Widespread Linux GPL violations alleged (Linux-Watch) [LWN.net]

Widespread Linux GPL violations alleged (Linux-Watch)

Posted Jun 28, 2006 16:35 UTC (Wed) by JoeBuck (subscriber, #2330) [Link]

You are allowed to charge a fee to recover expenses. If you offer to send someone a CD-ROM, you can charge not only for the disk and the mailing, but also for the time of the employee who answers the mail, makes the disk and mails it.

Widespread Linux GPL violations alleged (Linux-Watch)

Posted Jun 28, 2006 16:53 UTC (Wed) by jreiser (subscriber, #11027) [Link]

Agreed. The problem for an individual doing it as a hobby, or even a small business, is setting the rate. A flat fee of $20 per CD (plus foreign postage, if any) comes to mind, considering the inefficiencies of low volume; but defending this against a serious [or nuisance] dispute becomes a hassle. You can compare with other CD distributors, but distinguishing loss-leaders is problematic. Then there is collecting the fee; PayPal has its disadvantages, too.

Widespread Linux GPL violations alleged (Linux-Watch)

Posted Jun 28, 2006 16:59 UTC (Wed) by kh (subscriber, #19413) [Link]

I do not think $199, prepaid, with a prepaid return shipping envelope would be unreasonable. The value of the source code is certainly much higher than that. I do not see any reason to do it cheaply....

Widespread Linux GPL violations alleged (Linux-Watch)

Posted Jun 28, 2006 17:08 UTC (Wed) by meffie (guest, #3120) [Link]

Hmmm. Good point. What's to stop someone from asking a million dollars for the source via CDs, but make binaries available via http/ftp? Would that still be in violation of the GPL?

Widespread Linux GPL violations alleged (Linux-Watch)

Posted Jun 28, 2006 17:19 UTC (Wed) by kirkengaard (subscriber, #15022) [Link]

The fact that we're talking about source that is generally available elsewhere, and the market forces against charging unreasonable sums, because the user will simply go elsewhere, and may stop using your product. Ground yourself in the discussion.

Widespread Linux GPL violations alleged (Linux-Watch)

Posted Jun 28, 2006 17:22 UTC (Wed) by kirkengaard (subscriber, #15022) [Link]

And the GPLv3 clause "for a price no more than ten times your cost of physically performing source distribution" in 6b. So, unless it costs you $100,000 to produce a source distribution, $1,000,000 is a violation of the GPL.

Widespread Linux GPL violations alleged (Linux-Watch)

Posted Jun 28, 2006 17:24 UTC (Wed) by JoeBuck (subscriber, #2330) [Link]

The GPL specifies "a charge no more than your cost of physically performing source distribution". If someone claims that you overcharged, it suffices to show what your costs were. Your costs were not a million dollars. However, you are allowed to charge for the time of any person who does the work, that is a cost. It typically costs a company 2x an employee's salary to have that person on staff (taxes, benefits, costs of the office space and equipment).

Now, if you're an outfit like the old CheapBytes, and are able to send people a disk full of binaries for under $5, you'd have a hard time claiming that you can't send them a disk full of source for less than $100. But that's because you have a volume operation; the fixed costs are shared over a lot of customers. A company with an embedded Linux product is going to have only a very few people requesting full source, so the costs of providing that source get divided over fewer people; a charge in the $50 range, I think, is easily defensible.

Widespread Linux GPL violations alleged (Linux-Watch)

Posted Jun 28, 2006 17:42 UTC (Wed) by kh (subscriber, #19413) [Link]

And I am sure you could get CheapBytes or a similiar company to distribute your non-modified source for you. On the other hand charging in the $200 price range for one off CDs is not unreasonable I think with labor. Your right on for volume with source CDs though - the FSF charges $45 for their source CDs. I think this is mostly just FUD for the GPL.

Widespread Linux GPL violations alleged (Linux-Watch)

Posted Jun 28, 2006 18:12 UTC (Wed) by flashydave (subscriber, #29267) [Link]

I think the "physically" word is key here. I am in a dispute with a vendor using a coldfire linux port in an embedded system who is trying to charge me 15K GBP and 6 month lead time for the cost of arranging the his modified source code into a form he can distribute it. Short of suing him privately or grassing on him to the FSF or developing alternative solution myself (in true RMS spirit) there seems little I can do to resolve the matter if I want to use this vendors product.

