Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
GNU is Not Unix Software The Courts Linux

SFLC Finds One New GPL Violation Per Day 187

eldavojohn writes "In July, the Software Freedom Law Center (SFLC) leveled the finger at Microsoft for a GPL violation but how often does this actually happen? Sunday, Brad M. Kuhn (tech director at the SFLC) stated in his blog that since August of 2009 he has been finding about one per day. So why is it that we have only covered a handful of these cases in the news? Brad offers sage wisdom; surprisingly, he recommends, 'Don't go public first. Back around late 1999, when I found my first GPL violation from scratch, I wanted to post it to every mailing list I could find and shame that company that failed to respect and cooperate with the software freedom community. I'm glad that I didn't do that, because I've since seen similar actions destroy the lines of communication with violators, and make resolution tougher.' Public shame is evidently not always the best answer. Ars has a few more details and notes that (in accordance with Brad's advice) lawsuits are usually a dead last resort."
This discussion has been archived. No new comments can be posted.

SFLC Finds One New GPL Violation Per Day

Comments Filter:
  • closed up (Score:2, Funny)

    by runyonave ( 1482739 )
    hardcore closed source company is alwyas going to have violations. Also it's Microsoft.
    • Re:closed up (Score:5, Insightful)

      by jellomizer ( 103300 ) on Tuesday November 10, 2009 @12:19PM (#30046728)

      open source project have violations too. Using someones patented ideas, calling a library that isn't GNU compatible. The program is performing a function that is illegal such as DRM disabling. That is why you need to be civil with dealing with people for violations. As chances are you have made a mistake and created a violation yourself.

      • Re:closed up (Score:5, Insightful)

        by tnk1 ( 899206 ) on Tuesday November 10, 2009 @12:33PM (#30046988)

        Be civil and *document*. If it does come to court, your kind requests (in writing) to desist, as well as your flexibility in helping them identify and correct their violation will help make the case that you have taken the needed steps to protect your property without being an asshole. Their response, or lack thereof, will then be a building block in your case should it come to that.

        Remember, civil court is usually just a judge and that judge may react somewhat differently if it is clear you are a jerk. While it is true that they may have to rule in your favor even if you are a jerk, they are unlikely to make it easy on you. There are many things judges can to to move things along that are at their discretion.

        Treat every communication for violation as it it was going to be entered into evidence, but remember, court costs money and (more importantly) time. You are much better off if you are getting violators to comply without taking it to that level.

        • Re: (Score:3, Interesting)

          by jim_v2000 ( 818799 )
          Who can sue over a GPL violation? Doesn't it have to be the author of the code?
          • Depends on the country. In some countries, attorneys can proxy standing for a violated party without the violated party's consent.

          • Who can sue over a GPL violation? Doesn't it have to be the author of the code?

            The GPL gives certain rights to the end-user, so the end-user can sue as well. Besides the author and the user, I believe the FSF can also take the case.

            • by amorsen ( 7485 )

              The GPL gives rights to the end-user, but that doesn't give the end-user any standing to sue. Unfortunate perhaps, but that's the law. The same goes for the FSF.

              • by Toonol ( 1057698 )
                They can sue if they've been damaged. There's less opportunity for an end-user to get damaged; they aren't damaged by the infractor's copyright violation. They could be damaged, for instance, if they needed to make modification to the source, but the vendor wouldn't release it.
                • by amorsen ( 7485 )

                  The end-user doesn't have an agreement with the vendor. The GPL isn't in force, because the vendor obviously didn't accept it (otherwise the vendor would have complied with it). It's a simple copyright violation, and someone who doesn't own the code can't sue for copyright violation.

      • To be fair, I would say that most people working in open-source software think that patents on ANY software are bullshit. They simply ignore them. Patents on software are immoral, as is locking up your source code, so both are eschewed by most free software developers. Just because it's illegal doesn't mean it's wrong, and just because it's wrong doesn't mean that it's illegal.
        • Patents on software are immoral, as is locking up your source code

          Software patents (and other forms of stupid patents) are not morality issues. It is just stupid policy to allow dumb patents. It does not further innovation and in fact just wastes people's time and energy. There are plenty of ways to argue against these bad patents, but claiming they are immoral is a stretch and just causes people to dismiss the issue.

          The same can be said of deciding whether to release the source code to a program or not. If I write a piece of software, what I do with it is my business

        • Re: (Score:2, Interesting)

          "It's OK to violate the GPL because ..."

          The GPL has a patent clause because the intent was to build an ecosystem of patent-free (or freely redistributable) software. Software patents suck, but simply ignoring them just pushes the problem farther down the line.

          The result is a bunch of pseudo-free software that can only be legally distributed in some vaguely unspecified countries in "Europe" where software patents aren't enforced. And that causes problems for end users and distros because it's not exactly cle

          • Re: (Score:3, Informative)

            by Anonymous Coward

            AFAIK its pretty much only the US, Australia, Japan and South Korea that considers those patents valid, the rest of the world doesn't. (The vaguely unspecified countries in europe would be all EU members AFAIK)

            Ofcourse those countries are important enough to make it a problem, but personally i don't mind just ignoring the patents and simply not distribute anything to those countries, (If anyone wants to distribute software in the US he can hire a lawyer, i'd rather not care though)

      • Re: (Score:2, Insightful)

        by Stormwatch ( 703920 )

        The program is performing a function that is illegal such as DRM disabling.

        Yes, and the problem is...?

      • Re:closed up (Score:5, Insightful)

        by imp ( 7585 ) on Tuesday November 10, 2009 @01:29PM (#30048030) Homepage

        I've been involved in an open source project (FreeBSD) for a long time. There have been a number of complaints about GPL violations in the past. These complaints are usually made in private. That helps a lot. Often times the compaints are wrong (The GPL code that was alleged to have been taken and improperly included in FreeBSD turned out to have been taken from BSD 4.4lite and incorporated into the GPL code was the worst example). There have also been cases where the same code appeared in drivers in multiple places. Again, that wasn't a GPL violation because both places took the code from a common data sheet. Sometimes supposed violations are cleaned up out of an abundance of caution: it isn't clear the code is improperly included, but the code in question is easy to rewrite and/or icky to start with.

        There are also times where GPL code is improperly imported code from BSD as well. Even when these are found it isn't always worth it to complain. Sometimes the gain from complaining is so small that it is easier to just let the folks use the code and not worry too much about it. Sometimes having the code out there and improperly licensed is better than getting it removed from the code base.

        In general, I've found that most people that aren't lawyers don't know the law or the provenance of the code very well. By complaining in private, you get a chance to learn a bit about both. You also give people a chance to make it right. With large open source projects, the chances for accidental mistakes are high. The projects are generally keen to avoid the mistakes in the first place, and even keener on making sure that they get ironed out after the facts. Turns out most companies have a similar view and will do the right thing when asked (but sometimes it takes a little time, which is OK: the GPL never said instantly on demand).

        Of course, this begs the question about the validity of the License to use GPL software after a violation has occurred, the scope to which license is lost, how to get it back, etc. GPLv2 is silent on the issue, while GPLv3 gives you one shot to fix it (but that's likely insufficient for large companies that have multiple product lines done by disjoint sets of people all of whom aren't educated on the finer points of incorporating GPL software into their products).

        • by JoeBuck ( 7947 )
          Under GPLv2, if you violate the terms, you lose the license, meaning that you can no longer copy or modify the work at all, and there is nothing in the GPL (v2) itself to get the license back. However, the copyright holder can forgive the violation and reinstate the license.

          Likewise, under GPLv3 the copyright holder can give you additional shots to get the license back.

          It's important to remember that the copyright holder's powers go beyond the terms. This does create problems for projects with hundreds

      • open source project have violations [...] calling a library that isn't GNU compatible.

        I take it by "GNU compatible" you mean GPL compatible?

        Or were you suggesting that calling a library which can't be used on the GNU OS (with, of course, the wonderful microkernel Hurd) will bring forth the wrath of the Holy Warrior Stallman who will then be forced to swing with his katana[1][2]? ;-)

        [1] []
        [2] []

        As much as I like the latter interpretation, I'm thinking you meant the first. Yes? :)

  • Oddly enough most companies even the Evil Microsoft will much rather fix the problem without having to fight it legally, and resolve the problem civilly. When you pre-poster aggressive towards your opponent they will do the same. And if you are Not for Profit organization and you opponent is a big multi-national company, you are going to be in for a big fight where if you were just to be polite and civil about it chances are you will get your objectives, they will quietly fix their problems and save face.

    • by iYk6 ( 1425255 ) on Tuesday November 10, 2009 @12:34PM (#30047012)

      Don't forget, there might not be a problem in the first place. If you are looking around, and see someone else's GPL code in a proprietary product, make sure you find the original owner and talk to them before you go around shouting at the hill tops how evil the proprietary company is.

      It is entirely possible that the code was appropriately licensed by the original owner. Just because something is GPL, does not mean that it can not also be licensed for a specific user, usually for money. Think Quake.

      Even if the project itself is not licensed for their use, maybe whoever wrote that part of the project re-licensed their contribution to a proprietary company.

    • by WNight ( 23683 )

      That's all bullshit.

      You've got the premise the GPL is a strict license and that it's easy to accidently infringe - as if code just teleports into your project.

      It's pretty hard to accidentally infringe. You have to go get someone else's code and stick it in your project. If you don't paste any external code into yours, you're 100% safe!

      But all copyrighted source is this way. You can't just release something you didn't write, at least without asking permission for it and appeasing the author. The GPL is far l

  • by Corporate T00l ( 244210 ) on Tuesday November 10, 2009 @12:13PM (#30046650) Journal

    It's not really surprising that going to court and going public are really last resort sort of things. Court is expensive, and most people considering them to be a "roll of the dice". Actually negotiating with your counterparty in a contract dispute is always cheaper and more productive.

    Going public, even after going to court, also sours the atmosphere, creating emotional contention that makes an actual agreement less likely. Look at out-of-court settlements with undisclosed terms and no party admitting fault. Once you get out of the public light, you can get people to sit down and discuss and actually come to a mutual agreement since the emotions have been toned down. If you're all fury and anger, you're not really in a position to negotiate someone into a corrective action.

