Castle Denies GPL Breach 425
Anonymous Coward writes "Castle Technology, who were accused of breaching the GPL in RISC OS 5, have made a press release denying the allegations. This story has been covered on The Iconbar RISC OS news and resource site." We've given Castle some loving here on slashdot recently. Looks like this one isn't going away quietly.
Well, denies breach, but... (Score:4, Insightful)
So is it a breach of the GPL to use GPL'ed code in your product, not advertise it or tell anyone, and then when/if caught to say it was always available to anyone willing to do something as arcane as snailmail floppies? How about I just print the code out and thumb-tack it up in the employee breakroom?
Sounds dirty to me.
Confusion (Score:3, Insightful)
They need a new lawyer.
If they want it over with... (Score:3, Insightful)
Unless there is skullduggery afoot... hmmmm.
/rubs chin, cues "Scooby Doo" intro music
Derived work (Score:5, Insightful)
They only way they are not violating the GPL is if they did not use GPL code, but used "ideas" from the GPL code. In this case their work might not be a derived work.
Linux? (Score:2, Insightful)
This isn't some weekend hobby hacker project, this is a *business*?!
Re:Will this be the first GPL test case? (Score:1, Insightful)
I don't see how the GPL could be invalid. Without the permission granted by the GPL, you can't distribute the software at all. How would that help anyone wanting to "steal" GPL'd code? It's not like the judge can declare that copyright law somehow doesn't apply to GPL'd software and anyone can freely distribute it without permission.
Don't confuse distribution licenses like the GPL, BSD, etc. with EULAs in proprietary software. They are nothing alike. EULAs take away rights you had at the time of purchase while giving you nothing in return and should be declared unenforceable for that reason alone. The GPL gives you rights you would not normally have under standard copyright law. You do not need to accept the GPL merely to install and run software, only to distribute it.
Re:Well, denies breach, but... (Score:4, Insightful)
Confusing release (Score:5, Insightful)
"The RISC OS 5.00 kernel did not contain work taken from or derived from the ARM-Linux or Linux kernel
then they say:
has it's PCI allocation and bridge setup based in part on the following functions from the Linux kernel sources:
So they say "based in part on the following functions", so are they saying that they have literally taken no CODE but were BASING their code on some Linux kernel code? So are they then saying that perhaps they just took the api from the LK but the code itself is new? If this is the case, then I could see how there would be a lot of confusion and that they have done nothing wrong. If not, then I'm not sure what they're trying to say?
Re:GPL (Score:5, Insightful)
Re:Will this be the first GPL test case? (Score:3, Insightful)
Don't know what kind of difference that would make. I guess it comes down to whether or not clicking 'next' on an EULA dialong to agree is binding. It's not like you've signed anything.
J
Re:Will this be the first GPL test case? (Score:5, Insightful)
The GPL is a license to software. Plain and simple.
Without a license, you cannot use copyrighted material. If you use copyrighted material, without a license, you are in violation of that copyright. The only matters before the court would be "did you use the software" and "are you licensed to do so".
With the GPL permission is granted to anyone to use the software with those restrictions spelled out in the agreement. If you use the software, and do not follow the terms of the agreement, your license is null and void, and you are in violation of copyright law.
IANAL, but I did stay in a holiday in last night:
Copyrights (and patents) do not have to be vigorously protected, only trademarks do. Without vigorously protecting your trademark, it can be ruled invalid. Your copyright on a work can not be ruled invalid, if it truly is your work, and it is not simply the stating of fact (like a phonebook)
Microsoft would *not* like to see the GPL ruled invalid, because that would be a dent in all copyright law. As a matter of fact, Microsoft could make serious money off of GPL software if they so chose.
Imagine this:
Microsoft decides to throw away sourcesafe, because it blows dog chunks. Instead they grab the source for CVS and compile it up, slap a sticker on the CD, and sell it as MS CVS.
Thousands of developers would start coughing up money for this "new" product. Heck, the package could even put the GPL on the outside, and state that the source code would be included on the CD. I know for a fact a couple of companies who would by enough licenses for all their developers withou batting an eyelash. Heck, MS could even give the same support they give SourceSafe now: NONE.
Microsoft is not *afraid* of the GPL. They are afraid of people who sell software cheaper than them. If that means free, well, that pisses them off, but no more so if the software is BSD Licensed, GPL Licensedor Python Licensed.
HNCBS
next time we'll strip our binaries.. (Score:5, Insightful)
In other words, that's the last time we're stupid enough to ship unstripped binaries!
The PR also explicitly denies using Linux source, rather than GPL'ed source. Reading between the lines, these guys know full well that they're in breach and they're trying to finesse the situation.
Re:If they want it over with... (Score:3, Insightful)
The first person who gets thier disk back is going to post it to the internet however people are still going to send them floppies just because the company is acting stupid. They could of just posted the code, taken a hit on thier server from the few who would actually download it, and be done. I would guess the actual reason for the disc request is that they don't have the code ready and are using the mail and processing time as a delay tactic.
Re:Will this be the first GPL test case? (Score:3, Insightful)
Microsoft would NOT be happy if the GPL were struck down, as doing so would basically invalidate ALL software licenses.
Re:Will this be the first GPL test case? (Score:2, Insightful)
On the whole, it would be extremely difficult to convince a court that it's OK to take someone else's source code and to use it in your own product without permission. The GPL is the "permission" to create and distribute derivates of GPLed work. Arguing that the GPL is invalid would in essence be arguing that there is no permission to copy or create derivative works at all, which would be a singularly ineffective argument for most purposes!
The GPL is in this sense a "fail safe" license, because unlike most software license it extends the rights given by copyright law rather than attempting to restrict those rights. For this reason I strongly doubt that any court case would focus on the validity of the GPL. It's somewhat more plausible that a case might be based around the meanings of terms used in the GPL, such as "derivative work", "source code", or "distribute". But if Castle did in fact use GPL code in a proprietary product, they will have a very uphill battle.
Re:Well, denies breach, but... (Score:5, Insightful)
They are currently not saying they are using GPL code, and are offering the source code for anyone to do any further analysis - this is actually more than they have to do at this stage. I'm pretty sure Justin Fletcher (who first discovered the possibility of the ROS5 sharing linux code in Nov 2002), and Russell King (who made the posting to the lkml) will be doing this.
The PCI allocation and bus setup, derived from the linux headers, could have just as easily (technically) been obtained from PCI datasheets, but for a small company as Castle is, practically it is easier to get this information from another source. Castle are not admitting to ripping the linux kernel for the actual underlying code - besides there are probably only a few ways of going about this, and the code in assembler (which is how Justin did his analysis), would be similar in this case.
Wait till the relevant people, with an understanding of the ARM hardware involved get a chance to check over the code before jumping on this bandwagon again.
Re:Will this be the first GPL test case? (Score:5, Insightful)
Not a ton. Assuming the GPL is tossed out, that means Castle gets only the standard set of rights that copyright grants, which still denies them the ability to use this code (since they didn't ask permission of the copyright holder).
So the only way Castle can really win is to prove they didn't use the code in question.
Re:Only 5.0, 5.01, 5.02 and beyond mentioned (Score:5, Insightful)
There was no version 1 (the original OS was called Arthur - but was not anywhere near as polished as RISC OS, Arthur came out in 1987)
Version 2.X, 3.X and 4.X do not use ANY GPL code at all. The part in dispute in RISC OS 5.XX is because up until version 5 all previous versions used hardware considerably different from PC's (they used a Podule Bus (expansion with Plug & Play - about 8 years before the PC !), their OWN video controller and memory system).
With version 5 a new machine was introduced and with it a Hardware abstraction layer (HAL) and it's in the PCI part that is "suspect".
In their press release Castle seem to suggest that the HAL was also needed to allow the porting of Linux to the platform.
RISC OS is largely ARM assembly code, some C and some BASIC. The bulk of it predates Linux, so you could argue that RISC OS 5.XX (even if GPL code HAD been used in the HAL) predates Linux and therefore can't have been "derived" from GPL code.
The only code that ANY reasonable person could describe as being in dispute about is the HAL, and that's going to be available on DISC so what's the problem ????
It should also be borne in mind that Castle only License RISC OS, and that other companies have licensed it too (but use earlier versions about which there IS NO DISPUTE).
