GNU GPL License...
Transcript of GNU GPL License...
FOSS LicensesGPL Violations and License Enforcement
Summary
GNU GPL License EnforcementsWhat the community can do to enforce the GPL
Harald Welte
gpl-violations.orghmw-consulting.de
DORS/CLUC 2010, May 2010, Zagreb/Croatia
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
Outline
1 FOSS LicensesFree Software and CopyleftThe GNU GPLGPL - Embedded SystemsGPL - Compatible source code offerGPL - Derivative Works
2 GPL Violations and License EnforcementGPL ViolationsBusiness Risk of GPL ViolationsGPL Enforcementgpl-violations.org
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
About the speaker
Using + playing with Linux since 1994Kernel development since 1999IT security specialist, focus on network protocol securityBoard-level Electrical EngineeringSystem-level Software for PPC, ARM, x86IANAL, but companies not complying with the licenseforced me to spend lots of time with legal issues
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
Free Software and CopyleftThe GNU GPLGPL - Embedded SystemsGPL - Compatible source code offerGPL - Derivative Works
Free SoftwareDefinition by the FSF
Free Software has to ensure the following key freedoms:Freedom to use the software for any purposeFreedom to make copies "to help your neighbor"Freedom to study its functionality (source code)Freedom to fix it yourself (make modifications)
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
Free Software and CopyleftThe GNU GPLGPL - Embedded SystemsGPL - Compatible source code offerGPL - Derivative Works
CopyleftA concept to ensure Freedom
Copyleft is an idea to use copyright to ensure SoftwareFreedoms
Use/claim copyright on the softwareCreate a license that is permissive enough for the 4FreedomsHowever, put some conditions/obligations in the license
ensure the source code will always be availableensure nobody is able to remove the 4 Freedoms from thesoftware
Use that license for the software.
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
Free Software and CopyleftThe GNU GPLGPL - Embedded SystemsGPL - Compatible source code offerGPL - Derivative Works
The GNU GPLAn implementation of Copyleft
The GNU General Public License (GPL)is a Copyleft Free Software Licenseassures the original author that his work will always havethe freedomsestablishes a level of fairness: You can use my code, if youshare your additions back with us.is a big motivation factor for many community members
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
Free Software and CopyleftThe GNU GPLGPL - Embedded SystemsGPL - Compatible source code offerGPL - Derivative Works
Revisiting the GPLv2 License Terms
The GNU GPLv2Regulates distribution, not use (running the program)Allows distribution of source code and modified sourcecode, if
The license is mentionedA copy of the license text accompanies each copy
Allows distribution of or modified binaries, ifThe license is mentionedA copy of the license text accompanies each copyThe source code is either included with the copy, or awritten offer is made on how the source can be obtained.
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
Free Software and CopyleftThe GNU GPLGPL - Embedded SystemsGPL - Compatible source code offerGPL - Derivative Works
Complete Corresponding Source CodeAs required by GPLv2
. . . complete source code means all the source code for allmodules it (the software) contains, plus any associatedinterface definition files, plus the scripts used to controlcompilation and installation of the executable.
For a C language program, this meansSource CodeMakefilescompile-time configuration (e.g. kernel .config)
General ruleIntent of the license is to enable the user to run modifiedversions of the programIf you provide everything needed for that, there will be nodiscussion
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
Free Software and CopyleftThe GNU GPLGPL - Embedded SystemsGPL - Compatible source code offerGPL - Derivative Works
Modifications of GPL’d source codeThe details that matter
In the GPL, it does not matter if you have modified theGPL’d program or if you ship it unmodified.You always have to provide the source code!If you modify the source code, your changes have to bevisible/identifiableFor practical reasons, I suggest shipping original upstreamtarball + a diff/patch with your changes
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
Free Software and CopyleftThe GNU GPLGPL - Embedded SystemsGPL - Compatible source code offerGPL - Derivative Works
GPL and Embedded SystemsInterpreting the meaning
The GNU GPLv2 was written for the GNU project, at thetime this project was working on replacing individualapplication programs on top of a proprietary UNIXoperating system kernel.scripts used to control compilation and installation
Intent: To enable the user to modify + run modified versionsIn case of embedded systems, the "scripts used to controlinstallation" include the software required for installing theprogram onto the target device
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
Free Software and CopyleftThe GNU GPLGPL - Embedded SystemsGPL - Compatible source code offerGPL - Derivative Works
GPL and Embedded DRMSometimes called Tivo-ization
Some companies want to lock down their Linux-basedsystem, by
Cryptographic verification of bootloader by ROM loaderCryptographic verification of kernel image by bootloader. . .
This is problematic from a GPL point of view, sinceYou are depriving the user from practically exercising hisright to run modified versions of the programThus, violation not of the GPLv2 wording, but likely of theGPL’s intentionLegal outcome unclear, different scholars have differentopinions, also depends on jurisdiction
GPLv3 makes this intent explicit in the license text
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
Free Software and CopyleftThe GNU GPLGPL - Embedded SystemsGPL - Compatible source code offerGPL - Derivative Works
Complete + Corresponding SourceFor every Release you make
Whenever you distribute GPL licensed software, thelicense applies. This includes
Actual sale of a physical embedded device with thesoftware in flashDownload of a firmware update as a file from a websiteShipping of firmware updates on physical storageDistribution of firmware updates e.g. by over-the-airmechanisms in DVB-S or other networks
Every time, the conditions of the license have to be fulfilled(mention there’s software under GPL, include full licensetext, include or offer complete corresponding source codeFor every release you ever ship (even beta release if it everis shipped only to one customer), you need the completecorresponding source code.
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
Free Software and CopyleftThe GNU GPLGPL - Embedded SystemsGPL - Compatible source code offerGPL - Derivative Works
Derivative WorksKeeping it clean
Derivative works are a question of copyright law, not the GPLwhenever you couple a GPL and a non-GPL programtightly (e.g. static/dynamic linking), your’re entering a legalgrey areathere is little or no precedent on derivative works ofsoftwareyou’re violating the intention of the author. If he wanted youto link from proprietary programs, he would have usedLGPLtry to work with the community, rather than against it
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
GPL ViolationsBusiness Risk of GPL ViolationsGPL Enforcementgpl-violations.org
GPL Violations
GPL violations are not new, just like GPL licensed softwareis not newHowever, increased popularity of GNU/Linux basedsystems increase GPL violationsToday, many more people and companies unfamiliar withthe history and values of Free Software start using and(re)distributing FOSS
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
GPL ViolationsBusiness Risk of GPL ViolationsGPL Enforcementgpl-violations.org
Business Risk of GPL ViolationsOr: How to convince your managers
If you ship a product that is incompliant to the GNU GPL,you are committing a copyright infringement not differentfrom shipping a product with unlicensed copies of MSWindowsyou can face civil and criminal charges in courtcivil charges include (German jurisdiction)
immediate cease + desist (halt of product sales)information of which quantity of the product has been soldto whomdamages for lost revenue (see dual licensing)
civil charges can also be filed against everydistributor/store/importer
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
GPL ViolationsBusiness Risk of GPL ViolationsGPL Enforcementgpl-violations.org
Early GPL Enforcement
The Free Software Foundation (FSF) has alway beendoing GPL enforcement on software of which they are thecopyright holder
They do so quietly, without much public noticeThe quiet route sometimes leads to lengthy negotiationsThe FSF only holds copyright on some Free Softwareprograms
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
GPL ViolationsBusiness Risk of GPL ViolationsGPL Enforcementgpl-violations.org
The Linksys WRT54G case
During 2003, the Linksys WRT54G case drew a lot of attentionLinksys was selling 802.11 WLAN Access Points andRoutersLots of GPL licensed software embedded into the device,including Linux, uClibc, busybox, iptablesFSF-led alliance took their usual quiet approachLinksys bought itself a lot of time
Some sources were released two months laterFull GPL compliance only achieved four months later
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
GPL ViolationsBusiness Risk of GPL ViolationsGPL Enforcementgpl-violations.org
Aftermath of the Linksys case
Some developers were not happy with the Linksys caseLinksys didn’t loose anything by not complying from thebeginningFour months delay is a long time given short productlifetimes
More embedded devices started to use Linux and otherFOSSThe netfilter/iptables project started to do their ownenforcement
Using German copyright law against German subsidiary ofvendorUsing direct legal / copyright based approach
The gpl-violations.org was later established
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
GPL ViolationsBusiness Risk of GPL ViolationsGPL Enforcementgpl-violations.org
GPL Enforcement by the Community
The GPL is a Copyright LicenseGPL enforcement is thus Copyright enforcementCopyright enforcement can normally only be done bycopyright holders!Alternative (less tested) legal approaches
Competition / Anti-Trust law (by a GPL-abiding competitor)Consumer protection (The product without source code isincomplete)
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
GPL ViolationsBusiness Risk of GPL ViolationsGPL Enforcementgpl-violations.org
GPL Enforcement Requirements
Clean copyright situationWho wrote which (part of a) softwareWas the copyright transferred to an employer?
Evidence for the violationTest purchase of the software on storage mediumDetailed screenshots of download side, downloadedsoftware imagesEvidence shows no notice of GPL or source codeavailability/offer
Copyright holders who want to do enforcement
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
GPL ViolationsBusiness Risk of GPL ViolationsGPL Enforcementgpl-violations.org
GPL Enforcement by the Community
Authors/Developers of a project need to care about entitiesthat violate their licenseLegal options in case of a violation
One or multiple copyright holders do their own enforcementCopyright transfer to an entity that does enforcement
Free Software Foundationhttp://conservancy.softwarefreedom.org/Fiduciary License Agreement with the FSF Europe
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
GPL ViolationsBusiness Risk of GPL ViolationsGPL Enforcementgpl-violations.org
The gpl-violations.org work
Use all legal means neccessarry to bring infringing productin complianceWe only act where we hold copyright (Linux kernel)We typically only act within Europe, mostly in GermanySuccess so far
More than 100 amicable agreements as results ofsettlementsMore than 5 preliminary injunctions halting sales ofproducts until complianceMultiple actual court cases with court verdict
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
SummaryOutlook
Summary
GPL compliance is not difficult if you think about theproblem when you start product development.A large part of the task can be automatized by using aproper build system.There are questionable legal grey areas. To minimize therisk, I’d try to stay out of them.
Harald Welte GNU GPL License Enforcements
FOSS LicensesGPL Violations and License Enforcement
Summary
SummaryOutlook
Outlook
OutlookBlatant GPL violations in embedded devices are declining,but are likely to continue due to lack of skill or negligence.We’ll see more derivative works types of GPL violations,and we’ll see actual legal enforcement and precedent inthis area over the next years.Stronger copyright protection demanded by contentindustry will also mean stronger protection for FOSSlicenses. Imagine GPL enforcement with "three strikes" lawin France ?!?
Harald Welte GNU GPL License Enforcements