Copyleft/guide Changeset - b0801a2b8a2f

Changeset - b0801a2b8a2f

Parent rev.

Child rev.

[Not reviewed]

0 3 0

Bradley Kuhn (bkuhn) - 9 years ago 2014-12-20 00:09:01
bkuhn@ebb.org

Clarify sentence.

Make this sentence a bit clearer.

3 files changed with 3 insertions and 3 deletions:

compliance-guide.tex

enforcement-case-studies.tex

gpl-lgpl.tex

0 comments (0 inline, 0 general)

compliance-guide.tex

➞

Show inline comments

 % compliance-guide.tex                            -*- LaTeX -*-
 \part{A Practical Guide to GPL Compliance}
 \label{gpl-compliance-guide}
 {\parindent 0in
 This part is: \\
 \begin{tabbing}
 Copyright \= \copyright{} 2008, 2014 \= \hspace{.2in} Bradley M. Kuhn. \\
 Copyright \= \copyright{} 2014 \> \hspace{.2in} Free Software Foundation, Inc. \\
 Copyright \> \copyright{} 2008, 2014 \> \hspace{.2in} Software Freedom Law Center. \\
 \end{tabbing}
 \vspace{.1in}
 \begin{center}
 The copyright holders of this part hereby grant the freedom to copy, modify,
 convey, Adapt, and/or redistribute this work under the terms of the Creative
 Commons Attribution Share Alike 4.0 International License.  A copy of that
 license is available at
 \url{https://creativecommons.org/licenses/by-sa/4.0/legalcode}.
 \vfill
 This part includes material from many sources, including the following
+This part includes material from many sources, including some material from the following
 CC-By-SA-licensed published works: \\
 \begin{itemize}
 \item \hrefnofollow{http://www.softwarefreedom.org/resources/2008/compliance-guide.html}{\textit{The Practical Guide GPL Compliance}}, by Bradley M. Kuhn, Aaron
 Williamson and Karen Sandler, first published on 2008-08-20. \\
 \item \hrefnofollow{http://www.softwarefreedom.org/resources/2014/SFLC-Guide_to_GPL_Compliance_2d_ed.html}{\textit{Software Freedom Law Center Guide to GPL Compliance, 2nd
   Edition}} by Eben Moglen and Mishi Choudhary, first published on 2014-10-31. \\
 \end{itemize}
 However, this work is primarily composed of the many contributions it
 receives as a public, collaborative project.  Please
 \href{https://gitorious.org/copyleft-org/tutorial/history/master:compliance-guide.tex}{review
   its Git logs} for full documentation of all contributions.
 \end{center}
+}
 \pagebreak
 \chapter*{Executive Summary}
 This is a guide to effective compliance with the GNU General Public
 License (GPL) and related licenses.  Copyleft advocates
 usually seek to assist the community with
 GPL compliance cooperatively.   This guide focuses on complying from the
 start, so that readers can learn to avoid enforcement actions entirely, or, at
 least, minimize  the negative impact when enforcement actions occur.
 This guide  introduces and explains basic legal concepts related to the GPL and its
 enforcement by copyright holders. It also outlines business practices and
 methods that lead to better GPL compliance.  Finally, it recommends proper
 post-violation responses to the concerns of copyright holders.
 \chapter{Background}
 Copyright law grants exclusive rights to authors.  Authors who chose copyleft
 seek to protect the freedom of users and developers to copy, share, modify
 and redistribute the software.  However, copyleft is ultimately implemented
 through copyright, and the GPL is primarily and by default a copyright
 license.  (See \S~\ref{explaining-copyright} for more about the interaction
 between copyright and copyleft.)  Copyright law grants an unnatural exclusive
 control to copyright holders regarding copyright-controlled permissions
 related to the work.  Therefore, copyright holders (or their agents) are the
 ultimately the sole authorities to enforce copyleft and protect the rights of
 users.  Actions for copyright infringement are the ultimate legal mechanism
 for enforcement.  Therefore, copyright holders, or collaborative groups of
 copyright holders, have historically been the actors in GPL enforcement.
 The earliest of these efforts began soon after the GPL was written by
 Richard M.~Stallman (RMS) in 1989, and consisted of informal community efforts,
 often in public Usenet discussions.\footnote{One example is the public
   outcry over NeXT's attempt to make the Objective-C front-end to GCC
   proprietary.  RMS, in fact, handled this enforcement action personally and
   the Objective-C front-end is still part of upstream GCC today.}  Over the next decade, the Free Software Foundation (FSF),
 which holds copyrights in many GNU programs, was the only visible entity
 actively enforcing its GPL'd copyrights on behalf of the software freedom
 community.
 FSF's enforcement
 was generally a private process; the FSF contacted violators
 confidentially and helped them to comply with the license.  Most
 violations were pursued this way until the early 2000's.
 By that time, Linux-based systems such as GNU/Linux and BusyBox/Linux had become very common, particularly in
 embedded devices such as wireless routers.  During this period, public
 ridicule of violators in the press and on Internet fora supplemented
 ongoing private enforcement and increased pressure on businesses to
 comply.  In 2003, the FSF formalized its efforts into the GPL Compliance
 Lab, increased the volume of enforcement, and built community coalitions
 to encourage copyright holders to together settle amicably with violators.
 Beginning in 2004, Harald Welte took a more organized public enforcement
 approach and launched \href{http://gpl-violations.org/}{gpl-violations.org}, a website and mailing
 list for collecting reports of GPL violations.  On the basis of these
 reports, Welte successfully pursued many enforcement actions in Europe, including
 formal legal action.  Harald earns the permanent fame as the first copyright
 holder to bring legal action in a court regarding GPL compliance.
 In 2007, two copyright holders in BusyBox, in conjunction with the
 Software Freedom Conservancy (``Conservancy''), filed the first copyright infringement lawsuit
 based on a violation of the GPL\@ in the USA. While  lawsuits are of course
 quite public, the vast majority of Conservancy's enforcement actions
 are resolved privately via
 cooperative communications with violators.  As both FSF and Conservancy have worked to bring
 individual companies into compliance, both organizations have encountered numerous
 violations resulting from preventable problems such as inadequate
 attention to licensing of upstream software, misconceptions about the
 GPL's terms, and poor communication between software developers and their
 management.  This document highlights these problems and describe
 best practices to encourage corporate Free Software users to reevaluate their
 approach to GPL'd software and avoid future violations.
 Both FSF and Conservancy continue GPL enforcement and compliance efforts
 for software under the GPL, the GNU Lesser
 Public License (LGPL) and other copyleft licenses.  In doing so, both organizations have
 found that most violations stem from a few common, avoidable mistakes.  All copyleft advocates  hope to educate the community of
 commercial distributors, redistributors, and resellers on how to avoid
 violations in the first place, and to respond adequately and appropriately
 when a violation occurs.
 \section{Who Has Compliance Obligations?}
 All distributors of modified or unmodified versions of copylefted works
 unmodified versions of the works have compliance obligations.  Common methods
 of modifying the works include innumerable common acts, such as:
 \begin{itemize}
   \item embedding those works as executable copies
     into a device,
   \item transferring a digital copy of executable copies to someone else,
   \item posting a patch to the copylefted software to a public mailing list.
 \end{itemize}
 Such distributors have obligations to (at least) the users to whom they (or
 intermediary parties) distribute those copies.  In some cases, distributors
 have obligations to third parties not directly receiving their distribution
 of the works (depending on the distributors chosen licensing options, as
 described later in \S~\ref{binary-distribution-permission}).  In addition,
 distributors have compliance obligations to upstream parties, such as
 preservation of reasonable legal notices embedded in the code, and
 appropriate labeling of modified versions.
 Online service providers and distributors alike have other compliance
 obligations.  In general, they must refrain from imposing any additional
 restrictions on downstream parties. Most typically, such compliance problems
 arise from ``umbrella licenses:'' EULAs, or sublicenses that restrict
 downstream users' rights under copyleft. (See \S~\ref{GPLv2s6} and
 \S~\ref{GPLv3s10}).
 Patent holders having claims reading on GPL'd works they distribute must
 refrain from enforcing those claims against parties to whom they distribute.
 Furthermore, patent holders holding copyrights on GPLv3'd works must further
 grant an explicit patent license for any patent claims reading on the version
 they distributed, and therefore cannot enforce those specific patent claims
 against anyone making, using or selling a work based on their distributed
 version.  All parties must refrain from acting as a provider of services or
 distributor of licensed works if they have accepted, or had imposed on them
 by judicial action, any legal conditions that would prevent them from meeting
 any obligation under GPL\@.  (See \S~\ref{GPLv2s7}, \S~\ref{GPLv3s11} and
 \S~\ref{GPLv3s12}.
 \section{What Are The Risks of Non-Compliance?}
 Copyleft experts have for decades observed a significant mismatch between the
 assumptions most businesses make about copyleft compliance and the realities.
 Possibly due to excessive marketing of proprietary tools and services from
 the for-profit compliance industry, businesses perennially focus on the wrong
 concerns.  This tutorial seeks to educate those businesses about what
 actually goes wrong, what causes disputes, and how to resolve those disputes.
 Many businesses currently invest undue resources to avoid unlikely risks that
 have low historical incidence of occurrence and low cost of remediation,
 while leaving unmanaged the risks that have historically resulted in all the
 litigation and other adverse outcomes.  For example, some ``compliance
 industry''\footnote{``Compliance industry'' refers to third-party for-profit
   companies that market proprietary software tools and/or consulting services
   that purport to aid businesses with their Free Software license compliance
   obligations, such as those found in GPL and other copyleft licenses.  This
   tutorial leaves the term in quotes throughout, primarily to communicate the
   skepticism most of this tutorial's authors feel regarding the mere
   existence of this industry.  Not only do copyleft advocates object on
   principle to proprietary software tools in general, and to their ironic use
   specifically to comply with copyleft, but also to the ``compliance
   industry'' vendors' marketing messaging, which some copyleft advocates
   claim as a cause in the risk misassessments discussed herein.  Bradley
   M.~Kuhn, specifically, regularly uses the term ``compliance industrial
   complex''
   \href{http://en.wikipedia.org/wiki/Military-industrial_complex}{to
     analogize the types of problems in this industry to those warned against
     in the phrase of origin}.} vendors insist that great effort must be
 expended to carefully list, in the menus or manuals of embedded electronics
 products, copyright notices for every last copyright holder that contributed
 to the Free Software included in the product.  While nearly all Free Software
 licenses, including copylefts like GPL, require preservation and display of
 copyright notices, failure to meet this specific requirement is trivially
 remedied.  Therefore, businesses should spend just reasonable efforts to
 properly display copyright notices, and note that failure to do so is simply
 remedied: add the missing copyright notice!
 \section{Understanding Who's Enforcing}
 \label{compliance-understanding-whos-enforcing}
 The mismatch between actual compliance risk and compliance risk management
 typically results from a misunderstanding of licensor intentions.  For-profit
 businesses often err by assuming other actors have kindred motivations.  The
 primary enforcers of the GPL, however, have goals that for-profit businesses
 will find strange and perhaps downright alien.
 Specifically, community-oriented GPL enforcement organizations (called
 ``COGEOs'' throughout the remainder of this tutorial) are typically
 non-profit charities (such as the FSF and Software Freedom Conservancy) who
 declare, as part of their charitable mission, advancement of software freedom
 for all users.  In the USA, these COGEOs are all classified as charitable
 under the IRS's 501(c)(3) designation, which is reserved for organizations
 that have a mission to enhance the public good.
 As such, these COGEOs enforce GPL primarily to pursue the policy goals and
 motivations discussed throughout this tutorial: to spread software freedom
 further.  As such, COGEOs are unified in their primary goal to bring the
 violator back into compliance as quickly as possible, and redress the damage
 caused by the violation.  COGEOs are steadfast in their position in a
 violation negotiation: comply with the license and respect freedom.
 Certainly, other entities do not share the full ethos of software freedom as
 institutionalized by COGEOs, and those entities pursue GPL violations
 differently.  Oracle, a company that produces the GPL'd MySQL database, upon
 discovering GPL violations typically negotiates a proprietary software
 license separately for a fee.  While this practice is not one a COGEO would
 undertaking nor endorsing, a copyleft license technically permits this
 behavior.  To put a finer point on this practice already discussed
 in~\S~\ref{Proprietary Relicensing}, copyleft advocates usually find copyleft
 enforcement efforts focused on extract alternative proprietary licenses
 distasteful at best, and a corrupt manipulation of copyleft at worst.  Much
 to the advocates' chagrin, such for-profit enforcement efforts seem to
 increase rather than decrease.
 Thus, unsurprisingly, for-profit adopters of GPL'd software often incorrectly
 assume that all copyright holders seek royalties.  Businesses therefore focus
 on the risk of so-called ``accidental'' (typically as the result of
 unsupervised activity by individual programmers) infringe copyright by
 incorporating ``snippets'' of copylefted code into their own proprietary
 computer program.  ``Compliance industry'' flagship products, therefore,
 focus on ``code scanning'' services that purport to detect accidental
 inclusions.  Such effort focuses on proprietary software development and view
 Free Software as a foreign interloper.  Such approach not only ignores
 current reality that many companies build their products directly on major
 copylefted projects (e.g., Android vendor's use of the kernel named Linux),
 but also creates a culture of fear among developers, leading them into a
 downward spiral of further hiding their necessary reliance on copylefted
 software in the company's products.
 Fortunately, COGEOs regard GPL compliance failures as an opportunity to
 improve compliance.  Every compliance failure downstream represents a loss of
 rights by their users. The COGEOs are the guardian of its users' and
 developers' rights.  Their activity seeks to restore those rights, and
 to protect the project's contributors' intentions in the making of their
 software.
 \chapter{Best Practices to Avoid Common Violations}
 \label{best-practices}
 Unlike highly permissive licenses (such as the ISC license), which
 typically only require preservation of copyright notices, licensees face many
 important requirements from the GPL.  These requirements are
 carefully designed to uphold certain values and standards of the software
 freedom community.  While the GPL's requirements may initially appear
 counter-intuitive to those more familiar with proprietary software
 licenses, by comparison, its terms are in fact clear and quite favorable to
 licensees.  Indeed, the GPL's terms actually simplify compliance when
 violations occur.
 GPL violations occur (or, are compounded) most often when companies lack sound
 practices for the incorporation of GPL'd components into their
 internal development environment.  This section introduces some best
 practices for software tool selection, integration and distribution,
 inspired by and congruent with software freedom methodologies.  Companies should
 establish such practices before building a product based on GPL'd
 software.\footnote{This document addresses compliance with GPLv2,
   GPLv3, LGPLv2, and LGPLv3.  Advice on avoiding the most common
   errors differs little for compliance with these four licenses.
   \S~\ref{lgpl} discusses the key differences between GPL and LGPL
   compliance.}
 \section{Evaluate License Applicability}
 \label{derivative-works}
 Political discussion about the GPL often centers around determining the
 ``work'' that must be licensed under GPL, or in other words, ``what is the
 derivative and/or combined work that was created''.  Nearly ever esoteric
 question asked by lawyers seek to consider that question
 \footnote{\tutorialpartsplit{In fact, a companion work, \textit{Detailed Analysis of the GNU GPL and Related
       Licenses} contains an entire section discussing derivative works}{This tutorial in fact
   also addresses the issue at length in~\S~\ref{derivative-works}}.} (perhaps because
 that question explores exciting legal issues while the majority of the GPL
 deals with much more mundane ones).
 Of course, GPL was designed
 primarily to embody the licensing feature of copyleft.
 However, most companies who add
 complex features to and make combinations with GPL'd software
 are already well aware of their
 more complex obligations under the license that require complex legal
 analysis.  And, there are few companies overall that engage in such
 activities. Thus,  in practical reality, this issue is not relevant to the vast
 majority of companies distributing GPL'd software.
 Thus, experienced  GPL enforcers find that few redistributors'
 compliance challenges relate directly to combined work issues in copyleft.
 Instead, the distributions of GPL'd
 systems most often encountered typically consist of a full operating system
 including components under the GPL (e.g., Linux, BusyBox) and components
 under the LGPL (e.g., the GNU C Library).  Sometimes, these programs have
 been patched or slightly improved by direct modification of their sources,
 and thus the result is unequivocally a modified version.  Alongside these programs,
 companies often distribute fully independent, proprietary programs,
 developed from scratch, which are designed to run on the Free Software operating
 system but do not combine with, link to, modify, derive from, or otherwise
 create a combined work with
 the GPL'd components.\footnote{However, these programs do often combine
   with LGPL'd libraries. This is discussed in detail in \S~\ref{lgpl}.}
 In the latter case, where the work is unquestionably a separate work of
 creative expression, no copyleft provisions are invoked.
 The core compliance issue faced, thus, in such a situation, is not an discussion of what is or is not a
 combined, derivative, and/or modified version of the work, but rather, issues related to distribution and
 conveyance of binary works based on GPL'd source, but without Complete,
 Corresponding Source.
 As such, issues of software delivery are the primary frustration for GPL
 enforcers. In particular, the following short list accounts for at least 95\%
 of the GPL violations ever encountered:
 \begin{itemize}
 \item The violator fails to provide required information about the presence
   of copylefted programs and their applicable license terms in the product
   they have purchased.
 \item The violator fails to reliably deliver \hyperref[CCS
   Definition]{complete, corresponding source} (CCS) for copylefted programs
   the violator knew were included (i.e., the CCS is either delivered but
   incomplete, or is not delivered at all).
 \item Requestors are ignored when they communicate with violator's published
   addresses requesting fulfillment of businesses' obligations.
 \end{itemize}
 This tutorial therefore focuses primarily on these issue.
 Admittedly, a tiny
 minority of compliance situations relate to question of derivative,
 combined, or modified versions of the work.  Those
 situations are so rare, and the details from situation to situation differ
 greatly.  Thus, such situations require a highly
 fact-dependent analysis and cannot be addressed in a general-purpose
 document such as this one.
 \medskip
 Most companies accused of violations lack a basic understanding
 of how to comply even in the straightforward scenario.  This document
 provides those companies with the fundamental and generally applicable prerequisite knowledge.
 For answers to rarer and more complicated legal questions, such as whether
 your software is a derivative or combined work of some copylefted software, consult
 with an attorney.\footnote{If you would like more information on the
   application of derivative works doctrine to software, a detailed legal
   discussion is presented in our colleague Dan Ravicher's article,
   \textit{Software Derivative Work: A Circuit Dependent Determination} and in
   \tutorialpartsplit{\textit{Detailed Analysis of the GNU GPL and Related
       Licenses}'s Section on derivative works}{\S~\ref{derivative-works} of
     this tutorial}.}
 This discussion thus assumes that you have already identified the
 ``work'' covered by the license, and that any components not under the GPL
 (e.g., applications written entirely by your developers that merely happen
 to run on a Linux-based operating system) distributed in conjunction with
 those works are separate works within the meaning of copyright law and the GPL\@.  In
 such a case, the GPL requires you to provide complete corresponding
 source (CCS)\footnote{For more on CCS,  see
 \tutorialpartsplit{\textit{Detailed Analysis of the GNU GPL and Related
       Licenses}'s Section on GPLv2~\S2 and GPLv3~\S1.}{\S~\ref{GPLv2s2} and \S~\ref{GPLv3s1} of
     this tutorial}.}
 for the GPL'd components and your modifications thereto, but not
 for independent proprietary applications.  The procedures described in
 this document address this typical scenario.
 \section{Monitor Software Acquisition}
 Software engineers deserve the freedom to innovate and import useful
 software components to improve products.  However, along with that
 freedom should come rules and reporting procedures to make sure that you
 are aware of what software that you include with your product.
 The most typical response to an initial enforcement action is: ``We
 didn't know there was GPL'd stuff in there''.  This answer indicates
 failure in the software acquisition and procurement process.  Integration
 of third-party proprietary software typically requires a formal
 arrangement and management/legal oversight before the developers
 incorporate the software.  By contrast, developers often obtain and
 integrate Free Software without intervention nor oversight. That ease of acquisition, however,
 does not mean the oversight is any less necessary.  Just as your legal
 and/or management team negotiates terms for inclusion of any proprietary
 software, they should gently facilitate all decisions to bring Free Software into your
 product.
 Simple, engineering-oriented rules help provide a stable foundation for
 Free Software integration.  For example, simply ask your software developers to send an email to a
 standard place describing each new Free Software component they add to the system,
 and have them include a brief description of how they will incorporate it
 into the product.  Further, make sure developers use a revision control
 system (such as Git or Mercurial), and
 store the upstream versions of all software in a ``vendor branch'' or
 similar mechanism, whereby they can easily track and find the main version
 of the software and, separately, any local changes.
 Such procedures are best instituted at your project's launch.  Once
 chaotic and poorly-sourced development processes begin, cataloging the
 presence of GPL'd components  becomes challenging.
 Such a situation often requires use of a tool to ``catch up'' your knowledge
 about what software your product includes.  Most commonly, companies choose
 some software licensing scanning tool to inspect the codebase.  However,
 there are few tools that are themselves Free Software.  Thus, GPL enforcers
 usually recommend the GPL'd
 \href{http://fossology.org/}{FOSSology system}, which analyzes a
 source code base and produces a list of Free Software licenses that may apply to
 the code.  FOSSology can help you build a catalog of the sources you have
 already used to build your product.  You can then expand that into a more
 structured inventory and process.
 \section{Track Your Changes and Releases}
 As explained in further detail below, the most important component of GPL
 compliance is the one most often ignored: proper inclusion of CCS in all
 distributions  of GPL'd
 software.  To comply with GPL's CCS requirements, the distributor
 \textit{must} always know precisely what sources generated a given binary
 distribution.
 In an unfortunately large number of our enforcement cases, the violating
 company's engineering team had difficulty reconstructing the CCS
 for binaries distributed by the company.  Here are three simple rules to
 follow to decrease the likelihood of this occurrence:
 \begin{itemize}
 \item Ensure that your
 developers are using revision control systems properly.
 \item Have developers mark or ``tag'' the full source tree corresponding to
   builds distributed to customers.
 \item Check that your developers store all parts of the software
 development in the revision control system, including {\sc readme}s, build
 scripts, engineers' notes, and documentation.
 \end{itemize}
 Your developers will benefit anyway from these rules.  Developers will be
 happier in their jobs if their tools already track the precise version of
 source that corresponds to any deployed binary.
 \section{Avoid the ``Build Guru''}
 Too many software projects rely on only one or a very few team members who
 know how to build and assemble the final released product.  Such knowledge
 centralization not only creates engineering redundancy issues, but also
 thwarts GPL compliance.  Specifically, CCS does not just require source code,
 but scripts and other material that explain how to control compilation and
 installation of the executable and object code.
 Thus, avoid relying on a ``build guru'', a single developer who is the only one
 who knows how to produce your final product. Make sure the build process
 is well defined.  Train every developer on the build process for the final
 binary distribution, including (in the case of embedded software)
 generating a final firmware image suitable for distribution to the
 customer.  Require developers to use revision control for build processes.
 Make a rule that adding new components to the system without adequate
 build instructions (or better yet, scripts) is unacceptable engineering
 practice.
 \chapter{Details of Compliant Distribution}
 Distribution of GPL'd works has requirements; copyleft will not function
 without placing requirements on redistribution.  However, some requirements
 are more likely to cause compliance difficult than others.  This
 chapter\footnote{Note that this chapter refers heavily to specific provisions
   and language in
   \hyperref[GPLv2s3-full-text]{GPLv2\S3}
   and \hyperref[GPLv3s6-full-text]{GPLv3\S6}.
   It may be helpful  to review \S~\ref{GPLv2s3} and \S~\ref{GPLv3s6} first,
   and then have a copy of each license open while reading this
   section.}  explains some the specific requirements placed upon
 distributors of GPL'd software that redistributors are most likely to
 overlook, yielding compliance problems.
 First, \hyperref[GPLv2s1]{GPLv2\S1} and \hyperref[GPLv2s4]{GPLv2\S4} require
 that the full license text must accompany every distribution (either in
 source or binary form) of each licensed work.  Strangely, this requirement is
 responsible for a surprisingly significant fraction of compliance errors; too
 often, physical products lack required information about the presence of
 GPL'd programs and the applicable license terms.  Automated build processes
 can and should carry a copy of the license from the the source distribution
 into the final binary firmware package for embedded products.  Such
 automation usually achieves compliance regarding license inclusion
 requirements\footnote{At least one COGEO recommends the
   \href{https://www.yoctoproject.org/}{Yocto Project}, since its engineers
   have designed such features into it build process.}
 \section{Binary Distribution Permission}
 \label{binary-distribution-permission}
 % be careful below, you cannot refill the \if section, so don't refill
 % this paragraph without care.
 The various versions of the GPL are copyright licenses that grant
 permission to make certain uses of software that are otherwise restricted
 by copyright law.  This permission is conditioned upon compliance with the
 GPL's requirements.
 This section walks through the requirements (of both GPLv2 and GPLv3) that
 apply when you distribute GPL'd programs in binary (i.e., executable or
 object code) form, which is typical for embedded applications.  Because a
 binary application derives from a program's original sources, you need
 permission from the copyright holder to distribute it.  \S~3 of GPLv2 and
 \S~6 of GPLv3 contain the permissions and conditions related to binary
 distributions of GPL'd programs.\footnote{These sections cannot be fully
   understood in isolation; read the entire license thoroughly before
   focusing on any particular provision.  However, once you have read and
   understood the entire license, look to these sections to guide
   compliance for binary distributions.}  Failure to provide or offer CCS is the
 single largest failure mode leading to compliance disputes.
 GPL's binary distribution sections offer a choice of compliance methods,
 each of which we consider in turn.  Each option refers to the
 ``Corresponding Source'' code for the binary distribution, which includes
 the source code from which the binary was produced.  This abbreviated and
 simplified definition is sufficient for the binary distribution discussion
 in this section, but you may wish to refer back to this section after
 reading the thorough discussion of ``Corresponding Source'' that appears
 in \S~\ref{corresponding-source}.
 \subsection{Option (a): Source Alongside Binary}
 GPLv2~\S~3(a) and v3~\S~6(a) embody the easiest option for providing
 source code: including Corresponding Source with every binary
 distribution.  While other options appear initially less onerous, this
 option invariably minimizes potential compliance problems, because when
 you distribute Corresponding Source with the binary, \emph{your GPL
   obligations are satisfied at the time of distribution}.  This is not
 true of other options, and for this reason, we urge you to seriously
 consider this option.  If you do not, you may extend the duration of your
 obligations far beyond your last binary distribution.
 Compliance under this option is straightforward.  If you ship a product
 that includes binary copies of GPL'd software (e.g., in firmware, or on a
 hard drive, CD, or other permanent storage medium), you can store the
 Corresponding Source alongside the binaries.  Alternatively, you can
 include the source on a CD or other removable storage medium in the box
 containing the product.
 GPLv2 refers to the various storage mechanisms as ``medi[a] customarily
 used for software interchange''.  While the Internet has attained primacy
 as a means of software distribution where super-fast Internet connections
 are available, GPLv2 was written at a time when downloading software was
 not practical (and was often impossible).  For much of the world, this
 condition has not changed since GPLv2's publication, and the Internet
 still cannot be considered ``a medium customary for software
 interchange''.  GPLv3 clarifies this matter, requiring that source be
 ``fixed on a durable physical medium customarily used for software
 interchange''.  This language affirms that option (a) requires binary
 redistributors to provide source on a physical medium.
 Please note that while selection of option (a) requires distribution on a
 physical medium, voluntary distribution via the Internet is very useful.  This
 is discussed in detail in \S~\ref{offer-with-internet}.
 \subsection{Option (b): The Offer}
 \label{offer-for-source}
 Many distributors prefer to ship only an offer for source with the binary
 distribution, rather than the complete source package.  This
 option has value when the cost of source distribution is a true
 per-unit cost.  For example, this option might be a good choice for
 embedded products with permanent storage too small to fit the source, and
 which are not otherwise shipped with a CD but \emph{are} shipped with a
 manual or other printed material.
 However, this option increases the duration of your obligations
 dramatically.  An offer for source must be good for three full years from
 your last binary distribution (under GPLv2), or your last binary or spare
 part distribution (under GPLv3).  Your source code request and
 provisioning system must be designed to last much longer than your product
 life cycle. Thus, it also increases your compliance costs in the long
 run.
 In addition, if you are required to comply with the terms of GPLv2, you
 {\bf cannot} use a network service to provide the source code.  For GPLv2,
 the source code offer is fulfilled only with physical media.  This usually
 means that you must continue to produce an up-to-date ``source code CD''
 for years after the product's end-of-life.
 \label{offer-with-internet}
 Under GPLv2, it is acceptable and advisable for your offer for source code
 to include an Internet link for downloadable source \emph{in addition} to
 offering source on a physical medium.  This practice enables those with
 fast network connections to get the source more quickly, and typically
 decreases the number of physical media fulfillment requests.
 (GPLv3~\S~6(b) permits provision of source with a public
 network-accessible distribution only and no physical media.  We discuss
 this in detail at the end of this section.)
 The following is a suggested compliant offer for source under GPLv2 (and
 is also acceptable for GPLv3) that you would include in your printed
 materials accompanying each binary distribution:
 \begin{quote}
 The software included in this product contains copyrighted software that
 is licensed under the GPL\@.  A copy of that license is included in this
 document on page $X$\@.  You may obtain the complete Corresponding Source
 code from us for a period of three years after our last shipment of this
 product, which will be no earlier than 2011-08-01, by sending a money
 order or check for \$5 to: \\
 GPL Compliance Division \\
 Our Company \\
 Any Town, US 99999 \\
 \\
 Please write ``source for product $Y$'' in the memo line of your
 payment.
 You may also find a copy of the source at
 \url{http://www.example.com/sources/Y/}.
 This offer is valid to anyone in receipt of this information.
 \end{quote}
 There are a few important details about this offer.  First, it requires a
 copying fee.  GPLv2 permits ``a charge no more than your cost of
 physically performing source distribution''.  This fee must be reasonable.
 If your cost of copying and mailing a CD is more than around \$10, you
 should perhaps find a cheaper CD stock and shipment method.  It is simply
 not in your interest to try to overcharge the community.  Abuse of this
 provision in order to make a for-profit enterprise of source code
 provision will likely trigger enforcement action.
 Second, note that the last line makes the offer valid to anyone who
 requests the source.  This is because v2~\S~3(b) requires that offers be
 ``to give any third party'' a copy of the Corresponding Source.  GPLv3 has
 a similar requirement, stating that an offer must be valid for ``anyone
 who possesses the object code''.  These requirements indicated in
 v2~\S~3(c) and v3~\S~6(c) are so that noncommercial redistributors may
 pass these offers along with their distributions.  Therefore, the offers
 must be valid not only to your customers, but also to anyone who received
 a copy of the binaries from them.  Many distributors overlook this
 requirement and assume that they are only required to fulfill a request
 from their direct customers.
 The option to provide an offer for source rather than direct source
 distribution is a special benefit to companies equipped to handle a
 fulfillment process.  GPLv2~\S~3(c) and GPLv3~\S~6(c) avoid burdening
 noncommercial, occasional redistributors with fulfillment request
 obligations by allowing them to pass along the offer for source as they
 received it.
 Note that commercial redistributors cannot avail themselves of the option
 (c) exception, and so while your offer for source must be good to anyone
 who receives the offer (under v2) or the object code (under v3), it
 \emph{cannot} extinguish the obligations of anyone who commercially
 redistributes your product.  The license terms apply to anyone who
 distributes GPL'd software, regardless of whether they are the original
 distributor.  Take the example of Vendor $V$, who develops a software
 platform from GPL'd sources for use in embedded devices.  Manufacturer $M$
 contracts with $V$ to install the software as firmware in $M$'s device.
 $V$ provides the software to $M$, along with a compliant offer for source.
 In this situation, $M$ cannot simply pass $V$'s offer for source along to
 its customers.  $M$ also distributes the GPL'd software commercially, so
 $M$ too must comply with the GPL and provide source (or $M$'s \emph{own}
 offer for source) to $M$'s customers.
 This situation illustrates that the offer for source is often a poor
 choice for products that your customers will likely redistribute.  If you
 include the source itself with the products, then your distribution to
 your customers is compliant, and their (unmodified) distribution to their
 customers is likewise compliant, because both include source.  If you
 include only an offer for source, your distribution is compliant but your
 customer's distribution does not ``inherit'' that compliance, because they
 have not made their own offer to accompany their distribution.
 The terms related to the offer for source are quite different if you
 distribute under GPLv3.  Under v3, you may make source available only over
 a network server, as long as it is available to the general public and
 remains active for three years from the last distribution of your product
 or related spare part.  Accordingly, you may satisfy your fulfillment
 obligations via Internet-only distribution.  This makes the ``offer for
 source'' option less troublesome for v3-only distributions, easing
 compliance for commercial redistributors.  However, before you switch to a
 purely Internet-based fulfillment process, you must first confirm that you
 can actually distribute \emph{all} of the software under GPLv3.  Some
 programs are indeed licensed under ``GPLv2, \emph{or any later version}''
 (often abbreviated ``GPLv2-or-later'').  Such licensing gives you the
 option to redistribute under GPLv3.  However, a few popular programs are
 only licensed under GPLv2 and not ``or any later version''
 (``GPLv2-only'').  You cannot provide only Internet-based source request
 fulfillment for the latter programs.
 If you determine that all GPL'd works in your whole product allow upgrade
 to GPLv3 (or were already GPLv3'd to start), your offer for source may be
 as simple as this:
 \begin{quote}
 The software included in this product contains copyrighted software that
 is licensed under the GPLv3\@.  A copy of that license is included in this
 document on page $X$\@.  You may obtain the complete Corresponding Source
 code from us for a period of three years after our last shipment of this
 product and/or spare parts therefor, which will be no earlier than
 -08-01, on our website at
 \url{http://www.example.com/sources/productnum/}.
 \end{quote}
 \medskip
 Under both GPLv2 and GPLv3, source offers must be accompanied by a copy of
 the license itself, either electronically or in print, with every
 distribution.
 Finally, it is unacceptable to use option (b) merely because you do not have
 Corresponding Source ready.  We find that some companies choose this option
 because writing an offer is easy, but producing a source distribution as
 an afterthought to a hasty development process is difficult.  The offer
 for source does not exist as a stop-gap solution for companies rushing to
 market with an out-of-compliance product.  If you ship an offer for source
 with your product but cannot actually deliver \emph{immediately} on that
 offer when your customers request it, you should expect an enforcement
 action.
 \subsection{Option (c): Noncommercial Offers}
 As discussed in the last section, GPLv2~\S~3(c) and GPLv3~\S~6(c) apply
 only to noncommercial use.  These options are not available to businesses
 distributing GPL'd software.  Consequently, companies that redistribute
 software packaged for them by an upstream vendor cannot merely pass along
 the offer they received from the vendor; they must provide their own offer
 or corresponding source to their distributees.  We talk in detail about
 upstream software providers in \S~\ref{upstream}.
 \subsection{Option 6(d) in GPLv3: Internet Distribution}
 Under GPLv2, your formal provisioning options for Corresponding Source
 ended with \S~3(c).  But even under GPLv2, pure Internet source
 distribution was a common practice and generally considered to be
 compliant.  GPLv2 mentions Internet-only distribution almost as aside in
 the language, in text at the end of the section after the three
 provisioning options are listed.  To quote that part of GPLv2~\S~3:
 \begin{quote}
 If distribution of executable or object code is made by offering access to
 copy from a designated place, then offering equivalent access to copy the
 source code from the same place counts as distribution of the source code,
 even though third parties are not compelled to copy the source along with
 the object code.
 \end{quote}
 When that was written in 1991, Internet distribution of software was the
 exception, not the rule.  Some FTP sites existed, but generally software
 was sent on magnetic tape or CDs.  GPLv2 therefore mostly assumed that
 binary distribution happened on some physical media.  By contrast,
 GPLv3~\S~6(d) explicitly gives an option for this practice that the
 community has historically considered GPLv2-compliant.
 Thus, you may fulfill your source-provision obligations by providing the
 source code in the same way and from the same location.  When exercising
 this option, you are not obligated to ensure that users download the
 source when they download the binary, and you may use separate servers as
 needed to fulfill the requests as long as you make the source as
 accessible as the binary.  However, you must ensure that users can easily
 find the source code at the time they download the binary. GPLv3~\S~6(d)
 thus clarifies a point that has caused confusion about source provision in
 v2.  Indeed, many such important clarifications are included in v3 which
 together provide a compelling reason for authors and redistributors alike
 to adopt GPLv3.
 \subsection{Option 6(e) in GPLv3: Software Torrents}
 Peer-to-peer file sharing arose well after GPLv2 was written, and does not
 easily fit any of the v2 source provision options.  GPLv3~\S~6(e)
 addresses this issue, explicitly allowing for distribution of source and
 binary together on a peer-to-peer file sharing network.  If you distribute
 solely via peer-to-peer networks, you can exercise this option.  However,

enforcement-case-studies.tex

➞

Show inline comments

 %      Tutorial Text for the Detailed Study and Analysis of GPL and LGPL course
 % License: CC-By-SA-4.0
 % The copyright holders hereby grant the freedom to copy, modify, convey,
 % Adapt, and/or redistribute this work under the terms of the Creative
 % Commons Attribution Share Alike 4.0 International License.
 % This text is distributed in the hope that it will be useful, but
 % WITHOUT ANY WARRANTY; without even the implied warranty of
 % MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 % You should have received a copy of the license with this document in
 % a file called 'CC-By-SA-4.0.txt'.  If not, please visit
 % https://creativecommons.org/licenses/by-sa/4.0/legalcode to receive
 % the license text.
 \part{Case Studies in GPL Enforcement}
 {\parindent 0in
 This part is: \\
 \begin{tabbing}
 Copyright \= \copyright{} 2003, 2004, 2014 \hspace{1mm} \= \hspace{1.mm} \=  \kill
 Copyright \> \copyright{} 2014 \>  Bradley M. Kuhn. \\
 Copyright \> \copyright{} 2014 \>  Denver Gingerich \\
 Copyright \> \copyright{} 2003, 2004, 2014 \> Free Software Foundation, Inc. \\
 \end{tabbing}
 \vspace{.2in}
 \begin{center}
 The copyright holders hereby grant the freedom to copy, modify, convey,
 Adapt, and/or redistribute this work under the terms of the Creative Commons
 Attribution Share Alike 4.0 International License.  A copy of that license is
 available at \url{https://creativecommons.org/licenses/by-sa/4.0/legalcode}.
 \end{center}
 \vfill
 This part includes material from many sources, including the following
+This part includes material from many sources, including some material from the following
 CC-By-SA-licensed published works: \\
 \begin{itemize}
 \item \textit{Enforcement Case Studies}, written by Bradley M. Kuhn and published by the Free
   Software Foundation for its CLE courses  on 2004-01-20, 2004-08-24, and 2014-03-24.
 \end{itemize}
 However, this work is primarily composed of the many contributions it
 receives as a public, collaborative project.  Please
 \href{https://gitorious.org/copyleft-org/tutorial/history/master:enforcement-case-studies.tex}{review
   its Git logs} for full documentation of all contributions.
+}
 % =====================================================================
 % START OF SECOND DAY SEMINAR SECTION
 % =====================================================================
 \chapter*{Preface}
 This one-day course presents the details of five different GPL
 compliance cases handled by FSF's GPL Compliance Laboratory. Each case
 offers unique insights into problems that can arise when the terms of
 the GPL are not properly followed, and how diplomatic negotiation between
 the violator and the copyright holder can yield positive results for
 both parties.
 Attendees should have successfully completely the course, a ``Detailed
 Study and Analysis of the GPL and LGPL,'' as the material from that
 course forms the building blocks for this material.
 This course is of most interest to lawyers who have clients or
 employers that deal with Free Software on a regular basis. However,
 technical managers and executives whose businesses use or distribute
 Free Software will also find the course very helpful.
 \bigskip
 These course materials are merely a summary of the highlights of the
 course presented. Please be aware that during the actual GPL course, class
 discussion supplements this printed curriculum. Simply reading it is
 not equivalent to attending the course.
 %FIXME-LATER: write these
 %\chapter{Not All GPL Enforcement is Created Equal}
 %\section{For-Profit Enforcement}
 %\section{Community and Non-Profit Enforcement}
 \chapter{Overview of Community Enforcement}
 The GPL is a Free Software license with legal teeth. Unlike licenses like
 the X11-style or various BSD licenses, the GPL (and by extension, the LGPL) is
 designed to defend as well as grant freedom. We saw in the last course
 that the GPL uses copyright law as a mechanism to grant all the key freedoms
 essential in Free Software, but also to ensure that those freedoms
 propagate throughout the distribution chain of the software.
 \section{Termination Begins Enforcement}
 As we have learned, the assurance that Free Software under the GPL remains
 Free Software is accomplished through various terms of the GPL: \S 3 ensures
 that binaries are always accompanied with source; \S 2 ensures that the
 sources are adequate, complete and usable; \S 6 and \S 7 ensure that the
 license of the software is always the GPL for everyone, and that no other
 legal agreements or licenses trump the GPL. It is \S 4, however, that ensures
 that the GPL can be enforced.
 Thus, \S 4 is where we begin our discussion of GPL enforcement. This
 clause is where the legal teeth of the license are rooted. As a copyright
 license, the GPL governs only the activities governed by copyright law ---
 copying, modifying and redistributing computer software. Unlike most
 copyright licenses, the GPL gives wide grants of permission for engaging with
 these activities. Such permissions continue, and all parties may exercise
 them until such time as one party violates the terms of the GPL\@. At the
 moment of such a violation (i.e., the engaging of copying, modifying or
 redistributing in ways not permitted by the GPL) \S 4 is invoked. While other
 parties may continue to operate under the GPL, the violating party loses their
 rights.
 Specifically, \S 4 terminates the violators' rights to continue
 engaging in the permissions that are otherwise granted by the GPL\@.
 Effectively, their rights revert to the copyright defaults ---
 no permission is granted to copy, modify, nor redistribute the work.
 Meanwhile, \S 5 points out that if the violator has no rights under
 the GPL, they are prohibited by copyright law from engaging in the
 activities of copying, modifying and distributing. They have lost
 these rights because they have violated the GPL, and no other license
 gives them permission to engage in these activities governed by copyright law.
 \section{Ongoing Violations}
 In conjunction with \S 4's termination of violators' rights, there is
 one final industry fact added to the mix: rarely does one engage in a
 single, solitary act of copying, distributing or modifying software.
 Almost always, a violator will have legitimately acquired a copy of a
 GPL'd program, either making modifications or not, and then begun
 distributing that work. For example, the violator may have put the
 software in boxes and sold them at stores. Or perhaps the software
 was put up for download on the Internet. Regardless of the delivery
 mechanism, violators almost always are engaged in {\em ongoing\/}
 violation of the GPL\@.
 In fact, when we discover a GPL violation that occurred only once --- for
 example, a user group who distributed copies of a GNU/Linux system without
 source at one meeting --- we rarely pursue it with a high degree of
 tenacity. In our minds, such a violation is an educational problem, and
 unless the user group becomes a repeat offender (as it turns out, they
 never do), we simply forward along a FAQ entry that best explains how user
 groups can most easily comply with the GPL, and send them on their merry way.
 It is only the cases of {\em ongoing\/} GPL violation that warrant our
 active attention. We vehemently pursue those cases where dozens, hundreds
 or thousands of customers are receiving software that is out of
 compliance, and where the company continually offers for sale (or
 distributes gratis as a demo) software distributions that include GPL'd
 components out of compliance. Our goal is to maximize the impact of
 enforcement and educate industries who are making such a mistake on a
 large scale.
 In addition, such ongoing violation shows that a particular company is
 committed to a GPL'd product line. We are thrilled to learn that someone
 is benefiting from Free Software, and we understand that sometimes they
 become confused about the rules of the road. Rather than merely
 giving us a postmortem to perform on a past mistake, an ongoing violation
 gives us an active opportunity to educate a new contributor to the GPL'd
 commons about proper procedures to contribute to the community.
 Our central goal is not, in fact, to merely clear up a particular violation.
 In fact, over time, we hope that our compliance lab will be out of
 business. We seek to educate the businesses that engage in commerce
 related to GPL'd software to obey the rules of the road and allow them to
 operate freely under them. Just as a traffic officer would not revel in
 reminding people which side of the road to drive on, so we do not revel in
 violations. By contrast, we revel in the successes of educating an
 ongoing violator about the GPL so that GPL compliance becomes a second-nature
 matter, allowing that company to join the GPL ecosystem as a contributor.
 \section{How are Violations Discovered?}
 Our enforcement of the GPL is not a fund-raising effort; in fact, FSF's GPL
 Compliance Lab runs at a loss (in other words, it is subsided by our
 donors). Our violation reports come from volunteers, who have encountered,
 in their business or personal life, a device or software product that
 appears to contain GPL'd software. These reports are almost always sent
 via email to $<$license-violation@fsf.org$>$.
 Our first order of business, upon receiving such a report, is to seek
 independent confirmation. When possible, we get a copy of the software
 product. For example, if it is an offering that is downloadable from a
 Web site, we download it and investigate ourselves. When it is not
 possible for us to actually get a copy of the software, we ask the
 reporter to go through the same process we would use in examining the
 software.
 By rough estimation, about 95\% of violations at this stage can be
 confirmed by simple commands. Almost all violators have merely made an
 error and have no nefarious intentions. They have made no attempt to
 remove our copyright notices from the software. Thus, given the
 third-party binary, {\tt tpb}, usually, a simple command (on a GNU/Linux
 system) such as the following will find a Free Software copyright notice
 and GPL reference:
 \begin{quotation}
 {\tt strings tpb | grep Copyright}
 \end{quotation}
 In other words, it is usually more than trivial to confirm that GPL'd
 software is included.
 Once we have confirmed that a violation has indeed occurred, we must then
 determine whose copyright has been violated. Contrary to popular belief,
 FSF does not have the power to enforce the GPL in all cases. Since the GPL
 operates under copyright law, the powers of enforcement --- to seek
 redress once \S 4 has been invoked --- lie with the copyright holder of
 the software. FSF is one of the largest copyright holders in the world of
 GPL'd software, but we are by no means the only one. Thus, we sometimes
 discover that while GPL'd code is present in the software, there is no
 software copyrighted by FSF present.
 In cases where FSF does not hold copyright interest in the software, but
 we have confirmed a violation, we contact the copyright holders of the
 software, and encourage them to enforce the GPL\@. We offer our good offices
 to help negotiate compliance on their behalf, and many times, we help as a
 third party to settle such GPL violations. However, what we will describe
 primarily in this course is FSF's first-hand experience enforcing its own
 copyrights and the GPL\@.
 \section{First Contact}
 The Free Software community is built on a structure of voluntary
 cooperation and mutual help. Our community has learned that cooperation
 works best when you assume the best of others, and only change policy,
 procedures and attitudes when some specific event or occurrence indicates
 that a change is necessary. We treat the process of GPL enforcement in
 the same way. Our goal is to encourage violators to join the cooperative
 community of software sharing, so we want to open our hand in friendship.
 Therefore, once we have confirmed a violation, our first assumption is
 that the violation is an oversight or otherwise a mistake due to confusion
 about the terms of the license. We reach out to the violator and ask them
 to work with us in a collaborative way to bring the product into
 compliance. We have received the gamut of possible reactions to such
 requests, and in this course, we examine four specific examples of such
 compliance work.
 % FIXME: make this section properly TeX-formatted
 \chapter{ThinkPenguin Wireless Router: Excellent CCS}
 \label{pristine-example}
 Too often, case studies examine failure and mistakes.  Indeed, most of the
 chapters that follow herein will consider the myriad difficulties discovered
 in community-oriented GPL enforcement for the last two decades.  However, to
 begin, this is a case study in how copyleft compliance can indeed be done correctly.
 This example is, in fact, more than ten years in the making.  Since almost
 the inception of for-profit corporate adoption of Free Software, companies
 have requested a clear example of a model citizen to emulate.  Sadly, while
 community-oriented enforcers have vetted uncounted thousands of ``Complete,
 Corresponding Source'' (CCS) candidates from hundreds of companies, this
 particular CCS release described herein is the first ever declared a ``pristine
 example''.
 % FIXME (above): link to a further discussion of CCS in the compliance guide
 % when a good spot exists, then (below) link to a ``CCS iteration''
 % discussion in compliance-guide.tex when one exists.  (the ``iteration
 % process'' is discussed in~\ref{} of this guide)
 Of course, most CCS examined for the last decade has (eventually) complied
 with the GPL, perhaps after many iterations of review by the enforcer.
 However, in the experience of the two primary community-oriented enforcers
 (Conservancy and the FSF), such CCS results routinely
 ``barely comply with GPL's requirements''.  To use an academic analogy:
 while a ``C'' is certainly a passing grade, any instructor prefers to
 disseminate to the class an exemplar sample that earned an ``A''.
 Fortunately, thanks in large part to the FSF's
 ``Respects Your Freedom'' (RYF) certification campaign\footnote{\href{http://www.fsf.org/resources/hw/endorsement/respects-your-freedom}{RYF is
     a campaign by FSF to certify products that truly meet the principles of
     software freedom}.  Products must meet
   \href{http://www.fsf.org/resources/hw/endorsement/criteria}{strict
     standards for RYF certification}, and among them is a pristine example of
   CCS\@.}, a few electronics products on the market meet
 a higher standard of copyleft compliance.  As such, for the first
 time in the history of copyleft, CCS experts have pristine examples to study
 and present as exemplars worthy of emulation.
 This case study therefore examines the entire life-cycle of a GPL compliance
 investigation: from product purchase, to source request, to CCS review, and concluding
 in a final compliance determination.
 Specifically, this chapter discusses the purchase, CCS provision, and a
 step-by-step build and installation analysis of a specific, physical,
 embedded electronics product:
 \href{https://www.thinkpenguin.com/gnu-linux/free-software-wireless-n-broadband-router-gnu-linux-tpe-nwifirouter}{the
   ``TPE-NWIFIROUTER'' wireless router by ThinkPenguin}.\footnote{The FSF of
   course performed a thorough CCS check as part of its certification process.
   The analysis discussed herein was independently performed by Software
   Freedom Conservancy without reviewing the FSF's findings.  Thus, this
   analysis is ``true to form'', and explains the typical procedures Conservancy
   uses when investigating a potential GPL violation.  In this case, obviously, no
   violation was uncovered.}
 \section{Consumer Purchase and Unboxing}
 The process for copyleft compliance investigation, when properly conducted,
 determines whether users inclined to exercise their rights under a copyleft
 license will be successful in their attempt.  Therefore, at every stage, the
 investigator seeks to take actions that reasonably technically knowledgeable
 users would during the ordinary course of their acquisition and use of
 copyleft-covered products.  As such, the investigator typically purchases the device on the
 open market to verify that distribution of the copylefted software therein
 complies with binary distribution requirements (such as those
 \tutorialpartsplit{discussed in \textit{Detailed Analysis of the GNU GPL and
     Related Licenses}}{discussed earlier in \S~\ref{GPLv2s3} and
   \S~\ref{GPLv3s6}}).
 % FIXME: Above is my only use of \tutorialpartsplit in this chapter.  I just
 % got lazy and that should be fixed by someone.
 \label{thinkpenguin-included-ccs}
 Therefore, the investigator first purchased the TPE-NWIFIROUTER through an
 online order, and when the package arrived, examined the contents of the box.
 The investigator immediately discovered that ThinkPenguin had taken advice
 from \S~\ref{offer-for-source}, and exercised
 \hyperref[GPLv2s3a]{GPLv2\S3(a)} and \hyperref[GPLv3s6]{GPLv3\S6}, rather than
 using the \hyperref[offer-for-source]{problematic offer for source
   provisions}.  This choice not only accelerated the investigation (since there
 was no CCS offer to ``test''), but also simplified the compliance requirements for
 ThinkPenguin.
 \section{Root Filesystem and Kernel Compilation}
 The CD found in the box was labeled ``libreCMC v1.2.1 source code'', and
 contained 407 megabytes of data.  The investigator copied this ISO to a
 desktop GNU/Linux system and
 examined its contents.  Upon doing so, the investigator immediately found a
 file called ``README'' at the top-level directory:
 \lstset{tabsize=2}
 \begin{lstlisting}[language=bash]
 $ dd if=/dev/cdrom of=libreCMC_v1.2.1_SRC.iso
 $ mkdir libCMC
 $ sudo mount -o loop ./libreCMC_v1.2.1_SRC.iso libCMC
 mount: block device /path/to/libreCMC_v1.2.1_SRC.iso
        is write-protected, mounting read-only
 $ ls -1 libCMC
 bin
 librecmc-u-boot.tar.bz2
 librecmc-v1.2.1.tar.bz2
 README
 u-boot_reflash
 $ cat libCMC/README
 ...
 \end{lstlisting}
 \label{thinkpenguin-toplevel-readme}
 The investigator therefore knew immediately to begin the CCS check should
 begin with a study of the contents of ``README''.  Indeed, that file contained the appropriate
 details to start the build:
 \begin{quotation}
 In order to build firmware images for your router, the following needs to be
 installed:
 gcc, binutils, bzip2, flex, python, perl, make, find, grep, diff, unzip,
 gawk, getopt, libz-dev and libc headers.
 Please use ``make menuconfig'' to configure your appreciated configuration
 for the toolchain and firmware. Please note that the default configuration is
 what was used to build the firmware image for your router. It is advised that
 you use this configuration.
 Simply running ``make'' will build your firmware.  The build system will
 download all sources, build the cross-compile toolchain, the kernel and all
 chosen applications.
 To build your own firmware you need to have access to a GNU/Linux system
 (case-sensitive filesystem required).
 \end{quotation}
 In other words, the first ``script'' that investigator ``ran'' was the above.
 This was not a software script, rather the processor for the script was the investigator's own
 brain --- like a script of a play.  Less glibly stated: instructions written in
 English are usually necessary for the build and installation operations
 that demand actual intelligence.
 In this case, the investigator ascertained the host system requirements
 for construction of this embedded firmware.
 GPL does not give specific guidance on the form or location of
 ``scripts used to control compilation and installation of the executable''
