Legal Group Releases Guide To GPL Compliance

An anonymous reader brings news that the Software Freedom Law Center has published a guide for compliance with the GNU General Public License. The purpose of the guide is to prevent "common mistakes" the SFLC has encountered during its various GPL violation investigations. Their suggestions include close scrutiny of software acquisitions, more precise tracking of changes and updates, and avoiding "build gurus." They also provide tips for dealing with a violation. The full guide is available at the SFLC's website.

All in all, a good thing.

[cp.tar (871488)]

Any kind of legalese could do with such a guide.

From the document...

[BitterOldGUy (1330491)]

GPL compliance need not be an onerous process.

They say at the end of a 15 page document.

Re:From the document...

[Spad (470073)]

To be fair, 15 pages is nothing to most lawyers.

Re:From the document...

[Ed Avis (5917)]

Exactly. It kind of makes you think the BSD folk might have a point in insisting on simple, permissive licences (though even those can be open to misinterpretation - see ipfilter in OpenBSD).

Still, this 15 page document is only needed for legal-corporate types, anxious to know the letter of the law and the exact boundaries of what's permitted. For ordinary programmers, RMS has tended to say that the letter of the GPL is less important than its spirit, which is to share your code and give all users the same rights you have. If you stick to that principle you can be pretty sure you are within the letter of the licence as well.

Re:From the document...

[fuzzyfuzzyfungus (1223518)]

GPL arguably has more complex goals than BSD, so it really isn't realistic to expect the GPL to be simpler than, or even as simple as, the BSD licence.

Making sure that your licence is as short as possible, without compromising your goals, is always good; but compromising your goals just to make your licence simpler is perverse at best.

Legalese not complexity is the issue.

[BitterOldGUy (1330491)]

GPL arguably has more complex goals than BSD, so it really isn't realistic to expect the GPL to be simpler than, or even as simple as, the BSD licence. Making sure that your licence is as short as possible, without compromising your goals, is always good; but compromising your goals just to make your licence simpler is perverse at best.

Complexity isn't the issue with the GPL: it's the legalese. And because of the legalese, I am not confident to use it or any software using that license for commercial use without legal advice; which increases the cost of using GPL software on a commercial level. This extra cost is factored in when evaluating and comparing against software under other licenses.

Deceptive simplicity is unwise.

[jbn-o (555068)]

Large corporations (which probably do way more business than you or whomever you're speaking for) don't have that problem. Reasonable business operators recognize that you should not be "confident to use" any software without complete understanding of the terms of the relevant licenses. This goes for any software license. In this way the new BSD license is deceptively simple and framing this issue as though it only affected the GPL is unfair.

So what if it gets patented?

[by Anonymous Coward]

What if someone takes your code and patents a part of it? BSD then says you cannot claim the patent or protect yourself from it.

And patent law says you can't use your BSD code.

It therefore doesn't matter if you feel confident in obeying the BSD. Your feelings will not make a hill of beans difference. And you will be disallowed.

Re:

[jeaton (44965)]

What if someone takes your code and patents a part of it? BSD then says you cannot claim the patent or protect yourself from it.

The BSD license does not mention patents. There is nothing in the BSD license preventing you having patents based on BSD code, nor protecting yourself from others patent claims.

Re:

[jeaton (44965)]

Nothing protects you from someone else patenting your idea, except fighting the patent application in court.

The license under which you release your code is irrelevant with regards to patent law.

Re:

[Haeleth (414428)]

because of the legalese, I am not confident to use it or any software using that license for commercial use without legal advice; which increases the cost of using GPL software on a commercial level.

But at least once you've got legal advice on the GPL once, you can freely follow that advice for any of the many software packages that are licensed under it.

This compares rather favourably to the situation in the closed-source world, where every single EULA is different, and they are all many, many times longer

Re:

[fermion (181285)]

Any commercial entity has to understand what it can and cannot do with it's licensed assets. IMHO, the issue with software that given for no or little cost, but with other limitations attached, is that there is no salesperson who job is to spell those limitations out in detail. This means that you have to either understand the strings yourself or pay someone to explain it to you. This is a necessary expense as violating the GLP license is as much theft as having an unlicensed copy of MS Windows 95 or you

Re:

[by Anonymous Coward]

Dear Fermion:

If you trust a salesperson to spell out legal limitations, you are a fool.

