Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
GNU is Not Unix Open Source Programming News

Emacs Has Been Violating the GPL Since 2009 295

Digana writes "Emacs, one of GNU's flagship products and the most famous software creation of Richard Stallman, has been discovered to be violating the GPL since 2009-09-28 by distributing binaries that were missing source. The CEDET package, a set of contributed files for giving certain IDE functionality related to static code analysis, has distributed files generated from bison grammars without distributing the grammar itself. This happened for Emacs versions 23.2 and 23.3, released during late 2009, and has just been discovered."
This discussion has been archived. No new comments can be posted.

Emacs Has Been Violating the GPL Since 2009

Comments Filter:
  • by Hatta ( 162192 ) on Friday July 29, 2011 @10:34AM (#36921886) Journal

    Doesn't anyone test the source tarball to ensure you can recreate the binary from it?

    • Re: (Score:2, Funny)

      by chrisj_0 ( 825246 )
      Because no one uses Emacs any more ;D
      • by iceaxe ( 18903 ) on Friday July 29, 2011 @10:50AM (#36922124) Journal

        Oh crap, I am no one and didn't even know it? No wonder I'm underpaid...

      • Re: (Score:3, Insightful)

        by anyGould ( 1295481 )

        Because no one uses Emacs any more ;D

        I still use emacs from time to time. My biggest complaint is that it's not particularly friendly to occasional users. When I used it full time at university, I developed a fairly solid grasp of it. Now that I live in a world that expects Office, I find I have a heck of a time going back - if you don't remember the shortcuts, you're fairly SOL.

    • by Enleth ( 947766 ) <enleth@enleth.com> on Friday July 29, 2011 @10:45AM (#36922054) Homepage

      The problem in this case is that the concepts of "source code" and "object code" are a bit fuzzy with generated code that is GPL-licensed.

      Someone wrote the bison grammar files (which are the missing source code in this case) and "compiled" them, by running bison over them. The resulting files were "object code" in the light of GPL, as they're not really intended nor suitable to be read or edited by a human (and the GPL's definition of source code is "the preferred form of the work for making modifications to it"), but at the same time, they were still technically source code, as in something that can be fed to another compiler, together with the actual source code of Emacs to build the executable Emacs binary.

      Thus, the final binary can be recreated from those tarballs just fine, because *technically* it's the full Emacs source code all right. Legally, though, it's not, because of the definitions in GPL.

      • by mwvdlee ( 775178 )

        So the question is whether the Bison grammar or the generated code is the preferred form for modifications.
        Were modifications made to the generated code? Did anybody even make modifications?

        • No, there's really no question that the Bison grammar is preferred. The only real question is why this is news at all. It's such a minor violation it's a complete technicality. The code for the Bison implementation and the grammar file are all GPL and available as well, they just weren't in the tarball for distribution due to a small oversight.

      • by xouumalperxe ( 815707 ) on Friday July 29, 2011 @11:00AM (#36922274)

        because *technically* it's the full Emacs source code all right

        Except that, if I wanted to change the grammar, I'd have to plod through the horrid code bison generated rather than the bison grammar files (which are the "true" source) so even technically it's no more the full Emacs source code than releasing the unassembled ASM output of gcc would be the full source for a C program. In this case, the common technical definition and the legal definition seem to be in unison.

        • by Enleth ( 947766 )

          Yes, you have a point, the comparison to mnemonic assembly output of gcc is a good one. I was trying to find an example such as this, but couldn't think of anything at the moment.

          My explanation, however, still answers the OP's question - what was distributed was enough to recreate the binary without raising any suspicions, and that's why this could happen.

      • by Anonymous Coward on Friday July 29, 2011 @11:43AM (#36922980)

        they're not really intended nor suitable to be read or edited by a human

        You mean, like Perl ?

      • Thus, the final binary can be recreated from those tarballs just fine, because *technically* it's the full Emacs source code all right. Legally, though, it's not, because of the definitions in GPL.

        Not so. If what you seem to be implying were true (that there's no ethical problem with this, just a legal one because of the wording of the GPL), people could simply compile their source down to assembly and distribute the "source" that way. The final binary could be created from the compiler-generated assembly just fine, but that's not the issue here. The goal of the GPL is to prevent distribution of any generated machine instructions (in any form or language) without distribution of the original (in any

    • by Anonymous Coward on Friday July 29, 2011 @10:52AM (#36922144)

      If not, then it's not breaking GPL.

      • Re: (Score:3, Informative)

        by msauve ( 701917 )
        "If not, then it's not breaking GPL."

        Yes, it is. See GPLv3, section 6. If you make the object downloadable, the source must be, too - no request necessary.
        • by BitZtream ( 692029 ) on Friday July 29, 2011 @11:17AM (#36922522)

          Not really strange, no one cares except pedants who were too busy slurping Stallman's wiener and bitching about everyone else to notice their own hypocrisy.

          This is simply no big deal, the source to the files IS available. There really ISN'T a GPL violation. Its just not in a specific set of packages, which there is no requirement for it to be so.

          The GPL requires the source to be available, it is, its just not included by default, which is perfectly acceptable.

          Second, in order for this to be a violation, the authors of said files have to call it a violation. You (nor I) get the right to determine its a violation (again, this goes contrary to what most GPL zealots think). The copyright holder does, to which, the copyright holder may have granted an exception or special license to Emacs for this purpose.

          The only thing going on here is a few people getting their panties in a bunch over nothing. Another fine example of why any intelligent company keeps as far away from GPL as possible, the followers of the Cult of GPL will happily stab themselves in the eye because a doctor gives them pink eye medicine.

          If the original author of these files hasn't bitched, there is no violation. If he or she has/is then we have something to talk about, but I find it highly unlikely that said person will be raising much hooha about it.

          Mistakes happen, everyone needs to not go retarded nuts over shit like this in relation to the GPL, you just make yourselfs look like a bunch of dick heads.

          (Note: This post isn't entirely directed at the person I'm responding too, just happens to be the place I decided to post my thoughts)

          • by Chris Burke ( 6130 ) on Friday July 29, 2011 @01:44PM (#36925186) Homepage

            The GPL requires the source to be available, it is, its just not included by default, which is perfectly acceptable.

            No, it isn't available, which is the entire problem.

            If you downloaded the source package for emacs from the repositories of your chosen distro, you would not receive the files in question.

            Again: Many organizations are distributing emacs binaries, but not making the full source available. That's a GPL violation.

            Second, in order for this to be a violation, the authors of said files have to call it a violation

            That's simply not true. If you are not in compliance with the terms of a license agreement, then you are not in compliance with the terms of that license agreement whether anyone knows or cares that you are.

            For this violation to result in legal action the copyright holder has to know and care.

            The only thing going on here is a few people getting their panties in a bunch over nothing.

            It isn't nothing, but it also isn't a huge deal because the non-compliance was accidental and the solution straightforward.

            The response seems commensurate with the issue. Oh Shit we screwed up, but oh well shit happens.

            How about you just ignore whatever few people you see as over-reacting as the outliers they are, and I'll ignore the idiocy you spouted immediately after the last quote up there. Deal?

    • it's build fine since it has the bison output which is all the compiler needs. Basically there are some Elisp files that are actually generated by from some grammar files, those Elisp files were added without the grammar files being added. When doing a build you have no way of knowing that some random Elisp file isn't actually the "true" source code.

  • by Penguinisto ( 415985 ) on Friday July 29, 2011 @10:35AM (#36921902) Journal

    ...just hit Ctrl + R and Alt + Shift + P + OMG and they're right there!

    On a more serious note, It was probably a goof on their part. The fact that no one noticed until now is pretty strange, though.

    • Re: (Score:3, Insightful)

      by Anrego ( 830717 ) *

      The fact that no one noticed until now is pretty strange, though.

      Does anyone care?

      The fact that no one has noticed/complained would to me indicate that no one wants them. If someone wanted them, they would look for them, not find them, inquire, and it would probably have been fixed.

      Yes they should be there, and yes this should be fixed but is an (assumably) reasonable mistake this big a deal?

      Would be different if someone was refusing to provide the source material or something, but this just seems like a case of “oops, forgot.. give me a sec..”. Certainly not

      • by Guspaz ( 556486 )

        Can they be sued for this or something?

        The damages are lower for unintentional copyright infringement, but yes, they can be sued. Just because you break the law unintentionally doesn't mean you still haven't broken the law.

        • by Anrego ( 830717 ) *

          Who have they infringed on? (not a snarky reply, I really don't know. I don't know enough about how the FSF works). This seemed more an issue of contract violation (the contract the devs have with the FSF) in which case the FSF could sue RMS? Or the one who did the merging? Could someone who downloaded the software sue the FSF?

          Ugh.. my head hurts now... we need less lawyers in the world ..

          • by PhilHibbs ( 4537 )

            They have infringed on whoever created the .yy source files that are missing, I guess.

          • by gknoy ( 899301 )

            As an anonymous poster above mentioned, I believe it's only a GPL violation if they refused to provide it, right? If no one found out until now, that leads me to believe that no one had asked. This certainly seems in the realm of "whoops, my bad" than in any nefarious hypocrisy from RMS and the Emacs developers.

            • As an anonymous poster above mentioned, I believe it's only a GPL violation if they refused to provide it, right? If no one found out until now, that leads me to believe that no one had asked.

              If they have failed to provide it when requested, not "refused", and they have: the thing that is purported to be the complete source code that is available on request is not the complete "source code" as defined in the GPL, so insofar as everyone who has downloaded the thing purporting to be the complete source code

      • by geekoid ( 135745 ) <dadinportland@y[ ]o.com ['aho' in gap]> on Friday July 29, 2011 @10:50AM (#36922126) Homepage Journal

        Sued for what? I can see it now:

        If you win, you get a hug from Stallman. if you lose you get 2 hugs.

      • Certainly not what I would consider a VERY BAD MISTAKE!!!

        It's a bad mistake in that one of the flagship GPL products isn't currently GPL-legal.

        It's not so much a legal mistake as massively embarrassing - like the Apple Store signs that have a Windows blue screen of death showing.

  • Re: (Score:2, Insightful)

    Comment removed based on user account deletion
    • by rbrausse ( 1319883 ) on Friday July 29, 2011 @10:38AM (#36921940)

      RMS will sue himself?

    • by kenh ( 9056 )

      Maybe now the FOSS zealots will believe the argument 'it could happen to anyone'...

      • by jdgeorge ( 18767 )

        Maybe now the FOSS zealots will believe the argument 'it could happen to anyone'...

        What argument? They believe that distributing software without the source code is a bad thing, which is why the GPL was written. This incident only serves to illustrate their continued belief in that principle.

        We have made a very bad mistake. Anyone redistributing those versions
        is violating the GPL, through no fault of his own.

        We need to fix those releases retroactively (or else delete them), and
        we need to do it right away.

        I see two quick ways to fix them: to delete the compiled files, or to
        add the sources they are made from.

        --
        Dr Richard Stallman
        President, Free Software Foundation

        • What argument?

          That people can unintentionally violate the GPL. You know, the entire point of this whole incident?

          • by h4rr4r ( 612664 )

            People unintentionally violate all kinds of laws and contracts. That changes nothing. It is not an argument for or against anything.

            If a company or a person does that intentionally or not they can do what RMS said they would do. Delete the files or fix them.

            • by AdamWill ( 604569 ) on Friday July 29, 2011 @11:08AM (#36922400) Homepage

              Yes. And this is what happens all the time in F/OSS license violation cases. No-one pays out zillions of dollars: they fix the infringement. Happens to hardware vendors who haven't got a clue, malicious software vendors who got caught, well-intentioned ones who made a mistake...happens all the time. I dunno why this is suddenly news.

              (For example, I suspect it's somewhat unlikely that any Linux distribution's 'F/OSS only' repositories are actually F/OSS only. The distros which take license compliance most seriously - Debian and Fedora/Red Hat - actively search out licensing issues, find them all the time, and get them resolved. This is a deeply un-sexy ongoing background process which most people are shielded from by the power of not giving a crap. But yeah, since we've been finding licensing issues that affect all distros that haven't been caught in years _all the time_, it seems unreasonable to assume that the last big one we found was the last one and everything's fine now.)

              tl;dr summary: licensing is hard, mmkay?

