Copyleft/guide Changeset - 467a23152a9a

Changeset - 467a23152a9a

Parent rev.

Child rev.

[Not reviewed]

0 4 0

Bradley Kuhn (bkuhn) - 10 years ago 2014-11-06 21:59:48
bkuhn@ebb.org

Copyright notice updates.

Joshua Gay made contributions to all the files earlier in 2014 (see git
log) which were copyrighted by the FSF, so FSF's copyright needs
refreshed to include this year.

Denver recently added a section to the enforcement-case-studies.tex, so
his copyright notice needs to go there and at the top file.

I made changes to enforcement-case-studies.tex on top of Denver's.

Also, remove commented-out copyright notices -- the ones in the actual
text are now primary and should be maintained directly.

4 files changed with 7 insertions and 7 deletions:

compliance-guide.tex

comprehensive-gpl-guide.tex

enforcement-case-studies.tex

gpl-lgpl.tex

0 comments (0 inline, 0 general)

compliance-guide.tex

➞

Show inline comments

 % compliance-guide.tex                            -*- LaTeX -*-
 \part{A Practical Guide to GPL Compliance}
 \label{gpl-compliance-guide}
 {\parindent 0in
 This part is: \\
 \begin{tabbing}
 Copyright \= \copyright{} 2014 \= \hspace{.2in} Bradley M. Kuhn. \\
 Copyright \= \copyright{} 2014 \= \hspace{.2in} Free Software Foundation, Inc. \\
 Copyright \> \copyright{} 2008 \> \hspace{.2in} Software Freedom Law Center. \\
 \end{tabbing}
 \vspace{1in}
 \begin{center}
 Authors of this part are: \\
 Bradley M. Kuhn \\
 Aaron Williamson \\
 Karen M. Sandler \\
 \vspace{1in}
 Copy editors of this part include: \\
 Martin Michlmayr
 \vspace{3in}
 The copyright holders of this part hereby grant the freedom to copy, modify,
 convey, Adapt, and/or redistribute this work under the terms of the Creative
 Commons Attribution Share Alike 4.0 International License.  A copy of that
 license is available at
 \verb=https://creativecommons.org/licenses/by-sa/4.0/legalcode=.
 \end{center}
+}
 \bigskip
 \chapter*{Executive Summary}
 This is a guide to effective compliance with the GNU General Public
 License (GPL) and related licenses.  Copyleft advocates
 usually seek to assist the community with
 GPL compliance cooperatively.   This guide focuses on complying from the
 start, so that readers can learn to avoid enforcement actions entirely, or, at
 least, minimize  the negative impact when enforcement actions occur.
 This guide  introduces and explains basic legal concepts related to the GPL and its
 enforcement by copyright holders. It also outlines business practices and
 methods that lead to better GPL compliance.  Finally, it recommends proper
 post-violation responses to the concerns of copyright holders.
 \chapter{Background}
 Early GPL enforcement efforts began soon after the GPL was written by
 Richard M.~Stallman (RMS) in 1989, and consisted of informal community efforts,
 often in public Usenet discussions.\footnote{One example is the public
   outcry over NeXT's attempt to make the Objective-C front-end to GCC
   proprietary.  RMS, in fact, handled this enforcement action personally and
   the Objective-C front-end is still part of upstream GCC today.}  Over the next decade, the Free Software Foundation (FSF),
 which holds copyrights in many GNU programs, was the only visible entity
 actively enforcing its GPL'd copyrights on behalf of the software freedom
 community.
 FSF's enforcement
 was generally a private process; the FSF contacted violators
 confidentially and helped them to comply with the license.  Most
 violations were pursued this way until the early 2000's.
 By that time, Linux-based systems such as GNU/Linux and BusyBox/Linux had become very common, particularly in
 embedded devices such as wireless routers.  During this period, public
 ridicule of violators in the press and on Internet fora supplemented
 ongoing private enforcement and increased pressure on businesses to
 comply.  In 2003, the FSF formalized its efforts into the GPL Compliance
 Lab, increased the volume of enforcement, and built community coalitions
 to encourage copyright holders to together settle amicably with violators.
 Beginning in 2004, Harald Welte took a more organized public enforcement
 approach and launched \verb0gpl-violations.org0, a website and mailing
 list for collecting reports of GPL violations.  On the basis of these
 reports, Welte successfully pursued many enforcements in Europe, including
 formal legal action.  Harald earns the permanent fame as the first copyright
 holder to bring legal action in a court regarding GPL compliance.
 In 2007, two copyright holders in BusyBox, in conjunction with the
 Software Freedom Conservancy (``Conservancy''), filed the first copyright infringement lawsuit
 based on a violation of the GPL\@ in the USA. While  lawsuits are of course
 quite public, the vast majority of Conservancy's enforcement actions
 are resolved privately via
 cooperative communications with violators.  As both FSF and Conservancy have worked to bring
 individual companies into compliance, both organizations have encountered numerous
 violations resulting from preventable problems such as inadequate
 attention to licensing of upstream software, misconceptions about the
 GPL's terms, and poor communication between software developers and their
 management.  This document highlights these problems and describe
 best practices to encourage corporate Free Software users to reevaluate their
 approach to GPL'd software and avoid future violations.
 Both FSF and Conservancy continue GPL enforcement and compliance efforts
 for software under the GPL, the GNU Lesser
 Public License (LGPL) and other copyleft licenses.  In doing so, both organizations have
 found that most violations stem from a few common, avoidable mistakes.  All copyleft advocates  hope to educate the community of
 commercial distributors, redistributors, and resellers on how to avoid
 violations in the first place, and to respond adequately and appropriately
 when a violation occurs.
 \chapter{Best Practices to Avoid Common Violations}
 \label{best-practices}
 Unlike highly permissive licenses (such as the ISC license), which
 typically only require preservation of copyright notices, licensees face many
 important requirements from the GPL.  These requirements are
 carefully designed to uphold certain values and standards of the software
 freedom community.  While the GPL's requirements may initially appear
 counter-intuitive to those more familiar with proprietary software
 licenses, by comparison, its terms are in fact clear and quite favorable to
 licensees.  Indeed, the GPL's terms actually simplify compliance when
 violations occur.
 GPL violations occur (or, are compounded) most often when companies lack sound
 practices for the incorporation of GPL'd components into their
 internal development environment.  This section introduces some best
 practices for software tool selection, integration and distribution,
 inspired by and congruent with software freedom methodologies.  Companies should
 establish such practices before building a product based on GPL'd
 software.\footnote{This document addresses compliance with GPLv2,
   GPLv3, LGPLv2, and LGPLv3.  Advice on avoiding the most common
   errors differs little for compliance with these four licenses.
   \S~\ref{lgpl} discusses the key differences between GPL and LGPL
   compliance.}
 \section{Evaluate License Applicability}
 \label{derivative-works}
 Political discussion about the GPL often centers around the ``copyleft''
 requirements of the license.  Indeed, the license was designed primarily
 to embody this licensing feature.  Most companies adding non-trivial
 features (beyond mere porting and bug-fixing) to GPL'd software (and
 thereby invoking these requirements) are already well aware of their
 more complex obligations under the license.\footnote{There has been much legal
   discussion regarding copyleft and derivative works.  In practical
   reality, this issue is not relevant to the vast majority of companies
   distributing GPL'd software.  Those interested in this issue should study
   \tutorialpartsplit{\textit{Detailed Analysis of the GNU GPL and Related
       Licenses}'s Section on derivative works}{\S~\ref{derivative-works} of
     this tutorial}.}
 However, experienced  GPL enforcers find that few redistributors'
 compliance challenges relate directly to combined work issues in copyleft.
 Instead, the distributions of GPL'd
 systems most often encountered typically consist of a full operating system
 including components under the GPL (e.g., Linux, BusyBox) and components
 under the LGPL (e.g., the GNU C Library).  Sometimes, these programs have
 been patched or slightly improved by direct modification of their sources,
 and thus the result is unequivocally a modified version.  Alongside these programs,
 companies often distribute fully independent, proprietary programs,
 developed from scratch, which are designed to run on the Free Software operating
 system but do not combine with, link to, modify, derive from, or otherwise
 create a combined work with
 the GPL'd components.\footnote{However, these programs do often combine
   with LGPL'd libraries. This is discussed in detail in \S~\ref{lgpl}.}
 In the latter case, where the work is unquestionably a separate work of
 creative expression, no copyleft provisions are invoked.
 The core compliance issue faced, thus, in such a situation, is not an discussion of what is or is not a
 combined, derivative, and/or modified version of the work, but rather, issues related to distribution and
 conveyance of binary works based on GPL'd source, but without Complete,
 Corresponding Source.  This tutorial therefore focuses primarily on that issue.
 Admittedly, a tiny
 minority of compliance situations relate to question of derivative,
 combined, or modified versions of the work.  Those
 situations are so rare, and the details from situation to situation differ
 greatly.  Thus, such situations require a highly
 fact-dependent analysis and cannot be addressed in a general-purpose
 document such as this one.
 \medskip
 Most companies accused of violations lack a basic understanding
 of how to comply even in the straightforward scenario.  This document
 provides those companies with the fundamental and generally applicable prerequisite knowledge.
 For answers to rarer and more complicated legal questions, such as whether
 your software is a derivative or combined work of some copylefted software, consult
 with an attorney.\footnote{If you would like more information on the
   application of derivative works doctrine to software, a detailed legal
   discussion is presented in our colleague Dan Ravicher's article,
   \textit{Software Derivative Work: A Circuit Dependent Determination} and in
   \tutorialpartsplit{\textit{Detailed Analysis of the GNU GPL and Related
       Licenses}'s Section on derivative works}{\S~\ref{derivative-works} of
     this tutorial}.}
 This discussion thus assumes that you have already identified the
 ``work'' covered by the license, and that any components not under the GPL
 (e.g., applications written entirely by your developers that merely happen
 to run on a Linux-based operating system) distributed in conjunction with
 those works are separate works within the meaning of copyright law and the GPL\@.  In
 such a case, the GPL requires you to provide complete corresponding
 source (CCS)\footnote{For more on CCS,  see
 \tutorialpartsplit{\textit{Detailed Analysis of the GNU GPL and Related
       Licenses}'s Section on GPLv2~\S2 and GPLv3~\S1.}{\S~\ref{GPLv2s2} and \S~\ref{GPLv3s1} of
     this tutorial}.}
 for the GPL'd components and your modifications thereto, but not
 for independent proprietary applications.  The procedures described in
 this document address this typical scenario.
 \section{Monitor Software Acquisition}
 Software engineers deserve the freedom to innovate and import useful
 software components to improve products.  However, along with that
 freedom should come rules and reporting procedures to make sure that you
 are aware of what software that you include with your product.
 The most typical response to an initial enforcement action is: ``We
 didn't know there was GPL'd stuff in there''.  This answer indicates
 failure in the software acquisition and procurement process.  Integration
 of third-party proprietary software typically requires a formal
 arrangement and management/legal oversight before the developers
 incorporate the software.  By contrast, developers often obtain and
 integrate Free Software without intervention nor oversight. That ease of acquisition, however,
 does not mean the oversight is any less necessary.  Just as your legal
 and/or management team negotiates terms for inclusion of any proprietary
 software, they should gently facilitate all decisions to bring Free Software into your
 product.
 Simple, engineering-oriented rules help provide a stable foundation for
 Free Software integration.  For example, simply ask your software developers to send an email to a
 standard place describing each new Free Software component they add to the system,
 and have them include a brief description of how they will incorporate it
 into the product.  Further, make sure developers use a revision control
 system (such as Git or Mercurial), and
 store the upstream versions of all software in a ``vendor branch'' or
 similar mechanism, whereby they can easily track and find the main version
 of the software and, separately, any local changes.
 Such procedures are best instituted at your project's launch.  Once
 chaotic and poorly-sourced development processes begin, cataloging the
 presence of GPL'd components  becomes challenging.
 Such a situation often requires use of a tool to ``catch up'' your knowledge
 about what software your product includes.  Most commonly, companies choose
 some software licensing scanning tool to inspect the codebase.  However,
 there are few tools that are themselves Free Software.  Thus, GPL enforcers
 usually recommend the GPL'd
 \href{http://fossology.org/}{FOSSology system}, which analyzes a
 source code base and produces a list of Free Software licenses that may apply to
 the code.  FOSSology can help you build a catalog of the sources you have
 already used to build your product.  You can then expand that into a more
 structured inventory and process.
 \section{Track Your Changes and Releases}
 As explained in further detail below, the most important component of GPL
 compliance is the one most often ignored: proper inclusion of CCS in all
 distributions  of GPL'd
 software.  To comply with GPL's CCS requirements, the distributor
 \textit{must} always know precisely what sources generated a given binary
 distribution.
 In an unfortunately large number of our enforcement cases, the violating
 company's engineering team had difficulty reconstructing the CCS
 for binaries distributed by the company.  Here are three simple rules to
 follow to decrease the likelihood of this occurrence:
 \begin{itemize}
 \item Ensure that your
 developers are using revision control systems properly.
 \item Have developers mark or ``tag'' the full source tree corresponding to
   builds distributed to customers.
 \item Check that your developers store all parts of the software
 development in the revision control system, including {\sc readme}s, build
 scripts, engineers' notes, and documentation.
 \end{itemize}
 Your developers will benefit anyway from these rules.  Developers will be
 happier in their jobs if their tools already track the precise version of
 source that corresponds to any deployed binary.
 \section{Avoid the ``Build Guru''}
 Too many software projects rely on only one or a very few team members who
 know how to build and assemble the final released product.  Such knowledge
 centralization not only creates engineering redundancy issues, but also
 thwarts GPL compliance.  Specifically, CCS does not just require source code,
 but scripts and other material that explain how to control compilation and
 installation of the executable and object code.
 Thus, avoid relying on a ``build guru'', a single developer who is the only one
 who knows how to produce your final product. Make sure the build process
 is well defined.  Train every developer on the build process for the final
 binary distribution, including (in the case of embedded software)
 generating a final firmware image suitable for distribution to the
 customer.  Require developers to use revision control for build processes.
 Make a rule that adding new components to the system without adequate
 build instructions (or better yet, scripts) is unacceptable engineering
 practice.
 \chapter{Details of Compliant Distribution}
 This section explains the specific requirements placed upon
 distributors of GPL'd software.  Note that this section refers heavily to
 specific provisions and language in
 \href{http://www.gnu.org/licenses/old-licenses/gpl-2.0.html#section3}{GPLv2}
 and \href{http://www.fsf.org/licensing/licenses/gpl.html#section6}{GPLv3}.
 It may be helpful to have a copy of each license open while reading this
 section.
 \section{Binary Distribution Permission}
 \label{binary-distribution-permission}
 % be careful below, you cannot refill the \if section, so don't refill
 % this paragraph without care.
 The various versions of the GPL are copyright licenses that grant
 permission to make certain uses of software that are otherwise restricted
 by copyright law.  This permission is conditioned upon compliance with the
 GPL's requirements.
 This section walks through the requirements (of both GPLv2 and GPLv3) that
 apply when you distribute GPL'd programs in binary (i.e., executable or
 object code) form, which is typical for embedded applications.  Because a
 binary application derives from a program's original sources, you need
 permission from the copyright holder to distribute it.  \S~3 of GPLv2 and
 \S~6 of GPLv3 contain the permissions and conditions related to binary
 distributions of GPL'd programs.\footnote{These sections cannot be fully
   understood in isolation; read the entire license thoroughly before
   focusing on any particular provision.  However, once you have read and
   understood the entire license, look to these sections to guide
   compliance for binary distributions.}
 GPL's binary distribution sections offer a choice of compliance methods,
 each of which we consider in turn.  Each option refers to the
 ``Corresponding Source'' code for the binary distribution, which includes
 the source code from which the binary was produced.  This abbreviated and
 simplified definition is sufficient for the binary distribution discussion
 in this section, but you may wish to refer back to this section after
 reading the thorough discussion of ``Corresponding Source'' that appears
 in \S~\ref{corresponding-source}.
 \subsection{Option (a): Source Alongside Binary}
 GPLv2~\S~3(a) and v3~\S~6(a) embody the easiest option for providing
 source code: including Corresponding Source with every binary
 distribution.  While other options appear initially less onerous, this
 option invariably minimizes potential compliance problems, because when
 you distribute Corresponding Source with the binary, \emph{your GPL
   obligations are satisfied at the time of distribution}.  This is not
 true of other options, and for this reason, we urge you to seriously
 consider this option.  If you do not, you may extend the duration of your
 obligations far beyond your last binary distribution.
 Compliance under this option is straightforward.  If you ship a product
 that includes binary copies of GPL'd software (e.g., in firmware, or on a
 hard drive, CD, or other permanent storage medium), you can store the
 Corresponding Source alongside the binaries.  Alternatively, you can
 include the source on a CD or other removable storage medium in the box
 containing the product.
 GPLv2 refers to the various storage mechanisms as ``medi[a] customarily
 used for software interchange''.  While the Internet has attained primacy
 as a means of software distribution where super-fast Internet connections
 are available, GPLv2 was written at a time when downloading software was
 not practical (and was often impossible).  For much of the world, this
 condition has not changed since GPLv2's publication, and the Internet
 still cannot be considered ``a medium customary for software
 interchange''.  GPLv3 clarifies this matter, requiring that source be
 ``fixed on a durable physical medium customarily used for software
 interchange''.  This language affirms that option (a) requires binary
 redistributors to provide source on a physical medium.
 Please note that while selection of option (a) requires distribution on a
 physical medium, voluntary distribution via the Internet is very useful.  This
 is discussed in detail in \S~\ref{offer-with-internet}.
 \subsection{Option (b): The Offer}
 \label{offer-for-source}
 Many distributors prefer to ship only an offer for source with the binary
 distribution, rather than the complete source package.  This
 option has value when the cost of source distribution is a true
 per-unit cost.  For example, this option might be a good choice for
 embedded products with permanent storage too small to fit the source, and
 which are not otherwise shipped with a CD but \emph{are} shipped with a
 manual or other printed material.
 However, this option increases the duration of your obligations
 dramatically.  An offer for source must be good for three full years from
 your last binary distribution (under GPLv2), or your last binary or spare
 part distribution (under GPLv3).  Your source code request and
 provisioning system must be designed to last much longer than your product
 life cycle.
 In addition, if you are required to comply with the terms of GPLv2, you
 {\bf cannot} use a network service to provide the source code.  For GPLv2,
 the source code offer is fulfilled only with physical media.  This usually
 means that you must continue to produce an up-to-date ``source code CD''
 for years after the product's end-of-life.
 \label{offer-with-internet}
 Under GPLv2, it is acceptable and advisable for your offer for source code
 to include an Internet link for downloadable source \emph{in addition} to
 offering source on a physical medium.  This practice enables those with
 fast network connections to get the source more quickly, and typically
 decreases the number of physical media fulfillment requests.
 (GPLv3~\S~6(b) permits provision of source with a public
 network-accessible distribution only and no physical media.  We discuss
 this in detail at the end of this section.)
 The following is a suggested compliant offer for source under GPLv2 (and
 is also acceptable for GPLv3) that you would include in your printed
 materials accompanying each binary distribution:
 \begin{quote}
 The software included in this product contains copyrighted software that
 is licensed under the GPL\@.  A copy of that license is included in this
 document on page $X$\@.  You may obtain the complete Corresponding Source
 code from us for a period of three years after our last shipment of this
 product, which will be no earlier than 2011-08-01, by sending a money
 order or check for \$5 to: \\
 GPL Compliance Division \\
 Our Company \\
 Any Town, US 99999 \\
 \\
 Please write ``source for product $Y$'' in the memo line of your
 payment.
 You may also find a copy of the source at
 \verb0http://www.example.com/sources/Y/0.
 This offer is valid to anyone in receipt of this information.
 \end{quote}
 There are a few important details about this offer.  First, it requires a
 copying fee.  GPLv2 permits ``a charge no more than your cost of
 physically performing source distribution''.  This fee must be reasonable.
 If your cost of copying and mailing a CD is more than around \$10, you
 should perhaps find a cheaper CD stock and shipment method.  It is simply
 not in your interest to try to overcharge the community.  Abuse of this
 provision in order to make a for-profit enterprise of source code
 provision will likely trigger enforcement action.
 Second, note that the last line makes the offer valid to anyone who
 requests the source.  This is because v2~\S~3(b) requires that offers be
 ``to give any third party'' a copy of the Corresponding Source.  GPLv3 has
 a similar requirement, stating that an offer must be valid for ``anyone
 who possesses the object code''.  These requirements indicated in
 v2~\S~3(c) and v3~\S~6(c) are so that noncommercial redistributors may
 pass these offers along with their distributions.  Therefore, the offers
 must be valid not only to your customers, but also to anyone who received
 a copy of the binaries from them.  Many distributors overlook this
 requirement and assume that they are only required to fulfill a request
 from their direct customers.
 The option to provide an offer for source rather than direct source
 distribution is a special benefit to companies equipped to handle a
 fulfillment process.  GPLv2~\S~3(c) and GPLv3~\S~6(c) avoid burdening
 noncommercial, occasional redistributors with fulfillment request
 obligations by allowing them to pass along the offer for source as they
 received it.
 Note that commercial redistributors cannot avail themselves of the option
 (c) exception, and so while your offer for source must be good to anyone
 who receives the offer (under v2) or the object code (under v3), it
 \emph{cannot} extinguish the obligations of anyone who commercially
 redistributes your product.  The license terms apply to anyone who
 distributes GPL'd software, regardless of whether they are the original
 distributor.  Take the example of Vendor $V$, who develops a software
 platform from GPL'd sources for use in embedded devices.  Manufacturer $M$
 contracts with $V$ to install the software as firmware in $M$'s device.
 $V$ provides the software to $M$, along with a compliant offer for source.
 In this situation, $M$ cannot simply pass $V$'s offer for source along to
 its customers.  $M$ also distributes the GPL'd software commercially, so
 $M$ too must comply with the GPL and provide source (or $M$'s \emph{own}
 offer for source) to $M$'s customers.
 This situation illustrates that the offer for source is often a poor
 choice for products that your customers will likely redistribute.  If you
 include the source itself with the products, then your distribution to
 your customers is compliant, and their (unmodified) distribution to their
 customers is likewise compliant, because both include source.  If you
 include only an offer for source, your distribution is compliant but your
 customer's distribution does not ``inherit'' that compliance, because they
 have not made their own offer to accompany their distribution.
 The terms related to the offer for source are quite different if you
 distribute under GPLv3.  Under v3, you may make source available only over
 a network server, as long as it is available to the general public and
 remains active for three years from the last distribution of your product
 or related spare part.  Accordingly, you may satisfy your fulfillment
 obligations via Internet-only distribution.  This makes the ``offer for
 source'' option less troublesome for v3-only distributions, easing
 compliance for commercial redistributors.  However, before you switch to a
 purely Internet-based fulfillment process, you must first confirm that you
 can actually distribute \emph{all} of the software under GPLv3.  Some
 programs are indeed licensed under ``GPLv2, \emph{or any later version}''
 (often abbreviated ``GPLv2-or-later'').  Such licensing gives you the
 option to redistribute under GPLv3.  However, a few popular programs are
 only licensed under GPLv2 and not ``or any later version''
 (``GPLv2-only'').  You cannot provide only Internet-based source request
 fulfillment for the latter programs.
 If you determine that all GPL'd works in your whole product allow upgrade
 to GPLv3 (or were already GPLv3'd to start), your offer for source may be
 as simple as this:
 \begin{quote}
 The software included in this product contains copyrighted software that
 is licensed under the GPLv3\@.  A copy of that license is included in this
 document on page $X$\@.  You may obtain the complete Corresponding Source
 code from us for a period of three years after our last shipment of this
 product and/or spare parts therefor, which will be no earlier than
 -08-01, on our website at
 \verb0http://www.example.com/sources/productnum/0.
 \end{quote}
 \medskip
 Under both GPLv2 and GPLv3, source offers must be accompanied by a copy of
 the license itself, either electronically or in print, with every
 distribution.
 Finally, it is unacceptable to use option (b) merely because you do not have
 Corresponding Source ready.  We find that some companies choose this option
 because writing an offer is easy, but producing a source distribution as
 an afterthought to a hasty development process is difficult.  The offer
 for source does not exist as a stop-gap solution for companies rushing to
 market with an out-of-compliance product.  If you ship an offer for source
 with your product but cannot actually deliver \emph{immediately} on that
 offer when your customers request it, you should expect an enforcement
 action.
 \subsection{Option (c): Noncommercial Offers}
 As discussed in the last section, GPLv2~\S~3(c) and GPLv3~\S~6(c) apply
 only to noncommercial use.  These options are not available to businesses
 distributing GPL'd software.  Consequently, companies that redistribute
 software packaged for them by an upstream vendor cannot merely pass along
 the offer they received from the vendor; they must provide their own offer
 or corresponding source to their distributees.  We talk in detail about
 upstream software providers in \S~\ref{upstream}.
 \subsection{Option 6(d) in GPLv3: Internet Distribution}
 Under GPLv2, your formal provisioning options for Corresponding Source
 ended with \S~3(c).  But even under GPLv2, pure Internet source
 distribution was a common practice and generally considered to be
 compliant.  GPLv2 mentions Internet-only distribution almost as aside in
 the language, in text at the end of the section after the three
 provisioning options are listed.  To quote that part of GPLv2~\S~3:
 \begin{quote}
 If distribution of executable or object code is made by offering access to
 copy from a designated place, then offering equivalent access to copy the
 source code from the same place counts as distribution of the source code,
 even though third parties are not compelled to copy the source along with
 the object code.
 \end{quote}
 When that was written in 1991, Internet distribution of software was the
 exception, not the rule.  Some FTP sites existed, but generally software
 was sent on magnetic tape or CDs.  GPLv2 therefore mostly assumed that
 binary distribution happened on some physical media.  By contrast,
 GPLv3~\S~6(d) explicitly gives an option for this practice that the
 community has historically considered GPLv2-compliant.
 Thus, you may fulfill your source-provision obligations by providing the
 source code in the same way and from the same location.  When exercising
 this option, you are not obligated to ensure that users download the
 source when they download the binary, and you may use separate servers as
 needed to fulfill the requests as long as you make the source as
 accessible as the binary.  However, you must ensure that users can easily
 find the source code at the time they download the binary. GPLv3~\S~6(d)
 thus clarifies a point that has caused confusion about source provision in
 v2.  Indeed, many such important clarifications are included in v3 which
 together provide a compelling reason for authors and redistributors alike
 to adopt GPLv3.
 \subsection{Option 6(e) in GPLv3: Software Torrents}
 Peer-to-peer file sharing arose well after GPLv2 was written, and does not
 easily fit any of the v2 source provision options.  GPLv3~\S~6(e)
 addresses this issue, explicitly allowing for distribution of source and
 binary together on a peer-to-peer file sharing network.  If you distribute
 solely via peer-to-peer networks, you can exercise this option.  However,
 peer-to-peer source distribution \emph{cannot} fulfill your source
 provision obligations for non-peer-to-peer binary distributions.  Finally,
 you should ensure that binaries and source are equally seeded upon initial
 peer-to-peer distribution.
 \section{Preparing Corresponding Source}
 \label{corresponding-source}
 Most enforcement cases involve companies that have unfortunately not
 implemented procedures like our \S~\ref{best-practices} recommendations
 and have no source distribution arranged at all.  These companies must
 work backwards from a binary distribution to come into compliance.  Our
 recommendations in \S~\ref{best-practices} are designed to make it easy to
 construct a complete and Corresponding Source release from the outset.  If
 you have followed those principles in your development, you can meet the
 following requirements with ease.  If you have not, you may have
 substantial reconstruction work to do.
 \subsection{Assemble the Sources}
 For every binary that you produce, you should collect and maintain a copy
 of the sources from which it was built.  A large system, such as an
 embedded firmware, will probably contain many GPL'd and LGPL'd components
 for which you will have to provide source.  The binary distribution may
 also contain proprietary components which are separate and independent
 works that are covered by neither the GPL nor LGPL\@.
 The best way to separate out your sources is to have a subdirectory for
 each component in your system.  You can then easily mark some of them as
 required for your Corresponding Source releases.  Collecting
 subdirectories of GPL'd and LGPL'd components is the first step toward
 preparing your release.
 \subsection{Building the Sources}
 Few distributors, particularly of embedded systems, take care to read the
 actual definition of Corresponding Source in the GPL\@.  Consider
 carefully the definition, from GPLv3:
 \begin{quote}
   The ``Corresponding Source'' for a work in object code form means all
   the source code needed to generate, install, and (for an executable
   work) run the object code and to modify the work, including scripts to
   control those activities.
 \end{quote}
 and the definition from GPLv2:
 \begin{quote}
 The source code for a work means the preferred form of the work for making
 modifications to it.  For an executable work, complete source code means
 all the source code for all modules it contains, plus any associated
 interface definition files, plus the scripts used to control compilation
 and installation of the executable.
 \end{quote}
 Note that you must include ``scripts used to control compilation and
 installation of the executable'' and/or anything ``needed to generate,
 install, and (for an executable work) run the object code and to modify
 the work, including scripts to control those activities''.  These phrases
 are written to cover different types of build environments and systems.
 Therefore, the details of what you need to provide with regard to scripts
 and installation instructions vary depending on the software details.  You
 must provide all information necessary such that someone generally skilled
 with computer systems could produce a binary similar to the one provided.
 Take as an example an embedded wireless device.  Usually, a company
 distributes a firmware, which includes a binary copy of
 Linux\footnote{``Linux'' refers only to the kernel, not the larger system
   as a whole.} and a filesystem.  That filesystem contains various binary
 programs, including some GPL'd binaries, alongside some proprietary
 binaries that are separate works (i.e., not derived from, nor based on
 freely-licensed sources).  Consider what, in this case, constitutes adequate
 ``scripts to control compilation and installation'' or items ``needed to
 generate, install and run'' the GPL'd programs.
 Most importantly, you must provide some sort of roadmap that allows
 technically sophisticated users to build your software.  This can be
 complicated in an embedded environment.  If your developers use scripts to
 control the entire compilation and installation procedure, then you can
 simply provide those scripts to users along with the sources they act
 upon.  Sometimes, however, scripts were never written (e.g., the
 information on how to build the binaries is locked up in the mind of your
 ``build guru'').  In that case, we recommend that you write out build
 instructions in a natural language as a detailed, step-by-step {\sc
   readme}.
 No matter what you offer, you need to give those who receive source a
 clear path from your sources to binaries similar to the ones you ship.  If
 you ship a firmware (kernel plus filesystem), and the filesystem contains
 binaries of GPL'd programs, then you should provide whatever is necessary
 to enable a reasonably skilled user to build any given GPL'd source
 program (and modified versions thereof), and replace the given binary in
 your filesystem.  If the kernel is Linux, then the users must have the
 instructions to do the same with the kernel.  The best way to achieve this
 is to make available to your users whatever scripts or process your
 engineers would use to do the same.
 These are the general details for how installation instructions work.
 Details about what differs when the work is licensed under LGPL is
 discussed in \S~\ref{lgpl}, and specific details that are unique to
 GPLv3's installation instructions are in \S~\ref{user-products}.
 \subsection{What About the Compiler?}
 The GPL contains no provision that requires distribution of the compiler
 used to build the software.  While companies are encouraged to make it as
 easy as possible for their users to build the sources, inclusion of the
 compiler itself is not normally considered mandatory.  The Corresponding
 Source definition -- both in GPLv2 and GPLv3 -- has not been typically
 read to include the compiler itself, but rather things like makefiles,
 build scripts, and packaging scripts.
 Nonetheless, in the interest of goodwill and the spirit of the GPL, most
 companies do provide the compiler itself when they are able, particularly
 when the compiler is based on GCC\@ or another copylefted compiler.  If you have
 a GCC-based system, it is your prerogative to redistribute that GCC
 version (binaries plus sources) to your customers.  We in the software freedom
 community encourage you to do this, since it often makes it easier for
 users to exercise their software freedom.  However, if you chose to take
 this recommendation, ensure that your GCC distribution is itself
 compliant.
 If you have used a proprietary, third-party compiler to build the
 software, then you probably cannot ship it to your customers.  We consider
 the name of the compiler, its exact version number, and where it can be
 acquired as information that \emph{must} be provided as part of the
 Corresponding Source.  This information is essential to anyone who wishes
 to produce a binary.  It is not the intent of the GPL to require you to
 distribute third-party software tools to your customer (provided the tools
 themselves are not based on the GPL'd software shipped), but we do believe
 it requires that you give the user all the essential non-proprietary facts
 that you had at your disposal to build the software.  Therefore, if you
 choose not to distribute the compiler, you should include a {\sc readme}
 about where you got it, what version it was, and who to contact to acquire
 it, regardless of whether your compiler is Free Software, proprietary, or
 internally developed.
 \section{Best Practices and Corresponding Source}
 \S~\ref{best-practices} and \S~\ref{corresponding-source} above are
 closely related.  If you follow the best practices outlined above, you
 will find that preparing your Corresponding Source release is an easier
 task, perhaps even a trivial one.
 Indeed, the enforcement process itself has historically been useful to
 software development teams.  Development on a deadline can lead
 organizations to cut corners in a way that negatively impacts its
 development processes.  We have frequently been told by violators that
 they experience difficulty when determining the exact source for a binary
 in production (in some cases because their ``build guru'' quit during the
 release cycle).  When management rushes a development team to ship a
 release, they are less likely to keep release sources tagged and build
 systems well documented.
 We suggest that, if contacted about a violation, product builders use GPL
 enforcement as an opportunity to improve their development practices.  No
 developer would argue that their system is better for having a mysterious
 build system and no source tracking.  Address these issues by installing a
 revision system, telling your developers to use it, and requiring your
 build guru to document his or her work!
 \chapter{When The Letter Comes}
 Unfortunately, many GPL violators ignore their obligations until they are
 contacted by a copyright holder or the lawyer of a copyright holder.  You
 should certainly contact your own lawyer if you have received a letter
 alleging that you have infringed copyrights that were licensed to you
 under the GPL\@.  This section outlines a typical enforcement case and
 provides some guidelines for response.  These discussions are
 generalizations and do not all apply to every alleged violation.
 \section{Understanding Who's Enforcing}
 \label{compliance-understanding-whos-enforcing}
 % FIXME-LATER: this text needs work.
 Both  FSF and Conservancy has, as part their mission,  to spread software
 freedom. When FSF or Conservancy
 enforces GPL, the goal is to bring the violator back into compliance as
 quickly as possible, and redress the damage caused by the violation.
 That is FSF's steadfast position in a violation negotiation --- comply
 with the license and respect freedom.
 However, other entities who do not share the full ethos of software freedom
 as institutionalized by FSF and Conservancy pursue GPL violations differently.  Oracle, a
 company that produces the GPL'd MySQL database, upon discovering GPL
 violations typically negotiates a proprietary software license separately for
 a fee.  While this practice is not one that FSF nor Conservancy would ever
 consider undertaking or even endorsing, it is a legal way for copyright
 holders to proceed.
 Generally, GPL enforcers come in two varieties.  First, there are
 Conservancy, FSF, and other ``community enforcers'', who primarily seek the
 policy goals of GPL (software freedom), and see financial compensation as
 ultimately secondary to those goals.  Second, there are ``for-profit
 enforcers'' who use the GPL either as a crippleware license, or sneakily
 induce infringement merely to gain proprietary licensing revenue.

comprehensive-gpl-guide.tex

➞

Show inline comments

 % comprehensive-gpl-guide.tex                                    -*- LaTeX -*-
+%
 % Toplevel file to build the entire book.
 \documentclass[10pt, letterpaper, openany, oneside]{book}
 % I'm somewhat convinced that this book would be better formatted using
 %  the memoir class :
 %    http://www.ctan.org/pkg/memoir
 %   http://mirror.unl.edu/ctan/macros/latex/contrib/memoir/memman.pdf
 % For the moment, I've thrown in fancychap because I don't have time to
 % research memoir.
 \usepackage{hyperref}
 \usepackage{enumerate}
 \usepackage[Conny]{fncychap}
 \usepackage[dvips]{graphicx}
 \usepackage[verbose, twoside, dvips,
               paperwidth=8.5in, paperheight=11in,
               left=1in, right=1in, top=1.25in, bottom=.75in,
            ]{geometry}
 \newcommand{\tutorialpartsplit}[2]{#2}
 %\input{no-numbers-on-table-of-contents}
 \begin{document}
 \pagestyle{plain}
 \pagenumbering{roman}
 \frontmatter
 \begin{titlepage}
 \begin{center}
 {\Huge
 {\sc Copyleft and the  \\
 GNU General Public License:
 \vspace{.25in}
 A Comprehensive Tutorial
 }}
 \vfill
 {\parindent 0in
 \begin{tabbing}
 Copyright \= \copyright{} 2003--2007 \hspace{1.mm} \=  \kill
 Copyright \> \copyright{} 2014 \>  Bradley M. Kuhn. \\
 Copyright \> \copyright{} 2014 \>  Anthony K. Sebro, Jr. \\
 Copyright \= \copyright{} 2014 \= \hspace{.2in} Denver Gingerich \\
 Copyright \= \copyright{} 2003--2007, 2014 \= \hspace{.2in} Free Software Foundation, Inc. \\
 Copyright \> \copyright{} 2008 \>  Software Freedom Law Center. \\
 Copyright \> \copyright{} 2003-2007 \> Free Software Foundation, Inc. \\
 \end{tabbing}
 \vspace{.3in}
 The copyright holders hereby grant the freedom to copy, modify, convey,
 Adapt, and/or redistribute this work under the terms of the Creative Commons
 Attribution Share Alike 4.0 International License.  A copy of that license is
 available at \url{https://creativecommons.org/licenses/by-sa/4.0/legalcode}.
 Each part of this book, except the appendix, is separately under this same
 license, but copyrighted by different entities at different times.  Each part
 therefore also contains its own copyright and licensing notice.  The notice
 above is for the entire work, and includes the full copyright and licensing
 details, except for the appendix.
 Since the appendix includes copies of the texts of various licenses published
 by FSF, and they are all licensed under the license, ``Everyone is permitted
 to copy and distribute verbatim copies of this license document, but changing
 it is not allowed.''.  However, those who seek to make modified versions of
 those licenses should note the
 \href{https://www.gnu.org/licenses/gpl-faq.html#ModifyGPL}{explanation given in the GPL FAQ}.
 \vfill
 Patches are welcome to this material.  Sources can be found in the Git
 repository at: \url{https://gitorious.org/gpl-compliance-tools/tutorial/}
+}
 \end{center}
 \end{titlepage}
 \tableofcontents
 \chapter{Preface}
 This tutorial is the culmination of nearly a decade of studying and writing
 about software freedom licensing and the GPL\@.  Each part of this tutorial
 is a course unto itself, educating the reader on a myriad of topics from the
 deep details of the GPLv2 and GPLv3, common business models in the copyleft
 licensing area (both the friendly and unfriendly kind), best practices for
 compliance with the GPL, for engineers, managers, and lawyers, as well as
 real-world case studies of GPL enforcement matters.
 It is unlikely that all the information herein is necessary to learn all at
 once, and therefore this tutorial likely serves best as a reference book.
 The material herein has been used as the basis for numerous live tutorials
 and discussion groups since 2002, and the materials have been periodically
 updated.   They likely stand on their own as excellent reference material.
 However, if you are reading these course materials without attending a live
 tutorial session, please note that this material is merely a summary of the
 highlights of the various CLE and other tutorial courses based on this
 material.  Please be aware that during the actual courses, class discussion
 and presentation supplements this printed curriculum.  Simply reading this
 material is \textbf{not an equivalent} for attending a course.
 \mainmatter
 \input{gpl-lgpl}
 \input{compliance-guide}
 \input{enforcement-case-studies}
 \appendix
 \input{license-texts}
 \end{document}

enforcement-case-studies.tex

➞

Show inline comments

 %      Tutorial Text for the Detailed Study and Analysis of GPL and LGPL course
+%
 % Copyright (C) 2003, 2004 Free Software Foundation, Inc.
 % License: CC-By-SA-4.0
 % The copyright holders hereby grant the freedom to copy, modify, convey,
 % Adapt, and/or redistribute this work under the terms of the Creative
 % Commons Attribution Share Alike 4.0 International License.
 % This text is distributed in the hope that it will be useful, but
 % WITHOUT ANY WARRANTY; without even the implied warranty of
 % MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 % You should have received a copy of the license with this document in
 % a file called 'CC-By-SA-4.0.txt'.  If not, please visit
 % https://creativecommons.org/licenses/by-sa/4.0/legalcode to receive
 % the license text.
 \part{Case Studies in GPL Enforcement}
 {\parindent 0in
 This part is: \\
 \begin{tabbing}
 Copyright \= \copyright{} 2003, 2004 \= \hspace{.2in} Free Software Foundation, Inc. \\
 Copyright \> \copyright{} 2014 \>  Bradley M. Kuhn. \\
 Copyright \= \copyright{} 2014 \= \hspace{.2in} Denver Gingerich \\
 Copyright \= \copyright{} 2003, 2004, 2014 \= \hspace{.2in} Free Software Foundation, Inc. \\
 \end{tabbing}
 \vspace{1in}
 \begin{center}
 Authors of this part are: \\
 Bradley M. Kuhn \\
 John Sullivan
 \vspace{3in}
 Copy editors of this part include: \\
 Martin Michlmayr
 \vspace{3in}
 The copyright holders hereby grant the freedom to copy, modify, convey,
 Adapt, and/or redistribute this work under the terms of the Creative Commons
 Attribution Share Alike 4.0 International License.  A copy of that license is
 available at \verb=https://creativecommons.org/licenses/by-sa/4.0/legalcode=.
 \end{center}
+}
 % =====================================================================
 % START OF SECOND DAY SEMINAR SECTION
 % =====================================================================
 \chapter*{Preface}
 This one-day course presents the details of five different GPL
 compliance cases handled by FSF's GPL Compliance Laboratory. Each case
 offers unique insights into problems that can arise when the terms of
 the GPL are not properly followed, and how diplomatic negotiation between
 the violator and the copyright holder can yield positive results for
 both parties.
 Attendees should have successfully completely the course, a ``Detailed
 Study and Analysis of the GPL and LGPL,'' as the material from that
 course forms the building blocks for this material.
 This course is of most interest to lawyers who have clients or
 employers that deal with Free Software on a regular basis. However,
 technical managers and executives whose businesses use or distribute
 Free Software will also find the course very helpful.
 \bigskip
 These course materials are merely a summary of the highlights of the
 course presented. Please be aware that during the actual GPL course, class
 discussion supplements this printed curriculum. Simply reading it is
 not equivalent to attending the course.
 %FIXME-LATER: write these
 %\chapter{Not All GPL Enforcement is Created Equal}
 %\section{For-Profit Enforcement}
 %\section{Community and Non-Profit Enforcement}
 \chapter{Overview of Community Enforcement}
 The GPL is a Free Software license with legal teeth. Unlike licenses like
 the X11-style or various BSD licenses, the GPL (and by extension, the LGPL) is
 designed to defend as well as grant freedom. We saw in the last course
 that the GPL uses copyright law as a mechanism to grant all the key freedoms
 essential in Free Software, but also to ensure that those freedoms
 propagate throughout the distribution chain of the software.
 \section{Termination Begins Enforcement}
 As we have learned, the assurance that Free Software under the GPL remains
 Free Software is accomplished through various terms of the GPL: \S 3 ensures
 that binaries are always accompanied with source; \S 2 ensures that the
 sources are adequate, complete and usable; \S 6 and \S 7 ensure that the
 license of the software is always the GPL for everyone, and that no other
 legal agreements or licenses trump the GPL. It is \S 4, however, that ensures
 that the GPL can be enforced.
 Thus, \S 4 is where we begin our discussion of GPL enforcement. This
 clause is where the legal teeth of the license are rooted. As a copyright
 license, the GPL governs only the activities governed by copyright law ---
 copying, modifying and redistributing computer software. Unlike most
 copyright licenses, the GPL gives wide grants of permission for engaging with
 these activities. Such permissions continue, and all parties may exercise
 them until such time as one party violates the terms of the GPL\@. At the
 moment of such a violation (i.e., the engaging of copying, modifying or
 redistributing in ways not permitted by the GPL) \S 4 is invoked. While other
 parties may continue to operate under the GPL, the violating party loses their
 rights.
 Specifically, \S 4 terminates the violators' rights to continue
 engaging in the permissions that are otherwise granted by the GPL\@.
 Effectively, their rights revert to the copyright defaults ---
 no permission is granted to copy, modify, nor redistribute the work.
 Meanwhile, \S 5 points out that if the violator has no rights under
 the GPL, they are prohibited by copyright law from engaging in the
 activities of copying, modifying and distributing. They have lost
 these rights because they have violated the GPL, and no other license
 gives them permission to engage in these activities governed by copyright law.
 \section{Ongoing Violations}
 In conjunction with \S 4's termination of violators' rights, there is
 one final industry fact added to the mix: rarely does one engage in a
 single, solitary act of copying, distributing or modifying software.
 Almost always, a violator will have legitimately acquired a copy of a
 GPL'd program, either making modifications or not, and then begun
 distributing that work. For example, the violator may have put the
 software in boxes and sold them at stores. Or perhaps the software
 was put up for download on the Internet. Regardless of the delivery
 mechanism, violators almost always are engaged in {\em ongoing\/}
 violation of the GPL\@.
 In fact, when we discover a GPL violation that occurred only once --- for
 example, a user group who distributed copies of a GNU/Linux system without
 source at one meeting --- we rarely pursue it with a high degree of
 tenacity. In our minds, such a violation is an educational problem, and
 unless the user group becomes a repeat offender (as it turns out, they
 never do), we simply forward along a FAQ entry that best explains how user
 groups can most easily comply with the GPL, and send them on their merry way.
 It is only the cases of {\em ongoing\/} GPL violation that warrant our
 active attention. We vehemently pursue those cases where dozens, hundreds
 or thousands of customers are receiving software that is out of
 compliance, and where the company continually offers for sale (or
 distributes gratis as a demo) software distributions that include GPL'd
 components out of compliance. Our goal is to maximize the impact of
 enforcement and educate industries who are making such a mistake on a
 large scale.
 In addition, such ongoing violation shows that a particular company is
 committed to a GPL'd product line. We are thrilled to learn that someone
 is benefiting from Free Software, and we understand that sometimes they
 become confused about the rules of the road. Rather than merely
 giving us a postmortem to perform on a past mistake, an ongoing violation
 gives us an active opportunity to educate a new contributor to the GPL'd
 commons about proper procedures to contribute to the community.
 Our central goal is not, in fact, to merely clear up a particular violation.
 In fact, over time, we hope that our compliance lab will be out of
 business. We seek to educate the businesses that engage in commerce
 related to GPL'd software to obey the rules of the road and allow them to
 operate freely under them. Just as a traffic officer would not revel in
 reminding people which side of the road to drive on, so we do not revel in
 violations. By contrast, we revel in the successes of educating an
 ongoing violator about the GPL so that GPL compliance becomes a second-nature
 matter, allowing that company to join the GPL ecosystem as a contributor.
 \section{How are Violations Discovered?}
 Our enforcement of the GPL is not a fund-raising effort; in fact, FSF's GPL
 Compliance Lab runs at a loss (in other words, it is subsided by our
 donors). Our violation reports come from volunteers, who have encountered,
 in their business or personal life, a device or software product that
 appears to contain GPL'd software. These reports are almost always sent
 via email to $<$license-violation@fsf.org$>$.
 Our first order of business, upon receiving such a report, is to seek
 independent confirmation. When possible, we get a copy of the software
 product. For example, if it is an offering that is downloadable from a
 Web site, we download it and investigate ourselves. When it is not
 possible for us to actually get a copy of the software, we ask the
 reporter to go through the same process we would use in examining the
 software.
 By rough estimation, about 95\% of violations at this stage can be
 confirmed by simple commands. Almost all violators have merely made an
 error and have no nefarious intentions. They have made no attempt to
 remove our copyright notices from the software. Thus, given the
 third-party binary, {\tt tpb}, usually, a simple command (on a GNU/Linux
 system) such as the following will find a Free Software copyright notice
 and GPL reference:
 \begin{quotation}
 {\tt strings tpb | grep Copyright}
 \end{quotation}
 In other words, it is usually more than trivial to confirm that GPL'd
 software is included.
 Once we have confirmed that a violation has indeed occurred, we must then
 determine whose copyright has been violated. Contrary to popular belief,
 FSF does not have the power to enforce the GPL in all cases. Since the GPL
 operates under copyright law, the powers of enforcement --- to seek
 redress once \S 4 has been invoked --- lie with the copyright holder of
 the software. FSF is one of the largest copyright holders in the world of
 GPL'd software, but we are by no means the only one. Thus, we sometimes
 discover that while GPL'd code is present in the software, there is no
 software copyrighted by FSF present.
 In cases where FSF does not hold copyright interest in the software, but
 we have confirmed a violation, we contact the copyright holders of the
 software, and encourage them to enforce the GPL\@. We offer our good offices
 to help negotiate compliance on their behalf, and many times, we help as a
 third party to settle such GPL violations. However, what we will describe
 primarily in this course is FSF's first-hand experience enforcing its own
 copyrights and the GPL\@.
 \section{First Contact}
 The Free Software community is built on a structure of voluntary
 cooperation and mutual help. Our community has learned that cooperation
 works best when you assume the best of others, and only change policy,
 procedures and attitudes when some specific event or occurrence indicates
 that a change is necessary. We treat the process of GPL enforcement in
 the same way. Our goal is to encourage violators to join the cooperative
 community of software sharing, so we want to open our hand in friendship.
 Therefore, once we have confirmed a violation, our first assumption is
 that the violation is an oversight or otherwise a mistake due to confusion
 about the terms of the license. We reach out to the violator and ask them
 to work with us in a collaborative way to bring the product into
 compliance. We have received the gamut of possible reactions to such
 requests, and in this course, we examine four specific examples of such
 compliance work.
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \chapter{Bortez: Modified GCC SDK}
 In our first case study, we will consider Bortez, a company that
 produces software and hardware toolkits to assist OEM vendors, makers
 of consumer electronic devices.
 \section{Facts}
 One of Bortez's key products is a Software Development Kit (``SDK'')
 designed to assist developers building software for a specific class of
 consumer electronics devices.
 FSF received a report that the SDK may be based on the GNU Compiler
 Collection (which is an FSF-copyrighted collection of tools for software
 development in C, C++ and other popular languages). FSF investigated the
 claim, but was unable to confirm the violation. The violation reporter
 was unresponsive to follow-up requests for more information.
 Since FSF was unable to confirm the violation, we did not pursue it any
 further. Bogus reports do happen, and we do not want to burden companies
 with specious GPL violation complaints. FSF shelved the matter until
 more evidence was discovered.
 FSF was later able to confirm the violation when two additional reports
 surfaced from other violation reporters, both of whom had used the SDK
 professionally and noticed clear similarities to FSF's GNU GCC\@. FSF's
 Compliance Engineer asked the reporters to run standard tests to confirm
 the violation, and it was confirmed that Bortez's SDK was indeed a
 modified version of GCC\@. Bortez had ported to Windows and added a number
 of features, including support for a specific consumer device chipset and
 additional features to aid in the linking process (``LP'') for those
 specific devices. FSF explained the rights that the GPL afforded these
 customers and pointed out, for example, that Bortez only needed to provide
 source to those in possession of the binaries, and that the users may need
 to request that source (if \S 3(b) was exercised). The violators
 confirmed that such requests were not answered.
 FSF brought the matter to the attention of Bortez, who immediately
 escalated the matter to their attorneys. After a long negotiation,
 Bortez acknowledged that their SDK was indeed a modified version of
 GCC\@. Bortez released most of the source, but some disagreement
 occurred over whether LP was also derivative of GCC\@. After repeated
 FSF inquiries, Bortez reaudited the source to discover that FSF's
 analysis was correct. Bortez determined that LP included a number of
 source files copied from the GCC code-base.
 \label{davrik-build-problems}
 Once the full software release was made available, FSF asked the violation
 reporters if it addressed the problem. Reports came back that the source
 did not properly build. FSF asked Bortez to provide better build
 instructions with the software, and such build instructions were
 incorporated into the next software release.
 At FSF's request as well, Bortez informed customers who had previously
 purchased the product that the source was now available by announcing
 the availability on its Web site and via a customer newsletter.
 Bortez did have some concerns regarding patents. They wished to include a
 statement with the software release that made sure they were not granting
 any patent permission other than what was absolutely required by the GPL\@.
 They understood that their patent assertions could not trump any rights
 granted by the GPL\@. The following language was negotiated into the release:
 \begin{quotation}
 Subject to the qualifications stated below, Bortez, on behalf of itself
 and its Subsidiaries, agrees not to assert the Claims against you for your
 making, use, offer for sale, sale, or importation of the Bortez's GNU
 Utilities or derivative works of the Bortez's GNU Utilities
 (``Derivatives''), but only to the extent that any such Derivatives are
 licensed by you under the terms of the GNU General Public License. The
 Claims are the claims of patents that Bortez or its Subsidiaries have
 standing to enforce that are directly infringed by the making, use, or
 sale of an Bortez Distributed GNU Utilities in the form it was distributed
 by Bortez and that do not include any limitation that reads on hardware;
 the Claims do not include any additional patent claims held by Bortez that
 cover any modifications of, derivative works based on or combinations with
 the Bortez's GNU Utilities, even if such a claim is disclosed in the same
 patent as a Claim. Subsidiaries are entities that are wholly owned by
 Bortez.
 This statement does not negate, limit or restrict any rights you already
 have under the GNU General Public License version 2.
 \end{quotation}
 This quelled Bortez's concerns about other patent licensing they sought to
 do outside of the GPL'd software, and satisfied FSF's concerns that Bortez
 give proper permissions to exercise teachings of patents that were
 exercised in their GPL'd software release.
 Finally, a GPL Compliance Officer inside Bortez was appointed to take
 responsibility for all matters of GPL compliance inside the company.
 Bortez is responsible for informing FSF if the position is given to
 someone else inside the company, and making sure that FSF has direct
 contact with Bortez's Compliance Officer.
 \section{Lessons}
 This case introduces a number of concepts regarding GPL enforcement.
 \begin{enumerate}
 \item {\bf Enforcement should not begin until the evidence is confirmed.}
   Most companies that distribute GPL'd software do so in compliance, and at
   times, violation reports are mistaken. Even with extensive efforts in
   GPL education, many users do not fully understand their rights and the
   obligations that companies have. By working through the investigation
   with reporters, the violation can be properly confirmed, and {\bf the
     user of the software can be educated about what to expect with GPL'd
     software}. When users and customers of GPL'd products know their
   rights, what to expect, and how to properly exercise their rights
   (particularly under \S 3(b)), it reduces the chances for user
   frustration and inappropriate community outcry about an alleged GPL
   violation.
 \item {\bf GPL compliance requires friendly negotiation and cooperation.}
   Often, attorneys and managers are legitimately surprised to find out
   GPL'd software is included in their company's products. Engineers
   sometimes include GPL'd software without understanding the requirements.
   This does not excuse companies from their obligations under the license,
   but it does mean that care and patience are essential for reaching GPL
   compliance. We want companies to understand that participating and
   benefiting from a collaborative Free Software community is not a burden,
   so we strive to make the process of coming into compliance as smooth as
   possible.
 \item {\bf Confirming compliance is a community effort.}  The whole point
   of making sure that software distributors respect the terms of the GPL is to
   allow a thriving software sharing community to benefit and improve the
   work. FSF is not the expert on how a compiler for consumer electronic
   devices should work. We therefore inform the community who originally
   brought the violation to our attention and ask them to assist in
   evaluation and confirmation of the product's compliance. Of course, FSF
   coordinates and oversees the process, but we do not want compliance for
   compliance's sake; rather, we wish to foster a cooperating community of
   development around the Free Software in question, and encourage the
   once-violator to begin participating in that community.
 \item {\bf Informing the harmed community is part of compliance.} FSF asks
   violators to make some attempt --- such as via newsletters and the
   company's Web site --- to inform those who already have the products as
   to their rights under the GPL\@. One of the key thrusts of the GPL's \S 1 and
   \S 3 is to {\em make sure the user knows she has these rights\/}. If a
   product was received out of compliance by a customer, she may never
   actually discover that she has such rights. Informing customers, in a
   way that is not burdensome but has a high probability of successfully
   reaching those who would seek to exercise their freedoms, is essential
   to properly remedy the mistake.
 \item {\bf Lines between various copyright, patent, and other legal
   mechanisms must be precisely defined and considered.}  The most
   difficult negotiation point of the Bortez case was drafting language
   that simultaneously protected Bortez's patent rights outside of the
   GPL'd source, but was consistent with the implicit patent grant in
   the GPL\@. As we discussed in the first course of this series, there is
   indeed an implicit patent grant with the GPL, thanks to \S 6 and \S 7.
   However, many companies become nervous and wish to make the grant
   explicit to assure themselves that the grant is sufficiently narrow for
   their needs. We understand that there is no reasonable way to determine
   what patent claims read on a company's GPL holdings and which do not, so
   we do not object to general language that explicitly narrows the patent
   grant to only those patents that were, in fact, exercised by the GPL'd
   software as released by the company.
 \end{enumerate}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \chapter{Bracken: a Minor Violation in a GNU/Linux Distribution}
 In this case study, we consider a minor violation made by a company whose
 knowledge of the Free Software community and its functions is deep.
 \section{The Facts}
 Bracken produces a GNU/Linux operating system product that is sold
 primarily to OEM vendors to be placed in appliance devices used for a
 single purpose, such as an Internet-browsing-only device. The product
 is almost 100\% Free Software, mostly licensed under the GPL and related
 Free Software licenses.
 FSF found out about this violation through a report first posted on a
   Slashdot\footnote{Slashdot is a popular news and discussion site for
   technical readers.} comment, and then it was brought to our attention again
   by another Free Software copyright holder who had discovered the
   same violation.
 Bracken's GNU/Linux product is delivered directly from their Web site.
 This allowed FSF engineers to directly download and confirm the
 violation quickly. Two primary problems were discovered with the
 online distribution:
 \begin{itemize}
 \item No source code nor offer for source code was provided for a number
   of components for the distributed GNU/Linux system; only binaries were
   available
 \item An End User License Agreement (``EULA'') was included that
   contradicted the permissions granted by the GPL\@
 \end{itemize}
 FSF contacted Bracken and gave them the details of the violation. Bracken
 immediately ceased distribution of the product temporarily and set forth
 a plan to bring themselves back into compliance. This plan included the
 following steps:
 \begin{itemize}
 \item Bracken attorneys would rewrite the EULA to comply with the GPL and
   would vet the new EULA through FSF before use
 \item Bracken engineers would provide source side-by-side with the
   binaries for the GNU/Linux distribution on the site (and on CD's, if
   ever they distributed that way)
 \item Bracken attorneys would run an internal seminar for its engineers
   regarding proper GPL compliance to help ensure that such oversights
   regarding source releases would not occur in the future
 \item Bracken would resume distribution of the product only after FSF
   formally restored Bracken's distribution rights
 \end{itemize}
 This case was completed in about a month. FSF approved the new EULA
 text. The key portion in the EULA relating to the GPL read as follows:
 \begin{quotation}
 Many of the Software Programs included in Bracken Software are distributed
 under the terms of agreements with Third Parties (``Third Party
 Agreements'') which may expand or limit the Licensee's rights to use
 certain Software Programs as set forth in [this EULA]. Certain Software
 Programs may be licensed (or sublicensed) to Licensee under the GNU
 General Public License and other similar license agreements listed in part
 in this section which, among other rights, permit the Licensee to copy,
 modify and redistribute certain Software Programs, or portions thereof,
 and have access to the source code of certain Software Programs, or
 portions thereof. In addition, certain Software Programs, or portions
 thereof, may be licensed (or sublicensed) to Licensee under terms stricter
 than those set forth in [this EULA]. The Licensee must review the
 electronic documentation that accompanies certain Software Programs, or
 portions thereof, for the applicable Third Party Agreements. To the
 extent any Third Party Agreements require that Bracken provide rights to
 use, copy or modify a Software Program that are broader than the rights
 granted to the Licensee in [this EULA], then such rights shall take
 precedence over the rights and restrictions granted in this Agreement
 solely for such Software Programs.
 \end{quotation}
 FSF restored Bracken's distribution rights shortly after the work was
 completed as described.
 \section{Lessons Learned}
 This case was probably the most quickly and easily resolved of all GPL
 violations in the history of FSF's Compliance Lab. The ease with which
 the problem was resolved shows a number of cultural factors that play a
 role in GPL compliance.
 \begin{enumerate}
 \item {\bf Companies that understand Free Software culture better have an
   easier time with compliance.}  Bracken's products were designed and
   built around the GNU/Linux system and Free Software components. Their
   engineers were deeply familiar with the Free Software ecosystem, and
   their lawyers had seen and reviewed the GPL before. The violation was
   completely an honest mistake. Since the culture inside the company had
   already adapted to the cooperative style of resolution in the Free
   Software world, there was very little work for either party to bring the
   product into compliance.
 \item {\bf When people in key positions understand the Free Software
   nature of their software products, compliance concerns are as
   mundane as minor software bugs.}  Even the most functional system or
   structure has its problems, and successful business often depends on
   agile response to the problems that do come up; avoiding problems
   altogether is a pipe dream. Minor GPL violations can and do happen
   even with well-informed redistributors. However, resolution is
   reached quickly when the company --- and in particular, the lawyers,
   managers, and engineers working on the Free Software product lines
   --- have adapted to Free Software culture that the lower-level
   engineer already understood
 \item {\bf Legally, distribution must stop when a violation is
   identified.}  In our opinion, Bracken went above and beyond the call of
   duty by ceasing distribution while the violation was being resolved.
   Under GPL \S 4, the redistributor loses the right to distribute the
   software, and thus they are in ongoing violation of copyright law if
   they distribute before rights are restored. It is FSF's policy to
   temporarily allow distribution while compliance negotiations are ongoing
   and only in the most extreme cases (where the other party appears to be
   negotiating in bad faith) does FSF even threaten an injunction on
   copyright grounds. However, Bracken --- as a good Free Software citizen
   --- chose to be on the safe side and do the legally correct thing while
   the violation case was pending. From start to finish, it took less
   than a month to resolve. This lapse in distribution did not, to FSF's
   knowledge, impact Bracken's business in any way.
 \item {\bf EULAs are a common area for GPL problems.}  Often, EULAs
   are drafted from boilerplate text that a company uses for all its
   products. Even the most diligent attorneys forget or simply do not
   know that a product contains software licensed under the GPL and other
   Free Software licenses. Drafting a EULA that accounts for such
   licenses is straightforward; the text quoted above works just fine.
   The EULA must be designed so that it does not trump rights and
   permissions already granted by the GPL\@. The EULA must clearly state
   that if there is a conflict between it and the GPL, with regard to GPL'd
   code, the GPL is the overriding license.
 \item {\bf Compliance Officers are rarely necessary when companies are
   educated about GPL compliance.}  As we saw in the Bortez case, FSF asks
   that a formal ``GPL Compliance Officer'' be appointed inside a
   previously violating organization to shepherd the organization to a
   cooperative approach to GPL compliance. However, when FSF
   sees that an organization already has such an approach, there is no
   need to request that such an officer be appointed.
 \end{enumerate}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \chapter{Vigorien: Security, Export Controls, and GPL Compliance}
 This case study introduces how concerns of ``security through obscurity''
 and regulatory problems can impact GPL compliance matters.
 \section{The Facts}
 Vigorien distributes a back-up solution product that allows system
 administrators to create encrypted backups of file-systems on
 Unix-like computers. The product is based on GNU tar, a backup utility
 that replaces the standard Unix utility simply called tar, but has
 additional features.
 Vigorien's backup solution added cryptographic features to GNU tar, and
 included a suite of utilities and graphical user interfaces surrounding
 GNU tar to make backups convenient.
 FSF discovered the violation from a user report, and determined that the
 cryptographic features were the only part of the product that constituted
 a derivative work of GNU tar; the extraneous utilities merely made
 shell calls out to GNU tar. FSF requested that Vigorien come into
 compliance with the GPL by releasing the source of GNU tar, with the
 cryptographic modifications, to its customers.
 Vigorien released the original GNU tar sources, but kept the cryptographic
 modifications proprietary. They argued that the security of their system
 depending on keeping the software proprietary and that regardless, USA
 export restrictions on cryptographic software prohibited such a release.
 FSF disputed the first claim, pointing out that Vigorien had only one
 option if they did not want to release the source: they would have to
 remove GNU tar from the software and not distribute it further. Vigorien
 rejected this suggestion, since GNU tar was an integral part of the
 product, and the security changes were useless without GNU tar.
 Regarding the export control claims, FSF proposed a number of options,
 including release of the source from one of Vigorien's divisions overseas
 where no such restrictions occurred, but Vigorien argued that the problem
 was insoluble because they operated primarily in the USA\@.
 The deadlock on the second issue was resolved when those cryptographic
 export restrictions were lifted shortly thereafter, and FSF again raised
 the matter with Vigorien. At that point, they dropped the first claim and
 agreed to release the remaining source module to their customers. They
 did so, and the violation was resolved.
 \section{Lessons Learned}
 \begin{enumerate}
 \item {\bf Removing the GPL'd portion of the product is always an
   option.}  Many violators' first response is to simply refuse to
   release the source code as the GPL requires. FSF offers the option to
   simply remove the GPL'd portions from the product and continue along
   without them. Every case where this has been suggested has led to
   the same conclusion. Like Vigorien, the violator argues that the
   product cannot function without the GPL'd components, and they
   cannot effectively replace them.
   Such an outcome is simply further evidence that the combined work in
   question is indeed a modified version of the original GPL'd component.
   If the other components cannot stand on their own and be useful without
   the GPL'd portions, then one cannot effectively argue that the work as a
   whole is not a based on the GPL'd portions.
 \item {\bf The whole product is not always covered.}  In this case,
   Vigorien had additional works aggregated. The backup system was a suite
   of utilities, some of which were the GPL and some of which were not. While
   the cryptographic routines were tightly coupled with GNU tar and clearly
   made a whole new combined work of both components, the various GUI utilities were separate and
   independent works merely aggregated with the distribution of the
   GNU-tar-based product.
 \item {\bf ``Security'' concerns do not exonerate a distributor from GPL
   obligations, and ``security through obscurity'' does not work anyway.}
   The argument that ``this is security software, so it cannot be released
   in source form'' is not a valid defense for explaining why the terms of
   the GPL are ignored. If companies do not want to release source code
   for some reason, then they should not base the work on GPL'd software.
   No external argument for noncompliance can hold weight if the work as
   a whole is indeed a modified version of a GPL'd program.
   The ``security concerns'' argument is often floated as a reason to keep
   software proprietary, but the computer security community has on
   numerous occasions confirmed that such arguments are entirely specious.
   Security experts have found --- since the beginnings of the field of
   cryptography in the ancient world --- that sharing results about systems
   and having such systems withstand peer review and scrutiny builds the
   most secure systems. While full disclosure may help some who wish to
   compromise security, it helps those who want to fix problems even more
   by identifying them early.
 \item {\bf External regulatory problems can be difficult to resolve.}
   The GPL, though grounded in copyright law, does not have the power to trump
   regulations like export controls. While Vigorien's ``security
   concerns'' were specious, their export control concerns were not. It is
   indeed a difficult problem that FSF acknowledges. We want compliance
   with the GPL and respect for users' freedoms, but we certainly do not expect
   companies to commit criminal offenses for the sake of compliance. We
   will see more about this issue in our next case study.
 \end{enumerate}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \chapter{Haxil, Polgara, and Thesulac: Mergers, Upstream Providers and Radio Devices}
 This case study considers an ongoing (at the time of writing) violation
 that has occurred. By the end of the investigation period, three
 companies were involved and many complex issues arose.
 \section{The Facts}
 Haxil produced a consumer electronics device which included a mini
 GNU/Linux distribution to control the device. The device was of interest
 to many technically-minded consumers, who purchased the device and very
 quickly discovered that Free Software was included without source.
 Mailing lists throughout the Free Software community erupted with
 complaints about the problem, and FSF quickly investigated.
 FSF confirmed that FSF-copyrighted GPL'd software was included. In
 addition, the whole distribution included GPL'd works from hundreds of
 individual copyright holders, many of whom were, at this point, up in
 arms about the violation.
 Meanwhile, Haxil was in the midst of being acquired by Polgara. Polgara
 was as surprised as everyone else to discover the product was based on
 GPL'd software; this fact had not been part of the disclosures made during
 acquisition. FSF contacted Haxil, Polgara, and the product managers
 who had transitioned into the ``Haxil division'' of the newly-merged
 Polgara company. Polgara's General Counsel's office worked with FSF on
 the matter.
 FSF formed a coalition with the other primary copyright holders
 to pursue the enforcement effort on their behalf. FSF communicated
 directly with Polgara's representatives to begin working through the
 issues on behalf of itself and the Free Software community at large.
 Polgara pointed out that the software distribution they used was mostly
 contributed by an upstream provider, Thesulac, and Haxil's changes to that
 code base were minimal. Polgara negotiated with Thesulac to obtain the
 source, although the issue moved very slowly in the channels between
 Polgara and Thesulac.
 FSF encouraged a round-table meeting so that high bandwidth communication
 could occur between FSF, Polgara and Thesulac. Polgara and Thesulac
 agreed, and that discussion began. Thesulac provided nearly complete
 sources to Polgara, and Polgara made a full software release on their
 Web site. At the time of writing, that software still has some build
 problems (similar to those that occurred with Bortez, as described in
 Section~\ref{davrik-build-problems}). FSF continues to negotiate with
 Polgara and Thesulac to resolve these problems, which have a clear path to
 a solution and are expected to resolve.
 Similar to the Vigorien case, Thesulac has regulatory concerns. In this
 case, it is not export controls --- an issue that has since been resolved
 --- but radio spectrum regulation. Since this consumer electronic device
 contains a software-programmable radio transmitter, regulations in (at
 least) the USA and Japan prohibit release of those portions of the code
 that operate the device. Since this is a low-level programming issue, the
 changes to operate the device form a single combined work with the kernel named
 Linux.  A decade later, this situation remains largely unresolved.
 \section{Lessons Learned}
 \begin{enumerate}
 \item {\bf Community outrage, while justified, can often make negotiation
   more difficult.}  FSF has a strong policy never to publicize names of
   GPL violators if they are negotiating in a friendly way and operating in
   good faith toward compliance. Most violations are honest mistakes, and
   FSF sees no reason to publicly admonish violators who genuinely want to
   come into compliance with the GPL and to work hard staying in compliance.
   This case was so public in the Free Software community that both Haxil's
   and Polgara's representatives were nearly shell-shocked by the time FSF
   began negotiations. There was much work required to diffuse the
   situation. We empathize with our community and their outrage about GPL
   violations, but we also want to follow a path that leads expediently
   to compliance. In our experience, public outcry works best as a last
   resort, not the first.
 \item {\bf For software companies, GPL compliance belongs on a corporate
   acquisition checklist. }  Polgara was truly amazed that Haxil had used
   GPL'd software in a major new product line but never informed Polgara
   during the acquisition process. While GPL compliance is not a
   particularly difficult matter, it is an additional obligation that comes
   along with the product line. When planning mergers and joint ventures,
   one should include lists of GPL'd components contained in the products
   discussed.
 \item {\bf Compliance problems of upstream providers do not excuse a
   violation for the downstream distributor.}  To paraphrase \S 6, upstream
   providers are not responsible for enforcing compliance of their
   downstream, nor are downstream distributors responsible for compliance
   problems of upstream providers. However, engaging in distribution of
   GPL'd works out of compliance is still just that: a compliance problem.
   When FSF carries out enforcement, we are patient and sympathetic when
   the problem appears to be upstream. In fact, we urge the violator to
   point us to the upstream provider so we may talk to them directly. In
   this case, we were happy to begin negotiations with Thesulac. However,
   Polgara still has an obligation to bring their product into compliance,
   regardless of Thesulac's response.
 \item {\bf It behooves upstream providers to advise downstream
   distributors about compliance matters.}  FSF has encouraged Thesulac to
   distribute a ``good practices for GPL compliance'' document with their
   product. Polgara added various software components to Thesulac's
   product, and it is conceivable that such additions can introduce
   compliance. In FSF's opinion, Thesulac is in no way legally responsible
   for such a violation introduced by their customer, but it behooves them
   from a marketing standpoint to educate their customers about using the
   product. We can argue whether or not it is your coffee vendor's fault
   if you burn yourself with their product, but (likely) no one on either
   side would dispute the prudence of placing a ``caution: hot'' label on
   the cup.
 \item {\bf FSF enforcement often avoids redundant enforcement cases from
   many parties.}  Most Free Software systems have hundreds of copyright
   holders. Some have thousands. FSF is in a unique position as one of
   the largest single copyright holders on GPL'd software and as a
   respected umpire in the community, neutrally enforcing the rules of the
   GPL road. FSF works hard in the community to convince copyright
   holders that consolidating GPL claims through FSF is better for them,
   and more likely to yield positive compliance results.
   A few copyright holders engage in the ``proprietary relicensing''
   business, so they use GPL enforcement as a sales channel for that
   business. FSF, as a community-oriented, not-for-profit organization,
   seeks only to preserve the freedom of Free Software in its enforcement
   efforts. As it turns out, most of the community of copyright holders
   of Free Software want the same thing. Share and share alike is a

gpl-lgpl.tex

➞

Show inline comments

 % gpl-lgpl.tex                                                  -*- LaTeX -*-
 %      Tutorial Text for the Detailed Study and Analysis of GPL and LGPL course
+%
 % Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
 % Copyright (C) 2014                   Bradley M. Kuhn
 % License: CC-By-SA-4.0
 % The copyright holders hereby grant the freedom to copy, modify, convey,
 % Adapt, and/or redistribute this work under the terms of the Creative
 % Commons Attribution Share Alike 4.0 International License.
 % This text is distributed in the hope that it will be useful, but
 % WITHOUT ANY WARRANTY; without even the implied warranty of
 % MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 % You should have received a copy of the license with this document in
 % a file called 'CC-By-SA-4.0.txt'.  If not, please visit
 % https://creativecommons.org/licenses/by-sa/4.0/legalcode to receive
 % the license text.
 % FIXME-LATER: I should make a macro like the Texinfo @xref stuff for places
 %      where I'm saying ``see section X in this tutorial'', so that the extra
 %      verbiage isn't there in the HTML versions that I'll eventually do.
 %      Maybe something like that already exists?  In the worst case, I could
 %      adapt @xref from texinfo.texi for it.
 \newcommand{\defn}[1]{\emph{#1}}
 \part{Detailed Analysis of the GNU GPL and Related Licenses}
 {\parindent 0in
 \tutorialpartsplit{``Detailed Analysis of the GNU GPL and Related Licenses''}{This part} is: \\
 \begin{tabbing}
 Copyright \= \copyright{} 2003--2007 \hspace{.1mm} \=  \kill
 Copyright \> \copyright{} 2014 \> Bradley M. Kuhn \\
 Copyright \> \copyright{} 2014 \>  Anthony K. Sebro, Jr. \\
 Copyright \> \copyright{} 2003--2007 \>  Free Software Foundation, Inc.
+Copyright \> \copyright{} 2003--2007, 2014 \>  Free Software Foundation, Inc.
 \end{tabbing}
 \vspace{.3in}
 \begin{center}
 Authors of \tutorialpartsplit{``Detailed Analysis of the GNU GPL and Related Licenses''}{this part} are: \\
 Free Software Foundation, Inc. \\
 Bradley M. Kuhn \\
 David ``Novalis'' Turner \\
 Daniel B. Ravicher \\
 Tony Sebro \\
 John Sullivan
 \vspace{.2in}
 Copy editors of this part include: \\
 Martin Michlmayr
 \vspace{.2in}
 The copyright holders of \tutorialpartsplit{``Detailed Analysis of the GNU GPL and Related Licenses''}{this part} hereby grant the freedom to copy, modify,
 convey, Adapt, and/or redistribute this work under the terms of the Creative
 Commons Attribution Share Alike 4.0 International License.  A copy of that
 license is available at
 \verb=https://creativecommons.org/licenses/by-sa/4.0/legalcode=.
 \end{center}
+}
 \bigskip
 \tutorialpartsplit{This tutorial}{This part of the tutorial} gives a
 comprehensive explanation of the most popular Free Software copyright
 license, the GNU General Public License (``GNU GPL'', or sometimes just
 ``GPL'') -- both version 2 (``GPLv2'') and version 3 (``GPLv3'') -- and
 teaches lawyers, software developers, managers and business people how to use
 the GPL (and GPL'd software) successfully both as a community-building
 ``Constitution'' for a software project, and to incorporate copylefted
 software into a new Free Software business and in existing, successful
 enterprises.
 To successfully benefit from this part of the tutorial, readers should
 have a general familiarity with software development processes.  A basic
 understanding of how copyright law applies to software is also helpful.  The
 tutorial is of most interest to lawyers, software developers and managers who
 run or advise software businesses that modify and/or redistribute software
 under the terms of the GNU GPL (or who wish to do so in the future), and those
 who wish to make use of existing GPL'd software in their enterprise.
 Upon completion of this part of the tutorial, successful readers can expect
 to have learned the following:
 \begin{itemize}
   \item The freedom-defending purpose of various terms in the GNU GPLv2 and GPLv3.
   \item The differences between GPLv2 and GPLv3.
   \item The redistribution options under the GPLv2 and GPLv3.
   \item The obligations when modifying GPLv2'd or GPLv3'd software.
   \item How to build a plan for proper and successful compliance with the GPL.
   \item The business advantages that the GPL provides.
   \item The most common business models used in conjunction with the GPL.
   \item How existing GPL'd software can be used in existing enterprises.
   \item The basics of LGPLv2.1 and LGPLv3, and how they
     differs from the GPLv2 and GPLv3, respectively.
   \item The basics to begin understanding the complexities regarding
     derivative and combined works of software.
 \end{itemize}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 % END OF ABSTRACTS SECTION
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 % START OF DAY ONE COURSE
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \chapter{What Is Software Freedom?}
 Study of the GNU General Public License (herein, abbreviated as \defn{GNU
   GPL} or just \defn{GPL}) must begin by first considering the broader world
 of software freedom. The GPL was not created in a vacuum. Rather, it was
 created to embody and defend a set of principles that were set forth at the
 founding of the GNU project and the Free Software Foundation (FSF) -- the
 preeminent organization that upholds, defends and promotes the philosophy of software
 freedom. A prerequisite for understanding both of the popular versions
 of the GPL
 (GPLv2 and GPLv3) and their terms and conditions is a basic understanding of
 the principles behind them.  The GPL family of licenses are unlike nearly all
 other software licenses in that they are designed to defend and uphold these
 principles.
 \section{The Free Software Definition}
 \label{Free Software Definition}
 The Free Software Definition is set forth in full on FSF's website at
 \verb0http://fsf.org/0 \verb0philosophy/free-sw.html0. This section presents
 an abbreviated version that will focus on the parts that are most pertinent
 to the GPL\@.
 A particular program grants software freedom to a particular user if that
 user is granted the following freedoms:
 \begin{itemize}
 \item The freedom to run the program, for any purpose.
 \item The freedom to study how the program works, and modify it
 \item The freedom to redistribute copies.
 \item The freedom to distribute copies of  modified versions to others.
 \end{itemize}
 The focus on ``a particular user'' is particularly pertinent here.  It is not
 uncommon for the same version of a specific program to grant these freedoms
 to some subset of its user base, while others have none or only some of these
 freedoms.  Section~\ref{Proprietary Relicensing} talks in detail about how
 this can unfortunately happen even if a program is released under the GPL\@.
 Many people refer to software that gives these freedoms as ``Open Source.''
 Besides having a different political focus than those who call it Free
 Software,\footnote{The political differences between the Free Software
   Movement and the Open Source Movement are documented on FSF's Web site at
   {\tt http://www.fsf.org/licensing/essays/free-software-for-freedom.html}.}
 Those who call the software ``Open Source'' are often focused on a side
 issue.  Specifically, user access to the source code of a program is a
 prerequisite to make use of the freedom to modify.  However, the important
 issue is what freedoms are granted in the license of that source code.
 Software freedom is only complete when no restrictions are imposed on how
 these freedoms are exercised.  Specifically, users and programmers can
 exercise these freedoms noncommercially or commercially.  Licenses that grant
 these freedoms for noncommercial activities but prohibit them for commercial
 activities are considered non-free.  Even the Open Source Initiative
 (\defn{OSI}) (the arbiter of what is considered ``Open Source'') also rules
 such licenses not in fitting with its ``Open Source Definition''.
 In general, software for which most or all of these freedoms are
 restricted in any way is called ``non-Free Software.''  Typically, the
 term ``proprietary software'' is used more or less interchangeably with
 ``non-Free Software.''  Personally, I tend to use the term ``non-Free
 Software'' to refer to noncommercial software that restricts freedom
 (such as ``shareware'') and ``proprietary software'' to refer to
 commercial software that restricts freedom (such as nearly all of
 Microsoft's and Oracle's offerings).
 Keep in mind that none of the terms ``software freedom'', ``open source''
 and ``free software'' are known to be trademarked or otherwise legally
 restricted by any organization in
 any jurisdiction.  As such, it's quite common that these terms are abused and
 misused by parties who wish to bank on the popularity of software freedom.
 When one considers using, modifying or redistributing a software package that
 purports to be Open Source or Free Software, one \textbf{must} verify that
 the license grants software freedom.
 Furthermore, throughout this text, we generally prefer the term ``software
 freedom'', as this is the least ambiguous term available to describe software
 that meets the Free Software Definition.  For example, it is well known and
 often discussed that the adjective ``free'' has two unrelated meanings in
 English: ``free as in freedom'' and ``free as in price''.  Meanwhile, the
 term ``open source'' is even more confusing, because it appears to refer only to the
 ``freedom to study'', which is merely a subset of one of the four freedoms.
 The remainder of this section considers each of each component of software
 freedom in detail.
 \subsection{The Freedom to Run}
 \label{freedom-to-run}
 The first tenet of software freedom is the user's fully unfettered right to
 run the program.  The software's license must permit any conceivable use of
 the software.  Perhaps, for example, the user has discovered an innovative
 use for a particular program, one that the programmer never could have
 predicted.  Such a use must not be restricted.
 It was once rare that this freedom was restricted by even proprietary
 software; but such is quite common today. Most End User License Agreements
 (EULAs) that cover most proprietary software typically restrict some types of
 uses.  Such restrictions of any kind are an unacceptable restriction on
 software freedom.
 \subsection{The Freedom to Change and Modify}
 Perhaps the most useful right of software freedom is the users' right to
 change, modify and adapt the software to suit their needs.  Access to the
 source code and related build and installation scripts are an essential part
 of this freedom.  Without the source code, and the ability to build and
 install the binary applications from that source, users cannot effectively
 exercise this freedom.
 Programmers directly benefit from this freedom.  However, this freedom
 remains important to users who are not programmers.  While it may seem
 counterintuitive at first, non-programmer users often exercise this freedom
 indirectly in both commercial and noncommercial settings.  For example, users
 often seek noncommercial help with the software on email lists and in user
 groups.  To make use of such help they must either have the freedom to
 recruit programmers who might altruistically assist them to modify their
 software, or to at least follow rote instructions to make basic modifications
 themselves.
 More commonly, users also exercise this freedom commercially.  Each user, or
 group of users, may hire anyone they wish in a competitive free market to
 modify and change the software.  This means that companies have a right to
 hire anyone they wish to modify their Free Software.  Additionally, such
 companies may contract with other companies to commission software
 modifications.
 \subsection{The Freedom to Copy and Share}
 Users share Free Software in a variety of ways. Software freedom advocates
 work to eliminate a fundamental ethical dilemma of the software age: choosing
 between obeying a software license and friendship (by giving away a copy of a
 program to your friend who likes the software you are using). Licenses that
 respect software freedom, therefore, permit altruistic sharing of software
 among friends.
 The commercial environment also benefits from this freedom.  Commercial sharing
 includes selling copies of Free Software: that is, Free Software can
 be distributed for any monetary
 price to anyone.  Those who redistribute Free Software commercially also have
 the freedom to selectively distribute (i.e., you can pick your customers) and
 to set prices at any level that redistributor sees fit.
 Of course, most people get copies of Free Software very cheaply (and
 sometimes without charge).  The competitive free market of Free Software
 tends to keep prices low and reasonable.  However, if someone is willing to
 pay billions of dollars for one copy of the GNU Compiler Collection, such a
 sale is completely permitted.
 Another common instance of commercial sharing is service-oriented
 distribution.  For example, some distribution vendors provide immediate
 security and upgrade distribution via a special network service.  Such
 distribution is not necessarily contradictory with software freedom.
 (Section~\ref{Business Models} of this tutorial talks in detail about some
 common Free Software business models that take advantage of the freedom to
 share commercially.)
 \subsection{The Freedom to Share Improvements}
 The freedom to modify and improve is somewhat empty without the freedom to
 share those improvements.  The software freedom community is built on the
 pillar of altruistic sharing of improved Free Software. Historically
 it was typical for a
 Free Software project to sprout a mailing list where improvements
 would be shared
 freely among members of the development community\footnote{This is still
 commonly the case, though today there are other or additional ways of
 sharing Free Software.}.   Such noncommercial
 sharing is the primary reason that Free Software thrives.
 Commercial sharing of modified Free Software is equally important.
 For commercial support to exist in a competitive free market, all
 developers -- from single-person contractors to large software
 companies -- must have the freedom to market their services as
 augmenters of Free Software.  All forms of such service marketing must
 be equally available to all.
 For example, selling support services for Free Software is fully
 permitted. Companies and individuals can offer themselves as ``the place
 to call'' when software fails or does not function properly.  For such a
 service to be meaningful, the entity offering that service needs the
 right to modify and improve the software for the customer to correct any
 problems that are beyond mere user error.
 Software freedom licenses also permit any entity to distribute modified
 versions of Free Software.  Most Free Software programs have a ``standard
 version'' that is made available from the primary developers of the software.
 However, all who have the software have the ``freedom to fork'' -- that is,
 make available nontrivial modified versions of the software on a permanent or
 semi-permanent basis.  Such freedom is central to vibrant developer and user
 interaction.
 Companies and individuals have the right to make true value-added versions
 of Free Software.  They may use freedom to share improvements to
 distribute distinct versions of Free Software with different functionality
 and features.  Furthermore, this freedom can be exercised to serve a
 disenfranchised subset of the user community.  If the developers of the
 standard version refuse to serve the needs of some of the software's
 users, other entities have the right to create a long- or short-lived fork
 to serve that sub-community.
 \section{How Does Software Become Free?}
 The previous section set forth key freedoms and rights that are referred to
 as ``software freedom''.  This section discusses the licensing mechanisms
 used to enable software freedom.  These licensing mechanisms were ultimately
 created as a community-oriented ``answer'' to the existing proprietary
 software licensing mechanisms.  Thus, first, consider carefully why
 proprietary software exists in the first place.
 Proprietary software exists at all only because it is governed by copyright
 law.\footnote{This statement is admittedly an oversimplification. Patents and
   trade secrets can cover software and make it effectively non-Free, and one
   can contract away their rights and freedoms regarding software, or source
   code can be practically obscured in binary-only distribution without
   reliance on any legal system.  However, the primary control mechanism for
   software is copyright, and therefore this section focuses on how copyright
   restrictions make software proprietary.} Copyright law, with respect to
 software, typically governs copying, modifying, and redistributing that
 software (For details of this in the USA, see
 \href{http://www.copyright.gov/title17/92chap1.html#106}{\S~106} and
 \href{http://www.copyright.gov/title17/92chap1.html#117}{\S~117} of
 \href{http://www.law.cornell.edu/uscode/text/17}{Title 17} of the
 \textit{United States Code}).\footnote{Copyright law in general also governs
   ``public performance'' of copyrighted works. There is no generally agreed
   definition for public performance of software and both GPLv2 and GPLv3 do
   not restrict public performance.} By law (in the USA and in most other
 jurisdictions), the copyright holder (most typically, the author) of the work controls
 how others may copy, modify and/or distribute the work. For proprietary
 software, these controls are used to prohibit these activities. In addition,
 proprietary software distributors further impede modification in a practical
 sense by distributing only binary code and keeping the source code of the
 software secret.
 Copyright is not a natural state, it is a legal construction. In the USA, the
 Constitution permits, but does not require, the creation of copyright law as
 federal legislation.  Software, since it is an ``original work of authorship
 fixed in any tangible medium of expression ...  from which they can be
 perceived, reproduced, or otherwise communicated, either directly or with the
 aid of a machine or device'' (as stated in
 \href{http://www.law.cornell.edu/uscode/text/17/102}{17 USC \S~102}), is thus
 covered by the statute, and is copyrighted by default.
 However, software, in its natural state without copyright, is Free
 Software. In an imaginary world with no copyright, the rules would be
 different. In this world, when you received a copy of a program's source
 code, there would be no default legal system to restrict you from sharing it
 with others, making modifications, or redistributing those modified
 versions.\footnote{Note that this is again an oversimplification; the
   complexities with this argument are discussed in
   Section~\ref{software-and-non-copyright}.}
 Software in the real world is copyrighted by default and is automatically
 covered by that legal system.  However, it is possible to move software out
 of the domain of the copyright system.  A copyright holder can often
 \defn{disclaim} their copyright. (For example, under USA copyright law
 it is possible for a copyright holder to engage in conduct resulting
 in abandonment of copyright.)  If copyright is disclaimed, the software is
 effectively no longer restricted by copyright law.   Software not restricted by copyright is in the
 ``public domain.''
 \subsection{Public Domain Software}
 In the USA and other countries that
 are parties to the Berne Convention on Copyright, software is copyrighted
 automatically by the author when she fixes the software in a tangible
 medium.  In the software world, this usually means typing the source code
 of the software into a file.
 Imagine if authors could truly disclaim those default controls of copyright
 law.  If so, the software is in the public domain --- no longer covered by
 copyright.  Since copyright law is the construction allowing for most
 restrictions on software (i.e., prohibition of copying, modification, and
 redistribution), removing the software from the copyright system usually
 yields software freedom for its users.
 Carefully note that software truly in the public domain is \emph{not} licensed
 in any way.  It is confusing to say software is ``licensed for the
 public domain,'' or any phrase that implies the copyright holder gave
 express permission to take actions governed by copyright law.
 Copyright holders who state that they are releasing their code into
 the public domain are effectively renouncing copyright controls on
 the work.  The law gave the copyright holders exclusive controls over the
 work, and they chose to waive those controls.  Software that is, in
 this sense, in the public domain
 is conceptualized by the developer as having no copyright and thus no license. The software freedoms discussed in
 Section~\ref{Free Software Definition} are all granted because there is no
 legal system in play to take them away.
 Admittedly, a discussion of public domain software is an oversimplified
 example.
 Because copyright controls are usually automatically granted and because, in
 some jurisdictions, some copyright controls cannot be waived (see
 Section~\ref{non-usa-copyright} for further discussion), many copyright
 holders sometimes incorrectly believe a work has been placed in the public
 domain.  Second, due to aggressive lobbying by the entertainment industry,
 the ``exclusive Right'' of copyright, that was supposed to only exist for
 ``Limited Times'' according to the USA Constitution, appears to be infinite:
 simply purchased on the installment plan rather than in whole.  Thus, we must
 assume no works of software will fall into the public domain merely due to
 the passage of time.
 Nevertheless, under USA law it is likely that the typical
 disclaimers of copyright or public domain dedications we see in the
 Free Software world would be interpreted by courts as copyright
 abandonment, leading to a situation in which the user effectively receives a
 maximum grant of copyright freedoms, similar to a maximally-permissive
 Free Software license.
 The best example of software known to truly be in the public domain is software
 that is published by the USA government.  Under
 \href{http://www.law.cornell.edu/uscode/text/17/105}{17 USC 101 \S~105}, all
 works published by the USA Government are not copyrightable in the USA.
 \subsection{Why Copyright Free Software?}
 If simply disclaiming copyright on software yields Free Software, then it
 stands to reason that putting software into the public domain is the
 easiest and most straightforward way to produce Free Software. Indeed,
 some major Free Software projects have chosen this method for making their
 software Free. However, most of the Free Software in existence \emph{is}
 copyrighted. In most cases (particularly in those of FSF and the GNU
 Project), this was done due to very careful planning.
 Software released into the public domain does grant freedom to those users
 who receive the standard versions on which the original author disclaimed
 copyright. However, since the work is not copyrighted, any nontrivial
 modification made to the work is fully copyrightable.
 Free Software released into the public domain initially is Free, and
 perhaps some who modify the software choose to place their work into the
 public domain as well. However, over time, some entities will choose to
 proprietarize their modified versions. The public domain body of software
 feeds the proprietary software. The public commons disappears, because
 fewer and fewer entities have an incentive to contribute back to the
 commons. They know that any of their competitors can proprietarize their
 enhancements. Over time, almost no interesting work is left in the public
 domain, because nearly all new work is done by proprietarization.
 A legal mechanism is needed to redress this problem. FSF was in fact
 originally created primarily as a legal entity to defend software freedom,
 and that work of defending software freedom is a substantial part of
 its work today. Specifically because of this ``embrace, proprietarize and
 extend'' cycle, FSF made a conscious choice to copyright its Free Software,
 and then license it under ``copyleft'' terms. Many, including the
 developers of the kernel named Linux, have chosen to follow this paradigm.
 \label{copyleft-definition}
 Copyleft is a legal strategy and mechanism to defend, uphold and propagate software
 freedom. The basic technique of copyleft is as follows: copyright the
 software, license it under terms that give all the software freedoms, but
 use the copyright law controls to ensure that all who receive a copy of
 the software have equal rights and freedom. In essence, copyleft grants
 freedom, but forbids others to forbid that freedom to anyone else along
 the distribution and modification chains.
 Copyleft is a general concept. Much like ideas for what a computer might
 do must be \emph{implemented} by a program that actually does the job, so
 too must copyleft be implemented in some concrete legal structure.
 ``Share and share alike'' is a phrase that is used often enough to explain the
 concept behind copyleft, but to actually make it work in the real world, a
 true implementation in legal text must exist. The GPL is the primary
 implementation of copyleft in copyright licensing language.
 \subsection{Software and Non-Copyright Legal Regimes}
 \label{software-and-non-copyright}
 The use, modification and distribution of software, like many endeavors,
 simultaneously interacts with multiple different legal regimes.  As was noted
 early via footnotes, copyright is merely the \textit{most common way} to
 restrict users' rights to copy, share, modify and/or redistribute software.
 However, proprietary software licenses typically use every mechanism
 available to subjugate users.  For example:
 \begin{itemize}
 \item Unfortunately, despite much effort by many in the software freedom
   community to end patents that read on software (i.e., patents on
   computational ideas), they still ultimately exist.  As such, a software
   program might otherwise be seemly unrestricted, but a patent might read on
   the software and ruin everything for its users.\footnote{See
   \S\S~\ref{gpl-implied-patent-grant},~\ref{GPLv2s7},~\ref{GPLv3s11} for more
   discussion on how the patent system interacts with copyleft, and read
   Richard M.~Stallman's essay,
   \href{http://www.wired.com/opinion/2012/11/richard-stallman-software-patents/}{\textit{Let's
       Limit the Effect of Software Patents, Since We Can't Eliminate Them}}
   for more information on the problems these patents present to society.}
 \item Digital Restrictions Management (usually called \defn{DRM}) is often
   used to impose technological restrictions on users' ability to exercise
   software freedom that they might otherwise be granted\footnote{See
     \S~\ref{GPLv3-drm} for more information on how GPL deals with this issue.}.
   The simplest (and perhaps oldest) form of DRM, of course, is separating
   software source code (read by humans), from their compiled binaries (read
   only by computers).  Furthermore,
   \href{http://www.law.cornell.edu/uscode/text/17/1201}{17 USC~\S1201} often
   prohibits users legally from circumventing some of these DRM systems.
 \item Most EULAs also include a contractual agreement that bind users further
   by forcing them to agree to a contractual, prohibitive software license
   before ever even using the software.
 \end{itemize}
 Thus, most proprietary software restricts users via multiple interlocking
 legal and technological means.  Any license that truly respect the software
 freedom of all users must not only grant appropriate copyright permissions,
 but also \textit{prevent} restrictions from other legal and technological
 means like those listed above.
 \subsection{Non-USA Copyright Regimes}
 \label{non-usa-copyright}
 Generally speaking, copyright law operates similarly enough in countries that
 have signed the Berne Convention on Copyright, and software freedom licenses
 have generally taken advantage of this international standardization of
 copyright law.  However, copyright law does differ from country to country,
 and commonly, software freedom licenses like the GPL must be considered under the
 copyright law in the jurisdiction where any licensing dispute occurs.
 Those who are most familiar with the USA's system of copyright often are
 surprised to learn that there are certain copyright controls that cannot be
 waived nor disclaimed.  Specifically, many copyright regimes outside the USA
 recognize a concept of moral rights of authors.  Typically, moral rights are
 fully compatible with respecting software freedom, as they are usually
 centered around controls that software freedom licenses generally respect,
 such as the right of an authors to require proper attribution for their work.
 \section{A Community of Equality}
 The previous section described the principles of software freedom, a brief
 introduction to mechanisms that typically block these freedoms, and the
 simplest ways that copyright holders might grant those freedoms to their
 users for their copyrighted works of software.  The previous section also
 introduced the idea of \textit{copyleft}: a licensing mechanism to use
 copyright to not only grant software freedom to users, but also to uphold
 those rights against those who might seek to curtail them.
 Copyleft, as defined in \S~\ref{copyleft-definition}, is a general term for this
 mechanism.  The remainder of this text will discuss details of various
 real-world implementations of copyleft -- most notably, the GPL\@.
 This discussion begins first with some general explanation of what the GPL is
 able to do in software development communities.  After that brief discussion
 in this section, deeper discussion of how GPL accomplishes this in practice
 follows in the next chapter.
 Simply put, though, the GPL ultimately creates a community of equality for
 both business and noncommercial users.
 \subsection{The Noncommercial Community}
 A GPL'd code base becomes a center of a vibrant development and user
 community.  Traditionally, volunteers, operating noncommercially out of
 keen interest or ``scratch an itch'' motivations, produce initial versions
 of a GPL'd system.  Because of the efficient distribution channels of the
 Internet, any useful GPL'd system is adopted quickly by noncommercial
 users.
 Fundamentally, the early release and quick distribution of the software
 gives birth to a thriving noncommercial community.  Users and developers
 begin sharing bug reports and bug fixes across a shared intellectual
 commons.  Users can trust the developers, because they know that if the
 developers fail to address their needs or abandon the project, the GPL
 ensures that someone else has the right to pick up development.
 Developers know that the users cannot redistribute their software without
 passing along the rights granted by the GPL, so they are assured that every
 one of their users is treated equally.
 Because of the symmetry and fairness inherent in GPL'd distribution,
 nearly every GPL'd package in existence has a vibrant noncommercial user
 and developer base.
 \subsection{The Commercial Community}
 By the same token, nearly all established GPL'd software systems have a
 vibrant commercial community.  Nearly every GPL'd system that has gained
 wide adoption from noncommercial users and developers eventually begins
 to fuel a commercial system around that software.
 For example, consider the Samba file server system that allows Unix-like
 systems (including GNU/Linux) to serve files to Microsoft Windows systems.
 Two graduate students originally developed Samba in their spare time and
 it was deployed noncommercially in academic environments\footnote{See
   \href{http://turtle.ee.ncku.edu.tw/docs/samba/history}{Andrew Tridgell's
     ``A bit of history and a bit of fun''}}.  However, very
 soon for-profit companies discovered that the software could work for them
 as well, and their system administrators began to use it in place of
 Microsoft Windows NT file-servers.  This served to lower the cost of
 running such servers by orders of magnitude. There was suddenly room in
 Windows file-server budgets to hire contractors to improve Samba.  Some of
 the first people hired to do such work were those same two graduate
 students who originally developed the software.
 The noncommercial users, however, were not concerned when these two
 fellows began collecting paychecks off of their GPL'd work.  They knew
 that because of the nature of the GPL that improvements that were
 distributed in the commercial environment could easily be folded back into
 the standard version.  Companies are not permitted to proprietarize
 Samba, so the noncommercial users, and even other commercial users are
 safe in the knowledge that the software freedom ensured by the GPL will remain
 protected.
 Commercial developers also work in concert with noncommercial
 developers.  Those two now-long-since graduated students continue to
 contribute to Samba altruistically, but also get paid work doing it.
 Priorities change when a client is in the mix, but all the code is
 contributed back to the standard version.  Meanwhile, many other
 individuals have gotten involved noncommercially as developers,
 because they want to ``cut their teeth on Free Software,'' or because
 the problems interest them.  When they get good at it, perhaps they
 will move on to another project, or perhaps they will become
 commercial developers of the software themselves.
 No party is a threat to another in the GPL software scenario because
 everyone is on equal ground.  The GPL protects rights of the commercial
 and noncommercial contributors and users equally. The GPL creates trust,
 because it is a level playing field for all.
 \subsection{Law Analogy}
 In his introduction to Stallman's \emph{Free Software, Free Society},
 Lawrence Lessig draws an interesting analogy between the law and Free
 Software. He argues that the laws of a free society must be protected
 much like the GPL protects software.  So that I might do true justice to
 Lessig's argument, I quote it verbatim:
 \begin{quotation}
 A ``free society'' is regulated by law. But there are limits that any free
 society places on this regulation through law: No society that kept its
 laws secret could ever be called free.  No government that hid its
 regulations from the regulated could ever stand in our tradition. Law
 controls.  But it does so justly only when visibly.  And law is visible
 only when its terms are knowable and controllable by those it regulates,
 or by the agents of those it regulates (lawyers, legislatures).
 This condition on law extends beyond the work of a legislature.  Think
 about the practice of law in American courts.  Lawyers are hired by their
 clients to advance their clients' interests.  Sometimes that interest is
 advanced through litigation. In the course of this litigation, lawyers
 write briefs. These briefs in turn affect opinions written by judges.
 These opinions decide who wins a particular case, or whether a certain law
 can stand consistently with a constitution.
 All the material in this process is free in the sense that Stallman means.
 Legal briefs are open and free for others to use.  The arguments are
 transparent (which is different from saying they are good), and the
 reasoning can be taken without the permission of the original lawyers.
 The opinions they produce can be quoted in later briefs.  They can be
 copied and integrated into another brief or opinion.  The ``source code''
 for American law is by design, and by principle, open and free for anyone
 to take. And take lawyers do---for it is a measure of a great brief that
 it achieves its creativity through the reuse of what happened before.  The
 source is free; creativity and an economy is built upon it.
 This economy of free code (and here I mean free legal code) doesn't starve
 lawyers.  Law firms have enough incentive to produce great briefs even
 though the stuff they build can be taken and copied by anyone else.  The
 lawyer is a craftsman; his or her product is public.  Yet the crafting is
 not charity. Lawyers get paid; the public doesn't demand such work
 without price.  Instead this economy flourishes, with later work added to
 the earlier.
 We could imagine a legal practice that was different --- briefs and
 arguments that were kept secret; rulings that announced a result but not
 the reasoning. Laws that were kept by the police but published to no one
 else. Regulation that operated without explaining its rule.
 We could imagine this society, but we could not imagine calling it
 ``free.''  Whether or not the incentives in such a society would be better
 or more efficiently allocated, such a society could not be known as free.
 The ideals of freedom, of life within a free society, demand more than
 efficient application.  Instead, openness and transparency are the
 constraints within which a legal system gets built, not options to be
 added if convenient to the leaders.  Life governed by software code should
 be no less.
 Code writing is not litigation.  It is better, richer, more
 productive.  But the law is an obvious instance of how creativity and
 incentives do not depend upon perfect control over the products
 created.  Like jazz, or novels, or architecture, the law gets built
 upon the work that went before. This adding and changing is what
 creativity always is.  And a free society is one that assures that its
 most important resources remain free in just this sense.\footnote{This
 quotation is Copyright \copyright{} 2002, Lawrence Lessig. It is
 licensed under the terms of
 \href{http://creativecommons.org/licenses/by/1.0/}{the ``Attribution
 License'' version 1.0} or any later version as published by Creative
 Commons.}
 \end{quotation}
 In essence, lawyers are paid to service the shared commons of legal
 infrastructure.  Few citizens defend themselves in court or write their
 own briefs (even though they are legally permitted to do so) because
 everyone would prefer to have an expert do that job.
 The Free Software economy is a market ripe for experts.  It
 functions similarly to other well established professional fields like the
 law. The GPL, in turn, serves as the legal scaffolding that permits the
 creation of this vibrant commercial and noncommercial Free Software
 economy.
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \chapter{A Tale of Two Copyleft Licenses}
 \label{tale-of-two-copylefts}
 While determining the proper methodology and criteria to yield an accurate
 count remains difficult, the GPL is generally considered one of the most
 widely used Free Software licenses.  For most of its history --- for 16 years
 from June 1991 to June 2007 --- there was really only one version of the GPL,
 version 2.
 However, the GPL had both earlier versions before version 2, and, more well
 known, a revision to version 3.
 \section{Historical Motivations for the General Public License}
 The earliest license to grant software freedom was likely the Berkeley
 Software Distribution (``BSD'') license.  This license is typical of what are
 often called lax, highly permissive licenses.  Not unlike software in the
 public domain, these non-copyleft licenses (usually) grant software freedom
 to users, but they do not go to any effort to uphold that software freedom
 for users.  The so-called ``downstream'' (those who receive the software and
 then build new things based on that software) can restrict the software and
 distribute further.
 The GNU's Not Unix (``GNU'') project, which Richard M.~Stallman (``RMS'')
 founded in 1984 to make a complete Unix-compatible operating system
 implementation that assured software freedom for all.  However, RMS saw that
 using a license that gave but did not assure software freedom would be
 counter to the goals of the GNU project.  RMS invented ``copyleft'' as an
 answer to that problem, and began using various copyleft licenses for the
 early GNU project programs\footnote{RMS writes more fully about this topic in
   his essay entitled simply
   \href{http://www.gnu.org/gnu/thegnuproject.html}{\textit{The GNU Project}}.
     For those who want to hear the story in his own voice,
     \href{http://audio-video.gnu.org/audio/}{speech recordings} of his talk,
     \textit{The Free Software Movement and the GNU/Linux Operating System}
     are also widely available}.
 \section{Proto-GPLs And Their Impact}
 %FIXME-LATER: bad line break:
 %\href{http://www.free-soft.org/gpl_history/emacs_gpl.html}{The Emacs
 %  General Public License}
 The earliest copyleft licenses were specific to various GNU programs.  For
 example,  The Emacs
 General Public License was likely the first copyleft license ever
 published.  Interesting to note that even this earliest copyleft license
 contains a version of the well-known GPL copyleft clause:
 \begin{quotation}
 You may modify your copy or copies of GNU Emacs \ldots provided that you also
 \ldots cause the whole of any work that you distribute or publish, that in
 whole or in part contains or is a derivative of GNU Emacs or any part
 thereof, to be licensed at no charge to all third parties on terms identical
 to those contained in this License Agreement.
 \end{quotation}
 This simply stated clause is the fundamental innovation of copyleft.
 Specifically, copyleft \textit{uses} the copyright holders' controls on
 permission to modify the work to add a conditional requirement.  Namely,
 downstream users may only have permission to modify  the work if they pass
 along the same permissions on the modified version that came originally to
 them.
 These original program-specific proto-GPLs give an interesting window into
 the central ideas and development of copyleft.  In particular, reviewing them
 shows how the text of the GPL we know has evolved to address more of the
 issues discussed earlier in \S~\ref{software-and-non-copyright}.
 \section{The GNU General Public License, Version 1}
 \label{GPLv1}

0 comments (0 inline, 0 general)