Emacs Has Been Violating the GPL Since 2009 295
Digana writes "Emacs, one of GNU's flagship products and the most famous software creation of Richard Stallman, has been discovered to be violating the GPL since 2009-09-28 by distributing binaries that were missing source. The CEDET package, a set of contributed files for giving certain IDE functionality related to static code analysis, has distributed files generated from bison grammars without distributing the grammar itself. This happened for Emacs versions 23.2 and 23.3, released during late 2009, and has just been discovered."
How does this happen? (Score:3)
Doesn't anyone test the source tarball to ensure you can recreate the binary from it?
Re: (Score:2, Funny)
Re:How does this happen? (Score:4, Funny)
Oh crap, I am no one and didn't even know it? No wonder I'm underpaid...
Re: (Score:3, Insightful)
Because no one uses Emacs any more ;D
I still use emacs from time to time. My biggest complaint is that it's not particularly friendly to occasional users. When I used it full time at university, I developed a fairly solid grasp of it. Now that I live in a world that expects Office, I find I have a heck of a time going back - if you don't remember the shortcuts, you're fairly SOL.
Re:How does this happen? (Score:5, Insightful)
The problem in this case is that the concepts of "source code" and "object code" are a bit fuzzy with generated code that is GPL-licensed.
Someone wrote the bison grammar files (which are the missing source code in this case) and "compiled" them, by running bison over them. The resulting files were "object code" in the light of GPL, as they're not really intended nor suitable to be read or edited by a human (and the GPL's definition of source code is "the preferred form of the work for making modifications to it"), but at the same time, they were still technically source code, as in something that can be fed to another compiler, together with the actual source code of Emacs to build the executable Emacs binary.
Thus, the final binary can be recreated from those tarballs just fine, because *technically* it's the full Emacs source code all right. Legally, though, it's not, because of the definitions in GPL.
Re: (Score:2)
So the question is whether the Bison grammar or the generated code is the preferred form for modifications.
Were modifications made to the generated code? Did anybody even make modifications?
Re: (Score:3)
No, there's really no question that the Bison grammar is preferred. The only real question is why this is news at all. It's such a minor violation it's a complete technicality. The code for the Bison implementation and the grammar file are all GPL and available as well, they just weren't in the tarball for distribution due to a small oversight.
Re: (Score:3)
Re:How does this happen? (Score:4, Insightful)
because *technically* it's the full Emacs source code all right
Except that, if I wanted to change the grammar, I'd have to plod through the horrid code bison generated rather than the bison grammar files (which are the "true" source) so even technically it's no more the full Emacs source code than releasing the unassembled ASM output of gcc would be the full source for a C program. In this case, the common technical definition and the legal definition seem to be in unison.
Re: (Score:2)
Yes, you have a point, the comparison to mnemonic assembly output of gcc is a good one. I was trying to find an example such as this, but couldn't think of anything at the moment.
My explanation, however, still answers the OP's question - what was distributed was enough to recreate the binary without raising any suspicions, and that's why this could happen.
Re:How does this happen? (Score:5, Funny)
they're not really intended nor suitable to be read or edited by a human
You mean, like Perl ?
Re: (Score:3)
Thus, the final binary can be recreated from those tarballs just fine, because *technically* it's the full Emacs source code all right. Legally, though, it's not, because of the definitions in GPL.
Not so. If what you seem to be implying were true (that there's no ethical problem with this, just a legal one because of the wording of the GPL), people could simply compile their source down to assembly and distribute the "source" that way. The final binary could be created from the compiler-generated assembly just fine, but that's not the issue here. The goal of the GPL is to prevent distribution of any generated machine instructions (in any form or language) without distribution of the original (in any
Did anyone ASK for that source? (Score:4, Informative)
If not, then it's not breaking GPL.
Re: (Score:3, Informative)
Yes, it is. See GPLv3, section 6. If you make the object downloadable, the source must be, too - no request necessary.
Re:Did anyone ASK for that source? (Score:4, Informative)
Not really strange, no one cares except pedants who were too busy slurping Stallman's wiener and bitching about everyone else to notice their own hypocrisy.
