Dealing With a GPL Violation? 204
Sortova writes "For many years now I've been maintaining OpenNMS, a free and open source network management framework published under the GPL. A couple of years ago it came to our attention that a company called Cittio was using OpenNMS as part of their proprietary and commercial network management application. I talked with Jamie Lerner, the Cittio founder, and he assured me that Cittio was abiding by the GPL. However, we were recently contacted by a potential client who was also considering Cittio's Watchtower, and it appears that they are not disclosing that they are using GPL'd code or at least not in the clear and concise fashion required by the GPL, including the offer of source code for all of the code they are including and any changes being made to that code. Since the copyright for OpenNMS is held by a number of commercial companies, the Software Freedom Law Center is not able to help us defend or even investigate a potential violation. I was curious if anyone here on Slashdot had experienced anything similar or has any advice?"
You don't know they are in violation (Score:5, Informative)
You also make the claim:
FAIL.
Check out the SFLC guidelines. (Score:5, Informative)
The SFLC's Legal Issues Primer for Open Source and Free Software Projects [softwarefreedom.org] covers this. You probably want to give it a read.
Still, if it's really important, ask a lawyer, don't ask Slashdot.
Do a little digging yourself, get a lawyer (Score:5, Informative)
Once you're reasonably sure they're in violation, consult a lawyer who knows IP law, preferably one familiar with the GPL in particular. Even on Slashdot, I'm not going to try giving you advice beyond that. It's not cheap, but there's a decent chance of getting legal expenses awarded in court.
Re:Do a little digging yourself, get a lawyer (Score:4, Informative)
Re:You don't know they are in violation (Score:3, Informative)
"postgresql-8.0.2.tar.gz ... GNU General Public License (GPL)"
Wrong license. As mentioned on the PostgreSQL site [postgresql.org] page, the project uses the BSD license.
Re:Check out the SFLC guidelines. (Score:5, Informative)
Re:You don't know they are in violation (Score:3, Informative)
I'm a little surprised they don't provide links to the projects directly - either by project site or downloadable tarball - but it doesn't exactly look like they're hiding their use of OSS code. Technically just announcing that they use OSS (especially without linking to the projects, let alone any modifications they made) isn't enough for compliance, but the summary gave the impression that Cittio gave no indication that they use any OSS. This is patently false.
Re:You don't know they are in violation (Score:2, Informative)
The GPLv3 is much, much more specific about that. Specifically:
The GPLv3 also defines what 'distribution' is, by using the terms 'conveying' and 'propagating', instead, and then defining those (for some reason, redefining distribution is not kosher, legally speaking). Thus:
Though I wonder why you are apparently anti-GPL, whatever your thoughts on it, I must insist that you at least discuss points relevant to the license itself. Thank you, however, for sharing your thoughts and opinions: if nothing else, you'll provide someone out there something good to think about.
This is well documented already!!! (Score:5, Informative)
You've achieved your desired goal (Score:5, Informative)
That said, it's not at all clear that you had anything to complain about. If SFLC won't help you for the reason you gave, that means you don't have any standing in the matter. You can't sue anyone about it. So, there's not much use in complaining.
IMO, you should make real sure that you at least own the copyright of your own work before you contribute any more.
Bruce
As has been said: They don't have to give the code (Score:5, Informative)
...out on the web. Nothing in the GPL says that a licensee has to freely offer the code to absolutely anyone free of charge, to anyone that asks, in the manner the asker chooses. It says that they have to offer the code, in a manner of their choosing to anyone that asks.
In a commercial hardware product, that means that the company can insist on only distributing the code by sending it to you as a bunch of floppy disks, for all the GPL cares.
Now, once someone has the code, that person can then re-distribute the GPLed code however they feel.
One example: My Toshiba HD DVD Player [toshiba.com] (don't laugh, it was a present,) contains GPL code. Toshiba doesn't make this fact obvious. It's buried in the manual for the product. Toshiba doesn't make the code available on their website, because they're not required to. To quote the GPL 2.0 that my Toshiba uses:
The internet isn't the only medium customarily used for software interchange. And they are allowed to charge a reasonable fee for duplication and distribution. (See GPL section 1.) If they really felt ornery, they would be perfectly within their rights to charge you for the physical cost of a bunch of floppies, and the time (at minimum wage, or even higher,) some flunky had to spend copying onto those floppies.
Re:What's the menu path to that? (Score:2, Informative)
It's not under Products - Watchtower
It's at: Technology - Open Source Components, so yes, that's up on the main menu, though sideways from Watchtower.
Re:You don't know they are in violation (Score:5, Informative)
This is not entirely true.
For commercial distribution, the source has to either be included with every copy of the binary, OR the GPL requires a written offer which to any third party, including third parties who are not their customers.
If they chose option (b) for distribution of their source code, then they do have to give something to non-customers, in order to avoid violating the GPL.
That way their customers can re-distribute the binaries and pass along the offer to others.
See the GNU General Public license version 2 section 3.b: b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
Re:You've achieved your desired goal (Score:3, Informative)
Re:You don't know they are in violation (Score:2, Informative)
Re:You don't know they are in violation (Score:3, Informative)
The distribution could include a "coupon" for the source code, so long as the coupon is transferable. That wouldn't mean they'd have to give anyone the source code just because they asked for it.
Re:You don't know they are in violation (Score:3, Informative)
I found this on their site in the faqs about licensing page you can go look too.
What does "written offer valid for any third party" mean in GPLv2? Does that mean everyone in the world can get the source to any GPL'ed program no matter what? [fsf.org]
If you choose to provide source through a written offer, then anybody who requests the source from you is entitled to receive it.
If you commercially distribute binaries not accompanied with source code, the GPL says you must provide a written offer to distribute the source code later. When users non-commercially redistribute the binaries they received from you, they must pass along a copy of this written offer. This means that people who did not get the binaries directly from you can still receive copies of the source code, along with the written offer.
The reason we require the offer to be valid for any third party is so that people who receive the binaries indirectly in that way can order the source code from you.
They have attempted to narrow it down a bit, but it still says the same sentiment. Any third party means just that.
Re:You don't know they are in violation (Score:3, Informative)
The clearest way to see that this is nonsense is to ask yourself this question -- without a copy of the written offer and without having directly distributed to how, how could the distributor possibly know exactly what source code to give you?
It only makes sense if they can be required to show you a copy of the written offer.
Thanks for the correction.