 0in
This part is: \\
\begin{tabbing}
Copyright \= \copyright{} 2008 \= \hspace{.2in} Software Freedom Law Center. \\
Copyright \= \copyright{} 2014 \= \hspace{.2in} Bradley M. Kuhn.
\end{tabbing}
% The below is a horrible hack. What happens is that the HTML generator \vspace{1in}
% (tex4ht) freaks out when \\ is used in the author field. tex4ht seems
% to have some concept of ``author lists'' but I cannot figure out how to
% use this. I added this code here (and keep carrying it over from doc to
% doc) to get around that problem, but really it should be handled in the
% LaTeX class. -- bkuhn
\ifx \generateHTML \isGeneratingHTML Authors of this part are: \\
\author{
<ul class="author"> \Hnewline
<li>Bradley M. Kuhn</li>\Hnewline
<li>Aaron Williamson</li>\Hnewline
<li>Karen M. Sandler</li>\Hnewline
</ul>\Hnewline}
\else
\author{Bradley M. Kuhn \\ Aaron Williamson \\ Karen M. Sandler }
\fi
\begin{document} Bradley M. Kuhn \\
Aaron Williamson \\
Karen M. Sandler \\
\maketitle \vspace{3in}
Copyright \copyright{} 2008, Software Freedom Law Center. Licensed
\href{http://creativecommons.org/licenses/by-sa/4.0/legalcode}{CC-BY-SA
4.0 unported}.
\section{Executive Summary} The copyright holders of this part hereby grant the freedom to copy, modify,
convey, Adapt, and/or redistribute this work under the terms of the Creative
Commons Attribution Share Alike 4.0 International License. A copy of that
license is available at
\verb=https://creativecommons.org/licenses/by-sa/4.0/legalcode=. }
\end{center}
\bigskip
\chapter*{Executive Summary}
This is a guide to effective compliance with the GNU General Public This is a guide to effective compliance with the GNU General Public
License (GPL) and related licenses. In accordance with the Software License (GPL) and related licenses. In accordance with the Software
@ -46,7 +44,7 @@ enforcement by copyright holders. It also outlines business practices and
methods that lead to better GPL compliance. Finally, it recommends proper methods that lead to better GPL compliance. Finally, it recommends proper
post-violation responses to the concerns of copyright holders. post-violation responses to the concerns of copyright holders.
\section{Background} \chapter{Background}
Early GPL enforcement efforts began soon after the GPL was written by Early GPL enforcement efforts began soon after the GPL was written by
Richard Stallman in 1989, and consisted of informal community efforts, Richard Stallman in 1989, and consisted of informal community efforts,
@ -95,7 +93,7 @@ commercial distributors, redistributors, and resellers on how to avoid
violations in the first place, and to respond adequately and appropriately violations in the first place, and to respond adequately and appropriately
when a violation occurs. when a violation occurs.
\section{Best Practices to Avoid Common Violations} \chapter{Best Practices to Avoid Common Violations}
\label{best-practices} \label{best-practices}
Unlike highly permissive FOSS licenses (such as the ISC license), which Unlike highly permissive FOSS licenses (such as the ISC license), which
@ -120,7 +118,7 @@ software.\footnote{This document addresses compliance with GPLv2,
\S~\ref{lgpl} discusses the key differences between GPL and LGPL \S~\ref{lgpl} discusses the key differences between GPL and LGPL
compliance.} compliance.}
\subsection{Evaluate License Applicability} \section{Evaluate License Applicability}
\label{derivative-works} \label{derivative-works}
Political discussion about the GPL often centers around the ``copyleft'' Political discussion about the GPL often centers around the ``copyleft''
requirements of the license. Indeed, the license was designed primarily requirements of the license. Indeed, the license was designed primarily
@ -172,7 +170,7 @@ source for the GPL'd components and your modifications thereto, but not
for independent proprietary applications. The procedures described in for independent proprietary applications. The procedures described in
this document address this typical scenario. this document address this typical scenario.
\subsection{Monitor Software Acquisition} \section{Monitor Software Acquisition}
Software engineers should have the freedom to innovate and import useful Software engineers should have the freedom to innovate and import useful
software components to improve your product. However, along with that software components to improve your product. However, along with that
@ -210,7 +208,7 @@ the code. Fossology can help you build a catalog of the sources you have
already used to build your product. You can then expand that into a more already used to build your product. You can then expand that into a more
structured inventory and process. structured inventory and process.
\subsection{Track Your Changes and Releases} \section{Track Your Changes and Releases}
As we will explain in further detail below, the most important component As we will explain in further detail below, the most important component
to maintaining GPL compliance is inclusion of the complete and to maintaining GPL compliance is inclusion of the complete and
@ -229,7 +227,7 @@ scripts, engineers' notes, and documentation. Your developers will also
benefit from a system that tracks the precise version of source that benefit from a system that tracks the precise version of source that
corresponds to any deployed binary. corresponds to any deployed binary.
\subsection{Avoid the ``Build Guru''} \section{Avoid the ``Build Guru''}
Too many software projects rely on only one or a very few team members who Too many software projects rely on only one or a very few team members who
know how to build and assemble the final released product. Such knowledge know how to build and assemble the final released product. Such knowledge
@ -246,7 +244,7 @@ Make a rule that adding new components to the system without adequate
build instructions (or better yet, scripts) is unacceptable engineering build instructions (or better yet, scripts) is unacceptable engineering
practice. practice.
\section{Details of Compliant Distribution} \chapter{Details of Compliant Distribution}
In this section, we explain the specific requirements placed upon In this section, we explain the specific requirements placed upon
distributors of GPL'd software. Note that this section refers heavily to distributors of GPL'd software. Note that this section refers heavily to
@ -256,7 +254,7 @@ and \href{http://www.fsf.org/licensing/licenses/gpl.html#section6}{GPLv3}.
It may be helpful to have a copy of each license open while reading this It may be helpful to have a copy of each license open while reading this
section. section.
\subsection{Binary Distribution Permission} \section{Binary Distribution Permission}
\label{binary-distribution-permission} \label{binary-distribution-permission}
% be careful below, you cannot refill the \if section, so don't refill % be careful below, you cannot refill the \if section, so don't refill
@ -305,7 +303,7 @@ in this section, but you may wish to refer back to this section after
reading the thorough discussion of ``Corresponding Source'' that appears reading the thorough discussion of ``Corresponding Source'' that appears
in \S~\ref{corresponding-source}. in \S~\ref{corresponding-source}.
\subsubsection{Option (a): Source Alongside Binary} \subsection{Option (a): Source Alongside Binary}
GPLv2~\S~3(a) and v3~\S~6(a) embody the easiest option for providing GPLv2~\S~3(a) and v3~\S~6(a) embody the easiest option for providing
source code: including Corresponding Source with every binary source code: including Corresponding Source with every binary
@ -340,7 +338,7 @@ Please note that while selection of option (a) requires distribution on a
physical medium, voluntary distribution via the Internet is very useful. This physical medium, voluntary distribution via the Internet is very useful. This
is discussed in detail in \S~\ref{offer-with-internet}. is discussed in detail in \S~\ref{offer-with-internet}.
\subsubsection{Option (b): The Offer} \subsection{Option (b): The Offer}
\label{offer-for-source} \label{offer-for-source}
Many distributors prefer to ship only an offer for source with the binary Many distributors prefer to ship only an offer for source with the binary
@ -498,7 +496,7 @@ with your product but cannot actually deliver \emph{immediately} on that
offer when your customers receive it, you should expect an enforcement offer when your customers receive it, you should expect an enforcement
action. action.
\subsubsection{Option (c): Noncommercial Offers} \subsection{Option (c): Noncommercial Offers}
As discussed in the last section, GPLv2~\S~3(c) and GPLv3~\S~6(c) apply As discussed in the last section, GPLv2~\S~3(c) and GPLv3~\S~6(c) apply
only to noncommercial use. These options are not available to businesses only to noncommercial use. These options are not available to businesses
@ -508,7 +506,7 @@ the offer they received from the vendor; they must provide their own offer
or corresponding source to their distributees. We talk in detail about or corresponding source to their distributees. We talk in detail about
upstream software providers in \S~\ref{upstream}. upstream software providers in \S~\ref{upstream}.
\subsubsection{Option 6(d) in GPLv3: Internet Distribution} \subsection{Option 6(d) in GPLv3: Internet Distribution}
Under GPLv2, your formal provisioning options for Corresponding Source Under GPLv2, your formal provisioning options for Corresponding Source
ended with \S~3(c). But even under GPLv2, pure Internet source ended with \S~3(c). But even under GPLv2, pure Internet source
@ -543,7 +541,7 @@ v2. Indeed, many such important clarifications are included in v3 which
together provide a compelling reason for authors and redistributors alike together provide a compelling reason for authors and redistributors alike
to adopt GPLv3. to adopt GPLv3.