            • People unintentionally violate all kinds of laws and contracts. That changes nothing. It is not an argument for or against anything.

              If a company or a person does that intentionally or not they can do what RMS said they would do. Delete the files or fix them.

              And the bigger test will be how fast they fix it now that they know.

              The "aw shit" email is from yesterday. I'd be amazed if they don't have a fix in place inside of a week. Whether the fix is adding the missing source or removing the offending code, I couldn't say.

    • by Synn ( 6288 )

      I keep getting this image of RMS standing in front of a podium, tears streaming down his facing and sobbing out "I have sinned!!"

    • by jlusk4 ( 2831 )

      Great Scott, how did I get logged out?

      What I said was: No, the sad thing is there are people who think it's laudable to score humor points by stylishly saying they don't care and neither should anyone else.

    • by bonch ( 38532 ) *

      I think it's interesting that this is a story on Slashdot. The GPL is a copyright license and therefore relies on copyright law to have any power. Anti-copyright, pro-piracy stories are often posted here, yet whenever there's a GPL violation story, copyright is suddenly important again.

      It's become something of a Slashdot cliche to see this:
      "How dare the RIAA sue those pirates! Piracy isn't even theft!"

      Followed by this:
      "Somebody stole GPL code? The FSF should take them to court!"

      Just pointing out a common do

  • by elrous0 ( 869638 ) * on Friday July 29, 2011 @10:36AM (#36921914)

    I saw them consorting with Lucifer in the fields--with mine own eyes, I did! They was compiling binaries with unreleased source and plotting against FOSS hippies, they was!

  • by captaindomon ( 870655 ) on Friday July 29, 2011 @10:36AM (#36921916)
    That's the most important question.
    • On the face of it, this looks like an accident. There really wasn't a lot to be gained by not publishing the source. And the initial message notifying the public was a "we need to fix this yesterday, one way or another". Someone who was doing this out of malice would have put out a "we were notified of the problem and are taking appropriate steps to address the issue" while they covered their asses.

  • by FooAtWFU ( 699187 ) on Friday July 29, 2011 @10:38AM (#36921944) Homepage
    I was really under the impression that the GPL said you had to distribute the source to anyone you sent the binaries if they actually bothered to request it. I mean, usually that means you publish both, just as a matter of convenience, but not of necessity.
    • by Tim C ( 15259 )
      That seems to be the point though - not only are the sources not included, they're not made available either. That means that you or I can download that binary and (incomplete) source distribution of EMACS, give it to someone else, and thus be in violation of the GPL as we cannot make the full source available.
      • please refer to GPL, section 6, part c. There is no obligation to bundle source with the object/binary distribution.

        one of the acceptable methods of distributing source code is :

        c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.

    • I was coming here to post this. A quick check on Wikpedia:

      The fourth section for version 2 of the license and the seventh section of version 3 require that programs distributed as pre-compiled binaries are accompanied by a copy of the source code, a written offer to distribute the source code via the same mechanism as the pre-compiled binary, or the written offer to obtain the source code that you got when you received the pre-compiled binary under the GPL

      source [wikipedia.org]. So, in other words, not distributing the source with it isn't a problem necessarily, although I imagine they didn't add any written offers to provide the source, so it may be a technical violation. Since I'm sure they would distribute the source on request, and since I imagine you can get the source easily enough if you want, this really doesn't seem to be an issue at all. Except that RMS is... well, a little on the obsessive side, to say t

    • by Guspaz ( 556486 )

      Not quite. You basically have two options (simplifying here, and this goes for v2 or v3):

      1) Include the source
      2) Include an offer to provide the source

      Merely publishing the source somewhere isn't enough, and you can't just reactively provide the source when requested. If you don't want to include the source with the binaries, you have to include the offer with the binaries instead.

      • by gknoy ( 899301 )

        I was going to question the correctness of your claim that "merely publishing the source isn't enough", and that you can't do it reactively, as that runs counter to how I'd always understood the license, and then decided I should first check the GPL's terms to be sure that I understood it correctly. ( http://www.gnu.org/licenses/gpl.html [gnu.org] )

        The GPL3 (which I believe Emacs uses, as far as I can tell?)'s section six includes the offer "access to copy the Corresponding Source from a network server at no charge".

        • by Guspaz ( 556486 )

          It even says that you can store the source and object code on different servers, and that you do not need to require recipients to copy the source along with the object code.

          Right, but my point was that the availability of the source wasn't enough if there was no offer. The offer is the crucial part that enables the binaries to be distributed without the source.

    • by msauve ( 701917 )
      Actually, you're supposed to make it available if you're distributing downloadable copies, no request necessary. The "by request" is if you distribute physically (in a device, or on physical media). See Section 6, Conveying Non-Source Forms, of GPLv3 [gnu.org].
    • by Shimbo ( 100005 )

      I was really under the impression that the GPL said you had to distribute the source to anyone you sent the binaries if they actually bothered to request it.

      You need to provide the source or make an explicit offer to do so on request. If I've assumed the former and not done the latter, it is a GPL violation.

    • by 0racle ( 667029 ) on Friday July 29, 2011 @10:56AM (#36922214)
      That is the basic gist of it. Source doesn't have to be shipped together with binaries. GPLv3 changes the 'bothered to request it' part as that is something of an artifact of physical media distribution of GNU software.
      Quick Guide to GPL v3 [gnu.org]

      One of the fundamental requirements of the GPL is that when you distribute object code to users, you must also provide them with a way to get the source. GPLv2 gave you a few ways to do this, and GPLv3 keeps those intact with some clarification. It also offers you new ways to provide source when you convey object code over a network. For instance, when you host object code on a web or FTP server, you can simply provide instructions that tell visitors how to get the source from a third-party server.

      The actual wording for network distribution in the GPLv3 says you just have to make or have the source available in the same methods that the binaries were
      GPLv3 [gnu.org]

      d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements.

      I bet we can find Emacs source on the same server we can find Emacs binaries.

      • by bonch ( 38532 ) *

        But no instructions were provided either. RMS already said Emacs was in violation of the GPL, so I'm not sure what the point is of all these investigative posts trying to prove that it's not.

    • I was really under the impression that the GPL said you had to distribute the source to anyone you sent the binaries if they actually bothered to request it.

      Everyone who has clicked a link to download the thing that calls itself the source tarball has "actually bothered to request" the source code.

      What they received was not the entirety of the "source code" as defined in the GPL, which is the whole basis for characterizing this as a GPL violation.

    • by bonch ( 38532 ) *

      Well, RMS himself says Emacs is in violation of the GPL, so you must be wrong in your interpretation.

  • Overblown (Score:4, Insightful)

    by Spazmania ( 174582 ) on Friday July 29, 2011 @10:39AM (#36921956) Homepage

    The source code is included. Just not the source for the source code.

    • The source code is included. Just not the source for the source code.

      No, object code is included and the source is not (for the component at issue). The fact that the code is in a format that might be used for other source code (and which needs further compilation to make it executable) doesn't make it source code. The GPL defines "source code" as "the preferred form of the work for making modifications to it", and "object code" as " any non-source form of a work". So, under the GPL, what was distributed as

    • by gknoy ( 899301 )

      Fortunately, RMS knows that we like source code in our source code. (yay Lisp!)

    • by bonch ( 38532 ) *

      That's not how the GPL defines source code.

      It's amusing seeing people become defense lawyers in a GPL violation case when they're so eager to bring out the pitchforks all those times that it's not GNU doing the violating.

    • by Sponge Bath ( 413667 ) on Friday July 29, 2011 @11:38AM (#36922880)

      Yo dawg! I hurd you like emacs so I put some source code in your source code so you can compile while you compile!

  • Comment removed based on user account deletion
  • Emm (Score:2, Informative)

    by kikito ( 971480 )

    Bison's output isn't binary, it's C (a somewhat contrived and difficult to understand C, but C nevertheless). It doesn't generate "compiled binaries", as the article points out.

    It's still source code. Maybe not the original source code, but source code anyway. I don't think that violates the GPL intrinsically (maybe it violates its spirit, but not the license by itself).

