

Apple not providing LGPL webkit source code for latest iOS 4.3.x - gnufs
http://laforge.gnumonks.org/weblog/2011/05/06/#20110506-applewebkit_lgpl

======
Xuzz
For iOS 4.1, which came out in September 2010, absolutely no GPL code for it
(or later versions, like 4.2) was posted until March 2011. That's not 8 weeks:
that's about 6 _months_.

When comex (<http://twitter.com/comex>) and saurik (<http://saurik.com/>)
asked for it (via emails to opensource@apple.com and copyright@apple.con)
around last November, I don't think they got any response from Apple —until
this year. Then, Apple let them know that it would be up "within a week". I
think the iOS 4.1 and 4.2 code actually went up about three weeks after they
received that email.

saurik has even more examples of them not releasing the [L]GPL'd code near the
top of this post: <http://www.saurik.com/id/4> — "Frankly, I wouldn't be
surprised at all if Apple ends up on the bad end of a GPL-related lawsuit."

(In my opinion, the fact Apple has posted _any_ code for iOS 4.3 at this point
is a big step in the right direction: they're not perfect yet, but at least
they've got 8/10 of the projects up.)

~~~
masklinn
> In my opinion, the fact Apple has posted any code for iOS 4.3 at this point
> is a big step in the right direction: they're not perfect yet, but at least
> they've got 8/10 of the projects up.

The truly weird part, to me, is that with as much (L)GPL code Apple releases
they don't seem to have an automatic, systematic system in place to handle
that. Even for a project as big as iOS.

~~~
jpk
I think the problem is that doing so is a zero-revenue effort. Why spend man-
hours putting together an automated workflow for source release when you can
just do it manually (and lazily) every time someone complains? That doesn't
justify it, of course, but looking at it that way makes it seem not-weird.

~~~
jrockway
This is risky, because lawsuits can have damage awards. If you decide not to
comply with a contract you've agreed to because "it's a zero-revenue effort",
that could look bad in court.

Legality aside, it looks pretty bad from a human interaction perspective: "we
took thousands of man-hours worth of code from the community, but we were too
lazy to spend even one man hour to upload a tarball to our website and follow
that community's wishes". The fact that they are legally-obligated to not act
like that just makes it even worse.

~~~
Xuzz
But is it really an hour? I doubt that Apple uploads the code they actually
used: it's likely that code, and then lots of removed components that would
reveal too much about how something works (e.g. there are no build scripts or
Xcode projects for JavaScriptCore releases, only the code itself).

At least, they would need to make sure that none of their proprietary code
slips out. That likely involves more than "svn checkout; tar; ftp", maybe even
lawyers to check it.

~~~
openbear
_there are no build scripts or Xcode projects for JavaScriptCore releases,
only the code itself_

Not true. See JavaScriptCore.xcodeproj in ...

[http://www.opensource.apple.com/source/JavaScriptCore/JavaSc...](http://www.opensource.apple.com/source/JavaScriptCore/JavaScriptCore-7533.20.20/)
[http://svn.webkit.org/repository/webkit/trunk/Source/JavaScr...](http://svn.webkit.org/repository/webkit/trunk/Source/JavaScriptCore/)

... and if Xcode isn't your thing, just run the script "build-webkit" ...

<http://svn.webkit.org/repository/webkit/trunk/Tools/Scripts/>

... build instructions in plain English here ...

<http://www.webkit.org/building/build.html>

~~~
Xuzz
That's true for standard WebKit, and even the Mac OS X version, but not for
iOS.

For example, the latest iOS JavaScriptCore release (4.2,
[http://www.opensource.apple.com/source/JavaScriptCore/JavaSc...](http://www.opensource.apple.com/source/JavaScriptCore/JavaScriptCore-621.1/))
has no Xcode files like the one you linked does.

I haven't read the LGPL lately, but is that a violation? Do they have to
provide enough information to build your own copy?

~~~
comex
Yes, it is.

"For a library, complete source code means all the source code for all modules
it contains, plus any associated interface definition files, plus the scripts
used to control compilation and installation of the library."

------
Macha
Apple, as with many other companies, does not understand that it has to
release the source simultaneously with the program using it.

Despite the articles claim, Apple has not released the source in s timely
manner for previous versions of iOS, instead waiting for it to be pointed out
or for version N+1 or N+2 to be released first.

