Hacker News new | past | comments | ask | show | jobs | submit login
A federal court has denied a pre-trial motion to dismiss a GPL enforcement case (qz.com)
853 points by imanewsman on May 12, 2017 | hide | past | web | favorite | 215 comments



This happened a few weeks ago. But it's just a ruling on a preliminary injunction motion.

That is, it's not even a final decision of a court.

So while interesting, it's incredibly early in the process. The same court could issue a ruling going the exact opposite way after trial.

As someone else wrote, basically a court rule that a plaintiff alleged enough facts that, if those facts were true, would give rise to an enforceable contract.

IE they held that someone wrote enough crap down that if the crap is true the other guy may have a problem.

They didn't actually determine whether any of the crap is true or not.

(In a motion to dismiss, the plaintiff's allegations are all taken as true. This is essentially a motion that says "even if everything the plaintiff says is right, i should still win". If you look, this is why the court specifically mentions a bunch of the arguments the defendant makes would be more appropriate for summary judgement)


> This happened a few weeks ago. But it's just a ruling on a preliminary injunction motion.

Is "preliminary injunction" the right terminology here? It sounds like it was a motion for dismissal.

Anyway, it's appalling how often the press confuses pre-trial motions like this with substantive rulings on the issues of the case.

...and it is also, sadly, no surprise that they also think that this sets precedent. Why is it so hard for them to understand the difference between trial courts and appellate courts and which set precedent?


The problem is us still believing that the press has any interest in the truth. They get paid for telling the most interesting story. If it's total lie, maybe sometimes someone gets fired, but the corresponding newspaper/channel still made a lot more money in the mean time.

Newspaper should be read like a novel that is "based on true events".


While I am also appalled by the QZ headline, I would also note that the HackerNews headline makes it abundantly clear that this is just a pre-trial motion, and yet that was enough to get me to look at the thread.


No, you are right, it was a motion to dismiss. I wrote the wrong type, but the evidentiary standards I listed are correct;)

As for press, yeah, it's frustrating and annoying, but such is the 24 hour news cycle


> ...and it is also, sadly, no surprise that they also think that this sets precedent. Why is it so hard for them to understand the difference between trial courts and appellate courts and which set precedent?

Trial courts also set precedent. It doesn't carry the same weight as appellate court precedent, but their rulings do have precedential value.


I'll be cynical: some call it "having an axe to grind". Why do research if you can just post something that seems to align with your cause and makes you happy?

In all that we do at Quartz, we embrace openness: open source code, an open newsroom, and open access to the data behind our journalism.


> “Not so,” [yeah, I'm sure this is a literal quote from a court document] said Judge Jacqueline Scott Corley in her order on the motion on April 25.

That is in fact a literal quote from the court document:

    Defendant contends that Plaintiff’s reliance on
    the unsigned GNU GPL fails to plausibly demonstrate
    mutual assent, that is, the existence of a contract.
    Not so. The GNU GPL, which is attached to the
    complaint, provides that the Ghostscript user agrees
    to its terms if the user does not obtain a
    commercial license. Plaintiff alleges that Defendant
    used Ghostscript, did not obtain a commercial
    license, and represented publicly that its use of
    Ghostscript was licensed under the GNL GPU. These
    allegations sufficiently plead the existence of a
    contract. See, e.g., MedioStream, Inc. v. Microsoft
    Corp., 749 F. Supp. 2d 507, 519 (E.D. Tex. 2010)
    (concluding that the software owner had adequately
    pled a claim for breach of a shrink-wrap license).
See page 4, line 17 here: https://cases.justia.com/federal/district-courts/california/...


OK, I stand corrected. I'm removing the rant.


>licensed under the GNL GPU.

The what?


Thanks. We updated the title to reflect that.


To use Ghostscript for free, Hancom would have to adhere to its open-source license, the GNU General Public License (GPL). The GNU GPL requires that when you use GPL-licensed software to make some other software, the resulting software also has to be open-sourced with the same license if it’s released to the public. That means Hancom would have to open-source its entire suite of apps.

Alternatively, Hancom could pay Artifex a licensing fee. Artifex allows developers of commercial or otherwise closed-source software to forego the strict open-source terms of the GNU GPL if they’re willing to pay for it.

This obligation has been termed "reciprocity," and it lies at the heart of many open source business models.

http://www.rosenlaw.com/pdf-files/Rosen_Ch06.pdf

The more important issue here is reciprocity, not whether an open source license should be considered to be a contract.

AFAIK, the reciprocity provision of any version of the GPL hasn't been tested in any meaningful way within the US. In particular, the specific use cases that trigger reciprocity remain cloudy at best in my mind.

Some companies claim that merely linking to a GPLed library is sufficient to trigger reciprocity. FSF published the LGPL specifically to address this point.

So I believe a ruling on reciprocity would be ground breaking.


Question: Is that what Stallman intended to accomplish with the GPL? Pay a fee for GPL source code and bypass the GPL? (I apologize for my ignorance here.)

It seems like "reciprocity" has an even worse outcome than BSD source code. The origin of the source code can be completely hidden from the user.

Do users deserve to know at least that the original source code was freely available? What happens when users discovers that they are paying for something that others are getting for free? Do they care?

Is this a case of taking something that was free (but valuable), i.e., the original GPL source code, and concealing it as a closed source work in order to generate revenue/profit for some specific person or entity?

Stupid question: If someone fixes or adds something valuable to GPL source code and wants to charge for it, then why not just charge for the patch or the additional code?

(Assume that patches or additional source code files are distributed by themselves without the original GPL source code and that they do not contain any functional portion of the original GPL source code. Assume further that they do not use "interfaces" designed by the GPL source code author. Finally, assume that the end user can compile their own software and no binaries are distributed.)


You are misinterpreting "reciprocity"; it has nothing to do with Artifex's dual-licensing arrangement. If you read the linked PDF, you'll find this:

Reciprocity means a mutual or cooperative interchange of favors or privileges. Something is reciprocal when it is performed, experienced, or felt by both sides. (The American Heritage Dictionary of the English Language, 4th edition.)

The GPL license is reciprocal, because it is “performed, experienced, or felt” by both sides—the licensor and the licensees both use the GPL.

In non-legal terms, I'd put this as "the GPL allows you to redistribute in kind: by extending the offer the original licensor made to others." The "price" of redistribution is agreeing to public participation in the co-evolution of the software.

This is not to be confused with Artifex's offer to dual-license: you may either accept the terms of the GPL or purchase a commercial license. These two worlds do not interact other than Artifex, the copyright holder, uses its rights under copyright law to offer these two alternatives.


Yes, the "outcome" to which I was referring was in fact the effect of dual-licensing.

With respect to the book chapter, as I interpret it, reciprocity includes asking for the licensee to open source their work. But I leave this to the experts to interpret definitively.

Assuming I am not misunderstanding, if the licensee "reciprocates", then there is no closed source and the "problem" I am alluding to goes away. Because users can now see the source code and theoretically they can determine where it came from.

(The problem being that GPL source code and the value thereof is sometimes "concealed" in closed source products. This is just my personal view. I may care about things that others do not. Opinions may differ.)


You cannot have GPL-licensed code in closed-source code. It's a violation of the license so the code ceases to be GPL-licensed and becomes unlicensed. If you distribute that code, in source or binary form, you can get sued by the copyright holders which is what this case is about.


You can totally have GPL-licensed code in closed-source code as long as you don't publish it. So you can totally run your SaaS business like that.

The Affero GPL tries to close that loophole.


Indeed the code only becomes unlicensed as soon as you violate the GPL terms. So I guess the correct way of framing this would be that internal copies, including changes, are still under the GPL.


You can if it is dual-licensed.


Then it's licensed under some other license and the GPL does not apply. If I rent a building and the building is for sale I still don't own it until I close that contract.

If I copy GPL-licensed code without following the license terms, the GPL no longer applies and the code becomes unlicensed. The GPL is explicit about that.

If I acquire code under another license than the GPL my copy is not GPL-licensed even if it's available under the GPL license. Ultimately, the GPL requires that all people who pass on code under the GPL adhere to its terms. If one person in the chain didn't (for example by not making available the source) all subsequent copies become unlicensed.


My intuition from listening on several of Stallmans talk would be that paying for exceptions are an acceptable strategy in some cases, through not ideal.

So while writing this comment I remembered the old case of QT and found this article (https://www.fsf.org/blogs/rms/selling-exceptions). To quote it similar to a "inferior choice, but it's not wrong".


> If someone fixes or adds something valuable to GPL source code and wants to charge for it, then why not just charge for the patch or the additional code?

You can legally do this, but it will not be easy. You cannot distribute a binary in this way, if you do your patch becomes GPL so the first person who buys your patch can legally give it to everyone else. That means you have to sell the source code to your patch and your customers have to build the binary themselves. You need to ensure that your customers understand that they cannot distribute any binaries they make. (they probably can distribute it within their company but they need to have some process to ensure that their employees know they cannot distribute this)

If anyone is thinking about this, make sure all sales include your lawyer: you will need to ensure that your customer understands all the subtleties otherwise the courts might decide your patch is GPL.


As a patch or addition, your source code is likely to be considered a derivative work, regardless of whether you actually build it into a binary.


As other people already said, intellectual property laws restrict not only the work itself, but also derivative works.

A patch is a derivative work, no matter how you try to dodge that part of the law. So it would still be violation of copyright.


To be clear, the silly question I posed was not directed at avoiding copyright violations. What I ask is whether anyone is ever curious about the value of the derivative work versus the original work.

For example, the original work might be very valuable, a significant work. It could be the collective work of many authors. But it has been made available for free. The derivative work, maybe patches or some additional source code by a single author, is also valuable but on its own much less so.

Then the large original work is packaged together with the patches and additonal source code as a "derivative work". It is commercially licensed to an end user who sees the value as a whole, most of it coming from the original work, which of course was available for free.

Depending on whether attribution is given, the user may have no idea that the core of the product was open source and available for free.

More importantly, there appears to be no assessment of the relative "value" of the free portion versus the closed-source commercial portion of the product.


I'm not entirely sure that's correct. If you try to sell something that relies on GPL software, it's considered a derivative work even if you don't distribute the GPL software with yours.


It is a derivative work, but selling derivatives of GPL-ed software is entirely legal and not forbidden by the GPL. Distributing binaries (regardless if for free or not) of GPL-derived software without distributing the source from which the binaries were derived (or without offering a reasonable way of getting the source on demand) is forbidden by the GPL. Moreover, the source of the derivative work must be offered under the GPL.

(Edited to add the last statement above, for clarity.)


While that is true, as part of a derivative work, your users would have your source under GPL terms.

Absolutely you can sell, but your can't restrict user rights


This is correct - you not only must include the source code for your binary, you also must include it under the same terms as the original source code.


So if someone just happens to distribute the source code for Hancom Office before this is resolved in the courts, would he or she be in the free and clear?


A license can't affect the copyright of any other code. So Hancom is just in violation of the GPL and has lost its right to use Ghostscript; it's not automatically GPL'd.


This is correct. Without a license, Hancom is liable for copyright infringement of the Artifex code if it continues distributing its product. It will be forced to either buy a license or reform its product to use an alternative, but it won't be forced to release its source code.


Probably not. It's unlikely either party will want this to go to trial so it'll probably end in a settlement where the company buys a license on top of damages.


Agreed, I didn't mean to imply otherwise.


"Question: Is that what Stallman intended to accomplish with the GPL? Pay a fee for GPL source code and bypass the GPL? (I apologize for my ignorance here.)"

I've often thought that this was a pretty ideal way of licensing OSS.

It provides a revenue stream for improving upon open source from those with the deepest pockets and the greatest ability to pay which clearly works (QT, for instance, probably wouldn't exist without this model).

Moreover, it doesn't remove others' freedom to be able to develop free software from it.

It's telling that the biggest whinges about the GPL often come from large (often abusive) corporations with deep pockets, an inflated sense of entitlement, paranoia about "their" intellectual property and a desire to get freebies from ordinary developers.


The specific person or entity has to have the copyright for the work in the first place (or the permission of that entity). In which case they're "taking" from themselves.

As for Stallman's intentions, he's talked about this exact model: https://www.fsf.org/blogs/rms/selling-exceptions


Forgive my ignorance too - but I don't think the intended goal of the GPL is to allow you to dual-license, I think Stallman would (I'm guessing) not want people to license code as anything other than GPL, so I imagine he'd discourage paying for non-GPLed code.


Not necessarily.

"I've considered selling exceptions acceptable since the 1990s, and on occasion I've suggested it to companies. Sometimes this approach has made it possible for important programs to become free software."

Read his full text for some boundaries he sees.

https://www.fsf.org/blogs/rms/selling-exceptions


Hm. I did not know he held that view.

It does make sense. It sounds like he's against things like Magento/Gitlab/Alfresco which have totally open source versions and commercial/enterprise versions with closed extensions. (I realize those aren't the best examples as they're not GPL).

With the dual licensed product, you simply have two licenses for the exact same code base. If you want to reuse it, you can, but you need to release your derivative works back to the community. But the people/organisation behind the tools still have to live in this capitalist world that's far from the free software paradise of the FSF. Developing under a dual license can provide a revenue stream back to the writers to help keep that work going.


Just as a remark: He doesn't see Free Software as anti-capitalistic. He i.e. also supports the possibility of selling GPL software. (just as in the 90ies, where downloading large files from the internet was hard and it was common to buy a box with S.u.S.E. Linux)

"Many people believe that the spirit of the GNU Project is that you should not charge money for distributing copies of software, or that you should charge as little as possible—just enough to cover the cost. This is a misunderstanding. Actually, we encourage people who redistribute free software to charge as much as they wish or can. If a license does not permit users to make copies and sell them, it is a nonfree license." https://www.gnu.org/philosophy/selling.html

What he cares about is that the software is free as in freedom and contains no lock-in: You can look at it, you can edit it, you can distribute it.


The intended goal of the copyleft provisions of the GPL is to make it differentially easier for people to develop free software compared to proprietary software. Requiring that they pay in order to do the latter (while being able to do the former gratis) does that.


I don't think your "Assume" clause buys you much. If it is a source patch it is a derivative work.

You can sell it, but it's still subject to GPL.

Distribution of binaries is a bit of a diversion here, and not a key issue - it dorsn't really matter if we're talking about C or python.


> It seems like "reciprocity" has an even worse outcome than BSD source code. The origin of the source code can be completely hidden from the user.

Nothing is stopping someone from paying the rights owner of a BSD-licensed work for the right to use it without preserving the copyright notice. The analysis is the same as for a GPL-licensed work.

If the argument is that it's better to have BSD-licensed works without paid exceptions than GPL-licensed works with paid exceptions, well... first off, nothing stops the paid exceptions from being "You can use this under the BSD license". Second, this seems like a strategic thing; if most users comply with the GPL, and you raise some money, that seems like a net win compared to everyone complying with the BSD and not providing source despite not paying.

> Assume further that they do not use "interfaces" designed by the GPL source code author.

I'm having a lot of trouble imagining a patch that works this way. If you're patching the program, aren't you interfacing with the program somehow?

I can think of two possible ways. One is that you're actually patching other interfaces (e.g., providing an LD_PRELOAD) provided by more-liberally-licensed software. I don't think that an LD_PRELOAD of POSIX interfaces intended for use with specific GPL software is a derivative work, but I also don't super look forward to convincing my lawyer of what's going on, let alone a judge.

The second is that you're running the program in such a way that you're really wrapping standard I/O and not touching the program itself, but I wouldn't call that a patch. JuiceSSH for Android does this with mosh, for instance; it uses an upstream mosh-client binary (and provides source) in a subprocess of its proprietary UI. On a system like iOS where you can't fork, I could imagine some scheme for running the process in the same address space with some serious emulation. I very much wouldn't look forward to litigating this; it sounds sorta like the VMware lawsuit, which is a huge mess.

If you're providing a plugin through a defined plugin interface, and the software author has said "Use of this plugin interface doesn't subject you to my program's license" (or the plugin interface is an external standard like VST), then you're in the clear. It's worth noting that Linux has an explicit statement that the syscall interface does not subject userspace programs to the GPL. I don't know if such a statement is necessary, but it's nice that it's there. But these sorts of things are definitely not what I think anyone would call a "patch".


Patching might operate by locating patterns in source files and editing the source files. Either deleting, changing existing text and/or adding new text. The patch files themselves might be considered nothing more than instructions on how to make edits.

It is true the patterns could be excerpts from the GPL work. But they need not be functional or even intelligible as anything other than as part of instructions, e.g., short strings of octal values representing characters, with wildcard characters interspersed.

Patching might even operate by only using line and column numbers. The patch itself in that case need not contain any text from the GPL work. It might be just an index into some file, a list of line numbers and columns and any new text to be inserted.

The point is that the process of patching need not necessarily reveal anything about the original GPL work. The editing could theroretically be done in such a way to make this separation.

Anyway, we have drifted from the original question which was , essentially, why do programmers not distribute instructions on how to modify GPL source code or additional source code that can be linked with GPL source separately from the GPL source code.

The reason I asked is because what I see is that original GPL source code is sometimes "hidden" in commercial products by virtue of being bundled with some "derivative work". To me this obscures the value of the original GPL source code in favor of the closed source derivative work, which may or may not be as valuable. NB The usage of the words value and valuable is purely subjective. Opinions may differ.

I am not sure I understand the comment about BSD licensing. Assume for example that the goal of the license is to require attribution, how does one avoid that requirement without changing the license? The licensor can opt not to enforce the license and may accept payment. But the license still requires what it says.


> But they need not be functional or even intelligible as anything other than as part of instructions, e.g., short strings of octal values representing characters, with wildcard characters interspersed.

I think you're misunderstanding how copyright law views works. A "work" in the sense of copyright law isn't a pattern of bits: it's a creative expression of an idea (a binding between a pattern of bits and some concept in a human brain) that has a context for how it came to exist.

The classic article "What Colour are your bits" is a good overview of this: http://ansuz.sooke.bc.ca/entry/23

It's worth reading, to understand exactly what copyright law covers / how it works. But suffice it to say that the ability to create a set of bits that does not include any inherent reference to the GPL'd work does not make the bits no longer a derivative work, any more than Monolith (the example from that article) causes bits to stop being copyrighted.

Which answers your question of why programmers do not distribute instructions on how to modify GPL source code without distributing the source itself: there's no point. The legal requirements on them are exactly the same.

My comment about BSD licensing is that if people who own GPL'd works sometimes accept payment to give you the work without the requirements of the GPL, nothing is stopping people who own BSD-licensed works to accept payment to give you the work without the requirements of the BSD license. If it's a bad thing that you can in theory pay money to avoid the GPL, it's equally a bad thing that you can in theory pay money to avoid the BSD license.


Your patch would be meaningless without the GPL code underneath, so is a derivative work and would therefore likely fall under the GPL.


Requiring another work for meaning, without actually including any of that work, is not enough to make copyright kick in as far as I know.


Then any source patch would fall outside of licensing.

It's clearly a derivative work, as described.


Some source patches include significant elements of what they apply to.

Some don't.


I think that argument would also imply that you don't need a copyright license to write a sequel to a book (assuming you don't quote the book, but the sequel includes characters / plots from the original book), and I think it's the case that a sequel is a derivative work. So by contradiction, it doesn't matter if the patch to the source includes a nontrivial portion of the source; it's still based on the source either way.


That's not the issue at all, it's still a derivative work, regardless of whether it contains much of the original.


Answer to stupid question: Nothing is stopping you doing that. As it would be a derivative work, your users/customers would be entitled to your source and have distribution rights.


Your customers are only entitled to the source if you accepted the terms of the GPL and technically you can claim that you didn't accept them and that you simply distributed the derived work illegally.

If your customers wanted the source, they would have to ask the original authors to sue you and have the court force you to accept the GPL post-factum. It's not clear how this would turn out because afaik such line of "defense" has never been tried by violators so far. A few such lawsuits settled out of court, usually with source code being part of the deal.

A ruling in this kind of case, where the violator stubbornly refused to comply and maybe tried to escape with just paying damages or some other trickery, that would be interesting.


A court won't force people to comply with the terms of a license. If they don't comply, they just don't have a license and can be liable for copyright infringement. A court can then enjoin them from continuing to distribute the product, which may be incentive for them to reach an agreement on a commercial license or it might induce them to modify the product to not use the infringed code. And a court can force them to pay damages, which will be the cost of what a commercial license would have been. However a court won't force them to release their code under the terms of the GPL. Even if the GPL were a contract, which it's not, courts just don't order specific performance for breach of contract.

As you mention, though, some potential defendants will determine it's just cheaper to just disclose the modified code and walk away.


I agree, a real, thorough test of this in court would be a great precedent.

And yes, if you refuse source to your customers that's where you are - software copyright violation. Just the same as if you did this with proprietary stuff. Someone with standing would have to start the ball rolling.


I view the GPL as a form of DRM. It may be DRM for a good cause but it is still DRM. DRM is about control and I don't think that imposing controls is ultimately compatible with the notion of "free software". I get the arguments in favor it but am not convinced.


I mean, that's just patently false, but the most prominent way in which that statement falls apart is that DRM is designed to restrict users and the GPL has no restrictions on users.

The GPL does place nontechnical restrictions on developers, but those restrictions exist to ensure that bad actors can't add new restrictions to users.

But seriously, "GPL is DRM" makes no sense. Aside from the fact that DRM and the GPL are completely different classes of things, they also have completely contradictory philosophies and are applied and act in completely contradictory ways. That's just FUD.


> Stupid question: If someone fixes or adds something valuable to GPL source code and wants to charge for it, then why not just charge for the patch or the additional code?

Nothing stops anyone from charging for the GPL code in the first place.


True.

But the idea I had in mind with this question was that there is often an initial free source of high value code and then someone may add an addtional amount of their own code that is by comparison far less valuable.

The end user of the commercial product if it is closed source may not be able to see the extent of the contribution of that free portion to the value of the product as a whole.

For lack of a better hypothetical, imagine a product that is a combination of 1. GPL licensed command line executable that anyone can download and compile for no charge and 2. a GUI "skin" written by someone who has no copyright in the command line executable.

The author of the skin, let's call him "the entrepreneur", wants to charge end users.

The entrepreneur packages his skin together with the GPL licensed command line executable as a closed source commercial "product".

As you state, "Nothing stops anyone from charging for the GPL code in the first place."

But in this case, as is common among GPL-licensed programs, the author who wrote the command line executable never charged for it.

The problem I see with this situation is that because the product is closed source, the end user may not be able to determine the extent of "the entrepreneur's" work.

For example, his contribution to the "product" may be quite small in comparison to the work of the original author. That is, the core of the product, the most important bits, may comprise the freely available GPL source code, available to anyone for no charge.

This is not a situation that I expect anyone else to care about. But as an end user, if I were faced with paying for a commercial software product, I would want to know about the entrepreneur's use GPL source code that I could obtain elsewhere for free and the extent of the entrepreneur's "contribution" in relation to the original author.

Returning to my original stupid question, why does the entrepreneur not sell his skin separately from the command line executable. It is a rhetorical question. (Commenters tried to answer it anyway.)

Assuming the command line executable is a well-written, highly valuable program and an end user does not know about its existance, the entrepreneur's product may look quite valuable. The entrepreneur may be piggybacking on the value of the GPL source code but concealing this by keeping the source code secret.


I'm guessing Stallman is completely disgusted by the possibility of dual licensing. But the legal copyright holder has the right to establish whatever licenses they wish, whether Stallman approves or not.

As to your question, you've already agreed not to charge for your patch by the fact that you've utilized the GPL to access the code in the first place. That's one of the points of the GPL after all.


> I'm guessing Stallman is completely disgusted by the possibility of dual licensing.

You'd be wrong, though. He considers it a legitimate alternative to "not releasing source at all":

> I consider selling exceptions an acceptable thing for a company to do, and I will suggest it where appropriate as a way to get programs freed.

https://www.fsf.org/blogs/rms/selling-exceptions


That's interesting, thanks for the citation. I was basing my opinion on his well-known hate of proprietary software, and his desire to make all software free. Dual licensing works counter to that, because it allows someone to use GPL software without making their own derivative software available too.


Well, it's not "GPL software", it's software that's also distributed under the GPL. That's being freely distributed at all is a win compared to most commercial software.

And in fact, it could be argued that it's better (for rms' goals) than MIT/BSD/etc, since the proprietary license will impose some restrictions on its usage by other proprietary vendors.


Definitely better, because it allows for GPLed forks, but not commercial ones (unless the copyright holder wants to compete with themselves.).


I'm going to disagree about Stallman. I suspect he would prefer all-GPL-everywhere, but I think he's pragmatic enough to think that dual-licensing (with GPL being one of them) is better than nothing, because it still means the software is out in the open, for anyone to download and use who wants to adhere to the GPL, so it's still a win for Free software. Some companies might choose to purchase a proprietary license so they can use it in closed-source software, but for others they're able to download and use it for free under the GPL.

Remember also, Stallman and co. did come up with the LGPL, which itself is a pragmatic compromise to allow GPLed libraries that can be used in non-GPL applications: under LGPL, you have to share any changes you make to the library itself, but the rest of your application can use a different and/or proprietary license.

It's better to have some GPL rather than no GPL.


As to your question, you've already agreed not to charge for your patch by the fact that you've utilized the GPL to access the code in the first place.

Nothing about the GPL stats that you can't _charge_ for your software, in fact RMS explicitly encourages people to make money from free software. You just can't restrict the buyer from redistributing it once you sell it to them.


True, charging not explicitly prohibited. But since everybody you distribute to is free to redistribute it again without charge under the terms of the license, it does put a practical limit in place.


"Question: Is that what Stallman intended to accomplish with the GPL? Pay a fee for GPL source code and bypass the GPL? (I apologize for my ignorance here.)"

Probably not. Although from what I've seen, he was rather short on explaining how devs would make money to support themselves under GPL.


That is the most important issue, but not the most important issue here. This ruling hasn't gotten that far. This merely throws out Hancom's argument that because the contract wasn't signed it wasn't a contract.

Contract terms should be up next (but I smell a settlement, frankly).


The more important issue here is reciprocity, not whether an open source license should be considered to be a contract.

From your ethical perspective, yes. From a court's perspective, reciprocity can't be enforced without the existence of a valid contract because there is no legal obligation for people to be nice to each other. Contracts are the mechanism we use to establish obligations between private parties.


Maybe I'm mistaken then but I seem to remember having seen numerous cases in which GPL was involved, but only in the sense that the software was being redistributed as an unmodified unit or with modifications. But those cases may have been settled - I'm not sure.

Reciprocity and the conditions that trigger it (I link to your GPL library and so must release my application source code) has never been ruled on from what I've seen.


Reciprocity is an ethical concept. I told you, there is no law that mandates people have to be nice to each other. Courts do consider matters of pure equity from time to time, but such disputes are heavily fact-based and don't generalize well. That's why contracts exist; they're a mechanism for establishing predictability between people who may have very different moral assumptions, but (ideally) negotiate agreements of limited scope to which they are both willing to adhere while still maintaining their different interests/ moral beliefs/ tribal membership etc.

Courts don't want to be moral arbiters if they can possibly avoid it because questions of morality are inherently political. Contractual relations are a mechanism for dealing with that problematic social reality.

Edit: if it helps, think of contract law as a language specification. The compiler cannot and does not evaluate the worthiness or value of a program, only its semantic consistency. An individual contract is like a program, the law as a whole is like the operating system, institutions are the firmware, physical assets are the hardware. It's an imperfect analogy but it might make the scope issues easier to understand.


It appears that Rosen's "reciprocity" is simply another term for the "infectious", or "copyleft" nature of GPL. In that case I fail to see the significance. There isn't really any remaining doubt about the enforceability of GPL, which may actually be the reason for the relative dearth of case law.


I'd be interested in knowing which cases you're thinking about.


Groundbreaking yes, but also just really good.


"Corley denied the motion, and in doing so, set the precedent that licenses like the GNU GPL can be treated like legal contracts, and developers can legitimately sue when those contracts are breached."

The GNU GPL was written on the basis that if someone does not accept its terms, then that without any other license from the copyright holder, redistribution puts that person in violation of copyright law.

Suing for damages on the basis of a breach of copyright law clearly does not require any contract.

So this is more about a technicality of the legal process in this particular case, rather than anything about whether copyleft is legally enforceable or not in general.

Specifically, because the motion denial was based on the defendant's own admission being deemed to be the agreement of a contract, this says nothing about the general enforceability of the GPL (future defendants could simply avoid making such an admission).

Further, since the ruling was in response to a specific motion, it only concerns the claims made in that motion: about whether a contract exists in this particular case. It says nothing about the "copyright violation if you don't accept the license" mechanism of copyleft.

Finally, the article does not provide any evidence that there has been any ruling that determined that the GPL is an enforceable legal contract, contrary to its title. The ruling as quoted just says that the defendant, by its own admission, did accept to enter in to the GPL-defined contract.


But if for some reason some court rules the GPL invalid, doesn't it mean that the companies using the GPL'ed software are violating copyright?

Because the GPL license is the only thing granting them the rights to use that intellectual property, right?


> ...doesn't it mean that the companies using the GPL'ed software are violating copyright?

It may be a technical violation. This wouldn't in itself make any difference to anything, however. It would only matter if a court would then award damages to copyright holders as a consequence of the violation. A violation in civil law doesn't mean anything in practice except when damages are awarded (and only changes behaviour when damages could be awarded).

Damages are awarded based on harm done. I think a copyright holder would struggle to show that any harm was done by the defendant, especially as the defendant would have been acting in good faith. Of course this depends on the details of the reason the court ruled the GPL invalid, so it's not really possible to speculate on your hypothetical further.


But copyright is different; See [0] under Statutory Damages.

EFF / Github should probable set up a "register copyright for this release" to make it easier for OS developers to use this feature of copyright law.


The court could rule that part of the license is invalid, but not all of it.


In order to dismiss the motion, the court had to explain why the GNU GPL is an enforceable contract:

https://docs.justia.com/cases/federal/district-courts/califo...


No. The plantiff made two key claims: breach of contract and copyright infringment. This is sensible, because the defendant has either accepted the GPL (and thus is in breach of contract), or has infringed copyright. This is key to the mechanism of copyleft. By suing for both, the defendant cannot just choose whichever is the most convenient and win on the technicality that the other was not considered by the court.

The judge ruled that the claim of breach of contract cannot be dismissed on the basis that the contract does not exist, because the defendant has effectively admitted that it did exist.

The judge also ruled that the claim of copyright cannot be dismissed on the basis of jurisdiction.

None of these things relate to the enforceability of the GPL in general.


I don't think you're wrong, I just think you're splitting hairs. The order says the license is a contract that exists, sure. Contracts are enforceable.


"...I just think you're splitting hairs." And splitting hairs is pretty much what the legal system is about.

It matters. The difference is the defendant said "yes, we entered a contract" and not that the judge ruled "whether you admit it or not, you entered a contract." The former does not set legal precedent. The latter probably does.


No. The order says that iff what the plaintiff says is true, a contract probably exists :)


I see no justification for the arm of that 'iff' which is equivalent to "if what the plaintiff says is not true, then it is not the case that a contract probably exists".


Let's go to the decision:

    Defendant contends that Plaintiff’s reliance on
    the unsigned GNU GPL fails to plausibly demonstrate
    mutual assent, that is, the existence of a contract.
    Not so. The GNU GPL, which is attached to the
    complaint, provides that the Ghostscript user agrees
    to its terms if the user does not obtain a
    commercial license. Plaintiff alleges that Defendant
    used Ghostscript, did not obtain a commercial
    license, and represented publicly that its use of
    Ghostscript was licensed under the GNL GPU. These
    allegations sufficiently plead the existence of a
    contract. See, e.g., MedioStream, Inc. v. Microsoft
    Corp., 749 F. Supp. 2d 507, 519 (E.D. Tex. 2010)
    (concluding that the software owner had adequately
    pled a claim for breach of a shrink-wrap license).

Note the part that:

    Plaintiff alleges that Defendant
    used Ghostscript, did not obtain a commercial
    license, and represented publicly that its use of
    Ghostscript was licensed under the GNL GPU. These
    allegations sufficiently plead the existence of a
    contract."
IE if what the plaintiff said is true, it's a contract.

I see nothing in the decision that says the court would have found a contract without these allegations being true.


> I see nothing in the decision that says the court would have found a contract without these allegations being true.

Parent is nitpicking the different between the court ruling that the contract is likely to exists and the contract actually existing. For the former, plaintiff's allegations are absolutely necessary, for the latter - not so much.