\subsubsection{Option 6(e) in GPLv3: Software Torrents} \subsection{Option 6(e) in GPLv3: Software Torrents}
Peer-to-peer file sharing arose well after GPLv2 was written, and does not Peer-to-peer file sharing arose well after GPLv2 was written, and does not
easily fit any of the v2 source provision options. GPLv3~\S~6(e) easily fit any of the v2 source provision options. GPLv3~\S~6(e)
@ -555,7 +553,7 @@ provision obligations for non-peer-to-peer binary distributions. Finally,
you should ensure that binaries and source are equally seeded upon initial you should ensure that binaries and source are equally seeded upon initial
peer-to-peer distribution. peer-to-peer distribution.
\subsection{Preparing Corresponding Source} \section{Preparing Corresponding Source}
\label{corresponding-source} \label{corresponding-source}
Most enforcement cases involve companies that have unfortunately not Most enforcement cases involve companies that have unfortunately not
@ -568,7 +566,7 @@ you have followed those principles in your development, you can meet the
following requirements with ease. If you have not, you may have following requirements with ease. If you have not, you may have
substantial reconstruction work to do. substantial reconstruction work to do.
\subsubsection{Assemble the Sources} \subsection{Assemble the Sources}
For every binary that you produce, you should collect and maintain a copy For every binary that you produce, you should collect and maintain a copy
of the sources from which it was built. A large system, such as an of the sources from which it was built. A large system, such as an
@ -583,7 +581,7 @@ required for your Corresponding Source releases. Collecting
subdirectories of GPL'd and LGPL'd components is the first step toward subdirectories of GPL'd and LGPL'd components is the first step toward
preparing your release. preparing your release.
\subsubsection{Building the Sources} \subsection{Building the Sources}
Few distributors, particularly of embedded systems, take care to read the Few distributors, particularly of embedded systems, take care to read the
actual definition of Corresponding Source in the GPL\@. Consider actual definition of Corresponding Source in the GPL\@. Consider
@ -651,7 +649,7 @@ Details about what differs when the work is licensed under LGPL is
discussed in \S~\ref{lgpl}, and specific details that are unique to discussed in \S~\ref{lgpl}, and specific details that are unique to
GPLv3's installation instructions are in \S~\ref{user-products}. GPLv3's installation instructions are in \S~\ref{user-products}.
\subsubsection{What About the Compiler?} \subsection{What About the Compiler?}
The GPL contains no provision that requires distribution of the compiler The GPL contains no provision that requires distribution of the compiler
used to build the software. While companies are encouraged to make it as used to build the software. While companies are encouraged to make it as
@ -686,7 +684,7 @@ about where you got it, what version it was, and who to contact to acquire
it, regardless of whether your compiler is FOSS, proprietary, or it, regardless of whether your compiler is FOSS, proprietary, or
internally developed. internally developed.
\subsection{Best Practices and Corresponding Source} \section{Best Practices and Corresponding Source}
\S~\ref{best-practices} and \S~\ref{corresponding-source} above are \S~\ref{best-practices} and \S~\ref{corresponding-source} above are
closely related. If you follow the best practices outlined above, you closely related. If you follow the best practices outlined above, you
@ -710,7 +708,7 @@ build system and no source tracking. Address these issues by installing a
revision system, telling your developers to use it, and requiring your revision system, telling your developers to use it, and requiring your
build guru to document his or her work! build guru to document his or her work!
\section{When The Letter Comes} \chapter{When The Letter Comes}
Unfortunately, many GPL violators ignore their obligations until they are Unfortunately, many GPL violators ignore their obligations until they are
contacted by a copyright holder or the lawyer of a copyright holder. You contacted by a copyright holder or the lawyer of a copyright holder. You
@ -720,7 +718,7 @@ under the GPL\@. This section outlines a typical enforcement case and
provides some guidelines for response. These discussions are provides some guidelines for response. These discussions are
generalizations and do not all apply to every alleged violation. generalizations and do not all apply to every alleged violation.
\subsection{Communication Is Key} \section{Communication Is Key}
GPL violations are typically only escalated when a company ignores the GPL violations are typically only escalated when a company ignores the
copyright holder's initial communication or fails to work toward timely copyright holder's initial communication or fails to work toward timely
@ -752,7 +750,7 @@ generally find that FOSS developers and their lawyers are willing to
have a reasonable dialogue and will work with you to resolve a violation have a reasonable dialogue and will work with you to resolve a violation
once you open the channels of communication in a friendly way. once you open the channels of communication in a friendly way.
\subsection{Termination} \section{Termination}
Many redistributors overlook GPL's termination provision (GPLv2~\S~4 and Many redistributors overlook GPL's termination provision (GPLv2~\S~4 and
GPLv3~\S~8). Under v2, violators forfeit their rights to redistribute and GPLv3~\S~8). Under v2, violators forfeit their rights to redistribute and
@ -812,7 +810,7 @@ Given that much discussion of v3 has focused on its so-called more
complicated requirements, it should be noted that v3 is, in this regard, complicated requirements, it should be noted that v3 is, in this regard,
more favorable to violators than v2. more favorable to violators than v2.
\section{Standard Requests} \chapter{Standard Requests}
As we noted above, different copyright holders have different requirements As we noted above, different copyright holders have different requirements
for reinstating a violator's distribution rights. Upon violation, you no for reinstating a violator's distribution rights. Upon violation, you no
@ -859,13 +857,13 @@ unlikely to find a better value or more generous license terms for similar
software elsewhere. Treat the copyright holders with the same respect you software elsewhere. Treat the copyright holders with the same respect you
treat your corporate partners and collaborators. treat your corporate partners and collaborators.
\section{Special Topics in Compliance} \chapter{Special Topics in Compliance}
There are several other issues that are less common, but also relevant in There are several other issues that are less common, but also relevant in
a GPL compliance situation. To those who face them, they tend to be of a GPL compliance situation. To those who face them, they tend to be of
particular interest. particular interest.
\subsection{LGPL Compliance} \section{LGPL Compliance}
\label{lgpl} \label{lgpl}
GPL compliance and LGPL compliance mostly involve the same issues. As we GPL compliance and LGPL compliance mostly involve the same issues. As we
@ -888,7 +886,7 @@ engineering for debugging such modifications'' to the library. Therefore,
you should take care that the EULA used for the Application does not you should take care that the EULA used for the Application does not
contradict this permission. contradict this permission.
\subsection{Upstream Providers} \section{Upstream Providers}
\label{upstream} \label{upstream}
With ever-increasing frequency, software development (particularly for With ever-increasing frequency, software development (particularly for
@ -942,7 +940,7 @@ burden of the vendor's inattention to GPL compliance. Ask the right
questions, demand an account of your vendors' compliance procedures, and questions, demand an account of your vendors' compliance procedures, and
seek indemnity from them. seek indemnity from them.
\subsection{User Products and Installation Information} \section{User Products and Installation Information}
\label{user-products} \label{user-products}
GPLv3 requires you to provide ``Installation Information'' when v3 GPLv3 requires you to provide ``Installation Information'' when v3
@ -984,7 +982,7 @@ with GPLv2, the license gives you clear provisions that you can rely on
when you are forced to cut off support, service or warranty for a customer when you are forced to cut off support, service or warranty for a customer
who has chosen to modify. who has chosen to modify.
\section{Conclusion} \chapter{Conclusion}
GPL compliance need not be an onerous process. Historically, struggles GPL compliance need not be an onerous process. Historically, struggles
have been the result of poor development methodologies and communications, have been the result of poor development methodologies and communications,
@ -1008,8 +1006,6 @@ ready-made for their products.
\vfill \vfill
\end{document}
% LocalWords: redistributors NeXT's Slashdot Welte gpl ISC embedders BusyBox % LocalWords: redistributors NeXT's Slashdot Welte gpl ISC embedders BusyBox
% LocalWords: someone's downloadable subdirectory subdirectories filesystem % LocalWords: someone's downloadable subdirectory subdirectories filesystem
% LocalWords: roadmap README upstream's Ravicher's Fossology readme CDs iPhone % LocalWords: roadmap README upstream's Ravicher's Fossology readme CDs iPhone

View file

@ -97,7 +97,7 @@ attending the course.
\input{gpl-lgpl} \input{gpl-lgpl}
%\input{compliance-guide} \input{compliance-guide}
%\input{enforcement-case-studies} %\input{enforcement-case-studies}