This is simply no big deal, the source to the files IS available. There really ISN'T a GPL violation. Its just not in a specific set of packages, which there is no requirement for it to be so.
The GPL requires the source to be available, it is, its just not included by default, which is perfectly acceptable.
Second, in order for this to be a violation, the authors of said files have to call it a violation. You (nor I) get the right to determine its a violation (again, this goes contrary to what most GPL zealots think). The copyright holder does, to which, the copyright holder may have granted an exception or special license to Emacs for this purpose.
The only thing going on here is a few people getting their panties in a bunch over nothing. Another fine example of why any intelligent company keeps as far away from GPL as possible, the followers of the Cult of GPL will happily stab themselves in the eye because a doctor gives them pink eye medicine.
If the original author of these files hasn't bitched, there is no violation. If he or she has/is then we have something to talk about, but I find it highly unlikely that said person will be raising much hooha about it.
Mistakes happen, everyone needs to not go retarded nuts over shit like this in relation to the GPL, you just make yourselfs look like a bunch of dick heads.
(Note: This post isn't entirely directed at the person I'm responding too, just happens to be the place I decided to post my thoughts)
Re:Did anyone ASK for that source? (Score:5, Interesting)
The GPL requires the source to be available, it is, its just not included by default, which is perfectly acceptable.
No, it isn't available, which is the entire problem.
If you downloaded the source package for emacs from the repositories of your chosen distro, you would not receive the files in question.
Again: Many organizations are distributing emacs binaries, but not making the full source available. That's a GPL violation.
Second, in order for this to be a violation, the authors of said files have to call it a violation
That's simply not true. If you are not in compliance with the terms of a license agreement, then you are not in compliance with the terms of that license agreement whether anyone knows or cares that you are.
For this violation to result in legal action the copyright holder has to know and care.
The only thing going on here is a few people getting their panties in a bunch over nothing.
It isn't nothing, but it also isn't a huge deal because the non-compliance was accidental and the solution straightforward.
The response seems commensurate with the issue. Oh Shit we screwed up, but oh well shit happens.
How about you just ignore whatever few people you see as over-reacting as the outliers they are, and I'll ignore the idiocy you spouted immediately after the last quote up there. Deal?
Re: (Score:3)
RMS already said it's in violation of the GPL. However, to humor you, the "by request" clause is for physical media. Downloadable binaries require downloadable source.
Interestingly, this incident has proven how few of Slashdot's readers actually know the GPL.
Citation needed. Please quote the section that explicitly states this otherwise you are playing lawyer/judge.
Re: (Score:2)
it's build fine since it has the bison output which is all the compiler needs. Basically there are some Elisp files that are actually generated by from some grammar files, those Elisp files were added without the grammar files being added. When doing a build you have no way of knowing that some random Elisp file isn't actually the "true" source code.
Oh, FFS... (Score:3)
...just hit Ctrl + R and Alt + Shift + P + OMG and they're right there!
On a more serious note, It was probably a goof on their part. The fact that no one noticed until now is pretty strange, though.
Re: (Score:3, Insightful)
The fact that no one noticed until now is pretty strange, though.
Does anyone care?
The fact that no one has noticed/complained would to me indicate that no one wants them. If someone wanted them, they would look for them, not find them, inquire, and it would probably have been fixed.
Yes they should be there, and yes this should be fixed but is an (assumably) reasonable mistake this big a deal?
Would be different if someone was refusing to provide the source material or something, but this just seems like a case of “oops, forgot.. give me a sec..”. Certainly not
Re: (Score:2)
Can they be sued for this or something?
The damages are lower for unintentional copyright infringement, but yes, they can be sued. Just because you break the law unintentionally doesn't mean you still haven't broken the law.
Re: (Score:2)
Who have they infringed on? (not a snarky reply, I really don't know. I don't know enough about how the FSF works). This seemed more an issue of contract violation (the contract the devs have with the FSF) in which case the FSF could sue RMS? Or the one who did the merging? Could someone who downloaded the software sue the FSF?
Ugh.. my head hurts now... we need less lawyers in the world ..
Re: (Score:2)
They have infringed on whoever created the .yy source files that are missing, I guess.
Re: (Score:3)
As an anonymous poster above mentioned, I believe it's only a GPL violation if they refused to provide it, right? If no one found out until now, that leads me to believe that no one had asked. This certainly seems in the realm of "whoops, my bad" than in any nefarious hypocrisy from RMS and the Emacs developers.
GPL violation (Score:3)
If they have failed to provide it when requested, not "refused", and they have: the thing that is purported to be the complete source code that is available on request is not the complete "source code" as defined in the GPL, so insofar as everyone who has downloaded the thing purporting to be the complete source code
Re: (Score:2)
Sure they did (violate the GPL). You're still required to provide an offer of source, and to provide it when requested per that offer. They weren't doing that (providing the source when requested), unintentionally or not. That's copyright infringement.
Re:Oh, FFS... (Score:4, Funny)
Sued for what? I can see it now:
If you win, you get a hug from Stallman. if you lose you get 2 hugs.
Re: (Score:2)
I just shuddered. No seriously, it started at the tips of my toes and went all the way to my head, giving me goosebumps and making my hair stand on end all along the way. I think I'll need to sleep with the lights on tonight.
Re: (Score:2)
I read your post, and wondered how it relates to this discussion: http://tech.slashdot.org/story/11/07/28/2244236/Linguists-Out-Men-Impersonating-Women-On-Twitter [slashdot.org]
I thought about it for a few seconds, then realized that I may not WANT to know!
Re: (Score:2)
Nah, if you win you just get a finger.
Re: (Score:3)
Certainly not what I would consider a VERY BAD MISTAKE!!!
It's a bad mistake in that one of the flagship GPL products isn't currently GPL-legal.
It's not so much a legal mistake as massively embarrassing - like the Apple Store signs that have a Windows blue screen of death showing.
Re: (Score:3)
At the risk of feeding the trolls...
Re: (Score:2, Insightful)
Re:The sad thing is... (Score:4, Funny)
RMS will sue himself?
Re: (Score:3)
RMS will sue himself?
Oh now that's just redicu... hmm
Yup, he actually might!
Re: (Score:2)
Maybe now the FOSS zealots will believe the argument 'it could happen to anyone'...
Re: (Score:2)
Maybe now the FOSS zealots will believe the argument 'it could happen to anyone'...
What argument? They believe that distributing software without the source code is a bad thing, which is why the GPL was written. This incident only serves to illustrate their continued belief in that principle.
We have made a very bad mistake. Anyone redistributing those versions
is violating the GPL, through no fault of his own.
We need to fix those releases retroactively (or else delete them), and
we need to do it right away.
I see two quick ways to fix them: to delete the compiled files, or to
add the sources they are made from.
--
Dr Richard Stallman
President, Free Software Foundation
Re: (Score:2)
What argument?
That people can unintentionally violate the GPL. You know, the entire point of this whole incident?
Re: (Score:2)
People unintentionally violate all kinds of laws and contracts. That changes nothing. It is not an argument for or against anything.
If a company or a person does that intentionally or not they can do what RMS said they would do. Delete the files or fix them.
Re:The sad thing is... (Score:5, Insightful)
Yes. And this is what happens all the time in F/OSS license violation cases. No-one pays out zillions of dollars: they fix the infringement. Happens to hardware vendors who haven't got a clue, malicious software vendors who got caught, well-intentioned ones who made a mistake...happens all the time. I dunno why this is suddenly news.
(For example, I suspect it's somewhat unlikely that any Linux distribution's 'F/OSS only' repositories are actually F/OSS only. The distros which take license compliance most seriously - Debian and Fedora/Red Hat - actively search out licensing issues, find them all the time, and get them resolved. This is a deeply un-sexy ongoing background process which most people are shielded from by the power of not giving a crap. But yeah, since we've been finding licensing issues that affect all distros that haven't been caught in years _all the time_, it seems unreasonable to assume that the last big one we found was the last one and everything's fine now.)
tl;dr summary: licensing is hard, mmkay?
