Copyleft/guide Changeset - 467a23152a9a

Changeset - 467a23152a9a

Parent rev.

Child rev.

[Not reviewed]

0 4 0

Bradley Kuhn (bkuhn) - 10 years ago 2014-11-06 21:59:48
bkuhn@ebb.org

Copyright notice updates.

Joshua Gay made contributions to all the files earlier in 2014 (see git
log) which were copyrighted by the FSF, so FSF's copyright needs
refreshed to include this year.

Denver recently added a section to the enforcement-case-studies.tex, so
his copyright notice needs to go there and at the top file.

I made changes to enforcement-case-studies.tex on top of Denver's.

Also, remove commented-out copyright notices -- the ones in the actual
text are now primary and should be maintained directly.

4 files changed with 7 insertions and 7 deletions:

compliance-guide.tex

comprehensive-gpl-guide.tex

enforcement-case-studies.tex

gpl-lgpl.tex

0 comments (0 inline, 0 general)

compliance-guide.tex

➞

Show inline comments

 % compliance-guide.tex                            -*- LaTeX -*-
 \part{A Practical Guide to GPL Compliance}
 \label{gpl-compliance-guide}
 {\parindent 0in
 This part is: \\
 \begin{tabbing}
 Copyright \= \copyright{} 2014 \= \hspace{.2in} Bradley M. Kuhn. \\
 Copyright \= \copyright{} 2014 \= \hspace{.2in} Free Software Foundation, Inc. \\
 Copyright \> \copyright{} 2008 \> \hspace{.2in} Software Freedom Law Center. \\
 \end{tabbing}
 \vspace{1in}
 \begin{center}
 Authors of this part are: \\
 Bradley M. Kuhn \\
 Aaron Williamson \\
 Karen M. Sandler \\
 \vspace{1in}
 Copy editors of this part include: \\
 Martin Michlmayr
 \vspace{3in}
 The copyright holders of this part hereby grant the freedom to copy, modify,
 convey, Adapt, and/or redistribute this work under the terms of the Creative
 Commons Attribution Share Alike 4.0 International License.  A copy of that
 license is available at
 \verb=https://creativecommons.org/licenses/by-sa/4.0/legalcode=.
 \end{center}
+}
 \bigskip
 \chapter*{Executive Summary}
 This is a guide to effective compliance with the GNU General Public
 License (GPL) and related licenses.  Copyleft advocates
 usually seek to assist the community with
 GPL compliance cooperatively.   This guide focuses on complying from the
 start, so that readers can learn to avoid enforcement actions entirely, or, at
 least, minimize  the negative impact when enforcement actions occur.
 This guide  introduces and explains basic legal concepts related to the GPL and its
 enforcement by copyright holders. It also outlines business practices and
 methods that lead to better GPL compliance.  Finally, it recommends proper
 post-violation responses to the concerns of copyright holders.
 \chapter{Background}
 Early GPL enforcement efforts began soon after the GPL was written by
 Richard M.~Stallman (RMS) in 1989, and consisted of informal community efforts,
 often in public Usenet discussions.\footnote{One example is the public
   outcry over NeXT's attempt to make the Objective-C front-end to GCC
   proprietary.  RMS, in fact, handled this enforcement action personally and
   the Objective-C front-end is still part of upstream GCC today.}  Over the next decade, the Free Software Foundation (FSF),
 which holds copyrights in many GNU programs, was the only visible entity
 actively enforcing its GPL'd copyrights on behalf of the software freedom
 community.
 FSF's enforcement
 was generally a private process; the FSF contacted violators
 confidentially and helped them to comply with the license.  Most
 violations were pursued this way until the early 2000's.
 By that time, Linux-based systems such as GNU/Linux and BusyBox/Linux had become very common, particularly in
 embedded devices such as wireless routers.  During this period, public
 ridicule of violators in the press and on Internet fora supplemented
 ongoing private enforcement and increased pressure on businesses to
 comply.  In 2003, the FSF formalized its efforts into the GPL Compliance
 Lab, increased the volume of enforcement, and built community coalitions
 to encourage copyright holders to together settle amicably with violators.
 Beginning in 2004, Harald Welte took a more organized public enforcement
 approach and launched \verb0gpl-violations.org0, a website and mailing
 list for collecting reports of GPL violations.  On the basis of these
 reports, Welte successfully pursued many enforcements in Europe, including
 formal legal action.  Harald earns the permanent fame as the first copyright
 holder to bring legal action in a court regarding GPL compliance.
 In 2007, two copyright holders in BusyBox, in conjunction with the
 Software Freedom Conservancy (``Conservancy''), filed the first copyright infringement lawsuit
 based on a violation of the GPL\@ in the USA. While  lawsuits are of course
 quite public, the vast majority of Conservancy's enforcement actions
 are resolved privately via
 cooperative communications with violators.  As both FSF and Conservancy have worked to bring
 individual companies into compliance, both organizations have encountered numerous
 violations resulting from preventable problems such as inadequate
 attention to licensing of upstream software, misconceptions about the
 GPL's terms, and poor communication between software developers and their
 management.  This document highlights these problems and describe
 best practices to encourage corporate Free Software users to reevaluate their
 approach to GPL'd software and avoid future violations.
 Both FSF and Conservancy continue GPL enforcement and compliance efforts
 for software under the GPL, the GNU Lesser
 Public License (LGPL) and other copyleft licenses.  In doing so, both organizations have
 found that most violations stem from a few common, avoidable mistakes.  All copyleft advocates  hope to educate the community of
 commercial distributors, redistributors, and resellers on how to avoid
 violations in the first place, and to respond adequately and appropriately
 when a violation occurs.
 \chapter{Best Practices to Avoid Common Violations}
 \label{best-practices}
 Unlike highly permissive licenses (such as the ISC license), which
 typically only require preservation of copyright notices, licensees face many
 important requirements from the GPL.  These requirements are
 carefully designed to uphold certain values and standards of the software
 freedom community.  While the GPL's requirements may initially appear
 counter-intuitive to those more familiar with proprietary software
 licenses, by comparison, its terms are in fact clear and quite favorable to
 licensees.  Indeed, the GPL's terms actually simplify compliance when
 violations occur.
 GPL violations occur (or, are compounded) most often when companies lack sound
 practices for the incorporation of GPL'd components into their
 internal development environment.  This section introduces some best
 practices for software tool selection, integration and distribution,
 inspired by and congruent with software freedom methodologies.  Companies should
 establish such practices before building a product based on GPL'd
 software.\footnote{This document addresses compliance with GPLv2,
   GPLv3, LGPLv2, and LGPLv3.  Advice on avoiding the most common
   errors differs little for compliance with these four licenses.
   \S~\ref{lgpl} discusses the key differences between GPL and LGPL
   compliance.}
 \section{Evaluate License Applicability}
 \label{derivative-works}
 Political discussion about the GPL often centers around the ``copyleft''
 requirements of the license.  Indeed, the license was designed primarily
 to embody this licensing feature.  Most companies adding non-trivial
 features (beyond mere porting and bug-fixing) to GPL'd software (and
 thereby invoking these requirements) are already well aware of their
 more complex obligations under the license.\footnote{There has been much legal
   discussion regarding copyleft and derivative works.  In practical
   reality, this issue is not relevant to the vast majority of companies
   distributing GPL'd software.  Those interested in this issue should study
   \tutorialpartsplit{\textit{Detailed Analysis of the GNU GPL and Related
       Licenses}'s Section on derivative works}{\S~\ref{derivative-works} of
     this tutorial}.}
 However, experienced  GPL enforcers find that few redistributors'
 compliance challenges relate directly to combined work issues in copyleft.
 Instead, the distributions of GPL'd
 systems most often encountered typically consist of a full operating system
 including components under the GPL (e.g., Linux, BusyBox) and components
 under the LGPL (e.g., the GNU C Library).  Sometimes, these programs have
 been patched or slightly improved by direct modification of their sources,
 and thus the result is unequivocally a modified version.  Alongside these programs,
 companies often distribute fully independent, proprietary programs,
 developed from scratch, which are designed to run on the Free Software operating
 system but do not combine with, link to, modify, derive from, or otherwise
 create a combined work with
 the GPL'd components.\footnote{However, these programs do often combine
   with LGPL'd libraries. This is discussed in detail in \S~\ref{lgpl}.}
 In the latter case, where the work is unquestionably a separate work of
 creative expression, no copyleft provisions are invoked.
 The core compliance issue faced, thus, in such a situation, is not an discussion of what is or is not a
 combined, derivative, and/or modified version of the work, but rather, issues related to distribution and
 conveyance of binary works based on GPL'd source, but without Complete,
 Corresponding Source.  This tutorial therefore focuses primarily on that issue.
 Admittedly, a tiny
 minority of compliance situations relate to question of derivative,
 combined, or modified versions of the work.  Those
 situations are so rare, and the details from situation to situation differ
 greatly.  Thus, such situations require a highly
 fact-dependent analysis and cannot be addressed in a general-purpose
 document such as this one.
 \medskip
 Most companies accused of violations lack a basic understanding
 of how to comply even in the straightforward scenario.  This document
 provides those companies with the fundamental and generally applicable prerequisite knowledge.
 For answers to rarer and more complicated legal questions, such as whether
 your software is a derivative or combined work of some copylefted software, consult
 with an attorney.\footnote{If you would like more information on the
   application of derivative works doctrine to software, a detailed legal
   discussion is presented in our colleague Dan Ravicher's article,
   \textit{Software Derivative Work: A Circuit Dependent Determination} and in
   \tutorialpartsplit{\textit{Detailed Analysis of the GNU GPL and Related
       Licenses}'s Section on derivative works}{\S~\ref{derivative-works} of
     this tutorial}.}
 This discussion thus assumes that you have already identified the
 ``work'' covered by the license, and that any components not under the GPL
 (e.g., applications written entirely by your developers that merely happen
 to run on a Linux-based operating system) distributed in conjunction with
 those works are separate works within the meaning of copyright law and the GPL\@.  In
 such a case, the GPL requires you to provide complete corresponding
 source (CCS)\footnote{For more on CCS,  see
 \tutorialpartsplit{\textit{Detailed Analysis of the GNU GPL and Related
       Licenses}'s Section on GPLv2~\S2 and GPLv3~\S1.}{\S~\ref{GPLv2s2} and \S~\ref{GPLv3s1} of
     this tutorial}.}
 for the GPL'd components and your modifications thereto, but not
 for independent proprietary applications.  The procedures described in
 this document address this typical scenario.
 \section{Monitor Software Acquisition}
 Software engineers deserve the freedom to innovate and import useful
 software components to improve products.  However, along with that
 freedom should come rules and reporting procedures to make sure that you
 are aware of what software that you include with your product.
 The most typical response to an initial enforcement action is: ``We
 didn't know there was GPL'd stuff in there''.  This answer indicates
 failure in the software acquisition and procurement process.  Integration
 of third-party proprietary software typically requires a formal
 arrangement and management/legal oversight before the developers
 incorporate the software.  By contrast, developers often obtain and
 integrate Free Software without intervention nor oversight. That ease of acquisition, however,
 does not mean the oversight is any less necessary.  Just as your legal
 and/or management team negotiates terms for inclusion of any proprietary
 software, they should gently facilitate all decisions to bring Free Software into your
 product.
 Simple, engineering-oriented rules help provide a stable foundation for
 Free Software integration.  For example, simply ask your software developers to send an email to a
 standard place describing each new Free Software component they add to the system,
 and have them include a brief description of how they will incorporate it
 into the product.  Further, make sure developers use a revision control
 system (such as Git or Mercurial), and
 store the upstream versions of all software in a ``vendor branch'' or
 similar mechanism, whereby they can easily track and find the main version
 of the software and, separately, any local changes.
 Such procedures are best instituted at your project's launch.  Once
 chaotic and poorly-sourced development processes begin, cataloging the
 presence of GPL'd components  becomes challenging.
 Such a situation often requires use of a tool to ``catch up'' your knowledge
 about what software your product includes.  Most commonly, companies choose
 some software licensing scanning tool to inspect the codebase.  However,
 there are few tools that are themselves Free Software.  Thus, GPL enforcers
 usually recommend the GPL'd
 \href{http://fossology.org/}{FOSSology system}, which analyzes a
 source code base and produces a list of Free Software licenses that may apply to
 the code.  FOSSology can help you build a catalog of the sources you have
 already used to build your product.  You can then expand that into a more
 structured inventory and process.
 \section{Track Your Changes and Releases}
 As explained in further detail below, the most important component of GPL
 compliance is the one most often ignored: proper inclusion of CCS in all
 distributions  of GPL'd
 software.  To comply with GPL's CCS requirements, the distributor
 \textit{must} always know precisely what sources generated a given binary
 distribution.
 In an unfortunately large number of our enforcement cases, the violating
 company's engineering team had difficulty reconstructing the CCS
 for binaries distributed by the company.  Here are three simple rules to
 follow to decrease the likelihood of this occurrence:
 \begin{itemize}
 \item Ensure that your
 developers are using revision control systems properly.
 \item Have developers mark or ``tag'' the full source tree corresponding to
   builds distributed to customers.
 \item Check that your developers store all parts of the software
 development in the revision control system, including {\sc readme}s, build
 scripts, engineers' notes, and documentation.
 \end{itemize}
 Your developers will benefit anyway from these rules.  Developers will be
 happier in their jobs if their tools already track the precise version of
 source that corresponds to any deployed binary.
 \section{Avoid the ``Build Guru''}
 Too many software projects rely on only one or a very few team members who
 know how to build and assemble the final released product.  Such knowledge
 centralization not only creates engineering redundancy issues, but also
 thwarts GPL compliance.  Specifically, CCS does not just require source code,
 but scripts and other material that explain how to control compilation and
 installation of the executable and object code.
 Thus, avoid relying on a ``build guru'', a single developer who is the only one
 who knows how to produce your final product. Make sure the build process
 is well defined.  Train every developer on the build process for the final
 binary distribution, including (in the case of embedded software)
 generating a final firmware image suitable for distribution to the
 customer.  Require developers to use revision control for build processes.
 Make a rule that adding new components to the system without adequate
 build instructions (or better yet, scripts) is unacceptable engineering
 practice.
 \chapter{Details of Compliant Distribution}
 This section explains the specific requirements placed upon
 distributors of GPL'd software.  Note that this section refers heavily to
 specific provisions and language in
 \href{http://www.gnu.org/licenses/old-licenses/gpl-2.0.html#section3}{GPLv2}
 and \href{http://www.fsf.org/licensing/licenses/gpl.html#section6}{GPLv3}.
 It may be helpful to have a copy of each license open while reading this
 section.
 \section{Binary Distribution Permission}
 \label{binary-distribution-permission}
 % be careful below, you cannot refill the \if section, so don't refill
 % this paragraph without care.
 The various versions of the GPL are copyright licenses that grant
 permission to make certain uses of software that are otherwise restricted
 by copyright law.  This permission is conditioned upon compliance with the
 GPL's requirements.
 This section walks through the requirements (of both GPLv2 and GPLv3) that
 apply when you distribute GPL'd programs in binary (i.e., executable or
 object code) form, which is typical for embedded applications.  Because a
 binary application derives from a program's original sources, you need
 permission from the copyright holder to distribute it.  \S~3 of GPLv2 and
 \S~6 of GPLv3 contain the permissions and conditions related to binary
 distributions of GPL'd programs.\footnote{These sections cannot be fully
   understood in isolation; read the entire license thoroughly before
   focusing on any particular provision.  However, once you have read and
   understood the entire license, look to these sections to guide
   compliance for binary distributions.}
 GPL's binary distribution sections offer a choice of compliance methods,
 each of which we consider in turn.  Each option refers to the
 ``Corresponding Source'' code for the binary distribution, which includes
 the source code from which the binary was produced.  This abbreviated and
 simplified definition is sufficient for the binary distribution discussion
 in this section, but you may wish to refer back to this section after
 reading the thorough discussion of ``Corresponding Source'' that appears
 in \S~\ref{corresponding-source}.
 \subsection{Option (a): Source Alongside Binary}
 GPLv2~\S~3(a) and v3~\S~6(a) embody the easiest option for providing
 source code: including Corresponding Source with every binary
 distribution.  While other options appear initially less onerous, this
 option invariably minimizes potential compliance problems, because when
 you distribute Corresponding Source with the binary, \emph{your GPL
   obligations are satisfied at the time of distribution}.  This is not
 true of other options, and for this reason, we urge you to seriously
 consider this option.  If you do not, you may extend the duration of your
 obligations far beyond your last binary distribution.
 Compliance under this option is straightforward.  If you ship a product
 that includes binary copies of GPL'd software (e.g., in firmware, or on a
 hard drive, CD, or other permanent storage medium), you can store the
 Corresponding Source alongside the binaries.  Alternatively, you can
 include the source on a CD or other removable storage medium in the box
 containing the product.
 GPLv2 refers to the various storage mechanisms as ``medi[a] customarily
 used for software interchange''.  While the Internet has attained primacy
 as a means of software distribution where super-fast Internet connections
 are available, GPLv2 was written at a time when downloading software was
 not practical (and was often impossible).  For much of the world, this
 condition has not changed since GPLv2's publication, and the Internet
 still cannot be considered ``a medium customary for software
 interchange''.  GPLv3 clarifies this matter, requiring that source be
 ``fixed on a durable physical medium customarily used for software
 interchange''.  This language affirms that option (a) requires binary
 redistributors to provide source on a physical medium.
 Please note that while selection of option (a) requires distribution on a
 physical medium, voluntary distribution via the Internet is very useful.  This
 is discussed in detail in \S~\ref{offer-with-internet}.
 \subsection{Option (b): The Offer}
 \label{offer-for-source}
 Many distributors prefer to ship only an offer for source with the binary
 distribution, rather than the complete source package.  This
 option has value when the cost of source distribution is a true
 per-unit cost.  For example, this option might be a good choice for
 embedded products with permanent storage too small to fit the source, and
 which are not otherwise shipped with a CD but \emph{are} shipped with a
 manual or other printed material.
 However, this option increases the duration of your obligations
 dramatically.  An offer for source must be good for three full years from
 your last binary distribution (under GPLv2), or your last binary or spare
 part distribution (under GPLv3).  Your source code request and
 provisioning system must be designed to last much longer than your product
 life cycle.
 In addition, if you are required to comply with the terms of GPLv2, you
 {\bf cannot} use a network service to provide the source code.  For GPLv2,
 the source code offer is fulfilled only with physical media.  This usually
 means that you must continue to produce an up-to-date ``source code CD''
 for years after the product's end-of-life.
 \label{offer-with-internet}
 Under GPLv2, it is acceptable and advisable for your offer for source code
 to include an Internet link for downloadable source \emph{in addition} to
 offering source on a physical medium.  This practice enables those with
 fast network connections to get the source more quickly, and typically
 decreases the number of physical media fulfillment requests.
 (GPLv3~\S~6(b) permits provision of source with a public
 network-accessible distribution only and no physical media.  We discuss
 this in detail at the end of this section.)
 The following is a suggested compliant offer for source under GPLv2 (and
 is also acceptable for GPLv3) that you would include in your printed
 materials accompanying each binary distribution:
 \begin{quote}
 The software included in this product contains copyrighted software that
 is licensed under the GPL\@.  A copy of that license is included in this
 document on page $X$\@.  You may obtain the complete Corresponding Source
 code from us for a period of three years after our last shipment of this
 product, which will be no earlier than 2011-08-01, by sending a money
 order or check for \$5 to: \\
 GPL Compliance Division \\
 Our Company \\
 Any Town, US 99999 \\
 \\
 Please write ``source for product $Y$'' in the memo line of your
 payment.
 You may also find a copy of the source at
 \verb0http://www.example.com/sources/Y/0.
 This offer is valid to anyone in receipt of this information.
 \end{quote}
 There are a few important details about this offer.  First, it requires a
 copying fee.  GPLv2 permits ``a charge no more than your cost of
 physically performing source distribution''.  This fee must be reasonable.
 If your cost of copying and mailing a CD is more than around \$10, you
 should perhaps find a cheaper CD stock and shipment method.  It is simply
 not in your interest to try to overcharge the community.  Abuse of this
 provision in order to make a for-profit enterprise of source code
 provision will likely trigger enforcement action.
 Second, note that the last line makes the offer valid to anyone who
 requests the source.  This is because v2~\S~3(b) requires that offers be
 ``to give any third party'' a copy of the Corresponding Source.  GPLv3 has
 a similar requirement, stating that an offer must be valid for ``anyone
 who possesses the object code''.  These requirements indicated in
 v2~\S~3(c) and v3~\S~6(c) are so that noncommercial redistributors may
 pass these offers along with their distributions.  Therefore, the offers
 must be valid not only to your customers, but also to anyone who received
 a copy of the binaries from them.  Many distributors overlook this
 requirement and assume that they are only required to fulfill a request
 from their direct customers.
 The option to provide an offer for source rather than direct source
 distribution is a special benefit to companies equipped to handle a
 fulfillment process.  GPLv2~\S~3(c) and GPLv3~\S~6(c) avoid burdening
 noncommercial, occasional redistributors with fulfillment request
 obligations by allowing them to pass along the offer for source as they
 received it.
 Note that commercial redistributors cannot avail themselves of the option
 (c) exception, and so while your offer for source must be good to anyone
 who receives the offer (under v2) or the object code (under v3), it
 \emph{cannot} extinguish the obligations of anyone who commercially
 redistributes your product.  The license terms apply to anyone who
 distributes GPL'd software, regardless of whether they are the original
 distributor.  Take the example of Vendor $V$, who develops a software
 platform from GPL'd sources for use in embedded devices.  Manufacturer $M$
 contracts with $V$ to install the software as firmware in $M$'s device.
 $V$ provides the software to $M$, along with a compliant offer for source.
 In this situation, $M$ cannot simply pass $V$'s offer for source along to
 its customers.  $M$ also distributes the GPL'd software commercially, so
 $M$ too must comply with the GPL and provide source (or $M$'s \emph{own}
 offer for source) to $M$'s customers.
 This situation illustrates that the offer for source is often a poor
 choice for products that your customers will likely redistribute.  If you
 include the source itself with the products, then your distribution to
 your customers is compliant, and their (unmodified) distribution to their
 customers is likewise compliant, because both include source.  If you
 include only an offer for source, your distribution is compliant but your
 customer's distribution does not ``inherit'' that compliance, because they
 have not made their own offer to accompany their distribution.
 The terms related to the offer for source are quite different if you
 distribute under GPLv3.  Under v3, you may make source available only over
 a network server, as long as it is available to the general public and
 remains active for three years from the last distribution of your product
 or related spare part.  Accordingly, you may satisfy your fulfillment
 obligations via Internet-only distribution.  This makes the ``offer for
 source'' option less troublesome for v3-only distributions, easing
 compliance for commercial redistributors.  However, before you switch to a
 purely Internet-based fulfillment process, you must first confirm that you
 can actually distribute \emph{all} of the software under GPLv3.  Some
 programs are indeed licensed under ``GPLv2, \emph{or any later version}''
 (often abbreviated ``GPLv2-or-later'').  Such licensing gives you the
 option to redistribute under GPLv3.  However, a few popular programs are
 only licensed under GPLv2 and not ``or any later version''
 (``GPLv2-only'').  You cannot provide only Internet-based source request
 fulfillment for the latter programs.
 If you determine that all GPL'd works in your whole product allow upgrade
 to GPLv3 (or were already GPLv3'd to start), your offer for source may be
 as simple as this:
 \begin{quote}
 The software included in this product contains copyrighted software that
 is licensed under the GPLv3\@.  A copy of that license is included in this
 document on page $X$\@.  You may obtain the complete Corresponding Source
 code from us for a period of three years after our last shipment of this
 product and/or spare parts therefor, which will be no earlier than
 -08-01, on our website at
 \verb0http://www.example.com/sources/productnum/0.
 \end{quote}
 \medskip
 Under both GPLv2 and GPLv3, source offers must be accompanied by a copy of
 the license itself, either electronically or in print, with every
 distribution.
 Finally, it is unacceptable to use option (b) merely because you do not have
 Corresponding Source ready.  We find that some companies choose this option
 because writing an offer is easy, but producing a source distribution as
 an afterthought to a hasty development process is difficult.  The offer
 for source does not exist as a stop-gap solution for companies rushing to
 market with an out-of-compliance product.  If you ship an offer for source
 with your product but cannot actually deliver \emph{immediately} on that
 offer when your customers request it, you should expect an enforcement
 action.
 \subsection{Option (c): Noncommercial Offers}
 As discussed in the last section, GPLv2~\S~3(c) and GPLv3~\S~6(c) apply
 only to noncommercial use.  These options are not available to businesses
 distributing GPL'd software.  Consequently, companies that redistribute
 software packaged for them by an upstream vendor cannot merely pass along
 the offer they received from the vendor; they must provide their own offer
 or corresponding source to their distributees.  We talk in detail about
 upstream software providers in \S~\ref{upstream}.
 \subsection{Option 6(d) in GPLv3: Internet Distribution}
 Under GPLv2, your formal provisioning options for Corresponding Source
 ended with \S~3(c).  But even under GPLv2, pure Internet source
 distribution was a common practice and generally considered to be
 compliant.  GPLv2 mentions Internet-only distribution almost as aside in
 the language, in text at the end of the section after the three
 provisioning options are listed.  To quote that part of GPLv2~\S~3:
 \begin{quote}
 If distribution of executable or object code is made by offering access to
 copy from a designated place, then offering equivalent access to copy the
 source code from the same place counts as distribution of the source code,
 even though third parties are not compelled to copy the source along with
 the object code.
 \end{quote}
 When that was written in 1991, Internet distribution of software was the
 exception, not the rule.  Some FTP sites existed, but generally software
 was sent on magnetic tape or CDs.  GPLv2 therefore mostly assumed that
 binary distribution happened on some physical media.  By contrast,
 GPLv3~\S~6(d) explicitly gives an option for this practice that the
 community has historically considered GPLv2-compliant.
 Thus, you may fulfill your source-provision obligations by providing the
 source code in the same way and from the same location.  When exercising
 this option, you are not obligated to ensure that users download the
 source when they download the binary, and you may use separate servers as
 needed to fulfill the requests as long as you make the source as
 accessible as the binary.  However, you must ensure that users can easily
 find the source code at the time they download the binary. GPLv3~\S~6(d)
 thus clarifies a point that has caused confusion about source provision in
 v2.  Indeed, many such important clarifications are included in v3 which
 together provide a compelling reason for authors and redistributors alike
 to adopt GPLv3.
 \subsection{Option 6(e) in GPLv3: Software Torrents}
 Peer-to-peer file sharing arose well after GPLv2 was written, and does not
 easily fit any of the v2 source provision options.  GPLv3~\S~6(e)
 addresses this issue, explicitly allowing for distribution of source and
 binary together on a peer-to-peer file sharing network.  If you distribute
 solely via peer-to-peer networks, you can exercise this option.  However,
 peer-to-peer source distribution \emph{cannot} fulfill your source
 provision obligations for non-peer-to-peer binary distributions.  Finally,
 you should ensure that binaries and source are equally seeded upon initial
 peer-to-peer distribution.
 \section{Preparing Corresponding Source}
 \label{corresponding-source}
 Most enforcement cases involve companies that have unfortunately not
 implemented procedures like our \S~\ref{best-practices} recommendations
 and have no source distribution arranged at all.  These companies must
 work backwards from a binary distribution to come into compliance.  Our
 recommendations in \S~\ref{best-practices} are designed to make it easy to
 construct a complete and Corresponding Source release from the outset.  If
 you have followed those principles in your development, you can meet the
 following requirements with ease.  If you have not, you may have
 substantial reconstruction work to do.
 \subsection{Assemble the Sources}
 For every binary that you produce, you should collect and maintain a copy
 of the sources from which it was built.  A large system, such as an
 embedded firmware, will probably contain many GPL'd and LGPL'd components
 for which you will have to provide source.  The binary distribution may
 also contain proprietary components which are separate and independent
 works that are covered by neither the GPL nor LGPL\@.
 The best way to separate out your sources is to have a subdirectory for
 each component in your system.  You can then easily mark some of them as
 required for your Corresponding Source releases.  Collecting
 subdirectories of GPL'd and LGPL'd components is the first step toward
 preparing your release.
 \subsection{Building the Sources}
 Few distributors, particularly of embedded systems, take care to read the
 actual definition of Corresponding Source in the GPL\@.  Consider
 carefully the definition, from GPLv3:
 \begin{quote}
   The ``Corresponding Source'' for a work in object code form means all
   the source code needed to generate, install, and (for an executable
   work) run the object code and to modify the work, including scripts to
   control those activities.
 \end{quote}
 and the definition from GPLv2:
 \begin{quote}
 The source code for a work means the preferred form of the work for making
 modifications to it.  For an executable work, complete source code means
 all the source code for all modules it contains, plus any associated
 interface definition files, plus the scripts used to control compilation
 and installation of the executable.
 \end{quote}
 Note that you must include ``scripts used to control compilation and
 installation of the executable'' and/or anything ``needed to generate,
 install, and (for an executable work) run the object code and to modify
 the work, including scripts to control those activities''.  These phrases
 are written to cover different types of build environments and systems.
 Therefore, the details of what you need to provide with regard to scripts
 and installation instructions vary depending on the software details.  You
 must provide all information necessary such that someone generally skilled
 with computer systems could produce a binary similar to the one provided.
 Take as an example an embedded wireless device.  Usually, a company
 distributes a firmware, which includes a binary copy of
 Linux\footnote{``Linux'' refers only to the kernel, not the larger system
   as a whole.} and a filesystem.  That filesystem contains various binary
 programs, including some GPL'd binaries, alongside some proprietary
 binaries that are separate works (i.e., not derived from, nor based on
 freely-licensed sources).  Consider what, in this case, constitutes adequate
 ``scripts to control compilation and installation'' or items ``needed to
 generate, install and run'' the GPL'd programs.
 Most importantly, you must provide some sort of roadmap that allows
 technically sophisticated users to build your software.  This can be
 complicated in an embedded environment.  If your developers use scripts to
 control the entire compilation and installation procedure, then you can
 simply provide those scripts to users along with the sources they act
 upon.  Sometimes, however, scripts were never written (e.g., the
 information on how to build the binaries is locked up in the mind of your
 ``build guru'').  In that case, we recommend that you write out build
 instructions in a natural language as a detailed, step-by-step {\sc
   readme}.
 No matter what you offer, you need to give those who receive source a
 clear path from your sources to binaries similar to the ones you ship.  If
 you ship a firmware (kernel plus filesystem), and the filesystem contains
 binaries of GPL'd programs, then you should provide whatever is necessary
 to enable a reasonably skilled user to build any given GPL'd source
 program (and modified versions thereof), and replace the given binary in
 your filesystem.  If the kernel is Linux, then the users must have the
 instructions to do the same with the kernel.  The best way to achieve this
 is to make available to your users whatever scripts or process your
 engineers would use to do the same.
 These are the general details for how installation instructions work.
 Details about what differs when the work is licensed under LGPL is
 discussed in \S~\ref{lgpl}, and specific details that are unique to
 GPLv3's installation instructions are in \S~\ref{user-products}.
 \subsection{What About the Compiler?}
 The GPL contains no provision that requires distribution of the compiler
 used to build the software.  While companies are encouraged to make it as
 easy as possible for their users to build the sources, inclusion of the
 compiler itself is not normally considered mandatory.  The Corresponding
 Source definition -- both in GPLv2 and GPLv3 -- has not been typically
 read to include the compiler itself, but rather things like makefiles,
 build scripts, and packaging scripts.
 Nonetheless, in the interest of goodwill and the spirit of the GPL, most
 companies do provide the compiler itself when they are able, particularly
 when the compiler is based on GCC\@ or another copylefted compiler.  If you have
 a GCC-based system, it is your prerogative to redistribute that GCC
 version (binaries plus sources) to your customers.  We in the software freedom
 community encourage you to do this, since it often makes it easier for
 users to exercise their software freedom.  However, if you chose to take
 this recommendation, ensure that your GCC distribution is itself
 compliant.
 If you have used a proprietary, third-party compiler to build the
 software, then you probably cannot ship it to your customers.  We consider
 the name of the compiler, its exact version number, and where it can be
 acquired as information that \emph{must} be provided as part of the
 Corresponding Source.  This information is essential to anyone who wishes
 to produce a binary.  It is not the intent of the GPL to require you to
 distribute third-party software tools to your customer (provided the tools
 themselves are not based on the GPL'd software shipped), but we do believe
 it requires that you give the user all the essential non-proprietary facts
 that you had at your disposal to build the software.  Therefore, if you
 choose not to distribute the compiler, you should include a {\sc readme}
 about where you got it, what version it was, and who to contact to acquire
 it, regardless of whether your compiler is Free Software, proprietary, or
 internally developed.
 \section{Best Practices and Corresponding Source}
 \S~\ref{best-practices} and \S~\ref{corresponding-source} above are
 closely related.  If you follow the best practices outlined above, you
 will find that preparing your Corresponding Source release is an easier
 task, perhaps even a trivial one.
 Indeed, the enforcement process itself has historically been useful to
 software development teams.  Development on a deadline can lead
 organizations to cut corners in a way that negatively impacts its
 development processes.  We have frequently been told by violators that
 they experience difficulty when determining the exact source for a binary
 in production (in some cases because their ``build guru'' quit during the
 release cycle).  When management rushes a development team to ship a
 release, they are less likely to keep release sources tagged and build
 systems well documented.
 We suggest that, if contacted about a violation, product builders use GPL
 enforcement as an opportunity to improve their development practices.  No
 developer would argue that their system is better for having a mysterious
 build system and no source tracking.  Address these issues by installing a
 revision system, telling your developers to use it, and requiring your
 build guru to document his or her work!
 \chapter{When The Letter Comes}
 Unfortunately, many GPL violators ignore their obligations until they are
 contacted by a copyright holder or the lawyer of a copyright holder.  You
 should certainly contact your own lawyer if you have received a letter
 alleging that you have infringed copyrights that were licensed to you
 under the GPL\@.  This section outlines a typical enforcement case and
 provides some guidelines for response.  These discussions are
 generalizations and do not all apply to every alleged violation.
 \section{Understanding Who's Enforcing}
 \label{compliance-understanding-whos-enforcing}
 % FIXME-LATER: this text needs work.
 Both  FSF and Conservancy has, as part their mission,  to spread software
 freedom. When FSF or Conservancy
 enforces GPL, the goal is to bring the violator back into compliance as
 quickly as possible, and redress the damage caused by the violation.
 That is FSF's steadfast position in a violation negotiation --- comply
 with the license and respect freedom.
 However, other entities who do not share the full ethos of software freedom
 as institutionalized by FSF and Conservancy pursue GPL violations differently.  Oracle, a
 company that produces the GPL'd MySQL database, upon discovering GPL
 violations typically negotiates a proprietary software license separately for
 a fee.  While this practice is not one that FSF nor Conservancy would ever
 consider undertaking or even endorsing, it is a legal way for copyright
 holders to proceed.
 Generally, GPL enforcers come in two varieties.  First, there are
 Conservancy, FSF, and other ``community enforcers'', who primarily seek the
 policy goals of GPL (software freedom), and see financial compensation as
 ultimately secondary to those goals.  Second, there are ``for-profit
 enforcers'' who use the GPL either as a crippleware license, or sneakily
 induce infringement merely to gain proprietary licensing revenue.
 Note that the latter model \textit{only} works for companies that hold 100\% of
 the copyrights in the infringed work.  As such, multi-copyright-held works
 are fully insulated from these tactics.
 \section{Communication Is Key}
 GPL violations are typically only escalated when a company ignores the
 copyright holder's initial communication or fails to work toward timely
 compliance.  Accused violators should respond very promptly to the
 initial request.  As the process continues, violators should follow up weekly with the
 copyright holders to make sure everyone agrees on targets and deadlines
 for resolving the situation.
 Ensure that any staff who might receive communications regarding alleged
 GPL violations understands how to channel the communication appropriately
 within your organization.  Often, initial contact is addressed for general
 correspondence (e.g., by mail to corporate headquarters or by e-mail to
 general informational or support-related addresses).  Train the staff that
 processes such communications to escalate them to someone with authority
 to take action.  An unknowledgable response to such an inquiry (e.g., from
 a first-level technical support person) can cause negotiations to fail
 prematurely.
 Answer promptly by multiple means (paper letter, telephone call, and
 email), even if your response merely notifies the sender that you are
 investigating the situation and will respond by a certain date.  Do not
 let the conversation lapse until the situation is fully resolved.
 Proactively follow up with synchronous communication means to be sure
 communications sent by non-reliable means (such as email) were received.
 Remember that the software freedom community generally values open communication and
 cooperation, and these values extend to GPL enforcement.  You will
 generally find that software freedom developers and their lawyers are willing to
 have a reasonable dialogue and will work with you to resolve a violation
 once you open the channels of communication in a friendly way.
 \section{Termination}
 Many redistributors overlook the GPL's termination provision (GPLv2~\S~4 and
 GPLv3~\S~8).  Under v2, violators forfeit their rights to redistribute and
 modify the GPL'd software until those rights are explicitly reinstated by
 the copyright holder.  In contrast, v3 allows violators to rapidly resolve
 some violations without consequence.
 If you have redistributed an application under GPLv2\footnote{This applies
   to all programs licensed to you under only GPLv2 (``GPLv2-only'').
   However, most so-called GPLv2 programs are actually distributed with
   permission to redistribute under GPLv2 \emph{or any later version of the
     GPL} (``GPLv2-or-later'').  In the latter cases, the redistributor can
   choose to redistribute under GPLv2, GPLv3, GPLv2-or-later or even
   GPLv3-or-later.  Where the redistributor has chosen v2 explicitly, the
   v2 termination provision will always apply.  If the redistributor has
   chosen v3, the v3 termination provision will always apply.  If the
   redistributor has chosen GPLv2-or-later, then the redistributor may want
   to narrow to GPLv3-only upon violation, to take advantage of the
   termination provisions in v3.}, but have violated the terms of GPLv2,
 you must request a reinstatement of rights from the copyright holders
 before making further distributions, or else cease distribution and
 modification of the software forever.  Different copyright holders
 condition reinstatement upon different requirements, and these
 requirements can be (and often are) wholly independent of the GPL\@.  The
 terms of your reinstatement will depend upon what you negotiate with the
 copyright holder of the GPL'd program.
 Since your rights under GPLv2 terminate automatically upon your initial
 violation, \emph{all your subsequent distributions} are violations and
 infringements of copyright.  Therefore, even if you resolve a violation on
 your own, you must still seek a reinstatement of rights from the copyright
 holders whose licenses you violated, lest you remain liable for
 infringement for even compliant distributions made subsequent to the
 initial violation.
 GPLv3 is more lenient.  If you have distributed only v3-licensed programs,
 you may be eligible under v3~\S~8 for automatic reinstatement of rights.
 You are eligible for automatic reinstatement when:
 \begin{itemize}
 \item you correct the violation and are not contacted by a copyright
   holder about the violation within sixty days after the correction, or
 \item you receive, from a copyright holder, your first-ever contact
   regarding a GPL violation, and you correct that violation within thirty
   days of receipt of copyright holder's notice.
 \end{itemize}
 In addition to these permanent reinstatements provided under v3, violators
 who voluntarily correct their violation also receive provisional
 permission to continue distributing until they receive contact from the
 copyright holder.  If sixty days pass without contact, that reinstatement
 becomes permanent.  Nonetheless, you should be prepared to cease
 distribution during those initial sixty days should you receive a
 termination notice from the copyright holder.
 Given that much discussion of v3 has focused on its so-called more
 complicated requirements, it should be noted that v3 is, in this regard,
 more favorable to violators than v2.
 \chapter{Standard Requests}
 As we noted above, different copyright holders have different requirements
 for reinstating a violator's distribution rights.  Upon violation, you no
 longer have a license under the GPL\@.  Copyright holders can therefore
 set their own requirements outside the license before reinstatement of
 rights.  We have collected below a list of reinstatement demands that
 copyright holders often require.
 \begin{itemize}
 \item {\bf Compliance on all Free Software copyrights}.  Copyright holders of Free Software
   often want a company to demonstrate compliance for all GPL'd software in
   a distribution, not just their own.  A copyright holder may refuse to
   reinstate your right to distribute one program unless and until you
   comply with the licenses of all Free Software in your distribution.
 \item {\bf Notification to past recipients}.  Users to whom you previously
   distributed non-compliant software should receive a communication
   (email, letter, bill insert, etc.) indicating the violation, describing
   their rights under the GPL, and informing them how to obtain a gratis source
   distribution.  If a customer list does not exist (such as in reseller
   situations), an alternative form of notice may be required (such as a
   magazine advertisement).
 \item {\bf Appointment of a GPL Compliance Officer.}  The software freedom community
   values personal accountability when things go wrong.  Copyright holders
   often require that you name someone within the violating company
   officially responsible for Free Software license compliance, and that this
   individual serve as the key public contact for the community when
   compliance concerns arise.
 \item {\bf Periodic Compliance Reports.}  Many copyright holders wish to
   monitor future compliance for some period of time after the violation.
   For some period, your company may be required to send regular reports on
   how many distributions of binary and source have occurred.
 \end{itemize}
 These are just a few possible requirements for reinstatement.  In the
 context of a GPL violation, and particularly under v2's termination
 provision, the copyright holder may have a range of requests in exchange
 for reinstatement of rights.  These software developers are talented
 professionals from whose work your company has benefited.  Indeed, you are
 unlikely to find a better value or more generous license terms for similar
 software elsewhere.  Treat the copyright holders with the same respect you
 treat your corporate partners and collaborators.
 \chapter{Special Topics in Compliance}
 There are several other issues that are less common, but also relevant in
 a GPL compliance situation.  To those who face them, they tend to be of
 particular interest.
 \section{LGPL Compliance}
 \label{lgpl}
 GPL compliance and LGPL compliance mostly involve the same issues.  As we
 discussed in \S~\ref{derivative-works}, questions of modified versions of
 software are highly fact-dependant and cannot be easily addressed in any
 overview document.  The LGPL adds some additional complexity to the
 analysis.  Namely, the various LGPL versions permit proprietary licensing
 of certain types of modified versions.  These issues are well beyond the
 scope of this document, but as a rule of thumb, once you have determined
 (in accordance with LGPLv3) what part of the work is the ``Application''
 and what portions of the source are ``Minimal Corresponding Source'', then
 you can usually proceed to follow the GPL compliance rules that we
 discussed, replacing our discussion of ``Corresponding Source'' with
 ``Minimal Corresponding Source''.
 LGPL also requires that you provide a mechanism to combine the Application
 with a modified version of the library, and outlines some options for
 this.  Also, the license of the whole work must permit ``reverse
 engineering for debugging such modifications'' to the library.  Therefore,
 you should take care that the EULA used for the Application does not
 contradict this permission.
 \section{Upstream Providers}
 \label{upstream}
 With ever-increasing frequency, software development (particularly for
 embedded devices) is outsourced to third parties.  If you rely on an
 upstream provider for your software, note that you \emph{cannot ignore
   your GPL compliance requirements} simply because someone else packaged
 the software that you distribute.  If you redistribute GPL'd software
 (which you do, whenever you ship a device with your upstream's software in
 it), you are bound by the terms of the GPL\@.  No distribution (including
 redistribution) is permissible absent adherence to the license terms.
 Therefore, you should introduce a due diligence process into your software
 acquisition plans.  This is much like the software-oriented
 recommendations we make in \S~\ref{best-practices}.  Implementing
 practices to ensure that you are aware of what software is in your devices
 can only improve your general business processes.  You should ask a clear
 list of questions of all your upstream providers and make sure the answers
 are complete and accurate.  The following are examples of questions you
 should ask:
 \begin{itemize}
 \item What are all the licenses that cover the software in this device?
 \item From which upstream vendors, be they companies or individuals, did
   \emph{you} receive your software before distributing it to us?
 \item What are your GPL compliance procedures?
 \item If there is GPL'd software in your distribution, we will be
   redistributors of this GPL'd software.  What mechanisms do you have in
   place to aid us with compliance?
 \item If we follow your recommended compliance procedures, will you
   formally indemnify us in case we are nonetheless found to be in
   violation of the GPL?
 \end{itemize}
 This last point is particularly important.  Many GPL enforcements are
 escalated because of petty finger-pointing between the distributor and its
 upstream.  In our experience, agreements regarding GPL compliance issues
 and procedures are rarely negotiated up front.  However, when they are,
 violations are resolved much more smoothly (at least from the point of
 view of the redistributor).
 Consider the cost of potential violations in your acquisition process.
 Using Free Software allows software vendors to reduce costs significantly, but be
 wary of vendors who have done so without regard for the licenses.  If your
 vendor's costs seem ``too good to be true,'' you may ultimately bear the
 burden of the vendor's inattention to GPL compliance.  Ask the right
 questions, demand an account of your vendors' compliance procedures, and
 seek indemnity from them.
 \section{User Products and Installation Information}
 \label{user-products}
 GPLv3 requires you to provide ``Installation Information'' when v3
 software is distributed in a ``User Product.''  During the drafting of v3,
 the debate over this requirement was contentious.  However, the provision
 as it appears in the final license is reasonable and easy to understand.
 If you put GPLv3'd software into a User Product (as defined by the
 license) and \emph{you} have the ability to install modified versions onto
 that device, you must provide information that makes it possible for the
 user to install functioning, modified versions of the software.  Note that
 if no one, including you, can install a modified version, this provision
 does not apply.  For example, if the software is burned onto an
 non-field-upgradable ROM chip, and the only way that chip can be upgraded
 is by producing a new one via a hardware factory process, then it is
 acceptable that the users cannot electronically upgrade the software
 themselves.
 Furthermore, you are permitted to refuse support service, warranties, and
 software updates to a user who has installed a modified version.  You may
 even forbid network access to devices that behave out of specification due
 to such modifications.  Indeed, this permission fits clearly with usual
 industry practice.  While it is impossible to provide a device that is
 completely unmodifiable\footnote{Consider that the iPhone, a device
   designed primarily to restrict users' freedom to modify it, was unlocked
   and modified within 48 hours of its release.}, users are generally on
 notice that they risk voiding their warranties and losing their update and
 support services when they make modifications.\footnote{A popular t-shirt
   in the software freedom community reads: ``I void warranties.''.  Our community is
   well-known for modifying products with full knowledge of the
   consequences.  GPLv3's ``Installation Instructions'' section merely
   confirms that reality, and makes sure GPL rights can be fully exercised,
   even if users exercise those rights at their own peril.}
 GPLv3 is in many ways better for distributors who seek some degree of
 device lock-down.  Technical processes are always found for subverting any
 lock-down; pursuing it is a losing battle regardless.  With GPLv3, unlike
 with GPLv2, the license gives you clear provisions that you can rely on
 when you are forced to cut off support, service or warranty for a customer
 who has chosen to modify.
 \chapter{Conclusion}
 GPL compliance need not be an onerous process.  Historically, struggles
 have been the result of poor development methodologies and communications,
 rather than any unexpected application of the GPL's source code disclosure
 requirements.
 Compliance is straightforward when the entirety of your enterprise is
 well-informed and well-coordinated.  The receptionists should know how to
 route a GPL source request or accusation of infringement.  The lawyers
 should know the basic provisions of Free Software licenses and your source
 disclosure requirements, and should explain those details to the software
 developers.  The software developers should use a version control system
 that allows them to associate versions of source with distributed
 binaries, have a well-documented build process that anyone skilled in the
 art can understand, and inform the lawyers when they bring in new
 software.  Managers should build systems and procedures that keep everyone
 on target.  With these practices in place, any organization can comply
 with the GPL without serious effort, and receive the substantial benefits
 of good citizenship in the software freedom community, and lots of great code
 ready-made for their products.
 \vfill
 % LocalWords:  redistributors NeXT's Slashdot Welte gpl ISC embedders BusyBox
 % LocalWords:  someone's downloadable subdirectory subdirectories filesystem
 % LocalWords:  roadmap README upstream's Ravicher's FOSSology readme CDs iPhone
 % LocalWords:  makefiles violator's

comprehensive-gpl-guide.tex

➞

Show inline comments

 % comprehensive-gpl-guide.tex                                    -*- LaTeX -*-
+%
 % Toplevel file to build the entire book.
 \documentclass[10pt, letterpaper, openany, oneside]{book}
 % I'm somewhat convinced that this book would be better formatted using
 %  the memoir class :
 %    http://www.ctan.org/pkg/memoir
 %   http://mirror.unl.edu/ctan/macros/latex/contrib/memoir/memman.pdf
 % For the moment, I've thrown in fancychap because I don't have time to
 % research memoir.
 \usepackage{hyperref}
 \usepackage{enumerate}
 \usepackage[Conny]{fncychap}
 \usepackage[dvips]{graphicx}
 \usepackage[verbose, twoside, dvips,
               paperwidth=8.5in, paperheight=11in,
               left=1in, right=1in, top=1.25in, bottom=.75in,
            ]{geometry}
 \newcommand{\tutorialpartsplit}[2]{#2}
 %\input{no-numbers-on-table-of-contents}
 \begin{document}
 \pagestyle{plain}
 \pagenumbering{roman}
 \frontmatter
 \begin{titlepage}
 \begin{center}
 {\Huge
 {\sc Copyleft and the  \\
 GNU General Public License:
 \vspace{.25in}
 A Comprehensive Tutorial
 }}
 \vfill
 {\parindent 0in
 \begin{tabbing}
 Copyright \= \copyright{} 2003--2007 \hspace{1.mm} \=  \kill
 Copyright \> \copyright{} 2014 \>  Bradley M. Kuhn. \\
 Copyright \> \copyright{} 2014 \>  Anthony K. Sebro, Jr. \\
 Copyright \= \copyright{} 2014 \= \hspace{.2in} Denver Gingerich \\
 Copyright \= \copyright{} 2003--2007, 2014 \= \hspace{.2in} Free Software Foundation, Inc. \\
 Copyright \> \copyright{} 2008 \>  Software Freedom Law Center. \\
 Copyright \> \copyright{} 2003-2007 \> Free Software Foundation, Inc. \\
 \end{tabbing}
 \vspace{.3in}
 The copyright holders hereby grant the freedom to copy, modify, convey,
 Adapt, and/or redistribute this work under the terms of the Creative Commons
 Attribution Share Alike 4.0 International License.  A copy of that license is
 available at \url{https://creativecommons.org/licenses/by-sa/4.0/legalcode}.
 Each part of this book, except the appendix, is separately under this same
 license, but copyrighted by different entities at different times.  Each part
 therefore also contains its own copyright and licensing notice.  The notice
 above is for the entire work, and includes the full copyright and licensing
 details, except for the appendix.
 Since the appendix includes copies of the texts of various licenses published
 by FSF, and they are all licensed under the license, ``Everyone is permitted
 to copy and distribute verbatim copies of this license document, but changing
 it is not allowed.''.  However, those who seek to make modified versions of
 those licenses should note the
 \href{https://www.gnu.org/licenses/gpl-faq.html#ModifyGPL}{explanation given in the GPL FAQ}.
 \vfill
 Patches are welcome to this material.  Sources can be found in the Git
 repository at: \url{https://gitorious.org/gpl-compliance-tools/tutorial/}
+}
 \end{center}
 \end{titlepage}
 \tableofcontents
 \chapter{Preface}
 This tutorial is the culmination of nearly a decade of studying and writing
 about software freedom licensing and the GPL\@.  Each part of this tutorial
 is a course unto itself, educating the reader on a myriad of topics from the
 deep details of the GPLv2 and GPLv3, common business models in the copyleft
 licensing area (both the friendly and unfriendly kind), best practices for
 compliance with the GPL, for engineers, managers, and lawyers, as well as
 real-world case studies of GPL enforcement matters.
 It is unlikely that all the information herein is necessary to learn all at
 once, and therefore this tutorial likely serves best as a reference book.
 The material herein has been used as the basis for numerous live tutorials
 and discussion groups since 2002, and the materials have been periodically
 updated.   They likely stand on their own as excellent reference material.
 However, if you are reading these course materials without attending a live
 tutorial session, please note that this material is merely a summary of the
 highlights of the various CLE and other tutorial courses based on this
 material.  Please be aware that during the actual courses, class discussion
 and presentation supplements this printed curriculum.  Simply reading this
 material is \textbf{not an equivalent} for attending a course.
 \mainmatter
 \input{gpl-lgpl}
 \input{compliance-guide}
 \input{enforcement-case-studies}
 \appendix
 \input{license-texts}
 \end{document}

enforcement-case-studies.tex

➞

Show inline comments

 %      Tutorial Text for the Detailed Study and Analysis of GPL and LGPL course
+%
 % Copyright (C) 2003, 2004 Free Software Foundation, Inc.
 % License: CC-By-SA-4.0
 % The copyright holders hereby grant the freedom to copy, modify, convey,
 % Adapt, and/or redistribute this work under the terms of the Creative
 % Commons Attribution Share Alike 4.0 International License.
 % This text is distributed in the hope that it will be useful, but
 % WITHOUT ANY WARRANTY; without even the implied warranty of
 % MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 % You should have received a copy of the license with this document in
 % a file called 'CC-By-SA-4.0.txt'.  If not, please visit
 % https://creativecommons.org/licenses/by-sa/4.0/legalcode to receive
 % the license text.
 \part{Case Studies in GPL Enforcement}
 {\parindent 0in
 This part is: \\
 \begin{tabbing}
 Copyright \= \copyright{} 2003, 2004 \= \hspace{.2in} Free Software Foundation, Inc. \\
 Copyright \> \copyright{} 2014 \>  Bradley M. Kuhn. \\
 Copyright \= \copyright{} 2014 \= \hspace{.2in} Denver Gingerich \\
 Copyright \= \copyright{} 2003, 2004, 2014 \= \hspace{.2in} Free Software Foundation, Inc. \\
 \end{tabbing}
 \vspace{1in}
 \begin{center}
 Authors of this part are: \\
 Bradley M. Kuhn \\
 John Sullivan
 \vspace{3in}
 Copy editors of this part include: \\
 Martin Michlmayr
 \vspace{3in}
 The copyright holders hereby grant the freedom to copy, modify, convey,
 Adapt, and/or redistribute this work under the terms of the Creative Commons
 Attribution Share Alike 4.0 International License.  A copy of that license is
 available at \verb=https://creativecommons.org/licenses/by-sa/4.0/legalcode=.
 \end{center}
+}
 % =====================================================================
 % START OF SECOND DAY SEMINAR SECTION
 % =====================================================================
 \chapter*{Preface}
 This one-day course presents the details of five different GPL
 compliance cases handled by FSF's GPL Compliance Laboratory. Each case
 offers unique insights into problems that can arise when the terms of
 the GPL are not properly followed, and how diplomatic negotiation between
 the violator and the copyright holder can yield positive results for
 both parties.
 Attendees should have successfully completely the course, a ``Detailed
 Study and Analysis of the GPL and LGPL,'' as the material from that
 course forms the building blocks for this material.
 This course is of most interest to lawyers who have clients or
 employers that deal with Free Software on a regular basis. However,
 technical managers and executives whose businesses use or distribute
 Free Software will also find the course very helpful.
 \bigskip
 These course materials are merely a summary of the highlights of the
 course presented. Please be aware that during the actual GPL course, class
 discussion supplements this printed curriculum. Simply reading it is
 not equivalent to attending the course.
 %FIXME-LATER: write these
 %\chapter{Not All GPL Enforcement is Created Equal}
 %\section{For-Profit Enforcement}
 %\section{Community and Non-Profit Enforcement}
 \chapter{Overview of Community Enforcement}
 The GPL is a Free Software license with legal teeth. Unlike licenses like
 the X11-style or various BSD licenses, the GPL (and by extension, the LGPL) is
 designed to defend as well as grant freedom. We saw in the last course
 that the GPL uses copyright law as a mechanism to grant all the key freedoms
 essential in Free Software, but also to ensure that those freedoms
 propagate throughout the distribution chain of the software.
 \section{Termination Begins Enforcement}
 As we have learned, the assurance that Free Software under the GPL remains
 Free Software is accomplished through various terms of the GPL: \S 3 ensures
 that binaries are always accompanied with source; \S 2 ensures that the
 sources are adequate, complete and usable; \S 6 and \S 7 ensure that the
 license of the software is always the GPL for everyone, and that no other
 legal agreements or licenses trump the GPL. It is \S 4, however, that ensures
 that the GPL can be enforced.
 Thus, \S 4 is where we begin our discussion of GPL enforcement. This
 clause is where the legal teeth of the license are rooted. As a copyright
 license, the GPL governs only the activities governed by copyright law ---
 copying, modifying and redistributing computer software. Unlike most
 copyright licenses, the GPL gives wide grants of permission for engaging with
 these activities. Such permissions continue, and all parties may exercise
 them until such time as one party violates the terms of the GPL\@. At the
 moment of such a violation (i.e., the engaging of copying, modifying or
 redistributing in ways not permitted by the GPL) \S 4 is invoked. While other
 parties may continue to operate under the GPL, the violating party loses their
 rights.
 Specifically, \S 4 terminates the violators' rights to continue
 engaging in the permissions that are otherwise granted by the GPL\@.
 Effectively, their rights revert to the copyright defaults ---
 no permission is granted to copy, modify, nor redistribute the work.
 Meanwhile, \S 5 points out that if the violator has no rights under
 the GPL, they are prohibited by copyright law from engaging in the
 activities of copying, modifying and distributing. They have lost
 these rights because they have violated the GPL, and no other license
 gives them permission to engage in these activities governed by copyright law.
 \section{Ongoing Violations}
 In conjunction with \S 4's termination of violators' rights, there is
 one final industry fact added to the mix: rarely does one engage in a
 single, solitary act of copying, distributing or modifying software.
 Almost always, a violator will have legitimately acquired a copy of a
 GPL'd program, either making modifications or not, and then begun
 distributing that work. For example, the violator may have put the
 software in boxes and sold them at stores. Or perhaps the software
 was put up for download on the Internet. Regardless of the delivery
 mechanism, violators almost always are engaged in {\em ongoing\/}
 violation of the GPL\@.
 In fact, when we discover a GPL violation that occurred only once --- for
 example, a user group who distributed copies of a GNU/Linux system without
 source at one meeting --- we rarely pursue it with a high degree of
 tenacity. In our minds, such a violation is an educational problem, and
 unless the user group becomes a repeat offender (as it turns out, they
 never do), we simply forward along a FAQ entry that best explains how user
 groups can most easily comply with the GPL, and send them on their merry way.
 It is only the cases of {\em ongoing\/} GPL violation that warrant our
 active attention. We vehemently pursue those cases where dozens, hundreds
 or thousands of customers are receiving software that is out of
 compliance, and where the company continually offers for sale (or
 distributes gratis as a demo) software distributions that include GPL'd
 components out of compliance. Our goal is to maximize the impact of
 enforcement and educate industries who are making such a mistake on a
 large scale.
 In addition, such ongoing violation shows that a particular company is
 committed to a GPL'd product line. We are thrilled to learn that someone
 is benefiting from Free Software, and we understand that sometimes they
 become confused about the rules of the road. Rather than merely
 giving us a postmortem to perform on a past mistake, an ongoing violation
 gives us an active opportunity to educate a new contributor to the GPL'd
 commons about proper procedures to contribute to the community.
 Our central goal is not, in fact, to merely clear up a particular violation.
 In fact, over time, we hope that our compliance lab will be out of
 business. We seek to educate the businesses that engage in commerce
 related to GPL'd software to obey the rules of the road and allow them to
 operate freely under them. Just as a traffic officer would not revel in
 reminding people which side of the road to drive on, so we do not revel in
 violations. By contrast, we revel in the successes of educating an
 ongoing violator about the GPL so that GPL compliance becomes a second-nature
 matter, allowing that company to join the GPL ecosystem as a contributor.
 \section{How are Violations Discovered?}
 Our enforcement of the GPL is not a fund-raising effort; in fact, FSF's GPL
 Compliance Lab runs at a loss (in other words, it is subsided by our
 donors). Our violation reports come from volunteers, who have encountered,
 in their business or personal life, a device or software product that
 appears to contain GPL'd software. These reports are almost always sent
 via email to $<$license-violation@fsf.org$>$.
 Our first order of business, upon receiving such a report, is to seek
 independent confirmation. When possible, we get a copy of the software
 product. For example, if it is an offering that is downloadable from a
 Web site, we download it and investigate ourselves. When it is not
 possible for us to actually get a copy of the software, we ask the
 reporter to go through the same process we would use in examining the
 software.
 By rough estimation, about 95\% of violations at this stage can be
 confirmed by simple commands. Almost all violators have merely made an
 error and have no nefarious intentions. They have made no attempt to
 remove our copyright notices from the software. Thus, given the
 third-party binary, {\tt tpb}, usually, a simple command (on a GNU/Linux
 system) such as the following will find a Free Software copyright notice
 and GPL reference:
 \begin{quotation}
 {\tt strings tpb | grep Copyright}
 \end{quotation}
 In other words, it is usually more than trivial to confirm that GPL'd
 software is included.
 Once we have confirmed that a violation has indeed occurred, we must then
 determine whose copyright has been violated. Contrary to popular belief,
 FSF does not have the power to enforce the GPL in all cases. Since the GPL
 operates under copyright law, the powers of enforcement --- to seek
 redress once \S 4 has been invoked --- lie with the copyright holder of
 the software. FSF is one of the largest copyright holders in the world of
 GPL'd software, but we are by no means the only one. Thus, we sometimes
 discover that while GPL'd code is present in the software, there is no
 software copyrighted by FSF present.
 In cases where FSF does not hold copyright interest in the software, but
 we have confirmed a violation, we contact the copyright holders of the
 software, and encourage them to enforce the GPL\@. We offer our good offices
 to help negotiate compliance on their behalf, and many times, we help as a
 third party to settle such GPL violations. However, what we will describe
 primarily in this course is FSF's first-hand experience enforcing its own
 copyrights and the GPL\@.
 \section{First Contact}
 The Free Software community is built on a structure of voluntary
 cooperation and mutual help. Our community has learned that cooperation
 works best when you assume the best of others, and only change policy,
 procedures and attitudes when some specific event or occurrence indicates
 that a change is necessary. We treat the process of GPL enforcement in
 the same way. Our goal is to encourage violators to join the cooperative
 community of software sharing, so we want to open our hand in friendship.
 Therefore, once we have confirmed a violation, our first assumption is
 that the violation is an oversight or otherwise a mistake due to confusion
 about the terms of the license. We reach out to the violator and ask them
 to work with us in a collaborative way to bring the product into
 compliance. We have received the gamut of possible reactions to such
 requests, and in this course, we examine four specific examples of such
 compliance work.
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \chapter{Bortez: Modified GCC SDK}
 In our first case study, we will consider Bortez, a company that
 produces software and hardware toolkits to assist OEM vendors, makers
 of consumer electronic devices.
 \section{Facts}
 One of Bortez's key products is a Software Development Kit (``SDK'')
 designed to assist developers building software for a specific class of
 consumer electronics devices.
 FSF received a report that the SDK may be based on the GNU Compiler
 Collection (which is an FSF-copyrighted collection of tools for software
 development in C, C++ and other popular languages). FSF investigated the
 claim, but was unable to confirm the violation. The violation reporter
 was unresponsive to follow-up requests for more information.
 Since FSF was unable to confirm the violation, we did not pursue it any
 further. Bogus reports do happen, and we do not want to burden companies
 with specious GPL violation complaints. FSF shelved the matter until
 more evidence was discovered.
 FSF was later able to confirm the violation when two additional reports
 surfaced from other violation reporters, both of whom had used the SDK
 professionally and noticed clear similarities to FSF's GNU GCC\@. FSF's
 Compliance Engineer asked the reporters to run standard tests to confirm
 the violation, and it was confirmed that Bortez's SDK was indeed a
 modified version of GCC\@. Bortez had ported to Windows and added a number
 of features, including support for a specific consumer device chipset and
 additional features to aid in the linking process (``LP'') for those
 specific devices. FSF explained the rights that the GPL afforded these
 customers and pointed out, for example, that Bortez only needed to provide
 source to those in possession of the binaries, and that the users may need
 to request that source (if \S 3(b) was exercised). The violators
 confirmed that such requests were not answered.
 FSF brought the matter to the attention of Bortez, who immediately
 escalated the matter to their attorneys. After a long negotiation,
 Bortez acknowledged that their SDK was indeed a modified version of
 GCC\@. Bortez released most of the source, but some disagreement
 occurred over whether LP was also derivative of GCC\@. After repeated
 FSF inquiries, Bortez reaudited the source to discover that FSF's
 analysis was correct. Bortez determined that LP included a number of
 source files copied from the GCC code-base.
 \label{davrik-build-problems}
 Once the full software release was made available, FSF asked the violation
 reporters if it addressed the problem. Reports came back that the source
 did not properly build. FSF asked Bortez to provide better build
 instructions with the software, and such build instructions were
 incorporated into the next software release.
 At FSF's request as well, Bortez informed customers who had previously
 purchased the product that the source was now available by announcing
 the availability on its Web site and via a customer newsletter.
 Bortez did have some concerns regarding patents. They wished to include a
 statement with the software release that made sure they were not granting
 any patent permission other than what was absolutely required by the GPL\@.
 They understood that their patent assertions could not trump any rights
 granted by the GPL\@. The following language was negotiated into the release:
 \begin{quotation}
 Subject to the qualifications stated below, Bortez, on behalf of itself
 and its Subsidiaries, agrees not to assert the Claims against you for your
 making, use, offer for sale, sale, or importation of the Bortez's GNU
 Utilities or derivative works of the Bortez's GNU Utilities
 (``Derivatives''), but only to the extent that any such Derivatives are
 licensed by you under the terms of the GNU General Public License. The
 Claims are the claims of patents that Bortez or its Subsidiaries have
 standing to enforce that are directly infringed by the making, use, or
 sale of an Bortez Distributed GNU Utilities in the form it was distributed
 by Bortez and that do not include any limitation that reads on hardware;
 the Claims do not include any additional patent claims held by Bortez that
 cover any modifications of, derivative works based on or combinations with
 the Bortez's GNU Utilities, even if such a claim is disclosed in the same
 patent as a Claim. Subsidiaries are entities that are wholly owned by
 Bortez.
 This statement does not negate, limit or restrict any rights you already
 have under the GNU General Public License version 2.
 \end{quotation}
 This quelled Bortez's concerns about other patent licensing they sought to
 do outside of the GPL'd software, and satisfied FSF's concerns that Bortez
 give proper permissions to exercise teachings of patents that were
 exercised in their GPL'd software release.
 Finally, a GPL Compliance Officer inside Bortez was appointed to take
 responsibility for all matters of GPL compliance inside the company.
 Bortez is responsible for informing FSF if the position is given to
 someone else inside the company, and making sure that FSF has direct
 contact with Bortez's Compliance Officer.
 \section{Lessons}
 This case introduces a number of concepts regarding GPL enforcement.
 \begin{enumerate}
 \item {\bf Enforcement should not begin until the evidence is confirmed.}
   Most companies that distribute GPL'd software do so in compliance, and at
   times, violation reports are mistaken. Even with extensive efforts in
   GPL education, many users do not fully understand their rights and the
   obligations that companies have. By working through the investigation
   with reporters, the violation can be properly confirmed, and {\bf the
     user of the software can be educated about what to expect with GPL'd
     software}. When users and customers of GPL'd products know their
   rights, what to expect, and how to properly exercise their rights
   (particularly under \S 3(b)), it reduces the chances for user
   frustration and inappropriate community outcry about an alleged GPL
   violation.
 \item {\bf GPL compliance requires friendly negotiation and cooperation.}
   Often, attorneys and managers are legitimately surprised to find out
   GPL'd software is included in their company's products. Engineers
   sometimes include GPL'd software without understanding the requirements.
   This does not excuse companies from their obligations under the license,
   but it does mean that care and patience are essential for reaching GPL
   compliance. We want companies to understand that participating and
   benefiting from a collaborative Free Software community is not a burden,
   so we strive to make the process of coming into compliance as smooth as
   possible.
 \item {\bf Confirming compliance is a community effort.}  The whole point
   of making sure that software distributors respect the terms of the GPL is to
   allow a thriving software sharing community to benefit and improve the
   work. FSF is not the expert on how a compiler for consumer electronic
   devices should work. We therefore inform the community who originally
   brought the violation to our attention and ask them to assist in
   evaluation and confirmation of the product's compliance. Of course, FSF
   coordinates and oversees the process, but we do not want compliance for
   compliance's sake; rather, we wish to foster a cooperating community of
   development around the Free Software in question, and encourage the
   once-violator to begin participating in that community.
 \item {\bf Informing the harmed community is part of compliance.} FSF asks
   violators to make some attempt --- such as via newsletters and the
   company's Web site --- to inform those who already have the products as
   to their rights under the GPL\@. One of the key thrusts of the GPL's \S 1 and
   \S 3 is to {\em make sure the user knows she has these rights\/}. If a
   product was received out of compliance by a customer, she may never
   actually discover that she has such rights. Informing customers, in a
   way that is not burdensome but has a high probability of successfully
   reaching those who would seek to exercise their freedoms, is essential
   to properly remedy the mistake.
 \item {\bf Lines between various copyright, patent, and other legal
   mechanisms must be precisely defined and considered.}  The most
   difficult negotiation point of the Bortez case was drafting language
   that simultaneously protected Bortez's patent rights outside of the
   GPL'd source, but was consistent with the implicit patent grant in
   the GPL\@. As we discussed in the first course of this series, there is
   indeed an implicit patent grant with the GPL, thanks to \S 6 and \S 7.
   However, many companies become nervous and wish to make the grant
   explicit to assure themselves that the grant is sufficiently narrow for
   their needs. We understand that there is no reasonable way to determine
   what patent claims read on a company's GPL holdings and which do not, so
   we do not object to general language that explicitly narrows the patent
   grant to only those patents that were, in fact, exercised by the GPL'd
   software as released by the company.
 \end{enumerate}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \chapter{Bracken: a Minor Violation in a GNU/Linux Distribution}
 In this case study, we consider a minor violation made by a company whose
 knowledge of the Free Software community and its functions is deep.
 \section{The Facts}
 Bracken produces a GNU/Linux operating system product that is sold
 primarily to OEM vendors to be placed in appliance devices used for a
 single purpose, such as an Internet-browsing-only device. The product
 is almost 100\% Free Software, mostly licensed under the GPL and related
 Free Software licenses.
 FSF found out about this violation through a report first posted on a
   Slashdot\footnote{Slashdot is a popular news and discussion site for
   technical readers.} comment, and then it was brought to our attention again
   by another Free Software copyright holder who had discovered the
   same violation.
 Bracken's GNU/Linux product is delivered directly from their Web site.
 This allowed FSF engineers to directly download and confirm the
 violation quickly. Two primary problems were discovered with the
 online distribution:
 \begin{itemize}
 \item No source code nor offer for source code was provided for a number
   of components for the distributed GNU/Linux system; only binaries were
   available
 \item An End User License Agreement (``EULA'') was included that
   contradicted the permissions granted by the GPL\@
 \end{itemize}
 FSF contacted Bracken and gave them the details of the violation. Bracken
 immediately ceased distribution of the product temporarily and set forth
 a plan to bring themselves back into compliance. This plan included the
 following steps:
 \begin{itemize}
 \item Bracken attorneys would rewrite the EULA to comply with the GPL and
   would vet the new EULA through FSF before use
 \item Bracken engineers would provide source side-by-side with the
   binaries for the GNU/Linux distribution on the site (and on CD's, if
   ever they distributed that way)
 \item Bracken attorneys would run an internal seminar for its engineers
   regarding proper GPL compliance to help ensure that such oversights
   regarding source releases would not occur in the future
 \item Bracken would resume distribution of the product only after FSF
   formally restored Bracken's distribution rights
 \end{itemize}
 This case was completed in about a month. FSF approved the new EULA
 text. The key portion in the EULA relating to the GPL read as follows:
 \begin{quotation}
 Many of the Software Programs included in Bracken Software are distributed
 under the terms of agreements with Third Parties (``Third Party
 Agreements'') which may expand or limit the Licensee's rights to use
 certain Software Programs as set forth in [this EULA]. Certain Software
 Programs may be licensed (or sublicensed) to Licensee under the GNU
 General Public License and other similar license agreements listed in part
 in this section which, among other rights, permit the Licensee to copy,
 modify and redistribute certain Software Programs, or portions thereof,
 and have access to the source code of certain Software Programs, or
 portions thereof. In addition, certain Software Programs, or portions
 thereof, may be licensed (or sublicensed) to Licensee under terms stricter
 than those set forth in [this EULA]. The Licensee must review the
 electronic documentation that accompanies certain Software Programs, or
 portions thereof, for the applicable Third Party Agreements. To the
 extent any Third Party Agreements require that Bracken provide rights to
 use, copy or modify a Software Program that are broader than the rights
 granted to the Licensee in [this EULA], then such rights shall take
 precedence over the rights and restrictions granted in this Agreement
 solely for such Software Programs.
 \end{quotation}
 FSF restored Bracken's distribution rights shortly after the work was
 completed as described.
 \section{Lessons Learned}
 This case was probably the most quickly and easily resolved of all GPL
 violations in the history of FSF's Compliance Lab. The ease with which
 the problem was resolved shows a number of cultural factors that play a
 role in GPL compliance.
 \begin{enumerate}
 \item {\bf Companies that understand Free Software culture better have an
   easier time with compliance.}  Bracken's products were designed and
   built around the GNU/Linux system and Free Software components. Their
   engineers were deeply familiar with the Free Software ecosystem, and
   their lawyers had seen and reviewed the GPL before. The violation was
   completely an honest mistake. Since the culture inside the company had
   already adapted to the cooperative style of resolution in the Free
   Software world, there was very little work for either party to bring the
   product into compliance.
 \item {\bf When people in key positions understand the Free Software
   nature of their software products, compliance concerns are as
   mundane as minor software bugs.}  Even the most functional system or
   structure has its problems, and successful business often depends on
   agile response to the problems that do come up; avoiding problems
   altogether is a pipe dream. Minor GPL violations can and do happen
   even with well-informed redistributors. However, resolution is
   reached quickly when the company --- and in particular, the lawyers,
   managers, and engineers working on the Free Software product lines
   --- have adapted to Free Software culture that the lower-level
   engineer already understood
 \item {\bf Legally, distribution must stop when a violation is
   identified.}  In our opinion, Bracken went above and beyond the call of
   duty by ceasing distribution while the violation was being resolved.
   Under GPL \S 4, the redistributor loses the right to distribute the
   software, and thus they are in ongoing violation of copyright law if
   they distribute before rights are restored. It is FSF's policy to
   temporarily allow distribution while compliance negotiations are ongoing
   and only in the most extreme cases (where the other party appears to be
   negotiating in bad faith) does FSF even threaten an injunction on
   copyright grounds. However, Bracken --- as a good Free Software citizen
   --- chose to be on the safe side and do the legally correct thing while
   the violation case was pending. From start to finish, it took less
   than a month to resolve. This lapse in distribution did not, to FSF's
   knowledge, impact Bracken's business in any way.
 \item {\bf EULAs are a common area for GPL problems.}  Often, EULAs
   are drafted from boilerplate text that a company uses for all its
   products. Even the most diligent attorneys forget or simply do not
   know that a product contains software licensed under the GPL and other
   Free Software licenses. Drafting a EULA that accounts for such
   licenses is straightforward; the text quoted above works just fine.
   The EULA must be designed so that it does not trump rights and
   permissions already granted by the GPL\@. The EULA must clearly state
   that if there is a conflict between it and the GPL, with regard to GPL'd
   code, the GPL is the overriding license.
 \item {\bf Compliance Officers are rarely necessary when companies are
   educated about GPL compliance.}  As we saw in the Bortez case, FSF asks
   that a formal ``GPL Compliance Officer'' be appointed inside a
   previously violating organization to shepherd the organization to a
   cooperative approach to GPL compliance. However, when FSF
   sees that an organization already has such an approach, there is no
   need to request that such an officer be appointed.
 \end{enumerate}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \chapter{Vigorien: Security, Export Controls, and GPL Compliance}
 This case study introduces how concerns of ``security through obscurity''
 and regulatory problems can impact GPL compliance matters.
 \section{The Facts}
 Vigorien distributes a back-up solution product that allows system
 administrators to create encrypted backups of file-systems on
 Unix-like computers. The product is based on GNU tar, a backup utility
 that replaces the standard Unix utility simply called tar, but has
 additional features.
 Vigorien's backup solution added cryptographic features to GNU tar, and
 included a suite of utilities and graphical user interfaces surrounding
 GNU tar to make backups convenient.
 FSF discovered the violation from a user report, and determined that the
 cryptographic features were the only part of the product that constituted
 a derivative work of GNU tar; the extraneous utilities merely made
 shell calls out to GNU tar. FSF requested that Vigorien come into
 compliance with the GPL by releasing the source of GNU tar, with the
 cryptographic modifications, to its customers.
 Vigorien released the original GNU tar sources, but kept the cryptographic
 modifications proprietary. They argued that the security of their system
 depending on keeping the software proprietary and that regardless, USA
 export restrictions on cryptographic software prohibited such a release.
 FSF disputed the first claim, pointing out that Vigorien had only one
 option if they did not want to release the source: they would have to
 remove GNU tar from the software and not distribute it further. Vigorien
 rejected this suggestion, since GNU tar was an integral part of the
 product, and the security changes were useless without GNU tar.
 Regarding the export control claims, FSF proposed a number of options,
 including release of the source from one of Vigorien's divisions overseas
 where no such restrictions occurred, but Vigorien argued that the problem
 was insoluble because they operated primarily in the USA\@.
 The deadlock on the second issue was resolved when those cryptographic
 export restrictions were lifted shortly thereafter, and FSF again raised
 the matter with Vigorien. At that point, they dropped the first claim and
 agreed to release the remaining source module to their customers. They
 did so, and the violation was resolved.
 \section{Lessons Learned}
 \begin{enumerate}
 \item {\bf Removing the GPL'd portion of the product is always an
   option.}  Many violators' first response is to simply refuse to
   release the source code as the GPL requires. FSF offers the option to
   simply remove the GPL'd portions from the product and continue along
   without them. Every case where this has been suggested has led to
   the same conclusion. Like Vigorien, the violator argues that the
   product cannot function without the GPL'd components, and they
   cannot effectively replace them.
   Such an outcome is simply further evidence that the combined work in
   question is indeed a modified version of the original GPL'd component.
   If the other components cannot stand on their own and be useful without
   the GPL'd portions, then one cannot effectively argue that the work as a
   whole is not a based on the GPL'd portions.
 \item {\bf The whole product is not always covered.}  In this case,
   Vigorien had additional works aggregated. The backup system was a suite
   of utilities, some of which were the GPL and some of which were not. While
   the cryptographic routines were tightly coupled with GNU tar and clearly
   made a whole new combined work of both components, the various GUI utilities were separate and
   independent works merely aggregated with the distribution of the
   GNU-tar-based product.
 \item {\bf ``Security'' concerns do not exonerate a distributor from GPL
   obligations, and ``security through obscurity'' does not work anyway.}
   The argument that ``this is security software, so it cannot be released
   in source form'' is not a valid defense for explaining why the terms of
   the GPL are ignored. If companies do not want to release source code
   for some reason, then they should not base the work on GPL'd software.
   No external argument for noncompliance can hold weight if the work as
   a whole is indeed a modified version of a GPL'd program.
   The ``security concerns'' argument is often floated as a reason to keep
   software proprietary, but the computer security community has on
   numerous occasions confirmed that such arguments are entirely specious.
   Security experts have found --- since the beginnings of the field of
   cryptography in the ancient world --- that sharing results about systems
   and having such systems withstand peer review and scrutiny builds the
   most secure systems. While full disclosure may help some who wish to
   compromise security, it helps those who want to fix problems even more
   by identifying them early.
 \item {\bf External regulatory problems can be difficult to resolve.}
   The GPL, though grounded in copyright law, does not have the power to trump
   regulations like export controls. While Vigorien's ``security
   concerns'' were specious, their export control concerns were not. It is
   indeed a difficult problem that FSF acknowledges. We want compliance
   with the GPL and respect for users' freedoms, but we certainly do not expect
   companies to commit criminal offenses for the sake of compliance. We
   will see more about this issue in our next case study.
 \end{enumerate}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \chapter{Haxil, Polgara, and Thesulac: Mergers, Upstream Providers and Radio Devices}
 This case study considers an ongoing (at the time of writing) violation
 that has occurred. By the end of the investigation period, three
 companies were involved and many complex issues arose.
 \section{The Facts}
 Haxil produced a consumer electronics device which included a mini
 GNU/Linux distribution to control the device. The device was of interest
 to many technically-minded consumers, who purchased the device and very
 quickly discovered that Free Software was included without source.
 Mailing lists throughout the Free Software community erupted with
 complaints about the problem, and FSF quickly investigated.
 FSF confirmed that FSF-copyrighted GPL'd software was included. In
 addition, the whole distribution included GPL'd works from hundreds of
 individual copyright holders, many of whom were, at this point, up in
 arms about the violation.
 Meanwhile, Haxil was in the midst of being acquired by Polgara. Polgara
 was as surprised as everyone else to discover the product was based on
 GPL'd software; this fact had not been part of the disclosures made during
 acquisition. FSF contacted Haxil, Polgara, and the product managers
 who had transitioned into the ``Haxil division'' of the newly-merged
 Polgara company. Polgara's General Counsel's office worked with FSF on
 the matter.
 FSF formed a coalition with the other primary copyright holders
 to pursue the enforcement effort on their behalf. FSF communicated
 directly with Polgara's representatives to begin working through the
 issues on behalf of itself and the Free Software community at large.
 Polgara pointed out that the software distribution they used was mostly
 contributed by an upstream provider, Thesulac, and Haxil's changes to that
 code base were minimal. Polgara negotiated with Thesulac to obtain the
 source, although the issue moved very slowly in the channels between
 Polgara and Thesulac.
 FSF encouraged a round-table meeting so that high bandwidth communication
 could occur between FSF, Polgara and Thesulac. Polgara and Thesulac
 agreed, and that discussion began. Thesulac provided nearly complete
 sources to Polgara, and Polgara made a full software release on their
 Web site. At the time of writing, that software still has some build
 problems (similar to those that occurred with Bortez, as described in
 Section~\ref{davrik-build-problems}). FSF continues to negotiate with
 Polgara and Thesulac to resolve these problems, which have a clear path to
 a solution and are expected to resolve.
 Similar to the Vigorien case, Thesulac has regulatory concerns. In this
 case, it is not export controls --- an issue that has since been resolved
 --- but radio spectrum regulation. Since this consumer electronic device
 contains a software-programmable radio transmitter, regulations in (at
 least) the USA and Japan prohibit release of those portions of the code
 that operate the device. Since this is a low-level programming issue, the
 changes to operate the device form a single combined work with the kernel named
 Linux.  A decade later, this situation remains largely unresolved.
 \section{Lessons Learned}
 \begin{enumerate}
 \item {\bf Community outrage, while justified, can often make negotiation
   more difficult.}  FSF has a strong policy never to publicize names of
   GPL violators if they are negotiating in a friendly way and operating in
   good faith toward compliance. Most violations are honest mistakes, and
   FSF sees no reason to publicly admonish violators who genuinely want to
   come into compliance with the GPL and to work hard staying in compliance.
   This case was so public in the Free Software community that both Haxil's
   and Polgara's representatives were nearly shell-shocked by the time FSF
   began negotiations. There was much work required to diffuse the
   situation. We empathize with our community and their outrage about GPL
   violations, but we also want to follow a path that leads expediently
   to compliance. In our experience, public outcry works best as a last
   resort, not the first.
 \item {\bf For software companies, GPL compliance belongs on a corporate
   acquisition checklist. }  Polgara was truly amazed that Haxil had used
   GPL'd software in a major new product line but never informed Polgara
   during the acquisition process. While GPL compliance is not a
   particularly difficult matter, it is an additional obligation that comes
   along with the product line. When planning mergers and joint ventures,
   one should include lists of GPL'd components contained in the products
   discussed.
 \item {\bf Compliance problems of upstream providers do not excuse a
   violation for the downstream distributor.}  To paraphrase \S 6, upstream
   providers are not responsible for enforcing compliance of their
   downstream, nor are downstream distributors responsible for compliance
   problems of upstream providers. However, engaging in distribution of
   GPL'd works out of compliance is still just that: a compliance problem.
   When FSF carries out enforcement, we are patient and sympathetic when
   the problem appears to be upstream. In fact, we urge the violator to
   point us to the upstream provider so we may talk to them directly. In
   this case, we were happy to begin negotiations with Thesulac. However,
   Polgara still has an obligation to bring their product into compliance,
   regardless of Thesulac's response.
 \item {\bf It behooves upstream providers to advise downstream
   distributors about compliance matters.}  FSF has encouraged Thesulac to
   distribute a ``good practices for GPL compliance'' document with their
   product. Polgara added various software components to Thesulac's
   product, and it is conceivable that such additions can introduce
   compliance. In FSF's opinion, Thesulac is in no way legally responsible
   for such a violation introduced by their customer, but it behooves them
   from a marketing standpoint to educate their customers about using the
   product. We can argue whether or not it is your coffee vendor's fault
   if you burn yourself with their product, but (likely) no one on either
   side would dispute the prudence of placing a ``caution: hot'' label on
   the cup.
 \item {\bf FSF enforcement often avoids redundant enforcement cases from
   many parties.}  Most Free Software systems have hundreds of copyright
   holders. Some have thousands. FSF is in a unique position as one of
   the largest single copyright holders on GPL'd software and as a
   respected umpire in the community, neutrally enforcing the rules of the
   GPL road. FSF works hard in the community to convince copyright
   holders that consolidating GPL claims through FSF is better for them,
   and more likely to yield positive compliance results.
   A few copyright holders engage in the ``proprietary relicensing''
   business, so they use GPL enforcement as a sales channel for that
   business. FSF, as a community-oriented, not-for-profit organization,
   seeks only to preserve the freedom of Free Software in its enforcement
   efforts. As it turns out, most of the community of copyright holders
   of Free Software want the same thing. Share and share alike is a
   simple rule to follow, and following that rule to FSF's satisfaction
   usually means you are following it to the satisfaction of the entire
   Free Software community.
 \end{enumerate}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 % FIXME: make this section properly TeX-formatted
 \chapter{ThinkPenguin Wireless Router: A study in Excellent CCS}
 This case study does a step-by-step build and installation analysis of  one
 of the best Complete, Corresponding Source (CCS) releases we've seen.  The
 CSS release studied here was provided for the binary distribution of a
 physical product by ThinkPenguin.  The product is the model
 ``TPE-NWIFIROUTER'', a wireless router.
 The method of
 distribution (complete source accompanying the product) and the way the source
 was laid out provide very good examples of how to make things easier for both
 the distributor and the purchaser of the hardware containing GPLed components.
 \section{Root Filesystem and Kernel Compilation}
 * We found a CD included in the box that the ThinkPenguin TPE-NWIFIROUTER
   shipped in, labelled "libreCMC v1.2.1 source code".  On the CD, there was a
   README file at the top level, which mentioned that to build the software, one
   needed a GNU/Linux system as well as a list of approximately 10 packages.
   These sorts of plain text instructions are helpful because we know what kind
   of system we are expected to use, and what commands we should run on it.  Such
   instructions are not strictly required, as an obviously-named shell script may
   suffice, but they are helpful in clarifying any ambiguities that may arise.
 ** Since it appears that this source release will build on a wide range of
    distributions, it was fine that no specific distribution was specified.
    However, most source releases we see will only build on a very specific
    distribution, due to a variety of assumptions made about the build
    environment.  While such a situation is not ideal in the general sense, it is
    fine to specify a particular distribution that must be use to build the
    source release (such as "Debian 7 amd64"), from a compliance perspective.
    As an example, we noticed such an assumption later on in this source release,
    but it would be easy to correct in the instructions in this situation (see
    "`GLIBC\verb0_02.14' not found" below).
 % FIXME: Spend some  time here (admittedly a digression: maybe refer to
 % another section later?) about how it's ok to specify a specific build
 % environment.
 % FIXME(dg): Hopefully the above will suffice.  I can expand more/differently if
 % such is desired.
 * The actual building of the source code was completed in the following way:
 ** Since the instructions didn't mention a specific distro to use, we ran the
    build on an amd64 Debian 6 machine we had.  The only distro requirement was:
 To build your own firmware you need to have access to a GNU/Linux system
 (case-sensitive filesystem required).
 ** The README mentioned that:
 "In order to build firmware images for your router,the
 following needs to be installed :
 gcc, binutils, bzip2, flex, python, perl, make, find,
 grep, diff, unzip, gawk, getopt, libz-dev and libc headers."
    So we ran "dpkg --list" and confirmed that each package was installed (this
    is indicated by a leading "ii" on the line containing the package).  Other
    GNU/Linux distributions may have other ways of determing which packages are
    installed.
 ** We then extracted the LibreCMC tarball by running
    "tar --posix -jxpf /media/libreCMC\verb0_0v1\verb0_02\verb0_01\verb0_0SRC/librecmc-v1.2.1.tar.bz2".  The
    CD did contain another tarball (librecmc-u-boot.tar.bz2), but there appeared
    to be separate instructions for that (in the u-boot\verb0_0reflash text file in the
    same directory).  Having the README be more explicit about this would be nice
    but did not ultimately prevent us from determing the proper steps to execute.
 ** The README mentioned the following optional step, which we skipped because
    we did not need to modify the configuration for our initial build:
 Please use "make menuconfig" to configure your appreciated
 configuration for the toolchain and firmware. Please note that
 the default configuration is what was used to build the firmware
 image for your router. It is advised that you use this configuration.
 ** The next instruction was 'Simply running "make" will build your firmware.'
    So we entered the "librecmc" directory that had been created from the above
    "tar" command and then ran "make".  The build took about 40 minutes to run on
    our system.  The command used and output from running it are available here:
     enforcement-case-studies\verb0_0log-output/thinkpenguin\verb0_0librecmc-complete.log
 % FIXME: Above, I'd like to see more ``walk through'' of the step by step
 % instructions.  The text is a bit terse: could be expanded to talk more.
 % FIXME(dg): Hopefully the above will suffice.  I can expand more/differently if
 % such is desired.
 * It was helpful to know that we could use "make menuconfig" for configuration
   changes, as being able to modify the source is an important part of the GPL's
   requirements.  Adding instructions like these shows that the distributor is
   aware of and interested in promoting the spirit of the GPL, by making it
   easier to modify the source than may be strictly required by the GPL's text.
 % FIXME: We should somewhere (perhaps on each step we discuss) talk about
 % what often goes wrong on those steps, and why this is right.  As written
 % now, there is no driving home of the fact that it is uncommon that things
 % are so smooth. :)
 % FIXME(dg): Hopefully the below will suffice.  I can expand more/differently if
 % such is desired.  (I presume the above comment relates to the below text.)
 * The "make" step completed successfully on our system and resulted in several
   files being generated in the bin/ar71xx directory, namely firmware images.
 ** This step is normally where we run into the greatest number of build issues
    (and thus compliance problems).  In many cases, the "make" step will fail due
    to a missing package or because toolchain paths are not setup correctly.  As
    a result, it is important to test the provided instructions on a clean system
    before distributing the binaries and corresponding source.  Listing the
    specific GNU/Linux distribution and any non-default packages required for the
    build (ie. those installed before testing the instructions) in the build
    instructions makes it easier for the end user to successfully build the
    source release.
 * There appeared to be several filesystem and kernel images, for different
   hardware versions.  It was unclear which one to install on the particular
   device we received or how to install it, both of which should have been
   mentioned in the README.
 % FIXME: Below, we probably want to talk to them to add this, and also, be a
 % bit more expansive.
 * The above installation issue is mitigated by the availability of a web UI in
   the product that performs firmware image installation.  It would be best if
   instructions like those at http://librecmc.org/librecmc/wiki?name=Tp+MR3020
   were included in the README, as the user cannot be expected to infer that or
   to find such a link.
 \section{Root Filesystem and Kernel Installation}
 As mentioned above, the specific steps for installing an updated firmware image
 were not provided, but we found that the firmware update method available in the
 web interface worked fine.  In particular, we went to http://192.168.10.1/ in
 our browser, then logged in and chose System -> Backup / Flash Firmware.  From
 there, we went to the "Flash new firmware image" section and selected the
 librecmc-ar71xx-generic-tl-wr841n-v8-squashfs-sysupgrade.bin image in the
 bin/ar71xx directory mentioned above.  We chose the "v8" image because we found
 our router said "v8.2" on the bottom and "sysupgrade" because we were doing a
 firmware upgrade rather than a fresh install.
 When we clicked "Flash image...", we were prompted to confirm the MD5 hash of
 the image to flash and then clicked "Proceed" to flash the image.  The process
 took about one minute, at which point we were back at the web UI login screen.
 We logged in and found that the Kernel Log section showed we were running the
 new kernel.
 We then logged in via SSH again and ran "busybox", which printed the new version
 string, showing it was using our newly-compiled version (given the date).
 \section{U-Boot Compilation}
 * As mentioned above, we also found a "u-boot\verb0_0reflash" file at the top level of
   the included source CD.  We followed the instructions for compiling U-Boot,
   which were fairly straight-forward.  One modification would be to mention that
   "\$U-BOOT\verb0_0SRC" referred to the extracted source directory, which was implied,
   but should have been explicit.
 * Additionally, we noticed that the included toolchain binaries, which were used
   by the U-Boot compilation process by default, did not run on our system.  In
   particular, we received this error:
 mips-librecmc-linux-uclibc-gcc.bin: /lib/libc.so.6: version `GLIBC`\verb0_02.14' not found (required by mips-librecmc-linux-uclibc-gcc.bin)
   The complete log output (including the command used to run it) is here:
      enforcement-case-studies\verb0_0log-output/thinkpenguin\verb0_0u-boot-build\verb0_0fail.log
 * We found that by removing toolchain/bin and symlinking the toolchain built for
   the filesystem/kernel above in its place, we were able to complete the U-Boot
   build.  Specifically, we symlinked toolchain/bin to:
   ../../staging\verb0_0dir/toolchain-mips\verb0_034kc\verb0_0gcc-4.6-linaro\verb0_0uClibc-0.9.33.2/bin
   Output from the symlink operation can be found here:
      enforcement-case-studies\verb0_0log-output/thinkpenguin\verb0_0u-boot-create\verb0_0symlink.log
 * Ideally the pre-built toolchain binaries should not be included and a symlink
   as mentioned above should be created by default, with a mention that the
   U-Boot build depends on the previous build for its toolchain.
 * After compilation completed successfully, we found a new U-Boot image in the
   bin directory.  The instructions explained how to install it on the device.
   Output from the successful build (after the symlink was created) is here:
      enforcement-case-studies\verb0_0log-output/thinkpenguin\verb0_0u-boot-finish\verb0_0build.log
 \section{U-Boot Installation}
 We obtained a serial cable along with our router, in order to complete the
 U-Boot installation per the instructions in u-boot\verb0_0reflash.  However, we were
 only able to read data from the serial port; we were unable to interrupt the
 boot process or access the U-Boot console to complete the U-Boot re-flash.  Here
 are the steps we tried:
 * We found the serial cable included was a USB serial adapter that had a male
   USB type A connector on one end and 4 female jumper wires at the other end.
   These female jumper wires were red, black, white, and green.
 * The instructions did not specify how to connect these wires, but we were able
   to determine this in part using the "v8.4" image (close to our "v8.2" router)
   at \url{http://wiki.openwrt.org/toh/tp-link/tl-wr841nd#serial.console} .  Aside from
   power and ground (red and black), we did have to guess which of the wires was
   RX and TX.  By experimentation we found that green was RX and white was TX.
   When we tried the other way, we received no data to our serial console at boot
   time.
 * We did have to use the included jumper pin gender changer with the USB serial
   adapter, which we put through the holes on the router's mainboard and then
   connected to the USB serial adapter.  The fit was fairly loose so it would be
   nice if future router versions included a tighter gender changer or (ideally)
   had the jumper pins soldered onto the board to begin with (so no gender
   changer would be required).
 * We used 115200 8N1 as our serial console settings (with no hardware or
   software flow control).  This was tested with both the minicom and screen
   commands.  We found that if we connected all 4 wires on the USB serial adapter
   that the router would start without additional power and our console would
   receive the startup messages.  We could replicate the same behavior by
   omitting the power cable from the USB serial adapter (red wire) and connecting
   the main power adapter to the router instead.
 * While we did see the U-Boot and kernel boot logs in our serial console, we
   were unable to interrupt the boot process as u-boot\verb0_0reflash indicated we
   should.  We suspect this is a misconfiguration of our serial console, but it's
   unclear exactly how it is misconfigured, as we were able to receive data fine
   (we just couldn't send data to the router).
 * As a result, we were unable to complete the U-Boot installation test.  We did
   appreciate that installation instructions were included, though these
   instructions should be updated to include more specifics about connecting the
   serial cable.  Since ThinkPenguin does have the option to ship a serial
   adapter with the router, it would be helpful if instructions specific to that
   adapter were included, as the wiring configuration one should use was unclear.
 * Additionally, instructions for removing the router's case should be included.
   We found that the two screws that needed removal to open the case were hidden
   underneath rubber feet on the case.  Indicating which feet need removal to
   unscrew the case would be helpful.  The instructions should also note that the
   case needs to be carefully separated once the screws are removed; it
   effectively snaps apart, but care must be taken to avoid breaking the plastic
   fasteners that keep the case together after the screws are removed.
 \section{Firmware Comparison}
 To ensure that the CCS did indeed correspond to the firmware that was shipped on
 the router, we compared the firmware image that we built using the above steps
 with the filesystem we found on the device itself.  The comparison steps we used
 were:
 * Extract the filesystem from the image we built by running find-firmware.pl
   from https://gitorious.org/gpl-compliance-tools/gpl-compliance-scripts on
   librecmc-ar71xx-generic-tl-wr841n-v8-squashfs-factory.bin from the bin/ar71xx
   directory mentioned above (we noticed that our router said "Ver:8.2" on the
   bottom).  Then run squashfs4.2/squashfs-tools/bat-unsquashfs42 from
   bat-extratools (at http://www.binaryanalysis.org/en/content/show/download )
   on the resulting morx0.squash and use the filesystem in the new squashfs-root
   directory for comparison.
 * Login to the web interface (at http://192.168.10.1/ ) from a computer that is
   connected to the router.
 * Set a password using the provided link at the top (the UI warns that no
   password is set and asks the user to change it).
 * Login to the router via SSH, using the root user and the password we just set.
 * Compare representative directory listings and binaries to ensure the set of
   included files (on the router) is similar to those found in the firmware image
   we created (whose contents are now in the local squashfs-root directory).  In
   particular, we did the following comparisons:
 ** List the /bin folder ("ls -l /bin") and confirm the list of files is the same
    and that the file sizes are similar.
 ** Check the "strings" output of /bin/busybox to confirm it was similar in both
    places (similar number of lines and content of lines).  One cannot directly
    compare the binaries because the slight compilation variations will cause
    some bits to be different.
 ** Do the above two steps for /lib/modules, /usr/bin, and other directories with
    a significant number of binaries.
 ** To check that the kernel is sufficiently similar, compare the "dmesg" output
    both before and after flashing the new firmware.  The kernel version string
    should be similar, but should have a different build date and user@host
    indicator.  The kernel binary itself is not easily accessible from an SSH
    login, but may be retrievable using the U-Boot console (the start address of
    the kernel in flash appears to be 0x9F000000, based on the u-boot\verb0_0reflash
    instructions).  We were not able to verify this, due to the serial connection
    issues (see above section on U-Boot installation).
 \section{Minor Infractions}
 As mentioned above, there were a few minor infractions.  These made it slightly
 difficult to complete the build and installation without additional context, but
 did not make the build impossible to complete without more information, such as
 missing source code for kernel modules or depending on a specific cross-compiler
 but not mentioning which one or, better yet, including its source code, which
 are both more problematic infractions.  These minor infractions were:
 % FIXME: clarify seriousness of no install instructions; lack of clarity in
 % which version to install could be more problematic
 * Not mentioning how to extract the source tarball and then where to run the
   "make" command.
 * Not mentioning how to install the kernel and root filesystem on the device;
   this is the biggest of these 3 issues but a bit less troublesome than it would
   otherwise have been since the web-based firmware update process is well-known.
 * Using pre-built toolchain binaries that don't work on all systems instead of
   the ones that are built in a separate step, but not moved to the right place.
   We were able to build corresponding toolchain binaries from source (though
   for a slightly different target) so this is not a severe toolchain violation
   of the type we normally find (where toolchain binaries are provided without
   source).  However, including instructions to use the built toolchain binaries
   instead would be best, or alternatively specifying the distribution on which
   the toolchain binaries must be run (to avoid being unable to run them as we
   were).
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 % COMMENT OUT THIS CHAPTER.
 % FIXME: is this material moot now that we include the compliance guide?
 % Either way, it should be merged into compliance guide.
 %\chapter{Good Practices for Compliance}
 Generally, from the experience of GPL enforcement, we glean the following
 general practices that can help in GPL compliance for organizations that
 distribute products based on GPL'd software:
 \begin{itemize}
 \item Talk to your software engineers and ask them where they got the
   components they use in the products they build. Find out if GPL'd
   components are present.
 \item Teach your engineering staff to pay attention to license documents.
   Give them easy-to-follow policies to get approval for using a Free
   Software component.
 \item Build a ``Free Software Licensing'' committee that handles requests
   and questions about the GPL and other Free Software licenses.
 \item Add ``What parts of your products are under the GPL or other Free
   Software licenses?'' to your checklist of questions to ask when you
   consider mergers, acquisitions, or joint ventures.
 \item Encourage your engineers to participate collaboratively with GPL'd
   software development. The more knowledge about the Free Software world
   your organization has, the better equipped it is to deal with this
   rapidly changing field.
 \item When someone points out a potential GPL violation in one of your
   products, do not assume the product line is doomed. The GPL is not a virus;
   merely having GPL'd code in one part of a product does not necessarily
   mean that every related product must also be GPL'd. And, even if some
   software needs to be released that was not before, the product will
   surely survive. In FSF's enforcement efforts, we have not yet
   seen a product line die because source was released to customers in
   compliance with the GPL.
 \end{itemize}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 % LocalWords:  proprietarize redistributors sublicense yyyy Gnomovision EULAs
 % LocalWords:  Yoyodyne FrontPage improvers Berne copyrightable Stallman's GPLs
 % LocalWords:  Lessig Lessig's UCITA pre PDAs CDs reshifts GPL's Gentoo glibc
 % LocalWords:  TrollTech administrivia LGPL's MontaVista OpenTV Mitek Arce DVD
 % LocalWords:  unprotectable protectable Unfreedonia chipset CodeSourcery Iqtel
 % LocalWords:  impermissibly Bateman faire minimis Borland uncopyrightable Mgmt
 % LocalWords:  franca downloadable Bortez Bortez's
 % LocalWords:  Slashdot sublicensed Vigorien Vigorien's Haxil Polgara
 % LocalWords:  Thesulac Polgara's Haxil's Thesulac's SDK CD's

gpl-lgpl.tex

➞

Show inline comments

 % gpl-lgpl.tex                                                  -*- LaTeX -*-
 %      Tutorial Text for the Detailed Study and Analysis of GPL and LGPL course
+%
 % Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
 % Copyright (C) 2014                   Bradley M. Kuhn
 % License: CC-By-SA-4.0
 % The copyright holders hereby grant the freedom to copy, modify, convey,
 % Adapt, and/or redistribute this work under the terms of the Creative
 % Commons Attribution Share Alike 4.0 International License.
 % This text is distributed in the hope that it will be useful, but
 % WITHOUT ANY WARRANTY; without even the implied warranty of
 % MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 % You should have received a copy of the license with this document in
 % a file called 'CC-By-SA-4.0.txt'.  If not, please visit
 % https://creativecommons.org/licenses/by-sa/4.0/legalcode to receive
 % the license text.
 % FIXME-LATER: I should make a macro like the Texinfo @xref stuff for places
 %      where I'm saying ``see section X in this tutorial'', so that the extra
 %      verbiage isn't there in the HTML versions that I'll eventually do.
 %      Maybe something like that already exists?  In the worst case, I could
 %      adapt @xref from texinfo.texi for it.
 \newcommand{\defn}[1]{\emph{#1}}
 \part{Detailed Analysis of the GNU GPL and Related Licenses}
 {\parindent 0in
 \tutorialpartsplit{``Detailed Analysis of the GNU GPL and Related Licenses''}{This part} is: \\
 \begin{tabbing}
 Copyright \= \copyright{} 2003--2007 \hspace{.1mm} \=  \kill
 Copyright \> \copyright{} 2014 \> Bradley M. Kuhn \\
 Copyright \> \copyright{} 2014 \>  Anthony K. Sebro, Jr. \\
 Copyright \> \copyright{} 2003--2007 \>  Free Software Foundation, Inc.
+Copyright \> \copyright{} 2003--2007, 2014 \>  Free Software Foundation, Inc.
 \end{tabbing}
 \vspace{.3in}
 \begin{center}
 Authors of \tutorialpartsplit{``Detailed Analysis of the GNU GPL and Related Licenses''}{this part} are: \\
 Free Software Foundation, Inc. \\
 Bradley M. Kuhn \\
 David ``Novalis'' Turner \\
 Daniel B. Ravicher \\
 Tony Sebro \\
 John Sullivan
 \vspace{.2in}
 Copy editors of this part include: \\
 Martin Michlmayr
 \vspace{.2in}
 The copyright holders of \tutorialpartsplit{``Detailed Analysis of the GNU GPL and Related Licenses''}{this part} hereby grant the freedom to copy, modify,
 convey, Adapt, and/or redistribute this work under the terms of the Creative
 Commons Attribution Share Alike 4.0 International License.  A copy of that
 license is available at
 \verb=https://creativecommons.org/licenses/by-sa/4.0/legalcode=.
 \end{center}
+}
 \bigskip
 \tutorialpartsplit{This tutorial}{This part of the tutorial} gives a
 comprehensive explanation of the most popular Free Software copyright
 license, the GNU General Public License (``GNU GPL'', or sometimes just
 ``GPL'') -- both version 2 (``GPLv2'') and version 3 (``GPLv3'') -- and
 teaches lawyers, software developers, managers and business people how to use
 the GPL (and GPL'd software) successfully both as a community-building
 ``Constitution'' for a software project, and to incorporate copylefted
 software into a new Free Software business and in existing, successful
 enterprises.
 To successfully benefit from this part of the tutorial, readers should
 have a general familiarity with software development processes.  A basic
 understanding of how copyright law applies to software is also helpful.  The
 tutorial is of most interest to lawyers, software developers and managers who
 run or advise software businesses that modify and/or redistribute software
 under the terms of the GNU GPL (or who wish to do so in the future), and those
 who wish to make use of existing GPL'd software in their enterprise.
 Upon completion of this part of the tutorial, successful readers can expect
 to have learned the following:
 \begin{itemize}
   \item The freedom-defending purpose of various terms in the GNU GPLv2 and GPLv3.
   \item The differences between GPLv2 and GPLv3.
   \item The redistribution options under the GPLv2 and GPLv3.
   \item The obligations when modifying GPLv2'd or GPLv3'd software.
   \item How to build a plan for proper and successful compliance with the GPL.
   \item The business advantages that the GPL provides.
   \item The most common business models used in conjunction with the GPL.
   \item How existing GPL'd software can be used in existing enterprises.
   \item The basics of LGPLv2.1 and LGPLv3, and how they
     differs from the GPLv2 and GPLv3, respectively.
   \item The basics to begin understanding the complexities regarding
     derivative and combined works of software.
 \end{itemize}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 % END OF ABSTRACTS SECTION
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 % START OF DAY ONE COURSE
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \chapter{What Is Software Freedom?}
 Study of the GNU General Public License (herein, abbreviated as \defn{GNU
   GPL} or just \defn{GPL}) must begin by first considering the broader world
 of software freedom. The GPL was not created in a vacuum. Rather, it was
 created to embody and defend a set of principles that were set forth at the
 founding of the GNU project and the Free Software Foundation (FSF) -- the
 preeminent organization that upholds, defends and promotes the philosophy of software
 freedom. A prerequisite for understanding both of the popular versions
 of the GPL
 (GPLv2 and GPLv3) and their terms and conditions is a basic understanding of
 the principles behind them.  The GPL family of licenses are unlike nearly all
 other software licenses in that they are designed to defend and uphold these
 principles.
 \section{The Free Software Definition}
 \label{Free Software Definition}
 The Free Software Definition is set forth in full on FSF's website at
 \verb0http://fsf.org/0 \verb0philosophy/free-sw.html0. This section presents
 an abbreviated version that will focus on the parts that are most pertinent
 to the GPL\@.
 A particular program grants software freedom to a particular user if that
 user is granted the following freedoms:
 \begin{itemize}
 \item The freedom to run the program, for any purpose.
 \item The freedom to study how the program works, and modify it
 \item The freedom to redistribute copies.
 \item The freedom to distribute copies of  modified versions to others.
 \end{itemize}
 The focus on ``a particular user'' is particularly pertinent here.  It is not
 uncommon for the same version of a specific program to grant these freedoms
 to some subset of its user base, while others have none or only some of these
 freedoms.  Section~\ref{Proprietary Relicensing} talks in detail about how
 this can unfortunately happen even if a program is released under the GPL\@.
 Many people refer to software that gives these freedoms as ``Open Source.''
 Besides having a different political focus than those who call it Free
 Software,\footnote{The political differences between the Free Software
   Movement and the Open Source Movement are documented on FSF's Web site at
   {\tt http://www.fsf.org/licensing/essays/free-software-for-freedom.html}.}
 Those who call the software ``Open Source'' are often focused on a side
 issue.  Specifically, user access to the source code of a program is a
 prerequisite to make use of the freedom to modify.  However, the important
 issue is what freedoms are granted in the license of that source code.
 Software freedom is only complete when no restrictions are imposed on how
 these freedoms are exercised.  Specifically, users and programmers can
 exercise these freedoms noncommercially or commercially.  Licenses that grant
 these freedoms for noncommercial activities but prohibit them for commercial
 activities are considered non-free.  Even the Open Source Initiative
 (\defn{OSI}) (the arbiter of what is considered ``Open Source'') also rules
 such licenses not in fitting with its ``Open Source Definition''.
 In general, software for which most or all of these freedoms are
 restricted in any way is called ``non-Free Software.''  Typically, the
 term ``proprietary software'' is used more or less interchangeably with
 ``non-Free Software.''  Personally, I tend to use the term ``non-Free
 Software'' to refer to noncommercial software that restricts freedom
 (such as ``shareware'') and ``proprietary software'' to refer to
 commercial software that restricts freedom (such as nearly all of
 Microsoft's and Oracle's offerings).
 Keep in mind that none of the terms ``software freedom'', ``open source''
 and ``free software'' are known to be trademarked or otherwise legally
 restricted by any organization in
 any jurisdiction.  As such, it's quite common that these terms are abused and
 misused by parties who wish to bank on the popularity of software freedom.
 When one considers using, modifying or redistributing a software package that
 purports to be Open Source or Free Software, one \textbf{must} verify that
 the license grants software freedom.
 Furthermore, throughout this text, we generally prefer the term ``software
 freedom'', as this is the least ambiguous term available to describe software
 that meets the Free Software Definition.  For example, it is well known and
 often discussed that the adjective ``free'' has two unrelated meanings in
 English: ``free as in freedom'' and ``free as in price''.  Meanwhile, the
 term ``open source'' is even more confusing, because it appears to refer only to the
 ``freedom to study'', which is merely a subset of one of the four freedoms.
 The remainder of this section considers each of each component of software
 freedom in detail.
 \subsection{The Freedom to Run}
 \label{freedom-to-run}
 The first tenet of software freedom is the user's fully unfettered right to
 run the program.  The software's license must permit any conceivable use of
 the software.  Perhaps, for example, the user has discovered an innovative
 use for a particular program, one that the programmer never could have
 predicted.  Such a use must not be restricted.
 It was once rare that this freedom was restricted by even proprietary
 software; but such is quite common today. Most End User License Agreements
 (EULAs) that cover most proprietary software typically restrict some types of
 uses.  Such restrictions of any kind are an unacceptable restriction on
 software freedom.
 \subsection{The Freedom to Change and Modify}
 Perhaps the most useful right of software freedom is the users' right to
 change, modify and adapt the software to suit their needs.  Access to the
 source code and related build and installation scripts are an essential part
 of this freedom.  Without the source code, and the ability to build and
 install the binary applications from that source, users cannot effectively
 exercise this freedom.
 Programmers directly benefit from this freedom.  However, this freedom
 remains important to users who are not programmers.  While it may seem
 counterintuitive at first, non-programmer users often exercise this freedom
 indirectly in both commercial and noncommercial settings.  For example, users
 often seek noncommercial help with the software on email lists and in user
 groups.  To make use of such help they must either have the freedom to
 recruit programmers who might altruistically assist them to modify their
 software, or to at least follow rote instructions to make basic modifications
 themselves.
 More commonly, users also exercise this freedom commercially.  Each user, or
 group of users, may hire anyone they wish in a competitive free market to
 modify and change the software.  This means that companies have a right to
 hire anyone they wish to modify their Free Software.  Additionally, such
 companies may contract with other companies to commission software
 modifications.
 \subsection{The Freedom to Copy and Share}
 Users share Free Software in a variety of ways. Software freedom advocates
 work to eliminate a fundamental ethical dilemma of the software age: choosing
 between obeying a software license and friendship (by giving away a copy of a
 program to your friend who likes the software you are using). Licenses that
 respect software freedom, therefore, permit altruistic sharing of software
 among friends.
 The commercial environment also benefits from this freedom.  Commercial sharing
 includes selling copies of Free Software: that is, Free Software can
 be distributed for any monetary
 price to anyone.  Those who redistribute Free Software commercially also have
 the freedom to selectively distribute (i.e., you can pick your customers) and
 to set prices at any level that redistributor sees fit.
 Of course, most people get copies of Free Software very cheaply (and
 sometimes without charge).  The competitive free market of Free Software
 tends to keep prices low and reasonable.  However, if someone is willing to
 pay billions of dollars for one copy of the GNU Compiler Collection, such a
 sale is completely permitted.
 Another common instance of commercial sharing is service-oriented
 distribution.  For example, some distribution vendors provide immediate
 security and upgrade distribution via a special network service.  Such
 distribution is not necessarily contradictory with software freedom.
 (Section~\ref{Business Models} of this tutorial talks in detail about some
 common Free Software business models that take advantage of the freedom to
 share commercially.)
 \subsection{The Freedom to Share Improvements}
 The freedom to modify and improve is somewhat empty without the freedom to
 share those improvements.  The software freedom community is built on the
 pillar of altruistic sharing of improved Free Software. Historically
 it was typical for a
 Free Software project to sprout a mailing list where improvements
 would be shared
 freely among members of the development community\footnote{This is still
 commonly the case, though today there are other or additional ways of
 sharing Free Software.}.   Such noncommercial
 sharing is the primary reason that Free Software thrives.
 Commercial sharing of modified Free Software is equally important.
 For commercial support to exist in a competitive free market, all
 developers -- from single-person contractors to large software
 companies -- must have the freedom to market their services as
 augmenters of Free Software.  All forms of such service marketing must
 be equally available to all.
 For example, selling support services for Free Software is fully
 permitted. Companies and individuals can offer themselves as ``the place
 to call'' when software fails or does not function properly.  For such a
 service to be meaningful, the entity offering that service needs the
 right to modify and improve the software for the customer to correct any
 problems that are beyond mere user error.
 Software freedom licenses also permit any entity to distribute modified
 versions of Free Software.  Most Free Software programs have a ``standard
 version'' that is made available from the primary developers of the software.
 However, all who have the software have the ``freedom to fork'' -- that is,
 make available nontrivial modified versions of the software on a permanent or
 semi-permanent basis.  Such freedom is central to vibrant developer and user
 interaction.
 Companies and individuals have the right to make true value-added versions
 of Free Software.  They may use freedom to share improvements to
 distribute distinct versions of Free Software with different functionality
 and features.  Furthermore, this freedom can be exercised to serve a
 disenfranchised subset of the user community.  If the developers of the
 standard version refuse to serve the needs of some of the software's
 users, other entities have the right to create a long- or short-lived fork
 to serve that sub-community.
 \section{How Does Software Become Free?}
 The previous section set forth key freedoms and rights that are referred to
 as ``software freedom''.  This section discusses the licensing mechanisms
 used to enable software freedom.  These licensing mechanisms were ultimately
 created as a community-oriented ``answer'' to the existing proprietary
 software licensing mechanisms.  Thus, first, consider carefully why
 proprietary software exists in the first place.
 Proprietary software exists at all only because it is governed by copyright
 law.\footnote{This statement is admittedly an oversimplification. Patents and
   trade secrets can cover software and make it effectively non-Free, and one
   can contract away their rights and freedoms regarding software, or source
   code can be practically obscured in binary-only distribution without
   reliance on any legal system.  However, the primary control mechanism for
   software is copyright, and therefore this section focuses on how copyright
   restrictions make software proprietary.} Copyright law, with respect to
 software, typically governs copying, modifying, and redistributing that
 software (For details of this in the USA, see
 \href{http://www.copyright.gov/title17/92chap1.html#106}{\S~106} and
 \href{http://www.copyright.gov/title17/92chap1.html#117}{\S~117} of
 \href{http://www.law.cornell.edu/uscode/text/17}{Title 17} of the
 \textit{United States Code}).\footnote{Copyright law in general also governs
   ``public performance'' of copyrighted works. There is no generally agreed
   definition for public performance of software and both GPLv2 and GPLv3 do
   not restrict public performance.} By law (in the USA and in most other
 jurisdictions), the copyright holder (most typically, the author) of the work controls
 how others may copy, modify and/or distribute the work. For proprietary
 software, these controls are used to prohibit these activities. In addition,
 proprietary software distributors further impede modification in a practical
 sense by distributing only binary code and keeping the source code of the
 software secret.
 Copyright is not a natural state, it is a legal construction. In the USA, the
 Constitution permits, but does not require, the creation of copyright law as
 federal legislation.  Software, since it is an ``original work of authorship
 fixed in any tangible medium of expression ...  from which they can be
 perceived, reproduced, or otherwise communicated, either directly or with the
 aid of a machine or device'' (as stated in
 \href{http://www.law.cornell.edu/uscode/text/17/102}{17 USC \S~102}), is thus
 covered by the statute, and is copyrighted by default.
 However, software, in its natural state without copyright, is Free
 Software. In an imaginary world with no copyright, the rules would be
 different. In this world, when you received a copy of a program's source
 code, there would be no default legal system to restrict you from sharing it
 with others, making modifications, or redistributing those modified
 versions.\footnote{Note that this is again an oversimplification; the
   complexities with this argument are discussed in
   Section~\ref{software-and-non-copyright}.}
 Software in the real world is copyrighted by default and is automatically
 covered by that legal system.  However, it is possible to move software out
 of the domain of the copyright system.  A copyright holder can often
 \defn{disclaim} their copyright. (For example, under USA copyright law
 it is possible for a copyright holder to engage in conduct resulting
 in abandonment of copyright.)  If copyright is disclaimed, the software is
 effectively no longer restricted by copyright law.   Software not restricted by copyright is in the
 ``public domain.''
 \subsection{Public Domain Software}
 In the USA and other countries that
 are parties to the Berne Convention on Copyright, software is copyrighted
 automatically by the author when she fixes the software in a tangible
 medium.  In the software world, this usually means typing the source code
 of the software into a file.
 Imagine if authors could truly disclaim those default controls of copyright
 law.  If so, the software is in the public domain --- no longer covered by
 copyright.  Since copyright law is the construction allowing for most
 restrictions on software (i.e., prohibition of copying, modification, and
 redistribution), removing the software from the copyright system usually
 yields software freedom for its users.
 Carefully note that software truly in the public domain is \emph{not} licensed
 in any way.  It is confusing to say software is ``licensed for the
 public domain,'' or any phrase that implies the copyright holder gave
 express permission to take actions governed by copyright law.
 Copyright holders who state that they are releasing their code into
 the public domain are effectively renouncing copyright controls on
 the work.  The law gave the copyright holders exclusive controls over the
 work, and they chose to waive those controls.  Software that is, in
 this sense, in the public domain
 is conceptualized by the developer as having no copyright and thus no license. The software freedoms discussed in
 Section~\ref{Free Software Definition} are all granted because there is no
 legal system in play to take them away.
 Admittedly, a discussion of public domain software is an oversimplified
 example.
 Because copyright controls are usually automatically granted and because, in
 some jurisdictions, some copyright controls cannot be waived (see
 Section~\ref{non-usa-copyright} for further discussion), many copyright
 holders sometimes incorrectly believe a work has been placed in the public
 domain.  Second, due to aggressive lobbying by the entertainment industry,
 the ``exclusive Right'' of copyright, that was supposed to only exist for
 ``Limited Times'' according to the USA Constitution, appears to be infinite:
 simply purchased on the installment plan rather than in whole.  Thus, we must
 assume no works of software will fall into the public domain merely due to
 the passage of time.
 Nevertheless, under USA law it is likely that the typical
 disclaimers of copyright or public domain dedications we see in the
 Free Software world would be interpreted by courts as copyright
 abandonment, leading to a situation in which the user effectively receives a
 maximum grant of copyright freedoms, similar to a maximally-permissive
 Free Software license.
 The best example of software known to truly be in the public domain is software
 that is published by the USA government.  Under
 \href{http://www.law.cornell.edu/uscode/text/17/105}{17 USC 101 \S~105}, all
 works published by the USA Government are not copyrightable in the USA.
 \subsection{Why Copyright Free Software?}
 If simply disclaiming copyright on software yields Free Software, then it
 stands to reason that putting software into the public domain is the
 easiest and most straightforward way to produce Free Software. Indeed,
 some major Free Software projects have chosen this method for making their
 software Free. However, most of the Free Software in existence \emph{is}
 copyrighted. In most cases (particularly in those of FSF and the GNU
 Project), this was done due to very careful planning.
 Software released into the public domain does grant freedom to those users
 who receive the standard versions on which the original author disclaimed
 copyright. However, since the work is not copyrighted, any nontrivial
 modification made to the work is fully copyrightable.
 Free Software released into the public domain initially is Free, and
 perhaps some who modify the software choose to place their work into the
 public domain as well. However, over time, some entities will choose to
 proprietarize their modified versions. The public domain body of software
 feeds the proprietary software. The public commons disappears, because
 fewer and fewer entities have an incentive to contribute back to the
 commons. They know that any of their competitors can proprietarize their
 enhancements. Over time, almost no interesting work is left in the public
 domain, because nearly all new work is done by proprietarization.
 A legal mechanism is needed to redress this problem. FSF was in fact
 originally created primarily as a legal entity to defend software freedom,
 and that work of defending software freedom is a substantial part of
 its work today. Specifically because of this ``embrace, proprietarize and
 extend'' cycle, FSF made a conscious choice to copyright its Free Software,
 and then license it under ``copyleft'' terms. Many, including the
 developers of the kernel named Linux, have chosen to follow this paradigm.
 \label{copyleft-definition}
 Copyleft is a legal strategy and mechanism to defend, uphold and propagate software
 freedom. The basic technique of copyleft is as follows: copyright the
 software, license it under terms that give all the software freedoms, but
 use the copyright law controls to ensure that all who receive a copy of
 the software have equal rights and freedom. In essence, copyleft grants
 freedom, but forbids others to forbid that freedom to anyone else along
 the distribution and modification chains.
 Copyleft is a general concept. Much like ideas for what a computer might
 do must be \emph{implemented} by a program that actually does the job, so
 too must copyleft be implemented in some concrete legal structure.
 ``Share and share alike'' is a phrase that is used often enough to explain the
 concept behind copyleft, but to actually make it work in the real world, a
 true implementation in legal text must exist. The GPL is the primary
 implementation of copyleft in copyright licensing language.
 \subsection{Software and Non-Copyright Legal Regimes}
 \label{software-and-non-copyright}
 The use, modification and distribution of software, like many endeavors,
 simultaneously interacts with multiple different legal regimes.  As was noted
 early via footnotes, copyright is merely the \textit{most common way} to
 restrict users' rights to copy, share, modify and/or redistribute software.
 However, proprietary software licenses typically use every mechanism
 available to subjugate users.  For example:
 \begin{itemize}
 \item Unfortunately, despite much effort by many in the software freedom
   community to end patents that read on software (i.e., patents on
   computational ideas), they still ultimately exist.  As such, a software
   program might otherwise be seemly unrestricted, but a patent might read on
   the software and ruin everything for its users.\footnote{See
   \S\S~\ref{gpl-implied-patent-grant},~\ref{GPLv2s7},~\ref{GPLv3s11} for more
   discussion on how the patent system interacts with copyleft, and read
   Richard M.~Stallman's essay,
   \href{http://www.wired.com/opinion/2012/11/richard-stallman-software-patents/}{\textit{Let's
       Limit the Effect of Software Patents, Since We Can't Eliminate Them}}
   for more information on the problems these patents present to society.}
 \item Digital Restrictions Management (usually called \defn{DRM}) is often
   used to impose technological restrictions on users' ability to exercise
   software freedom that they might otherwise be granted\footnote{See
     \S~\ref{GPLv3-drm} for more information on how GPL deals with this issue.}.
   The simplest (and perhaps oldest) form of DRM, of course, is separating
   software source code (read by humans), from their compiled binaries (read
   only by computers).  Furthermore,
   \href{http://www.law.cornell.edu/uscode/text/17/1201}{17 USC~\S1201} often
   prohibits users legally from circumventing some of these DRM systems.
 \item Most EULAs also include a contractual agreement that bind users further
   by forcing them to agree to a contractual, prohibitive software license
   before ever even using the software.
 \end{itemize}
 Thus, most proprietary software restricts users via multiple interlocking
 legal and technological means.  Any license that truly respect the software
 freedom of all users must not only grant appropriate copyright permissions,
 but also \textit{prevent} restrictions from other legal and technological
 means like those listed above.
 \subsection{Non-USA Copyright Regimes}
 \label{non-usa-copyright}
 Generally speaking, copyright law operates similarly enough in countries that
 have signed the Berne Convention on Copyright, and software freedom licenses
 have generally taken advantage of this international standardization of
 copyright law.  However, copyright law does differ from country to country,
 and commonly, software freedom licenses like the GPL must be considered under the
 copyright law in the jurisdiction where any licensing dispute occurs.
 Those who are most familiar with the USA's system of copyright often are
 surprised to learn that there are certain copyright controls that cannot be
 waived nor disclaimed.  Specifically, many copyright regimes outside the USA
 recognize a concept of moral rights of authors.  Typically, moral rights are
 fully compatible with respecting software freedom, as they are usually
 centered around controls that software freedom licenses generally respect,
 such as the right of an authors to require proper attribution for their work.
 \section{A Community of Equality}
 The previous section described the principles of software freedom, a brief
 introduction to mechanisms that typically block these freedoms, and the
 simplest ways that copyright holders might grant those freedoms to their
 users for their copyrighted works of software.  The previous section also
 introduced the idea of \textit{copyleft}: a licensing mechanism to use
 copyright to not only grant software freedom to users, but also to uphold
 those rights against those who might seek to curtail them.
 Copyleft, as defined in \S~\ref{copyleft-definition}, is a general term for this
 mechanism.  The remainder of this text will discuss details of various
 real-world implementations of copyleft -- most notably, the GPL\@.
 This discussion begins first with some general explanation of what the GPL is
 able to do in software development communities.  After that brief discussion
 in this section, deeper discussion of how GPL accomplishes this in practice
 follows in the next chapter.
 Simply put, though, the GPL ultimately creates a community of equality for
 both business and noncommercial users.
 \subsection{The Noncommercial Community}
 A GPL'd code base becomes a center of a vibrant development and user
 community.  Traditionally, volunteers, operating noncommercially out of
 keen interest or ``scratch an itch'' motivations, produce initial versions
 of a GPL'd system.  Because of the efficient distribution channels of the
 Internet, any useful GPL'd system is adopted quickly by noncommercial
 users.
 Fundamentally, the early release and quick distribution of the software
 gives birth to a thriving noncommercial community.  Users and developers
 begin sharing bug reports and bug fixes across a shared intellectual
 commons.  Users can trust the developers, because they know that if the
 developers fail to address their needs or abandon the project, the GPL
 ensures that someone else has the right to pick up development.
 Developers know that the users cannot redistribute their software without
 passing along the rights granted by the GPL, so they are assured that every
 one of their users is treated equally.
 Because of the symmetry and fairness inherent in GPL'd distribution,
 nearly every GPL'd package in existence has a vibrant noncommercial user
 and developer base.
 \subsection{The Commercial Community}
 By the same token, nearly all established GPL'd software systems have a
 vibrant commercial community.  Nearly every GPL'd system that has gained
 wide adoption from noncommercial users and developers eventually begins
 to fuel a commercial system around that software.
 For example, consider the Samba file server system that allows Unix-like
 systems (including GNU/Linux) to serve files to Microsoft Windows systems.
 Two graduate students originally developed Samba in their spare time and
 it was deployed noncommercially in academic environments\footnote{See
   \href{http://turtle.ee.ncku.edu.tw/docs/samba/history}{Andrew Tridgell's
     ``A bit of history and a bit of fun''}}.  However, very
 soon for-profit companies discovered that the software could work for them
 as well, and their system administrators began to use it in place of
 Microsoft Windows NT file-servers.  This served to lower the cost of
 running such servers by orders of magnitude. There was suddenly room in
 Windows file-server budgets to hire contractors to improve Samba.  Some of
 the first people hired to do such work were those same two graduate
 students who originally developed the software.
 The noncommercial users, however, were not concerned when these two
 fellows began collecting paychecks off of their GPL'd work.  They knew
 that because of the nature of the GPL that improvements that were
 distributed in the commercial environment could easily be folded back into
 the standard version.  Companies are not permitted to proprietarize
 Samba, so the noncommercial users, and even other commercial users are
 safe in the knowledge that the software freedom ensured by the GPL will remain
 protected.
 Commercial developers also work in concert with noncommercial
 developers.  Those two now-long-since graduated students continue to
 contribute to Samba altruistically, but also get paid work doing it.
 Priorities change when a client is in the mix, but all the code is
 contributed back to the standard version.  Meanwhile, many other
 individuals have gotten involved noncommercially as developers,
 because they want to ``cut their teeth on Free Software,'' or because
 the problems interest them.  When they get good at it, perhaps they
 will move on to another project, or perhaps they will become
 commercial developers of the software themselves.
 No party is a threat to another in the GPL software scenario because
 everyone is on equal ground.  The GPL protects rights of the commercial
 and noncommercial contributors and users equally. The GPL creates trust,
 because it is a level playing field for all.
 \subsection{Law Analogy}
 In his introduction to Stallman's \emph{Free Software, Free Society},
 Lawrence Lessig draws an interesting analogy between the law and Free
 Software. He argues that the laws of a free society must be protected
 much like the GPL protects software.  So that I might do true justice to
 Lessig's argument, I quote it verbatim:
 \begin{quotation}
 A ``free society'' is regulated by law. But there are limits that any free
 society places on this regulation through law: No society that kept its
 laws secret could ever be called free.  No government that hid its
 regulations from the regulated could ever stand in our tradition. Law
 controls.  But it does so justly only when visibly.  And law is visible
 only when its terms are knowable and controllable by those it regulates,
 or by the agents of those it regulates (lawyers, legislatures).
 This condition on law extends beyond the work of a legislature.  Think
 about the practice of law in American courts.  Lawyers are hired by their
 clients to advance their clients' interests.  Sometimes that interest is
 advanced through litigation. In the course of this litigation, lawyers
 write briefs. These briefs in turn affect opinions written by judges.
 These opinions decide who wins a particular case, or whether a certain law
 can stand consistently with a constitution.
 All the material in this process is free in the sense that Stallman means.
 Legal briefs are open and free for others to use.  The arguments are
 transparent (which is different from saying they are good), and the
 reasoning can be taken without the permission of the original lawyers.
 The opinions they produce can be quoted in later briefs.  They can be
 copied and integrated into another brief or opinion.  The ``source code''
 for American law is by design, and by principle, open and free for anyone
 to take. And take lawyers do---for it is a measure of a great brief that
 it achieves its creativity through the reuse of what happened before.  The
 source is free; creativity and an economy is built upon it.
 This economy of free code (and here I mean free legal code) doesn't starve
 lawyers.  Law firms have enough incentive to produce great briefs even
 though the stuff they build can be taken and copied by anyone else.  The
 lawyer is a craftsman; his or her product is public.  Yet the crafting is
 not charity. Lawyers get paid; the public doesn't demand such work
 without price.  Instead this economy flourishes, with later work added to
 the earlier.
 We could imagine a legal practice that was different --- briefs and
 arguments that were kept secret; rulings that announced a result but not
 the reasoning. Laws that were kept by the police but published to no one
 else. Regulation that operated without explaining its rule.
 We could imagine this society, but we could not imagine calling it
 ``free.''  Whether or not the incentives in such a society would be better
 or more efficiently allocated, such a society could not be known as free.
 The ideals of freedom, of life within a free society, demand more than
 efficient application.  Instead, openness and transparency are the
 constraints within which a legal system gets built, not options to be
 added if convenient to the leaders.  Life governed by software code should
 be no less.
 Code writing is not litigation.  It is better, richer, more
 productive.  But the law is an obvious instance of how creativity and
 incentives do not depend upon perfect control over the products
 created.  Like jazz, or novels, or architecture, the law gets built
 upon the work that went before. This adding and changing is what
 creativity always is.  And a free society is one that assures that its
 most important resources remain free in just this sense.\footnote{This
 quotation is Copyright \copyright{} 2002, Lawrence Lessig. It is
 licensed under the terms of
 \href{http://creativecommons.org/licenses/by/1.0/}{the ``Attribution
 License'' version 1.0} or any later version as published by Creative
 Commons.}
 \end{quotation}
 In essence, lawyers are paid to service the shared commons of legal
 infrastructure.  Few citizens defend themselves in court or write their
 own briefs (even though they are legally permitted to do so) because
 everyone would prefer to have an expert do that job.
 The Free Software economy is a market ripe for experts.  It
 functions similarly to other well established professional fields like the
 law. The GPL, in turn, serves as the legal scaffolding that permits the
 creation of this vibrant commercial and noncommercial Free Software
 economy.
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \chapter{A Tale of Two Copyleft Licenses}
 \label{tale-of-two-copylefts}
 While determining the proper methodology and criteria to yield an accurate
 count remains difficult, the GPL is generally considered one of the most
 widely used Free Software licenses.  For most of its history --- for 16 years
 from June 1991 to June 2007 --- there was really only one version of the GPL,
 version 2.
 However, the GPL had both earlier versions before version 2, and, more well
 known, a revision to version 3.
 \section{Historical Motivations for the General Public License}
 The earliest license to grant software freedom was likely the Berkeley
 Software Distribution (``BSD'') license.  This license is typical of what are
 often called lax, highly permissive licenses.  Not unlike software in the
 public domain, these non-copyleft licenses (usually) grant software freedom
 to users, but they do not go to any effort to uphold that software freedom
 for users.  The so-called ``downstream'' (those who receive the software and
 then build new things based on that software) can restrict the software and
 distribute further.
 The GNU's Not Unix (``GNU'') project, which Richard M.~Stallman (``RMS'')
 founded in 1984 to make a complete Unix-compatible operating system
 implementation that assured software freedom for all.  However, RMS saw that
 using a license that gave but did not assure software freedom would be
 counter to the goals of the GNU project.  RMS invented ``copyleft'' as an
 answer to that problem, and began using various copyleft licenses for the
 early GNU project programs\footnote{RMS writes more fully about this topic in
   his essay entitled simply
   \href{http://www.gnu.org/gnu/thegnuproject.html}{\textit{The GNU Project}}.
     For those who want to hear the story in his own voice,
     \href{http://audio-video.gnu.org/audio/}{speech recordings} of his talk,
     \textit{The Free Software Movement and the GNU/Linux Operating System}
     are also widely available}.
 \section{Proto-GPLs And Their Impact}
 %FIXME-LATER: bad line break:
 %\href{http://www.free-soft.org/gpl_history/emacs_gpl.html}{The Emacs
 %  General Public License}
 The earliest copyleft licenses were specific to various GNU programs.  For
 example,  The Emacs
 General Public License was likely the first copyleft license ever
 published.  Interesting to note that even this earliest copyleft license
 contains a version of the well-known GPL copyleft clause:
 \begin{quotation}
 You may modify your copy or copies of GNU Emacs \ldots provided that you also
 \ldots cause the whole of any work that you distribute or publish, that in
 whole or in part contains or is a derivative of GNU Emacs or any part
 thereof, to be licensed at no charge to all third parties on terms identical
 to those contained in this License Agreement.
 \end{quotation}
 This simply stated clause is the fundamental innovation of copyleft.
 Specifically, copyleft \textit{uses} the copyright holders' controls on
 permission to modify the work to add a conditional requirement.  Namely,
 downstream users may only have permission to modify  the work if they pass
 along the same permissions on the modified version that came originally to
 them.
 These original program-specific proto-GPLs give an interesting window into
 the central ideas and development of copyleft.  In particular, reviewing them
 shows how the text of the GPL we know has evolved to address more of the
 issues discussed earlier in \S~\ref{software-and-non-copyright}.
 \section{The GNU General Public License, Version 1}
 \label{GPLv1}
 In January 1989, the FSF announced that the GPL had been converted into a
 ``subroutine'' that could be reused not just for all FSF-copyrighted
 programs, but also by anyone else.  As the FSF claimed in its announcement of
 the GPLv1\footnote{The announcement of GPLv1 was published in the
   \href{http://www.gnu.org/bulletins/bull6.html\#SEC8}{GNU's Bulletin, vol 1,
     number 6 dated January 1989}.  (Thanks very much to Andy Tai for his
   \href{http://www.free-soft.org/gpl_history/}{consolidation of research on
     the history of the pre-v1 GPL's}.)}:
 \begin{quotation}
 To make it easier to copyleft programs, we have been improving on the
 legalbol architecture of the General Public License to produce a new version
 that serves as a general-purpose subroutine: it can apply to any program
 without modification, no matter who is publishing it.
 \end{quotation}
 This, like many inventive ideas, seems somewhat obvious in retrospect.  But,
 the FSF had some bright people and access to good lawyers when it started.
 It took almost five years from the first copyleft licenses to get to a
 generalized, reusable GPLv1.  In the context and mindset of the 1980s, this
 is not surprising.  The idea of reusable licensing infrastructure was not
 only uncommon, it was virtually nonexistent!  Even the early BSD licenses
 were simply copied and rewritten slightly for each new use\footnote{It
   remains an interesting accident of history that the early BSD problematic
   ``advertising clause'' (discussion of which is somewhat beyond the scope of
   this tutorial) lives on into current day, simply because while the
   University of California at Berkeley gave unilateral permission to remove
   the clause from \textit{its} copyrighted works, others who adapted the BSD
   license with their own names in place of UC-Berkeley's never have.}.  The
 GPLv1's innovation of reusable licensing infrastructure, an obvious fact
 today, was indeed a novel invention for its day\footnote{We're all just
   grateful that the FSF also opposes business method patents, since the FSF's
   patent on a ``method for reusable licensing infrastructure'' would have
   not expired until 2006!}.
 \section{The GNU General Public License, Version 2}
 The GPLv2 was released two and a half years after GPLv1, and over the
 following sixteen years, it became the standard for copyleft licensing until
 the release of GPLv3 in 2007 (discussed in more detail in the next section).
 While this tutorial does not discuss the terms of GPLv1 in detail, it is
 worth noting below the three key changes that GPLv2 brought:
 \begin{itemize}
 \item Software patents and their danger are explicitly mentioned, inspiring
   (in part) the addition of GPLv2~\S\S5--7.  (These sections are discussed in
   detail in \S~\ref{GPLv2s5}, \S~\ref{GPLv2s6} and \S~\ref{GPLv2s7} of this
   tutorial.)
 \item GPLv2~\S2's copyleft terms are expanded to more explicitly discuss the
   issue of combined works.  (GPLv2~\S2 is discussed in detail in
   \S~\ref{GPLv2s2} in this tutorial).
 \item GPLv2~\S3 includes more detailed requirements, including the phrase
  ``the scripts used to control compilation and installation of the
   executable'', which is a central component of current GPLv2 enforcement.
   (GPLv2~\S3 is discussed in detail in
   \S~\ref{GPLv2s3} in this tutorial).
 \end{itemize}
 The next chapter discusses GPLv2 in full detail, and readers who wish to dive
 into the section-by-section discussion of the GPL should jump ahead now to
 that chapter.  However, the most interesting fact to note here is how GPLv2
 was published with little fanfare and limited commentary.  This contrasts
 greatly with the creation of GPLv3.
 \section{The GNU General Public License, Version 3}
 RMS began drafting GPLv2.2 in mid-2002, and FSF ran a few discussion groups
 during that era about new text of that license.  However, rampant violations
 of the GPL required more immediate attention of FSF's licensing staff, and as
 such, much of the early 2000's was spent doing GPL enforcement
 work\footnote{More on GPL enforcement is discussed in \tutorialpartsplit{a
     companion tutorial, \textit{A Practical Guide to GPL
       Compliance}}{Part~\ref{gpl-compliance-guide} of this tutorial}.}.  In
 , FSF began in earnest drafting work for GPLv3.
 The GPLv3 process began in earnest in January 2006.  It became clear that
 many provisions of the GPL could benefit from modification to fit new
 circumstances and to reflect what the entire community learned from
 experience with version 2.  Given the scale of revision it seems proper to
 approach the work through public discussion in a transparent and accessible
 manner.
 The GPLv3 process continued through June 2007, culminating in publication of
 GPLv3 and LGPLv3 on 29 June 2007, AGPLv3 on 19 November 2007, and the GCC
 Runtime Library Exception on 27 January 2009.
 All told, four discussion drafts of GPLv3, two discussion drafts of LGPLv3
 and two discussion drafts of AGPLv3 were published and discussed.
 Ultimately, FSF remained the final arbiter and publisher of the licenses, and
 RMS himself their primary author, but input was sought from many parties, and
 these licenses do admittedly look and read more like legislation as a result.
 Nevertheless, all of the ``v3'' group are substantially better and improved
 licenses.
 GPLv3 and its terms are discussed in detail in Chapter~\ref{GPLv3}.
 \section{The Innovation of Optional ``Or Any Later'' Version}
 An interesting fact of all GPL licenses is that there are ultimately multiple
 choices for use of the license.  The FSF is the primary steward of GPL (as
 discussed later in \S~\ref{GPLv2s9} and \S~\ref{GPLv3s14}).  However, those
 who wish to license works under GPL are not required to automatically accept
 changes made by the FSF for their own copyrighted works.
 Each licensor may chose three different methods of licensing, as follows:
 \begin{itemize}
 \item explicitly name a single version of GPL for their work (usually
   indicated in shorthand by saying the license is ``GPLv$X$-only''), or
 \item name no version of the GPL, thus they allow their downstream recipients
   to select any version of the GPL they choose (usually indicated in shorthand
   by saying the license is simply ``GPL''), or
 \item name a specific version of GPL and give downstream recipients the
   option to choose that version ``or any later version as published by the
   FSF'' (usually indicated by saying the license is
   ``GPLv$X$-or-later'')\footnote{The shorthand of ``GPL$X+$'' is also popular
     for this situation.  The authors of this tutorial prefer ``-or-later''
     syntax, because it (a) mirrors the words ``or'' and ``later from the
     licensing statement, (b) the $X+$ doesn't make it abundantly clear that
     $X$ is clearly included as a license option and (c) the $+$ symbol has
     other uses in computing (such as with regular expressions) that mean
     something different.}
 \end{itemize}
 \label{license-compatibility-first-mentioned}
 Oddly, this flexibility has received (in the opinion of the authors, undue)
 criticism, primarily because of the complex and oft-debated notion of
 ``license compatibility'' (which is explained in detail in
 \S~\ref{license-compatibility}).  Copyleft licenses are generally
 incompatible with each other, because the details of how they implement
 copyleft differs.  Specifically, copyleft works only because of its
 requirement that downstream licensors use the \textit{same} license for
 combined and modified works.  As such, software licensed under the terms of
 ``GPLv2-only'' cannot be combined with works licensed ``GPLv3-or-later''.
 This is admittedly a frustrating outcome.
 Other copyleft licenses that appeared after GPL, such
 as the Creative Commons ``Share Alike'' licenses, the Eclipse Public License
 and the Mozilla Public License \textbf{require} all copyright holders choosing
 to use any version of those licenses to automatically accept and relicense
 their copyrighted works under new versions.  Of course, Creative Commons, the
 Eclipse Foundation, and the Mozilla Foundation (like the FSF) have generally
 served as excellent stewards of their licenses.  Copyright holders using
 those licenses seems to find it acceptable to fully delegate all future
 licensing decisions for their copyrights to these organizations without a
 second thought.
 However, note that FSF gives herein the control of copyright holders to
 decide whether or not to implicitly trust the FSF in its work of drafting
 future GPL versions.  The FSF, for its part, does encourage copyright holders
 to chose by default ``GPLv$X$-or-later'' (where $X$ is the most recent
 version of the GPL published by the FSF).  However, the FSF \textbf{does not
   mandate} that a choice to use any GPL requires a copyright holder ceding
 its authority for future licensing decisions to the FSF.  In fact, the FSF
 considered this possibility for GPLv3 and chose not to do so, instead opting
 for the third-party steward designation clause discussed in
 Section~\ref{GPLv3s14}.
 \section{Complexities of Two Simultaneously Popular Copylefts}
 Obviously most GPL advocates would prefer widespread migration to GPLv3, and
 many newly formed projects who seek a copyleft license tend to choose a
 GPLv3-based license.  However, many existing copylefted projects continue
 with GPLv2-only or GPLv2-or-later as their default license.
 While GPLv3 introduces many improvements --- many of which were designed to
 increase adoption by for-profit companies --- GPLv2 remains a widely used and
 extremely popular license.  The GPLv2 is, no doubt, a good and useful
 license.
 However, unlike GPLv1 before it,
 GPLv2 remains an integral part of the copyleft licensing infrastructure.  As such, those who seek to have expertise in current
 topics of copyleft licensing need to study both the GPLv2 and GPLv3 family of
 licenses.
 Furthermore, GPLv3 is more easily understood by first studying GPLv2.
 This is not only because of their chronological order, but also because much
 of the discussion material available for GPLv3 tends to talk about GPLv3 in
 contrast to GPLv2.  As such, a strong understanding of GPLv2 helps in
 understanding most of the third-party material found regarding GPLv3.  Thus,
 the following chapter begins a deep discussion of GPLv2.
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \chapter{Running Software and Verbatim Copying}
 \label{run-and-verbatim}
 This chapter begins the deep discussion of the details of the terms of
 GPLv2\@. In this chapter, we consider the first two sections: GPLv2 \S\S
 --2. These are the straightforward sections of the GPL that define the
 simplest rights that the user receives.
 \section{GPLv2~\S0: Freedom to Run}
 \label{GPLv2s0}
 GPLv2~\S0, the opening section of GPLv2, sets forth that copyright law governs
 the work.  It specifically points out that it is the ``copyright
 holder'' who decides if a work is licensed under its terms and explains
 how the copyright holder might indicate this fact.
 A bit more subtly, GPLv2~\S0 makes an inference that copyright law is the only
 system that can restrict the software.  Specifically, it states:
 \begin{quote}
 Activities other than copying, distribution and modification are not
 covered by this License; they are outside its scope.
 \end{quote}
 In essence, the license governs \emph{only} those activities, and all other
 activities are unrestricted, provided that no other agreements trump GPLv2
 (which they cannot; see Sections~\ref{GPLv2s6} and~\ref{GPLv2s7}).  This is
 very important, because the Free Software community heavily supports
 users' rights to ``fair use'' and ``unregulated use'' of copyrighted
 material.  GPLv2 asserts through this clause that it supports users' rights
 to fair and unregulated uses.
 Fair use (called ``fair dealing'' in some jurisdictions) of copyrighted
 material is an established legal doctrine that permits certain activities
 regardless of whether copyright law would otherwise restrict those activities.
 Discussion of the various types of fair use activity are beyond the scope of
 this tutorial.  However, one important example of fair use is the right to
 quote portions of the text in a larger work so as to criticize or suggest
 changes.  This fair use right is commonly used on mailing lists when
 discussing potential improvements or changes to Free Software.
 Fair use is a doctrine established by the courts or by statute.  By
 contrast, unregulated uses are those that are not covered by the statue
 nor determined by a court to be covered, but are common and enjoyed by
 many users.  An example of unregulated use is reading a printout of the
 program's source code like an instruction book for the purpose of learning
 how to be a better programmer.  The right to read something that you have
 access to is and should remain unregulated and unrestricted.
 \medskip
 Thus, the GPLv2 protects users' fair and unregulated use rights precisely by
 not attempting to cover them.  Furthermore, the GPLv2 ensures the freedom
 to run specifically by stating the following:
 \begin{quote}
 ''The act of running the Program is not restricted.''
 \end{quote}
 Thus, users are explicitly given the freedom to run by GPLv2~\S0.
 \medskip
 The bulk of GPLv2~\S0 not yet discussed gives definitions for other terms used
 throughout.  The only one worth discussing in detail is ``work based on
 the Program''.  The reason this definition is particularly interesting is
 not for the definition itself, which is rather straightforward, but
 because it clears up a common misconception about the GPL\@.
 The GPL is often mistakenly criticized because it fails to give a
 definition of ``derivative work'' or ``combined work''.  In fact, it would be incorrect and
 problematic if the GPL attempted to define these terms.  A copyright license, in
 fact, has no control over the rules of copyright themselves.  Such rules are
 the domain of copyright law and the courts --- not the licenses that utilize
 those systems.
 Copyright law as a whole doesn't propose clear and straightforward guidelines
 for identifying the derivative and/or combined works of software.  However,
 no copyright license --- not even the GNU GPL --- can be blamed for this.
 Legislators and court opinions must give us guidance in borderline cases.
 \section{GPLv2~\S1: Verbatim Copying}
 \label{GPLv2s1}
 GPLv2~\S1 covers the matter of redistributing the source code of a program
 exactly as it was received. This section is quite straightforward.
 However, there are a few details worth noting here.
 The phrase ``in any medium'' is important.  This, for example, gives the
 freedom to publish a book that is the printed copy of the program's source
 code.  It also allows for changes in the medium of distribution.  Some
 vendors may ship Free Software on a CD, but others may place it right on
 the hard drive of a pre-installed computer.  Any such redistribution media
 is allowed.
 Preservation of copyright notice and license notifications are mentioned
 specifically in GPLv2~\S1.  These are in some ways the most important part of
 the redistribution, which is why they are mentioned by name.  GPL
 always strives to make it abundantly clear to anyone who receives the
 software what its license is.  The goal is to make sure users know their
 rights and freedoms under GPL, and to leave no reason that users might be
 surprised the software is GPL'd. Thus
 throughout the GPL, there are specific references to the importance of
 notifying others down the distribution chain that they have rights under
 GPL.
 Also mentioned by name is the warranty disclaimer. Most people today do
 not believe that software comes with any warranty.  Notwithstanding the
 \href{http://mlis.state.md.us/2000rs/billfile/hb0019.htm}{Maryland's} and \href{http://leg1.state.va.us/cgi-bin/legp504.exe?001+ful+SB372ER}{Virginia's} UCITA bills, there are few or no implied warranties with software.
 However, just to be on the safe side, GPL clearly disclaims them, and the
 GPL requires re-distributors to keep the disclaimer very visible. (See
 Sections~\ref{GPLv2s11} and~\ref{GPLv2s12} of this tutorial for more on GPL's
 warranty disclaimers.)
 Note finally that GPLv2~\S1 creates groundwork for the important defense of
 commercial freedom.  GPLv2~\S1 clearly states that in the case of verbatim
 copies, one may make money.  Re-distributors are fully permitted to charge
 for the re-distribution of copies of Free Software. In addition, they may
 provide the warranty protection that the GPL disclaims as an additional
 service for a fee. (See Section~\ref{Business Models} for more discussion
 on making a profit from Free Software redistribution.)
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \chapter{Derivative Works: Statute and Case Law}
 \label{derivative-works}
 We digress for this chapter from our discussion of GPL's exact text to
 consider the matter of derivative works --- a concept that we must
 understand fully before considering GPLv2~\S\S2--3\@. The GPL, and Free
 Software licensing in general, relies critically on the concept of
 ``derivative work'' since software that is ``independent,'' (i.e., not
 ``derivative'') of Free Software need not abide by the terms of the
 applicable Free Software license. As much is required by \S~106 of the
 Copyright Act, 17 U.S.C. \S~106 (2002), and admitted by Free Software
 licenses, such as the GPL, which (as we have seen) states in GPLv2~\S0 that ``a
 `work based on the Program' means either the Program or any derivative
 work under copyright law.'' It is being a derivative work of Free Software
 that triggers the necessity to comply with the terms of the Free Software
 license under which the original work is distributed. Therefore, one is
 left to ask, just what is a ``derivative work''? The answer to that
 question differs depending on which court is being asked.
 The analysis in this chapter sets forth the differing definitions of
 derivative work by the circuit courts. The broadest and most
 established definition of derivative work for software is the
 abstraction, filtration, and comparison test (``the AFC test'') as
 created and developed by the Second Circuit. Some circuits, including
 the Ninth Circuit and the First Circuit, have either adopted narrower
 versions of the AFC test or have expressly rejected the AFC test in
 favor of a narrower standard. Further, several other circuits have yet
 to adopt any definition of derivative work for software.
 As an introductory matter, it is important to note that literal copying of
 a significant portion of source code is not always sufficient to establish
 that a second work is a derivative work of an original
 program. Conversely, a second work can be a derivative work of an original
 program even though absolutely no copying of the literal source code of
 the original program has been made. This is the case because copyright
 protection does not always extend to all portions of a program's code,
 while, at the same time, it can extend beyond the literal code of a
 program to its non-literal aspects, such as its architecture, structure,
 sequence, organization, operational modules, and computer-user interface.
 \section{The Copyright Act}
 The copyright act is of little, if any, help in determining the definition
 of a derivative work of software. However, the applicable provisions do
 provide some, albeit quite cursory, guidance. Section 101 of the Copyright
 Act sets forth the following definitions:
 \begin{quotation}
 A ``computer program'' is a set of statements or instructions to be used
 directly or indirectly in a computer in order to bring about a certain
 result.
 A ``derivative work'' is a work based upon one or more preexisting works,
 such as a translation, musical arrangement, dramatization,
 fictionalization, motion picture version, sound recording, art
 reproduction, abridgment, condensation, or any other form in which a work
 may be recast, transformed, or adapted. A work consisting of editorial
 revisions, annotations, elaborations, or other modifications which, as a
 whole, represent an original work of authorship, is a ``derivative work.''
 \end{quotation}
 These are the only provisions in the Copyright Act relevant to the
 determination of what constitutes a derivative work of a computer
 program. Another provision of the Copyright Act that is also relevant to
 the definition of derivative work is \S~102(b), which reads as follows:
 \begin{quotation}
 In no case does copyright protection for an original work of authorship
 extend to any idea, procedure, process, system, method of operation,
 concept, principle, or discovery, regardless of the form in which it is
 described, explained, illustrated, or embodied in such work.
 \end{quotation}
 Therefore, before a court can ask whether one program is a derivative work
 of another program, it must be careful not to extend copyright protection
 to any ideas, procedures, processes, systems, methods of operation,
 concepts, principles, or discoveries contained in the original program. It
 is the implementation of this requirement to ``strip out'' unprotectable
 elements that serves as the most frequent issue over which courts
 disagree.
 \section{Abstraction, Filtration, Comparison Test}
 As mentioned above, the AFC test for determining whether a computer
 program is a derivative work of an earlier program was created by the
 Second Circuit and has since been adopted in the Fifth, Tenth, and
 Eleventh Circuits. Computer Associates Intl., Inc. v. Altai, Inc., 982
 F.2d 693 (2nd Cir. 1992); Engineering Dynamics, Inc. v. Structural
 Software, Inc., 26 F.3d 1335 (5th Cir. 1994); Kepner-Tregoe,
 Inc. v. Leadership Software, Inc., 12 F.3d 527 (5th Cir. 1994); Gates
 Rubber Co. v. Bando Chem. Indust., Ltd., 9 F.3d 823 (10th Cir. 1993);
 Mitel, Inc. v. Iqtel, Inc., 124 F.3d 1366 (10th Cir. 1997); Bateman
 v. Mnemonics, Inc., 79 F.3d 1532 (11th Cir. 1996); and, Mitek Holdings,
 Inc. v. Arce Engineering Co., Inc., 89 F.3d 1548 (11th Cir. 1996).
 Under the AFC test, a court first abstracts from the original program its
 constituent structural parts. Then, the court filters from those
 structural parts all unprotectable portions, including incorporated ideas,
 expression that is necessarily incidental to those ideas, and elements
 that are taken from the public domain. Finally, the court compares any and
 all remaining kernels of creative expression to the structure of the
 second program to determine whether the software programs at issue are
 substantially similar so as to warrant a finding that one is the
 derivative work of the other.
 Often, the courts that apply the AFC test will perform a quick initial
 comparison between the entirety of the two programs at issue in order to
 help determine whether one is a derivative work of the other. Such a
 holistic comparison, although not a substitute for the full application of
 the AFC test, sometimes reveals a pattern of copying that is not otherwise
 obvious from the application of the AFC test when, as discussed below,
 only certain components of the original program are compared to the second
 program. If such a pattern is revealed by the quick initial comparison,
 the court is more likely to conclude that the second work is indeed a
 derivative of the original.
 \subsection{Abstraction}
 The first step courts perform under the AFC test is separation of the
 work's ideas from its expression. In a process akin to reverse
 engineering, the courts dissect the original program to isolate each level
 of abstraction contained within it. Courts have stated that the
 abstractions step is particularly well suited for computer programs
 because it breaks down software in a way that mirrors the way it is
 typically created. However, the courts have also indicated that this step
 of the AFC test requires substantial guidance from experts, because it is
 extremely fact and situation specific.
 By way of example, one set of abstraction levels is, in descending order
 of generality, as follows: the main purpose, system architecture, abstract
 data types, algorithms and data structures, source code, and object
 code. As this set of abstraction levels shows, during the abstraction step
 of the AFC test, the literal elements of the computer program, namely the
 source and object code, are defined as particular levels of
 abstraction. Further, the source and object code elements of a program are
 not the only elements capable of forming the basis for a finding that a
 second work is a derivative of the program. In some cases, in order to
 avoid a lengthy factual inquiry by the court, the owner of the copyright in
 the original work will submit its own list of what it believes to be the
 protected elements of the original program. In those situations, the court
 will forgo performing its own abstraction, and proceed to the second step of
 the AFC test.
 \subsection{Filtration}
 The most difficult and controversial part of the AFC test is the second
 step, which entails the filtration of protectable expression contained in
 the original program from any unprotectable elements nestled therein. In
 determining which elements of a program are unprotectable, courts employ a
 myriad of rules and procedures to sift from a program all the portions
 that are not eligible for copyright protection.
 First, as set forth in \S~102(b) of the Copyright Act, any and all ideas
 embodied in the program are to be denied copyright protection. However,
 implementing this rule is not as easy as it first appears. The courts
 readily recognize the intrinsic difficulty in distinguishing between ideas
 and expression and that, given the varying nature of computer programs,
 doing so will be done on an ad hoc basis. The first step of the AFC test,
 the abstraction, exists precisely to assist in this endeavor by helping
 the court separate out all the individual elements of the program so that
 they can be independently analyzed for their expressive nature.
 A second rule applied by the courts in performing the filtration step of
 the AFC test is the doctrine of merger, which denies copyright protection
 to expression necessarily incidental to the idea being expressed. The
 reasoning behind this doctrine is that when there is only one way to
 express an idea, the idea and the expression merge, meaning that the
 expression cannot receive copyright protection due to the bar on copyright
 protection extending to ideas. In applying this doctrine, a court will ask
 whether the program's use of particular code or structure is necessary for
 the efficient implementation of a certain function or process. If so, then
 that particular code or structure is not protected by copyright and, as a
 result, it is filtered away from the remaining protectable expression.
 A third rule applied by the courts in performing the filtration step of
 the AFC test is the doctrine of scenes a faire, which denies copyright
 protection to elements of a computer program that are dictated by external
 factors. Such external factors can include:
 \begin{itemize}
   \item The mechanical
 specifications of the computer on which a particular program is intended
 to operate
   \item Compatibility requirements of other programs with which a
 program is designed to operate in conjunction
   \item Computer manufacturers'
 design standards
   \item Demands of the industry being serviced, and widely accepted programming practices within the computer industry
 \end{itemize}
 Any code or structure of a program that was shaped predominantly in
 response to these factors is filtered out and not protected by
 copyright. Lastly, elements of a computer program are also to be filtered
 out if they were taken from the public domain or fail to have sufficient
 originality to merit copyright protection.
 Portions of the source or object code of a computer program are rarely
 filtered out as unprotectable elements. However, some distinct parts of
 source and object code have been found unprotectable. For example,
 constants, the invariable integers comprising part of formulas used to
 perform calculations in a program, are unprotectable. Further, although
 common errors found in two programs can provide strong evidence of
 copying, they are not afforded any copyright protection over and above the
 protection given to the expression containing them.
 \subsection{Comparison}
 The third and final step of the AFC test entails a comparison of the
 original program's remaining protectable expression to a second
 program. The issue will be whether any of the protected expression is
 copied in the second program and, if so, what relative importance the
 copied portion has with respect to the original program overall. The
 ultimate inquiry is whether there is ``substantial'' similarity between
 the protected elements of the original program and the potentially
 derivative work. The courts admit that this process is primarily
 qualitative rather than quantitative and is performed on a case-by-case
 basis. In essence, the comparison is an ad hoc determination of whether
 the protectable elements of the original program that are contained in the
 second work are significant or important parts of the original program. If
 so, then the second work is a derivative work of the first. If, however,
 the amount of protectable elements copied in the second work are so small
 as to be de minimis, then the second work is not a derivative work of the
 original.
 \section{Analytic Dissection Test}
 The Ninth Circuit has adopted the analytic dissection test to determine
 whether one program is a derivative work of another. Apple Computer,
 Inc. v. Microsoft Corp., 35 F.3d 1435 (9th Cir. 1994). The analytic
 dissection test first considers whether there are substantial similarities
 in both the ideas and expressions of the two works at issue. Once the
 similar features are identified, analytic dissection is used to determine
 whether any of those similar features are protected by copyright. This
 step is the same as the filtration step in the AFC test. After identifying
 the copyrightable similar features of the works, the court then decides
 whether those features are entitled to ``broad'' or ``thin''
 protection. ``Thin'' protection is given to non-copyrightable facts or
 ideas that are combined in a way that affords copyright protection only
 from their alignment and presentation, while ``broad'' protection is given
 to copyrightable expression itself. Depending on the degree of protection
 afforded, the court then sets the appropriate standard for a subjective
 comparison of the works to determine whether, as a whole, they are
 sufficiently similar to support a finding that one is a derivative work of
 the other. ``Thin'' protection requires the second work be virtually
 identical in order to be held a derivative work of an original, while
 ``broad'' protection requires only a ``substantial similarity.''
 \section{No Protection for ``Methods of Operation''}
 The First Circuit has taken the position that the AFC test is inapplicable
 when the works in question relate to unprotectable elements set forth in
 \S~102(b).  Their approach results in a much narrower definition
 of derivative work for software in comparison to other circuits. Specifically,
 the
 First Circuit holds that ``method of operation,'' as used in \S~102(b) of
 the Copyright Act, refers to the means by which users operate
 computers. Lotus Development Corp. v. Borland Int'l., Inc., 49 F.3d 807
 (1st Cir. 1995).  In Lotus, the court held that a menu command
 hierarchy for a computer program was uncopyrightable because it did not
 merely explain and present the program's functional capabilities to the
 user, but also served as a method by which the program was operated and
 controlled. As a result, under the First Circuit's test, literal copying
 of a menu command hierarchy, or any other ``method of operation,'' cannot
 form the basis for a determination that one work is a derivative of
 another.  As a result, courts in the First Circuit that apply the AFC test
 do so only after applying a broad interpretation of \S~102(b) to filter out
 unprotected elements. E.g., Real View, LLC v. 20-20 Technologies, Inc.,
 F. Supp.2d 147, 154 (D. Mass. 2010).
 \section{No Test Yet Adopted}
 Several circuits, most notably the Fourth and Seventh, have yet to
 declare their definition of derivative work and whether or not the
 AFC, Analytic Dissection, or some other test best fits their
 interpretation of copyright law. Therefore, uncertainty exists with
 respect to determining the extent to which a software program is a
 derivative work of another in those circuits. However, one may presume
 that they would give deference to the AFC test since it is by far the
 majority rule among those circuits that have a standard for defining
 a software derivative work.
 \section{Cases Applying Software Derivative Work Analysis}
 In the preeminent case regarding the definition of a derivative work for
 software, Computer Associates v. Altai, the plaintiff alleged that its
 program, Adapter, which was used to handle the differences in operating
 system calls and services, was infringed by the defendant's competitive
 program, Oscar. About 30\% of Oscar was literally the same code as
 that in Adapter. After the suit began, the defendant rewrote those
 portions of Oscar that contained Adapter code in order to produce a new
 version of Oscar that was functionally competitive with Adapter, without
 having any literal copies of its code. Feeling slighted still, the
 plaintiff alleged that even the second version of Oscar, despite having no
 literally copied code, also infringed its copyrights. In addressing that
 question, the Second Circuit promulgated the AFC test.
 In abstracting the various levels of the program, the court noted a
 similarity between the two programs' parameter lists and macros. However,
 following the filtration step of the AFC test, only a handful of the lists
 and macros were protectable under copyright law because they were either
 in the public domain or required by functional demands on the
 program. With respect to the handful of parameter lists and macros that
 did qualify for copyright protection, after performing the comparison step
 of the AFC test, it was reasonable for the district court to conclude that
 they did not warrant a finding of infringement given their relatively minor
 contribution to the program as a whole. Likewise, the similarity between
 the organizational charts of the two programs was not substantial enough
 to support a finding of infringement because they were too simple and
 obvious to contain any original expression.
 In the case of Oracle America v. Google, 872 F. Supp.2d 974 (N.D. Cal. 2012),
 the Northern District of California District Court examined the question of
 whether the application program interfaces (APIs) associated with the Java
 programming language are entitled to copyright protection.  While the
 court expressly declined to rule whether all APIs are free to use without
 license (872 F. Supp.2d 974 at 1002), the court held that the command
 structure and taxonomy of the APIs were not protectable under copyright law.
 Specifically, the court characterized the command structure and taxonomy as
 both a ``method of operation'' (using an approach not dissimilar to the
 First Circuit's analysis in Lotus) and a ``functional requirement for
 compatibility'' (using Sega v. Accolade, 977 F.2d 1510 (9th Cir. 1992) and
 Sony Computer Ent. v. Connectix, 203 F.3d 596 (9th Cir. 2000) as analogies),
 and thus unprotectable subject matter under \S~102(b).
 Perhaps not surprisingly, there have been few other cases involving a highly
 detailed software derivative work analysis. Most often, cases involve
 clearer basis for decision, including frequent bad faith on the part of
 the defendant or over-aggressiveness on the part of the plaintiff.
 \section{How Much Do Derivative Works Matter?}
 It is certainly true that GPL intends for any work that is determined a
 ``derivative work'' under copyright law must be licensed as a whole under
 GPL\@, as will be discussed in the following chapter.  However, as we finish
 up our discussion derivative works, we must note that preparation of a
 derivative work is by far not the only way to create a new work covered by
 GPL\@.
 In fact, while derivative work preparation is perhaps the most exciting area
 of legal issues to consider, the more mundane ways to create a new work
 covered by GPL are much more common.  For example, copyright statutes
 generally require permission from the copyright holder to grant explicit
 permission to modify a work in any manner.  As discussed in the next chapter,
 the GPL {\em does} grants such permission, but requires the modified work must
 also be licensed under the terms of the GPL (and only GPL:
 see\S~\label{GPLv2s6} in this tutorial).  Determining whether software was
 modified is a substantially easier analysis than the derivative work
 discussions and considerations in this chapter.
 The question of derivative works, when and how they are made, is undoubtedly
 an essential discussion in the interpretation and consideration of copyleft.
 That is why this chapter was included in this tutorial.  However, as we
 return from this digression and resume discussion of the detailed text of the
 GPLv2, we must gain a sense of perspective: most GPL questions center around
 questions of modification and distribution, not preparation of derivative
 works.  Derivative work preparation is ultimately a small subset of the types
 of modified versions of the software a developer might create, thus, while an
 excessive focus on derivative works indulges us in the more exciting areas of
 copyleft, we must keep a sense of perspective regarding their relative
 importance.
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \chapter{Modified Source and Binary Distribution}
 \label{source-and-binary}
 In this chapter, we discuss the two core sections that define the rights
 and obligations for those who modify, improve, and/or redistribute GPL'd
 software. These sections, GPLv2~\S\S2--3, define the central core rights and
 requirements of GPLv2\@.
 \section{GPLv2~\S2: Share and Share Alike}
 \label{GPLv2s2}
 For many, this is where the ``magic'' happens that defends software
 freedom upon redistribution.  GPLv2~\S2 is the only place in GPLv2
 that governs the modification controls of copyright law.  If users
 distribute modified versions a GPLv2'd program, they must follow the terms of GPLv2~\S2 in making
 those changes.  Thus, this sections ensures that the body of GPL'd software, as it
 continues and develops, remains Free as in freedom.
 To achieve that goal, GPLv2~\S2 first sets forth that the rights of
 redistribution of modified versions are the same as those for verbatim
 copying, as presented in GPLv2~\S1.  Therefore, the details of charging money,
 keeping copyright notices intact, and other GPLv2~\S1 provisions are intact
 here as well.  However, there are three additional requirements.
 The first (GPLv2~\S2(a)) requires that modified files carry ``prominent
 notices'' explaining what changes were made and the date of such
 changes. This section does not prescribe some specific way of
 marking changes nor does it control the process of how changes are made.
 Primarily, GPLv2~\S2(a) seeks to ensure that those receiving modified
 versions know the history of changes to the software.  For some users,
 it is important to know that they are using the standard version of
 program, because while there are many advantages to using a fork,
 there are a few disadvantages.  Users should be informed about the
 historical context of the software version they use, so that they can
 make proper support choices.  Finally, GPLv2~\S2(a) serves an academic
 purpose --- ensuring that future developers can use a diachronic
 approach to understand the software.
 \medskip
 The second requirement (GPLv2~\S2(b)) contains the four short lines that embody
 the legal details of ``share and share alike''.  These 46 words are
 considered by some to be the most worthy of careful scrutiny because
 GPLv2~\S2(b), and they
 can be a source of great confusion when not properly understood.
 In considering GPLv2~\S2(b), first note the qualifier: it \textit{only} applies to
 derivative, combined and/or modified works that ``you distribute or publish''.  Despite years of
 education efforts on this matter, many still believe that modifiers
 of GPL'd software \textit{must} publish or otherwise
 share their changes.  On the contrary, GPLv2~\S2(b) {\bf does not apply if} the
 changes are never distributed.  Indeed, the freedom to make private,
 personal, unshared changes to software for personal use only should be
 protected and defended.\footnote{Most Free Software enthusiasts believe there is a {\bf
     moral} obligation to redistribute changes that are generally useful,
   and they often encourage companies and individuals to do so.  However, there
   is a clear distinction between what one {\bf ought} to do and what one
   {\bf must} do.}
 Next, we again encounter the same matter that appears in GPLv2~\S0, in the
 following text:
 \begin{quote}
 ``...that in whole or part contains or is derived from the Program or any part thereof.''
 \end{quote}
 Again, the GPL relies here on copyright law.
 If, under copyright law, the modified version ``contains or is
 derived from'' the GPL'd software, then the requirements of GPLv2~\S2(b)
 apply.  The GPL invokes its control as a copyright license over the
 modification of the work in combination with its control over distribution
 of the work.
 The final clause of GPLv2~\S2(b) describes what the licensee must do if she
 distributes or publishes a modified version of the work --- namely, the following:
 \begin{quote}
 [The work must] be licensed as a whole at no charge to all third parties
 under the terms of this License.
 \end{quote}
 That is probably the most tightly-packed phrase in all of the GPL\@.
 Consider each subpart carefully.
 The work ``as a whole'' is what is to be licensed. This is an important
 point that GPLv2~\S2 spends an entire paragraph explaining; thus this phrase is
 worthy of a lengthy discussion here.  As a programmer modifies a software
 program, she generates new copyrighted material --- fixing expressions of
 ideas into the tangible medium of electronic file storage.  That
 programmer is indeed the copyright holder of those new changes.  However,
 those changes are part and parcel to the original work distributed to
 the programmer under GPL\@. Thus, the license of the original work

0 comments (0 inline, 0 general)