|
|
Subscribe / Log in / New account

Garrett: The ongoing fight against GPL enforcement

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 23:08 UTC (Tue) by nybble41 (subscriber, #55106)
In reply to: Garrett: The ongoing fight against GPL enforcement by zyga
Parent article: Garrett: The ongoing fight against GPL enforcement

> In proprietary world if company A licenses something from company B then company A does nothing wrong and all the fault for what company B did falls on company B. This is because licenses say nothing about distribution (other than, say, per unit/volume price).

> In libre/copyleft world this is reversed. If company A licenses/acquires something from company B and company B is a crappy/shady license violator _ALL_ of the legal problems fall on the large and complex company A. This is because our beloved copyleft licenses are distribution licenses.

That makes no sense. If the license says nothing about distribution then, per copyright law, no distribution is permitted. B thus had no legal right to provide the software to A, and A has no legal right to keep it (although, as mere recipients, they are not culpable provided they were not aware that B lacked a distribution license).

The libre/copyleft case is very similar. If B does not follow the license then it has no legal right to distribute it, which means B is in trouble for making unauthorized copies, not A. Under normal circumstances this would mean that A also has no legal right to keep the software, but most libre/copyleft licenses include the provision that anyone receiving the software has a direct license to the original, unmodified version from the original copyright holder, which they retain even if some intermediate distributor is found to be in violation. In other words, A is somewhat shielded from B's violations compared to situation with proprietary licenses.

Since libre/copyleft licenses typically restrict only distribution, not use, A only needs to ensure that A is compliant with the licenses in the event that A redistributes the software. That includes checking that B actually gave them everything they are required to provide to others per the redistribution terms, but that does not seem like a particularly onerous requirement.

to post comments

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 23:52 UTC (Tue) by zyga (subscriber, #81533) [Link] (4 responses)

I meant that you usually (when dealing with non-copyleft code) have a simple compliance chain. You got a binary/source from some company. You paid once (or pay per volume, for which the required infrastructure/experience has been in place for as long as either company exists), end of the story.

You don't have to do anything more to comply with such a license. If the agreement includes GPL/LGPL code in the mix you need to do additional steps to stay compliant. You have to retain the source for a period of two (AFAIR) years. You must have the infrastructure to offer it to your customers. You have to allow re-linking of your binaries with different version of LGPL-covered code. You may have licensing conflicts (Apache + GPL + something else end up in one binary by accident).

If someone motivated comes along, peels through those 'open source' tarballs associated with a product made by company A and finds some problem then company A has to deal with it. They may risk loss of distribution rights. You just don't get those issues with proprietary licensing.

While Your reasoning is correct (it sounds better to use copyleft) the practical ramifications that copyleft licenses have for production say otherwise. From my experience they add new steps that companies are not familiar with and are not equipped to comply with, with the same ease as they are equipped to comply with proprietary licensing.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 1:07 UTC (Wed) by rahvin (guest, #16953) [Link] (1 responses)

What is different than a upfront cost of $x or $x per unit versus some record keeping (which you have to do with the proprietary license anyway to pay that per unit cost) and making available source?

You're saying one cost (proprietary) is acceptable and expected, but the cost of GPL compliance is this big unexpected completely unreasonable thing.

It's the cost of compliance, if you can't comply don't use GPL code. And again, although the steps might be different this is no different than all the expense and tracking that commercial software requires. Sure you might find a company out there willing to cut you a pile of commercial source of a fixed one time fee but the contract WILL include auditing, tracking and other requirements. Maybe there is a single software vendor out there that doesn't but I'd wager that the chances of compliance with commercial being easier and less work than the GPL being near zero.

Just because companies are lazy and don't track, document and perform due diligence on their requirements for compliance with GPL does not excuse that behavior. It's incompetence on their part, even GPL software has a cost to use.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 12:42 UTC (Wed) by sorpigal (guest, #36106) [Link]

> You're saying one cost (proprietary) is acceptable and expected, but the cost of GPL compliance is this big unexpected completely unreasonable thing.

It's not reasonableness. Upfront costs are predictable and well understood. GPL compliance costs are variable and not well understood. Once you're out of some executive's comfort zone it's a hard sell.

In addition, compliance failure for proprietary stuff tends to be "monetary damages" and, rarely, an injunction preventing further sales. Again, lump sum payments and nothing further to worry about. For GPL you move again outside of the comfort zone.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 20:39 UTC (Wed) by davide.del.vento (guest, #59196) [Link] (1 responses)

Oh man, you talk like these tarballs are coming out of the blue! These is the stuff you are supposed to use when you develop your prototypes. If you can't deal with them in the first place, your product will not work. You just need a website where people can download them, which, sure would cost too much, because, you know, websites can cost up to few bucks per month these days..

I'm sure you won't use these tarballs to create the production stuff you ship, but that stuff doesn't come out of the blue either. You must have a prototype first, which at a given time you freeze.

Your excuses sound pathetic.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 2, 2012 9:27 UTC (Thu) by zyga (subscriber, #81533) [Link]

If you have 3rd party suppliers that provide almost everything for you then this is a real problem. If you think everything is rebuilt then you surely have an idealistic view of how production works. Often all you do is build your app on top of a toolkit ant 3/4 of the "open source" code there is just whatever was provided by the supplier.

Now suppose a tarball you got does not properly match the binary (which you don't really care about as long as it works, you also don't have the time expertise or time to rebuild and test all components). Now you have a license compliance issue that puts your product at risk.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 0:02 UTC (Wed) by dlang (guest, #313) [Link] (4 responses)

the principal of first sale comes into play in the normal case.

If the supplier paid for the component, you don't have to even think about any issues related to that component.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 0:15 UTC (Wed) by nybble41 (subscriber, #55106) [Link] (2 responses)

The principle of first sale applies equally to copies of proprietary software and copies of GPL software. If you don't need a distribution license in the proprietary case, you don't need to accept the GPL either. On the other hand, if you *do* need a distribution license, then compliance with its terms is entirely your responsibility either way. For the GPL, all you really need to do is package up the source you used to build your own binaries and distribute it along with them. Making sure you can rebuild the binaries you're redistributing from the source you received isn't a particularly high hurdle.

If course, if you still think proprietary licenses are easier, you're welcome to avoid GPL software. It's your loss.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 0:23 UTC (Wed) by dlang (guest, #313) [Link]

as I understand it, the key is if the transaction is structured as a sale or as a license.

yes, there are conflicting cases on this that have weakened first sale, but there's still teeth in it.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 5:52 UTC (Wed) by dlang (guest, #313) [Link]

going in to more detail.

yes, first sale applies to GPL code as well.

If it didn't you would see people sueing wallmart, best buy, etc instead of Cisco (after all, you probably didn't buy the netgear access point directly from Cisco.

Looking at this from another way.

If someone doesn't copy anything, then there is no way for a copyright license to apply.

So if you were to buy devices with GPL code in them, not copy anything, and sell them again, there is no way that a copyright license can force you to do anything as you are not making any copy.

What "first sale" would _not_ give you is any right to make copies of the GPL code

This doesn't help the supplier problem because the supplier isn't providing you with a separate copy of the binary for each device, they are giving you source code (or a file binary) that you then copy on to each device.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 0:15 UTC (Wed) by BrucePerens (guest, #2510) [Link]

Vernor v. Autodesk limits the doctrine of first sale with regard to software.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds