Incorporate the compliance guide into main text of the book.
This required resectioning the entire compliance guide to be 'one level up'. It furthermore required a few other formatting and related changes.
This commit is contained in:
parent
16ffbf69c5
commit
9eb3c521b0
2 changed files with 54 additions and 58 deletions
|
@ -1,40 +1,38 @@
|
||||||
\documentclass[letterpaper]{fixme}
|
% compliance-guide.tex -*- LaTeX -*-
|
||||||
|
|
||||||
\title{A Practical Guide to GPL Compliance}
|
\part{A Practical Guide to GPL Compliance}
|
||||||
\titleformatted{A Practical Guide to GPL Compliance}
|
|
||||||
\date{August 26, 2008}
|
|
||||||
|
|
||||||
\keywords{SFLC, software, freedom, law, center, free, open, source, gpl, compliance, violation}
|
\begin{center}
|
||||||
|
|
||||||
\subject{SFLC's guide to better compliance with the GPL and related FOSS Licenses}
|
{\parindent 0in
|
||||||
|
This part is: \\
|
||||||
|
\begin{tabbing}
|
||||||
|
Copyright \= \copyright{} 2008 \= \hspace{.2in} Software Freedom Law Center. \\
|
||||||
|
Copyright \= \copyright{} 2014 \= \hspace{.2in} Bradley M. Kuhn.
|
||||||
|
\end{tabbing}
|
||||||
|
|
||||||
% The below is a horrible hack. What happens is that the HTML generator
|
\vspace{1in}
|
||||||
% (tex4ht) freaks out when \\ is used in the author field. tex4ht seems
|
|
||||||
% to have some concept of ``author lists'' but I cannot figure out how to
|
|
||||||
% use this. I added this code here (and keep carrying it over from doc to
|
|
||||||
% doc) to get around that problem, but really it should be handled in the
|
|
||||||
% LaTeX class. -- bkuhn
|
|
||||||
|
|
||||||
\ifx \generateHTML \isGeneratingHTML
|
Authors of this part are: \\
|
||||||
\author{
|
|
||||||
<ul class="author"> \Hnewline
|
|
||||||
<li>Bradley M. Kuhn</li>\Hnewline
|
|
||||||
<li>Aaron Williamson</li>\Hnewline
|
|
||||||
<li>Karen M. Sandler</li>\Hnewline
|
|
||||||
</ul>\Hnewline}
|
|
||||||
\else
|
|
||||||
\author{Bradley M. Kuhn \\ Aaron Williamson \\ Karen M. Sandler }
|
|
||||||
\fi
|
|
||||||
|
|
||||||
\begin{document}
|
Bradley M. Kuhn \\
|
||||||
|
Aaron Williamson \\
|
||||||
|
Karen M. Sandler \\
|
||||||
|
|
||||||
\maketitle
|
\vspace{3in}
|
||||||
|
|
||||||
Copyright \copyright{} 2008, Software Freedom Law Center. Licensed
|
|
||||||
\href{http://creativecommons.org/licenses/by-sa/4.0/legalcode}{CC-BY-SA
|
|
||||||
4.0 unported}.
|
|
||||||
|
|
||||||
\section{Executive Summary}
|
The copyright holders of this part hereby grant the freedom to copy, modify,
|
||||||
|
convey, Adapt, and/or redistribute this work under the terms of the Creative
|
||||||
|
Commons Attribution Share Alike 4.0 International License. A copy of that
|
||||||
|
license is available at
|
||||||
|
\verb=https://creativecommons.org/licenses/by-sa/4.0/legalcode=. }
|
||||||
|
|
||||||
|
\end{center}
|
||||||
|
|
||||||
|
\bigskip
|
||||||
|
|
||||||
|
\chapter*{Executive Summary}
|
||||||
|
|
||||||
This is a guide to effective compliance with the GNU General Public
|
This is a guide to effective compliance with the GNU General Public
|
||||||
License (GPL) and related licenses. In accordance with the Software
|
License (GPL) and related licenses. In accordance with the Software
|
||||||
|
@ -46,7 +44,7 @@ enforcement by copyright holders. It also outlines business practices and
|
||||||
methods that lead to better GPL compliance. Finally, it recommends proper
|
methods that lead to better GPL compliance. Finally, it recommends proper
|
||||||
post-violation responses to the concerns of copyright holders.
|
post-violation responses to the concerns of copyright holders.
|
||||||
|
|
||||||
\section{Background}
|
\chapter{Background}
|
||||||
|
|
||||||
Early GPL enforcement efforts began soon after the GPL was written by
|
Early GPL enforcement efforts began soon after the GPL was written by
|
||||||
Richard Stallman in 1989, and consisted of informal community efforts,
|
Richard Stallman in 1989, and consisted of informal community efforts,
|
||||||
|
@ -95,7 +93,7 @@ commercial distributors, redistributors, and resellers on how to avoid
|
||||||
violations in the first place, and to respond adequately and appropriately
|
violations in the first place, and to respond adequately and appropriately
|
||||||
when a violation occurs.
|
when a violation occurs.
|
||||||
|
|
||||||
\section{Best Practices to Avoid Common Violations}
|
\chapter{Best Practices to Avoid Common Violations}
|
||||||
\label{best-practices}
|
\label{best-practices}
|
||||||
|
|
||||||
Unlike highly permissive FOSS licenses (such as the ISC license), which
|
Unlike highly permissive FOSS licenses (such as the ISC license), which
|
||||||
|
@ -120,7 +118,7 @@ software.\footnote{This document addresses compliance with GPLv2,
|
||||||
\S~\ref{lgpl} discusses the key differences between GPL and LGPL
|
\S~\ref{lgpl} discusses the key differences between GPL and LGPL
|
||||||
compliance.}
|
compliance.}
|
||||||
|
|
||||||
\subsection{Evaluate License Applicability}
|
\section{Evaluate License Applicability}
|
||||||
\label{derivative-works}
|
\label{derivative-works}
|
||||||
Political discussion about the GPL often centers around the ``copyleft''
|
Political discussion about the GPL often centers around the ``copyleft''
|
||||||
requirements of the license. Indeed, the license was designed primarily
|
requirements of the license. Indeed, the license was designed primarily
|
||||||
|
@ -172,7 +170,7 @@ source for the GPL'd components and your modifications thereto, but not
|
||||||
for independent proprietary applications. The procedures described in
|
for independent proprietary applications. The procedures described in
|
||||||
this document address this typical scenario.
|
this document address this typical scenario.
|
||||||
|
|
||||||
\subsection{Monitor Software Acquisition}
|
\section{Monitor Software Acquisition}
|
||||||
|
|
||||||
Software engineers should have the freedom to innovate and import useful
|
Software engineers should have the freedom to innovate and import useful
|
||||||
software components to improve your product. However, along with that
|
software components to improve your product. However, along with that
|
||||||
|
@ -210,7 +208,7 @@ the code. Fossology can help you build a catalog of the sources you have
|
||||||
already used to build your product. You can then expand that into a more
|
already used to build your product. You can then expand that into a more
|
||||||
structured inventory and process.
|
structured inventory and process.
|
||||||
|
|
||||||
\subsection{Track Your Changes and Releases}
|
\section{Track Your Changes and Releases}
|
||||||
|
|
||||||
As we will explain in further detail below, the most important component
|
As we will explain in further detail below, the most important component
|
||||||
to maintaining GPL compliance is inclusion of the complete and
|
to maintaining GPL compliance is inclusion of the complete and
|
||||||
|
@ -229,7 +227,7 @@ scripts, engineers' notes, and documentation. Your developers will also
|
||||||
benefit from a system that tracks the precise version of source that
|
benefit from a system that tracks the precise version of source that
|
||||||
corresponds to any deployed binary.
|
corresponds to any deployed binary.
|
||||||
|
|
||||||
\subsection{Avoid the ``Build Guru''}
|
\section{Avoid the ``Build Guru''}
|
||||||
|
|
||||||
Too many software projects rely on only one or a very few team members who
|
Too many software projects rely on only one or a very few team members who
|
||||||
know how to build and assemble the final released product. Such knowledge
|
know how to build and assemble the final released product. Such knowledge
|
||||||
|
@ -246,7 +244,7 @@ Make a rule that adding new components to the system without adequate
|
||||||
build instructions (or better yet, scripts) is unacceptable engineering
|
build instructions (or better yet, scripts) is unacceptable engineering
|
||||||
practice.
|
practice.
|
||||||
|
|
||||||
\section{Details of Compliant Distribution}
|
\chapter{Details of Compliant Distribution}
|
||||||
|
|
||||||
In this section, we explain the specific requirements placed upon
|
In this section, we explain the specific requirements placed upon
|
||||||
distributors of GPL'd software. Note that this section refers heavily to
|
distributors of GPL'd software. Note that this section refers heavily to
|
||||||
|
@ -256,7 +254,7 @@ and \href{http://www.fsf.org/licensing/licenses/gpl.html#section6}{GPLv3}.
|
||||||
It may be helpful to have a copy of each license open while reading this
|
It may be helpful to have a copy of each license open while reading this
|
||||||
section.
|
section.
|
||||||
|
|
||||||
\subsection{Binary Distribution Permission}
|
\section{Binary Distribution Permission}
|
||||||
\label{binary-distribution-permission}
|
\label{binary-distribution-permission}
|
||||||
|
|
||||||
% be careful below, you cannot refill the \if section, so don't refill
|
% be careful below, you cannot refill the \if section, so don't refill
|
||||||
|
@ -305,7 +303,7 @@ in this section, but you may wish to refer back to this section after
|
||||||
reading the thorough discussion of ``Corresponding Source'' that appears
|
reading the thorough discussion of ``Corresponding Source'' that appears
|
||||||
in \S~\ref{corresponding-source}.
|
in \S~\ref{corresponding-source}.
|
||||||
|
|
||||||
\subsubsection{Option (a): Source Alongside Binary}
|
\subsection{Option (a): Source Alongside Binary}
|
||||||
|
|
||||||
GPLv2~\S~3(a) and v3~\S~6(a) embody the easiest option for providing
|
GPLv2~\S~3(a) and v3~\S~6(a) embody the easiest option for providing
|
||||||
source code: including Corresponding Source with every binary
|
source code: including Corresponding Source with every binary
|
||||||
|
@ -340,7 +338,7 @@ Please note that while selection of option (a) requires distribution on a
|
||||||
physical medium, voluntary distribution via the Internet is very useful. This
|
physical medium, voluntary distribution via the Internet is very useful. This
|
||||||
is discussed in detail in \S~\ref{offer-with-internet}.
|
is discussed in detail in \S~\ref{offer-with-internet}.
|
||||||
|
|
||||||
\subsubsection{Option (b): The Offer}
|
\subsection{Option (b): The Offer}
|
||||||
\label{offer-for-source}
|
\label{offer-for-source}
|
||||||
|
|
||||||
Many distributors prefer to ship only an offer for source with the binary
|
Many distributors prefer to ship only an offer for source with the binary
|
||||||
|
@ -498,7 +496,7 @@ with your product but cannot actually deliver \emph{immediately} on that
|
||||||
offer when your customers receive it, you should expect an enforcement
|
offer when your customers receive it, you should expect an enforcement
|
||||||
action.
|
action.
|
||||||
|
|
||||||
\subsubsection{Option (c): Noncommercial Offers}
|
\subsection{Option (c): Noncommercial Offers}
|
||||||
|
|
||||||
As discussed in the last section, GPLv2~\S~3(c) and GPLv3~\S~6(c) apply
|
As discussed in the last section, GPLv2~\S~3(c) and GPLv3~\S~6(c) apply
|
||||||
only to noncommercial use. These options are not available to businesses
|
only to noncommercial use. These options are not available to businesses
|
||||||
|
@ -508,7 +506,7 @@ the offer they received from the vendor; they must provide their own offer
|
||||||
or corresponding source to their distributees. We talk in detail about
|
or corresponding source to their distributees. We talk in detail about
|
||||||
upstream software providers in \S~\ref{upstream}.
|
upstream software providers in \S~\ref{upstream}.
|
||||||
|
|
||||||
\subsubsection{Option 6(d) in GPLv3: Internet Distribution}
|
\subsection{Option 6(d) in GPLv3: Internet Distribution}
|
||||||
|
|
||||||
Under GPLv2, your formal provisioning options for Corresponding Source
|
Under GPLv2, your formal provisioning options for Corresponding Source
|
||||||
ended with \S~3(c). But even under GPLv2, pure Internet source
|
ended with \S~3(c). But even under GPLv2, pure Internet source
|
||||||
|
@ -543,7 +541,7 @@ v2. Indeed, many such important clarifications are included in v3 which
|
||||||
together provide a compelling reason for authors and redistributors alike
|
together provide a compelling reason for authors and redistributors alike
|
||||||
to adopt GPLv3.
|
to adopt GPLv3.
|
||||||
|
|
||||||
\subsubsection{Option 6(e) in GPLv3: Software Torrents}
|
\subsection{Option 6(e) in GPLv3: Software Torrents}
|
||||||
|
|
||||||
Peer-to-peer file sharing arose well after GPLv2 was written, and does not
|
Peer-to-peer file sharing arose well after GPLv2 was written, and does not
|
||||||
easily fit any of the v2 source provision options. GPLv3~\S~6(e)
|
easily fit any of the v2 source provision options. GPLv3~\S~6(e)
|
||||||
|
@ -555,7 +553,7 @@ provision obligations for non-peer-to-peer binary distributions. Finally,
|
||||||
you should ensure that binaries and source are equally seeded upon initial
|
you should ensure that binaries and source are equally seeded upon initial
|
||||||
peer-to-peer distribution.
|
peer-to-peer distribution.
|
||||||
|
|
||||||
\subsection{Preparing Corresponding Source}
|
\section{Preparing Corresponding Source}
|
||||||
\label{corresponding-source}
|
\label{corresponding-source}
|
||||||
|
|
||||||
Most enforcement cases involve companies that have unfortunately not
|
Most enforcement cases involve companies that have unfortunately not
|
||||||
|
@ -568,7 +566,7 @@ you have followed those principles in your development, you can meet the
|
||||||
following requirements with ease. If you have not, you may have
|
following requirements with ease. If you have not, you may have
|
||||||
substantial reconstruction work to do.
|
substantial reconstruction work to do.
|
||||||
|
|
||||||
\subsubsection{Assemble the Sources}
|
\subsection{Assemble the Sources}
|
||||||
|
|
||||||
For every binary that you produce, you should collect and maintain a copy
|
For every binary that you produce, you should collect and maintain a copy
|
||||||
of the sources from which it was built. A large system, such as an
|
of the sources from which it was built. A large system, such as an
|
||||||
|
@ -583,7 +581,7 @@ required for your Corresponding Source releases. Collecting
|
||||||
subdirectories of GPL'd and LGPL'd components is the first step toward
|
subdirectories of GPL'd and LGPL'd components is the first step toward
|
||||||
preparing your release.
|
preparing your release.
|
||||||
|
|
||||||
\subsubsection{Building the Sources}
|
\subsection{Building the Sources}
|
||||||
|
|
||||||
Few distributors, particularly of embedded systems, take care to read the
|
Few distributors, particularly of embedded systems, take care to read the
|
||||||
actual definition of Corresponding Source in the GPL\@. Consider
|
actual definition of Corresponding Source in the GPL\@. Consider
|
||||||
|
@ -651,7 +649,7 @@ Details about what differs when the work is licensed under LGPL is
|
||||||
discussed in \S~\ref{lgpl}, and specific details that are unique to
|
discussed in \S~\ref{lgpl}, and specific details that are unique to
|
||||||
GPLv3's installation instructions are in \S~\ref{user-products}.
|
GPLv3's installation instructions are in \S~\ref{user-products}.