Re: (Score:2)
People unintentionally violate all kinds of laws and contracts. That changes nothing. It is not an argument for or against anything.
If a company or a person does that intentionally or not they can do what RMS said they would do. Delete the files or fix them.
And the bigger test will be how fast they fix it now that they know.
The "aw shit" email is from yesterday. I'd be amazed if they don't have a fix in place inside of a week. Whether the fix is adding the missing source or removing the offending code, I couldn't say.
Re: (Score:2)
I keep getting this image of RMS standing in front of a podium, tears streaming down his facing and sobbing out "I have sinned!!"
Re: (Score:2)
Great Scott, how did I get logged out?
What I said was: No, the sad thing is there are people who think it's laudable to score humor points by stylishly saying they don't care and neither should anyone else.
Re: (Score:2)
I think it's interesting that this is a story on Slashdot. The GPL is a copyright license and therefore relies on copyright law to have any power. Anti-copyright, pro-piracy stories are often posted here, yet whenever there's a GPL violation story, copyright is suddenly important again.
It's become something of a Slashdot cliche to see this:
"How dare the RIAA sue those pirates! Piracy isn't even theft!"
Followed by this:
"Somebody stole GPL code? The FSF should take them to court!"
Just pointing out a common do
Re: (Score:2)
It's also been a key hindrance. Just sayin'.
BURN THE WITCH!! (Score:5, Funny)
I saw them consorting with Lucifer in the fields--with mine own eyes, I did! They was compiling binaries with unreleased source and plotting against FOSS hippies, they was!
Re:BURN THE WITCH!! (Score:5, Funny)
And they compiled me into a newt.
Re: (Score:2)
Does that mean they are made of wood?
Re: (Score:2)
I assume you got better?
Re: (Score:2)
Not yet, but he does support up to 1,024 CPUs!
Re: (Score:3)
Don't you mean GNUWT?
Re: (Score:2)
Re: (Score:3)
Accident or Malice? (Score:3)
Re: (Score:2)
On the face of it, this looks like an accident. There really wasn't a lot to be gained by not publishing the source. And the initial message notifying the public was a "we need to fix this yesterday, one way or another". Someone who was doing this out of malice would have put out a "we were notified of the problem and are taking appropriate steps to address the issue" while they covered their asses.
Is that really a GPL violation? (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
please refer to GPL, section 6, part c. There is no obligation to bundle source with the object/binary distribution.
one of the acceptable methods of distributing source code is :
c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.
Re: (Score:3)
I was coming here to post this. A quick check on Wikpedia:
The fourth section for version 2 of the license and the seventh section of version 3 require that programs distributed as pre-compiled binaries are accompanied by a copy of the source code, a written offer to distribute the source code via the same mechanism as the pre-compiled binary, or the written offer to obtain the source code that you got when you received the pre-compiled binary under the GPL
source [wikipedia.org]. So, in other words, not distributing the source with it isn't a problem necessarily, although I imagine they didn't add any written offers to provide the source, so it may be a technical violation. Since I'm sure they would distribute the source on request, and since I imagine you can get the source easily enough if you want, this really doesn't seem to be an issue at all. Except that RMS is... well, a little on the obsessive side, to say t
Re: (Score:2)
Not quite. You basically have two options (simplifying here, and this goes for v2 or v3):
1) Include the source
2) Include an offer to provide the source
Merely publishing the source somewhere isn't enough, and you can't just reactively provide the source when requested. If you don't want to include the source with the binaries, you have to include the offer with the binaries instead.
Re: (Score:2)
I was going to question the correctness of your claim that "merely publishing the source isn't enough", and that you can't do it reactively, as that runs counter to how I'd always understood the license, and then decided I should first check the GPL's terms to be sure that I understood it correctly. ( http://www.gnu.org/licenses/gpl.html [gnu.org] )
The GPL3 (which I believe Emacs uses, as far as I can tell?)'s section six includes the offer "access to copy the Corresponding Source from a network server at no charge".
Re: (Score:2)
It even says that you can store the source and object code on different servers, and that you do not need to require recipients to copy the source along with the object code.
Right, but my point was that the availability of the source wasn't enough if there was no offer. The offer is the crucial part that enables the binaries to be distributed without the source.
Re: (Score:2)
Re: (Score:2)
I was really under the impression that the GPL said you had to distribute the source to anyone you sent the binaries if they actually bothered to request it.
You need to provide the source or make an explicit offer to do so on request. If I've assumed the former and not done the latter, it is a GPL violation.
Re:Is that really a GPL violation? (Score:4, Informative)
Quick Guide to GPL v3 [gnu.org]
The actual wording for network distribution in the GPLv3 says you just have to make or have the source available in the same methods that the binaries were
GPLv3 [gnu.org]
I bet we can find Emacs source on the same server we can find Emacs binaries.
Re: (Score:2)
But no instructions were provided either. RMS already said Emacs was in violation of the GPL, so I'm not sure what the point is of all these investigative posts trying to prove that it's not.
Really a GPL violation. (Score:2)
Everyone who has clicked a link to download the thing that calls itself the source tarball has "actually bothered to request" the source code.
What they received was not the entirety of the "source code" as defined in the GPL, which is the whole basis for characterizing this as a GPL violation.
Re: (Score:2)
Well, RMS himself says Emacs is in violation of the GPL, so you must be wrong in your interpretation.
Re:Is that really a GPL violation? (Score:5, Interesting)
Mod parent up. There is no stipulation in the GPL that source code must accompany any distribution of binaries. Total myth.
Then you better make sure rms knows this since he's the one apparently pertuating this "total myth". You know, since he was the one who wrote the email saying that Emacs was in violation of the GPL.
They were only complying via method a/d, though! (Score:2)
To comply via methods b) or c) where you only need to make the source available to those who request it, you do have to include an offer saying that this is the case with the object code.
But they aren't doing that because nearly everyone distributing emacs is complying with the GPL via methods d -- allowing an optional source download from the same place they downloaded the emacs binary -- or method a -- including the source itself along with the object files in a physical medium.
But because of the omission
Re: (Score:2)
Not only does RMS disagree with you since even he says Emacs is in violation, but the GPL stipulates that the source code must either be included, or a written offer to provide it must be included, and neither was done. You don't just provide the source by request.
Overblown (Score:4, Insightful)
The source code is included. Just not the source for the source code.
Source code (Score:2)
No, object code is included and the source is not (for the component at issue). The fact that the code is in a format that might be used for other source code (and which needs further compilation to make it executable) doesn't make it source code. The GPL defines "source code" as "the preferred form of the work for making modifications to it", and "object code" as " any non-source form of a work". So, under the GPL, what was distributed as
Re: (Score:2)
Fortunately, RMS knows that we like source code in our source code. (yay Lisp!)
Re: (Score:2)
That's not how the GPL defines source code.
It's amusing seeing people become defense lawyers in a GPL violation case when they're so eager to bring out the pitchforks all those times that it's not GNU doing the violating.
Re:Overblown (Score:4, Funny)
Yo dawg! I hurd you like emacs so I put some source code in your source code so you can compile while you compile!
Re: (Score:2)
Re: (Score:2)
haha, ok, now my next character will be 'Namllats Drahcir'.
Emm (Score:2, Informative)
Bison's output isn't binary, it's C (a somewhat contrived and difficult to understand C, but C nevertheless). It doesn't generate "compiled binaries", as the article points out.
It's still source code. Maybe not the original source code, but source code anyway. I don't think that violates the GPL intrinsically (maybe it violates its spirit, but not the license by itself).
No, it isn't source (Score:2)
No, it is not source code in the sense the GPL requires: "the preferred form of the work for making modifications to it". Just because something is in compilable ascii code doesn't make it the source code. You could no doubt convert a binary into some huge hex constant which would be valid C and would compile back to the binary, but nobody would accept that as the source code.
That said, the problem is trivial. It is obviously just a minor cock-up which no-one has noticed. Formally, they should either have i
Re: (Score:2)
Bison's output isn't binary, it's C (a somewhat contrived and difficult to understand C, but C nevertheless). It doesn't generate "compiled binaries", as the article points out.
