Copyleft/guide
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added new version of seminar materials.

Browse source
This commit is contained in:
John Sullivan 2004-08-20 23:25:45 +00:00 committed by Bradley M. Kuhn
parent 21dcc7b2d8
commit c911d4f085
1 changed files with 359 additions and 289 deletions

424
enforcement-case-studies.tex
View file

@ -1,19 +1,17 @@
% case-study-ethics.tex -*- LaTeX -*- % Tutorial Text for the Detailed Study and Analysis of GPL and LGPL course
% Tutorial Text for GPL Compliance Case Studies
% and Legal Ethics in Free Software Licensing
% %
% Copyright (C) 2004 Free Software Foundation, Inc. % Copyright (C) 2003, 2004 Free Software Foundation, Inc.
% Verbatim copying and distribution of this entire document is permitted in % Verbatim copying and distribution of this entire document is permitted in
% any medium, provided this notice is preserved. % any medium, provided this notice is preserved.
\documentclass[12pt]{report} \documentclass[11pt]{book}
% FILTER_PS: \input{generate-ps-file} % FILTER_PS: \input{generate-ps-file}
% FILTER_PDF: \input{generate-pdf-file} % FILTER_PDF: \input{generate-pdf-file}
% FILTER_HTML: \input{generate-html-file} % FILTER_HTML: \input{generate-html-file}
\input{one-inch-margins} % NOT FOUND \input{one-inch-margins}
\usepackage{enumerate}
\usepackage[dvips]{graphicx}
%\setlength\parskip{0.7em} %\setlength\parskip{0.7em}
%\setlength\parindent{0pt} %\setlength\parindent{0pt}
@ -23,28 +21,35 @@
\begin{document} \begin{document}
\begin{titlepage} \frontmatter
\begin{titlepage}
\begin{center} \begin{center}
\vspace{.5in} %\vspace{.5in}
\vfill
{\Large {\sc GPL Compliance Case Studies} \\ \includegraphics{fsf-logo.eps}
\vspace{.7in} \vfill
Sponsored by the Free Software Foundation \\ {\Large
{\sc GPL Compliance Case Studies} \\
\vfill
\vspace{.3in} %\vspace{.7in}
Columbia Law School, New York, NY, USA \\ % \vspace{.3in}
Stanford University, Stanford, CA, USA \\
\vspace{.1in} \vspace{.1in}
Wednesday 21 January 2004 Wednesday, 25 August 2004
} }
\vspace{.7in} % \vspace{.7in}
\vfill
{\large {\large
Bradley M. Kuhn Bradley M. Kuhn
@ -63,6 +68,11 @@ Daniel Ravicher
Senior Counsel Senior Counsel
Free Software Foundation Free Software Foundation
President and Executive Director
Public Patent Foundation
} }
\end{center} \end{center}
@ -70,7 +80,7 @@ Free Software Foundation
\vfill \vfill
{\parindent 0in {\parindent 0in
Copyright \copyright{} 2004 \hspace{.2in} Free Software Foundation, Inc. Copyright \copyright{} 2003, 2004 \hspace{.2in} Free Software Foundation, Inc.
\vspace{.3in} \vspace{.3in}
@ -81,43 +91,99 @@ any medium, provided this notice is preserved.
\end{titlepage} \end{titlepage}
\pagestyle{plain} \pagestyle{plain}
\pagenumbering{roman} \pagenumbering{roman}
\begin{abstract} \chapter*{GPL Compliance Case Studies}
This one-day course presents the details of five different GPL compliance \textit{Stanford University, Stanford, CA 25 August 2004}
cases handled by FSF's GPL Compliance Laboratory. Each case offers unique
insights into problems that can arise when the terms of GPL are not \begin{tabular}[t]{ll}
properly followed, and how diplomatic negotiation between the violator and 09:00 - 09:25 & Registration / Check-in / Continental Breakfast\\
the copyright holder can yield positive results for both parties. &\\
09:25 - 09:30 & Welcome\\
&\\
09:30 - 09:45 & Overview of FSF's GPL Compliance Lab\\
&\textit{Bradley M. Kuhn}\\
&\\
09:45 - 10:40 & GPL Violation Case Study A\\
&\textit{Bradley M. Kuhn}\\
&\\
10:40 - 11:00 & GPL Violation Case Study B\\
&\textit{Bradley M. Kuhn}\\
&\\
11:00 - 11:10 & Q \& A\\
&\\
11:10 - 11:20 & Break\\
&\\
11:20 - 11:50 & GPL Violation Case Study C\\
&\textit{Bradley M. Kuhn}\\
&\\
11:50 - 12:10 & GPL Violation Case Study D\\
&\textit{Bradley M. Kuhn}\\
&\\
12:10 - 12:20 & Good Practices for GPL Compliance\\
&\textit{Bradley M. Kuhn}\\
&\\
\end{tabular}
\begin{tabular}[t]{ll}
12:20 - 12:30 & Q \& A\\
&\\
12:30 - 14:00 & Lunch and Lecture ``GPL 3: Prospects and Process''\\
& \textit{Prof. Eben Moglen}\\
&\\
14:00 - 15:40 & Ethical Considerations and Legal Practices\\
&\textit{Daniel Ravicher}\\
&\\
15:40 - 15:50 & Q \& A\\
&\\
15:50 - 16:00 & Break\\
&\\
16:00 - 17:30 & Current Issues in Free Software\\
& \textit{Prof. Eben Moglen}\\
&\\
17:30 - 18:00 & Q \& A\\
\end{tabular}
\pagebreak
% =====================================================================
% START OF SECOND DAY SEMINAR SECTION
% =====================================================================
\chapter*{Preface}
This one-day course presents the details of five different GPL
compliance cases handled by FSF's GPL Compliance Laboratory. Each case
offers unique insights into problems that can arise when the terms of
GPL are not properly followed, and how diplomatic negotiation between
the violator and the copyright holder can yield positive results for
both parties.
Attendees should have successfully completely the course, a ``Detailed Attendees should have successfully completely the course, a ``Detailed
Study and Analysis of GPL and LGPL'', as the material from that course Study and Analysis of the GPL and LGPL,'' as the material from that
forms the building blocks for this material. course forms the building blocks for this material.
The course is of most interest to lawyers who have clients or employers This course is of most interest to lawyers who have clients or
that deal with Free Software on a regular basis. However, technical employers that deal with Free Software on a regular basis. However,
managers and executives whose businesses use or distribute Free Software technical managers and executives whose businesses use or distribute
will also find the course very helpful. Free Software will also find the course very helpful.
\bigskip \bigskip
These course materials are merely a summary of the highlights of the These course materials are merely a summary of the highlights of the
course presented. Readers of this material should assume that they have course presented. Please be aware that during the actual GPL course, class
missed the bulk of the material, as the detailed discussion of these case discussion supplements this printed curriculum. Simply reading it is
studies is the most illuminating part about them. Merely reading this not equivalent to attending the course.
material is akin to matriculating into a college course and read only the
textbook instead of going to class.
\end{abstract}
\tableofcontents \tableofcontents
\pagebreak \mainmatter
\pagenumbering{arabic} \pagenumbering{arabic}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\chapter{Overview of FSF's GPL Compliance Lab} \chapter{Overview of FSF's GPL Compliance Lab}
The GPL is a Free Software license with legal teeth. Unlike licenses like The GPL is a Free Software license with legal teeth. Unlike licenses like
@ -142,32 +208,33 @@ clause is where the legal teeth of the license are rooted. As a copyright
license, GPL governs only the activities governed by copyright law --- license, GPL governs only the activities governed by copyright law ---
copying, modifying and redistributing computer software. Unlike most copying, modifying and redistributing computer software. Unlike most
copyright licenses, GPL gives wide grants of permission for engaging with copyright licenses, GPL gives wide grants of permission for engaging with
these activities. Such permissions continue and all parties may exercise these activities. Such permissions continue, and all parties may exercise
them until such time as one party violates the terms of GPL\@. At the them until such time as one party violates the terms of GPL\@. At the
moment of such a violation (i.e., the engaging of copying, modifying or moment of such a violation (i.e., the engaging of copying, modifying or
redistributing in ways not permitted by GPL) \S 4 is invoked. While other redistributing in ways not permitted by GPL) \S 4 is invoked. While other
parties may continue to operate under GPL, the violating party loses their parties may continue to operate under GPL, the violating party loses their
rights. rights.
Specifically, \S 4 terminates the violators' rights to continue engaging Specifically, \S 4 terminates the violators' rights to continue
in the permissions that otherwise granted by GPL\@. Effectively, their engaging in the permissions that are otherwise granted by GPL\@.
permissions go back to the copyright defaults --- no permission is granted Effectively, their rights revert to the copyright defaults ---
to copy, modify, nor redistribute the work. Meanwhile, \S 5 points out no permission is granted to copy, modify, nor redistribute the work.
that if if the violator has no rights under GPL --- as they will not once Meanwhile, \S 5 points out that if the violator has no rights under
they have violated it --- then they otherwise have no rights and are GPL, they are prohibited by copyright law from engaging in the
prohibited by copyright law from engaging in the activities of copying, activities of copying, modifying and distributing. They have lost
modifying and distributing. these rights because they have violated the GPL, and no other license
gives them permission to engage in these activities governed by copyright law.
\section{Ongoing Violations} \section{Ongoing Violations}
In conjunction with \S 4's termination of violators' rights, there is one In conjunction with \S 4's termination of violators' rights, there is
final industry fact added to the mix: rarely, does one engage in a single, one final industry fact added to the mix: rarely, does one engage in a
solitary act of copying, distributing or modifying software. Almost single, solitary act of copying, distributing or modifying software.
always, a violator will have legitimately acquired a copy a GPL'd program, Almost always, a violator will have legitimately acquired a copy of a
either making modifications or not, and then began a ongoing activity of GPL'd program, either making modifications or not, and then begun
distributing that work. For example, the violator may have put the distributing that work. For example, the violator may have put the
software in boxes and sold them at stores. Or perhaps the software was software in boxes and sold them at stores. Or perhaps the software
put up for download on the Internet. Regardless of the delivery was put up for download on the Internet. Regardless of the delivery
mechanism, violators almost always are engaged in {\em ongoing\/} mechanism, violators almost always are engaged in {\em ongoing\/}
violation of GPL\@. violation of GPL\@.
@ -175,14 +242,14 @@ In fact, when we discover a GPL violation that occurred only once --- for
example, a user group who distributed copies of a GNU/Linux system without example, a user group who distributed copies of a GNU/Linux system without
source at one meeting --- we rarely pursue it with a high degree of source at one meeting --- we rarely pursue it with a high degree of
tenacity. In our minds, such a violation is an educational problem, and tenacity. In our minds, such a violation is an educational problem, and
unless the user group becomes a repeat offender (as it turns out, the unless the user group becomes a repeat offender (as it turns out, they
never do) we simply forward along an FAQ entry that best explains how user never do), we simply forward along a FAQ entry that best explains how user
groups can most easily comply with GPL, and send them on there merry way. groups can most easily comply with GPL, and send them on their merry way.
It is only the cases of {\em ongoing\/} GPL violation that warrant our It is only the cases of {\em ongoing\/} GPL violation that warrant our
active attention. We vehemently pursue those cases where dozens, hundreds active attention. We vehemently pursue those cases where dozens, hundreds
or thousands of customers are receiving software that is out of or thousands of customers are receiving software that is out of
compliance, and where the company continually puts for sale (or compliance, and where the company continually offers for sale (or
distributes gratis as a demo) software distributions that include GPL'd distributes gratis as a demo) software distributions that include GPL'd
components out of compliance. Our goal is to maximize the impact of components out of compliance. Our goal is to maximize the impact of
enforcement and educate industries who are making such a mistake on a enforcement and educate industries who are making such a mistake on a
@ -191,12 +258,12 @@ large scale.
In addition, such ongoing violation shows that a particular company is In addition, such ongoing violation shows that a particular company is
committed to a GPL'd product line. We are thrilled to learn that someone committed to a GPL'd product line. We are thrilled to learn that someone
is benefiting from Free Software, and we understand that sometimes they is benefiting from Free Software, and we understand that sometimes they
have become confused about the rules of the road. Rather than merely become confused about the rules of the road. Rather than merely
giving us a post mortem to perform on a past mistake, an ongoing violation giving us a post mortem to perform on a past mistake, an ongoing violation
gives us an active opportunity to educate a new contributor the GPL'd gives us an active opportunity to educate a new contributor to the GPL'd
commons about proper procedures to contribute to the community. commons about proper procedures to contribute to the community.
Our central goal is not, in fact, to merely clear up particular violation. Our central goal is not, in fact, to merely clear up a particular violation.
In fact, over time, we hope that our compliance lab will be out of In fact, over time, we hope that our compliance lab will be out of
business. We seek to educate the businesses that engage in commerce business. We seek to educate the businesses that engage in commerce
related to GPL'd software to obey the rules of the road and allow them to related to GPL'd software to obey the rules of the road and allow them to
@ -210,7 +277,7 @@ matter, allowing that company to join the GPL ecosystem as a contributor.
Our enforcement of GPL is not a fund-raising effort; in fact, FSF's GPL Our enforcement of GPL is not a fund-raising effort; in fact, FSF's GPL
Compliance Lab runs at a loss (in other words, it is subsided by our Compliance Lab runs at a loss (in other words, it is subsided by our
donors). Our violation reports come from volunteers, who have encountered donors). Our violation reports come from volunteers, who have encountered,
in their business or personal life, a device or software product that in their business or personal life, a device or software product that
appears to contain GPL'd software. These reports are almost always sent appears to contain GPL'd software. These reports are almost always sent
via email to $<$license-violation@fsf.org$>$. via email to $<$license-violation@fsf.org$>$.
@ -218,7 +285,7 @@ via email to $<$license-violation@fsf.org$>$.
Our first order of business, upon receiving such a report, is to seek Our first order of business, upon receiving such a report, is to seek
independent confirmation. When possible, we get a copy of the software independent confirmation. When possible, we get a copy of the software
product. For example, if it is an offering that is downloadable from a product. For example, if it is an offering that is downloadable from a
website, we download it and investigate ourselves. When it is not Web site, we download it and investigate ourselves. When it is not
possible for us to actually get a copy of the software, we ask the possible for us to actually get a copy of the software, we ask the
reporter to go through the same process we would use in examining the reporter to go through the same process we would use in examining the
software. software.
@ -240,7 +307,7 @@ Once we have confirmed that a violation has indeed occurred, we must then
determine whose copyright has been violated. Contrary to popular belief, determine whose copyright has been violated. Contrary to popular belief,
FSF does not have the power to enforce GPL in all cases. Since GPL FSF does not have the power to enforce GPL in all cases. Since GPL
operates under copyright law, the powers of enforcement --- to seek operates under copyright law, the powers of enforcement --- to seek
redress once \S 4 has been invoked --- lies with the copyright holder of redress once \S 4 has been invoked --- lie with the copyright holder of
the software. FSF is one of the largest copyright holders in the world of the software. FSF is one of the largest copyright holders in the world of
GPL'd software, but we are by no means the only one. Thus, we sometimes GPL'd software, but we are by no means the only one. Thus, we sometimes
discover that while GPL'd code is present in the software, there is no discover that while GPL'd code is present in the software, there is no
@ -249,7 +316,7 @@ software copyrighted by FSF present.
In cases where FSF does not hold copyright interest in the software, but In cases where FSF does not hold copyright interest in the software, but
we have confirmed a violation, we contact the copyright holders of the we have confirmed a violation, we contact the copyright holders of the
software, and encourage them to enforce GPL\@. We offer our good offices software, and encourage them to enforce GPL\@. We offer our good offices
to help negotiate compliance on their behalf, and many times we help as a to help negotiate compliance on their behalf, and many times, we help as a
third party to settle such GPL violations. However, what we will describe third party to settle such GPL violations. However, what we will describe
primarily in this course is FSF's first-hand experience enforcing its own primarily in this course is FSF's first-hand experience enforcing its own
copyrights and GPL\@. copyrights and GPL\@.
@ -262,8 +329,7 @@ works best when you assume the best of others, and only change policy,
procedures and attitudes when some specific event or occurrence indicates procedures and attitudes when some specific event or occurrence indicates
that a change is necessary. We treat the process of GPL enforcement in that a change is necessary. We treat the process of GPL enforcement in
the same way. Our goal is to encourage violators to join the cooperative the same way. Our goal is to encourage violators to join the cooperative
community of software sharing, so we want to open our hand in friendship community of software sharing, so we want to open our hand in friendship.
to them.
Therefore, once we have confirmed a violation, our first assumption is Therefore, once we have confirmed a violation, our first assumption is
that the violation is an oversight or otherwise a mistake due to confusion that the violation is an oversight or otherwise a mistake due to confusion
@ -277,9 +343,9 @@ compliance work.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\chapter{Davrik: Modified GCC SDK} \chapter{Davrik: Modified GCC SDK}
In our first case study, we will consider Davrik, a company that produces In our first case study, we will consider Davrik, a company that
software and hardware toolkits to assist OEM vendors who products consumer produces software and hardware toolkits to assist OEM vendors, makers
electronic devices. of consumer electronic devices.
\section{Facts} \section{Facts}
@ -300,7 +366,7 @@ more evidence was discovered.
FSF was later able to confirm the violation when two additional reports FSF was later able to confirm the violation when two additional reports
surfaced from other violation reporters, both of whom had used the SDK surfaced from other violation reporters, both of whom had used the SDK
professional and noticed clear similarities to FSF's GNU GCC\@. FSF's professionally and noticed clear similarities to FSF's GNU GCC\@. FSF's
Compliance Engineer asked the reporters to run standard tests to confirm Compliance Engineer asked the reporters to run standard tests to confirm
the violation, and it was confirmed that Davrik's SDK was indeed a the violation, and it was confirmed that Davrik's SDK was indeed a
derivative work of GCC\@. Davrik had ported to Windows and added a number derivative work of GCC\@. Davrik had ported to Windows and added a number
@ -313,13 +379,13 @@ to request that source (if \S 3(b) was exercised). The violators
confirmed that such requests were not answered. confirmed that such requests were not answered.
FSF brought the matter to the attention of Davrik, who immediately FSF brought the matter to the attention of Davrik, who immediately
escalated the matter to their attorneys. After a long negotiation, Davrik escalated the matter to their attorneys. After a long negotiation,
acknowledged that their SDK was indeed a derivative work of GCC\@. Davrik Davrik acknowledged that their SDK was indeed a derivative work of
released most of the source, but some disagreement occurred over whether GCC\@. Davrik released most of the source, but some disagreement
LP was a derivate work of GCC\@. After repeated FSF inquiries, Davrik occurred over whether LP was a derivate work of GCC\@. After repeated
reaudited the source and discovered that FSF's analysis was correct and FSF inquiries, Davrik reaudited the source to discover that FSF's
determined that LP included a number of source files copied from the GCC analysis was correct. Davrik determined that LP included a number of
code-base. source files copied from the GCC code-base.
\label{davrik-build-problems} \label{davrik-build-problems}
Once the full software release was made available, FSF asked the violation Once the full software release was made available, FSF asked the violation
@ -329,22 +395,21 @@ instructions with the software, and such build instructions were
incorporated into the next software release. incorporated into the next software release.
At FSF's request as well, Davrik informed customers who had previously At FSF's request as well, Davrik informed customers who had previously
purchased the product that the source was now available, by announcing purchased the product that the source was now available by announcing
the available on its website and via a customer newsletter. the availablity on its Web site and via a customer newsletter.
Davrik did have some concerns regarding patents. They wished to include a Davrik did have some concerns regarding patents. They wished to include a
statement with the software release that made sure they were not granting statement with the software release that made sure they were not granting
any patent permission other than what was absolutely required by GPL\@. any patent permission other than what was absolutely required by GPL\@.
They understood that their patent assertions could not trump any rights They understood that their patent assertions could not trump any rights
granted by GPL\@. The following language was negotiated to be included granted by GPL\@. The following language was negotiated into the release:
with the release:
\begin{quotation} \begin{quotation}
Subject to the qualifications stated below, Davrik, on behalf of itself Subject to the qualifications stated below, Davrik, on behalf of itself
and its Subsidiaries, agrees not to assert the Claims against you for your and its Subsidiaries, agrees not to assert the Claims against you for your
making, use, offer for sale, sale, or importation of the Davrik's GNU making, use, offer for sale, sale, or importation of the Davrik's GNU
Utilities or derivative works of the Davrik's GNU Utilities Utilities or derivative works of the Davrik's GNU Utilities
("Derivatives"), but only to the extent that any such Derivatives are (``Derivatives''), but only to the extent that any such Derivatives are
licensed by you under the terms of the GNU General Public License. The licensed by you under the terms of the GNU General Public License. The
Claims are the claims of patents that Davrik or its Subsidiaries have Claims are the claims of patents that Davrik or its Subsidiaries have
standing to enforce that are directly infringed by the making, use, or standing to enforce that are directly infringed by the making, use, or
@ -357,19 +422,19 @@ patent as a Claim. Subsidiaries are entities that are wholly owned by
Davrik. Davrik.
This statement does not negate, limit or restrict any rights you already This statement does not negate, limit or restrict any rights you already
have under the GNU General Public License, Version 2. have under the GNU General Public License version 2.
\end{quotation} \end{quotation}
This quelled Davrik's concerns about other patent licensing they sought to This quelled Davrik's concerns about other patent licensing they sought to
do outside of the GPL'd software, and satisfied FSF's concerns that they do outside of the GPL'd software, and satisfied FSF's concerns that Davrik
give proper permissions to exercise teachings of patents that were give proper permissions to exercise teachings of patents that were
exercised in their GPL'd software release. exercised in their GPL'd software release.
Finally, a GPL Compliance Officer inside Davrik was appointed who is Finally, a GPL Compliance Officer inside Davrik was appointed to take
responsible for all matters of GPL compliance inside the company. Darvik responsibility for all matters of GPL compliance inside the company.
is responsible for informing FSF if the position is given to someone else Darvik is responsible for informing FSF if the position is given to
inside the company, and making sure that FSF has direct contact someone else inside the company, and making sure that FSF has direct
information with Darvik's Compliance Officer. contact with Darvik's Compliance Officer.
\section{Lessons} \section{Lessons}
@ -404,7 +469,7 @@ This case introduces a number of concepts regarding GPL enforcement.
\item {\bf Confirming compliance is a community effort.} The whole point \item {\bf Confirming compliance is a community effort.} The whole point
of making sure that software distributors respect the terms of GPL is to of making sure that software distributors respect the terms of GPL is to
allow a thriving software sharing community to benefit and improve the allow a thriving software sharing community to benefit and improve the
work. FSF are not the experts on how a compiler for consumer electronic work. FSF is not the expert on how a compiler for consumer electronic
devices should work. We therefore inform the community who originally devices should work. We therefore inform the community who originally
brought the violation to our attention and ask them to assist in brought the violation to our attention and ask them to assist in
evaluation and confirmation of the product's compliance. Of course, FSF evaluation and confirmation of the product's compliance. Of course, FSF
@ -415,11 +480,11 @@ This case introduces a number of concepts regarding GPL enforcement.
\item {\bf Informing the harmed community is part of compliance.} FSF asks \item {\bf Informing the harmed community is part of compliance.} FSF asks
violators to make some attempt --- such as via newsletters and the violators to make some attempt --- such as via newsletters and the
company's website --- to inform those who already have the products as company's Web site --- to inform those who already have the products as
to their rights under GPL\@. One of the key thrusts of GPL's \S 1 and to their rights under GPL\@. One of the key thrusts of GPL's \S 1 and
\S 3 is to {\em make sure the user knows she has these rights\/}. If a \S 3 is to {\em make sure the user knows she has these rights\/}. If a
product was received out of compliance by a customer, she may never product was received out of compliance by a customer, she may never
actually discover that she had such rights. Informing customers, in a actually discover that she has such rights. Informing customers, in a
way that is not burdensome but has a high probability of successfully way that is not burdensome but has a high probability of successfully
reaching those who would seek to exercise their freedoms, is essential reaching those who would seek to exercise their freedoms, is essential
to properly remedy the mistake. to properly remedy the mistake.
@ -427,9 +492,9 @@ This case introduces a number of concepts regarding GPL enforcement.
\item {\bf Lines between various copyright, patent, and other legal \item {\bf Lines between various copyright, patent, and other legal
mechanisms must be precisely defined and considered.} The most mechanisms must be precisely defined and considered.} The most
difficult negotiation point of the Davrik case was drafting language difficult negotiation point of the Davrik case was drafting language
that simultaneously protected the Davrik's patent rights outside of the that simultaneously protected Davrik's patent rights outside of the
GPL'd source, but was consistent with the implicit patent grant in GPL'd source, but was consistent with the implicit patent grant in
GPL\@. As we discussed in the first course in this series, there is GPL\@. As we discussed in the first course of this series, there is
indeed an implicit patent grant with GPL, thanks to \S 6 and \S 7. indeed an implicit patent grant with GPL, thanks to \S 6 and \S 7.
However, many companies become nervous and wish to make the grant However, many companies become nervous and wish to make the grant
explicit to assure themselves that the grant is sufficiently narrow for explicit to assure themselves that the grant is sufficiently narrow for
@ -445,62 +510,62 @@ This case introduces a number of concepts regarding GPL enforcement.
\chapter{Bracken: a Minor Violation in a GNU/Linux Distribution} \chapter{Bracken: a Minor Violation in a GNU/Linux Distribution}
In this case study, we consider a minor violation made by a company whose In this case study, we consider a minor violation made by a company whose
knowledge of the Free Software community and it functions is deep. knowledge of the Free Software community and its functions is deep.
\section{The Facts} \section{The Facts}
Bracken produces a GNU/Linux operating system product that is sold Bracken produces a GNU/Linux operating system product that is sold
primarily to OEM vendors to be placed in appliance devices that are used primarily to OEM vendors to be placed in appliance devices used for a
for a single purpose, such as an Internet-browsing-only device. The single purpose, such as an Internet-browsing-only device. The product
product is almost 100\% Free Software, mostly licensed under GPL and is almost 100\% Free Software, mostly licensed under GPL and related
related Free Software licenses. Free Software licenses.
FSF found out about this violation through a report first posted in a FSF found out about this violation through a report first posted on a
comment on a Slashdot\footnote{Slashdot is a popular news and discussion Slashdot\footnote{Slashdot is a popular news and discussion site for
site for technical readers.} comment, and then was brought to attention technical readers.} comment, and then it was brought to our attention again
again by another Free Software copyright holder who had discovered the by another Free Software copyright holder who had discovered the
same violation. same violation.
Bracken's GNU/Linux product is delivered directly from their website. Bracken's GNU/Linux product is delivered directly from their Web site.
This allowed FSF engineers to directly download and confirm the violation This allowed FSF engineers to directly download and confirm the
quickly. It was discovered that there were two primary problems with the violation quickly. Two primary problems were discovered with the
online distribution: online distribution:
\begin{itemize} \begin{itemize}
\item No source code nor offer for source code was provided for a number \item No source code nor offer for source code was provided for a number
of components for the distributed GNU/Linux system; only binaries were of components for the distributed GNU/Linux system; only binaries were
available. available
\item An End User License Agreement (``EULA'') was included that \item An End User License Agreement (``EULA'') was included that
contradicted the permissions granted by GPL\@. contradicted the permissions granted by GPL\@
\end{itemize} \end{itemize}
FSF contacted Bracken and gave them the details of the violation. Bracken FSF contacted Bracken and gave them the details of the violation. Bracken
immediately ceased distribution of the product temporarily, and set forth immediately ceased distribution of the product temporarily and set forth
a plan to bring themselves back into compliance. This plan included the a plan to bring themselves back into compliance. This plan included the
following steps: following steps:
\begin{itemize} \begin{itemize}
\item Bracken attorneys would rewrite the EULA to comply with GPL, and \item Bracken attorneys would rewrite the EULA to comply with GPL and
would vet the new EULA through FSF before use. would vet the new EULA through FSF before use
\item Bracken engineers would provide source side-by-side with the \item Bracken engineers would provide source side-by-side with the
binaries for the GNU/Linux distribution on the site (and on CD's, if binaries for the GNU/Linux distribution on the site (and on CD's, if
ever they distributed that way). ever they distributed that way)
\item Bracken attorneys would run an internal seminar for its engineers \item Bracken attorneys would run an internal seminar for its engineers
regarding proper GPL compliance, to help ensure that such oversights regarding proper GPL compliance to help ensure that such oversights
regarding source releases would not occur in the future. regarding source releases would not occur in the future
\item Bracken would resume distribution of the product only after FSF \item Bracken would resume distribution of the product only after FSF
formally restored Bracken's distribution rights. formally restored Bracken's distribution rights
\end{itemize} \end{itemize}
This case was completed in the matter of about a month. FSF approved the This case was completed in about a month. FSF approved the new EULA
new EULA text. They key portion in the EULA relating to GPL read as text. The key portion in the EULA relating to GPL read as follows:
follows:
\begin{quotation} \begin{quotation}
Many of the Software Programs included in Bracken Software are distributed Many of the Software Programs included in Bracken Software are distributed
@ -547,16 +612,16 @@ role in GPL compliance.
product into compliance. product into compliance.
\item {\bf When people in key positions understand the Free Software \item {\bf When people in key positions understand the Free Software
nature of their software products, compliance concerns are as mundane as nature of their software products, compliance concerns are as
minor software bugs.} Even the most functional system or structure has mundane as minor software bugs.} Even the most functional system or
its problems, and successful business often depends on agile response to structure has its problems, and successful business often depends on
the problems that do come up; avoiding problems altogether is a pipe agile response to the problems that do come up; avoiding problems
dream. Minor GPL violations can and do happen even with well-informed altogether is a pipe dream. Minor GPL violations can and do happen
redistributors. However, when the company --- and in particular, the even with well-informed redistributors. However, resolution is
lawyers, managers, and engineers working on the Free Software product reached quickly when the company --- and in particular, the lawyers,
lines --- have adapted to the cooperative Free Software culture, managers, and engineers working on the Free Software product lines
resolving such problems is merely a mundane detail of typical operation --- have adapted to Free Software culture that the lower-level
and resolution is reached quickly. engineer already understood
\item {\bf Legally, distribution must stop when a violation is \item {\bf Legally, distribution must stop when a violation is
identified.} In our opinion, Bracken went above and beyond the call of identified.} In our opinion, Bracken went above and beyond the call of
@ -569,26 +634,26 @@ role in GPL compliance.
negotiating in bad faith) does FSF even threaten an injunction on negotiating in bad faith) does FSF even threaten an injunction on
copyright grounds. However, Bracken --- as a good Free Software citizen copyright grounds. However, Bracken --- as a good Free Software citizen
--- chose to be on the safe side and do the legally correct thing while --- chose to be on the safe side and do the legally correct thing while
the violation case was pending. Since from start to finish it took less the violation case was pending. From start to finish, it took less
than am month to resolve, this lapse in distribution did not, to FSF's than a month to resolve. This lapse in distribution did not, to FSF's
knowledge, impact Bracken's business in any way. knowledge, impact Bracken's business in any way.
\item {\bf EULAs are a common area for GPL problems.} Often, EULAs are \item {\bf EULAs are a common area for GPL problems.} Often, EULAs
drafted from boilerplate text that a company uses for all its products. are drafted from boilerplate text that a company uses for all its
Even the most diligent attorneys forget or simply do not know that a products. Even the most diligent attorneys forget or simply do not
product contains software licensed under GPL and other Free Software know that a product contains software licensed under GPL and other
licenses. Drafting a EULA that accounts for such licenses is Free Software licenses. Drafting a EULA that accounts for such
straightforward; the text quoted above works just fine. The EULA must licenses is straightforward; the text quoted above works just fine.
be designed so that it does not trump and rights and permissions already The EULA must be designed so that it does not trump rights and
granted by GPL\@, and it clearly state that if there is a conflict permissions already granted by GPL\@. The EULA must clearly state
between the EULA and GPL, with regard to GPL'd code, that the GPL is the that if there is a conflict between it and GPL, with regard to GPL'd
overriding license. code, the GPL is the overriding license.
\item {\bf Compliance Officers are rarely necessary when companies are \item {\bf Compliance Officers are rarely necessary when companies are
educated about GPL compliance.} As we saw in the Davrik case, FSF asks educated about GPL compliance.} As we saw in the Davrik case, FSF asks
that a formal ``GPL Compliance Officer'' be appointed inside a that a formal ``GPL Compliance Officer'' be appointed inside a
previously violating organization to shepherd the organization to a previously violating organization to shepherd the organization to a
cooperative approach with regard to GPL compliance. However, when FSF cooperative approach to GPL compliance. However, when FSF
sees that an organization already has such an approach, there is no sees that an organization already has such an approach, there is no
need to request that such an officer be appointed. need to request that such an officer be appointed.
@ -603,10 +668,11 @@ and regulatory problems can impact GPL compliance matters.
\section{The Facts} \section{The Facts}
Vigorien distributes a backup solution product that allows system Vigorien distributes a back-up solution product that allows system
administrators to create encrypted backups of file-systems on Unix-like administrators to create encrypted backups of file-systems on
computers. The product is based on GNU tar, a backup utility that Unix-like computers. The product is based on GNU tar, a backup utility
replaces the standard Unix utility, ``tar'', but has additional features. that replaces the standard Unix utility simply called tar, but has
additional features.
Vigorien's backup solution added cryptographic features to GNU tar, and Vigorien's backup solution added cryptographic features to GNU tar, and
included a suite of utilities and graphical user interfaces surrounding included a suite of utilities and graphical user interfaces surrounding
@ -615,7 +681,7 @@ GNU tar to make backups convenient.
FSF discovered the violation from a user report, and determined that the FSF discovered the violation from a user report, and determined that the
cryptographic features were the only part of the product that constituted cryptographic features were the only part of the product that constituted
a derivative work of GNU tar; the extraneous utilities merely made a derivative work of GNU tar; the extraneous utilities merely made
``shell'' calls out to GNU tar. FSF requested that Vigorien come into shell calls out to GNU tar. FSF requested that Vigorien come into
compliance with GPL by releasing the source of GNU tar, with the compliance with GPL by releasing the source of GNU tar, with the
cryptographic modifications, to its customers. cryptographic modifications, to its customers.
@ -627,7 +693,7 @@ FSF disputed the first claim, pointing out that Vigorien had only one
option if they did not want to release the source: they would have to option if they did not want to release the source: they would have to
remove GNU tar from the software and not distribute it further. Vigorien remove GNU tar from the software and not distribute it further. Vigorien
rejected this suggestion, since GNU tar was an integral part of the rejected this suggestion, since GNU tar was an integral part of the
product and the security changes were useless without GNU tar. product, and the security changes were useless without GNU tar.
Regarding the export control claims, FSF proposed a number of options, Regarding the export control claims, FSF proposed a number of options,
including release of the source from one of Vigorien's divisions overseas including release of the source from one of Vigorien's divisions overseas
@ -645,13 +711,14 @@ did so, and the violation was resolved.
\begin{enumerate} \begin{enumerate}
\item {\bf Removing the GPL'd portion of the product is always an option.} \item {\bf Removing the GPL'd portion of the product is always an
Many violators' first response is to simply refuse to release the source option.} Many violators' first response is to simply refuse to
code as GPL requires. FSF offers the option to simply remove the GPL'd release the source code as GPL requires. FSF offers the option to
portions from the product and continue along without them indefinitely. simply remove the GPL'd portions from the product and continue along
Every case where this has been suggested has led to the same conclusion. without them. Every case where this has been suggested has led to
Like Vigorien, the violator argues that the product cannot function the same conclusion. Like Vigorien, the violator argues that the
without the GPL'd components and they cannot effectively replace them. product cannot function without the GPL'd components, and they
cannot effectively replace them.
Such an outcome is simply further evidence that the combined work in Such an outcome is simply further evidence that the combined work in
question is indeed a derivative work of the original GPL'd component. question is indeed a derivative work of the original GPL'd component.
@ -674,14 +741,14 @@ did so, and the violation was resolved.
in source form'' is not a valid defense for explaining why the terms of in source form'' is not a valid defense for explaining why the terms of
the GPL are ignored. If companies do not want to release source code the GPL are ignored. If companies do not want to release source code
for some reason, then they should not base the work on GPL'd software. for some reason, then they should not base the work on GPL'd software.
No external argument for non-compliance can hold weight if the work as No external argument for noncompliance can hold weight if the work as
whole is indeed a derivative work of a GPL'd program. whole is indeed a derivative work of a GPL'd program.
The ``security concerns'' argument is often floated as a reason to keep The ``security concerns'' argument is often floated as a reason to keep
software proprietary, but the computer security community has on software proprietary, but the computer security community has on
numerous occasions confirmed that such arguments are entirely specious. numerous occasions confirmed that such arguments are entirely specious.
Security experts have found --- since the beginnings of the field of Security experts have found --- since the beginnings of the field of
cryptography in the ancient word --- that sharing results about systems cryptography in the ancient world --- that sharing results about systems
and having such systems withstand peer review and scrutiny builds the and having such systems withstand peer review and scrutiny builds the
most secure systems. While full disclosure may help some who wish to most secure systems. While full disclosure may help some who wish to
compromise security, it helps those who want to fix problems even more compromise security, it helps those who want to fix problems even more
@ -709,7 +776,7 @@ companies were involved and many complex issues arose.
Haxil produced a consumer electronics device which included a mini Haxil produced a consumer electronics device which included a mini
GNU/Linux distribution to control the device. The device was of interest GNU/Linux distribution to control the device. The device was of interest
to many technically minded consumers, who purchased the device and very to many technically-minded consumers, who purchased the device and very
quickly discovered that Free Software was included without source. quickly discovered that Free Software was included without source.
Mailing lists throughout the Free Software community erupted with Mailing lists throughout the Free Software community erupted with
complaints about the problem, and FSF quickly investigated. complaints about the problem, and FSF quickly investigated.
@ -722,31 +789,31 @@ arms about the violation.
Meanwhile, Haxil was in the midst of being acquired by Polgara. Polgara Meanwhile, Haxil was in the midst of being acquired by Polgara. Polgara
was as surprised as everyone else to discover the product was based on was as surprised as everyone else to discover the product was based on
GPL'd software; this fact had not been part of the disclosures made during GPL'd software; this fact had not been part of the disclosures made during
acquisition. FSF contacted both Haxil and Polgara, and product managers acquisition. FSF contacted Haxil, Polgara, and the product managers
who had transitioned into the ``Haxil division'' of the newly-merged who had transitioned into the ``Haxil division'' of the newly-merged
Polgara company and Polgara's General Counsel's office worked with FSF on Polgara company. Polgara's General Counsel's office worked with FSF on
the matter. the matter.
FSF meanwhile formed a coalition with the other primary copyright holders FSF formed a coalition with the other primary copyright holders
to pursue the enforcement effort on their behalf. FSF communicated to pursue the enforcement effort on their behalf. FSF communicated
directly with Polgara's representatives to begin working through the directly with Polgara's representatives to begin working through the
issues on behalf of FSF itself and the Free Software community at large. issues on behalf of itself and the Free Software community at large.
Polgara pointed out that the software distribution they used was mostly Polgara pointed out that the software distribution they used was mostly
contributed by an upstream provider, Thesulac, and Haxil's changes to that contributed by an upstream provider, Thesulac, and Haxil's changes to that
code base were minimal. Polgara negotiated with Thesulac to obtain the code base were minimal. Polgara negotiated with Thesulac to obtain the
source, although the issue was moving very slowly in the channels between source, although the issue moved very slowly in the channels between
Polgara and Thesulac. Polgara and Thesulac.
FSF encouraged a round-table meeting so that high bandwidth communication FSF encouraged a round-table meeting so that high bandwidth communication
could occur between FSF, Polgara and Thesulac. Polgara and Thesulac could occur between FSF, Polgara and Thesulac. Polgara and Thesulac
agreed, and that discussion began. Thesulac provided nearly complete agreed, and that discussion began. Thesulac provided nearly complete
sources to Polgara, and Polgara made a full software release on their sources to Polgara, and Polgara made a full software release on their
website. At the time of writing, that software still has some build Web site. At the time of writing, that software still has some build
problems (similar those that occurred with Davrik, as described in problems (similar to those that occurred with Davrik, as described in
Section~\ref{davrik-build-problems}). FSF continues to negotiate with Section~\ref{davrik-build-problems}). FSF continues to negotiate with
Polgara and Thesulac to resolve these problems, which have a clear path to Polgara and Thesulac to resolve these problems, which have a clear path to
solution and are expected to resolve. a solution and are expected to resolve.
Similar to the Vigorien case, Thesulac has regulatory concerns. In this Similar to the Vigorien case, Thesulac has regulatory concerns. In this
case, it is not export controls --- an issue that has since been resolved case, it is not export controls --- an issue that has since been resolved
@ -767,7 +834,7 @@ regarding the problem.
more difficult.} FSF has a strong policy never to publicize names of more difficult.} FSF has a strong policy never to publicize names of
GPL violators if they are negotiating in a friendly way and operating in GPL violators if they are negotiating in a friendly way and operating in
good faith toward compliance. Most violations are honest mistakes, and good faith toward compliance. Most violations are honest mistakes, and
FSF sees no reason to publicly admonish violators who genuinely see to FSF sees no reason to publicly admonish violators who genuinely want to
come into compliance with GPL and to work hard staying in compliance. come into compliance with GPL and to work hard staying in compliance.