|
||||||
|
|
||||||
\subsubsection{What About the Compiler?}
|
\subsection{What About the Compiler?}
|
||||||
|
|
||||||
The GPL contains no provision that requires distribution of the compiler
|
The GPL contains no provision that requires distribution of the compiler
|
||||||
used to build the software. While companies are encouraged to make it as
|
used to build the software. While companies are encouraged to make it as
|
||||||
|
@ -686,7 +684,7 @@ about where you got it, what version it was, and who to contact to acquire
|
||||||
it, regardless of whether your compiler is FOSS, proprietary, or
|
it, regardless of whether your compiler is FOSS, proprietary, or
|
||||||
internally developed.
|
internally developed.
|
||||||
|
|
||||||
\subsection{Best Practices and Corresponding Source}
|
\section{Best Practices and Corresponding Source}
|
||||||
|
|
||||||
\S~\ref{best-practices} and \S~\ref{corresponding-source} above are
|
\S~\ref{best-practices} and \S~\ref{corresponding-source} above are
|
||||||
closely related. If you follow the best practices outlined above, you
|
closely related. If you follow the best practices outlined above, you
|
||||||
|
@ -710,7 +708,7 @@ build system and no source tracking. Address these issues by installing a
|
||||||
revision system, telling your developers to use it, and requiring your
|
revision system, telling your developers to use it, and requiring your
|
||||||
build guru to document his or her work!
|
build guru to document his or her work!
|
||||||
|
|
||||||
\section{When The Letter Comes}
|
\chapter{When The Letter Comes}
|
||||||
|
|
||||||
Unfortunately, many GPL violators ignore their obligations until they are
|
Unfortunately, many GPL violators ignore their obligations until they are
|
||||||
contacted by a copyright holder or the lawyer of a copyright holder. You
|
contacted by a copyright holder or the lawyer of a copyright holder. You
|
||||||
|
@ -720,7 +718,7 @@ under the GPL\@. This section outlines a typical enforcement case and
|
||||||
provides some guidelines for response. These discussions are
|
provides some guidelines for response. These discussions are
|
||||||
generalizations and do not all apply to every alleged violation.
|
generalizations and do not all apply to every alleged violation.
|
||||||
|
|
||||||
\subsection{Communication Is Key}
|
\section{Communication Is Key}
|
||||||
|
|
||||||
GPL violations are typically only escalated when a company ignores the
|
GPL violations are typically only escalated when a company ignores the
|
||||||
copyright holder's initial communication or fails to work toward timely
|
copyright holder's initial communication or fails to work toward timely
|
||||||
|
@ -752,7 +750,7 @@ generally find that FOSS developers and their lawyers are willing to
|
||||||
have a reasonable dialogue and will work with you to resolve a violation
|
have a reasonable dialogue and will work with you to resolve a violation
|
||||||
once you open the channels of communication in a friendly way.
|
once you open the channels of communication in a friendly way.
|
||||||
|
|
||||||
\subsection{Termination}
|
\section{Termination}
|
||||||
|
|
||||||
Many redistributors overlook GPL's termination provision (GPLv2~\S~4 and
|
Many redistributors overlook GPL's termination provision (GPLv2~\S~4 and
|
||||||
GPLv3~\S~8). Under v2, violators forfeit their rights to redistribute and
|
GPLv3~\S~8). Under v2, violators forfeit their rights to redistribute and
|
||||||
|
@ -812,7 +810,7 @@ Given that much discussion of v3 has focused on its so-called more
|
||||||
complicated requirements, it should be noted that v3 is, in this regard,
|
complicated requirements, it should be noted that v3 is, in this regard,
|
||||||
more favorable to violators than v2.
|
more favorable to violators than v2.
|
||||||
|
|
||||||
\section{Standard Requests}
|
\chapter{Standard Requests}
|
||||||
|
|
||||||
As we noted above, different copyright holders have different requirements
|
As we noted above, different copyright holders have different requirements
|
||||||
for reinstating a violator's distribution rights. Upon violation, you no
|
for reinstating a violator's distribution rights. Upon violation, you no
|
||||||
|
@ -859,13 +857,13 @@ unlikely to find a better value or more generous license terms for similar
|
||||||
software elsewhere. Treat the copyright holders with the same respect you
|
software elsewhere. Treat the copyright holders with the same respect you
|
||||||
treat your corporate partners and collaborators.