 and/or ``Installation Information''.  Community-oriented GPL enforcers apply a
 ``reasonableness standard'' to evaluate such instructions.  If an investigator of
 average skill in embedded firmware construction can surmise the proper
 procedures to build and install a replacement firmware, the instructions are
 likely sufficient to meet GPL's requirements.  Fortunately, in this case, the
 instructions are more abundant and give extra detail.
 Nevertheless, these instructions offer more options than the reader
 typically sees in other CCS candidates.  More typically, top-level build
 instructions name an exact host distribution to use, such as
 ``Debian 7 installed on an amd64 system with the following packages
 installed''.  Of course, if the build will fail on any other system,
 instructions \textit{should} include such details.  However, this CCS builds
 on a wide range of distributions, and thus it was appropriate (and preferred)
 that the build instructions do not  specify a specific distribution.
 \label{thinkpenguin-specific-host-system}
 In this specific case, the developers of the libreCMC project (a Free
 Software project that forms the base system for the TPE-NWIFIROUTER) have
 clearly made an effort to ensure the CCS builds on a variety of host systems.
 The investigator was in fact dubious upon seeing these instructions, since
 finicky embedded build processes usually require a very specific host system.
 Fortunately, it seems such doubts were generally unfounded (although the
 investigator did find
 \hyperref[thinkpenguin-glibc-214-issue]{a minor annoyance that could be
   resolved with more detailed instructions}).
 Anyway, since these instructions did not specify a specific host system, the
 investigator simply used his own amd64 Debian GNU/Linux 6 desktop system.  Before
 beginning, the investigator used the following command:
 \lstset{tabsize=2}
 \begin{lstlisting}[language=bash]
 $ dpkg --list | egrep '^iii' | less
 \end{lstlisting}
 to verify that the required packages listed in the README were
 installed\footnote{The ``dpkg'' command is a Debian-specific way of
   finding installed packages.}.
 Next, the investigator then extracted the primary source package with the
 following command:
 \lstset{tabsize=2}
 \begin{lstlisting}[language=bash]
 $ tar --posix -jxpf libCMC/librecmc-v1.2.1.tar.bz2
 \end{lstlisting}
 The investigator did notice an additional source release, entitled
 ``librecmc-u-boot.tar.bz2''.  The investigator concluded upon simple
 inspection that the instructions found in ``u-boot\verb0_0reflash'' were
 specific instructions for that part of the CCS\@.  This was a minor
 annoyance, and ideally the ``README'' would so-state, but the CCS filesystem
 layout met the reasonableness standard; the skilled investigator determine the correct
 course of action with a few moments of study.
 The investigator then noted the additional step offered by the ``README'',
 which read:
 \begin{quotation}
 Please use ``make menuconfig'' to configure your appreciated configuration
 for the toolchain and firmware. Please note that the default configuration is
 what was used to build the firmware image for your router. It is advised that
 you use this configuration.
 \end{quotation}
 This instruction actually exceeds GPL's requirements.
 Specifically, the instruction guides users in their first step toward
 exercising the freedom to modify the software.  While the GPL does contain
 requirements that facilitate the freedom to modify (such as ensuring the CCS is
 in the ``preferred form \ldots for making modifications to it''), GPL
 does not require specific instructions explaining how to undertake
 modifications.  This specific instruction therefore exemplifies
 the exceptional quality of this particular CCS\@.
 %FIXME: add a \hyperref to some ``preferred for for modification'' stuff above.
 However, for purposes of the CCS verification process, typically the
 investigator avoids any unnecessary changes to the source code during the
 build process, lest the investigator err and cause the build to fail through
 his own modification, and thus incorrectly identify the CCS as inadequate.
 Therefore, the investigator proceeded to simply run:
 \lstset{tabsize=2}
 \begin{lstlisting}[language=bash]
 $ cd libCMC
 $ make
 \end{lstlisting}
 and waited approximately 40 minutes for the build to complete\footnote{Build
   times will likely vary widely on various host systems.}.  The investigator
 kept a
 \href{https://gitorious.org/copyleft-org/tutorial/source/master:enforcement-case-studies_log-output/thinkpenguin_librecmc-complete.log}{full
   log of the build}, which is not included herein due its size (approximately
 .2K of text).
 \label{thinkpenguin-main-build}
 Upon completion of the ``make'' process, the investigator immediately found
 (almost to his surprise) several large firmware files in the ``bin/ar71xx''
 directory.  Typically, this step in the CCS verification process is
 harrowing.  In most cases, the ``make'' step will fail due to a missing
 package or because toolchain paths are not setup correctly.
 In light of such experiences, the investigator speculated that ThinkPenguin's engineers did
 the most important step in self-CCS verification: test one's own instructions
 on a clean system.  Ideally, an employee with similar skills but
 unfamiliar with the specific product can most easily verify CCS  and identify
 problems before a violation occurs.
 % FIXME: Is there stuff about the above in the compliance guide?  If so, link
 % to it.  If not, write it, then link to it. :)
 However, upon completing the ``make'', the investigator was unclear which
 filesystem and kernel images to install on the TPE-NWIFIROUTER hardware.
 Ideally, the original ``README'' would indicate which image is appropriate
 for the included hardware.  However, this was ultimately an annoyance rather
 than a compliance issue.  Fortunately,
 the web UI (see next section) on the TPE-NWIFIROUTER performs firmware image
 installation.  Additionally, the router's version number was specified on the
 bottom of the device, which indicated which of the differently-versioned images
 we should install.  The investigator would prefer instructions such as
 those found at
 \url{http://librecmc.org/librecmc/wiki?name=Tp+MR3020}{instructions similar
   to these} in the README itself; however, application of the reasonableness
 standard here again indicates compliance, since a knowledgeable user can easily
 determine the proper course of action.
 \section{U-Boot Compilation}
 %FIXME: link to u-boot reflash, maybe put it in log-output dir?
 The investigator then turned his attention to the file,
 ``u-boot\verb0_0reflash''.  These instructions explained how to
 build and install the bootloader for the device.
 The investigator followed the instructions for compiling U-Boot, and found
 them quite straight-forward.  The investigator discovered two minor
 annoyances, however, while building U-Boot:
 \begin{itemize}
  \item The variable \verb0$U-BOOT_SRC0 was used as a placeholder for the name
    of the extracted source directory.  This was easy to surmise and was not a
    compliance issue (per the reasonableness standard), but explicitly stating
    that fact at the top of the instructions would be helpful.
 \label{thinkpenguin-glibc-214-issue}
 \item Toolchain binaries were included and used by default by the build
   process.  These binaries were not the appropriate ones for the
   investigator's host system, and the build failed with the following error:
 \lstset{tabsize=2}
 \begin{lstlisting}
 mips-librecmc-linux-uclibc-gcc.bin: /lib/libc.so.6:
    version `GLIBC`_2.14' not found
    (required by mips-librecmc-linux-uclibc-gcc.bin)
 \end{lstlisting}
    (The
 \href{https://gitorious.org/copyleft-org/tutorial/source/master:enforcement-case-studies_log-output/thinkpenguin_u-boot-build_fail.log}{complete
   log output from the failure} is too lengthy to include herein.)
    This issue is an annoyance, not a compliance problem.  It was clear from
    context that these binaries were simply for a different host architecture, and
    the investigator simply removed ``toolchain/bin'' and created a symlink to
    utilize the toolchain already built earlier (during the compilation
    discussed in \S~\ref{thinkpenguin-main-build}):
 \lstset{tabsize=2}
 \begin{lstlisting}
 $ ln -s \
   ../../staging_dir/toolchain-mips_34kc_gcc-4.6-linaro_uClibc-0.9.33.2/bin \
   toolchain/bin
 \end{lstlisting}
    After this change, the U-Boot build completed successfully.
 \end{itemize}
 The
 \href{https://gitorious.org/copyleft-org/tutorial/source/master:enforcement-case-studies_log-output/thinkpenguin_u-boot-finish_build.log}{full
   log of the build} is not included herein due its size (approximately 3.8K
 of text).  After that, the investigator found a new U-Boot image in the
 ``bin'' directory.
 \section{Root Filesystem and Kernel Installation}
 The investigator next tested installation of the firmware.  In particular,
 the investigator connected the TPE-NWIFIROUTER to a local network, and
 visited \url{http://192.168.10.1/}, logged in, and chose the option sequence:
 ``System $\Rightarrow$ Backup / Flash Firmware''.
 From there, the investigator chose the ``Flash new firmware image'' section
 and selected the
 ``librecmc-ar71xx-generic-tl-wr841n-v8-squashfs-sysupgrade.bin'' image from
 the ``bin/ar71xx'' directory.  The investigator chose the ``v8'' image upon
 verifying the physical router read ``v8.2'' on its bottom.  The investigator
 chose the ``sysupgrade'' version of the image because this was clearly a
 system upgrade (as a firmware already came preinstalled on the
 TPE-NWIFIROUTER).
 Upon clicking ``Flash image\ldots'', the web interface prompted the
 investigator to confirm the MD5 hash of the image to flash.  The investigator
 did so, and then clicked ``Proceed'' to flash the image.  The process took
 about one minute, at which point the web page refreshed to the login screen.
 Upon logging in, the investigator was able to confirm in the ``Kernel Log''
 section of the web interface that the newly built copy of Linux had indeed been
 installed.
 The investigator confirmed that a new version of ``busybox'' had also been
 installed by using SSH to connect to the router and ran the command
 ``busybox'', which showed the newly-compiled version (via its date of
 compilation).
 %FIXME: dg: can you get me  a screen shot for the Kernel Log above, and paste
 %in the output of running busybox ?
 %FIXME: bkuhn: the screen shot for the Kernel Log is in the log output dir at
 %thinkpenguin_librecmc-built-kernel_log.png and the BusyBox output is in the
 %same directory at thinkpenguin_librecmc-built-busybox_output.log - you may want
 %to only use part of the BusyBox output (maybe even just the login) for brevity
 \section{U-Boot Installation}
 The U-Boot installation process is substantially more complicated than the
 firmware update.  The investigator purchased the optional serial cable
 along with the TPE-NWIFIROUTER, in order to complete the U-Boot installation
 per the instructions in ``u-boot\verb0_0reflash'' in its section ``Installing
 u-boot to your router'', which reads:
 \begin{quotation}
   \begin{enumerate}
     \item Install and configure any TFTP server on your PC (tftp-hpa).
        Set a fixed IP address on your PC \ldots and connect it to the router,
        using RJ45 network cable \ldots
  \item Connect USB to UART adapter to the router and start any application to
    communicate with it, like PuTTY. \ldots
    \item Power on the router, wait for a line like one of the following and
      interrupt the process of loading a kernel:
 \begin{verbatim}
  Autobooting in 1 seconds
       (for most TP-Link routers, you should enter tpl at this point)
 Hit ESC key to stop autoboot: 1 (for 8devices Carambola 2, use ESC key)
  Hit any key to stop autoboot: 1 (for D-Link DIR-505, use any key)
 \end{verbatim}
 \item   Set ipaddr and serverip environment variables:
 \lstset{tabsize=2}
 \begin{lstlisting}
     hornet> setenv ipaddr 192.168.1.1
     hornet> setenv serverip 192.168.1.2
 \end{lstlisting}
   \end{enumerate}
 \end{quotation}
 %FIXME: image of the serial cable available anywhere to put here:
 %  https://www.adafruit.com/images/970x728/954-02.jpg
 The investigator used the purchased serial cable, which was a USB serial
 adapter with a male USB type A connector to 4 female jumper wires.  The
 female jumper wires were red, black, white, and green.
 The instructions here were slightly incomplete, since they did not specify
 how to connect the wires to the router.  However, the investigator found
 general information available online at
 \url{http://wiki.openwrt.org/toh/tp-link/tl-wr841nd#serial.console} which
 described the proper procedure.  While the ``power'' and ``ground'' cables
 were obvious, some trial and error was necessary to find the RX and TX
 cables, but this was easily determined since miswiring TX and RX yields no
 I/O and proper wiring yields the output as expected.  Using the pin gender
 changer included with the adapter, the investigator was able to stably wire
 the pins for use once the proper RX and TX connections were determined.
 The investigator then used the recommended 115200 8N1 for serial console
 settings, leaving all flow control off, and tested both with the
 \verb0minicom0 and \verb0screen0 commands.  The investigator found that if
 all 4 wires were connected on the USB serial adapter that the router would
 start without additional power and the console would receive the startup
 messages.  The investigator could replicate the same behavior by omitting the
 power cable from the USB serial adapter (red wire) and connecting the main
 power adapter to the router instead.
 At this point, the on-screen messages as described in the installation
 instructions appeared, but the investigator found that no key events sent via
 the serial port appeared to reach the U-Boot console.  In other words, while
 the investigator saw both U-Boot and kernel boot messages in the serial
 console, the investigator was unable to interrupt the boot process as
 instructed by ``u-boot\verb0_0reflash''.  Hitting a key simply did
 \textit{not} interrupt the boot process and yield the \verb0hornet>0 prompt.
 After additional trial and error over a period of hours, the investigator had
 finally to consider this question for the first time during the process:
 ``Has ThinkPenguin violated the GPL?'' More specifically, the immediate
 question was: ``Given this failure, has the distributor met
 \hyperref[GPLv2s3-build-scripts]{the requirements for `scripts used to
   control \ldots installation of the executable' (GPLv2)} and
 \hyperref[GPLv3-installation-information]{necessary `Installation
   Information' (GPLv3)}?''
 The appropriate answer to the question (at this specific stage) is ``possibly,
 but more information is needed''.  Embedded installation and configuration is
 a tricky and complex technical process.  While the GPL requires documentation
 and clear instructions for this process, the investigator did not immediately blame the distributor
 for what may be an honest, correctable mistake, or an issue legitimately explained by
 feasible alternative theories.
 In this case, upon remembering the issues of wiring, the investigator wonder
 if perhaps the power pin was accidentally connected for a moment to the RX
 pin while live.  Such action could easily fry the RX pin, and yield the
 observed behavior.  Since the investigator could not rule out the possibility
 of accidental connection of power to the RX pin mentioned, the investigator
 had to assume the instructions would work properly if he had not made that
 error.
 That conclusion, while correct, also left the investigator with only two
 option to complete the final verification of the CCS:
 \begin{itemize}
    \item Purchase a new router and cable anew, and reattempt the installation
      process while taking extra care not to miswire any cables.
    \item Seek assistance from the libreCMC community to find an alternative
      method of installation.
 \end{itemize}
 The investigator chose the latter and then contacted a libreCMC developer
 familiar with the product.  That developer, who  agreed the the RX pin was
 likely ruined, described an alternative method for console access using the
 {\tt netcat}.  The libreCMC developer described the process as follows:
 \begin{quotation}
   \begin{itemize}
   \item Change the IP address of the router to 192.168.1.1.
   \item Change the IP address of a desktop GNU/Linux system to 192.168.1.2.
   \item Power on the router while holding the reset button for 7 seconds.
   \item Use the {\tt netcat} command (as below) on the desktop, and press
     enter to receive U-Boot's prompt:
 \lstset{tabsize=2}
 \begin{lstlisting}[language=bash]
 $ nc -u -p 6666 192.168.1.1 6666
 uboot>
 \end{lstlisting}
   \end{itemize}
 \end{quotation}
 Upon following this procedure, the investigator was able to confirm the
 (original) shipped version of U-Boot was still installed:
 \begin{lstlisting}[language=bash]
 $ nc -u -p 6666 192.168.1.1 6666
 uboot> version
 U-Boot 1.1.4 (Jul 28 2014)
 \end{lstlisting}
 Thereafter, the investigator followed the instructions from
 ``u-boot\verb0_0reflash''.  Specifically, the investigator configured a TFTP server
 and placed the newly built firmware into \texttt{/srv/tftp}.  The investigator
 also followed the remaining instructions in ``u-boot\verb0_0reflash'', but
 used the \texttt{netcat} console rather than the serial console, and
 used U-Boot's \texttt{reset} command to reboot the router.
 Upon reboot, the serial console (still connect with working output) showed
 the message \texttt{U-Boot 1.1.4  (Oct 17 2014)}, and thus confirmed a
 successful reflash of the U-Boot image built by the investigator.
 \section{Firmware Comparison}
 Next, to ensure the CCS did indeed correspond to the firmware original
 installed on the TPE-NWIFIROUTER, the investigator compared the built
 firmware image with the filesystem originally found on the device itself.
 The comparison steps were as follows:
 \begin{enumerate}
 \item Extract the filesystem from the image we built by running
   \href{https://gitorious.org/copyleft-org/gpl-compliance-scripts/source/master:find-firmware.pl}{find-firmware.pl}
   on ``bin/ar71xx/librecmc-ar71xx-generic-tl-wr841n-v8-squashfs-factory.bin''
   and then running
   \href{http://www.binaryanalysis.org/en/content/show/download}{bat-extratools}'
   ``squashfs4.2/squashfs-tools/bat-unsquashfs42'' on the resulting
   morx0.squash, using the filesystem in the new squashfs-root directory for
   comparison.
 \item Login to the router's web interface (at \url{http://192.168.10.1/ }) from a computer
   connected to the router.
 \item Set a password using the provided link at the top (since the router's
   UI warns that no password is set and asks the user to change it).
 \item Logged into the router via SSH, using the root user with the
   aforementioned password.
 \item Compared representative directory listings and binaries to ensure the set of
   included files (on the router) is similar to those found in the firmware
   image that the investigator created (whose contents are now in the local squashfs-root directory).  In
   particular, the investigator did the following comparisons:
   \begin{enumerate}
   \item Listed the /bin folder (``ls -l /bin'') and confirm the list of files is the same
     and that the file sizes are similar.
   \item Checked the ``strings'' output of ``/bin/busybox'' to confirm it is similar in both
    places (similar number of lines and content of lines).  (One cannot directly
    compare the binaries because the slight compilation variations will cause
    some bits to be different.)
  \item Repeated the above two steps for ``/lib/modules'', ``/usr/bin'', and other directories with

gpl-lgpl.tex

➞

Show inline comments

 % gpl-lgpl.tex                                                  -*- LaTeX -*-
 %      Tutorial Text for the Detailed Study and Analysis of GPL and LGPL course
+%
 % License: CC-By-SA-4.0
 % The copyright holders hereby grant the freedom to copy, modify, convey,
 % Adapt, and/or redistribute this work under the terms of the Creative
 % Commons Attribution Share Alike 4.0 International License.
 % This text is distributed in the hope that it will be useful, but
 % WITHOUT ANY WARRANTY; without even the implied warranty of
 % MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 % You should have received a copy of the license with this document in
 % a file called 'CC-By-SA-4.0.txt'.  If not, please visit
 % https://creativecommons.org/licenses/by-sa/4.0/legalcode to receive
 % the license text.
 % FIXME-LATER: I should make a macro like the Texinfo @xref stuff for places
 %      where I'm saying ``see section X in this tutorial'', so that the extra
 %      verbiage isn't there in the HTML versions that I'll eventually do.
 %      Maybe something like that already exists?  In the worst case, I could
 %      adapt @xref from texinfo.texi for it.
 \newcommand{\defn}[1]{\emph{#1}}
 \part{Detailed Analysis of the GNU GPL and Related Licenses}
 \label{gpl-lgpl-part}
 {\parindent 0in
 \tutorialpartsplit{``Detailed Analysis of the GNU GPL and Related Licenses''}{This part} is: \\
 \begin{tabbing}
 Copyright \= \copyright{} 2003--2007, 2014 \hspace{.1mm} \=  \kill
 Copyright \> \copyright{} 2014 \> Bradley M. Kuhn \\
 Copyright \> \copyright{} 2014 \>  Anthony K. Sebro, Jr. \\
 Copyright \> \copyright{} 2003--2007, 2014 \>  Free Software Foundation, Inc. \\
 Copyright \> \copyright{} 2014 \>  Software Freedom Law Center.
 \end{tabbing}
 \vspace{.2in}
 \begin{center}
 The copyright holders of \tutorialpartsplit{``Detailed Analysis of the GNU GPL and Related Licenses''}{this part} hereby grant the freedom to copy, modify,
 convey, Adapt, and/or redistribute this work under the terms of the Creative
 Commons Attribution Share Alike 4.0 International License.  A copy of that
 license is available at
 \verb=https://creativecommons.org/licenses/by-sa/4.0/legalcode=.
 \end{center}
 \vfill
 This part includes material from many sources, including the following
+This part includes material from many sources, including some material from the following
 CC-By-SA-licensed published works: \\
 \begin{itemize}
 \item \textit{Detailed Analysis of the GNU GPL and Related Licenses}, written by
 Bradley M. Kuhn, Daniel B.~Ravicher, and John Sullivan and published by the Free Software Foundation for its CLE courses on 2004-01-20,
 -08-24, and 2014-03-24.
 \item \hrefnofollow{http://gplv3.fsf.org/gpl-rationale-2006-01-16.html}{\textit{GPLv3 First Discussion Draft Rationale}}, written and published by the Free
   Software Foundation on 2006-01-16.
 \item \hrefnofollow{http://gplv3.fsf.org/opinions-draft-2.html}{\textit{GPLv3 Second Discussion Draft Rationale}}, written and published by the Free
   Software Foundation circa 2006-07.
 \item \hrefnofollow{http://gplv3.fsf.org/gpl3-dd3-guide}{\textit{GPLv3 Third Discussion Draft Rationale}}, written and published by the Free
   Software Foundation on   2007-03-28.
 \item \hrefnofollow{http://gplv3.fsf.org/dd3-faq}{\textit{GPLv3  Discussion Draft 3 FAQ}}, written and published by the Free1 Software Foundation on   2007-03-28.
 \item \hrefnofollow{http://gplv3.fsf.org/gpl3-dd4-guide.html}{\textit{GPLv3 Final Discussion Draft Rationale}} written and published by the Free
   Software Foundation onon 2007-05-31.
 \item \hrefnofollow{http://www.gnu.org/licences/gpl3-final-rationale.pdf}{\textit{GPLv3 Final Rationale}}, written and published by the Free
   Software Foundation on 2007-06-29.
 \end{itemize}
 However, this work is primarily composed of the many contributions it
 receives as a public, collaborative project.  Please
 \href{https://gitorious.org/copyleft-org/tutorial/history/master:gpl-lgpl.tex}{review
   its Git logs} for full documentation of all contributions.
+}
 \pagebreak
 \tutorialpartsplit{This tutorial}{This part of the tutorial} gives a
 comprehensive explanation of the most popular Free Software copyright
 license, the GNU General Public License (``GNU GPL'', or sometimes just
 ``GPL'') -- both version 2 (``GPLv2'') and version 3 (``GPLv3'') -- and
 teaches lawyers, software developers, managers and business people how to use
 the GPL (and GPL'd software) successfully both as a community-building
 ``Constitution'' for a software project, and to incorporate copylefted
 software into a new Free Software business and in existing, successful
 enterprises.
 To benefit from this part of the tutorial, readers should
 have a general familiarity with software development processes.  A basic
 understanding of how copyright law applies to software is also helpful.  The
 tutorial is of most interest to lawyers, software developers and managers who
 run or advise software businesses that modify and/or redistribute software
 under the terms of the GNU GPL (or who wish to do so in the future), and those
 who wish to make use of existing GPL'd software in their enterprise.
 Upon completion of this part of the tutorial, readers can expect
 to have learned the following:
 \begin{itemize}
   \item The freedom-defending purpose of various terms in the GNU GPLv2 and GPLv3.
   \item The differences between GPLv2 and GPLv3.
   \item The redistribution options under the GPLv2 and GPLv3.
   \item The obligations when modifying GPLv2'd or GPLv3'd software.
   \item How to build a plan for proper and successful compliance with the GPL.
   \item The business advantages that the GPL provides.
   \item The most common business models used in conjunction with the GPL.
   \item How existing GPL'd software can be used in existing enterprises.
   \item The basics of LGPLv2.1 and LGPLv3, and how they
     differ from the GPLv2 and GPLv3, respectively.
   \item The basics to begin understanding the complexities regarding
     derivative and combined works of software.
 \end{itemize}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 % END OF ABSTRACTS SECTION
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 % START OF DAY ONE COURSE
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \chapter{What Is Software Freedom?}
 Study of the GNU General Public License (herein, abbreviated as \defn{GNU
   GPL} or just \defn{GPL}) must begin by first considering the broader world
 of software freedom. The GPL was not created in a vacuum. Rather, it was
 created to embody and defend a set of principles that were set forth at the
 founding of the GNU project and the Free Software Foundation (FSF) -- the
 preeminent organization that upholds, defends and promotes the philosophy of software
 freedom. A prerequisite for understanding both of the popular versions
 of the GPL
 (GPLv2 and GPLv3) and their terms and conditions is a basic understanding of
 the principles behind them.  The GPL family of licenses are unlike nearly all
 other software licenses in that they are designed to defend and uphold these
 principles.
 \section{The Free Software Definition}
 \label{Free Software Definition}
 The Free Software Definition is set forth in full on FSF's website at
 \verb0http://fsf.org/0 \verb0philosophy/free-sw.html0. This section presents
 an abbreviated version that will focus on the parts that are most pertinent
 to the GPL\@.
 A particular user has software freedom with respect to a particular program if that
 user has the following freedoms:
 \begin{itemize}
 \item The freedom to run the program, for any purpose.
 \item The freedom to study how the program works, and modify it
 \item The freedom to redistribute copies.
 \item The freedom to distribute copies of  modified versions to others.
 \end{itemize}
 The focus on ``a particular user'' is particularly pertinent here.  It is not
 uncommon for a subset of a specific program's user base to have these freedoms, while other
 users of the same version the program have none or only some of these freedoms.
 Section~\ref{Proprietary Relicensing} talks in detail about how
 this can unfortunately happen even if a program is released under the GPL\@.
 Many people refer to software with these freedoms as ``Open Source.''
 Besides having a different political focus than those who call it Free
 Software,\footnote{The political differences between the Free Software
   Movement and the Open Source Movement are documented on FSF's Web site at
   \url{http://www.fsf.org/licensing/essays/free-software-for-freedom.html}.}
 Those who call the software ``Open Source'' are often focused on a side
 issue.  Specifically, user access to the source code of a program is a
 prerequisite to make use of the freedom to modify.  However, the important
 issue is what freedoms are granted in the license of that source code.
 Software freedom is only complete when no restrictions are imposed on how
 these freedoms are exercised.  Specifically, users and programmers can
 exercise these freedoms noncommercially or commercially.  Licenses that grant
 these freedoms for noncommercial activities but prohibit them for commercial
 activities are considered non-free.  Even the Open Source Initiative
 (\defn{OSI}) (the arbiter of what is considered ``Open Source'') also rules
 such licenses not in fitting with its ``Open Source Definition''.
 In general, software for which any of these freedoms are
 restricted in any way is called ``non-Free Software.''  Typically, the
 term ``proprietary software'' is used more or less interchangeably with
 ``non-Free Software.''  Personally, I tend to use the term ``non-Free
 Software'' to refer to noncommercial software that restricts freedom
 (such as ``shareware'') and ``proprietary software'' to refer to
 commercial software that restricts freedom (such as nearly all of
 Microsoft's and Oracle's offerings).
 Keep in mind that none of the terms ``software freedom'', ``open source''
 and ``free software'' are known to be trademarked or otherwise legally
 restricted by any organization in
 any jurisdiction.  As such, it's quite common that these terms are abused and
 misused by parties who wish to bank on the popularity of software freedom.
 When one considers using, modifying or redistributing a software package that
 purports to be Open Source or Free Software, one \textbf{must} verify that
 the license grants software freedom.
 Furthermore, throughout this text, we generally prefer the term ``software
 freedom'', as this is the least ambiguous term available to describe software
 that meets the Free Software Definition.  For example, it is well known and
 often discussed that the adjective ``free'' has two unrelated meanings in
 English: ``free as in freedom'' and ``free as in price''.  Meanwhile, the
 term ``open source'' is even more confusing, because it appears to refer only to the
 ``freedom to study'', which is merely a subset of one of the four freedoms.
 The remainder of this section considers each of each component of software
 freedom in detail.
 \subsection{The Freedom to Run}
 \label{freedom-to-run}
 The first tenet of software freedom is the user's fully unfettered right to
 run the program.  The software's license must permit any conceivable use of
 the software.  Perhaps, for example, the user has discovered an innovative
 use for a particular program, one that the programmer never could have
 predicted.  Such a use must not be restricted.
 It was once rare that this freedom was restricted by even proprietary
 software; but such is quite common today. Most End User License Agreements
 (EULAs) that cover most proprietary software typically restrict some types of
 uses.  Such restrictions of any kind are an unacceptable restriction on
 software freedom.
 \subsection{The Freedom to Change and Modify}
 Perhaps the most useful right of software freedom is the users' right to
 change, modify and adapt the software to suit their needs.  Access to the
 source code and related build and installation scripts are an essential part
 of this freedom.  Without the source code, and the ability to build and
 install the binary applications from that source, users cannot effectively
 exercise this freedom.
 Programmers directly benefit from this freedom.  However, this freedom
 remains important to users who are not programmers.  While it may seem
 counterintuitive at first, non-programmer users often exercise this freedom
 indirectly in both commercial and noncommercial settings.  For example, users
 often seek noncommercial help with the software on email lists and in user
 groups.  To make use of such help they must either have the freedom to
 recruit programmers who might altruistically assist them to modify their
 software, or to at least follow rote instructions to make basic modifications
 themselves.
 More commonly, users also exercise this freedom commercially.  Each user, or
 group of users, may hire anyone they wish in a competitive free market to
 modify and change the software.  This means that companies have a right to
 hire anyone they wish to modify their Free Software.  Additionally, such
 companies may contract with other companies to commission software
 modifications.
 \subsection{The Freedom to Copy and Share}
 Users share Free Software in a variety of ways. Software freedom advocates
 work to eliminate a fundamental ethical dilemma of the software age: choosing
 between obeying a software license and friendship (by giving away a copy of a
 program to your friend who likes the software you are using). Licenses that
 respect software freedom, therefore, permit altruistic sharing of software
 among friends.
 The commercial environment also benefits from this freedom.  Commercial sharing
 includes selling copies of Free Software: that is, Free Software can
 be distributed for any monetary
 price to anyone.  Those who redistribute Free Software commercially also have
 the freedom to selectively distribute (i.e., you can pick your customers) and
 to set prices at any level that redistributor sees fit.
 Of course, most people get copies of Free Software very cheaply (and
 sometimes without charge).  The competitive free market of Free Software
 tends to keep prices low and reasonable.  However, if someone is willing to
 pay billions of dollars for one copy of the GNU Compiler Collection, such a
 sale is completely permitted.
 Another common instance of commercial sharing is service-oriented
 distribution.  For example, some distribution vendors provide immediate
 security and upgrade distribution via a special network service.  Such
 distribution is not necessarily contradictory with software freedom.
 (Section~\ref{Business Models} of this tutorial talks in detail about some
 common Free Software business models that take advantage of the freedom to
 share commercially.)
 \subsection{The Freedom to Share Improvements}
 The freedom to modify and improve is somewhat empty without the freedom to
 share those improvements.  The software freedom community is built on the
 pillar of altruistic sharing of improved Free Software. Historically
 it was typical for a
 Free Software project to sprout a mailing list where improvements
 would be shared
 freely among members of the development community.\footnote{This is still
 commonly the case, though today there are additional ways of
 sharing Free Software.}  Such noncommercial
 sharing is the primary reason that Free Software thrives.
 Commercial sharing of modified Free Software is equally important.
 For commercial support to exist in a competitive free market, all
 developers -- from single-person contractors to large software
 companies -- must have the freedom to market their services as
 augmenters of Free Software.  All forms of such service marketing must
 be equally available to all.
 For example, selling support services for Free Software is fully
 permitted. Companies and individuals can offer themselves as ``the place
 to call'' when software fails or does not function properly.  For such a
 service to be meaningful, the entity offering that service needs the
 right to modify and improve the software for the customer to correct any
 problems that are beyond mere user error.
 Software freedom licenses also permit any entity to distribute modified
 versions of Free Software.  Most Free Software programs have a ``standard
 version'' that is made available from the primary developers of the software.
 However, all who have the software have the ``freedom to fork'' -- that is,
 make available nontrivial modified versions of the software on a permanent or
 semi-permanent basis.  Such freedom is central to vibrant developer and user
 interaction.
 Companies and individuals have the right to make true value-added versions
 of Free Software.  They may use freedom to share improvements to
 distribute distinct versions of Free Software with different functionality
 and features.  Furthermore, this freedom can be exercised to serve a
 disenfranchised subset of the user community.  If the developers of the
 standard version refuse to serve the needs of some of the software's
 users, other entities have the right to create a long- or short-lived fork
 to serve that sub-community.
 \section{How Does Software Become Free?}
 The previous section set forth key freedoms and rights that are referred to
 as ``software freedom''.  This section discusses the licensing mechanisms
 used to enable software freedom.  These licensing mechanisms were ultimately
 created as a community-oriented ``answer'' to the existing proprietary
 software licensing mechanisms.  Thus, first, consider carefully why
 proprietary software exists in the first place.
 \label{explaining-copyright}
 The primary legal regime that applies to software is copyright law.
 Proprietary software exists at all only because copyright law governs
 software.\footnote{This statement is admittedly an oversimplification. Patents and
   trade secrets can cover software and make it effectively non-Free, and one
   can contract away their rights and freedoms regarding software, or source
   code can be practically obscured in binary-only distribution without
   reliance on any legal system.  However, the primary control mechanism for
   software is copyright, and therefore this section focuses on how copyright
   restrictions make software proprietary.} Copyright law, with respect to
 software, typically governs copying, modifying, and redistributing that
 software (For details of this in the USA, see
 \href{http://www.copyright.gov/title17/92chap1.html#106}{\S~106} and
 \href{http://www.copyright.gov/title17/92chap1.html#117}{\S~117} of
 \href{http://www.law.cornell.edu/uscode/text/17}{Title 17} of the
 \textit{United States Code}).\footnote{Copyright law in general also governs
   ``public performance'' of copyrighted works. There is no generally agreed
   definition for public performance of software and both GPLv2 and GPLv3 do
   not restrict public performance.} By law (in the USA and in most other
 jurisdictions), the copyright holder (most typically, the author) of the work controls
 how others may copy, modify and/or distribute the work. For proprietary
 software, these controls are used to prohibit these activities. In addition,
 proprietary software distributors further impede modification in a practical
 sense by distributing only binary code and keeping the source code of the
 software secret.
 Copyright is not a natural state, it is a legal construction. In the USA, the
 Constitution permits, but does not require, the creation of copyright law as
 federal legislation.  Software, since it is an ``original work of authorship
 fixed in any tangible medium of expression ...  from which they can be
 perceived, reproduced, or otherwise communicated, either directly or with the
 aid of a machine or device'' (as stated in
 \href{http://www.law.cornell.edu/uscode/text/17/102}{17 USC \S~102}), is thus
 covered by the statute, and is copyrighted by default.
 However, software, in its natural state without copyright, is Free
 Software. In an imaginary world with no copyright, the rules would be
 different. In this world, when you received a copy of a program's source
 code, there would be no default legal system to restrict you from sharing it
 with others, making modifications, or redistributing those modified
 versions.\footnote{Note that this is again an oversimplification; the
   complexities with this argument are discussed in
   Section~\ref{software-and-non-copyright}.}
 Software in the real world is copyrighted by default and is automatically
 covered by that legal system.  However, it is possible to move software out
 of the domain of the copyright system.  A copyright holder can often
 \defn{disclaim} their copyright. (For example, under USA copyright law
 it is possible for a copyright holder to engage in conduct resulting
 in abandonment of copyright.)  If copyright is disclaimed, the software is
 effectively no longer restricted by copyright law.   Software not restricted by copyright is in the
 ``public domain.''
 \subsection{Public Domain Software}
 In the USA and other countries that
 are parties to the Berne Convention on Copyright, software is copyrighted
 automatically by the author when she fixes the software in a tangible
 medium.  In the software world, this usually means typing the source code
 of the software into a file.
 Imagine if authors could truly disclaim those default controls of copyright
 law.  If so, the software is in the public domain --- no longer covered by
 copyright.  Since copyright law is the construction allowing for most
 restrictions on software (i.e., prohibition of copying, modification, and
 redistribution), removing the software from the copyright system usually
 yields software freedom for its users.
 Carefully note that software truly in the public domain is \emph{not} licensed
 in any way.  It is confusing to say software is ``licensed for the
 public domain,'' or any phrase that implies the copyright holder gave
 express permission to take actions governed by copyright law.
 Copyright holders who state that they are releasing their code into
 the public domain are effectively renouncing copyright controls on
 the work.  The law gave the copyright holders exclusive controls over the
 work, and they chose to waive those controls.  Software that is, in
 this sense, in the public domain
 is conceptualized by the developer as having no copyright and thus no license. The software freedoms discussed in
 Section~\ref{Free Software Definition} are all granted because there is no
 legal system in play to take them away.
 Admittedly, a discussion of public domain software is an oversimplified
 example.
 Because copyright controls are usually automatically granted and because, in
 some jurisdictions, some copyright controls cannot be waived (see
 Section~\ref{non-usa-copyright} for further discussion), many copyright
 holders sometimes incorrectly believe a work has been placed in the public
 domain.  Second, due to aggressive lobbying by the entertainment industry,
 the ``exclusive Right'' of copyright, that was supposed to only exist for
 ``Limited Times'' according to the USA Constitution, appears to be infinite:
 simply purchased on the installment plan rather than in whole.  Thus, we must
 assume no works of software will fall into the public domain merely due to
 the passage of time.
 Nevertheless, under USA law it is likely that the typical
 disclaimers of copyright or public domain dedications we see in the
 Free Software world would be interpreted by courts as copyright
 abandonment, leading to a situation in which the user effectively receives a
 maximum grant of copyright freedoms, similar to a maximally-permissive
 Free Software license.
 The best example of software known to truly be in the public domain is software
 that is published by the USA government.  Under
 \href{http://www.law.cornell.edu/uscode/text/17/105}{17 USC 101 \S~105}, all
 works published by the USA Government are not copyrightable in the USA.
 \subsection{Why Copyright Free Software?}
 If simply disclaiming copyright on software yields Free Software, then it
 stands to reason that putting software into the public domain is the
 easiest and most straightforward way to produce Free Software. Indeed,
 some major Free Software projects have chosen this method for making their
 software Free. However, most of the Free Software in existence \emph{is}
 copyrighted. In most cases (particularly in those of FSF and the GNU
 Project), this was done due to very careful planning.
 Software released into the public domain does grant freedom to those users
 who receive the standard versions on which the original author disclaimed
 copyright. However, since the work is not copyrighted, any nontrivial
 modification made to the work is fully copyrightable.
 Free Software released into the public domain initially is Free, and
 perhaps some who modify the software choose to place their work into the
 public domain as well. However, over time, some entities will choose to
 proprietarize their modified versions. The public domain body of software
 feeds the proprietary software. The public commons disappears, because
 fewer and fewer entities have an incentive to contribute back to the
 commons. They know that any of their competitors can proprietarize their
 enhancements. Over time, almost no interesting work is left in the public
 domain, because nearly all new work is done by proprietarization.
 A legal mechanism is needed to redress this problem. FSF was in fact
 originally created primarily as a legal entity to defend software freedom,
 and that work of defending software freedom is a substantial part of
 its work today. Specifically because of this ``embrace, proprietarize and
 extend'' cycle, FSF made a conscious choice to copyright its Free Software,
 and then license it under ``copyleft'' terms. Many, including the
 developers of the kernel named Linux, have chosen to follow this paradigm.
 \label{copyleft-definition}
 Copyleft is a strategy of utilizing copyright law to pursue the policy goal
 of fostering and encouraging the equal and inalienable right to copy, share,
 modify and improve creative works of authorship.  Copyleft (as a general
 term) describes any method that utilizes the copyright system to achieve the
 aforementioned goal.  Copyleft as a concept is usually implemented in the
 details of a specific copyright license, such as the
 \hyperref[GPLv3-full-text]{GNU General Public License (GPL)} and the Creative
 Commons Attribution Share Alike License (the latter of which is the license
 of this work itself).  Copyright holders of creative work can unilaterally
 implement these licenses for their own works to build communities that
 collaboratively share and improve those copylefted creative works.
 Copyleft uses functional parts of the copyright system to achieve an unusual
 result (legal protection for free sharing). Copyleft modifies, or ``hacks''
 copyright law, which is usually employed to strengthen the rights of authors
 or publishers, to strengthen instead the rights of users.  Thus, Copyleft is
 a legal strategy and mechanism to defend, uphold and propagate software
 freedom. The basic technique of copyleft is as follows: copyright the
 software, license it under terms that give all the software freedoms, but use
 the copyright law controls to ensure that all who receive a copy of the
 software have equal rights and freedom. In essence, copyleft grants freedom,
 but forbids others to forbid that freedom to anyone else along the
 distribution and modification chains.
 Copyleft's ``reciprocity'' or ``share and share alike'' rule protects both
 developers, who avoid facing a ``prioritized'' competitor of their project,
 and users, who can be sure that they will have all four software freedoms ---
 not only in the present version of the program they use, but in all its
 future improved versions.
 Copyleft is a general concept. Much like ideas for what a computer might
 do must be \emph{implemented} by a program that actually does the job, so
 too must copyleft be implemented in some concrete legal structure.
 ``Share and share alike'' is a phrase that is used often enough to explain the
 concept behind copyleft, but to actually make it work in the real world, a
 true implementation in legal text must exist, written as a ``copyright
 license''.  The GPL implements the concept of copyleft for software-oriented
 and other functional works of a technical nature.  The ``CC BY SA'' license
 implements copyleft for works of textual, musical and visual authorship, such
 as this tutorial.
 Copyleft advocates often distinguish between the concept of a ``strong
 copyleft'' or a ``weak copyleft''.  However, ``strong vs. weak'' copyleft is
 not a dichotomy, it's a spectrum.  The strongest copylefts strive to the
 exclusive rights that copyright  grants to authors as extensively as possible
 to maximize software freedom.  As a copyleft gets ``weaker'', the copyleft
 license typically makes ``trade offs'' that might impede software freedom,
 but reach other tactic goals for the community of users and developers of the
 work.
 In other words, strong copyleft licenses place the more requirements on how
 ``the work'' is licensed.  The unit of copyright law is ``the work''.  In
 that sense, the ``work'' referenced by the licenses is anything that can be
 copyrighted or will be subject to the terms of copyright law.  Strong
 copyleft licenses exercise their scope fully.  Anything which is ``a work''
 or a ``work based on a work'' licensed under a strong copyleft is subject to
 its requirements, including the requirement of complete, corresponding source
 code\footnote{Copyleft communities' use of the term ``strong copyleft'' is
