LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Announcements page

Recent Features

Relicensing and rebasing LibreOffice

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The SFLC's Guide to GPL Compliance

[Posted August 20, 2008 by corbet]

The Software Freedom Law Center has released A Practical Guide to GPL Compliance, a document which appears to be aimed at corporate management. It is a detailed and clear discussion of the issues as seen from the SFLC point of view. "The companies we contact about GPL violations often respond with: 'We didn't know there was GPL'd stuff in there'. This answer indicates a failure in the software acquisition and procurement process. Integration of third-party proprietary software typically requires a formal arrangement and management/legal oversight before the developers incorporate the software. By contrast, your developers often obtain and integrate FOSS without intervention. The ease of acquisition, however, does not mean the oversight is any less necessary. Just as your legal and/or management team negotiates terms for inclusion of any proprietary software, they should be involved in all decisions to bring FOSS into your product."
(Log in to post comments)

The SFLC's Guide to GPL Compliance

Posted Aug 20, 2008 17:05 UTC (Wed) by nix (subscriber, #2304) [Link] 

What a good document. I've sent it to a bunch of movers and shakers in the legal department
where I work already: they've been shivering with fear about the horrible danger of GPLed
stuff already, even though we don't distribute a thing. Maybe this will calm them :)

(My only tiny quibble would be small bits of legalese that slipped in. e.g.:

"No distribution (including redistribution) is permissible absent adherence to the license
terms."

Normal English-speakers have said 'without' for centuries. 'Absent' in that position is
sufficiently archaic that my first impression was that the sentence was gramatically
incorrect!

(I'd suggest 'without adhering', actually: gerund it up a bit.)

The SFLC's Guide to GPL Compliance

Posted Aug 20, 2008 17:55 UTC (Wed) by JoeBuck (subscriber, #2330) [Link]

This use of "absent" is lawyer-speak; I commonly see it used in legal language.

One interesting note that the article makes clear is that, for a maker of embedded products, GPLv3 is easier to comply with than GPLv2, as it's valid to over sources only online. With GPLv2, if you don't include sources with the binary, you have to be prepared to ship them on physical media for three years after the last product goes out.

The SFLC's Guide to GPL Compliance

Posted Aug 20, 2008 18:20 UTC (Wed) by vmole (guest, #111) [Link]

So include sources with the binary. Your product almost always already includes a CD. I can't think of anything I've bought in the last several years, other than cheap unmanaged switches, which I doubt are anything except pure hardware, that didn't include a coaster. $10 yumcha network cards? Check. Cheap routers, wireless or otherwise? Check. Phone? Check. Even if you wouldn't normally include a CD, stick one in the box. To avoid confusing your customers, put a PDF copy of the user's manual on it, and put the source code in a sub-directory named "license_compliance", which most people will avoid like the plague, but will be easily found by those of us who do care.

I say all that as a former developer for a 4-5 person company. Yes, we used some GPL (and other FOSS-licensed) software in our product. Yes, we complied with the licenses. It's just not that hard. If you don't know that you're shipping GPL software, then your development/management process is seriously broken, or your developers are lying, or you're lying. If your business plan requires that your software be proprietary, that's okay, but then stop stealing other people's work.

CDs

Posted Aug 20, 2008 19:48 UTC (Wed) by louie (subscriber, #3285) [Link] 

Things that I've bought of late that didn't include CDs:

* my TV (Panasonic; has linux in it)
* my wireless router (Linksys; has linux in it)
* my laptop (had linux installed on it by Emperor Linux; pretty sure it didn't come with a CD
from them but might not be remembering it)
* my phone (didn't have linux in it, but the next one likely will, and it still won't come
with a CD most likely)

CDs are extra cost and complexity to packaging, and they sort of scare users. No reason to
include it if not necessary.

CDs

Posted Aug 20, 2008 19:58 UTC (Wed) by vmole (guest, #111) [Link]

Come on, the cost of throwing a CD labeled "User's Manual" into the box with a TV is negligible. Likewise the laptop and the phone (assuming a smartphone running Linux is likely a $200 item (not counting provider subsidies)). The router is borderline, but wouldn't it be easier to ship a CD than keep the code available (that exact version, remember) for three years?

CDs are HUGE logistic problem

Posted Aug 20, 2008 21:02 UTC (Wed) by khim (guest, #9252) [Link]

Firmware for products is updated quite often. May be not every week, but few times per year. This means you need to keep many different CDs around, remember to put correct version in the box, etc. They don't offer rescue disks for Laptops because if this problem - and laptops are 10 times plus more expensive then routers!

CDs are HUGE logistic problem

Posted Aug 21, 2008 14:51 UTC (Thu) by donbarry (guest, #10485) [Link] 

This is merely a matter of business process.  When developing from a 
proprietary codebase, each release must be reviewed such that the
license considerations of the providers are satisfied, the appropriate
licensing revenue stream encumbered and distributed, etc.  

It's just that with free software this otherwise invisible component
of development becomes wholly visible -- the "business review" is done
(whether you want it or not) outside the beancounter box, not in it.

And as many have said -- it is entirely your choice.  But if you use
others' software, you should respect their license.  You don't have to
use it.  (though I'm entirely one with rms in the conclusion that only
free software is ethical from the point of view of total benefit of
the ecosystem)

What this has to do with anything?

Posted Aug 21, 2008 21:27 UTC (Thu) by khim (guest, #9252) [Link]

Vmole asked: wouldn't it be easier to ship a CD than keep the code available (that exact version, remember) for three years.

I've asnsered: no, it wouldn't - because for the "exact some version" requirement. It's easier to put sources for all revisions of ftp instead and send CD-R with these source if someone will actually request them and will pay for them.

Now you come and explain that if you use others' software, you should respect their license. Again: how it's related to question at hand? I've lost the connection...

The SFLC's Guide to GPL Compliance

Posted Aug 20, 2008 20:31 UTC (Wed) by nix (subscriber, #2304) [Link] 

Of course I had a grammatical error (well, actually a typographic one) in 
there. It was intentional, honest!

But let's close that dangling bracket:

)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds