Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Examples of GPL Licence Violations being enforced?
38 points by secfirstmd on April 11, 2014 | hide | past | favorite | 29 comments
I was pondering a few open source licence issues over the past few days (like the Goldman Sachs case - http://cryptome.org/2014/04/goldman-sachs-code-thief.htm) and I was wondering, does anyone in the HN community have examples or links to places which show violations of GPL licences actually being enforced? I.e a commercial company takes the code, adds, repackages or sells it commercially in some way - without actually making it available publically for free? Has there been cases where an open source project was compensated for the abuse of licence?

I know this site has stuff http://gpl-violations.org but it's got very out of date.

I love the open source philosophy but it would bug the hell out of me if something I was doing was abused in this way - without adding to the community or compensation etc.




I've devoted most of my career to upholding the software freedom that the GPL ensures. I have worked with Rob Landley in the past who is mentioned on this thread. I think Rob has some facts wrong about BusyBox enforcement. The most notable one is his claim that "no new source code got released".

In fact, we get "new source code" all the time from GPL enforcement efforts. The thing is, it's admittedly not often upstreamable source. A lot of the modifications to source done by redistributors of GPL'd software is not really well formed nor suitable for upstream. It's that classic kind of "it just works, but it's ugly" code.

This is particular true with regard to the "scripts to control compilation and installation of the executiable" which is a required part of the complete, corresponding source, provision of which the GPL mandates.

Situations like the WRT54G (the GPL enforcement source release of which launched the OpenWRT project) and the Samsung TV lawsuit that I helped do (which launched the SammyGo project: http://www.samygo.tv/ are excellent examples of what great things happen when the GPL is enforced: reaching the promise of copyleft, which is hackable devices downstream.

This is why I've spent(and probably will spend) most of my professional life enforcing the GPL.

This post here is about a few specific issues, but if you want more general information on the topic, dalke's link to my talk is probably helpful. Also, here's links to the docket of the largest GPL enforcement lawsuit ever done, Conservancy v. Best Buy et al: http://ia700409.us.archive.org/18/items/gov.uscourts.nysd.35...

BTW, sorry for jumping into this thread. I'm kinda the Kibo of Free Software licensing discussion online; I'm not an HN regular but mlinksva linked me to this.


Thanks much appreciated for the work you do and the various resources for me to follow up.


There have been many cases. See "12 Years of Compliance: A Historical Perspective" with sound at http://faif.us/cast/2011/sep/13/0x18/ and the slides at http://ebb.org/bkuhn/talks/LinuxCon-Europe-2011/GPL-Complian... .

Linksys distributed GNU software in their routers, in violation of the license. See http://en.wikipedia.org/wiki/Free_Software_Foundation_v._Cis... for details. It links to the FSF's complaint at http://www.fsf.org/licensing/complaint-2008-12-11.pdf if you want to see the low-level legal details.

That WP page ends "On May 20, 2009 the parties announced a settlement which includes Cisco appointing a director to ensure Linksys products comply with free software licenses, and Cisco making an undisclosed financial contribution to the FSF."


Cool, thanks for this!


If you're involved in an open source project that wants to enforce the GPL when/if the time comes, consider applying for the project to join Software Freedom Conservancy, almost certainly the only non-profit fiscal sponsor that has GPL enforcement among its member services.

Bradley Kuhn (his personal site and podcast are linked above) describes what this actually means at http://sfconservancy.org/blog/2012/feb/01/gpl-enforcement/


Very Useful!


I'm sure you could find plenty of examples of violations being enforced.

Interesting note though - GS did not violate the GPL because they didn't distribute the code. The GPL allows an organization to modify and use code for its own use without releasing it as long as it's not distributed outside the organization.


That is in interesting aspect which I didn't fully pick up on.

So for example an organisation could build on source code released under GPLv3 and then charge it's customers to use it without breaking the licence or releasing it?


This is what the Affero GPL was designed to combat:

From the AGPL preamble: (http://www.gnu.org/licenses/agpl-3.0.html)

... The GNU General Public License permits making a modified version and letting the public access it on a server without ever releasing its source code to the public.

The GNU Affero General Public License is designed specifically to ensure that, in such cases, the modified source code becomes available to the community. It requires the operator of a network server to provide the source code of the modified version running there to the users of that server. Therefore, public use of a modified version, on a publicly accessible server, gives the public access to the source code of the modified version.


Yes, as long as you don't distribute it. Using GPL software in your website without sharing your modifications is fine, but selling copies of the software without sharing your modifications is not fine.