|
treat your corporate partners and collaborators.
|
||||||
|
|
||||||
\section{Special Topics in Compliance}
|
\chapter{Special Topics in Compliance}
|
||||||
|
|
||||||
There are several other issues that are less common, but also relevant in
|
There are several other issues that are less common, but also relevant in
|
||||||
a GPL compliance situation. To those who face them, they tend to be of
|
a GPL compliance situation. To those who face them, they tend to be of
|
||||||
particular interest.
|
particular interest.
|
||||||
|
|
||||||
\subsection{LGPL Compliance}
|
\section{LGPL Compliance}
|
||||||
\label{lgpl}
|
\label{lgpl}
|
||||||
|
|
||||||
GPL compliance and LGPL compliance mostly involve the same issues. As we
|
GPL compliance and LGPL compliance mostly involve the same issues. As we
|
||||||
|
@ -888,7 +886,7 @@ engineering for debugging such modifications'' to the library. Therefore,
|
||||||
you should take care that the EULA used for the Application does not
|
you should take care that the EULA used for the Application does not
|
||||||
contradict this permission.
|
contradict this permission.
|
||||||
|
|
||||||
\subsection{Upstream Providers}
|
\section{Upstream Providers}
|
||||||
\label{upstream}
|
\label{upstream}
|
||||||
|
|
||||||
With ever-increasing frequency, software development (particularly for
|
With ever-increasing frequency, software development (particularly for
|
||||||
|
@ -942,7 +940,7 @@ burden of the vendor's inattention to GPL compliance. Ask the right
|
||||||
questions, demand an account of your vendors' compliance procedures, and
|
questions, demand an account of your vendors' compliance procedures, and
|
||||||
seek indemnity from them.
|
seek indemnity from them.
|
||||||
|
|
||||||
\subsection{User Products and Installation Information}
|
\section{User Products and Installation Information}
|
||||||
\label{user-products}
|
\label{user-products}
|
||||||
|
|
||||||
GPLv3 requires you to provide ``Installation Information'' when v3
|
GPLv3 requires you to provide ``Installation Information'' when v3
|
||||||
|
@ -984,7 +982,7 @@ with GPLv2, the license gives you clear provisions that you can rely on
|
||||||
when you are forced to cut off support, service or warranty for a customer
|
when you are forced to cut off support, service or warranty for a customer
|
||||||
who has chosen to modify.
|
who has chosen to modify.
|
||||||
|
|
||||||
\section{Conclusion}
|
\chapter{Conclusion}
|
||||||
|
|
||||||
GPL compliance need not be an onerous process. Historically, struggles
|
GPL compliance need not be an onerous process. Historically, struggles
|
||||||
have been the result of poor development methodologies and communications,
|
have been the result of poor development methodologies and communications,
|
||||||
|
@ -1008,8 +1006,6 @@ ready-made for their products.
|
||||||
|
|
||||||
\vfill
|
\vfill
|
||||||
|
|
||||||
\end{document}
|
|
||||||
|
|
||||||
% LocalWords: redistributors NeXT's Slashdot Welte gpl ISC embedders BusyBox
|
% LocalWords: redistributors NeXT's Slashdot Welte gpl ISC embedders BusyBox
|
||||||
% LocalWords: someone's downloadable subdirectory subdirectories filesystem
|
% LocalWords: someone's downloadable subdirectory subdirectories filesystem
|
||||||
% LocalWords: roadmap README upstream's Ravicher's Fossology readme CDs iPhone
|
% LocalWords: roadmap README upstream's Ravicher's Fossology readme CDs iPhone
|
||||||
|
|
|
@ -97,7 +97,7 @@ attending the course.
|
||||||
|
|
||||||
\input{gpl-lgpl}
|
\input{gpl-lgpl}
|
||||||
|
|
||||||
%\input{compliance-guide}
|
\input{compliance-guide}
|
||||||
|
|
||||||
%\input{enforcement-case-studies}
|
%\input{enforcement-case-studies}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue