diff --git a/compliance-guide.tex b/compliance-guide.tex index 88aa14555ae2d63982c6cfee45e6292cf8e9bd3f..0b17c4463131e052de0224fed023e80725146af3 100644 --- a/compliance-guide.tex +++ b/compliance-guide.tex @@ -72,14 +72,14 @@ approach and launched \verb0gpl-violations.org0, a website and mailing list for collecting reports of GPL violations. On the basis of these reports, Welte successfully pursued many enforcements in Europe, including formal legal action. Harald earns the permanent fame as the first copyright -holder to bring legal action in a Court regarding GPL compliance. +holder to bring legal action in a court regarding GPL compliance. In 2007, two copyright holders in BusyBox, in conjunction with the Software Freedom Conservancy (``Conservancy''), filed the first copyright infringement lawsuit based on a violation of the GPL\@ in the USA. While lawsuits are of course quite public, the vast majority of Conservancy's enforcement actions are resolved privately via -cooperative communications with violators. As both FSF and Conservancy has worked to bring +cooperative communications with violators. As both FSF and Conservancy have worked to bring individual companies into compliance, both organizations have encountered numerous violations resulting from preventable problems such as inadequate attention to licensing of upstream software, misconceptions about the @@ -104,7 +104,7 @@ Unlike highly permissive licenses (such as the ISC license), which typically only require preservation of copyright notices, licensees face many important requirements from the GPL. These requirements are carefully designed to uphold certain values and standards of the software -freedom community. While the GPL's requirements may appear initially +freedom community. While the GPL's requirements may initially appear counter-intuitive to those more familiar with proprietary software licenses, by comparison, its terms are in fact clear and quite favorable to licensees. Indeed, the GPL's terms actually simplify compliance when @@ -155,7 +155,7 @@ In the latter case, where the work is unquestionably a separate work of creative expression, no copyleft provisions are invoked. Admittedly, a tiny -minority of situations which lie outside these two categories, and thus +minority of situations lie outside these two categories, and thus do involve close questions about derivative and combined works. Those situations admittedly do require a highly fact-dependent analysis and cannot be addressed in a general-purpose @@ -214,7 +214,7 @@ Free Software integration. For example, simply ask your software developers to standard place describing each new Free Software component they add to the system, and have them include a brief description of how they will incorporate it into the product. Further, make sure developers use a revision control -system (such as Git or Mercurial), and have +system (such as Git or Mercurial), and store the upstream versions of all software in a ``vendor branch'' or similar mechanism, whereby they can easily track and find the main version of the software and, separately, any local changes. @@ -228,9 +228,9 @@ about what software your product includes. Most commonly, companies choose some software licensing scanning tool to inspect the codebase. However, there are few tools that are themselves Free Software. Thus, GPL enforcers usually recommend the GPL'd -\href{http://fossology.org/}{Fossology system}, which analyzes a +\href{http://fossology.org/}{FOSSology system}, which analyzes a source code base and produces a list of Free Software licenses that may apply to -the code. Fossology can help you build a catalog of the sources you have +the code. FOSSology can help you build a catalog of the sources you have already used to build your product. You can then expand that into a more structured inventory and process. @@ -254,7 +254,7 @@ follow to decrease the likelihood of this occurrence: developers are using revision control systems properly. \item Have developers mark or ``tag'' the full source tree corresponding to - builds distributed to customers + builds distributed to customers. \item Check that your developers store all parts of the software development in the revision control system, including {\sc readme}s, build @@ -510,20 +510,20 @@ the license itself, either electronically or in print, with every distribution. Finally, it is unacceptable to use option (b) merely because you do not have -Corresponding Source ready. We find that some companies chose this option +Corresponding Source ready. We find that some companies choose this option because writing an offer is easy, but producing a source distribution as an afterthought to a hasty development process is difficult. The offer for source does not exist as a stop-gap solution for companies rushing to market with an out-of-compliance product. If you ship an offer for source with your product but cannot actually