Copyleft/guide Changeset - 595c64c15878

Changeset - 595c64c15878

Parent rev.

Child rev.

[Not reviewed]

0 2 0

Bradley Kuhn (bkuhn) - 10 years ago 2014-03-21 01:14:20
bkuhn@ebb.org

Wordsmith paragraph.

2 files changed with 8 insertions and 4 deletions:

compliance-guide.tex

gpl-lgpl.tex

0 comments (0 inline, 0 general)

compliance-guide.tex

➞

Show inline comments

 % compliance-guide.tex                            -*- LaTeX -*-
 \part{A Practical Guide to GPL Compliance}
 \label{gpl-compliance-guide}
 {\parindent 0in
 This part is: \\
 \begin{tabbing}
 Copyright \= \copyright{} 2014 \= \hspace{.2in} Bradley M. Kuhn. \\
 Copyright \> \copyright{} 2008 \> \hspace{.2in} Software Freedom Law Center. \\
 \end{tabbing}
 \vspace{1in}
 \begin{center}
 Authors of this part are: \\
 Bradley M. Kuhn \\
 Aaron Williamson \\
 Karen M. Sandler \\
 \vspace{3in}
 The copyright holders of this part hereby grant the freedom to copy, modify,
 convey, Adapt, and/or redistribute this work under the terms of the Creative
 Commons Attribution Share Alike 4.0 International License.  A copy of that
 license is available at
 \verb=https://creativecommons.org/licenses/by-sa/4.0/legalcode=.
 \end{center}
+}
 \bigskip
 \chapter*{Executive Summary}
 This is a guide to effective compliance with the GNU General Public
 License (GPL) and related licenses.  Copyleft advocates
 usually seek to assist the community with
 GPL compliance cooperatively.   This guide focuses on complying from the
 start, so that readers can learn to avoid enforcement actions entirely, or, at
 least, minimize  the negative impact when enforcement actions occur.
 This guide  introduces and explains basic legal concepts related to the GPL and its
 enforcement by copyright holders. It also outlines business practices and
 methods that lead to better GPL compliance.  Finally, it recommends proper
 post-violation responses to the concerns of copyright holders.
 \chapter{Background}
 Early GPL enforcement efforts began soon after the GPL was written by
 Richard M.~Stallman (RMS) in 1989, and consisted of informal community efforts,
 often in public Usenet discussions.\footnote{One example is the public
   outcry over NeXT's attempt to make the Objective-C front-end to GCC
   proprietary.  RMS, in fact, handled this enforcement action personally and
   the Objective-C front-end is still part of upstream GCC today.}  Over the next decade, the Free Software Foundation (FSF),
 which holds copyrights in many GNU programs, was the only visible entity
 actively enforcing its GPL'd copyrights on behalf of the software freedom
 community.
 FSF's enforcement
 was generally a private process; the FSF contacted violators
 confidentially and helped them to comply with the license.  Most
 violations were pursued this way until the early 2000's.
 By that time, Linux-based systems such as GNU/Linux and BusyBox/Linux had become very common, particularly in
 embedded devices such as wireless routers.  During this period, public
 ridicule of violators in the press and on Internet fora supplemented
 ongoing private enforcement and increased pressure on businesses to
 comply.  In 2003, the FSF formalized its efforts into the GPL Compliance
 Lab, increased the volume of enforcement, and built community coalitions
 to encourage copyright holders to together settle amicably with violators.
 Beginning in 2004, Harald Welte took a more organized public enforcement
 approach and launched \verb0gpl-violations.org0, a website and mailing
 list for collecting reports of GPL violations.  On the basis of these
 reports, Welte successfully pursued many enforcements in Europe, including
 formal legal action.  Harald earns the permanent fame as the first copyright
 holder to bring legal action in a Court regarding GPL compliance.
 In 2007, two copyright holders in BusyBox, in conjunction with the
 Software Freedom Conservancy (``Conservancy''), filed the first copyright infringement lawsuit
 based on a violation of the GPL\@ in the USA. While  lawsuits are of course
 quite public, the vast majority of Conservancy's enforcement actions
 are resolved privately via
 cooperative communications with violators.  As both FSF and Conservancy has worked to bring
 individual companies into compliance, both organizations have encountered numerous
 violations resulting from preventable problems such as inadequate
 attention to licensing of upstream software, misconceptions about the
 GPL's terms, and poor communication between software developers and their
 management.  This document highlights these problems and describe
 best practices to encourage corporate Free Software users to reevaluate their
 approach to GPL'd software and avoid future violations.
 Both FSF and Conservancy continue GPL enforcement and compliance efforts
 for software under the GPL, the GNU Lesser
 Public License (LGPL) and other copyleft licenses.  In doing so, both organizations have
 found that most violations stem from a few common mistakes that can be,
 for the most part, easily avoided.  All copyleft advocates  hope to educate the community of
 commercial distributors, redistributors, and resellers on how to avoid
 violations in the first place, and to respond adequately and appropriately
 when a violation occurs.
 \chapter{Best Practices to Avoid Common Violations}
 \label{best-practices}
 Unlike highly permissive licenses (such as the ISC license), which
 typically only require preservation of copyright notices, licensees face many
 important requirements from the GPL.  These requirements are
 carefully designed to uphold certain values and standards of the software
 freedom community.  While the GPL's requirements may appear initially
 counter-intuitive to those more familiar with proprietary software
 licenses, by comparison, its terms are in fact clear and quite favorable to
 licensees.  Indeed, the GPL's terms actually simplify compliance when
 violations occur.
 GPL violations occur (or, are compounded) most often when companies lack sound
 practices for the incorporation of GPL'd components into their
 internal development environment.  This section introduces some best
 practices for software tool selection, integration and distribution,
 inspired by and congruent with software freedom methodologies.  Companies should
 establish such practices before building a product based on GPL'd
 software.\footnote{This document addresses compliance with GPLv2,
   GPLv3, LGPLv2, and LGPLv3.  Advice on avoiding the most common
   errors differs little for compliance with these four licenses.
   \S~\ref{lgpl} discusses the key differences between GPL and LGPL
   compliance.}
 \section{Evaluate License Applicability}
 \label{derivative-works}
 Political discussion about the GPL often centers around the ``copyleft''
 requirements of the license.  Indeed, the license was designed primarily
 to embody this licensing feature.  Most companies adding non-trivial
 features (beyond mere porting and bug-fixing) to GPL'd software, and
 thereby implicating these requirements, are already well aware of their
 more complex obligations under the license.\footnote{There has been much legal
 features (beyond mere porting and bug-fixing) to GPL'd software (and
 thereby invoking these requirements) are already well aware of their
 more complex obligations under the license.\footnote{While, there has been much legal
   discussion regarding copyleft and derivative works.  In practical
   reality, this issue is not relevant to the vast majority of companies
   distributing GPL'd software.}
   distributing GPL'd software.  Those interested in this issue should study
   \tutorialpartsplit{\texit{Detailed Analysis of the GNU GPL and Related
       Licenses}'s Section on derivative works}{\S~\ref{derivative-works} of
     this tutorial}.}
 However, in our experience with GPL enforcement, few redistributors'
 compliance challenges relate directly to the copyleft provisions; this is
 doubly true for most embedders.  Instead, the distributions of GPL'd
 systems that we encounter typically consist of a full operating system
 including components under the GPL (e.g., Linux, BusyBox) and components
 under the LGPL (e.g., the GNU C Library).  Sometimes, these programs have
 been patched or slightly improved by direct modification of their sources,
 resulting unequivocally in a derivative work.  Alongside these programs,
 companies often distribute fully independent, proprietary programs,
 developed from scratch, which are designed to run on the Free Software operating
 system but do not combine with, link to, modify, or otherwise derive from
 the GPL'd components.\footnote{However, these programs do often combine
   with LGPL'd libraries. This is discussed in detail in \S~\ref{lgpl}.}
 In the latter case, where the work is unquestionably a separate work of
 creative expression, no derivative work has been created.  The tiny
 minority of situations which lie outside these two categories, and thus
 involve close questions about derivative works, require a highly
 fact-dependent analysis and cannot be addressed in a general-purpose
 document.
 Most companies accused of violations, however, lack a basic understanding
 of how to comply even in the straightforward scenario.  This document
 provides that fundamental and generally applicable prerequisite knowledge.
 For answers to rarer and more complicated legal questions, such as whether
 your software is a derivative work of some copylefted software, consult
 with an attorney.\footnote{If you would like more information on the
   application of derivative works doctrine to software, a detailed legal
   discussion is presented in our colleague Dan Ravicher's article,
   \textit{Software Derivative Work: A Circuit Dependent Determination}.}
 For this discussion, we will assume that you have already identified the
 ``work'' covered by the license, and that any components not under the GPL
 (e.g., applications written entirely by your developers that merely happen
 to run on a Linux-based operating system) distributed in conjunction with
 those works are separate works within the meaning of copyright law.  In
 such a case, the GPL requires you to provide complete and corresponding
 source for the GPL'd components and your modifications thereto, but not
 for independent proprietary applications.  The procedures described in
 this document address this typical scenario.
 \section{Monitor Software Acquisition}
 Software engineers should have the freedom to innovate and import useful
 software components to improve your product.  However, along with that
 freedom should come rules and reporting procedures to make sure that you
 are aware of what software is being tested or included with your product.
 The companies we contact about GPL violations often respond with: ``We
 didn't know there was GPL'd stuff in there''.  This answer indicates a
 failure in the software acquisition and procurement process.  Integration
 of third-party proprietary software typically requires a formal
 arrangement and management/legal oversight before the developers
 incorporate the software.  By contrast, your developers often obtain and
 integrate Free Software without intervention. The ease of acquisition, however,
 does not mean the oversight is any less necessary.  Just as your legal
 and/or management team negotiates terms for inclusion of any proprietary
 software, they should be involved in all decisions to bring Free Software into your
 product.
 Simple, engineering-oriented rules help provide a stable foundation for
 free software integration.  Ask your software developers to send an email to a
 standard place describing each new Free Software component they add to the system,
 and have them include a brief description of how they will incorporate it
 into the product.  Make sure they use a revision control system, and have
 store the upstream versions of all software in a ``vendor branch'' or
 similar mechanism, whereby they can easily track and find the main version
 of the software and local changes made.
 Such procedures are best instituted at your project's launch.  Once a
 chaotic and poorly-sourced development process has begun, the challenges
 of determining and cataloging the presence of GPL'd components is
 difficult.  If you are in that situation, we recommend the
 \href{http://fossology.org/}{Fossology system}, which analyzes a
 source-code base and produces a list of Free Software licenses that may apply to
 the code.  Fossology can help you build a catalog of the sources you have
 already used to build your product.  You can then expand that into a more
 structured inventory and process.
 \section{Track Your Changes and Releases}
 As we will explain in further detail below, the most important component
 to maintaining GPL compliance is inclusion of the complete and
 corresponding source code in any distributions that you make of GPL'd
 software.  Knowing at all times what sources generated a given binary
 distribution is paramount.
 In an unfortunately large number of our enforcement cases, the violating
 company's engineering team had difficulty reconstructing the precise
 sources for a given binary distributed by the company.  Ensure that your
 developers are using revision control systems properly.  Have them mark or
 tag the full source tree corresponding to builds distributed to customers.
 Finally, check that your developers store all parts of the software
 development in the revision control system, including {\sc readme}s, build
 scripts, engineers' notes, and documentation.  Your developers will also
 benefit from a system that tracks the precise version of source that
 corresponds to any deployed binary.
 \section{Avoid the ``Build Guru''}
 Too many software projects rely on only one or a very few team members who
 know how to build and assemble the final released product.  Such knowledge
 centralization not only creates engineering redundancy issues, but it also
 endangers GPL compliance, which requires you to provide build scripts.
 Avoid relying on a ``build guru'', a single developer who is the only one
 who knows how to produce your final product. Make sure the build process
 is well defined.  Train every developer on the build process for the final
 binary distribution, including (in the case of embedded software)
 generating a final firmware image suitable for distribution to the
 customer.  Require developers to use revision control for build processes.
 Make a rule that adding new components to the system without adequate
 build instructions (or better yet, scripts) is unacceptable engineering
 practice.
 \chapter{Details of Compliant Distribution}
 In this section, we explain the specific requirements placed upon
 distributors of GPL'd software.  Note that this section refers heavily to
 specific provisions and language in
 \href{http://www.gnu.org/licenses/old-licenses/gpl-2.0.html#section3}{GPLv2}
 and \href{http://www.fsf.org/licensing/licenses/gpl.html#section6}{GPLv3}.
 It may be helpful to have a copy of each license open while reading this
 section.
 \section{Binary Distribution Permission}
 \label{binary-distribution-permission}
 % be careful below, you cannot refill the \if section, so don't refill
 % this paragraph without care.
 The various versions of the GPL are copyright licenses that grant
 permission to make certain uses of software that are otherwise restricted
 by copyright law.  This permission is conditioned upon compliance with the
 GPL's requirements.\footnote{For a full discussion of this concept, please see
 \ifpdf
 \href{http://www.softwarefreedom.org/resources/2008/foss-primer.html\#x1-40002}{the
   chapter entitled ``Common Copyright Questions''} in SFLC's publication,
 \href{http://www.softwarefreedom.org/resources/2008/foss-primer.pdf}{\textit{A
     Legal Issues Primer for Open Source and Free Software Projects}}.
 \else
 \ifx \generateHTML \isGeneratingHTML
 \href{http://www.softwarefreedom.org/resources/2008/foss-primer.html\#x1-40002}{the
   chapter entitled ``Common Copyright Questions''} in SFLC's publication
 \href{http://www.softwarefreedom.org/resources/2008/foss-primer.html}{\textit{A
     Legal Issues Primer for Open Source and Free Software Projects}}.
 \else
 the chapter entitled ``Common Copyright Questions'' in SFLC's publication,
 \textit{A Legal Issues Primer for Open Source and Free Software
   Projects}.
 \fi
 \fi
+}
 This section walks through the requirements (of both GPLv2 and GPLv3) that
 apply when you distribute GPL'd programs in binary (i.e., executable or
 object code) form, which is typical for embedded applications.  Because a
 binary application derives from a program's original sources, you need
 permission from the copyright holder to distribute it.  \S~3 of GPLv2 and
 \S~6 of GPLv3 contain the permissions and conditions related to binary
 distributions of GPL'd programs.\footnote{These sections cannot be fully
   understood in isolation; read the entire license thoroughly before
   focusing on any particular provision.  However, once you have read and
   understood the entire license, look to these sections to guide
   compliance for binary distributions.}
 GPL's binary distribution sections offer a choice of compliance methods,
 each of which we consider in turn.  Each option refers to the
 ``Corresponding Source'' code for the binary distribution, which includes
 the source code from which the binary was produced.  This abbreviated and
 simplified definition is sufficient for the binary distribution discussion
 in this section, but you may wish to refer back to this section after
 reading the thorough discussion of ``Corresponding Source'' that appears
 in \S~\ref{corresponding-source}.
 \subsection{Option (a): Source Alongside Binary}
 GPLv2~\S~3(a) and v3~\S~6(a) embody the easiest option for providing
 source code: including Corresponding Source with every binary
 distribution.  While other options appear initially less onerous, this
 option invariably minimizes potential compliance problems, because when
 you distribute Corresponding Source with the binary, \emph{your GPL
   obligations are satisfied at the time of distribution}.  This is not
 true of other options, and for this reason, we urge you to seriously
 consider this option.  If you do not, you may extend the duration of your
 obligations far beyond your last binary distribution.
 Compliance under this option is straightforward.  If you ship a product
 that includes binary copies of GPL'd software (e.g., in firmware, or on a
 hard drive, CD, or other permanent storage medium), you can store the
 Corresponding Source alongside the binaries.  Alternatively, you can
 include the source on a CD or other removable storage medium in the box
 containing the product.
 GPLv2 refers to the various storage mechanisms as ``medi[a] customarily
 used for software interchange''.  While the Internet has attained primacy
 as a means of software distribution where super-fast Internet connections
 are available, GPLv2 was written at a time when downloading software was
 not practical (and was often impossible).  For much of the world, this
 condition has not changed since GPLv2's publication, and the Internet
 still cannot be considered ``a medium customary for software
 interchange''.  GPLv3 clarifies this matter, requiring that source be
 ``fixed on a durable physical medium customarily used for software
 interchange''.  This language affirms that option (a) requires binary
 redistributors to provide source on a physical medium.
 Please note that while selection of option (a) requires distribution on a
 physical medium, voluntary distribution via the Internet is very useful.  This
 is discussed in detail in \S~\ref{offer-with-internet}.
 \subsection{Option (b): The Offer}
 \label{offer-for-source}
 Many distributors prefer to ship only an offer for source with the binary
 distribution, rather than the complete source package.  This
 option has value when the cost of source distribution is a true
 per-unit cost.  For example, this option might be a good choice for
 embedded products with permanent storage too small to fit the source, and
 which are not otherwise shipped with a CD but \emph{are} shipped with a
 manual or other printed material.
 However, this option increases the duration of your obligations
 dramatically.  An offer for source must be good for three full years from
 your last binary distribution (under GPLv2), or your last binary or spare
 part distribution (under GPLv3).  Your source code request and
 provisioning system must be designed to last much longer than your product
 life cycle.
 In addition, if you are required to comply with the terms of GPLv2, you
 {\bf cannot} use a network service to provide the source code.  For GPLv2,
 the source code offer is fulfilled only with physical media.  This usually
 means that you must continue to produce an up-to-date ``source code CD''
 for years after the product's end-of-life.
 \label{offer-with-internet}
 Under GPLv2, it is acceptable and advisable for your offer for source code
 to include an Internet link for downloadable source \emph{in addition} to
 offering source on a physical medium.  This practice enables those with
 fast network connections to get the source more quickly, and typically
 decreases the number of physical media fulfillment requests.
 (GPLv3~\S~6(b) permits provision of source with a public
 network-accessible distribution only and no physical media.  We discuss
 this in detail at the end of this section.)
 The following is a suggested compliant offer for source under GPLv2 (and
 is also acceptable for GPLv3) that you would include in your printed
 materials accompanying each binary distribution:
 \begin{quote}
 The software included in this product contains copyrighted software that
 is licensed under the GPL\@.  A copy of that license is included in this
 document on page $X$\@.  You may obtain the complete Corresponding Source
 code from us for a period of three years after our last shipment of this
 product, which will be no earlier than 2011-08-01, by sending a money
 order or check for \$5 to: \\
 GPL Compliance Division \\
 Our Company \\
 Any Town, US 99999 \\
 \\
 Please write ``source for product $Y$'' in the memo line of your
 payment.
 You may also find a copy of the source at
 \verb0http://www.example.com/sources/Y/0.
 This offer is valid to anyone in receipt of this information.
 \end{quote}
 There are a few important details about this offer.  First, it requires a
 copying fee.  GPLv2 permits ``a charge no more than your cost of
 physically performing source distribution''.  This fee must be reasonable.
 If your cost of copying and mailing a CD is more than around \$10, you
 should perhaps find a cheaper CD stock and shipment method.  It is simply
 not in your interest to try to overcharge the community.  Abuse of this
 provision in order to make a for-profit enterprise of source code
 provision will likely trigger enforcement action.
 Second, note that the last line makes the offer valid to anyone who
 requests the source.  This is because v2~\S~3(b) requires that offers be
 ``to give any third party'' a copy of the Corresponding Source.  GPLv3 has
 a similar requirement, stating that an offer must be valid for ``anyone
 who possesses the object code''.  These requirements indicated in
 v2~\S~3(c) and v3~\S~6(c) are so that non-commercial redistributors may
 pass these offers along with their distributions.  Therefore, the offers
 must be valid not only to your customers, but also to anyone who received
 a copy of the binaries from them.  Many distributors overlook this
 requirement and assume that they are only required to fulfill a request
 from their direct customers.
 The option to provide an offer for source rather than direct source
 distribution is a special benefit to companies equipped to handle a
 fulfillment process.  GPLv2~\S~3(c) and GPLv3~\S~6(c) avoid burdening
 noncommercial, occasional redistributors with fulfillment request
 obligations by allowing them to pass along the offer for source as they
 received it.
 Note that commercial redistributors cannot avail themselves of the option
 (c) exception, and so while your offer for source must be good to anyone
 who receives the offer (under v2) or the object code (under v3), it
 \emph{cannot} extinguish the obligations of anyone who commercially
 redistributes your product.  The license terms apply to anyone who
 distributes GPL'd software, regardless of whether they are the original
 distributor.  Take the example of Vendor $V$, who develops a software
 platform from GPL'd sources for use in embedded devices.  Manufacturer $M$
 contracts with $V$ to install the software as firmware in $M$'s device.
 $V$ provides the software to $M$, along with a compliant offer for source.
 In this situation, $M$ cannot simply pass $V$'s offer for source along to
 its customers.  $M$ also distributes the GPL'd software commercially, so
 $M$ too must comply with the GPL and provide source (or $M$'s \emph{own}
 offer for source) to $M$'s customers.
 This situation illustrates that the offer for source is often a poor
 choice for products that your customers will likely redistribute.  If you
 include the source itself with the products, then your distribution to
 your customers is compliant, and their (unmodified) distribution to their
 customers is likewise compliant, because both include source.  If you
 include only an offer for source, your distribution is compliant but your
 customer's distribution does not ``inherit'' that compliance, because they
 have not made their own offer to accompany their distribution.
 The terms related to the offer for source are quite different if you
 distribute under GPLv3.  Under v3, you may make source available only over
 a network server, as long as it is available to the general public and
 remains active for three years from the last distribution of your product
 or related spare part.  Accordingly, you may satisfy your fulfillment
 obligations via Internet-only distribution.  This makes the ``offer for
 source'' option less troublesome for v3-only distributions, easing
 compliance for commercial redistributors.  However, before you switch to a
 purely Internet-based fulfillment process, you must first confirm that you
 can actually distribute \emph{all} of the software under GPLv3.  Some
 programs are indeed licensed under ``GPLv2, \emph{or any later version}''
 (often abbreviated ``GPLv2-or-later'').  Such licensing gives you the
 option to redistribute under GPLv3.  However, a few popular programs are
 only licensed under GPLv2 and not ``or any later version''
 (``GPLv2-only'').  You cannot provide only Internet-based source request
 fulfillment for the latter programs.
 If you determine that all GPL'd works in your whole product allow upgrade
 to GPLv3 (or were already GPLv3'd to start), your offer for source may be
 as simple as this:
 \begin{quote}
 The software included in this product contains copyrighted software that
 is licensed under the GPLv3\@.  A copy of that license is included in this
 document on page $X$\@.  You may obtain the complete Corresponding Source
 code from us for a period of three years after our last shipment of this
 product and/or spare parts therefor, which will be no earlier than
 -08-01, on our website at
 \verb0http://www.example.com/sources/productnum/0.
 \end{quote}
 \medskip
 Under both GPLv2 and GPLv3, source offers must be accompanied by a copy of
 the license itself, either electronically or in print, with every
 distribution.
 Finally, it is unacceptable to use option (b) merely because you do not have
 Corresponding Source ready.  We find that some companies chose this option
 because writing an offer is easy, but producing a source distribution as
 an afterthought to a hasty development process is difficult.  The offer
 for source does not exist as a stop-gap solution for companies rushing to
 market with an out-of-compliance product.  If you ship an offer for source
 with your product but cannot actually deliver \emph{immediately} on that
 offer when your customers receive it, you should expect an enforcement
 action.
 \subsection{Option (c): Noncommercial Offers}
 As discussed in the last section, GPLv2~\S~3(c) and GPLv3~\S~6(c) apply
 only to noncommercial use.  These options are not available to businesses
 distributing GPL'd software.  Consequently, companies who redistribute
 software packaged for them by an upstream vendor cannot merely pass along
 the offer they received from the vendor; they must provide their own offer
 or corresponding source to their distributees.  We talk in detail about
 upstream software providers in \S~\ref{upstream}.
 \subsection{Option 6(d) in GPLv3: Internet Distribution}
 Under GPLv2, your formal provisioning options for Corresponding Source
 ended with \S~3(c).  But even under GPLv2, pure Internet source
 distribution was a common practice and generally considered to be
 compliant.  GPLv2 mentions Internet-only distribution almost as aside in
 the language, in text at the end of the section after the three
 provisioning options are listed.  To quote that part of GPLv2~\S~3:
 \begin{quote}
 If distribution of executable or object code is made by offering access to
 copy from a designated place, then offering equivalent access to copy the
 source code from the same place counts as distribution of the source code,
 even though third parties are not compelled to copy the source along with
 the object code.
 \end{quote}
 When that was written in 1991, Internet distribution of software was the
 exception, not the rule.  Some FTP sites existed, but generally software
 was sent on magnetic tape or CDs.  GPLv2 therefore mostly assumed that
 binary distribution happened on some physical media.  By contrast,
 GPLv3~\S~6(d) explicitly gives an option for this practice that the
 community has historically considered GPLv2-compliant.
 Thus, you may fulfill your source-provision obligations by providing the
 source code in the same way and from the same location.  When exercising
 this option, you are not obligated to ensure that users download the
 source when they download the binary, and you may use separate servers as
 needed to fulfill the requests as long as you make the source as
 accessible as the binary.  However, you must ensure that users can easily
 find the source code at the time they download the binary. GPLv3~\S~6(d)
 thus clarifies a point that has caused confusion about source provision in
 v2.  Indeed, many such important clarifications are included in v3 which
 together provide a compelling reason for authors and redistributors alike
 to adopt GPLv3.
 \subsection{Option 6(e) in GPLv3: Software Torrents}
 Peer-to-peer file sharing arose well after GPLv2 was written, and does not
 easily fit any of the v2 source provision options.  GPLv3~\S~6(e)
 addresses this issue, explicitly allowing for distribution of source and
 binary together on a peer-to-peer file sharing network.  If you distribute
 solely via peer-to-peer networks, you can exercise this option.  However,
 peer-to-peer source distribution \emph{cannot} fulfill your source
 provision obligations for non-peer-to-peer binary distributions.  Finally,
 you should ensure that binaries and source are equally seeded upon initial
 peer-to-peer distribution.
 \section{Preparing Corresponding Source}
 \label{corresponding-source}
 Most enforcement cases involve companies that have unfortunately not
 implemented procedures like our \S~\ref{best-practices} recommendations
 and have no source distribution arranged at all.  These companies must
 work backwards from a binary distribution to come into compliance.  Our
 recommendations in \S~\ref{best-practices} are designed to make it easy to
 construct a complete and Corresponding Source release from the outset.  If
 you have followed those principles in your development, you can meet the
 following requirements with ease.  If you have not, you may have
 substantial reconstruction work to do.
 \subsection{Assemble the Sources}
 For every binary that you produce, you should collect and maintain a copy
 of the sources from which it was built.  A large system, such as an
 embedded firmware, will probably contain many GPL'd and LGPL'd components
 for which you will have to provide source.  The binary distribution may
 also contain proprietary components which are separate and independent
 works that are covered by neither the GPL nor LGPL\@.
 The best way to separate out your sources is to have a subdirectory for
 each component in your system.  You can then easily mark some of them as
 required for your Corresponding Source releases.  Collecting
 subdirectories of GPL'd and LGPL'd components is the first step toward
 preparing your release.
 \subsection{Building the Sources}
 Few distributors, particularly of embedded systems, take care to read the
 actual definition of Corresponding Source in the GPL\@.  Consider
 carefully the definition, from GPLv3:
 \begin{quote}
   The ``Corresponding Source'' for a work in object code form means all
   the source code needed to generate, install, and (for an executable
   work) run the object code and to modify the work, including scripts to
   control those activities.
 \end{quote}
 and the definition from GPLv2:
 \begin{quote}
 The source code for a work means the preferred form of the work for making
 modifications to it.  For an executable work, complete source code means
 all the source code for all modules it contains, plus any associated
 interface definition files, plus the scripts used to control compilation
 and installation of the executable.
 \end{quote}
 Note that you must include ``scripts used to control compilation and
 installation of the executable'' and/or anything ``needed to generate,
 install, and (for an executable work) run the object code and to modify
 the work, including scripts to control those activities''.  These phrases
 are written to cover different types of build environments and systems.
 Therefore, the details of what you need to provide with regard to scripts
 and installation instructions vary depending on the software details.  You
 must provide all information necessary such that someone generally skilled
 with computer systems could produce a binary similar to the one provided.
 Take as an example an embedded wireless device.  Usually, a company
 distributes a firmware, which includes a binary copy of
 Linux\footnote{``Linux'' refers only to the kernel, not the larger system
   as a whole.} and a filesystem.  That filesystem contains various binary
 programs, including some GPL'd binaries, alongside some proprietary
 binaries that are separate works (i.e., not derived from, nor based on
 freely-licensed sources).  Consider what, in this case, constitutes adequate
 ``scripts to control compilation and installation'' or items ``needed to
 generate, install and run'' the GPL'd programs.
 Most importantly, you must provide some sort of roadmap that allows
 technically sophisticated users to build your software.  This can be
 complicated in an embedded environment.  If your developers use scripts to
 control the entire compilation and installation procedure, then you can
 simply provide those scripts to users along with the sources they act
 upon.  Sometimes, however, scripts were never written (e.g., the
 information on how to build the binaries is locked up in the mind of your
 ``build guru'').  In that case, we recommend that you write out build
 instructions in a natural language as a detailed, step-by-step {\sc
   readme}.
 No matter what you offer, you need to give those who receive source a
 clear path from your sources to binaries similar to the ones you ship.  If
 you ship a firmware (kernel plus filesystem), and the filesystem contains
 binaries of GPL'd programs, then you should provide whatever is necessary
 to enable a reasonably skilled user to build any given GPL'd source
 program (and modified versions thereof), and replace the given binary in
 your filesystem.  If the kernel is Linux, then the users must have the
 instructions to do the same with the kernel.  The best way to achieve this

gpl-lgpl.tex

➞

Show inline comments

@@ ... / @@ -604,1024 +604,1025 @@ and developer base. @@
 By the same token, nearly all established GPL'd software systems have a
 vibrant commercial community.  Nearly every GPL'd system that has gained
 wide adoption from noncommercial users and developers eventually begins
 to fuel a commercial system around that software.
 For example, consider the Samba file server system that allows Unix-like
 systems (including GNU/Linux) to serve files to Microsoft Windows systems.
 Two graduate students originally developed Samba in their spare time and
 it was deployed noncommercially in academic environments\footnote{See
   \href{http://turtle.ee.ncku.edu.tw/docs/samba/history}{Andrew Tridgell's
     ``A bit of history and a bit of fun''}}.  However, very
 soon for-profit companies discovered that the software could work for them
 as well, and their system administrators began to use it in place of
 Microsoft Windows NT file-servers.  This served to lower the cost of
 running such servers by orders of magnitude. There was suddenly room in
 Windows file-server budgets to hire contractors to improve Samba.  Some of
 the first people hired to do such work were those same two graduate
 students who originally developed the software.
 The noncommercial users, however, were not concerned when these two
 fellows began collecting paychecks off of their GPL'd work.  They knew
 that because of the nature of the GPL that improvements that were
 distributed in the commercial environment could easily be folded back into
 the standard version.  Companies are not permitted to proprietarize
 Samba, so the noncommercial users, and even other commercial users are
 safe in the knowledge that the software freedom ensured by GPL will remain
 protected.
 Commercial developers also work in concert with noncommercial
 developers.  Those two now-long-since graduated students continue to
 contribute to Samba altruistically, but also get paid work doing it.
 Priorities change when a client is in the mix, but all the code is
 contributed back to the standard version.  Meanwhile, many other
 individuals have gotten involved noncommercially as developers,
 because they want to ``cut their teeth on Free Software,'' or because
 the problems interest them.  When they get good at it, perhaps they
 will move on to another project, or perhaps they will become
 commercial developers of the software themselves.
 No party is a threat to another in the GPL software scenario because
 everyone is on equal ground.  The GPL protects rights of the commercial
 and noncommercial contributors and users equally. The GPL creates trust,
 because it is a level playing field for all.
 \subsection{Law Analogy}
 In his introduction to Stallman's \emph{Free Software, Free Society},
 Lawrence Lessig draws an interesting analogy between the law and Free
 Software. He argues that the laws of a free society must be protected
 much like the GPL protects software.  So that I might do true justice to
 Lessig's argument, I quote it verbatim:
 \begin{quotation}
 A ``free society'' is regulated by law. But there are limits that any free
 society places on this regulation through law: No society that kept its
 laws secret could ever be called free.  No government that hid its
 regulations from the regulated could ever stand in our tradition. Law
 controls.  But it does so justly only when visibly.  And law is visible
 only when its terms are knowable and controllable by those it regulates,
 or by the agents of those it regulates (lawyers, legislatures).
 This condition on law extends beyond the work of a legislature.  Think
 about the practice of law in American courts.  Lawyers are hired by their
 clients to advance their clients' interests.  Sometimes that interest is
 advanced through litigation. In the course of this litigation, lawyers
 write briefs. These briefs in turn affect opinions written by judges.
 These opinions decide who wins a particular case, or whether a certain law
 can stand consistently with a constitution.
 All the material in this process is free in the sense that Stallman means.
 Legal briefs are open and free for others to use.  The arguments are
 transparent (which is different from saying they are good), and the
 reasoning can be taken without the permission of the original lawyers.
 The opinions they produce can be quoted in later briefs.  They can be
 copied and integrated into another brief or opinion.  The ``source code''
 for American law is by design, and by principle, open and free for anyone
 to take. And take lawyers do---for it is a measure of a great brief that
 it achieves its creativity through the reuse of what happened before.  The
 source is free; creativity and an economy is built upon it.
 This economy of free code (and here I mean free legal code) doesn't starve
 lawyers.  Law firms have enough incentive to produce great briefs even
 though the stuff they build can be taken and copied by anyone else.  The
 lawyer is a craftsman; his or her product is public.  Yet the crafting is
 not charity. Lawyers get paid; the public doesn't demand such work
 without price.  Instead this economy flourishes, with later work added to
 the earlier.
 We could imagine a legal practice that was different --- briefs and
 arguments that were kept secret; rulings that announced a result but not
 the reasoning. Laws that were kept by the police but published to no one
 else. Regulation that operated without explaining its rule.
 We could imagine this society, but we could not imagine calling it
 ``free.''  Whether or not the incentives in such a society would be better
 or more efficiently allocated, such a society could not be known as free.
 The ideals of freedom, of life within a free society, demand more than
 efficient application.  Instead, openness and transparency are the
 constraints within which a legal system gets built, not options to be
 added if convenient to the leaders.  Life governed by software code should
 be no less.
 Code writing is not litigation.  It is better, richer, more
 productive.  But the law is an obvious instance of how creativity and
 incentives do not depend upon perfect control over the products
 created.  Like jazz, or novels, or architecture, the law gets built
 upon the work that went before. This adding and changing is what
 creativity always is.  And a free society is one that assures that its
 most important resources remain free in just this sense.\footnote{This
 quotation is Copyright \copyright{} 2002, Lawrence Lessig. It is
 licensed under the terms of
 \href{http://creativecommons.org/licenses/by/1.0/}{the ``Attribution
 License'' version 1.0} or any later version as published by Creative
 Commons.}
 \end{quotation}
 In essence, lawyers are paid to service the shared commons of legal
 infrastructure.  Few citizens defend themselves in court or write their
 own briefs (even though they are legally permitted to do so) because
 everyone would prefer to have an expert do that job.
 The Free Software economy is a market ripe for experts.  It
 functions similarly to other well established professional fields like the
 law. The GPL, in turn, serves as the legal scaffolding that permits the
 creation of this vibrant commercial and noncommercial Free Software
 economy.
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \chapter{A Tale of Two Copyleft Licenses}
 \label{tale-of-two-copylefts}
 While determining the proper methodology and criteria to yield an accurate
 count remains difficult, the GPL is generally considered one of the most
 widely used Free Software licenses.  For most of its history --- for 16 years
 from June 1991 to June 2007 --- there was really only one version of the GPL,
 version 2.
 However, the GPL had both earlier versions before version 2, and, more well
 known, a revision to version 3.
 \section{Historical Motivations for the General Public License}
 The earliest license to grant software freedom was likely the Berkeley
 Software Distribution (``BSD'') license.  This license is typical of what are
 often called lax, highly permissive licenses.  Not unlike software in the
 public domain, these non-copyleft licenses (usually) grant software freedom
 to users, but they do not go to any effort to uphold that software freedom
 for users.  The so-called ``downstream'' (those who receive the software and
 then build new things based on that software) can restrict the software and
 distribute further.
 The GNU's Not Unix (``GNU'') project, which Richard M.~Stallman (``RMS'')
 founded in 1984 to make a complete Unix-compatible operating system
 implementation that assured software freedom for all.  However, RMS saw that
 using a license that gave but did not assure software freedom would be
 counter to the goals of the GNU project.  RMS invented ``copyleft'' as an
 answer to that problem, and began using various copyleft licenses for the
 early GNU project programs\footnote{RMS writes more fully about this topic in
   his essay entitled simply
   \href{http://www.gnu.org/gnu/thegnuproject.html}{\textit{The GNU Project}}.
     For those who want to hear the story in his own voice,
     \href{http://audio-video.gnu.org/audio/}{speech recordings} of his talk,
     \textit{The Free Software Movement and the GNU/Linux Operating System}
     are also widely available}.
 \section{Proto-GPLs And Their Impact}
 The earliest copyleft licenses were specific to various GNU programs.  For
 example, \href{http://www.free-soft.org/gpl_history/emacs_gpl.html}{The Emacs
   General Public License} was likely the first copyleft license ever
 published.  Interesting to note that even this earliest copyleft license
 contains a version of the well-known GPL copyleft clause:
 \begin{quotation}
 You may modify your copy or copies of GNU Emacs \ldots provided that you also
 \ldots cause the whole of any work that you distribute or publish, that in
 whole or in part contains or is a derivative of GNU Emacs or any part
 thereof, to be licensed at no charge to all third parties on terms identical
 to those contained in this License Agreement.
 \end{quotation}
 This simply stated clause is the fundamental innovation of copyleft.
 Specifically, copyleft \textit{uses} the copyright holders' controls on
 permission to modify the work to add a conditional requirement.  Namely,
 downstream users may only have permission to modify  the work if they pass
 along the same permissions on the modified version that came originally to
 them.
 These original program-specific proto-GPLs give an interesting window into
 the central ideas and development of copyleft.  In particular, reviewing them
 shows how the text of the GPL we know has evolved to address more of the
 issues discussed earlier in \S~\ref{software-and-non-copyright}.
 \section{The GNU General Public License, Version 1}
 \label{GPLv1}
 In January 1989, the FSF announced that the GPL had been converted into a
 ``subroutine'' that could be reused not just for all FSF-copyrighted
 programs, but also by anyone else.  As the FSF claimed in its announcement of
 the GPLv1\footnote{The announcement of GPLv1 was published in the
   \href{http://www.gnu.org/bulletins/bull6.html\#SEC8}{GNU'S Bulletin, vol 1,
     number 6 dated January 1989}.  (Thanks very much to Andy Tai for his
   \href{http://www.free-soft.org/gpl_history/}{consolidation of research on
     the history of the pre-v1 GPL's}.)}:
 \begin{quotation}
 To make it easier to copyleft programs, we have been improving on the
 legalbol architecture of the General Public License to produce a new version
 that serves as a general-purpose subroutine: it can apply to any program
 without modification, no matter who is publishing it.
 \end{quotation}
 This, like many inventive ideas, seems somewhat obvious in retrospect.  But,
 the FSF had some bright people and access to good lawyers when it started.
 It took almost five years from the first copyleft licenses to get to a
 generalized, reusable GPLv1.  In the context and mindset of the 1980s, this
 is not surprising.  The idea of reusable licensing infrastructure was not
 only uncommon, it was virtually nonexistent!  Even the early BSD licenses
 were simply copied and rewritten slightly for each new use\footnote{It
   remains an interesting accident of history that the early BSD problematic
   ``advertising clause'' (discussion of which is somewhat beyond the scope of
   this tutorial) lives on into current day, simply because while the
   University of California at Berkeley gave unilateral permission to remove
   the clause from \textit{its} copyrighted works, others who adapted the BSD
   license with their own names in place of UC-Berkeley's never have.}.  The
 GPLv1's innovation of reusable licensing infrastructure, an obvious fact
 today, was indeed a novel invention for its day\footnote{We're all just
   grateful that the FSF also opposes business method patents, since the FSF's
   patent on a ``method for reusable licensing infrastructure'' would have
   not expired until 2006!}.
 \section{The GNU General Public License, Version 2}
 The GPLv2 was released two and a half years after GPLv1, and over the
 following sixteen years, it became the standard for copyleft licensing until
 the release of GPLv3 in 2007 (discussed in more detail in the next section).
 While this tutorial does not discuss the terms of GPLv1 in detail, it is
 worth noting below the three key changes that GPLv2 brought:
 \begin{itemize}
 \item Software patents and their danger are explicitly mentioned, inspiring
   (in part) the addition of GPLv2~\S\S5--7.  (These sections are discussed in
   detail in \S~\ref{GPLv2s5}, \S~\ref{GPLv2s6} and \S~\ref{GPLv2s7} of this
   tutorial.)
 \item GPLv2~\S2's copyleft terms are expanded to more explicitly discuss the
   issue of combined works.  (GPLv2~\S2 is discussed in detail in
   \S~\ref{GPLv2s2} in this tutorial).
 \item GPLv2~\S3 includes more detailed requirements, including the phrase
  ``the scripts used to control compilation and installation of the
   executable'', which is a central component of current GPLv2 enforcement
   .  (GPLv2~\S3 is discussed in detail in
   \S~\ref{GPLv2s3} in this tutorial).
 \end{itemize}
 The next chapter discusses GPLv2 in full detail, and readers who wish to dive
 into the section-by-section discussion of the GPL should jump ahead now to
 that chapter.  However, the most interesting fact to note here is how GPLv2
 was published with little fanfare and limited commentary.  This contrasts
 greatly with the creation of GPLv3.
 \section{The GNU General Public License, Version 3}
 RMS began drafting GPLv2.2 in mid-2002, and FSF ran a few discussion groups
 during that era about new text of that license.  However, rampant violations
 of the GPL required more immediate attention of FSF's licensing staff, and as
 such, much of the early 2000's was spent doing GPL enforcement
 work\footnote{More on GPL enforcement is discussed in \tutorialpartsplit{a
     companion tutorial, \textit{A Practical Guide to GPL
       Compliance}}{Part~\ref{gpl-compliance-guide} of this tutorial}.}.  In
 , FSF began in earnest drafting work for GPLv3.
 The GPLv3 process began in earnest in January 2006.  It became clear that
 many provisions of the GPL could benefit from modification to fit new
 circumstances and to reflect what the entire community learned from
 experience with version 2.  Given the scale of revision it seems proper to
 approach the work through public discussion in a transparent and accessible
 manner.
 The GPLv3 process continued through June 2007, culminating in publication of
 GPLv3 and LGPLv3 on 29 June 2007, AGPLv3 on 19 November 2007, and the GCC
 Runtime Library Exception on 27 January 2009.
 All told, four discussion drafts of GPLv3, two discussion drafts of LGPLv3
 and two discussion drafts of AGPLv3 were published and discussed.
 Ultimately, FSF remained the final arbiter and publisher of the licenses, and
 RMS himself their primary author, but input was sought from many parties, and
 these licenses do admittedly look and read more like legislation as a result.
 Nevertheless, all of the ``v3'' group are substantially better and improved
 licenses.
 GPLv3 and its terms are discussed in detail in Chapter\~ref{GPLv3}.
 \section{The Innovation of Optional ``Or Any Later'' Version}
 An interesting fact of all GPL licenses is that the are ultimate multiple
 choices for use of the license.  The FSF is the primary steward of GPL (as
 discussed later in \S~\ref{GPLv2s9} and \S~\ref{GPLv3s14}).  However, those
 who wish to license works under GPL are not required to automatically accept
 changes made by the FSF for their own copyrighted works.
 Each licensor may chose three different methods of licensing, as follows:
 \begin{itemize}
 \item explicitly name a single version of GPL for their work (usually
   indicated in shorthand by saying the license is ``GPLv$X$-only''), or
 \item name no version of the GPL, thus they allow their downstream recipients
   to select any version of the GPL they chose (usually indicated in shorthand
   by saying the license is simply ``GPL''), or
 \item name a specific version of GPL and give downstream recipients the
   option to chose that version ``or any later version as published by the
   FSF'' (usually indicated by saying the license is
   ``GPLv$X$-or-later'')\footnote{The shorthand of ``GPL$X+$'' is also popular
     for this situation.  The authors of this tutorial prefer ``-or-later''
     syntax, because it (a) mirrors the words ``or'' and ``later from the
     licensing statement, (b) the $X+$ doesn't make it abundantly clear that
     $X$ is clearly included as a license option and (c) the $+$ symbol has
     other uses in computing (such as with regular expressions) that mean
     something different.}
 \end{itemize}
 \label{license-compatibility-first-mentioned}
 Oddly, this flexibility has received (in the opinion of the authors, undue)
 criticism, primarily because of the complex and oft-debated notion of
 ``license compatibility'' (which is explained in detail in
 \S~\ref{license-compatibility}).  Copyleft licenses are generally
 incompatible with each other, because the details of how they implement
 copyleft differs.  Specifically, copyleft works only because of its
 requirement that downstream licensors use the \textit{same} license for
 combined and modified works.  As such, software licensed under the terms of
 ``GPLv2-only'' cannot be combined with works licensed ``GPLv3-or-later''.
 This is admittedly a frustrating outcome.
 Other copyleft licenses that appeared after GPL, such
 as the Creative Commons ``Share Alike'' licenses, the Eclipse Public License
 and the Mozilla Public License \textbf{require} all copyright holders choosing
 to use any version of those licenses to automatically accept and relicense
 their copyrighted works under new versions.  Of course ,Creative Commons, the
 Eclipse Foundation, and the Mozilla Foundation (like the FSF) have generally
 served as excellent stewards of their licenses.  Copyright holders using
 those licenses seems to find it acceptable that to fully delegate all future
 licensing decisions for their copyrights to these organizations without a
 second thought.
 However, note that FSF gives herein the control of copyright holders to
 decide whether or not to implicitly trust the FSF in its work of drafting
 future GPL versions.  The FSF, for its part, does encourage copyright holders
 to chose by default ``GPLv$X$-or-later'' (where $X$ is the most recent
 version of the GPL published by the FSF).  However, the FSF \textbf{does not
   mandate} that a choice to use any GPL requires a copyright holder ceding
 its authority for future licensing decisions to the FSF.  In fact, the FSF
 considered this possibility for GPLv3 and chose not to do so, instead opting
 for the third-party steward designation clause discussed in
 Section~\ref{GPLv3s14}.
 \section{Complexities of Two Simultaneously Popular Copylefts}
 Obviously most GPL advocates would prefer widespread migration to GPLv3, and
 many newly formed projects who seek a copyleft license tend to choose a
 GPLv3-based license.  However, many existing copylefted projects continue
 with GPLv2-only or GPLv2-or-later as their default license.
 While GPLv3 introduces many improvements --- many of which were designed to
 increase adoption by for-profit companies --- GPLv2 remains a widely used and
 extremely popular license.  The GPLv2 is, no doubt, a good and useful
 license.
 However, unlike GPLv1, which (as pointed out in \S~\ref{GPLv1}), which is
 completely out of use by the mid-1990s.  However, unlike GPLv1 before it,
 GPLv2 remains a integral part of the copyleft licensing infrastructure for
 some time to come.  As such, those who seek to have expertise in current
 topics of copyleft licensing need to study both the GPLv2 and GPLv3 family of
 licenses.
 Furthermore, GPLv3 can is more easily understood by first studying GPLv2.
 This is not only because of their chronological order, but also because much
 of the discussion material available for GPLv3 tends to talk about GPLv3 in
 contrast to GPLv2.  As such, a strong understanding of GPLv2 helps in
 understanding most of the third-party material found regarding GPLv3.  Thus,
 the following chapter begins a deep discussion of GPLv2.
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \chapter{Running Software and Verbatim Copying}
 \label{run-and-verbatim}
 This chapter begins the deep discussion of the details of the terms of
 GPLv2\@. In this chapter, we consider the first two sections: GPLv2 \S\S
 --2. These are the straightforward sections of the GPL that define the
 simplest rights that the user receives.
 \section{GPLv2~\S0: Freedom to Run}
 \label{GPLv2s0}
 GPLv2~\S0, the opening section of GPLv2, sets forth that the copyright law governs
 the work.  It specifically points out that it is the ``copyright
 holder'' who decides if a work is licensed under its terms and explains
 how the copyright holder might indicate this fact.
 A bit more subtly, GPLv2~\S0 makes an inference that copyright law is the only
 system that can restrict the software.  Specifically, it states:
 \begin{quote}
 Activities other than copying, distribution and modification are not
 covered by this License; they are outside its scope.
 \end{quote}
 In essence, the license governs \emph{only} those activities, and all other
 activities are unrestricted, provided that no other agreements trump GPLv2
 (which they cannot; see Sections~\ref{GPLv2s6} and~\ref{GPLv2s7}).  This is
 very important, because the Free Software community heavily supports
 users' rights to ``fair use'' and ``unregulated use'' of copyrighted
 material.  GPLv2 asserts through this clause that it supports users' rights
 to fair and unregulated uses.
 Fair use (called ``fair dealing'' in some jurisdictions) of copyrighted
 material is an established legal doctrine that permits certain activities
 regardless of whether copyright law would other restrict those activities.
 Discussion of the various types of fair use activity are beyond the scope of
 this tutorial.  However, one important example of fair use is the right to
 quote portions of the text in larger work so as to criticize or suggest
 changes.  This fair use rights is commonly used on mailing lists when
 discussing potential improvements or changes to Free Software.
 Fair use is a doctrine established by the courts or by statute.  By
 contrast, unregulated uses are those that are not covered by the statue
 nor determined by a court to be covered, but are common and enjoyed by
 many users.  An example of unregulated use is reading a printout of the
 program's source code like an instruction book for the purpose of learning
 how to be a better programmer.  The right to read something that you have
 access is and should remain unregulated and unrestricted.
 \medskip
 Thus, the GPLv2 protects users fair and unregulated use rights precisely by
 not attempting to cover them.  Furthermore, the GPLv2 ensures the freedom
 to run specifically by stating the following:
 \begin{quote}
 ''The act of running the Program is not restricted.''
 \end{quote}
 Thus, users are explicitly given the freedom to run by GPLv2~\S0.
 \medskip
 The bulk of GPLv2~\S0 not yet discussed gives definitions for other terms used
 throughout.  The only one worth discussing in detail is ``work based on
 the Program''.  The reason this definition is particularly interesting is
 not for the definition itself, which is rather straightforward, but
 because it clears up a common misconception about the GPL\@.
 The GPL is often mistakenly criticized because it fails to give a
 definition of ``derivative work''.  In fact, it would be incorrect and
 problematic if the GPL attempted to define this.  A copyright license, in
 fact, has no control over what may or may not be a derivative work.  This
 matter is left up to copyright law and the courts --- not the licenses that utilize it.
 It is certainly true that copyright law as a whole does not propose clear
 and straightforward guidelines for what is and is not a derivative
 software work under copyright law.  However, no copyright license --- not
 even the GNU GPL --- can be blamed for this.  Legislators and court
 opinions must give us guidance to decide the border cases.
 \section{GPLv2~\S1: Verbatim Copying}
 \label{GPLv2s1}
 GPLv2~\S1 covers the matter of redistributing the source code of a program
 exactly as it was received. This section is quite straightforward.
 However, there are a few details worth noting here.
 The phrase ``in any medium'' is important.  This, for example, gives the
 freedom to publish a book that is the printed copy of the program's source
 code.  It also allows for changes in the medium of distribution.  Some
 vendors may ship Free Software on a CD, but others may place it right on
 the hard drive of a pre-installed computer.  Any such redistribution media
 is allowed.
 Preservation of copyright notice and license notifications are mentioned
 specifically in GPLv2~\S1.  These are in some ways the most important part of
 the redistribution, which is why they are mentioned by name.  GPL
 always strives to make it abundantly clear to anyone who receives the
 software what its license is.  The goal is to make sure users know their
 rights and freedoms under GPL, and to leave no reason that users might be
 surprised the software is GPL'd. Thus
 throughout the GPL, there are specific references to the importance of
 notifying others down the distribution chain that they have rights under
 GPL.
 Also mentioned by name is the warranty disclaimer. Most people today do
 not believe that software comes with any warranty.  Notwithstanding the
 \href{http://mlis.state.md.us/2000rs/billfile/hb0019.htm}{Maryland's} and \href{http://leg1.state.va.us/cgi-bin/legp504.exe?001+ful+SB372ER}{Virginia's} UCITA bills, there are few or no implied warranties with software.
 However, just to be on the safe side, GPL clearly disclaims them, and the
 GPL requires re distributors to keep the disclaimer very visible. (See
 Sections~\ref{GPLv2s11} and~\ref{GPLv2s12} of this tutorial for more on GPL's
 warranty disclaimers.)
 Note finally that GPLv2~\S1 creates groundwork for the important defense of
 commercial freedom.  GPLv2~\S1 clearly states that in the case of verbatim
 copies, one may make money.  Re distributors are fully permitted to charge
 for the redistribution of copies of Free Software. In addition, they may
 provide the warranty protection that the GPL disclaims as an additional
 service for a fee. (See Section~\ref{Business Models} for more discussion
 on making a profit from Free Software redistribution.)
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \chapter{Derivative Works: Statute and Case Law}
 \label{derivative-works}
 We digress for this chapter from our discussion of GPL's exact text to
 consider the matter of derivative works --- a concept that we must
 understand fully before considering GPLv2~\S\S2--3\@. GPL, and Free
 Software licensing in general, relies critically on the concept of
 ``derivative work'' since software that is ``independent,'' (i.e., not
 ``derivative'') of Free Software need not abide by the terms of the
 applicable Free Software license. As much is required by \S~106 of the
 Copyright Act, 17 U.S.C. \S~106 (2002), and admitted by Free Software
 licenses, such as the GPL, which (as we have seen) states in GPLv2~\S0 that ``a
 `work based on the Program' means either the Program or any derivative
 work under copyright law.'' It is being a derivative work of Free Software
 that triggers the necessity to comply with the terms of the Free Software
 license under which the original work is distributed. Therefore, one is
 left to ask, just what is a ``derivative work''? The answer to that
 question differs depending on which court is being asked.
 The analysis in this chapter sets forth the differing definitions of
 derivative work by the circuit courts. The broadest and most
 established definition of derivative work for software is the
 abstraction, filtration, and comparison test (``the AFC test'') as
 created and developed by the Second Circuit. Some circuits, including
 the Ninth Circuit and the First Circuit, have either adopted narrower
 versions of the AFC test or have expressly rejected the AFC test in
 favor of a narrower standard. Further, several other circuits have yet
 to adopt any definition of derivative work for software.
 As an introductory matter, it is important to note that literal copying of
 a significant portion of source code is not always sufficient to establish
 that a second work is a derivative work of an original
 program. Conversely, a second work can be a derivative work of an original
 program even though absolutely no copying of the literal source code of
 the original program has been made. This is the case because copyright
 protection does not always extend to all portions of a program's code,
 while, at the same time, it can extend beyond the literal code of a
 program to its non-literal aspects, such as its architecture, structure,
 sequence, organization, operational modules, and computer-user interface.
 \section{The Copyright Act}
 The copyright act is of little, if any, help in determining the definition
 of a derivative work of software. However, the applicable provisions do
 provide some, albeit quite cursory, guidance. Section 101 of the Copyright
 Act sets forth the following definitions:
 \begin{quotation}
 A ``computer program'' is a set of statements or instructions to be used
 directly or indirectly in a computer in order to bring about a certain
 result.
 A ``derivative work'' is a work based upon one or more preexisting works,
 such as a translation, musical arrangement, dramatization,
 fictionalization, motion picture version, sound recording, art
 reproduction, abridgment, condensation, or any other form in which a work
 may be recast, transformed, or adapted. A work consisting of editorial
 revisions, annotations, elaborations, or other modifications which, as a
 whole, represent an original work of authorship, is a ``derivative work.''
 \end{quotation}
 These are the only provisions in the Copyright Act relevant to the
 determination of what constitutes a derivative work of a computer
 program. Another provision of the Copyright Act that is also relevant to
 the definition of derivative work is \S~102(b), which reads as follows:
 \begin{quotation}
 In no case does copyright protection for an original work of authorship
 extend to any idea, procedure, process, system, method of operation,
 concept, principle, or discovery, regardless of the form in which it is
 described, explained, illustrated, or embodied in such work.
 \end{quotation}
 Therefore, before a court can ask whether one program is a derivative work
 of another program, it must be careful not to extend copyright protection
 to any ideas, procedures, processes, systems, methods of operation,
 concepts, principles, or discoveries contained in the original program. It
 is the implementation of this requirement to ``strip out'' unprotectable
 elements that serves as the most frequent issue over which courts
 disagree.
 \section{Abstraction, Filtration, Comparison Test}
 As mentioned above, the AFC test for determining whether a computer
 program is a derivative work of an earlier program was created by the
 Second Circuit and has since been adopted in the Fifth, Tenth, and
 Eleventh Circuits. Computer Associates Intl., Inc. v. Altai, Inc., 982
 F.2d 693 (2nd Cir. 1992); Engineering Dynamics, Inc. v. Structural
 Software, Inc., 26 F.3d 1335 (5th Cir. 1994); Kepner-Tregoe,
 Inc. v. Leadership Software, Inc., 12 F.3d 527 (5th Cir. 1994); Gates
 Rubber Co. v. Bando Chem. Indust., Ltd., 9 F.3d 823 (10th Cir. 1993);
 Mitel, Inc. v. Iqtel, Inc., 124 F.3d 1366 (10th Cir. 1997); Bateman
 v. Mnemonics, Inc., 79 F.3d 1532 (11th Cir. 1996); and, Mitek Holdings,
 Inc. v. Arce Engineering Co., Inc., 89 F.3d 1548 (11th Cir. 1996).
 Under the AFC test, a court first abstracts from the original program its
 constituent structural parts. Then, the court filters from those
 structural parts all unprotectable portions, including incorporated ideas,
 expression that is necessarily incidental to those ideas, and elements
 that are taken from the public domain. Finally, the court compares any and
 all remaining kernels of creative expression to the structure of the
 second program to determine whether the software programs at issue are
 substantially similar so as to warrant a finding that one is the
 derivative work of the other.
 Often, the courts that apply the AFC test will perform a quick initial
 comparison between the entirety of the two programs at issue in order to
 help determine whether one is a derivative work of the other. Such a
 holistic comparison, although not a substitute for the full application of
 the AFC test, sometimes reveals a pattern of copying that is not otherwise
 obvious from the application of the AFC test when, as discussed below,
 only certain components of the original program are compared to the second
 program. If such a pattern is revealed by the quick initial comparison,
 the court is more likely to conclude that the second work is indeed a
 derivative of the original.
 \subsection{Abstraction}
 The first step courts perform under the AFC test is separation of the
 work's ideas from its expression. In a process akin to reverse
 engineering, the courts dissect the original program to isolate each level
 of abstraction contained within it. Courts have stated that the
 abstractions step is particularly well suited for computer programs
 because it breaks down software in a way that mirrors the way it is
 typically created. However, the courts have also indicated that this step
 of the AFC test requires substantial guidance from experts, because it is
 extremely fact and situation specific.
 By way of example, one set of abstraction levels is, in descending order
 of generality, as follows: the main purpose, system architecture, abstract
 data types, algorithms and data structures, source code, and object
 code. As this set of abstraction levels shows, during the abstraction step
 of the AFC test, the literal elements of the computer program, namely the
 source and object code, are defined as particular levels of
 abstraction. Further, the source and object code elements of a program are
 not the only elements capable of forming the basis for a finding that a
 second work is a derivative of the program. In some cases, in order to
 avoid a lengthy factual inquiry by the court, the owner of the copyright in
 the original work will submit its own list of what it believes to be the
 protected elements of the original program. In those situations, the court
 will forgo performing its own abstraction, and proceed to the second step of
 the AFC test.
 \subsection{Filtration}
 The most difficult and controversial part of the AFC test is the second
 step, which entails the filtration of protectable expression contained in
 the original program from any unprotectable elements nestled therein. In
 determining which elements of a program are unprotectable, courts employ a
 myriad of rules and procedures to sift from a program all the portions
 that are not eligible for copyright protection.
 First, as set forth in \S~102(b) of the Copyright Act, any and all ideas
 embodied in the program are to be denied copyright protection. However,
 implementing this rule is not as easy as it first appears. The courts
 readily recognize the intrinsic difficulty in distinguishing between ideas
 and expression and that, given the varying nature of computer programs,
 doing so will be done on an ad hoc basis. The first step of the AFC test,
 the abstraction, exists precisely to assist in this endeavor by helping
 the court separate out all the individual elements of the program so that
 they can be independently analyzed for their expressive nature.
 A second rule applied by the courts in performing the filtration step of
 the AFC test is the doctrine of merger, which denies copyright protection
 to expression necessarily incidental to the idea being expressed. The
 reasoning behind this doctrine is that when there is only one way to
 express an idea, the idea and the expression merge, meaning that the
 expression cannot receive copyright protection due to the bar on copyright
 protection extending to ideas. In applying this doctrine, a court will ask
 whether the program's use of particular code or structure is necessary for
 the efficient implementation of a certain function or process. If so, then
 that particular code or structure is not protected by copyright and, as a
 result, it is filtered away from the remaining protectable expression.
 A third rule applied by the courts in performing the filtration step of
 the AFC test is the doctrine of scenes a faire, which denies copyright
 protection to elements of a computer program that are dictated by external
 factors. Such external factors can include:
 \begin{itemize}
   \item The mechanical
 specifications of the computer on which a particular program is intended
 to operate
   \item Compatibility requirements of other programs with which a
 program is designed to operate in conjunction
   \item Computer manufacturers'
 design standards
   \item Demands of the industry being serviced, and
 widely accepted programming practices within the computer industry
 \end{itemize}
 Any code or structure of a program that was shaped predominantly in
 response to these factors is filtered out and not protected by
 copyright. Lastly, elements of a computer program are also to be filtered
 out if they were taken from the public domain or fail to have sufficient
 originality to merit copyright protection.
 Portions of the source or object code of a computer program are rarely
 filtered out as unprotectable elements. However, some distinct parts of
 source and object code have been found unprotectable. For example,
 constant s, the invariable integers comprising part of formulas used to
 perform calculations in a program, are unprotectable. Further, although
 common errors found in two programs can provide strong evidence of
 copying, they are not afforded any copyright protection over and above the
 protection given to the expression containing them.
 \subsection{Comparison}
 The third and final step of the AFC test entails a comparison of the
 original program's remaining protectable expression to a second
 program. The issue will be whether any of the protected expression is
 copied in the second program and, if so, what relative importance the
 copied portion has with respect to the original program overall. The
 ultimate inquiry is whether there is ``substantial'' similarity between
 the protected elements of the original program and the potentially
 derivative work. The courts admit that this process is primarily
 qualitative rather than quantitative and is performed on a case-by-case
 basis. In essence, the comparison is an ad hoc determination of whether
 the protectable elements of the original program that are contained in the
 second work are significant or important parts of the original program. If
 so, then the second work is a derivative work of the first. If, however,
 the amount of protectable elements copied in the second work are so small
 as to be de minimis, then the second work is not a derivative work of the
 original.
 \section{Analytic Dissection Test}
 The Ninth Circuit has adopted the analytic dissection test to determine
 whether one program is a derivative work of another. Apple Computer,
 Inc. v. Microsoft Corp., 35 F.3d 1435 (9th Cir. 1994). The analytic
 dissection test first considers whether there are substantial similarities
 in both the ideas and expressions of the two works at issue. Once the
 similar features are identified, analytic dissection is used to determine
 whether any of those similar features are protected by copyright. This
 step is the same as the filtration step in the AFC test. After identifying
 the copyrightable similar features of the works, the court then decides
 whether those features are entitled to ``broad'' or ``thin''
 protection. ``Thin'' protection is given to non-copyrightable facts or
 ideas that are combined in a way that affords copyright protection only
 from their alignment and presentation, while ``broad'' protection is given
 to copyrightable expression itself. Depending on the degree of protection
 afforded, the court then sets the appropriate standard for a subjective
 comparison of the works to determine whether, as a whole, they are
 sufficiently similar to support a finding that one is a derivative work of
 the other. ``Thin'' protection requires the second work be virtually
 identical in order to be held a derivative work of an original, while
 ``broad'' protection requires only a ``substantial similarity.''
 \section{No Protection for ``Methods of Operation''}
 The First Circuit has taken the position that the AFC test is inapplicable
 when the works in question relate to unprotectable elements set forth in
 \S~102(b).  Their approach results in a much narrower definition
 of derivative work for software in comparison to other circuits. Specifically,
 the
 First Circuit holds that ``method of operation,'' as used in \S~102(b) of
 the Copyright Act, refers to the means by which users operate
 computers. Lotus Development Corp. v. Borland Int'l., Inc., 49 F.3d 807
 (1st Cir. 1995).  In Lotus, the court held that a menu command
 hierarchy for a computer program was uncopyrightable because it did not
 merely explain and present the program's functional capabilities to the
 user, but also served as a method by which the program was operated and
 controlled. As a result, under the First Circuit's test, literal copying
 of a menu command hierarchy, or any other ``method of operation,'' cannot
 form the basis for a determination that one work is a derivative of
 another.  As a result, courts in the First Circuit that apply the AFC test
 do so only after applying a broad interpretation of \S~102(b) to filter out
 unprotected elements. E.g., Real View, LLC v. 20-20 Technologies, Inc.,
 F. Supp.2d 147, 154 (D. Mass. 2010).
 \section{No Test Yet Adopted}
 Several circuits, most notably the Fourth and Seventh, have yet to
 declare their definition of derivative work and whether or not the
 AFC, Analytic Dissection, or some other test best fits their
 interpretation of copyright law. Therefore, uncertainty exists with
 respect to determining the extent to which a software program is a
 derivative work of another in those circuits. However, one may presume
 that they would give deference to the AFC test since it is by far the
 majority rule among those circuits that have a standard for defining
 a software derivative work.
 \section{Cases Applying Software Derivative Work Analysis}
 In the preeminent case regarding the definition of a derivative work for
 software, Computer Associates v. Altai, the plaintiff alleged that its
 program, Adapter, which was used to handle the differences in operating
 system calls and services, was infringed by the defendant's competitive
 program, Oscar. About 30\% of Oscar was literally the same code as
 that in Adapter. After the suit began, the defendant rewrote those
 portions of Oscar that contained Adapter code in order to produce a new
 version of Oscar that was functionally competitive with Adapter, without
 have any literal copies of its code. Feeling slighted still, the
 plaintiff alleged that even the second version of Oscar, despite having no
 literally copied code, also infringed its copyrights. In addressing that
 question, the Second Circuit promulgated the AFC test.
 In abstracting the various levels of the program, the court noted a
 similarity between the two programs' parameter lists and macros. However,
 following the filtration step of the AFC test, only a handful of the lists
 and macros were protectable under copyright law because they were either
 in the public domain or required by functional demands on the
 program. With respect to the handful of parameter lists and macros that
 did qualify for copyright protection, after performing the comparison step
 of the AFC test, it was reasonable for the district court to conclude that
 they did not warrant a finding of infringement given their relatively minor
 contribution to the program as a whole. Likewise, the similarity between
 the organizational charts of the two programs was not substantial enough
 to support a finding of infringement because they were too simple and
 obvious to contain any original expression.
 In the case of Oracle America v. Google, 872 F. Supp.2d 974 (N.D. Cal. 2012),
 the Northern District of California District Court examined the question of
 whether the application program interfaces (APIs) associated with the Java
 programming language are entitled to copyright protection.  While the
 court expressly declined to rule whether all APIs are free to use without
 license (872 F. Supp.2d 974 at 1002), the court held that the command
 structure and taxonomy of the APIs were not protectable under copyright law.
 Specifically, the court characterized the command structure and taxonomy as
 both a ``method of operation'' (using an approach not dissimilar to the
 First Circuit's analysis in Lotus) and a ``functional requirement for
 compatibility'' (using Sega v. Accolade, 977 F.2d 1510 (9th Cir. 1992) and
 Sony Computer Ent. v. Connectix, 203 F.3d 596 (9th Cir. 2000) as analogies),
 and thus unprotectable subject matter under \S~102(b).
 Perhaps not surprisingly, there have been few other cases involving a highly
 detailed software derivative work analysis. Most often, cases involve
 clearer basis for decision, including frequent bad faith on the part of
 the defendant or over-aggressiveness on the part of the plaintiff.
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \chapter{Modified Source and Binary Distribution}
 \label{source-and-binary}
 In this chapter, we discuss the two core sections that define the rights
 and obligations for those who modify, improve, and/or redistribute GPL'd
 software. These sections, GPLv2~\S\S2--3, define the central core rights and
 requirements of GPLv2\@.
 \section{GPLv2~\S2: Share and Share Alike}
 \label{GPLv2s2}
 For many, this is where the ``magic'' happens that defends software
 freedom upon redistribution.  GPLv2~\S2 is the only place in GPLv2
 that governs the modification controls of copyright law.  If users
 modifies a GPLv2'd program, they must follow the terms of GPLv2~\S2 in making
 those changes.  Thus, this sections ensures that the body of GPL'd software, as it
 continues and develops, remains Free as in freedom.
 To achieve that goal, GPLv2~\S2 first sets forth that the rights of
 redistribution of modified versions are the same as those for verbatim
 copying, as presented in GPLv2~\S1.  Therefore, the details of charging money,
 keeping copyright notices intact, and other GPLv2~\S1 provisions are in tact
 here as well.  However, there are three additional requirements.
 The first (GPLv2~\S2(a)) requires that modified files carry ``prominent
 notices'' explaining what changes were made and the date of such
 changes. This section does not prescribe some specific way of
 marking changes nor does it control the process of how changes are made.
 Primarily, GPLv2~\S2(a) seeks to ensure that those receiving modified
 versions know the history of changes to the software.  For some users,
 it is important to know that they are using the standard version of
 program, because while there are many advantages to using a fork,
 there are a few disadvantages.  Users should be informed about the
 historical context of the software version they use, so that they can
 make proper support choices.  Finally, GPLv2~\S2(a) serves an academic
 purpose --- ensuring that future developers can use a diachronic
 approach to understand the software.
 \medskip
 The second requirement (GPLv2~\S2(b)) contains the four short lines that embody
 the legal details of ``share and share alike''.  These 46 words are
 considered by some to be the most worthy of careful scrutiny because
 GPLv2~\S2(b), and they
 can be a source of great confusion when not properly understood.
 In considering GPLv2~\S2(b), first note the qualifier: it \textit{only} applies to
 derivative works that ``you distribute or publish''.  Despite years of
 education efforts on this matter, many still believe that modifiers
 of GPL'd software \textit{must} to publish or otherwise
 share their changes.  On the contrary, GPLv2~\S2(b) {\bf does not apply if} the
 changes are never distributed.  Indeed, the freedom to make private,
 personal, unshared changes to software for personal use only should be
 protected and defended.\footnote{Most Free Software enthusiasts believe there is an {\bf
     moral} obligation to redistribute changes that are generally useful,
   and they often encourage companies and individuals to do so.  However, there
   is a clear distinction between what one {\bf ought} to do and what one
   {\bf must} do.}
 Next, we again encounter the same matter that appears in GPLv2~\S0, in the
 following text:
 \begin{quote}
 ``...that in whole or part contains or is derived from the Program or any part thereof.''
 \end{quote}
 Again, the GPL relies here on what the copyright law says is a derivative
 work.  If, under copyright law, the modified version ``contains or is
 derived from'' the GPL'd software, then the requirements of GPLv2~\S2(b)
 apply.  The GPL invokes its control as a copyright license over the
 modification of the work in combination with its control over distribution
 of the work.
 The final clause of GPLv2~\S2(b) describes what the licensee must do if she is
 distributing or publishing a work that is deemed a derivative work under
 copyright law --- namely, the following:
 \begin{quote}
 [The work must] be licensed as a whole at no charge to all third parties
 under the terms of this License.
 \end{quote}
 That is probably the most tightly-packed phrase in all of the GPL\@.
 Consider each subpart carefully.
 The work ``as a whole'' is what is to be licensed. This is an important
 point that GPLv2~\S2 spends an entire paragraph explaining; thus this phrase is
 worthy of a lengthy discussion here.  As a programmer modifies a software
 program, she generates new copyrighted material --- fixing expressions of
 ideas into the tangible medium of electronic file storage.  That
 programmer is indeed the copyright holder of those new changes.  However,
 those changes are part and parcel to the original work distributed to
 the programmer under GPL\@. Thus, the license of the original work
 affects the license of the new whole derivative work.
 % {\cal I}
 \newcommand{\gplusi}{$\mathcal{G\!\!+\!\!I}$}
 \newcommand{\worki}{$\mathcal{I}$}
 \newcommand{\workg}{$\mathcal{G}$}
 \label{separate-and-independent}
 It is certainly possible to take an existing independent work (called
 \worki{}) and combine it with a GPL'd program (called \workg{}).  The
 license of \worki{}, when it is distributed as a separate and independent
 work, remains the prerogative of the copyright holder of \worki{}.
 However, when \worki{} is combined with \workg{}, it produces a new work
 that is the combination of the two (called \gplusi{}). The copyright of
 this combined work, \gplusi{}, is held by the original copyright
 holder of each of the two works.
 In this case, GPLv2~\S2 lays out the terms by which \gplusi{} may be
 distributed and copied.  By default, under copyright law, the copyright
 holder of \worki{} would not have been permitted to distribute \gplusi{};
 copyright law forbids it without the expressed permission of the copyright
 holder of \workg{}. (Imagine, for a moment, if \workg{} were a proprietary
 product --- would its copyright holders  give you permission to create and distribute
 \gplusi{} without paying them a hefty sum?)  The license of \workg{}, the
 GPL, states the  options for the copyright holder of \worki{}
 who may want to create and distribute \gplusi{}.  GPL's pre-granted
 permission to create and distribute derivative works, provided the terms
 of GPL are upheld, goes far above and beyond the permissions that one
 would get with a typical work not covered by a copyleft license.  (Thus, to
 say that this restriction is any way unreasonable is simply ludicrous.)
 \medskip
 \label{GPLv2s2-at-no-charge}
 The next phrase of note in GPLv2~\S2(b) is ``licensed \ldots at no charge.''
 This phrase  confuses many.  The sloppy reader points out this as ``a
 contradiction in GPL'' because (in their confused view) that clause of GPLv2~\S2 says that redistributors cannot
 charge for modified versions of GPL'd software, but GPLv2~\S1 says that
 they can.  Avoid this confusion: the ``at no charge'' \textbf{does not} prohibit redistributors from
 charging when performing the acts governed by copyright
 law,\footnote{Recall that you could by default charge for any acts not
 governed by copyright law, because the license controls are confined
 by copyright.} but rather that they cannot charge a fee for the
 \emph{license itself}.  In other words, redistributors of (modified
 and unmodified) GPL'd works may charge any amount they choose for
 performing the modifications on contract or the act of transferring
 the copy to the customer, but they may not charge a separate licensing
 fee for the software.
 GPLv2~\S2(b) further states that the software must ``be licensed \ldots to all
 third parties.''  This too yields some confusion, and feeds the
 misconception mentioned earlier --- that all modified versions must made
 available to the public at large.  However, the text here does not say
 that.  Instead, it says that the licensing under terms of the GPL must
 extend to anyone who might, through the distribution chain, receive a copy
 of the software.  Distribution to all third parties is not mandated here,
 but GPLv2~\S2(b) does require redistributors to license the derivative works in
 a way that extends to all third parties who may ultimately receive a
 copy of the software.
 In summary, GPLv2\ 2(b) says what terms under which the third parties must
 receive this no-charge license.  Namely, they receive it ``under the terms
 of this License'', the GPLv2.  When an entity \emph{chooses} to redistribute
 a derivative work of GPL'd software, the license of that whole
 work must be GPL and only GPL\@.  In this manner, GPLv2~\S2(b) dovetails nicely
 with GPLv2~\S6 (as discussed in Section~\ref{GPLv2s6} of this tutorial).
 \medskip
 The final paragraph of GPLv2~\S2 is worth special mention.  It is possible and
 quite common to aggregate various software programs together on one
 distribution medium.  Computer manufacturers do this when they ship a
 pre-installed hard drive, and GNU/Linux distribution vendors do this to
 give a one-stop CD or URL for a complete operating system with necessary
 applications.  The GPL very clearly permits such ``mere aggregation'' with
 programs under any license.  Despite what you hear from its critics, the
 GPL is nothing like a virus, not only because the GPL is good for you and
 a virus is bad for you, but also because simple contact with a GPL'd
 code-base does not impact the license of other programs.  A programmer must
 expended actual effort  to cause a work to fall under the terms
 of the GPL.  Redistributors are always welcome to simply ship GPL'd
 software alongside proprietary software or other unrelated Free Software,
 as long as the terms of GPL are adhered to for those packages that are
 truly GPL'd.

0 comments (0 inline, 0 general)