Hope that makes some sense !
Re:Confusion (Score:3, Insightful)
You can GPL code and then turn around and sell the same code under another, proprietary license, for instance.
Re:Well, denies breach, but... (Score:3, Insightful)
It's not a breach of the GPL to require reasonable costs for distributing the source code. If you're distributing binaries, you're required to distribute the source as well for no more than the cost of transfering the data. I think that it's debatable whether asking people to send a SASE and a floppy to get their copy of the source is a reasonable distribution strategy, but it's not so bad that it's clearly run afoul of the GPL. If you're just distributing the source, though, the GPL doesn't put any limit on what you can charge.
What is against the GPL is including GPLed code and not telling anyone about it. You're absolutely required to include information about which code is covered under the GPL, an offer to provide the source to anyone who gets the binaries, and a copy of the GPL itself. If, as sounds likely, they've included some GPLed code but failed to notify users of the fact, they're already in breach whether they provide the source on floppy or an FTP site.
Re:Will this be the first GPL test case? (Score:3, Insightful)
Freedoms. You mean freedoms, not restrictions. (/sarcasm)
People sometimes forget that the GPL is a restrictive license. Less restrictive that a proprietary license, but restrictive nonetheless.
Confusion Confused (Score:5, Insightful)
Long response: You're still dumb, but here's why. First, making the source available for download does NOT cover the source redistribution part of the GPL, so the whole "not having an FTP server" doesn't matter. You have no responsibility to make copies of GPL software available to others for free or for cost. See the first question on the GPL quiz [gnu.org] for more details on this.
Second, he can charge whatever he wants for sending you a copy of the program. $0, $1, $100, or $1,000. As long as he makes the source available with it, or at the cost of redistribution, everything is fine.
I really really REALLY wish people wouldn't randomly throw RMS bashes into other good articles. "Oooh, it's a GPL-related article, let's bash RMS." I'm not a huge fan of RMS, and I still call it "Linux", but I hate it when people just go off on the guy. I hate it even more that I have to go and write a response to something this stupid and waste my time. How this got modded up to 4 (oh.. it's 5 now), I don't know..
Bah!
Re:Confusion (Score:3, Insightful)
I'm sure the mailing floppies bit it to avoid having every person on Slashdot try to download a copy and cost them more in bandwidth in a day than they could pay for in a year.
Castle may not be in violation of the GPL (Score:4, Insightful)
What will determine if the remaining code is also under the GPL is how closely it integrates with the abstraction layer. Castle maintains that this abstraction layer is "roughly" analogous to a PC's BIOS.
For those of you who don't know what the BIOS is, it is the initial code which resides on a microchip that runs when you first boot your computer. It has, among other things, the very low level I/O routines that allow your computer to read enough of your hard drive to allow your operating system to boot.
It would be possible to write a BIOS and then put the code under the GPL. Would that mean that any OS that gets booted by these BIOS would suddenly be in violation of GPL? I don't think so.
The two questions that need to be answered are:
1. How analogous to a PC's BIOS is this abstraction layer? (This may be a subjective assessment and therefore open to litigation.)
2. Is there any more GPL'd code contained in the Castle product?
Re:Will this be the first GPL test case? (Score:3, Insightful)
Anyway, so when you buy the box, you have a set of rights to make use of that software, already, because you've paid for it and entered an implicit contract (I pay money for box, you put CDs with binaries in box so I can use them). The EULA is an extra licence that restricts your rights to make use of that software.
So EULAs do take away rights from you.
In the case of freely distributed software, there is no implied warranty of merchantability or fitness for a purpose, you haven't paid shit for it, so at first the rights you have are a bit up in the air, and most likely restricted to the standard copyright stuff (so you probably shouldn't even be using it) - and so the GPL expands those rights to allow you to use it, copy it, modify it and distribute it.
Daniel
Hold On. (Score:5, Insightful)
A few functions named the same as their linux counter-parts seems like rather weak evidence of a breach. Copyright does not protect ideas, so if they examined the GPL code, understood how it worked, and then re-implemented it with their own code, then this is a garden variety reverse engineering.
On the other hand, if they actually did lift code, then it should be pretty easy to verify with or without their source code. So before anybody continues on with blabbering about how terrible Castle is, can somebody just say what the evidence is?
Re:Will this be the first GPL test case? (Score:1, Insightful)
Restrictive, insofar as it's places more restrictions on you than a work that is not protected by copyright. GPL relaxes the restrictions that copyright places on you. It does not eliminate them or add new restrictions. It does trade absolute restrictions (Thou shalt not duplicate) for conditional restrictions (Thou shalt not duplicate, unless you also provide source under GPL).
So, to recap, the GPL is a restrictive license to the extent that relaxing a restriction without eliminating completely is itself a restriction.
--JoeRe:Well, denies breach, but... (Score:5, Insightful)
The RISC OS 5.0[012] kernel did not contain work taken from or derived from
the ARM-Linux or Linux kernel.
OTOH
For the avoidance of doubt, the hardware abstraction layer (roughly
analogous to a PC's BIOS) has it's PCI allocation and bridge setup
based in part on the following functions from the Linux kernel sources:
[lot of function names]
So, what does "based in part" mean? What is the relation between their "hardware abstraction layer" and their "kernel"?
The answers to this questions are very relevant to the GPL.
It sounds to me like they seem to have a reason for avoiding being more concrete, like they know damn well that something _might_ (benfit of doubt for them) be wrong, and they just wanted to get something out for damage control.
Re:Hypothetical Question! (Score:3, Insightful)
Misconceptions? (Score:1, Insightful)
- it's fun to cite US law... but Castle is a Brittish company and the alleged infringment was in the UK!
- you keep copyright over your original sources, even if you link them with GPL-ware.
- a derived work has shared copyright by both the original author and the editor.
- If you want Castle's source on floppy: are you capable of reading ADFS formatted floppies?
- last time I looked at RISC OS (v3.10) it was a very modular operating system.
- Castle will likely have licenced the major part of RISC OS from RISCOS Ltd, they don't own the source!
Castle (likely) can only legally share the code they own. If they provide the contested source on floppy then that would be (minimal) conformance to the GPL, assuming the sources are really derived from Linux sources. If those sources aren't derived from Linux sources, Castle has the right to distribute them as they seem fit.
The receivers of the floppy have to note that there can be significant consequences for them when they redistribute code where Castle has the copyright.
Re:Where did the accusation come from.. (Score:2, Insightful)
Gerph was looking inside the RISC OS5 kernel. Note THIS has NOTHING to do with the RISC OS4 kernel.
they are different trees of the original code from acorn.
Anyway back to the story:-
he thought the code looked familiar oncce compilled and suggested to castle that it MAY have came from thelinux kernel. AND trust me Justin knows a LOT about the RISC OS4 kernel. But I wont go ito that, although it is public knowledge. He is a good bloke by all accounts. After not being entirely satisfied, and following muck soul seeking, he mentioned to Russel about his concernes an russel posted to the kernel mail list.
All of this was justified.
What I dont think is justified is the "what if brigade" jumping on "roumour and hearsay".
my understanding of the scenario is this:-
CAstle want a HAL to rid RISC OS of its hardware dependence. They probably tought, OK linux is hardware independent, lets have a look at how they did it?
Ahh that was clever, they might have thought; lets see if we can code someting similar to do the job for us. Naturaly the code seems similar but not identical and threrfore looked as if it was developed upon.
I think taking the code and developing it would be silly, and castle are NOT silly. When other companies were promissing this-and-that, they quietly delivered.
They naturally fed on a similar idea, but then most songs can trace their idea back for years.
I think they may haev fed on the theme, (boy meets girl) but not nessesarily the blagged the tune.
As a bit of background. I write PDA SW and like the RISC OS platform but these days I dont get the software to do my work on RISC OS. I dop however, miss the beautiful OS.
And as for the chap that said X-scale? it does not have grunt; well I say, whoneeds grunt when you can get a wordXP compatable word processor on one floppy and running on 800K in full mode.
