332 lines
12 KiB
Plaintext
332 lines
12 KiB
Plaintext
%include "default.mgp"
|
|
%default 1 bgrad
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
%nodefault
|
|
%back "blue"
|
|
|
|
%center
|
|
%size 7
|
|
|
|
|
|
GPL compliance
|
|
How to (not?) use Free Software
|
|
|
|
|
|
%center
|
|
%size 4
|
|
by
|
|
|
|
Harald Welte <laforge@gpl-violations.org>
|
|
|
|
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
Contents
|
|
|
|
About the speaker
|
|
Ideas / Goals of the GPL
|
|
How to (not) use GPL Software
|
|
Complete Source Code
|
|
Derivative Works
|
|
Collective Works
|
|
GPL and Embedded Systems
|
|
The biggest GPL Myths
|
|
Thanks
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
Introduction
|
|
|
|
Who is speaking to you?
|
|
|
|
an independent Free Software developer
|
|
who earns his living off Free Software since 1997
|
|
who is one of the authors of the Linux kernel firewall system called netfilter/iptables
|
|
who has started gpl-violations.org to enforce license compliance
|
|
who IS NOT A LAWYER
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
Disclaimer
|
|
|
|
Legal Disclaimer
|
|
|
|
All information presented here is provided on an as-is basis
|
|
There is no warranty for correctness of legal information
|
|
The author is not a lawyer
|
|
This does not comprise legal advise
|
|
The authors' experience is limited to German copyright law
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
Ideas and Goals of the GNU GPL
|
|
|
|
Free Software
|
|
Software that has fundamental freedoms:
|
|
to use it for any purpose
|
|
to "help your neighbour" (i.e. make copies)
|
|
to study it's functionality (reading source code)
|
|
to fix it myself (make modifications and run them)
|
|
|
|
Copyleft
|
|
Is the legal idea to
|
|
exercising copyright to grant the above freedoms
|
|
assure that nobody can take away the freedom
|
|
|
|
The GNU General Public License
|
|
Is a legal instrument to apply they copyleft idea on software
|
|
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
Legal situation of vendors
|
|
|
|
Legal situation of vendors
|
|
If you are distributing a product that contains any third party source code, on which you are not the copyright holder, you have to license it _before_ being allowed to distribute copies of it (e.g. installed on an embedded device).
|
|
|
|
Even if you only sell branded OEM devices, you are legally responsible for what is contained in the product. It is your duty to make sure products you distribute (sell) don't infringe on others' rights!
|
|
|
|
Free Software is not any different from other software in this regard
|
|
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
The GNU GPL revisited
|
|
|
|
Revisiting the GNU General Public License
|
|
|
|
Regulates distribution of copyrighted code, not usage
|
|
Allows distribution of source code and modified source code
|
|
The license itself is mentioned
|
|
A copy of the license accompanies every copy
|
|
Allows distribution of binaries or modified binaries, if
|
|
The license itself is mentioned
|
|
A copy of the license accompanies every copy
|
|
The complete source code is either included with the copy (alternatively a written offer to send the source code on request to any 3rd party)
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
Complete Source Code
|
|
|
|
%size 3
|
|
"... complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable."
|
|
|
|
For standard C-language programs, this means:
|
|
Source Code
|
|
Makefiles
|
|
compile-time Configuration (such as kernel .config)
|
|
|
|
General Rule:
|
|
Intent of License is to enable user to run modified versions of the program. They need to be enabled to do so.
|
|
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
Derivative Works
|
|
|
|
What is a derivative work?
|
|
Not dependent on any particular kind of technology (static/dynamic linking, dlopen, whatever)
|
|
Even while the modification can itself be a copyrightable work, the combination with GPL-licensed code is subject to GPL.
|
|
As soon as code is written for a specific non-standard API (such as the iptables plugin API), there is significant indication for a derivative work
|
|
This position has been successfully enforced out-of-court with two Vendors so far (iptables modules/plugins).
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
Derivative Works
|
|
|
|
Binary-only kernel modules
|
|
In-kernel proprietary code (binary kernel modules) are hard to claim GPL compliant
|
|
Case-by-case analysis required, as the level of integration into the GPL licensed kernel code depends on particular case
|
|
IBM is in the process of getting rid of all binary-only kernel modules. There are exceptions, but they are very clear ones (such as a filesystem port to linux, where the filesystem code already existed under another OS)
|
|
There is no general acceptance or tolerance to binary-only kernel modules in the Linux (development) community. Not even Linus himself has ever granted an exception for such modules!
|
|
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
Derivative Works
|
|
|
|
Moral Issues
|
|
Apart from what is legally possible, there are moral issues
|
|
Even if in a particular case there is no legal way to claim a binary-only kernel module is a derivative work, you might still be acting against the authors' wishes
|
|
By shipping binary-only kernel modules, you violate the "moral code of conduct" of the Free Software community
|
|
But it is the work of this very community that enables you to build your product based on Free Software
|
|
Such action might have long-term detrimental effects on the motivation of FOSS developers (dissatisfaction, demotivation, ...)
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
GPL And Embedded Systems
|
|
|
|
Historical background:
|
|
The GPL was written for userspace programs running on existing operating systems
|
|
Covering a whole OS (and even userspace programs) is not an ideal match, but if you read it carefully it still makes sense
|
|
Toolchain:
|
|
%size 3
|
|
"... the source code distributed need not include anything that is normally
|
|
distributed (in either source or binary form) with the major components
|
|
(compiler, kernel, and so on) of the operating system on which the executable
|
|
runs, unless that component itself accompanies the executable."
|
|
Practical case:
|
|
You've modified gcc for a specific embedded platform
|
|
Therefore, this gcc is not "normally distributed with the operating system" and you have to distribute it together with the source code
|
|
gcc itself is covered under GPL, so you need to provide binaries and source code(!)
|
|
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
GPL And Embedded Systems
|
|
|
|
The "Scripts"
|
|
(scripts to control compilation and installation, see earlier slide)
|
|
In case of embedded hardware, the "scripts" include:
|
|
Tools for generating the firmware binary from the source (even if they are technically no 'scripts')
|
|
|
|
|
|
Embedded DRM
|
|
Intent of License is to enable user to run modified versions of the program. They need to be enabled to do so.
|
|
Result: Signing binaries and only accepting signed versions from the bootloader (without providing the signature key or a possibility to set a new key in the bootloader) is not acceptable!
|
|
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
Practical Source Code Offer
|
|
|
|
Some Rules
|
|
The "complete corresponding source code" has to be made available
|
|
It has to be made available for each and every object-code version that was distributed
|
|
If you strip down the source code offer (e.g. remove proprietary source code), try to see whether the result actually compiles
|
|
If the product is mixed free / proprietary software, consider including the proprietary parts (as object code) in the "source code package", so the full firmware image can be rebuilt without having to tear apart an existing image and ripping out those proprietary programs from there.
|
|
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
The biggest myths about the GPL
|
|
|
|
The biggest myths about the GPL
|
|
The GPL is not enforcible
|
|
Software licensed under GPL has no copyright
|
|
Unmodified distribution does not require source code availability
|
|
The vendor can wait for a source code request (without offering it)
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
The most common mistakes
|
|
|
|
The most common mistakes
|
|
not even once reading the GPL text and/or the FAQ from the FSF
|
|
not including the GPL license text with the product
|
|
not including a written offer with the product
|
|
not considering that the GPL also applies to software updates
|
|
only providing original source code (e.g. vanilla kernel.org kernel)
|
|
not including the "scripts to control installation"
|
|
only providing off-site hyperlinks to license and/ore source code
|
|
not responding to support requests for source code
|
|
charging rediculously high fees for physical shipping of source code
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
About gpl-violations.org
|
|
|
|
What is gpl-violations.org about?
|
|
educating vendors of free-software based products
|
|
preventing further GPL violations
|
|
enforcing the GPL in-court and out-of-court
|
|
not about money, but about license compliance!
|
|
|
|
Who is behind gpl-violations.org?
|
|
Harald Welte (the author of this presentation)
|
|
Armijn Hemel
|
|
plus some smaller contributions from various people (e.g. Alan Cox)
|
|
relies heavily on coopearation with the ifrOSS lawyers
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
About gpl-violations.org
|
|
|
|
Success
|
|
more than 100 GPL violations handled so far
|
|
most of them settled out of court
|
|
five preliminary injunctions (Sitecom, Siemens, Fortinet, ...)
|
|
one appeals case against preliminary injunction
|
|
one regular civil trial (against D-Link, just one month ago)
|
|
about 120 pending violations (any volunteers?)
|
|
|
|
Not a single case ever lost.
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
What happens if I violate the GPL?
|
|
|
|
What happens if I violate the GPL?
|
|
copyright infringement is a crime, criminal charges could be brought
|
|
copyright infringement causes civil liabilities
|
|
sale of your products can be immediately halted by preliminary injunction
|
|
legal proceedings can be filed against you and your downstream sales chain
|
|
you can be sued for damages
|
|
you will have to reimburse all legal fees (your/their lawyers, court fees)
|
|
you will have to alter all products that are already produced and in stock (include a copy of the license text, source code or written offer thereof)
|
|
|
|
is it really worth all those risks?
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
Avoiding license violations
|
|
|
|
Avoiding license violations
|
|
think about licensing during product development
|
|
if you sell any OEM devices, check them!
|
|
make sure GPL compliance happens for physical prodcut and website
|
|
release full corresponding source for each and every firmware update
|
|
do consider emails/letters about license compliance _SERIOUS_
|
|
set up a contact address that people can write to in case there think there are license compliance issues
|
|
if you get caught, just fix your problems rather than trying to deny them
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
Avoiding license violations
|
|
|
|
Always remember:
|
|
if you are selling branded OEM/ODM devices or software and don't have the technical resources for compliance checks in-house: for a couple of hundred euros (could be more, depending on complexity) you can have somebody check the product for GPL license compliance before it enters the market.
|
|
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%page
|
|
How to (not) use GPL Software
|
|
The End
|
|
|
|
|
|
%size 5
|
|
Further reading:
|
|
%size 5
|
|
The http://gpl-violations.org/ project
|
|
%size 5
|
|
The Free Software Foundation
|
|
http://www.fsf.org/
|
|
%size 5
|
|
The Free Software Foundation Europe
|
|
http://www.fsf-europe.org/
|
|
%size 5
|
|
The GNU Project
|
|
http://www.gnu.org/
|