|
|
Log in / Subscribe / Register

Garrett: The ongoing fight against GPL enforcement

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 23:52 UTC (Tue) by zyga (subscriber, #81533)
In reply to: Garrett: The ongoing fight against GPL enforcement by nybble41
Parent article: Garrett: The ongoing fight against GPL enforcement

I meant that you usually (when dealing with non-copyleft code) have a simple compliance chain. You got a binary/source from some company. You paid once (or pay per volume, for which the required infrastructure/experience has been in place for as long as either company exists), end of the story.

You don't have to do anything more to comply with such a license. If the agreement includes GPL/LGPL code in the mix you need to do additional steps to stay compliant. You have to retain the source for a period of two (AFAIR) years. You must have the infrastructure to offer it to your customers. You have to allow re-linking of your binaries with different version of LGPL-covered code. You may have licensing conflicts (Apache + GPL + something else end up in one binary by accident).

If someone motivated comes along, peels through those 'open source' tarballs associated with a product made by company A and finds some problem then company A has to deal with it. They may risk loss of distribution rights. You just don't get those issues with proprietary licensing.

While Your reasoning is correct (it sounds better to use copyleft) the practical ramifications that copyleft licenses have for production say otherwise. From my experience they add new steps that companies are not familiar with and are not equipped to comply with, with the same ease as they are equipped to comply with proprietary licensing.

to post comments

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 1:07 UTC (Wed) by rahvin (guest, #16953) [Link] (1 responses)

What is different than a upfront cost of $x or $x per unit versus some record keeping (which you have to do with the proprietary license anyway to pay that per unit cost) and making available source?

You're saying one cost (proprietary) is acceptable and expected, but the cost of GPL compliance is this big unexpected completely unreasonable thing.

It's the cost of compliance, if you can't comply don't use GPL code. And again, although the steps might be different this is no different than all the expense and tracking that commercial software requires. Sure you might find a company out there willing to cut you a pile of commercial source of a fixed one time fee but the contract WILL include auditing, tracking and other requirements. Maybe there is a single software vendor out there that doesn't but I'd wager that the chances of compliance with commercial being easier and less work than the GPL being near zero.

Just because companies are lazy and don't track, document and perform due diligence on their requirements for compliance with GPL does not excuse that behavior. It's incompetence on their part, even GPL software has a cost to use.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 12:42 UTC (Wed) by sorpigal (subscriber, #36106) [Link]

> You're saying one cost (proprietary) is acceptable and expected, but the cost of GPL compliance is this big unexpected completely unreasonable thing.

It's not reasonableness. Upfront costs are predictable and well understood. GPL compliance costs are variable and not well understood. Once you're out of some executive's comfort zone it's a hard sell.

In addition, compliance failure for proprietary stuff tends to be "monetary damages" and, rarely, an injunction preventing further sales. Again, lump sum payments and nothing further to worry about. For GPL you move again outside of the comfort zone.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 20:39 UTC (Wed) by davide.del.vento (guest, #59196) [Link] (1 responses)

Oh man, you talk like these tarballs are coming out of the blue! These is the stuff you are supposed to use when you develop your prototypes. If you can't deal with them in the first place, your product will not work. You just need a website where people can download them, which, sure would cost too much, because, you know, websites can cost up to few bucks per month these days..

I'm sure you won't use these tarballs to create the production stuff you ship, but that stuff doesn't come out of the blue either. You must have a prototype first, which at a given time you freeze.

Your excuses sound pathetic.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 2, 2012 9:27 UTC (Thu) by zyga (subscriber, #81533) [Link]

If you have 3rd party suppliers that provide almost everything for you then this is a real problem. If you think everything is rebuilt then you surely have an idealistic view of how production works. Often all you do is build your app on top of a toolkit ant 3/4 of the "open source" code there is just whatever was provided by the supplier.

Now suppose a tarball you got does not properly match the binary (which you don't really care about as long as it works, you also don't have the time expertise or time to rebuild and test all components). Now you have a license compliance issue that puts your product at risk.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds