Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
GNU is Not Unix Software Linux

Enforcing the GPL On Software Companies? 480

Piranhaa"I currently use an IPTV box that runs software by Minerva Networks. When you ssh into the box, you are greeted with a BusyBox v1.00 (ash) shell. It's clearly running a flavor of Linux (uname -apm outputs: Linux minerva_10_0_3_99 2.4.30-tango2-2.7.144.0 #29 Wed Mar 16 16:16:16 CET 2005 mips unknown). However, when you look at their Web site there is no publicly available source code. Since the GPL in both BusyBox and the Linux kernel require that anyone using and distributing the binaries of this software make source available to everyone, what would one do in order to enforce this? I've personally emailed Minerva and left voicemails with no reply."
This discussion has been archived. No new comments can be posted.

Enforcing the GPL On Software Companies?

Comments Filter:
  • Write to the FSF. (Score:3, Informative)

    by V!NCENT ( 1105021 ) on Sunday June 22, 2008 @04:37AM (#23892719)
    The GPL itself says you should write to the FSF when someone is violating the GPL.
    • Re:Write to the FSF. (Score:5, Informative)

      by kie ( 30381 ) on Sunday June 22, 2008 @04:48AM (#23892777) Homepage Journal

      http://www.gpl-violations.org/ [gpl-violations.org]

      might be a good place to start.

      • Re:Write to the FSF. (Score:4, Interesting)

        by LWATCDR ( 28044 ) on Sunday June 22, 2008 @06:17PM (#23898057) Homepage Journal

        Wouldn't contacting the company be a better place to start? They are not required to put the source code on the website.
        Also if they don't modify the source do they have to make it available? Does Dell offer Ubuntu for download?

        • Making available... (Score:3, Informative)

          by mengel ( 13619 )
          I believe the GPL requires you to make the source code "available". Many folks choose to implement this by putting the code on their website; but you can send a CD-ROM to folks who ask, or even (I think) a paper listing...

          And if they aren't making any modifications to said source code, they may be able to get away with referring you to somewhere else that the code is available...

          Oh, and you're only required to give source code to people to whom you give binaries; not anyone else.

        • Re: (Score:3, Informative)

          by michrech ( 468134 )

          If you had read even the summary, you'd see that he has already tried contacting the company and has received no reply.

          "I've personally emailed Minerva and left voicemails with no reply."

          Wouldn't contacting the company be a better place to start? They are not required to put the source code on the website.
          Also if they don't modify the source do they have to make it available? Does Dell offer Ubuntu for download?

    • by Anonymous Coward

      The FSF will of course normally help, but the companies license is with the author of the software. The FSF can't do any enforcement and can't really help if they don't own the copyright to the code. Do clear work to prove the case and then contact the authors of the software with all he information you have. One important thing to do is to ensure you request the source code in writing in a registered letter and keep a copy of it.

    • Re:Write to the FSF. (Score:4, Informative)

      by Ed Avis ( 5917 ) <ed@membled.com> on Sunday June 22, 2008 @05:57AM (#23893037) Homepage

      The GPL itself says you should write to the FSF when someone is violating the GPL.
      GPL version 2 (which Busybox 1.00 uses, and also Linux) doesn't say that anywhere. Nor does version 3. What part are you looking at?
      • Re: (Score:2, Informative)

        by V!NCENT ( 1105021 )

        You're absolutely right. I made a mistake. I just grabbed a hardcopy of the GPLv2 and it says:

        You should have recieved a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation"

        Apparently my memory doesn't serve me well.

  • by tolan-b ( 230077 ) on Sunday June 22, 2008 @04:37AM (#23892721)

    IANAL but as I understand it the GPL requires that source is made available to customers, not everyone. Of course in this case they don't appear to be making it available to customers either.

    • by BokLM ( 550487 ) <boklm@mars-attacks.org> on Sunday June 22, 2008 @04:57AM (#23892819) Homepage Journal

      It depends. If they give the source code with the programs, then they can give it only to their customers, and they don't have to give it to anyone else. However if they decide instead to only give a written offer to ask the source with their programs, as allowed by the GPL, then they should give the source code to whoever is asking, not only customers.

    • End User Not Owner? (Score:5, Interesting)

      by Frosty Piss ( 770223 ) on Sunday June 22, 2008 @05:17AM (#23892903)

      IANAL but as I understand it the GPL requires that source is made available to customers, not everyone. Of course in this case they don't appear to be making it available to customers either.
      What if the end-user, the guy with the box, doesn't own it? Suppose the IPTV company maintains ownership of the box? Than the end-user wouldn't need to be provided with the code?
      • by BokLM ( 550487 ) <boklm@mars-attacks.org> on Sunday June 22, 2008 @05:38AM (#23892975) Homepage Journal

        What if the end-user, the guy with the box, doesn't own it? Suppose the IPTV company maintains ownership of the box? Than the end-user wouldn't need to be provided with the code?

        That's what free.fr (a french isp renting box running linux and other GPL software) is doing. But this is sort of a grey area here, the GPL doesn't talk about ownership, it talks about distribution, and this is up to the judge to decide whether it is distribution or not in this case. Here some people are going to sue free.fr because they refuse to distribute the sources they modified, we'll see what happens ...

        • by bipbop ( 1144919 ) on Sunday June 22, 2008 @06:19AM (#23893113)
          Working at a company with multiple physically distant colos, our legal dept informed us that we could not alter GPL code and push it to the servers without distributing the source publicly, because copying it over to the physically distant servers could be (and was presumed to be) "distribution". So, even "owning" every box it ran on, and giving binaries to no one else, legal felt distribution was taking place--or at least, felt it was a serious enough interpretation that they wouldn't want us to get sued after assuming it was false.
          • by Minwee ( 522556 ) <dcr@neverwhen.org> on Sunday June 22, 2008 @07:50AM (#23893525) Homepage
            You may want to send your legal department a copy of the GPL [gnu.org], and possibly a copy of the accompanying FAQ [gnu.org], which explains things in terms simple enough for non-lawyers or even just really confused lawyers to understand.
            • by MathFox ( 686808 )
              What does the company lose when bugfixes and amall enhancements are given back to the Open Source community?
              How much does the company gain from giving those enhancements back?

              Having a good name with some FOSS projects is not bad; profit starts when other people maintain your private extensions for free.

          • by growse ( 928427 )

            Seeing as you only have to provide the source to those who you have also provided the binary to, your legal department appear to be wrong.

            If you're distributing it to yourself, then you have to make the source code available to yourself. Shouldn't be too hard.

            Actually, there's a more subtle problem here - if you operate as different legal entities in different parts of the world (Company PLC in the UK, Company INC in the US, Company GMBH in germany, whatever), then I believe you have to make the source

    • Re: (Score:3, Informative)

      by Tsunayoshi ( 789351 )

      But making available does not imply you have to put a link for the srouce code on your website.

      If you had a process where someone had to fill out a form, include a product receipt, send $5 for shipping and then the party was sent a DVD in the mail with the source code, you would be meeting the requirements of the GPL.

    • by Confused ( 34234 )

      If they use Busybox or the kernel unmodified, it might be enough if they point you to the default repository. They also have no obligations, to make available applications they build on top of those packages or the configuration parameters.

      Things usually get messy, if those people start to include their own drivers or modify the packages. Then they need to publish those for their customers.

      Finding out which is the case can take time, and if they just tell you to get the sources at www.busybox.net, you have

    • Just a thought here. Could it depends on who the custom is here or what the customer is purchasing. Who owns the box? My guess is Minerva Networks owns the box and not you. They are letting you use the box as part of a subscription.

    • Re: (Score:3, Interesting)

      by thermian ( 1267986 )

      I can see why they would think this was easy to get away with.

      Even sourceforge have allowed projects to use their services which state they are open source, under the GPL, and yet do not make source code available.

      Here's one example.
      http://audiobookcutter.sourceforge.net/ [sourceforge.net]
      The company concerned used sourceforge until their product was ready, then moved it onto their own site, changing the product to a free, but feature reduced version, and a paid for full feature version. The source code has never been made a

      • Re: (Score:3, Informative)

        by jonbryce ( 703250 )

        They can do that because they own the copyright because they wrote it. It may or may not violate Sourceforge's TOS, but that's a completely different matter.

      • by Sique ( 173459 )

        But the company concerned can't do anything about people downloading the source while it was still under GPL and now redistributing it or modify it on their own. Those people got a copy under GPL, and this entitles them to use the copy to their will as long as they comply with the GPL.