This case was so public in the Free Software community that both Haxil's This case was so public in the Free Software community that both Haxil's
@ -796,7 +863,7 @@ regarding the problem.
When FSF carries out enforcement, we are patient and sympathetic when When FSF carries out enforcement, we are patient and sympathetic when
the problem appears to be upstream. In fact, we urge the violator to the problem appears to be upstream. In fact, we urge the violator to
point us to the upstream provider so we may talk to them directly. In point us to the upstream provider so we may talk to them directly. In
this case we were happy to begin negotiations with Thesulac. However, this case, we were happy to begin negotiations with Thesulac. However,
Polgara still has an obligation to bring their product into compliance, Polgara still has an obligation to bring their product into compliance,
regardless of Thesulac's response. regardless of Thesulac's response.
@ -805,7 +872,7 @@ regarding the problem.
distribute a ``good practices for GPL compliance'' document with their distribute a ``good practices for GPL compliance'' document with their
product. Polgara added various software components to Thesulac's product. Polgara added various software components to Thesulac's
product, and it is conceivable that such additions can introduce product, and it is conceivable that such additions can introduce
compliance. In FSF's opinion, Thesulac is no way legally responsible compliance. In FSF's opinion, Thesulac is in no way legally responsible
for such a violation introduced by their customer, but it behooves them for such a violation introduced by their customer, but it behooves them
from a marketing standpoint to educate their customers about using the from a marketing standpoint to educate their customers about using the
product. We can argue whether or not it is your coffee vendor's fault product. We can argue whether or not it is your coffee vendor's fault
@ -817,14 +884,14 @@ regarding the problem.
many parties.} Most Free Software systems have hundreds of copyright many parties.} Most Free Software systems have hundreds of copyright
holders. Some have thousands. FSF is in a unique position as one of holders. Some have thousands. FSF is in a unique position as one of
the largest single copyright holders on GPL'd software and as a the largest single copyright holders on GPL'd software and as a
respected umpire in the community neutrally enforcing the rules of the respected umpire in the community, neutrally enforcing the rules of the
GPL road. FSF works hard in the community to convince copyright GPL road. FSF works hard in the community to convince copyright
holders that consolidating GPL claims through FSF is better for them, holders that consolidating GPL claims through FSF is better for them,
and more likely to yield positive compliance results. and more likely to yield positive compliance results.
A few copyright holders engage in the ``proprietary relicensing'' A few copyright holders engage in the ``proprietary relicensing''
business, so they use GPL enforcement as a sales channel for that business, so they use GPL enforcement as a sales channel for that
business. FSF, as a community-oriented not-for-profit organization, business. FSF, as a community-oriented, not-for-profit organization,
seeks only to preserve the freedom of Free Software in its enforcement seeks only to preserve the freedom of Free Software in its enforcement
efforts. As it turns out, most of the community of copyright holders efforts. As it turns out, most of the community of copyright holders
of Free Software want the same thing. Share and share alike is a of Free Software want the same thing. Share and share alike is a
@ -841,7 +908,7 @@ Generally, from the experience of GPL enforcement, we glean the following
general practices that can help in GPL compliance for organizations that general practices that can help in GPL compliance for organizations that
distribute products based on GPL'd software: distribute products based on GPL'd software:
\begin{enumerate} \begin{itemize}
\item Talk to your software engineers and ask them where they got the \item Talk to your software engineers and ask them where they got the
components they use in the products they build. Find out if GPL'd components they use in the products they build. Find out if GPL'd
@ -868,11 +935,11 @@ distribute products based on GPL'd software:
merely having GPL'd code in one part of a product does not necessarily merely having GPL'd code in one part of a product does not necessarily
mean that every related product must also be GPL'd. And, even if some mean that every related product must also be GPL'd. And, even if some
software needs to be released that was not before, the product will software needs to be released that was not before, the product will
surely still survive. In FSF's enforcement efforts, we have not yet surely survive. In FSF's enforcement efforts, we have not yet
seen a product line die because source was released to customers in seen a product line die because source was released to customers in
compliance with GPL. compliance with GPL.
\end{enumerate} \end{itemize}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\end{document} \end{document}
@ -880,6 +947,9 @@ distribute products based on GPL'd software:
% LocalWords: proprietarize redistributors sublicense yyyy Gnomovision EULAs % LocalWords: proprietarize redistributors sublicense yyyy Gnomovision EULAs
% LocalWords: Yoyodyne FrontPage improvers Berne copyrightable Stallman's GPLs % LocalWords: Yoyodyne FrontPage improvers Berne copyrightable Stallman's GPLs
% LocalWords: Lessig Lessig's UCITA pre PDAs CDs reshifts GPL's Gentoo glibc % LocalWords: Lessig Lessig's UCITA pre PDAs CDs reshifts GPL's Gentoo glibc
% LocalWords: TrollTech administrivia LGPL's MontaVista Davrik Davrik's Darvik % LocalWords: TrollTech administrivia LGPL's MontaVista OpenTV Mitek Arce DVD
% LocalWords: Darvik's Slashdot sublicensed Vigorien Vigorien's Haxil Polgara % LocalWords: unprotectable protectable Unfreedonia chipset CodeSourcery Iqtel
% LocalWords: impermissibly Bateman faire minimis Borland uncopyrightable Mgmt
% LocalWords: franca downloadable Davrik Davrik's Darvik
% LocalWords: Slashdot sublicensed Vigorien Vigorien's Haxil Polgara
% LocalWords: Thesulac Polgara's Haxil's Thesulac's SDK CD's % LocalWords: Thesulac Polgara's Haxil's Thesulac's SDK CD's