More than likely, you aren't a fool, but are just working a little weekend overtime at Microsoft.

Am I right?

Re:

[Zero__Kelvin (151819)]

"GPL compliance need not be an onerous process."

"They say at the end of a 15 page document."

I seem to recall most of the books in the ... for Dummies series being more than 15 pages. Reading " See Spot Run " also requires you to wade through more than 15 pages IIRC ;-)

(I mean the original children's book, not this one [imdb.com]. That's not a book, and the screenplay is more than 15 pages also, unless I miss my guess.)

Re:From the document...

[jbn-o (555068)]

You don't mean a "commercial" license. The GPL is a commercial license. Commerce is done with software licensed under the GPL. You mean something else, perhaps "proprietary".

In any event you haven't explained what is so bad about the GPL or that you understand the licenses you deal with (any of them) to warrant such trust in these other more permissive licenses or licenses you erroneously referred to as "commercial".

Guide to GPL compliance

[Hatta (162192)]

Share and share alike.

Context people, context.

[fuzzyfuzzyfungus (1223518)]

By the standards of legal advice, that paper is both terse and clear. Perhaps in the wide world of training webcasts, 30 second commercials, and authoritative voiceovers, 15 pages qualifies as a ponderous tome; but you have to keep that sort of thing in perspective.

The broad concept of the GPL isn't hard; but a quick guide to a few of the unintuitive points is a useful thing. The details of the source distribution requirements are a matter of considerable confusion in some quarters, as are the terms under which one can regain the licence after violation.

Those minutiae aside, though, I am very surprised by how much apparent confusion the GPL and other copyleft type licences inspire. There seem to be two main camps of misinterpretation. The copyleft=no copyright group seems to believe that anybody who doesn't do copyright the exact same way they do doesn't do copyright at all. Hence this group's lack of respect for the terms of the GPL and similar. The other extreme has a fear amounting to mania of the GPL, believing that the GPL is unknowably complicated, and will inevitably lead to having all the code you've ever written forcibly expropriated by armed communist penguins.

I don't understand the confusion because the GPL is a perfectly ordinary licence, from the legal perspective. Its purpose, socially, is quite interesting, and rather unusual; but the form "Copyright law says that you can't copy this without our permission, which we grant if you do foo and bar." is absolutely standard. People seem to go in expecting the legal side to be horribly mysterious, just because the social purpose is unusual. It is rather weird, really.

Re:

[BitterOldGUy (1330491)]

If the GPL was written in English instead of legalese, I think there would be less confusion.

The folks who should be concerned with the GPL are technical folks; not lawyers.

Re:Context people, context.

[McDutchie (151611)]

If the GPL was written in English instead of legalese, I think there would be less confusion.
The folks who should be concerned with the GPL are technical folks; not lawyers.

If software was written in English instead of programming languages, I think there would be less confusion.
The folks who should be concerned with software are ordinary folks; not programmers.

But of course, in reality, both of these matters are too complex to accurately express in standard English.

The GPL is a hack of the legal system with the goal of turning copyright upside down. That hack only works because it's written in legalese.

Re:Context people, context.

[fuzzyfuzzyfungus (1223518)]

Unfortunately, writing legal documents in English isn't really an option. The law, like math, natural science, or computer programming, has an evolved set of vocabulary, logical rules, stylistic conventions, etc. Some of this is definitely unnecessary cruft, or even deliberately hostile and obscure; but not all of it is. Some legalese is much closer to English than other legalese, just as some programming languages are pretty close to pseudocode; but the two aren't identical.

I agree that licences(and law in general) ought always to strive for clarity; but(as I'm sure you know from explaining tech stuff to non techies) real clarity often demands a certain amount of jargon. Concepts, whether they be "JIT Compiler", "Special Relativity", or "Derivative Work", can be glossed in English; but they cannot be fully described without reference to the technical terminology of their fields.

The GPL does pretty well, comparatively speaking, in being precise without being incomprehensible. Unfortunately, it has been forced to become more complex(the difference between version 2 and version 3 is striking) by factors outside of its control, mostly related to software patents, DRM/Tivoization, and technological advances that make the aggregation/derivative work boundary fuzzier.

Confusion?

[hax0r_this (1073148)]

I have to wonder if people who complain about the GPL (or, for that matter, most software licenses I've dealt with) being confusing have ever actually read it. I read and understood the GPL when I was in 9th grade. Sure it took me a few reads, but any legal document, or for that matter most any book is like that.

Can you give a specific example of language you find confusing in the GPL?

I think, perhaps, people simply are daunted by the idea of "so much" language that all has meaning to be understood, not the actual quality of that language.

Re:

[perlchild (582235)]

I think you got something there. "Natural language" is far less dense than specialised languages. Legalese, or technical language above a certain level, you cannot skip a single word, or sometimes, even a single comma. Most people I know read about 50% of the words on a page, then make up an opinion of what is meant. That's why legalese is scary. It's not that it's hard to understand, it's that the natural process these people use makes it 95% likely to get the meaning wrong. When they say complicated,

Re:

[fuzzyfuzzyfungus (1223518)]

A substantial portion of their clarification is of exactly that point. I'm not going to garble it in the retelling, TFA is a quick read, and really quite lucid by legal standards.

Re:

[bcrowell (177657)]

The copyleft=no copyright group seems to believe that anybody who doesn't do copyright the exact same way they do doesn't do copyright at all. Hence this group's lack of respect for the terms of the GPL and similar.

Yeah. I was just talking to a colleague at the school where I teach who is the author of a textbook. We were discussing ways of keeping costs down for students, and he said it ought to be easy these days to get figures from Wikipedia, so the publisher wouldn't have to pay per-copy royalties to

Request:

[Penguinisto (415985)]

Dude - send a copy to the Utah State Attorney General's Office.

No, they did nothing wrong, but in 1999 when I was trying to explain that I wanted to put the GPL to use in my former classroom (all non public-domain copyrights are jointly held by a teacher and the State of Utah), most of the Dept'y Att'y General's responses consisted of "...I don't understand". I even pointed him to the GNU website), but he called back later and was still lost. Nice guy, sounded like a good lawyer, but he just couldn't wrap his brain around the concept.

Now that was nine years ago (!? Cripes I'm old),, and things may have changed, but pushing a copy of this new guide to all 50 US State Att'y General offices would, IMHO, not be a bad idea at all.

/P

Build Gurus

[russotto (537200)]

The GPL requires you to include the scripts used to control compilation and installation of the executable. It does not require you to provide the knowledge needed to use those scripts, if it's all in someone's head. So having "build gurus" doesn't necessarily put you out of compliance, though it might make it hard to demonstrate you are in compliance.

Re:

[civilizedINTENSITY (45686)]

Too many software projects rely on only one or a very few team members who know how to build and assemble the final released product. Such knowledge centralization not only creates engineering redundancy issues, but it also endangers GPL compliance, which requires you to provide build scripts.

Re:

[piojo (995934)]

Too many software projects rely on only one or a very few team members who know how to build and assemble the final released product. Such knowledge centralization not only creates engineering redundancy issues, but it also endangers GPL compliance, which requires you to provide build scripts.

On a literal, hair-splitting note, I'm sure build scripts do not have to be provided if the build guru in question has not actually scripted the build. After all, if no build scripts exist, there is simply no grounds to claim that they must be distributed. Copyright/the GPL do not cover things that do not exist, as far as I can tell.

For geeks by geeks

[ehack (115197)]

GPL'ed software is notoriously by geeks for geeks. The original GPL was clear enough, as this document indicates things are getting confusing.

Some common things I see with GPL violations

[jonwil (467024)]

1.Companies who release software (usually embedded into a hardware device) and then claim "we are working on releasing the source code but its going to take time"

2.Build systems where one "master makefile" builds the entire project (usually with a "master config file" that selects which model you are building for, what features are turned off and on etc)

3.Companies who use a version of GCC and/or binutils that isn't publicly available and then dont release source code or binaries for that version, thus making it harder to recreate the binaries they are shipping (I wonder if creating a CPU with a new or altered instruction set, porting Linux to this CPU and then releasing kernel source but not GCC or binutils would be a GPL violation or not...)