~~~
halostatue
Nothing about the GNU family of licenses requires simultaneous -- or "timely"
-- release of source for a binary. Just because it's _usually_ done that way
in the OSS operating system world doesn't mean that it _must_ be done that
way. (In fact, it's usually the other way around for OSS: the source precedes
the binaries.)

Nor, by the way, are they required to release it to any random user out there;
they are only required to release it to people who receive the binaries (it's
not clear if this must be honoured if the binaries aren't received legally,
but I suspect it does).

~~~
archangel_one
I'm not a lawyer, but I'm pretty sure it implicitly requires reasonably timely
release of source for a binary. There's nothing in the license about any
period of time that you're allowed to leave it before providing source, so I
assume it's supposed to be fairly immediate. To put it another way, the
license would be useless if they were allowed to wait 100 years before
providing source. Since that's clearly not okay, why should waiting 6 months
be okay either?

~~~
edw
_Fairly_ immediately?! What the hell does _that_ mean? We all need to spend
less time talking out of our asses, playing armchair lawyers, and more time
either heads-down coding or going to law school.

~~~
makmanalp
... and maybe we all need to spend less time being aggressive asses.

They made it pretty obvious that they were speculating, and were not trained
in law. What, is that illegal now? Is it bad form? Is it offensive? They make
a fairly good point about allowing an infinite period of time, which adds to
the discussion.

You, by insulting the poster needlessly and grossly missing the point of the
post, have added nothing to the discussion.

I usually try to refrain from doing this, since I'm also adding nothing to the
discussion, but this is becoming an alarming trend.

~~~
edw
Yes, speculating i.e. talking out of your ass is offensive. It wastes
everyone's time. It's a dangerous trend. Baseless speculation forms the
bedrock of the vast majority of content that appears on CNN, MSNBC, and Fox
News. It is dangerous because it's "facty" but has no value.

You and your sanctimonious defense of people's right to spout what you admit
is nonsense are part of the problem. Part of a healthy culture, whether it's
our culture at large or "hacker culture" is a respect for facts and
thoughtful, informed opinions based on knowledge and experience. The "victim"
of my comment is pissing all over a set of ideals that we should all hold
sacred.

~~~
spoondan
Civility plays an important part in effective communication. You may feel that
you are merely stating your opinion directly and with force. But an argument
is only as strong as its ability to persuade. When you put people on the
defensive--when you force an emotional rather than rational reaction--you rob
an argument of its power.

Aside from that, there are two other reasons to be more civil. One is that
it's just a nice thing to do to treat people respectfully even (or especially)
when you're telling them they're wrong. But if that doesn't persuade you, it's
worth remembering that civility is explicitly required in the HN Guidelines.

~~~
edw
Good points. I, however, am dispirited by watching comments devoid of value
not getting subjected to the same sort of enthusiastic down-voting as comments
that reflect exasperation at those very vacuous, time-wasting comments.

A culture that prefers polite nonsense to harsh truth-telling is a weak
culture. At the very least, both should be punished, but I don't see that
here.

------
r00fus
As a hardcore Apple fan, I strongly hope one of the non-Apple contributors to
Webkit sends a source request to Apple with the implicit threat of lawsuit.

Big companies don't treat others with kid gloves when it comes to licensing
and copyright, so why should we take it from them?

~~~
eru
You can send the request yourself. Any third party is allowed.

------
Maci
While in all likelihood it's a legal and bureaucratic issue causing delay, I
can see how this is considered bad form.

However, I've made an attempt at understanding the source release obligations
under the GPL and all I get from it is: When you release to the public, you've
got to release the source. But at no point have I found a "it has to be
released immediately."

[http://www.gnu.org/licenses/gpl-
faq.html#GPLRequireSourcePos...](http://www.gnu.org/licenses/gpl-
faq.html#GPLRequireSourcePostedPublic)

The only clause I can see Apple potentially hiding under is Section 3.B of the
GPL. ie. as long as they have the door open for written requests all is well.

<http://www.gnu.org/licenses/gpl-2.0.html>

Can someone please clarify for me how the "well intended" spirit of the
license works versus the real world legalities and requirements ?