      • One cannot enter into a contract with one's self. Just a little FYI there.

        C//

  • by Anonymous Coward

    most STBs that i am familiar with are largely stock linux builds, running a proprietry IPTV application on top. The GPL does not requre a standalone application that sits on the linux box be distributed as source code

  • gpl-violations.org (Score:2, Informative)

    by stefankoegl ( 687410 )
    Maybe the guys at http://gpl-violations.org/ [gpl-violations.org] can help.
  • Notify the authors (Score:5, Informative)

    by mikrorechner ( 621077 ) on Sunday June 22, 2008 @04:52AM (#23892791)
    You could notify the authors (and copyright holders) of BusyBox [busybox.net].

    Unlike Linus, they are pretty strict on companies infringing on the GPL, and have sued (and won) several times.

    Take a look at gpl-violations.org [gpl-violations.org] or google "busybox gpl violation" for more information.
    • by Anonymous Coward on Sunday June 22, 2008 @05:04AM (#23892849)

      From busybox.net:
      "The email address gpl@busybox.net is the recommended way to contact the Software Freedom Law Center to report BusyBox license violations."

      Contacting the busybox developers and the SFLC is the first to do. Then post all information you know at the technical mailing list of gpl-violations.org.

      thats at least what i did to get to the Hammer MyShare GPL sources -> http://blog.nas-central.org/2008/06/18/on-the-news-gpl-violation-of-bell-supermico/

  • Really now... (Score:2, Insightful)

    by topace3 ( 962476 )
    I don't recall there being a part of the GPL that says you have to put your source on a web server. If they send it to you upon contacting them that would suffice, right?
  • by RyuuzakiTetsuya ( 195424 ) <taiki@@@cox...net> on Sunday June 22, 2008 @05:03AM (#23892839)

    It's an asinine thing to say but, if they just dropped their source for the shipping product in the /src dir like most linux distros do for whatever version kernel they're using, shouldn't it then put it in line with the GPL?

  • by Anonymous Coward on Sunday June 22, 2008 @05:04AM (#23892843)
    Sometimes companies with hotshot lawyers deliberately put their head in the sand regarding the GPL. They want to use the code but don't want to make their changes public for "intellectual property" reasons, even if it's something as trivial as a few patches to fix some bugs in Linux or some existing drivers. They will "educate" staff as to why they can do what they do with GPL software "legally." The hotshot lawyer has it all figured out, and engineers don't really need to know the details. The excuse is that they "buy their Linux" from a 3rd party so that means that all the conditions of the GPL are not relevant for some lawyerish reason. Oh, and the GPL is "contentious" about what you actually have to do regarding distributing source.
    • by MathFox ( 686808 )
      It sounds like a great business model:
      1. Bully Open Source developers
      2. Bully your employees
      3. Bully your customers when they ask for the source
      4. ...
      5. Profit!
      And then "meet the SFLC!"
  • by Anonymous Coward

    If you distribute someone's code which is under GPL, then you have to make available the source code.

    You don't have to make available your own source code unless your code is a derivative of GPL code.

    In this instance, they should be supplying the source code to the kernel and any other GPL applications they have bundled. That's the whole point to OpenSource and the GPL.

    If they have altered the Kernel or BusyBox, which are both GPL'd, they have to release those alterations when they distribute. They don't ha

  • Correct me if I am wrong, or feel free to clairify:
    If I use GPL code, I must provide the GPL code that I use.
    If I code my own stuff using GPL, my code isn't automatically GPL too.
    So if I make an game with security through obscurity, but use GPL code, I'm fine right? Or am I wrong, and all code I write using GPL code suddenly becomes GPL too?
    • by taniwha ( 70410 )
      if you modify someone else's code the code you write has to become GPLed too if you want to distribute it (source or binaries) - but you only need to offer to distribute the source if you want to distribute just the binaries - using it inhouse without distribution is OK

      security thru obscurity is bad in general, do it right! if your security can't handle source code examination it wont handle some hacker poking in the binary

    • If you use GPL code then yes your code must be GPLed to avoid violating the license for the code you use.

      You can however use LGPL code, which most libraries are.

  • PHB (Score:4, Funny)

    by Konster ( 252488 ) on Sunday June 22, 2008 @05:21AM (#23892911)

    I'd be a Pointy Haired Boss and comply with any request for GPL'd code by sending the requester the code...printed on paper. ;)

    • Re:PHB (Score:5, Informative)

      by djcapelis ( 587616 ) on Sunday June 22, 2008 @05:40AM (#23892989) Homepage

      I know you're joking, but section 6 of the GPL prevents this most commonly by using the phrase: "on a durable physical medium customarily used for software interchange."

      The GPL is a very carefully written document.

      • Re:PHB (Score:5, Interesting)

        by Antique Geekmeister ( 740220 ) on Sunday June 22, 2008 @05:51AM (#23893025)

        It is, isn't it? While Richard Stallman certainly did not write all of it, the document shows his experience and intelligence at dealing with odd interactions. It's what I'd expect from someone so deeply involved in creating gcc and glibc and emacs, and the development of so many other GNU software tools.

        Richard does not put in the odd language or strange requirements for no reason: he's usually quite correct in being paranoid of those strange cases, because as an experienced programmer and now an experienced political activist he's seen compelling reasons to handle them specifically. It's why code by older programmers often is longer and more extensive than the simpler, cleaner, but more trusting software written by less experienced developers. The new developers with exciting new approaches often haven't learned the lessons of our experience, and by the time they've done all the patching to avoid the same pitfalls, their code will be as arcane as ours.

      • by Quarters ( 18322 )
        The GPL stipulates that the source should be printed on the sheathing of a cat-5 cable? That's odd.
    • by jamesh ( 87723 )

      printed on paper.

      ... with line feeds and extra white space stripped out (can't go wasting paper now), double sided, on a dot matrix printer (9 pin in 'draft' mode), and bound in many separate folders.

      Fortunately the GPL uses the word 'reasonable' in a few places to get around attempts at this sort of obfuscation :)

      About 2 years ago I was approached by a company that wanted some changes made some in house software. The programmer had left and couldn't be re-employed to make the changes (he was pensioned off

  • If you do not hold a copyright in the material being distributed, you lack legal standing to enforce the license. That may be the reason why they are ignoring you. You need to contact someone who is a pertinent copyright holder and who is interested in enforcing the license to his or her work.

    • He doesn't actually lack legal standing to enforce the license... but he does lack legal standing to bring a claim of copyright infringement.

      If they admit they are distributing the software under the GPL then anyone who receives it has enough standing to enforce the license.

      It is when they say "no, we don't want to follow the GPL" that you need one of the original copyright holders to jump in. This usually doesn't happen as most companies realize this is an astronomically bad idea.

      Point being... he actuall

  • "Make available" and "Advertise Availability" are two different concepts.
    I don't think they're in violation unless they deny a request for the source code.
    • by schon ( 31600 )

      I don't think they're in violation unless they deny a request for the source code.

      You think wrong. The GPL says the notice must be published "conspicuously and appropriately".

      But even if the GPL didn't say this, you'd still be wrong - because the GPL also says that you must *provide* the source. It does not say a request has to be made first.

      In any resulting copyright case, do you *honestly* believe that a judge would say "oh, well they threw the letters in the garbage, that means they're not in violation"??!?!

  • by walter_f ( 889353 ) on Sunday June 22, 2008 @05:42AM (#23892997)

    FSF and gpl-violations.org are co-operating closely. gpl-violations and FSF have handled some cases regarding busybox before and have handled them successfully (i.e., out-of-court settlements have been achieved).

    And a settlement resulting in GPL compliance - that's what enforcing the GPL is all about.

    As Eben Moglen, legal counsel to the FSF for many years, put it (in a keynote address in October 2006):

    ---
    When I went to work for Richard Stallman in 1993, he said to me at the first instruction over enforcing the GPL, "I have a rule. You must never let a request for damages interfere with a settlement for compliance."

    I thought about that for a moment and I decided that that instruction meant that I could begin every telephone conversation with a violator of the GPL with magic words: We don't want money. When I spoke those words, life got simpler. The next thing I said was, We don't want publicity.

    The third thing I said was, We want compliance. We won't settle for anything less than compliance, and that's all we want.