4.Companies who release source code for one firmware revision and then dont release source code for other firmware revisions (*cough*Motorola Z6*cough*)

and 5.Companies who claim a need to "sanitize" GPL code before its released (this most likely includes removing any comments that reference internal intranet email addresses, web URLs, machine names, internal processes etc but may also include removal of pieces that are used only by or removal of comments/changing of code of pieces related to proprietary hardware so as not to release any more hardware details than they have to. Will likely also include removing anything embarrassing such as swear words)

7.1 covers an often-overlooked part of LGPL

[fizzup (788545)]

Section 7.1 of the article covers an often-overlooked part of the LGPL. If you include LGPL libraries as part of your application, the EULA must permit reverse engineering to debug the application if the end user modifies the library and uses the modified version, instead of the version that came with the software.

I suspect that there is a lot of software out there that includes LGPL libraries, but has a blanket "no reverse engineering" clause in the license agreement.

Re:Build Guru

[fuzzyfuzzyfungus (1223518)]

The term is defined within the text: "build guru" is their term for a team member who handles the firmware build process for your product, given a situation where the knowledge of how to do so exists in his head, rather than in documentation or shared knowledge.

I don't think that the term is a standard one in the broader sense; but it is clear enough for the purposes of their discussion. Relying on one person's personal knowledge for a vital step in your process is never ideal, especially if you have a legal obligation to provide your customers with some of that knowledge, if they ask for it. Simple enough, really.

Re:

[bcrowell (177657)]

Someone should show this document to Sun's OOo team. If you download the source on any given day and try to compile it, there's about a 75% chance that something is broken on that day.

Re:

[PingXao (153057)]

I never heard that term, either, but I'm guessing it's someone who knows the entire build process from start to finish. Possibly even wrote the scripts for it. For embedded Linux firmware this would involve shell scripts, custom tools written in C/C++, a ton of Makefiles, maybe a little Buildroot, and how to script the source code control system. Just figuring out how the various SCCS tools do "branching and merging" takes a guru all by itself.

Re:

[Zero__Kelvin (151819)]

"I never heard that term, either, but I'm guessing it's someone who knows the entire build process from start to finish. Possibly even wrote the scripts for it."

There is no official term, and your interpretation makes sense, but a thorough reading of the article and the actual guide to which it refers, shows that they mean something different. It is, in effect, a facetious term in the content in which they use it. In this case the articles author actually used quotes correctly - [stops to gasp]

If some

Re:

[element-o.p. (939033)]

Wow, your score is still positive. I'm surprised you haven't been modded down for that post, comparing RMS/GPL to the **AAs!

I joke, of course, but your point is very insightful, IMHO.

Re:

[fuzzyfuzzyfungus (1223518)]

That "insight" is only insightful if you take the ludicrous step of lumping Software Freedom Law Center attorneys together with random pirate kiddies on slashdot, and pretending that they all consciously share a single position.

Copyleft licences are quite explicit about using copyright to achieve their aims, just as ordinary copyright licences are. Now, it is true that people who use and advocate copyleft licences are frequently, though not universally, likely to advocate significant copyright reform of o

Re:

[gnuman99 (746007)]

Actually no. Copyright reform is NOT needed. Copyright laws were just fine until some twats messed it it up by extending the copyright.

Patent reform is needed, not copyright reform.

I use GPL, LGPL, BSD and similar software and abide by the terms of these licenses. And I do not pirate anything. Days where you've had an excuse that you needed something but can't afford it are *gone*. Can't afford Windows and Office? Use Linux/BSD/Solaris and OpenOffice. Want to hack code but can't afford a compiler - there is

Re:Question

[Nibbler999 (1101055)]

No, since you are not distributing the software.

Re:

[fuzzyfuzzyfungus (1223518)]

No. No obligation. First off, you said you are releasing music, not software. Just as images made with the GIMP, or documents made with OpenOffice, are not GPLed, the music you produce would be yours to release, or not, under any terms you wish. The GPL places no requirements on users, only on distributors.

Secondly, if you were releasing your software, it would have to be GPL only if it is part of a derivative work made from GPLed software. Merely being distributed with, or running on, or interacting with

Re:

[argent (18001)]

No.

