
Ask HN: Examples of GPL Licence Violations being enforced? - secfirstmd
I was pondering a few open source licence issues over the past few days (like the Goldman Sachs case - http:&#x2F;&#x2F;cryptome.org&#x2F;2014&#x2F;04&#x2F;goldman-sachs-code-thief.htm) and I was wondering, does anyone in the HN community have examples or links to places which show violations of GPL licences actually being enforced? I.e a commercial company takes the code, adds, repackages or sells it commercially in some way - without actually making it available publically for free? Has there been cases where an open source project was compensated for the abuse of licence?<p>I know this site has stuff http:&#x2F;&#x2F;gpl-violations.org but it&#x27;s got very out of date.<p>I love the open source philosophy but it would bug the hell out of me if something I was doing was abused in this way - without adding to the community or compensation etc.
======
bkuhn
I've devoted most of my career to upholding the software freedom that the GPL
ensures. I have worked with Rob Landley in the past who is mentioned on this
thread. I think Rob has some facts wrong about BusyBox enforcement. The most
notable one is his claim that "no new source code got released".

In fact, we get "new source code" all the time from GPL enforcement efforts.
The thing is, it's admittedly not often upstreamable source. A lot of the
modifications to source done by redistributors of GPL'd software is not really
well formed nor suitable for upstream. It's that classic kind of "it just
works, but it's ugly" code.

This is particular true with regard to the "scripts to control compilation and
installation of the executiable" which is a required part of the complete,
corresponding source, provision of which the GPL mandates.

Situations like the WRT54G (the GPL enforcement source release of which
launched the OpenWRT project) and the Samsung TV lawsuit that I helped do
(which launched the SammyGo project:
[http://www.samygo.tv/](http://www.samygo.tv/) are excellent examples of what
great things happen when the GPL is enforced: reaching the promise of
copyleft, which is hackable devices downstream.

This is why I've spent(and probably will spend) most of my professional life
enforcing the GPL.

This post here is about a few specific issues, but if you want more general
information on the topic, dalke's link to my talk is probably helpful. Also,
here's links to the docket of the largest GPL enforcement lawsuit ever done,
Conservancy v. Best Buy et al:
[http://ia700409.us.archive.org/18/items/gov.uscourts.nysd.35...](http://ia700409.us.archive.org/18/items/gov.uscourts.nysd.355978/gov.uscourts.nysd.355978.docket.html)

BTW, sorry for jumping into this thread. I'm kinda the Kibo of Free Software
licensing discussion online; I'm not an HN regular but mlinksva linked me to
this.

~~~
secfirstmd
Thanks much appreciated for the work you do and the various resources for me
to follow up.

------
dalke
There have been many cases. See "12 Years of Compliance: A Historical
Perspective" with sound at
[http://faif.us/cast/2011/sep/13/0x18/](http://faif.us/cast/2011/sep/13/0x18/)
and the slides at [http://ebb.org/bkuhn/talks/LinuxCon-Europe-2011/GPL-
Complian...](http://ebb.org/bkuhn/talks/LinuxCon-Europe-2011/GPL-
Compliance/compliance.html) .

Linksys distributed GNU software in their routers, in violation of the
license. See
[http://en.wikipedia.org/wiki/Free_Software_Foundation_v._Cis...](http://en.wikipedia.org/wiki/Free_Software_Foundation_v._Cisco_Systems)
for details. It links to the FSF's complaint at
[http://www.fsf.org/licensing/complaint-2008-12-11.pdf](http://www.fsf.org/licensing/complaint-2008-12-11.pdf)
if you want to see the low-level legal details.

That WP page ends "On May 20, 2009 the parties announced a settlement which
includes Cisco appointing a director to ensure Linksys products comply with
free software licenses, and Cisco making an undisclosed financial contribution
to the FSF."

~~~
secfirstmd
Cool, thanks for this!

~~~
mlinksva
If you're involved in an open source project that wants to enforce the GPL
when/if the time comes, consider applying for the project to join Software
Freedom Conservancy, almost certainly the only non-profit fiscal sponsor that
has GPL enforcement among its member services.

Bradley Kuhn (his personal site and podcast are linked above) describes what
this actually means at [http://sfconservancy.org/blog/2012/feb/01/gpl-
enforcement/](http://sfconservancy.org/blog/2012/feb/01/gpl-enforcement/)

~~~
secfirstmd
Very Useful!

------
Mikeb85
I'm sure you could find plenty of examples of violations being enforced.

Interesting note though - GS did not violate the GPL because they didn't
distribute the code. The GPL allows an organization to modify and use code for
its own use without releasing it as long as it's not distributed outside the
organization.

~~~
secfirstmd
That is in interesting aspect which I didn't fully pick up on.

So for example an organisation could build on source code released under GPLv3
and then charge it's customers to use it without breaking the licence or
releasing it?

~~~
Mikeb85
Charging to use it would likely constitute distributing it, so I doubt that
would fly. Having it on a server backend seems OK though.

But what GS did - use it in their own trading system which isn't consumer
facing, and is used only by GS is perfectly allowable. And it's even within
their rights to prevent the code from being released.

~~~
frobozz
I don't know the GS case at all, and IANAL, but as I understand it, if the
modified code is included in a client, then surely the users must be accorded
the copyleft rights, even if those users are all GS staff.

However, if it is strictly server-based, then those protections wouldn't hold
under GPL anyway, only AGPL.

~~~
Mikeb85
Nope. The organization retains the rights, as long as it stays within the
organization. Having multiple users doesn't count as distribution as long as
they're all GS employees. In addition, if you pay someone to modify it for you
exclusively on your behalf, you also retain the rights and don't have to
release the source.

------
tjaerv
Check out this presentation by Rob Landley (@landley), who started the
infamous BusyBox lawsuits:

[http://www.youtube.com/watch?v=SGmtP5Lg_t0](http://www.youtube.com/watch?v=SGmtP5Lg_t0)

He talks about the lawsuits and the effects they had.

------
vesinisa
Earlier, projects like BusyBox[1] and FFmpeg[2] used to have a "hall of shame"
where they listed products (mostly DVD players, set-top boxes and routers) and
companies that used the GPL'd source without attributing and publishing back
their source code. Nowadays, both projects point to Software Freedom
Conservancy in questions of license enforcement.

1:
[https://web.archive.org/web/20130116093247/http://busybox.ne...](https://web.archive.org/web/20130116093247/http://busybox.net/shame.html)

2:
[https://web.archive.org/web/20101214233906/http://ffmpeg.org...](https://web.archive.org/web/20101214233906/http://ffmpeg.org/shame.html)

------
secfirstmd
This might sound tongue in cheek but I would love to have a version or way of
having an open source license where it can be used by anyone except businesses
or industries I find unethical and specifically prohibit in the licence. For
example, that what i help create can be used like a GPL by anyone unless a
person or company involved in the defence industry, private or state
intelligence, selling FinFisher type stuff, diamond mining, investment
banking, supplier to the Saudi Arabian government, etc etc :)

Is there such a thing or a specific way of doing this?

~~~
tptacek
Yes, look at Rogaway's license for OCB mode.

~~~
secfirstmd
Thanks. I wonder would using something like this preclude me from including
other peoples GPLv3 code in our software?

~~~
db48x
Yes; the GPL prohibits a distributor from adding additional licensing terms.
(It doesn't preclude the author from offering it under multiple licenses, so
long as the recipient can pick one and stick with it.)

------
99throwaways
A GPL xml library used in commercial product:

[http://docs.justia.com/cases/federal/district-
courts/califor...](http://docs.justia.com/cases/federal/district-
courts/california/candce/3:2013cv05160/271647/61/0.pdf?1391594827)

------
aroch
VLC was pulled from the AppStore due to incompatibilities between GPL and the
AppStore distribution method (DRM).

~~~
0x0
I thought it was pulled because one VLC contributor, holding authorship and
copyright on parts of the code (and also happened to be a Nokia employee,
hmmm...), had an axe to grind and demanded the takedown?

Also, if you own the full copyright on a given app, there shouldn't be
anything stopping you from releasing it as gpl on github while also licensing
it for free download on the appstore - you get to pick the terms of
redistribution as you like for each individual distribution point.

------
antocv
Huawei has 4G routers with Linux busybox and everything, and a "Written offer
GPL" but, when requested, they dont give a shit about it really.

Ive had more products break GPL than Ive broken copyright before I learned
Linux when I was pirating windows software.

Just not much to do really, its only the copyright holder that can actually
push for enforcmenet of copyright, and me as a user am pretty much screwed.

~~~
bkuhn
To paraphrase the Lorax: "I am the GPL enforcer, I speak for the users". While
you're correct that the copyleft is based on copyright, and thus the primary
cause of action for a violation must be done by the copyright holder, I've
done a tremendous amount of work to build a large coalition of projects and
copyright holders so we can pursue GPL violations.

I bet I'm aware of every GPL violation you've seen, but please do email
compliance@sfconservancy.org about any GPL violations on Linux, BusyBox,
Mercurial, Samba or Wine that you know about, and we'll do what we can to
resolve them.

The biggest issue I face in doing GPL enforcement is lack of resources. I know
it's a broken record of a not-for-profit organization, but if you want to help
with enforcement, please donate: [https://sfconservancy.org/linux-
compliance/](https://sfconservancy.org/linux-compliance/)