~~~
jancona
Copyright law prohibits distribution of derived works. The LGPL is a license
which gives permission to distribute software if certain conditions are met.
In this case the license is from the many authors of Webkit and it permits
Apple to distribute a derivative work (the iOS browser). If you think about it
that way then "immediately" doesn't really come into play. If Apple provides a
copy of the source when asked, they're complying with the license. If they
don't they have no license. Technically, they are infringing copyright every
time they distribute a copy of iOS.

If someone sues, would a court award damages for the copies distributed or
enjoin distribution of iOS until they comply? I doubt anyone knows because
AFAIK no case has ever made it that far. Typically (L)GPL disputes are settled
long before they make it to court, because the cost of litigation for both
sides is high compared to the remedy desired (release of modified source).

I wonder if there's a role for "Copyleft Trolls", i.e. litigators who acquire
copyrights to GPL or LGPL source, then sue license violators with the
intention of collecting damages rather than just compelling release? US
copyright law allows statutory damages of up to $150,000 per work
infringed.[1] If each source file is a separate work, there could be a lot of
money at stake. In other words, the Righthaven strategy[2] applied to source
code instead of newspaper pictures. Perhaps I should apply for a business
method patent on that idea.[3]

[1]
[http://en.wikipedia.org/wiki/Statutory_damages_for_copyright...](http://en.wikipedia.org/wiki/Statutory_damages_for_copyright_infringement)
[2]
[http://www.google.com/search?q=righthaven+site%3Anews.ycombi...](http://www.google.com/search?q=righthaven+site%3Anews.ycombinator.com)
[3] <http://en.wikipedia.org/wiki/Business_method_patent>

~~~
Maci
Merci.

------
cppsnob
I'm still waiting for that "open" FaceTime specification.

------
GHFigs
Are you sure about that?

<http://trac.webkit.org/browser/trunk/Source/WebCore>

Edit: I would greatly appreciate an explanation of what is inappropriate about
the above link.

~~~
xentronium
Could downvoters explain what's wrong with link to webcore trunk?

~~~
angusgr
I didn't downvote, and IANAL, but I believe I know the difference.

When releasing a product with GPL/LGPL source, the requirement is to provide
either the source or an offer to provide the source which corresponds to the
_exact version of the source code used in that product_ "on a medium
customarily used for software interchange".

So, if there were tags in the webkit repository that said "iOS-4.3.2",
"iOS-4.3.3", etc. then Apple could take a tarball of it and someone requesting
source could be provided with the tarball and optionally a link to the correct
tag in the repository.

However, waving in the general direction of the source repository and saying
"it's all in there somewhere" doesn't constitute compliance. Even if one of
the Safari versions tagged in that repository happens to be the exact source
that ships in some iOS 4.x, Apple has to make that relationship clear because
(AFAIK) iOS is the "product" in this case, not Mobile Safari, given that the
two are indivisible from the end user's perspective.

(Again IANAL, so this is all mostly based on lurking the Gpl-Violations.org
list, reading their Vendor FAQ, and dealing with some reluctanctly GPL
compliant companies.)

~~~
trythis5
This is what I'm guessing as well, but unless Apple uses heavily customized
versions of WebCore for their iOS releases, this seems like a decidedly
trivial violation. Doesn't excuse Apple, but hardly worth all this fuss.

Also, seriously, downvoting both GHFigs' and xentronium's comments is pretty
lame, folks. (Feel free to downvote mine: I'll never see the score.)

~~~
saurik
The LGPL requires that I am able to take Apple's provided source code, make my
own modifications, and somehow compile/link the result into the program that
is using the binary build.

And, for the record: Apple's provided source code (which /is/ heavily modified
for the iPhone), when they do provide it, isn't even complete enough to
compile (it is missing a bunch of code for the WAK* classes), so Apple has
simply never been in compliance with this license.

------
rewqwefqwerf
You just need the copyright owners to sue now. The copyright holders can also
ask the SFLC do it for them, I'm sure they would love it.

~~~
mechanical_fish
One doesn't have to start with a lawsuit. One starts with a nice polite
letter, on actual paper, to Apple's legal department reminding them of their
LGPL obligations and pointing out that they're past deadline and perhaps they
should poke the relevant engineering team?

Then if that gets no satisfaction you have your lawyer send the same letter.
Then a nastier letter. Only then do you begin to think about preparing a
lawsuit, which is expensive and probably overkill.

What you _don't_ do is put up a passive-aggressive blog post. This post
doesn't even tell us how many letters have been sent, or by whom, or to whom,
or when. Have we even asked the _support_ folks or the engineers, let alone
Apple legal?

I can barely find the stomach to blame Apple's engineering team for
prioritizing strict and timely license compliance somewhere below: Making
their boss Steve Jobs happy, releasing features that paying customers care
about, and sleeping. Fortunately, it is not my job to blame them. It is the
job of Apple's legal department to blame them. Has anyone asked Apple's legal
department?

~~~
kalleboo
If they don't want to spend their time complying with the software license,
then they're free to not use open source licensed code in their products.
Microsoft do just that, and they never have to worry about compliance issues.

I don't think Apple would appreciate it if I downloaded iWork and instead of
paying them said "Promoting strict and timely license compliance falls
somewhere below sleeping".

~~~
mechanical_fish
It is true: Apple will not appreciate it at all if you pirate iWork. But will
they sue you?

Does anyone have a news story about Apple suing the (many, many) Apple
software pirates? So far as I've heard, they don't even send very many nasty
letters. Presumably not because they don't believe in paying for software, but
because it's strategically unwise.

Anyway, if Apple fails to respond in timely fashion to a series of inquiries
they can, indeed, eventually be sued, and maybe that will even be the best
move. Perhaps a suit against Google will proceed at the same time:

[http://www.electronista.com/articles/11/03/25/google.not.sha...](http://www.electronista.com/articles/11/03/25/google.not.sharing.android.3.source.to.public.yet/)

Though in that case, as well, I doubt it will come to that.

(One of the many virtues of starting your own business is that you soon learn
all about the practical limitations of contract law. People violate the letter
of your contracts all the time. What are you going to do about it? The law is
a relatively blunt instrument; it is expensive and difficult to bring it into
play, often more difficult than your unpaid invoice is worth.)

~~~
jrockway
_Perhaps a suit against Google will proceed at the same time_

Indeed. It seems like applications that have code from non-Google employees
have changed, as well as the Linux kernel itself.

~~~
Aissen
FUD : every GPL bit of Honeycomb has been released since January.

~~~
jrockway
Yes, you're right.

------
crs
So is the issue here that they have not packaged it up for people and put it
on opensource.apple.com? Is the source not available in the official
repository at webkit.org?

~~~
saurik
No, it isn't: Apple uses a modified version of WebKit and WebCore for iOS that
is not present in trunk. For WebKit they are allowed to hold back these
changes, but for WebCore they are not. They do anyway, however, and have
actually /never/ provided a copy of WebCore for iOS that is complete enough to
compile (in particular, the code for WAK* is redacted).

------
dedward
Who holds the copyright on that webkit source code in question?

------
benatkin
We have an update! <http://news.ycombinator.com/item?id=2530086>

------
0x1337
Knowing how evil and secretive Apple is, I would not expect them to care much
about open licenses.

------
nikcub
This only becomes a real issue when one of the KHTML copyright holders makes
it an issue

which they haven't.

------
vaporstun
Anyone else find this to be a bit over-dramatic?

They have released every other version and just haven't released the 4.3.x one
yet. There is no indication that they refuse to release it ever, the site
still says "Coming Soon" and it has still been < 2 months since 4.3 was
released.

Yes, I understand that under the GPL they're supposed to release it
simultaneously with the launch, which they failed to do, but is this really
front page news?

~~~
docgnome
Yes. I take license violation very seriously. Imagine if Apple was violating a
Microsoft license in this way. They'd be sued in a heart beat. Companies need
to realize the (L)GPL is serious. It's not something you can just ignore
because it's convenient.

~~~
msbarnett
But surely openness is a spectrum, and if they've released versions in the
past, and they claim they will be releasing this one, then that still counts
as being "open"?

~~~
rimantas
Anything related to Apple is always a good source for some sensationalist
piece.