   undoubtedly imprecise.  For example, most will call the GNU GPL a ``strong
   copyleft'' license, even though the GPL itself has various exceptions, such
   as the \hyperref[GPLv3-system-library-exception]{GPLv3's system library
     exception} written into the text of the license itself.  Furthermore, the
   copyleft community continues to debate where the a license cross the line
   from ``strong copyleft'' to ``license that fails to respect software
   freedom'', although ultimately these debates are actually regarding whether
   the license fits \hyperref[Free Software Definition]{Free Software
     definition} at all.}.  Thus, copyleft licenses, particularly strong ones,
 seek to ensure the same license covers every version of ``work based on the
 work'', as recognized by local copyright law, and thereby achieve the
 specific strategic policy aim of ensuring software freedom for all users,
 developers, authors, and readers who encounter the copylefted work.
 \subsection{Software and Non-Copyright Legal Regimes}
 \label{software-and-non-copyright}
 The use, modification and distribution of software, like many endeavors,
 simultaneously interacts with multiple different legal regimes.  As was noted
 early via footnotes, copyright is merely the \textit{most common way} to
 restrict users' rights to copy, share, modify and/or redistribute software.
 However, proprietary software licenses typically use every mechanism
 available to subjugate users.  For example:
 \begin{itemize}
 \item Unfortunately, despite much effort by many in the software freedom
   community to end patents that read on software (i.e., patents on
   computational ideas), they still exist.  As such, a software
   program might otherwise seem to be unrestricted, but a patent might read on
   the software and ruin everything for its users.\footnote{See
   \S\S~\ref{gpl-implied-patent-grant},~\ref{GPLv2s7},~\ref{GPLv3s11} for more
   discussion on how the patent system interacts with copyleft, and read
   Richard M.~Stallman's essay,
   \href{http://www.wired.com/opinion/2012/11/richard-stallman-software-patents/}{\textit{Let's
       Limit the Effect of Software Patents, Since We Can't Eliminate Them}}
   for more information on the problems these patents present to society.}
 \item Digital Restrictions Management (usually called \defn{DRM}) is often
   used to impose technological restrictions on users' ability to exercise
   software freedom that they might otherwise be granted.\footnote{See
     \S~\ref{GPLv3-drm} for more information on how GPL deals with this issue.}
   The simplest (and perhaps oldest) form of DRM, of course, is separating
   software source code (read by humans), from their compiled binaries (read
   only by computers).  Furthermore,
   \href{http://www.law.cornell.edu/uscode/text/17/1201}{17 USC~\S1201} often
   prohibits users legally from circumventing some of these DRM systems.
 \item Most EULAs also include a contractual agreement that bind users further
   by forcing them to agree to a contractual, prohibitive software license
   before ever even using the software.
 \end{itemize}
 Thus, most proprietary software restricts users via multiple interlocking
 legal and technological means.  Any license that truly respect the software
 freedom of all users must not only grant appropriate copyright permissions,
 but also \textit{prevent} restrictions from other legal and technological
 means like those listed above.
 \subsection{Non-USA Copyright Regimes}
 \label{non-usa-copyright}
 Generally speaking, copyright law operates similarly enough in countries that
 have signed the Berne Convention on Copyright, and software freedom licenses
 have generally taken advantage of this international standardization of
 copyright law.  However, copyright law does differ from country to country,
 and commonly, software freedom licenses like the GPL must be considered under the
 copyright law in the jurisdiction where any licensing dispute occurs.
 Those who are most familiar with the USA's system of copyright often are
 surprised to learn that there are certain copyright controls that cannot be
 waived nor disclaimed.  Specifically, many copyright regimes outside the USA
 recognize a concept of moral rights of authors.  Typically, moral rights are
 fully compatible with respecting software freedom, as they are usually
 centered around controls that software freedom licenses generally respect,
 such as the right of an authors to require proper attribution for their work.
 \section{A Community of Equality}
 The previous section described the principles of software freedom, a brief
 introduction to mechanisms that typically block these freedoms, and the
 simplest ways that copyright holders might grant those freedoms to their
 users for their copyrighted works of software.  The previous section also
 introduced the idea of \textit{copyleft}: a licensing mechanism to use
 copyright to not only grant software freedom to users, but also to uphold
 those rights against those who might seek to curtail them.
 Copyleft, as defined in \S~\ref{copyleft-definition}, is a general term for this
 mechanism.  The remainder of this text will discuss details of various
 real-world implementations of copyleft -- most notably, the GPL\@.
 This discussion begins first with some general explanation of what the GPL is
 able to do in software development communities.  After that brief discussion
 in this section, deeper discussion of how GPL accomplishes this in practice
 follows in the next chapter.
 Simply put, though, the GPL ultimately creates a community of equality for
 both business and noncommercial users.
 \subsection{The Noncommercial Community}
 A GPL'd code base becomes a center of a vibrant development and user
 community.  Traditionally, volunteers, operating noncommercially out of
 keen interest or ``scratch an itch'' motivations, produce initial versions
 of a GPL'd system.  Because of the efficient distribution channels of the
 Internet, any useful GPL'd system is adopted quickly by noncommercial
 users.
 Fundamentally, the early release and quick distribution of the software
 gives birth to a thriving noncommercial community.  Users and developers
 begin sharing bug reports and bug fixes across a shared intellectual
 commons.  Users can trust the developers, because they know that if the
 developers fail to address their needs or abandon the project, the GPL
 ensures that someone else has the right to pick up development.
 Developers know that the users cannot redistribute their software without
 passing along the rights granted by the GPL, so they are assured that every
 one of their users is treated equally.
 Because of the symmetry and fairness inherent in GPL'd distribution,
 nearly every GPL'd package in existence has a vibrant noncommercial user
 and developer base.
 \subsection{The Commercial Community}
 By the same token, nearly all established GPL'd software systems have a
 vibrant commercial community.  Nearly every GPL'd system that has gained
 wide adoption from noncommercial users and developers eventually begins
 to fuel a commercial system around that software.
 For example, consider the Samba file server system that allows Unix-like
 systems (including GNU/Linux) to serve files to Microsoft Windows systems.
 Two graduate students originally developed Samba in their spare time and
 it was deployed noncommercially in academic environments.\footnote{See
   \href{http://turtle.ee.ncku.edu.tw/docs/samba/history}{Andrew Tridgell's
     ``A bit of history and a bit of fun''}}  However, very
 soon for-profit companies discovered that the software could work for them
 as well, and their system administrators began to use it in place of
 Microsoft Windows NT file-servers.  This served to lower the cost of
 running such servers by orders of magnitude. There was suddenly room in
 Windows file-server budgets to hire contractors to improve Samba.  Some of
 the first people hired to do such work were those same two graduate
 students who originally developed the software.
 The noncommercial users, however, were not concerned when these two
 fellows began collecting paychecks off of their GPL'd work.  They knew
 that because of the nature of the GPL that improvements that were
 distributed in the commercial environment could easily be folded back into
 the standard version.  Companies are not permitted to proprietarize
 Samba, so the noncommercial users, and even other commercial users are
 safe in the knowledge that the software freedom ensured by the GPL will remain
 protected.
 Commercial developers also work in concert with noncommercial
 developers.  Those two now-long-since graduated students continue to
 contribute to Samba altruistically, but also get paid work doing it.
 Priorities change when a client is in the mix, but all the code is
 contributed back to the standard version.  Meanwhile, many other
 individuals have gotten involved noncommercially as developers,
 because they want to ``cut their teeth on Free Software,'' or because
 the problems interest them.  When they get good at it, perhaps they
 will move on to another project, or perhaps they will become
 commercial developers of the software themselves.
 No party is a threat to another in the GPL software scenario because
 everyone is on equal ground.  The GPL protects rights of the commercial
 and noncommercial contributors and users equally. The GPL creates trust,
 because it is a level playing field for all.
 \subsection{Law Analogy}
 In his introduction to Stallman's \emph{Free Software, Free Society},
 Lawrence Lessig draws an interesting analogy between the law and Free
 Software. He argues that the laws of a free society must be protected
 much like the GPL protects software.  So that I might do true justice to
 Lessig's argument, I quote it verbatim:
 \begin{quotation}
 A ``free society'' is regulated by law. But there are limits that any free
 society places on this regulation through law: No society that kept its
 laws secret could ever be called free.  No government that hid its
 regulations from the regulated could ever stand in our tradition. Law
 controls.  But it does so justly only when visibly.  And law is visible
 only when its terms are knowable and controllable by those it regulates,
 or by the agents of those it regulates (lawyers, legislatures).
 This condition on law extends beyond the work of a legislature.  Think
 about the practice of law in American courts.  Lawyers are hired by their
 clients to advance their clients' interests.  Sometimes that interest is
 advanced through litigation. In the course of this litigation, lawyers
 write briefs. These briefs in turn affect opinions written by judges.
 These opinions decide who wins a particular case, or whether a certain law
 can stand consistently with a constitution.
 All the material in this process is free in the sense that Stallman means.
 Legal briefs are open and free for others to use.  The arguments are
 transparent (which is different from saying they are good), and the
 reasoning can be taken without the permission of the original lawyers.
 The opinions they produce can be quoted in later briefs.  They can be
 copied and integrated into another brief or opinion.  The ``source code''
 for American law is by design, and by principle, open and free for anyone
 to take. And take lawyers do---for it is a measure of a great brief that
 it achieves its creativity through the reuse of what happened before.  The
 source is free; creativity and an economy is built upon it.
 This economy of free code (and here I mean free legal code) doesn't starve
 lawyers.  Law firms have enough incentive to produce great briefs even
 though the stuff they build can be taken and copied by anyone else.  The
 lawyer is a craftsman; his or her product is public.  Yet the crafting is
 not charity. Lawyers get paid; the public doesn't demand such work
 without price.  Instead this economy flourishes, with later work added to
 the earlier.
 We could imagine a legal practice that was different --- briefs and
 arguments that were kept secret; rulings that announced a result but not
 the reasoning. Laws that were kept by the police but published to no one
 else. Regulation that operated without explaining its rule.
 We could imagine this society, but we could not imagine calling it
 ``free.''  Whether or not the incentives in such a society would be better
 or more efficiently allocated, such a society could not be known as free.
 The ideals of freedom, of life within a free society, demand more than
 efficient application.  Instead, openness and transparency are the
 constraints within which a legal system gets built, not options to be
 added if convenient to the leaders.  Life governed by software code should
 be no less.
 Code writing is not litigation.  It is better, richer, more
 productive.  But the law is an obvious instance of how creativity and
 incentives do not depend upon perfect control over the products
 created.  Like jazz, or novels, or architecture, the law gets built
 upon the work that went before. This adding and changing is what
 creativity always is.  And a free society is one that assures that its
 most important resources remain free in just this sense.\footnote{This
 quotation is Copyright \copyright{} 2002, Lawrence Lessig. It is
 licensed under the terms of
 \href{http://creativecommons.org/licenses/by/1.0/}{the ``Attribution
 License'' version 1.0} or any later version as published by Creative
 Commons.}
 \end{quotation}
 In essence, lawyers are paid to service the shared commons of legal
 infrastructure.  Few citizens defend themselves in court or write their
 own briefs (even though they are legally permitted to do so) because
 everyone would prefer to have an expert do that job.
 The Free Software economy is a market ripe for experts.  It
 functions similarly to other well established professional fields like the
 law. The GPL, in turn, serves as the legal scaffolding that permits the
 creation of this vibrant commercial and noncommercial Free Software
 economy.
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \chapter{A Tale of Two Copyleft Licenses}
 \label{tale-of-two-copylefts}
 While determining the proper methodology and criteria to yield an accurate
 count remains difficult, the GPL is generally considered one of the most
 widely used Free Software licenses.  For most of its history --- for 16 years
 from June 1991 to June 2007 --- there was really only one version of the GPL,
 version 2.
 However, the GPL had both earlier versions before version 2, and, more well
 known, a revision to version 3.
 \section{Historical Motivations for the General Public License}
 The earliest license to grant software freedom was likely the Berkeley
 Software Distribution (``BSD'') license.  This license is typical of what are
 often called lax, highly permissive licenses.  Not unlike software in the

0 comments (0 inline, 0 general)