    • No, it is not source code in the sense the GPL requires: "the preferred form of the work for making modifications to it". Just because something is in compilable ascii code doesn't make it the source code. You could no doubt convert a binary into some huge hex constant which would be valid C and would compile back to the binary, but nobody would accept that as the source code.

      That said, the problem is trivial. It is obviously just a minor cock-up which no-one has noticed. Formally, they should either have i

    • by Thud457 ( 234763 )

      Bison's output isn't binary, it's C (a somewhat contrived and difficult to understand C, but C nevertheless). It doesn't generate "compiled binaries", as the article points out.
      It's still source code. Maybe not the original source code, but source code anyway. I don't think that violates the GPL intrinsically (maybe it violates its spirit, but not the license by itself).

      Which would you prefer to have to make changes to ?

    • As I understand it, the license defines "source code" as roughly "if you're going to edit this program, the source code is file you would edit".

      And it's worded that way to specifically avoid this scenario - if the original author would use Bison to change the program, the Bison code is the "source", not the outputted C code (because you're not intended to edit the C code - you'd go back to Bison and change it there).

      I read up and down the thread a few posts, and I think this is a bit of a tempest in a teapo

    • by bonch ( 38532 ) *

      For the hundredth time, that is not how the GPL defines source code. Has anyone here read the GPL?

  • Just goes to show how few people really give a shit about this stuff.
  • by mmcuh ( 1088773 ) on Friday July 29, 2011 @10:52AM (#36922146)

    ...that has violated the GPL, it's anyone who has _redistributed_ Emacs. The original distributors (FSF, I assume) have presumably had the source available and could have given it to anyone who asked for it, which is what the GPL requires. They just forgot to put it in the tarball.

    But people who have redistributed the Emacs package, like for example GNU mirrors or every desktop Linux distribution in the world, could not have made the source available upon request, since they never had it.

  • text of RMS's mail (Score:5, Informative)

    by ciaran_o_riordan ( 662132 ) on Friday July 29, 2011 @10:53AM (#36922174) Homepage
    For anyone who didn't click the link, here's RMS's reaction:

    We have made a very bad mistake. Anyone redistributing those versions is violating the GPL, through no fault of his own.

    We need to fix those releases retroactively (or else delete them), and we need to do it right away.

    I see two quick ways to fix them: to delete the compiled files, or to add the sources they are made from.

    From the mail linked to in the story: http://lists.gnu.org/archive/html/emacs-devel/2011-07/msg01155.html [gnu.org]

    • by Beelzebud ( 1361137 ) on Friday July 29, 2011 @11:22AM (#36922586)
      People seem to love hating on this guy, but let's look at how he handled the situation:

      "We have made a very bad mistake."

      No PR bullshit, or excuses, just acknowledgment followed by a suggested solution. In this day it's not often you see that above-quoted sentence. Especially from know-it-alls on the internet who just shoot spitballs at people who get things done.
  • They would obviously have fixed it the moment somebody points it out. If somebody was daft enough to go to court over it. They'd basically say "yea, this was a mistake, we didn't notice it because nobody seems to have been bothered with it, so we don't think it really affected anybody. When we became aware of it we fixed it." If that kind of thing did not stand up in court you'd basically be liable every time you had a network problem. Now granted some countries have fucked up legal systems, but that is not

  • I'm waiting for the email from Defective By Design demanding that we boycott emacs and/or send large amounts of some token object to Stallman.
  • by Alan Shutko ( 5101 ) on Friday July 29, 2011 @11:01AM (#36922296) Homepage

    The FSF is the copyright holder of Emacs. All code that is integrated with Emacs is covered by a copyright assignment. They can't violate the GPL when they distribute Emacs, because they are not bound by it.

  • by AdmiralXyz ( 1378985 ) on Friday July 29, 2011 @11:03AM (#36922332)
    It's a good thing people gave Stallman that katana [xkcd.com] after the xkcd strip came out, because there's now only one option [wikipedia.org]. Reclaim your honor, sir.

We all agree on the necessity of compromise. We just can't agree on when it's necessary to compromise. -- Larry Wall

Working...