It's still source code. Maybe not the original source code, but source code anyway. I don't think that violates the GPL intrinsically (maybe it violates its spirit, but not the license by itself).
Which would you prefer to have to make changes to ?
Re: (Score:2)
As I understand it, the license defines "source code" as roughly "if you're going to edit this program, the source code is file you would edit".
And it's worded that way to specifically avoid this scenario - if the original author would use Bison to change the program, the Bison code is the "source", not the outputted C code (because you're not intended to edit the C code - you'd go back to Bison and change it there).
I read up and down the thread a few posts, and I think this is a bit of a tempest in a teapo
Re: (Score:2)
For the hundredth time, that is not how the GPL defines source code. Has anyone here read the GPL?
Moral of the story (Score:2)
It's not really Emacs... (Score:3)
...that has violated the GPL, it's anyone who has _redistributed_ Emacs. The original distributors (FSF, I assume) have presumably had the source available and could have given it to anyone who asked for it, which is what the GPL requires. They just forgot to put it in the tarball.
But people who have redistributed the Emacs package, like for example GNU mirrors or every desktop Linux distribution in the world, could not have made the source available upon request, since they never had it.
text of RMS's mail (Score:5, Informative)
From the mail linked to in the story: http://lists.gnu.org/archive/html/emacs-devel/2011-07/msg01155.html [gnu.org]
Re:text of RMS's mail (Score:5, Insightful)
"We have made a very bad mistake."
No PR bullshit, or excuses, just acknowledgment followed by a suggested solution. In this day it's not often you see that above-quoted sentence. Especially from know-it-alls on the internet who just shoot spitballs at people who get things done.
Yea, peopel make mistakes (Score:2)
They would obviously have fixed it the moment somebody points it out. If somebody was daft enough to go to court over it. They'd basically say "yea, this was a mistake, we didn't notice it because nobody seems to have been bothered with it, so we don't think it really affected anybody. When we became aware of it we fixed it." If that kind of thing did not stand up in court you'd basically be liable every time you had a network problem. Now granted some countries have fucked up legal systems, but that is not
Rally the troops! (Score:2)
FSF owns Emacs (Score:3)
The FSF is the copyright holder of Emacs. All code that is integrated with Emacs is covered by a copyright assignment. They can't violate the GPL when they distribute Emacs, because they are not bound by it.
You know what to do, RMS (Score:5, Funny)
Re: (Score:2)
How can it be a false accusation if rms admits that it's a GPL violation himself?
Re: (Score:2)
I think it would take a panel of judges and a legion of lawyers to fight out how many angels would fit on the head of this particular pin, and afterward people would still disagree.
Better to err on the side of doing it right (admitting fault and correcting the issue) than to open up a gray area precedent that might be exploited by someone else.
Re: (Score:2)
Re: (Score:2)
Better tell RMS that he's wrong then, since he's the one who says Emacs is in violation of the GPL.
No, it's not. This incident is proving just how many Slashdotters don't even understand the GPL. The "by request" obligation is for physical media.
Re: (Score:2)
Re: (Score:2)
Its a violation of the GPL if the distributor of the binaries doesn't either bundle the source code or provide a written offer to provide the source code on request or if, on request, they fail to provide the source code.
So, when they distribute object code and call it source code, and don't accompany it with a written offer to provide the actual sour
Re: (Score:2)
This is getting surreal. RMS himself said it was a GPL violation, but now everyone's trying to prove him wrong and declare that it wasn't. I never thought I'd see people in a GPL violation article on Slashdot defending the violator, much less contradict RMS himself on what is a violation and what isn't.
Re: (Score:2)
I don't think you are qualified to determine the qualifications of others to determine the terms of the GPL. :P
(is this infinitely recursive?)
Re: (Score:2)
You know, people make mistakes. Especially groups of people when they don't realize that something wasn't someone else's responsibility. I think that RMS's immediate response of "we have to fix this yesterday" (paraphrased) shows that he is NOT a hypocrite, but is rather working fast to rectify the situation.