There is an interesting page at http://gnu.fyxm.net/philosophy/selling.html which talks about the consequences of assigning a high price if you are a developing and Open Source Project. Depends if you need external help or want to gain popularity - neither of which are the case with embedded systems.

Widespread Linux GPL violations alleged (Linux-Watch)

Posted Jun 28, 2006 19:47 UTC (Wed) by k8to (subscriber, #15413) [Link]

50 dollars for a CD of the source is very defensible, but it's also full
of hassles. A small time open source outfit may not have systems set up
for small billing and shipping, and so putting this in place may take
time away from other activities, or cut into time attempting to achieve
profitability in other areas. That's the gripe of Mr. MEPIS.

However, this is simply a cost of doing business. Instead of buckling
down and doing the work, Mr. Woodford would prefer to gripe about the
cost of doing business. The requirements to provide source have a
practical goal in the GPL, and the "pain" the MEPIS project is feeling is
the that the source availability clauses require his project to do their
part to ensure source availability. Without these clauses his project
might not have ever been able to exist.

In short, this is a tempest in a teacup by someone who should know
better. I don't really understand why it's news, but once Newsforge ran
the story, it was.

Widespread Linux GPL violations alleged (Linux-Watch)

Posted Jun 29, 2006 7:23 UTC (Thu) by Wol (guest, #4433) [Link]

For an individual DOING IT AS A HOBBY, they've always got the advantage of that clause "pass on the offer from where they got the source".

So if I'm doing a HOBBY distro, I just say "here's my modified sources, unmodified stuff I got from X, go and get it from there".

But that option is explicitly not given to businesses by the GPL.

Cheers,
Wol

Widespread Linux GPL violations alleged (Linux-Watch)

Posted Jun 29, 2006 14:31 UTC (Thu) by vondo (guest, #256) [Link]

No, they don't. That clause is if you download someone else's binary and redistribute it. If you download someone's sources and distribute a compiled version, you have to supply the sources regardless of your "for-profit" status.

Widespread Linux GPL violations alleged (Linux-Watch)

Posted Jun 30, 2006 19:29 UTC (Fri) by landley (guest, #6789) [Link]

Actually, the FSF seems to be on a campaign to stamp out GPLv2 clause 3
(b). Under clause 3(b), you only have to provide source to people who ask
for it, when they ask for it. Nothing _requires_ me to mirror the source,
just to respond to requests for it.

Now the original license contemplated me firing up my 5 1/4" floppy drive
and mailing them a cpio.Z archive, but these days a mime attachment to the
reply email works pretty well too. But why is "Here's a currently URL the
source is at" an insufficient 3(b) response? What's the difference
between a URL to my personal web page, a URL to my sourceforge project,
and a URL to somebody else's sourceforge project as long as _at_that_time_
the URL is good and the person whose site I'm pointing to doesn't object
to the traffic?

And let's be clear, Ubuntu does _not_ object to extra traffic from Mepis,
they quoted Mark Shuttleworth in a press release _gushing_ about them:
http://www.mepis.org/node/9454

The FSF is inventing trouble, all in the name of showing us how much more
draconian and inconvenient gplv3 will be than gplv2.

P.S. People keep frothing about "but source code to old versions can be
hard to come by 5 years later". Yeah, and the GPL only requires that you
provide source for 3 years after you take down the binaries, no matter
what you do. So trying to browbeat people into doing additional mirroring
doesn't help with that particular red herring. Go talk to archive.org or
ibiblio or somebody if you want a historical archive to something you
never bothered to get a copy of the source to.

Widespread Linux GPL violations alleged (Linux-Watch)

Posted Jun 29, 2006 9:45 UTC (Thu) by viro (subscriber, #7872) [Link]

Good grief... Put the modified sources for download, add pointers
to debian mirrors for the rest and have an image with all sources
for those who really, really want it all from you on a disk. At which
point you are going to have very few orders for the last item - just
about anyone will be happy to follow the damn link. If something
disappears from upstream, put a copy locally; that really is a
reasonable requirement since hunting down a nowhere-to-be-found source
of ancient version is going to annoy the living hell out of any
user who needs to debug stuff...