Cheers
Bob; Sunny Scotland
For goodness sake, read the article (Score:4, Insightful)
Here's what they say
The press release goes on to state that "For the avoidance of doubt, the hardware abstraction layer (roughly analogous to a PC's BIOS) has it's PCI allocation and bridge setup based in part on the following functions from the Linux kernel sources:"[snip functions]
Castle state that "any company or individual wishing to recieve a copy of the source code to this component should apply in writing to:" [snip address]You will also need to enclose a formatted 3.5" floppy diskette and return postage stamps (or international reply coupons if you are outside the UK)
So, the title "Castle deny GPL breach" is wrong. Castle have (somewhat grudginly) admitted using GPLed source and announced their intention to comply with the terms of the GPL. They emphasised that the Linux code they used is in their HAL and not the RISC OS kernel to explain why they will not provide the source to RISC OS.
So, IconBar titled their article "Castle Technology deny GPL breach" because they had not fully understood the press release they were quoting. The submitter submitted it with a similar title because he hadn't understood it either or because he hadn't read as far as the third paragraph. Chris DiBona posts it and says "Looks like this one isn't going away quietly" presumably because he hadn't read the third paragraph. There are as I write this 207 posts on this topic, most of them overexcited and almost all of them from people who didn't read as far as the third paragraph. I find this all hilarious.
Re:The GPL is NOT airtight. (Score:4, Insightful)
There's your Quid Pro Quo. If it's struck down, you no longer have the right to distribute modified code, and you're fuxx0red even worse.
Personally, I still prefer the BSD license, because it's truly free.
Re:The GPL is NOT airtight. (Score:3, Insightful)
Re:GPL is unenforceable anyway. (Score:3, Insightful)
It is simply a grant of rights conditional on a particular set of actions being taken.
But if you want to think of it in the consideration framework, the licensee receives the right to distribute GPL'd code in ways not normally permitted by copyright law, and the licensor receives the fulfillment of his or her desire that the software be redistributed according to the terms of the GPL.
Re:Will this be the first GPL test case? (Score:4, Insightful)
Re:The GPL is NOT airtight. (Score:3, Insightful)
When it comes to copying and redistributing a work, everything is automatically copyrighted unless copyright has expired or the work has been put in the public domain. The assumption is that you're NOT allowed to distribute copies unless you have explicit permission. If you don't agree with the GPL in it's entirety then by default you can't distribute copies of GPL'd works at all.
Re:Hypothetical Question! (Score:2, Insightful)
If they do that, then yes, the company is liable. Their choice would likely be to redevelop on the 18-month old system and stop all development on the current version while lawyers fight it out.
If the company is smart and doesn't claim to instantly own a worker's code, they can simply disclaim responsibility by saying that they didn't write it, and that they don't want it.
But, IANAL, so ask yours if that's the case.
Re:Will this be the first GPL test case? (Score:2, Insightful)
It looks like they're saying this:
And to what degree is the BIOS separate from the OS? If I made a BIOS with the O(1) scheduler, could I then write a proprietary OS that uses it as long as I GPL'd the BIOS? Obviously, most people use Linux boxes on top of proprietary BIOSes, so there must be some reasonable delineation.
Re:Will this be the first GPL test case? (Score:3, Insightful)
But that's clearly not the case, as an author releasing code under the GPL is very clearly and explicitly stating that they provide permission to reproduce and create derived works only subject to specific conditions. No sane court could find the author's intent to be to place the work in question in the public domain, where all interests are explicitly waived.
Re:Will this be the first GPL test case? (Score:3, Insightful)
Re:For goodness sake, read the article (Score:2, Insightful)
(the same anon coward here, not that it really matters)
It appears that you are the one who can't read. It says "based on the following functions from the Linux kernel sources" and not "using GPL code from Linux". They had a look at the code in Linux to get ideas about how to implement PCI.
No. They duplicated Linux source. See Russell King's lkml post [lkml.org]. I suppose I can't blame you for not having researched this in depth, but I think I can blame you for faulty reasoning. "Based on" could mean their source was based on the Linux source or, as you suggest, based on some of the ideas in the Linux source, but if so it would (almost certainly) not infringe the Linux authors' copyrights and so:
a) why would Linux hackers have complained?
b) how could they even know that Castle had done this? (in fact it first got noticed because the function names were there in the binary, and after Castle removed them it was still verifiable that object code produced from those functions was still in there)
c) why would Castle now be providing their source if they hadn't infringed the GPL?