deliver \emph{immediately} on that -offer when your customers receive it, you should expect an enforcement +offer when your customers request it, you should expect an enforcement action. \subsection{Option (c): Noncommercial Offers} As discussed in the last section, GPLv2~\S~3(c) and GPLv3~\S~6(c) apply only to noncommercial use. These options are not available to businesses -distributing GPL'd software. Consequently, companies who redistribute +distributing GPL'd software. Consequently, companies that redistribute software packaged for them by an upstream vendor cannot merely pass along the offer they received from the vendor; they must provide their own offer or corresponding source to their distributees. We talk in detail about @@ -753,21 +753,21 @@ That is FSF's steadfast position in a violation negotiation --- comply with the license and respect freedom. However, other entities who do not share the full ethos of software freedom -as institutionalized by FSF pursue GPL violations differently. Oracle, a +as institutionalized by FSF and Conservancy pursue GPL violations differently. Oracle, a company that produces the GPL'd MySQL database, upon discovering GPL violations typically negotiates a proprietary software license separately for a fee. While this practice is not one that FSF nor Conservancy would ever -consider undertaking or even endorsing, it is a legally way for copyright +consider undertaking or even endorsing, it is a legal way for copyright holders to proceed. Generally, GPL enforcers come in two varieties. First, there are -Conservancy, FSF, and other ``community enforcers'', who primary seek the +Conservancy, FSF, and other ``community enforcers'', who primarily seek the policy goals of GPL (software freedom), and see financial compensation as ultimately secondary to those goals. Second, there are ``for-profit -enforcers'' who use the GPL as a either a crippleware license, or sneakily +enforcers'' who use the GPL either as a crippleware license, or sneakily induce infringement merely to gain proprietary licensing revenue. -Note that the latter model \textit{only} works for companies who hold 100\% of +Note that the latter model \textit{only} works for companies that hold 100\% of the copyrights in the infringed work. As such, multi-copyright-held works are fully insulated from these tactics. @@ -965,7 +965,7 @@ should ask: \item What are all the licenses that cover the software in this device? \item From which upstream vendors, be they companies or individuals, did - \emph{you} receive your software from before distributing it to us? + \emph{you} receive your software before distributing it to us? \item What are your GPL compliance procedures? @@ -1062,5 +1062,5 @@ ready-made for their products. % LocalWords: redistributors NeXT's Slashdot Welte gpl ISC embedders BusyBox % LocalWords: someone's downloadable subdirectory subdirectories filesystem -% LocalWords: roadmap README upstream's Ravicher's Fossology readme CDs iPhone +% LocalWords: roadmap README upstream's Ravicher's FOSSology readme CDs iPhone % LocalWords: makefiles violator's diff --git a/enforcement-case-studies.tex b/enforcement-case-studies.tex index 8e811e7d8bfaaaef6fcfccf15c84cc09489f6ffd..ec44adf20de93dd5b3b112f99a646204ea75950f 100644 --- a/enforcement-case-studies.tex +++ b/enforcement-case-studies.tex @@ -122,7 +122,7 @@ gives them permission to engage in these activities governed by copyright law. \section{Ongoing Violations} In conjunction with \S 4's termination of violators' rights, there is -one final industry fact added to the mix: rarely, does one engage in a +one final industry fact added to the mix: rarely does one engage in a single, solitary act of copying, distributing or modifying software. Almost always, a violator will have legitimately acquired a copy of a GPL'd program, either making modifications or not, and then begun @@ -337,7 +337,7 @@ This case introduces a number of concepts regarding GPL enforcement. \begin{enumerate} \item {\bf Enforcement should not begin until the evidence is confirmed.} - Most companies who distribute GPL'd software do so in compliance, and at + Most companies that distribute GPL'd software do so in compliance, and at times, violation reports are mistaken. Even with extensive efforts in GPL education, many users do not fully understand their rights and the obligations that companies have. By working through the investigation @@ -636,7 +636,7 @@ did so, and the violation was resolved. the GPL are ignored. If companies do not want to release source code for some reason, then they should not base the work on GPL'd software. No external argument for noncompliance can hold weight if the work as - whole is indeed a derivative work of a GPL'd program. + a whole is indeed a derivative work of a GPL'd program. The ``security concerns'' argument is often floated as a reason to keep software proprietary, but the computer security community has on