Widespread Linux GPL violations alleged (Linux-Watch)

Posted Jun 29, 2006 12:01 UTC (Thu) by nix (subscriber, #2304) [Link]

Exactly. If you can afford the FTP space, bandwidth &c for binaries (for who-knows-how-many architectures), then you can certainly afford the space and bandwidth for (much less heavily downloaded) source code. The disk space for all the source in a Linux distro these days costs, what, $10? Less? Certainly *far* less than the bandwidth costs you'll already be eating...

Widespread Linux GPL violations alleged (Linux-Watch)

Posted Jun 29, 2006 23:20 UTC (Thu) by sammythesnake (guest, #17693) [Link]

The source debian 3.2 comes on 3 DVDs, that's somewhere between 9 and 13.5GB of data. Per release. Bear in mind that the testing and unstable version must all also be backed up with availability of source for 3 years and these are changing on an hourly basis, let alone daily. I wouldn't be surprised if the cost of this is *considerably* more than $10 :-p

Of course, debian is a particularly large distro, so the figures may be smaller for any other specific distro. Also, if you only distribute releases and no development code, that makes your life easier, too.

Cheers & God bless
Sam "SammyTheSnake" Penny

Widespread Linux GPL violations alleged (Linux-Watch)

Posted Jul 3, 2006 23:15 UTC (Mon) by nix (subscriber, #2304) [Link]

Come on, 13Gb is nothing. 13Gb times even as many as ten or fifteen releases isn't much. I have more storage than needed for that *at home*, and I only spent 200 quid on it (I had to, my older disks were dying).

It's nearly impossible to get disks so small that you can't fit that sort of thing on them anymore, at least in the Western world.

Bandwidth is more likely to be a problem if the churn and access rates are high: but if that's true, it's likely to be a popular distro and so probably using colo or a mirror network.

(And there's always http://www.coralcdn.org/.)

Widespread Linux GPL violations alleged (Linux-Watch)

Posted Jun 28, 2006 17:16 UTC (Wed) by kirkengaard (subscriber, #15022) [Link]

Ah. We are pointing at GPL3 and freaking out. Again.

"This obligation is specified even more strongly in section 10 of the draft for the third version of the GPL, which specifically states that "downstream users" (those who, like Woodford, adopt the work of another project -- the "upstream distributor" -- for their own use) fall under these obligations." (NewsForge article in sub-link)

Because the worry from the FSF is that the upstream distributor may disappear, and the downstream users must future-proof themselves. Which is really just an expansion on the whole idea that we provide source code to the world so that the project does not die with us or our lack of interest at some point. We distribute full source to protect the users, and so also ourselves, because we're all users.

From GPLv3, current draft:
"10.[6] Automatic Licensing of Downstream Users.

Each time you redistribute a covered work, the recipient automatically receives a license from the original licensors, to propagate and modify that work, subject to this License, including any additional terms introduced through section 7. You may not impose any further restrictions on the recipients' exercise of the rights thus granted or affirmed, except (when modifying the work) in the limited ways permitted by section 7. You are not responsible for enforcing compliance by third parties to this License. "

How is this so horrible and onerous? Distribute GPL software, be subject automatically to the GPL. Section 7 is long, and I'm not reprinting it here. It's not hard to find. It's optional additional restrictions. The only one I see that might apply here is "d) They may require that the work contain functioning facilities that allow users to immediately obtain copies of its Complete Corresponding Source Code.", and it's not part of the base GPL. Read section 6 for the means of source distribution.

" a) Distribute the Object Code in a physical product (including a physical distribution medium), accompanied by the Corresponding Source distributed on a durable physical medium customarily used for software interchange; or,
b) Distribute the Object Code in a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give any third party, for a price no more than ten times your cost of physically performing source distribution, a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange; or,"

You all have several copies of GPLv2 on your systems, I'm sure. Grab one and read section 3 and compare. 3a and 3b are very like 6a and 6b.