    Now I will show you how to make that ice in the wintertime. And so they gave me compliance.
    ---

    http://www.geof.net/blog/2006/12/10/eben-moglen [geof.net]

  • Not the first time (Score:5, Informative)

    by l2718 ( 514756 ) on Sunday June 22, 2008 @05:44AM (#23893001)
    Last year BusyBox successfully enforced their copyrights in at least two [groklaw.net] instances [groklaw.net]. While the terms of the settlements have not been disclosed, I'm sure the SFLC will be happy to get involved again.
  • P903iTV mobile phone (Score:3, Interesting)

    by Joseph_Daniel_Zukige ( 807773 ) on Sunday June 22, 2008 @06:26AM (#23893139) Homepage Journal

    Different product, but I've seen and heard indications that my Docomo P903iTV by panasonic is running on top of Linux. I can't find any mention of Linux in the manuals, let alone an offer of source for the kernel, etc., or any indication of a way to access a shell, etc.

    There is a java API, called, I think, iAppli. I haven't found much on getting dev stuff for it in the manuals, but it can be found on the web. I think. I haven't actually tried it yet, and it doesn't look like they make it easy to figure out where to start.

    While I'm complaining, the USB adaptor is "not guaranteed to work with Macs or Linux". The sales guy I talked to seemed almost proud to say that and seemed quite anxious to discourage me from buying the adaptor to see if I can even mount the internal flash or the microSD card. I let him discourage me because money is really tight.

    If anyone knows anything about this phone, I'd appreciate some pointers.

    Lousy Japanese market. The government promotes Linux. Industry likes Linux in industry as long as it's nowhere near the consumer market. Marketing is strictly under the thumb of Microsoft/iNTEL. Can't get a Linux eeePC (not that I'm that anxious to buy an iNTEL processor) in Japan because "this is Japan, of course!" (Implicitly, otaku are expected to be happy to pay the Microsoft tax.)

    • [...] Panasonic [...]

      Panasonic as well as several other Jap CE producers maintain their own distribution for such embedded products. It is all done under roof of CE Linux Forum [celinuxforum.org]. Probably you can Google for more info.

      Last time I read, their goal was not to fork and to distance themselves from the development - but to simplify communication with Linux community.

      Chances are good that recent Linux kernels do support embedded device in your TV without extra patches.

  • by TheVelvetFlamebait ( 986083 ) on Sunday June 22, 2008 @07:41AM (#23893487) Journal

    How can we decry copyrights as evil, when we keep trying to enforce the GPL? What if a company wants to use that piece of code, and not release the source for it? Information wants to be free, you know.

    • by Jah-Wren Ryel ( 80510 ) on Sunday June 22, 2008 @09:06AM (#23894043)

      How can we decry copyrights as evil, when we keep trying to enforce the GPL?
      "We" decry copyrights as evil because they reduce the freedom of the end-user.
      The GPL uses copyright law to turn that situation around, effectively guaranteeing the freedoms of the end-user.
      There is no contradiction.

      What if a company wants to use that piece of code, and not release the source for it?
      They are free to do so, the GPL does not restrict how a person or a company uses a piece of code.
      However, if they wish to distribute it to end-users beyond themselves, then they must ensure that those end users are given the same amount of Freedom that the company received.

      Information wants to be free, you know.
      Precisely. Free as in Liberty, not as in price.
  • The GPL does not require you make the source availible to everyone. It requires you make the source availible to anyone to whom you provide the software. Since you said you have one of these boxes you must have the software on it and are thefore entitled to the source code from the provider of the box, where as say I am not.

    There is no need at all for them to host the source on the web. They just have to make the source availible to you in the cononical form (not exactly the words in the license) if you

  • by acvh ( 120205 ) <geek@msci[ ]s.com ['gar' in gap]> on Sunday June 22, 2008 @09:55AM (#23894367) Homepage

    you're like the guy on the Garden State Parkway who drives 65 in the left lane to keep everyone else from speeding. at most you should drop a note to the copyright holders, and then stay the hell out of it.

  • by maz2331 ( 1104901 ) on Sunday June 22, 2008 @12:20PM (#23895457)

    The Busybox devs are a hyper-active active enforcer of the GPL, and it's amazing that anyone still tries to get around it with that project. These guys sue everybody who misues their work, and has been very successful in that effort.

"For the love of phlegm...a stupid wall of death rays. How tacky can ya get?" - Post Brothers comics

Working...