No more than you'd be required to release the source code of a program you'd compiled with GCC.

Re:

[element-o.p. (939033)]

IANAL, etc., but as I understand, you would only need to release the source code of the software if you release the software. The product you create with the software is incidental. For that matter, I don't believe it makes any difference whether or not you modify any of the GPL'd code that you used -- the modified code was for your use only, and therefore it doesn't have to be re-released (whether or not you *should* at least offer the modifications back to the FOSS community is another story, but the GP

No -- the GPL is not a usage license (Moglen)

[Morgaine (4316)]

> [as a user] would I be under any obligation to release the source code to the software I wrote?

No, as a user of GPL software, as opposed to a (re)developer or distributor, you do not engage any of the relevant conditions of the GPL with respect to provision of the source code.

As the ex-FSF's Eben Moglen has said on many occasions (paraphrased but close), "The GPL is not a usage license, but a distribution license". That's a very clearcut distinction, and Eben has written the book in this area.

There is a small corner case to watch out for, however, and that's static linking with GPL libraries --- a few people call this "derivation" despite the fact that you're only an end user and are only aggregating the GPL library functions statically with your code, so the issue is slightly grey. However, most linkage with GPL libraries is dynamic, and even Richard Stallman has conceded that legally, dynamic linking cannot ever be derivation but only mere usage. No doubt Eben put him straight on that. "Aggregation is not derivation" appears in the FSF's own explanatory materials.

On the whole then, the answer is "No, you're safe", unless you go out of your way to use static linking, which would open you up to the possibility of occasional arguments within the community, although probably not legal ones.

Source, please?

[jbn-o (555068)]

[...] even Richard Stallman has conceded that legally, dynamic linking cannot ever be derivation but only mere usage. No doubt Eben put him straight on that.

Where would I find Richard Stallman saying this? Where would I find Eben Moglen talking about this? In other words, what's your source?

Re:

[jbn-o (555068)]

For both your questions, the links to these statements appeared (more than once) off the numerous articles about the GPL that we've had here on Slashdot over the years. I tend to follow these topics closely.

It would help us to better understand the claims in this thread if we had specific quotes for both Stallman and Moglen's alleged statements rather than vague recollections and broad generalizations. We don't know what you have read.

Re:

[shutdown -p now (807394)]

Does this mean that LGPL is obsolete?

I'm still very skeptical with regards to what you're saying, because if true, that would open the doors to reuse of GPL code in proprietary closed-source applications on an unprecedented scale. Most certainly that sort of thing would be picked as news of the day by more than one of websites, portals and blogs associated with Linux and OSS - Slashdot, Groklaw etc. Yet I do not recall seeing anything like that. Unless you're implying that FSF is deliberately trying to ke

Re:

[ricegf (1059658)]

The original phrase was "Copyleft: All rights reversed" [gnu.org]. The "reversed" means that the rights of the end user are protected more so than the rights of the developer (the more natural beneficiary of copyright) - to wit, the end user is preserved the rights to run the program for any reason, share the program, examine and learn from the source code, and build and distribute derivatives.

Berkeley et. al. focus on protecting the rights of the developer more than the end user - to wit, the developer can create

Re:

[JesseMcDonald (536341)]

The problem is that copyright itself is contrary to libertarian principles.

BSDL and similar licenses take minimal advantage of copyright themselves, but allow downstream developers to apply as strict a copyright policy as they wish to any derivative works.

The GPL relies more on copyright for enforcement, but is designed to limit the ways in which downstream developers can apply more restrictive copyright and patent policies to GPL-derived works.

Whether you prefer the BSDL or GPL mostly comes down to whether

Re:

[ricegf (1059658)]

I'd mod you +1 interesting if I could. :-) Thanks for the insight into libertarian principles. However...

[BSDL] ... allow downstream developers to apply as strict a copyright policy as they wish to any derivative works.

I don't follow this. The late, great wireless driver controversy [opensourcehypocrisy.org] was specifically about a BSD-licensed driver being changed to GPL, and the consensus seems (I believe) to be that this is not permitted - only the copyright holder can change the license once under BSD.

Or am I missing yo

Re:

[tietokone-olmi (26595)]

Jawohl! Sieg!