No, the essence of the GPL is about providing the source code. It's "you can't provide binaries without also providing source code", not "you can't do binaries".
> But we can't just pick which bits of a license...
Talk to people who work in legal aid agencies, and they'll tell you about triaging their limited resources; that they sometimes have to leave heartbreaking cases alone because other cases are more important. My point isn't about the technicalities of the case, it's about a group that is desperate for funds to merely 'keep the lights on' not triaging their limited resources appropriately.
On a tangent, I also wholeheartedly disagree with their contention that "almost there" is more painful than "absent". That is a piece of political bullshit (and I've recently ranted on progressives pissing on each other here https://news.ycombinator.com/item?id=11133321) and it smells to me more like they've got an axe to grind with Canonical and are looking for ammunition. It smells doubly that way because they give Debian a pass principally because they merely label the software 'contrib', and only secondarily because no binary is in contrib, only source.
Short form: The SFC wants to chase down GPL violators and has suboptimal funds. Would you prefer them to spend their resources chasing down the violations where the offender provides no source code, or the violations that can be sidestepped by typing 'make' into a terminal? Do you honestly believe that Oracle would be moved a single jot by Canonical putting up a wiki page that says "type make!" rather than provide the binary directly?
> It's "you can't provide binaries without also providing source code", not "you can't do binaries".
Edit: It's "without also providing source code under the terms of the GPL " - this is a nuance of the GPL's attempt at re-defining a term of art - "derived work". And yes, it deviates from Copyright law norms. Whether a court will consider only the meaning as understood traditionally, or whether they will simply treat the confusingly implied broader definition as a mere additional term of the license which must be enforced, I have no idea.
> Would you prefer them to spend their resources chasing down the violations where the offender provides no source code, or the violations that can be sidestepped by typing 'make' into a terminal?
Who says they're expending resources on Canonical? They've left NVidia alone, because they don't ship GPL'd software. They're spending on VMWare, because they ship a hacked Linux distro with proprietary blobs bolted on.
In the case of Canonical, they're letting them know they're trying to do LGPL things with a Linux that is actually GPL.
Edit2: GPLv2 says:
> Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you;
So distributing CDDL'd source and asking the user to do "make zfs.ko" is fine.
> rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.
This, among other places in GPLv2 is where they have problems with binaries.
> Who says they're expending resources on Canonical?
Well, they say it, right there in the article: "Conservancy contacted Canonical to inform them of their GPL violation". And at the end of the article, when they say "Our lawyers, in conjunction with our GPL compliance and software forensics experts, have analyzed the Linux+ZFS that Canonical includes in their Ubuntu 16.04 prereleases". That's three kinds of experts, all doing "analysis".
And I say it above, when I talk about the article itself taking effort to write and the conversations it references also taking effort. These kinds of contacts aren't a one-sentence email fired off to 'hello@canonical.com'. They have to be thought out and worded correctly, and they engaged in a conversation afterwards. No, it's not like that email takes a week to write, but neither is it trivial; it's the result of thought, debate, and conversations.
> So distributing CDDL'd source and asking the user to do "make zfs.ko" is fine.
I really think you're missing my point. You keep speaking to the technical argument - I am not saying there is no merit in the technical argument. I want to reiterate (for the third time) that I think that this is far too small fry for a resource-starved group to chase after. Yes, there is a distinction here. No, it's not worth the time to chase, given other, more severe violations.
I am making a starved resources argument, not a technical merits argument. In the grand scheme in the world of violations of free software licenses, Canonical's violation (providing a binary and the source it came from, not just the source) is about as mild as you can get. The core spirit of the GPL (that the source code is freely available) is not compromised by the presence or absence of a build artifact.
I see your point more clearly now, I guess we still differ on priorities. Having such a key player within the open source community normalize GPL violation seems somewhat urgent to me - if the current level of interest from the conservancy is overkill, what level of engagement would you consider appropriate?
These things will keep. Come back to it later when they have more resources. Ubuntu was never going to pull it out of their impending 16.04 release, so there's nothing particularly time-locked here. Licensing issues can take years to play out and resolve - and indeed in this case, legal opinion is mixed on the matter in the first place.
Put it another way: The Conservancy spends all this time and effort and eventually convinces Ubuntu's lawyers to convince Ubuntu's product manager to drop the binary and write a "use make!" wiki page. Apart from idealistic purity, what has that effort actually done? Has it given us access to source code we don't already have?
Has it shown potential wrongdoers that the law is going to penalise them if they don't play ball? Has it fostered the sense of community underlying the GPL? Will anyone outside of those techies who discuss licensing for fun even notice? If they theoretically did notice, would they be more likely to use GPL software (the underlying aim of GNU and the conservancy) or less likely, as now it seems you will get in trouble for merely associating non-GPL software with GPL software? Will the Conservancy chase after Debian next, for including binary-only non-GPL firmware blobs in their distro (not even the source available)? Conservancy says that Canonical is normalising GPL violation, but on the other hand, it also says that it's a really weird violation, unlike any other - how does a future violator theoretically leverage that?
The conservancy's current level of input to the debate is appropriate. They're clearly not expending resources they don't have for this discussion. Also, they spent years with VMWare before it finally began legal action. What we have now is a discussion.
It sounds as if you don't think there should be discussion at all. "These licenses are incompatible but screw it, ship it anyway" is shitty behavior we expect from noname WiFi router OEMs.
> Apart from idealistic purity, what has that effort actually done? Has it given us access to source code we don't already have?
If we wanted a Linux that could be used like this, it'd be LGPL. That is exactly what the LGPL is for. Really. It's that simple.
I absolutely think people should think twice before blindly depending on or mashing up GPL software - at the moment they don't, and that's how we get these messes.
It's an important landmark in the history of the GPL and I find it completely weird that anyone would expect the conservancy to remain silent on it. In terms of their long-time resourcing problem, that's got nothing to do with this case and everything to do with VMWare pulling out all the stops to get their existing support pulled.
I rather suspect if the conservancy cared about their long-term survival and keeping everybody happy that much they simply wouldn't have pursued the VMWare case.
I've just read https://softwarefreedom.org/resources/2016/linux-kernel-cddl... - and whilst I still think the Conservancy is being reasonable, I can also see now how Canonical might have navigated itself toward its current position without being merely insane, malicious or self-serving.
> But we can't just pick which bits of a license...
Talk to people who work in legal aid agencies, and they'll tell you about triaging their limited resources; that they sometimes have to leave heartbreaking cases alone because other cases are more important. My point isn't about the technicalities of the case, it's about a group that is desperate for funds to merely 'keep the lights on' not triaging their limited resources appropriately.
On a tangent, I also wholeheartedly disagree with their contention that "almost there" is more painful than "absent". That is a piece of political bullshit (and I've recently ranted on progressives pissing on each other here https://news.ycombinator.com/item?id=11133321) and it smells to me more like they've got an axe to grind with Canonical and are looking for ammunition. It smells doubly that way because they give Debian a pass principally because they merely label the software 'contrib', and only secondarily because no binary is in contrib, only source.
Short form: The SFC wants to chase down GPL violators and has suboptimal funds. Would you prefer them to spend their resources chasing down the violations where the offender provides no source code, or the violations that can be sidestepped by typing 'make' into a terminal? Do you honestly believe that Oracle would be moved a single jot by Canonical putting up a wiki page that says "type make!" rather than provide the binary directly?