In summary, please engage brain before posting. (ooh, I am enjoying this rude anonymous coward lark).
mere aggregation? (Score:3, Insightful)
From term #2 of the GPL [gnu.org] (emphasis added):
I've asked it before [google.com] and here I go again: "What the hell is a volume of a storage or distribution medium and what's aggregation?"
When the (first) GPL was written a "volume of distribution medium" was a tape snail-mailed from the FSF in Boston, or for work-derivers, a tape or maybe as Castle is doing, a floppy.
I understand that this exception is how binary kernel modules (NVidia) can be distributed in a CD-ROM with the GPL'd Linux kernel, gcc, emacs, etc.
However, Castle is putting the HAL and kernel into a Flash ROM. Even if they aren't statically linked together (not hard to imagine: HAL boots & uncompresses kernel image into RAM, then jumps), is this mere aggregation? One can extract a single file from a tape or CD-ROM, but can you un-aggregate a ROM?
Consider TiVo: is the closed-source application "merely aggregated" with the GPL'd kernel? You can put the hard drive in a PC & un-aggregate, but this violates your warranty and is not as trivial as grabbing a file from a CD-ROM.
When does "aggregation" end as "volume of storage medium" becomes more deeply embedded? If the ROM is soldered down instead of socketed? If it's inside a microcontroller with the security fuse thrown so it can't be read out?
Re:The GPL is NOT airtight. (Score:2, Insightful)
>sufficiently value your work
Two comments here. The first is that it really depends what you aim to achieve with your open-source code. For me, I'm more interested in teaching others how I did things, and sharing knowledge, than I am in always getting credit. The second is intimately related to the first, and it's that while that *may* happen, most of the time people *do* "do the right thing". The solution (prevent everybody from including even a little of my code in their own projects) is way more drastic than the problem.
I value my work very highly, which is why I am proud to see it used, no matter where that use occurs.
Your argument is flawed (Score:2, Insightful)
If we wanted to make this argument, we would have to imagine that this road could be multiplied. Then if we image that some people made a road under the BSD license which discriminates none in copying (this is important, this is what you forget in your argument) it and modify it for his needs.
If this BSD road is copied and made to an proprietary road. The copier most likely has made an investment in his road that he wants to have a reward for. Perhaps he has added an sidewalk or something like that.
Now if a person whould travel over the land where these roads exist he has two roads to choose among. He could take the BSD road if he wants to travel for free, but lets say he dont have a vehicle. Then he might find it dangerous to take the BSD road because he could be hit by a car. Then he could choose to take the proprietary road and use the sidewalk in exchange for a fee or something that he and the owner of the road agrees upon.
Note that he isnt forced to use the proprieraty road, and also note that the owner of the BSD road are not denied to make a sidewalk on their road. The person that has to choose between the roads simply makes an choice whatever he want to contribute a sidewalk to the BSD road by spending his time, or if he wants to use the proprietary road by spending his money. Time or money, its up to the person to decide what he values the most.
So from this example I hope to demostrate that a BSD license doesnt limit freedom, quite the opposite. The BSD license allows everyone to use and modify the work, no discrimination. And when no discrimination exist everyone can participate and development and inovation will be maximized.
For my last statement I want to say that I admire the people who give out their work under the BSD license. To give without demanding anything in return is a great thing, and should be encouraged.
Parent post has hit the nail on the head (Score:3, Insightful)
My point echos the parent post: if you are writing code with the same functionality, it shouldn't come as a shock when the binaries match, especially - as was mentioned - if some massaging is done to one version to make them match.
Of course, no one can say one way or the other until they've seen the source code that Castle has agreed to show. I suspect they merely used the GPL'd code as reference, and wrote a similar version that matched their hardware, which isn't your bog-standard PC. How stupid would they look if they say it isn't the GPL'd code when it is, then show it to people? I mean, really..?
I'm biased, I'll admit that. I've been an Acorn/RISC OS user for many, many years. But I'm disgusted at the pitchfork and torch reaction this issue has received here. Linux/OSS users should be all-to-familiar with a platform struggling against a much larger organisation. Never before have I seen such two-faced, knee-jerk ranting on this site, and that's saying something.