Charging to use it would likely constitute distributing it, so I doubt that would fly. Having it on a server backend seems OK though.

But what GS did - use it in their own trading system which isn't consumer facing, and is used only by GS is perfectly allowable. And it's even within their rights to prevent the code from being released.


I don't know the GS case at all, and IANAL, but as I understand it, if the modified code is included in a client, then surely the users must be accorded the copyleft rights, even if those users are all GS staff.

However, if it is strictly server-based, then those protections wouldn't hold under GPL anyway, only AGPL.


Nope. The organization retains the rights, as long as it stays within the organization. Having multiple users doesn't count as distribution as long as they're all GS employees. In addition, if you pay someone to modify it for you exclusively on your behalf, you also retain the rights and don't have to release the source.


Check out this presentation by Rob Landley (@landley), who started the infamous BusyBox lawsuits:

http://www.youtube.com/watch?v=SGmtP5Lg_t0

He talks about the lawsuits and the effects they had.


Earlier, projects like BusyBox[1] and FFmpeg[2] used to have a "hall of shame" where they listed products (mostly DVD players, set-top boxes and routers) and companies that used the GPL'd source without attributing and publishing back their source code. Nowadays, both projects point to Software Freedom Conservancy in questions of license enforcement.

1: https://web.archive.org/web/20130116093247/http://busybox.ne...

2: https://web.archive.org/web/20101214233906/http://ffmpeg.org...


This might sound tongue in cheek but I would love to have a version or way of having an open source license where it can be used by anyone except businesses or industries I find unethical and specifically prohibit in the licence. For example, that what i help create can be used like a GPL by anyone unless a person or company involved in the defence industry, private or state intelligence, selling FinFisher type stuff, diamond mining, investment banking, supplier to the Saudi Arabian government, etc etc :)

Is there such a thing or a specific way of doing this?


Not and being FS/OSS - "for any purpose" includes "for making baby-mulching machines".


Yes, look at Rogaway's license for OCB mode.


Thanks. I wonder would using something like this preclude me from including other peoples GPLv3 code in our software?


Yes; the GPL prohibits a distributor from adding additional licensing terms. (It doesn't preclude the author from offering it under multiple licenses, so long as the recipient can pick one and stick with it.)


The Java pdf authoring library iText has a license provision that allows anyone except the Belgian Federal Government to use the library, due to an ongoing dispute over fiscal matters. I have no idea how enforceable that is, though.


Realize that in making such "ethical" obligations, you invalidate the openness and the license will not be compatible with any FSF/OSI approved license scheme.

Then of course there is the issue of enforcement.


A GPL xml library used in commercial product:

http://docs.justia.com/cases/federal/district-courts/califor...


VLC was pulled from the AppStore due to incompatibilities between GPL and the AppStore distribution method (DRM).


It had nothing to do with DRM. The incompatibility was due to the App Store's terms of service, which require the user to agree to certain conditions in order to be allowed to use the store such as agreeing not to reverse engineer apps your download. This conflicts with section 6 of GPLv2 and section 10 of GPLv3.


I thought it was pulled because one VLC contributor, holding authorship and copyright on parts of the code (and also happened to be a Nokia employee, hmmm...), had an axe to grind and demanded the takedown?

Also, if you own the full copyright on a given app, there shouldn't be anything stopping you from releasing it as gpl on github while also licensing it for free download on the appstore - you get to pick the terms of redistribution as you like for each individual distribution point.


And this is relevant to the story because...?


Huawei has 4G routers with Linux busybox and everything, and a "Written offer GPL" but, when requested, they dont give a shit about it really.

Ive had more products break GPL than Ive broken copyright before I learned Linux when I was pirating windows software.

Just not much to do really, its only the copyright holder that can actually push for enforcmenet of copyright, and me as a user am pretty much screwed.


To paraphrase the Lorax: "I am the GPL enforcer, I speak for the users". While you're correct that the copyleft is based on copyright, and thus the primary cause of action for a violation must be done by the copyright holder, I've done a tremendous amount of work to build a large coalition of projects and copyright holders so we can pursue GPL violations.

I bet I'm aware of every GPL violation you've seen, but please do email compliance@sfconservancy.org about any GPL violations on Linux, BusyBox, Mercurial, Samba or Wine that you know about, and we'll do what we can to resolve them.

The biggest issue I face in doing GPL enforcement is lack of resources. I know it's a broken record of a not-for-profit organization, but if you want to help with enforcement, please donate: https://sfconservancy.org/linux-compliance/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: