didn't know there was GPL'd stuff in there''.  This answer indicates

failure in the software acquisition and procurement process.  Integration

of third-party proprietary software typically requires a formal

arrangement and management/legal oversight before the developers

incorporate the software.  By contrast, developers often obtain and

integrate Free Software without intervention nor oversight. That ease of acquisition, however,

does not mean the oversight is any less necessary.  Just as your legal

and/or management team negotiates terms for inclusion of any proprietary

software, they should gently facilitate all decisions to bring Free Software into your

product.

Simple, engineering-oriented rules help provide a stable foundation for

Free Software integration.  For example, simply ask your software developers to send an email to a

standard place describing each new Free Software component they add to the system,

and have them include a brief description of how they will incorporate it

into the product.  Further, make sure developers use a revision control

system (such as Git or Mercurial), and have

store the upstream versions of all software in a ``vendor branch'' or

similar mechanism, whereby they can easily track and find the main version

of the software and, separately, any local changes.

Such procedures are best instituted at your project's launch.  Once 

chaotic and poorly-sourced development processes begin, cataloging the

presence of GPL'd components  becomes challenging.

Such a situation often requires use of a tool to ``catch up'' your knowledge

about what software your product includes.  Most commonly, companies choose

some software licensing scanning tool to inspect the codebase.  However,

there are few tools that are themselves Free Software.  Thus, GPL enforcers

usually recommend the GPL'd

\href{http://fossology.org/}{Fossology system}, which analyzes a

source code base and produces a list of Free Software licenses that may apply to

the code.  Fossology can help you build a catalog of the sources you have

already used to build your product.  You can then expand that into a more

structured inventory and process.

\section{Track Your Changes and Releases}

As explained in further detail below, the most important component of GPL

compliance is the one most often ignored: proper inclusion of CCS in all

distributions  of GPL'd

software.  To comply with GPL's CCS requirements, the distributor

\textit{must} always know precisely what sources generated a given binary

distribution.

In an unfortunately large number of our enforcement cases, the violating

company's engineering team had difficulty reconstructing the CCS

for binaries distributed by the company.  Here are three simple rules to

\begin{itemize}

\item Ensure that your

developers are using revision control systems properly.

\item Have developers mark or ``tag'' the full source tree corresponding to

  builds distributed to customers

\item Check that your developers store all parts of the software

development in the revision control system, including {\sc readme}s, build

scripts, engineers' notes, and documentation.

\end{itemize}

Your developers will benefit anyway from these rules.  Developers will be

happier in their jobs if their tools already track the precise version of

source that corresponds to any deployed binary.

\section{Avoid the ``Build Guru''}

Too many software projects rely on only one or a very few team members who

know how to build and assemble the final released product.  Such knowledge

centralization not only creates engineering redundancy issues, but also

thwarts GPL compliance.  Specifically, CCS does not just require source code,

but scripts and other material that explain how to control compilation and

installation of the executable and object code.

Thus, avoid relying on a ``build guru'', a single developer who is the only one

who knows how to produce your final product. Make sure the build process

is well defined.  Train every developer on the build process for the final

binary distribution, including (in the case of embedded software)

generating a final firmware image suitable for distribution to the

customer.  Require developers to use revision control for build processes.

Make a rule that adding new components to the system without adequate

build instructions (or better yet, scripts) is unacceptable engineering

practice.

\chapter{Details of Compliant Distribution}

This section explains the specific requirements placed upon

distributors of GPL'd software.  Note that this section refers heavily to

specific provisions and language in

\href{http://www.gnu.org/licenses/old-licenses/gpl-2.0.html#section3}{GPLv2}

and \href{http://www.fsf.org/licensing/licenses/gpl.html#section6}{GPLv3}.

It may be helpful to have a copy of each license open while reading this

section.

\section{Binary Distribution Permission}

\section{GPLv2~\S7: ``Give Software Liberty or Give It Death!''}

\label{GPLv2s7}

In essence, GPLv2~\S7 is a verbosely worded way of saying for non-copyright

systems what GPLv2~\S6 says for copyright.  If there exists any reason that a

distributor knows of that would prohibit later licensees from exercising

their full rights under GPL, then distribution is prohibited.

Originally, this was designed as the title of this section suggests --- as

a last ditch effort to make sure that freedom was upheld.  However, in

modern times, it has come to give much more.  Now that the body of GPL'd

software is so large, patent holders who would want to be distributors of

GPL'd software have a tough choice.  They must choose between avoiding

distribution of GPL'd software that exercises the teachings of their

patents, or grant a royalty-free, irrevocable, non-exclusive license to

those patents.  Many companies have chosen the latter.

Thus, GPLv2~\S7 rarely gives software death by stopping its distribution.

Instead, it is inspiring patent holders to share their patents in the same

freedom-defending way that they share their copyrighted works.

\section{GPLv2~\S8: Excluding Problematic Jurisdictions}

\label{GPLv2s8}

GPLv2~\S8 is rarely used by copyright holders.  Its intention is that if a

particular country, say Unfreedonia, grants particular patents or allows

copyrighted interfaces (no country to our knowledge even permits those

yet), that the GPLv2'd software can continue in free and unabated

distribution in the countries where such controls do not exist.

As far as is currently known, GPLv2~\S8 has very rarely been formally used by

copyright holders.  Admittedly, some have used GPLv2~\S8 to explain various

odd special topics of distribution (usually related in some way to

GPLv2~\S7).  However, generally speaking, this section is not proven

particularly useful in the more than two decades of GPLv2 history.

Meanwhile, despite many calls by the FSF (and others) for those licensors who

explicitly use this section to come forward and explain their reasoning, no

one ever did.  Furthermore, research conducted during the GPLv3 drafting

process found exactly one licensor who had invoked this section to add an

explicit geographical distribution limitation, and the reasoning for that one

invocation was not fitting with FSF's intended spirit of GPLv2~\S8.  As such,

GPLv2~\S8 was not included at all in GPLv3.

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\chapter{Odds, Ends, and Absolutely No Warranty}

GPLv2~\S\S0--7 constitute the freedom-defending terms of the GPLv2.  The remainder

liability.

\section{GPLv2~\S9: FSF as Stewards of GPL}

\label{GPLv2s9}

FSF reserves the exclusive right to publish future versions of the GPL\@;

GPLv2~\S9 expresses this.  While the stewardship of the copyrights on the body

of GPL'd software around the world is shared among thousands of

individuals and organizations, the license itself needs a single steward.

Forking of the code is often regrettable but basically innocuous.  Forking

of licensing is disastrous.

(Chapter~\ref{tale-of-two-copylefts} discusses more about the various

versions of GPL.)

\section{GPLv2~\S10: Relicensing Permitted}

\label{GPLv2s10}

GPLv2~\S10 reminds the licensee of what is already implied by the nature of

copyright law.  Namely, the copyright holder of a particular software

program has the prerogative to grant alternative agreements under separate

copyright licenses.

\section{GPLv2~\S11: No Warranty}

\label{GPLv2s11}

Most warranty disclaimer language shout at you.  The

\href{http://www.law.cornell.edu/ucc/2/2-316}{Uniform Commercial

  Code~\S2-316} requires that disclaimers of warranty be ``conspicuous''.

There is apparently general acceptance that \textsc{all caps} is the

preferred way to make something conspicuous, and that has over decades worked

its way into the voodoo tradition of warranty disclaimer writing.

That said, there is admittedly some authority under USA law suggesting that

effective warranty disclaimers that conspicuousness can be established by

capitalization and is absent when a disclaimer has the same typeface as the

terms surrounding it (see \textit{Stevenson v.~TRW, Inc.}, 987 F.2d 288, 296

(5th Cir.~1993)).  While GPLv3's drafters doubted that such authority would

apply to copyright licenses like the GPL, the FSF has nevertheless left

warranty and related disclaimers in \textsc{all caps} throughout all versions

of GPL\@\footnote{One of the authors of this tutorial, Bradley M.~Kuhn, has

  often suggested the aesthetically preferable compromise of a

  \textsc{specifically designed ``small caps'' font, such as this one, as an

    alternative to} WRITING IN ALL CAPS IN THE DEFAULT FONT (LIKE THIS),

  since the latter adds more ugliness than conspicuousness.  Kuhn once

  engaged in reversion war with a lawyer who disagreed, but that lawyer never

  answered Kuhn's requests for case law that argues THIS IS INHERENTLY MORE

  CONSPICUOUS \textsc{Than this is}.}.

violating the GPL\@.

Additionally, ``essential patent claims'' are those patents ``that would be

infringed by some manner, permitted by this License, of making, using, or

selling the work''.  This intends to make clear that a patent claim is

``essential'' if some mode of usage would infringe that claim, even if there

are other modes of usage that would not infringe.

Finally, ``essential patent claims \ldots do not include

claims that would be infringed only as a consequence of further

modification of the work.''  The set of essential patent

claims licensed  is fixed by the

particular version of the work that was contributed.  The claim set

cannot expand as a work is further modified downstream.  (If it could,

then any software patent claim would be included, since any software

patent claim can be infringed by some further modification of the

work.)\footnote{However, ``the work'' should not be understood to be

restricted to a particular mechanical affixation of, or medium for

distributing, a program, where the same program might be provided in

other forms or in other ways that may be captured by other patent claims

held by the contributor.}

\medskip

Ideally, this contributor patent policy will result in fairly frequent licensing of patent

claims by contributors.  A contributor is charged with awareness of the fact

that it has modified a work and provided it to others; no act of contribution

should be treated as inadvertent.  GPLv3's rule also requires no more work, for a

contributor, than the weaker rule proposed by the patent holders.  Under

their rule, the contributor must always compare the entire work against its

patent portfolio to determine whether the combination of the modifications

with the remainder of the work cause it to read on any of the contributor's

patent claims.

\subsection{Conveyors' Patent Licensing}

The remaining patent licensing in GPLv3 deals with patent licenses that are

granted by conveyance.  The licensing is not as complete or far reaching as

the contributor patent licenses discussed in the preceding section.

The term ``patent license,'' as used in GPLv3~\S11\P4--6, is not meant to be

confined to agreements formally identified or classified as patent licenses.

GPLv3~\S11\P3  makes this clear by defining ``patent

license,'' for purposes of the subsequent three paragraphs, as ``any express

agreement or commitment, however denominated, not to enforce a patent

(such as an express permission to practice a patent or covenant not to

sue for patent infringement)''

% The definition does not include patent licenses that arise by

% implication or operation of law, because the third through fifth paragraphs

% of section 11 are specifically concerned with explicit promises that purport

% to be legally enforceable.

GPLv3~\S11\P5 is commonly called GPLv3's downstream shielding provision.  It

responds particularly to the problem of exclusive deals between patent

holders and distributors, which threaten to distort the free software

distribution system in a manner adverse to developers and users.  The

fundamental idea is to make a trade-off between assuring a patent license for

downstream and making  (possibly patent-encumbered) CCS publicly available.

Simply put, in nearly all cases in which the ``knowingly relying'' test is

met, the patent license will indeed not be sublicensable or generally

available to all on free terms.  If, on the other hand, the patent license is

generally available under terms consistent with the requirements of the GPL,

the distributor is automatically in compliance, because the patent license

has already been extended to all downstream recipients.  Finally, if the

patent license is sublicensable on GPL-consistent terms, the distributor may

choose to grant sublicenses to downstream recipients instead of causing the

CCS to be publicly available.  (In such a case, if the distributor is also a

contributor, it will already have granted a patent sublicense anyway, and so

it need not do anything further to comply with the third paragraph.)

Admittedly, public disclosure of CCS is not necessarily required by other

sections of the GPL, and the FSF in drafting GPLv3 did not necessarily wish

to impose a general requirement to make source code available to all, which

has never been a GPL condition.  However, many vendors who produce products

that include copylefted software, and who are most likely to be affected by the

downstream shielding provision, lobbied for the addition of the source code

availability option, so it remains.

Meanwhile, two specific alternatives to the source code availability option

are also available. The distributor may comply by disclaiming the patent

license it has been granted for the conveyed work, or by arranging to extend

the patent license to downstream recipients\footnote{The latter option, if

  chosen, must be done ``in a manner consistent with the requirements of this

  License''; for example, it is unavailable if extension of the patent

  license would result in a violation of GPLv3~\S 12.}.  The GPL is intended

to permit private distribution as well as public distribution, and the

addition of these options ensures that this remains the case, even though it

remains likely that distributors in this situation will usually choose the

source code availability option.

Note that GPLv3~\S11\P5 is activated only if the CCS is not already otherwise

publicly available.  (Most often it will, in fact, already be available on

some network server operated by a third party.)  Even if it is not already