    • Actually negotiating with your counterparty in a contract dispute is always cheaper and more productive.

      It should be so far from not surprising I'm surprised that it had to be said.

      Once you throw down the legal gauntlet, anyone you are dealing with now imagines, in bright red 30' letters, "Anything you say can and will be used against you in a court of law."

      • by WNight ( 23683 )

        Yes, because they were living in the corporate dreamland of lawless cooperation until these open-source thugs just started asserting ownership of code.

        Sometimes things can be honest mistakes and warning are nice, but other things are obvious and treating them like a mistake just gives the infringing person a victim role to play and by forgiving everything they did doesn't change their future behavior in the slightest.

        Imagine shoplifting. You leave a store and they catch up with you and say "Hi, you MIGHT ha

  • The simplest ways to avoid potential GPL violation, are:-

    a) If you want to use an FSF license at all, use the LGPL version 2. Don't use any version 3 FSF license. Apart from anything else, doing so just makes them feel justified in creating bad licenses. (Which their 3 series are)

    b) If you're going to use GPL code at all, make sure it's not something you intend to modify yourself.

    c) Use other licenses (BSD, MIT, etc) as much as possible. In terms of non-GPL licensed code for you to use, the BSDs are

    • by JoeBuck ( 7947 )
      GPLv3 is actually more forgiving than GPLv2 of accidental violations. GPLv2 says that you forfeit the license and you need the copyright holder to reinstate it. GPLv3 provides a mechanism to correct the violation and have your permissions automatically reinstated. If you're producing a product that does DRM, you'll need to avoid GPLv3.
    • by Ash-Fox ( 726320 )

      In terms of non-GPL licensed code for you to use, the BSDs are free for the taking, and with the BSD license, you get to decide how much of your modifications (if any) you release. Their code quality is nearly always better than Linux anywayz.

      BSD cannot be trusted to be completely 'free' as the person above claims. I have come across numerous BSD licensed sourcecode that has the following clause:

      3. All advertising materials mentioning features or use of this software
      must display the fo

  • And if the company made, or is making, $$$ selling an open-source derived product? Without distributing source? What should be done?
  • Haduh! (Score:2, Interesting)

    by hunteke ( 1172571 )

    In U.S. culture at least, we have little notion of how to let the "other side" save face. Saving face, or not 100% embarrassing folks when they've obviously messed up, is critically important in many negotiations, both exactly political, and locally among friends. The old adage "it's not what you say, it's how you say it," still rings true. People aren't stupid, and most would rather not be insinuated as such. People do, however, make mistakes, either semi-intentionally, unknowingly. (Analogous to driv

    • Ridicule gets you VERY far. You just need to know when to wave that big stick, and use it after trying other methods, and failing. Public humiliation should most certainly be a tool to get someone to do something. If you're ashamed of doing something, you shouldn't be doing it.
    • by WNight ( 23683 )

      A business is worthless. Like a dream. It's what you do with it that makes it worthwhile. Employing people is good, but the mob employs people and is bad.

      If their business has to break laws to make money, how useful is it to the community?

      If you think about it, they probably have a negative value. Sure, they're doing X and have customers lined up, but by breaking the law they've got an unfair advantage over legitimate businesses (ones who pay/acknowledge the creators of their library code thereby funding fu

  • ...but it sure is cathartic - have a look at the blog in my sig line!
  • So what the guy really says is that if they spoke about that Microsoft case aloud, it's because the other, softer ways of resolving the dispute couldn't work ?

    So the next logical step is a lawsuit ?

  • There is no legal pressure on any company that steals GPL code.

    Here is the problem.

    1) GPL software is not very profitable.
    2) The GPL is only enforceable in civil court.
    3) Those who use GPL software aren't the people violators sell to.
    4) GPL software lacks civil and legal representation.

    Who would feel threatened under these conditions?

    To sue, one must prove damages. Record companies use the CD MSRP * copies made formula which is very effective. $0 times anything is zero. And the 2 developers who write code i

    • Damages are for a court to decide. To be sure, EULAs and licenses may contain boilerplate specifying violation penalties but it doesn't necessarily follow that they can be enforced. One of the design goals of the GPL is to be valid in as many jurisdictions as possible. Including a damages cause would weaken that. It may be contrary to it's designers' strategies as well. Both the SFLC and FSF have said that most GPL violations are resolved quietly.
    • by petrus4 ( 213815 )

      There is no legal pressure on any company that steals GPL code.

      The GPL does have teeth, but as Eben Moglen himself observed, that is not primarily due to the legal system.

      GPL violation is primarily punishable not by law, but by the members of the cult themselves.

      Violate the GPL, and be public about it, and whether you end up in court or not, you will be issued with death threats. You will be subjected to vigilantism and harassment of all kinds. You will likely be subjected to "hacktivism," involving the types of pranks that Anonymous have been known to engage in.


Thus spake the master programmer: "When a program is being tested, it is too late to make design changes." -- Geoffrey James, "The Tao of Programming"