In a sense, one can't say that "only if plaintiff's allegations are true, a contract exists" because plaintiff's arguments can be bullshit and the contract may still be valid for other reasons, even if no court would recognize it without proper evidence.

Hope that helps. And yes, it is a nitpick on the semantics of logic. Parent understands what the court ruled, the issue was solely with your post being (possibly amusingly) ambiguous to people dealing with too much formal logic.


"If what the paintiff says is not true, then it is not the case that certainly a contract probably exists".

Apparently parent is an intuitionist ;)


I hope you don't really mean 'iff' there.


Why not? Read it as "if and only if." If you disagree, then explain your disagreement.


I think the "only" part is dubious, i.e. a contract could possibly exist in various other circumstances as well :)


It may seem like "splitting hairs," but it's basic legal analysis. Learning when a contract is formed (which is the question at issue here; it's not about the substantive terms of the contract) is covered in everyone's first year of law school. And learning how contract and copyright relate is covered in the second or third year of law school, depending on when you take the course.


Not all contracts are enforceable. I would be surprised if the entirety of v3 is enforceable


Out of curiosity: which parts of v3 do you believe to be unenforceable?

I think that, given the time, effort, and professional expertise which went into drafting it, that the entire thing should be enforceable.


> Suing for damages on the basis of a breach of copyright law clearly does not require any contract.

I came here to say basically this. To make this really explicit - this result is completely and utterly unsurprising and does not set any new meaningful precedent. Nothing specific to the GPL was implicated.

Using someone else's source code without permission has always been, and continues to be a violation of copyright law.


A friend of mine, who is a software engineer turned IP lawyer, made a good point about the GPL - the reason it "has never been challenged in court" isn't about uncertainty, but about certainty. The GPL is based on the most simple, bedrock copyright law. Despite being a clever hack, there's nothing legally exotic about it.

Any judge in the country or anywhere else would laugh a GPL challenge right out of court. Any any IP lawyer reading it would tell their client that that's what's going to happen if they try to challenge it. That's why it's never been fully tested in court... no need.


Ah, if only.

To the first point: the GPL is not used nearly as much as it should be. Thus there's still a strong selection bias on court cases in general being about the GPL, since the GPL is not selected very often. (And there's a reason it is avoided: legal counsel to large companies frequently describe the GPL as "untested." This happens still today, which is frankly ridiculous in the light of all that the Software Freedom Law Center, FSF, etc. have done)

To the second point: any court proceeding introduces a huge amount of uncertainty. Costs are up-front, payback may come in a decade or more after all routes of appeal have been exhausted. Judgments are frequently overturned on technicalities; even if the technicalities are flawless the GPL is not unassailable.

On a personal note, I am unequivocally in favor of using Free Software further and wider than it has been used. In every potential conflict of interest, I think there is much to be said for attempting to settle with a "GPL violator" using amicable means, even if it takes a long time. I view "GPL violations" as free advertising -- don't be shy about publishing the proceedings, though doing it with some taste may help the party come into compliance, their actions should speak for themselves!

People use GPL software, extensively.

Any use of GPL software is a compliment to the software authors.

Any contribution back to the software will improve it for everyone.

etc.


Big companies don't avoid GPL because it's "untested". Big companies avoid GPL because it's actually quite dangerous for them to use. GPLv2 only so far as if they accidentally taint their proprietary code with it, then they need to open up their code (which is bad enough). But GPLv3 is really fucking scary. As it was once put to me, if a single GPLv3 binary accidentally makes it onto the OS image for iOS, Apple would then legally be required to release the master signing key to the whole world, completely destroying the whole security model of iOS and screwing everybody (not just Apple but also Apple's users who rely on that security). Plus the patent clause in GPLv3 is also nasty.


Can you point to actual statements by any company on "why we avoid the GPL?"

Here is a great example of Google reversing course on the AGPL (when they reversed their decision to ban AGPL code from Google Code in Sep 2010):

https://www.theregister.co.uk/2011/03/31/google_on_open_sour...

Apple also _still_ ships GPL code in macOS Sierra 10.12:

http://meta.ath0.com/2012/02/05/apples-great-gpl-purge/

People use GPL software, extensively.

Any use of GPL software is a compliment to the software authors.

Any contribution back to the software will improve it for everyone. Would it really be so hard for Apple to maintain a GPLv2 fork of bash that backported the security fixes, a la RedHat?


I'm not aware of public statements, I don't know why any big company would actually go on record as saying that. But what I described above is paraphrasing what I personally was told by a lawyer who worked for a big company.

Also, your own link shows that over time Apple has been shipping fewer and fewer GPL-licensed packages, and explicitly makes the case that Apple is trying to get rid of GPL-licensed software.

> People use GPL software, extensively.

People use all sorts of software. I have no idea why this statement is relevant to big companies shipping GPL software.

> Any use of GPL software is a compliment to the software authors.

I'm even more confused by the inclusion of this statement.


> That happened when Hancom issued a motion to dismiss the case on the grounds that the company didn’t sign anything, so the license wasn’t a real contract.

... so they admitted to the court that they willfully used the software without a license to do so?


Probably not. We are dealing with a pre-trial motion by the defendant for dismissal. They are just implicitly admitting that plaintiff alleges that defendant used the software without a license, not that they actually did so.

To decide such a motion the court assumes that every fact alleged by the plaintiff is true, and then looks at each charge to see if all the necessary facts to support that charge are covered. If some charge is not covered, then that charge can be dismissed.

So what is happening here, it sounds like, is that the defendant is saying that plaintiff did not allege that defendant signed anything, and the defendant seems to think (for some reason I do not understand...) that you have to sign something in order to have a contract, and so wants the court to dismiss any charges that require there to be contract.

The court said that plaintiff has in fact alleged sufficient facts for there to be a contract, so denied the motion to dismiss.


> the defendant seems to think (for some reason I do not understand...) that you have to sign something in order to have a contract

I know, right? I'm really baffled that any lawyer would even try that argument. That's like, first or second week of first semester contract law right there.


Nice! By that logic it means EULA are not enforceable! I just clicked Accept, I didn't sign anything! Or a cat could've clicked that Accept button, or a toddler


But EULA _are_ (generally) not enforcable. It obviously depends, sometimes it is and sometimes not. I know for example in Sweden EUla are not enforcable at all.


Courts -- at least US ones -- generally treat digital signatures the same as physical ones. Not sure off hand whether clicking accept is the equivalent of signing if you don't type your name.


It's actually a bit of a misconception that signatures (digital or otherwise) have any particular legal significance.

A contract just requires an agreement between some parties. Signatures only matter to the extent that they serve as proof of an agreement. You can't go into court and say "yes, I agreed to the contract, but I never signed it." That's a losing argument.

You can, on the other hand, totally go into court and argue "Yes I signed the contract, but I never agreed to it!" That's obviously not an easy argument to make, and you'll need to give a pretty compelling argument if you want a shot at winning, but fundamentally, the signature is just evidence of an agreement, not some legal requirement.

So, clicking 'accept' on a EULA is solidly in a gray area. Everyone knows that no one reads the terms before clicking, so if the EULA has you signing away your first born, you can totally argue "yeah, I clicked the EULA, but I didn't agree to THAT" and probably win. On the other hand, clicking the EULA does mean that you're on notice that you've agreed to something. If the EULA is just the standard stuff that you'd expect to find in it, then a court is likely to enforce the terms.


Interesting, thanks!


This is what happens when you hire short-sighted attorneys with an unreasonable expectation of success.

What's funny is that Hancom is essentially arguing that shrink-wrap licenses (contracts) are unenforceable. Ghostscript was open sourced under the GNU GPL which states, in shrink-wrap fashion, that use of the software without an explicit commercial license binds the user to the GNU GPL. Integrated the software into their own closed-source software and distributing said closed-source software is unquestionable use.

At the same time, you can guarantee that Hancom would fully enforce their own shrink-wrap licenses - Terms of Use, Terms of Service, etc. - on others.


Shrink-wrap licences are unenforceable in many jurisdictions.

However, GPL still works in such jurisdictions since if you claim that you don't accept GPL then you're violating the copyright law by distributing without a licence to do so. General shrink-wrap licences can't use this logic because (in those jurisdictions?) using software or service doesn't require a licence, unlike copying.


I am not a lawyer, but I don't think "Shrink-wrap License" is legal term. I am pretty sure contracts are valid regardless of the amount of copying and pasting used to make them.

"Post-purchase agreements" are not enforceable in many jurisdictions because they add terms that one side of the agreement did not agree to and many terms of service fall into the post purchase agreement category. It is hard to argue that open source licenses are "post-purchase agreement" because no purchase occurred.


> I am not a lawyer, but I don't think "Shrink-wrap License" is legal term.

“shrink-wrap license” is a term (that has been used in legal writing on the subject, though it doesn't originate as legal jargon) for a license agreement included within the packaging (which historically was I usually shrink-wrapped, preventing the a customer from reviewing the license text prior a to purchase) of software product that is purported to be a condition of use of the software and which purports to be accepted by use, opening the package, or purchasing the product.

(“Click-wrap” has similarly been used for similar licenses included electronically with software that purports to be accepted by clicking through something in the install process.)

> It is hard to argue that open source licenses are "post-purchase agreement" because no purchase occurred.

Purchase may or may not occur with open source licenses; it may be true that it rarely occurs, though the FSF continues to promote sale of Free software as a viable thing.


Open source licences IMHO should be viewed not as agreements, but as offers of agreement.

You're free to accept the offer, which then implies certain obligations described in the agreement.

You're also free not to accept the offer, which implies the default conditions set by law, i.e., copying and distribution is prohibited without explicit permission of the author(s). For example, anyone certainly can ignore the provisions of GPL and redistribute the software as closed source if they have obtained some other licence from all the authors.


There is an enormous legal difference between shinkwrap licenses that limit your terms, and a license that grants you additional permissions. Your typical "EULA" is the former type. Copyleft licenses like the GNU GPL are the latter type.

A typical "EULA" attempts to reduce your rights, without any further consideration from you (you'll have already paid for it, etc). If you disagree, the authors like to claim that you are bound by their more restrictive terms anyway. That is what is legally dubious.

A copyleft license does the opposite: the software comes with an offer to grant you additional permissions should you choose to accept its terms. You have the option to decline, and nobody is claiming that your rights are in any way further restricted if you choose to decline.

Put another way, you are free to use GPL software without accepting the terms of the license. But if you don't accept the terms, then you violate copyright law every time you make copies of it.


I don't think there is legally such a distinction.


Premise: You have legally obtained a copy of some software.

Status quo: You can use the software. You're not allowed to redistribute copies or modified versions of the software.

EULA: You may only use the software if you agree to additional terms. Usage rights are restricted.

GPL: You may redistribute copies as well as modified versions as long as distribution happens under the terms of the GPL. Distribution rights are granted.


What about the disclaimer of warranty and limitation of liability?


Disclaimer and limitation of liability is a very old legal aspect about trade law which from a US perspective historically originate from UK law before the time of colonization. It has nothing to do with copyright or technology.

As the story go, someone bought a mill shaft but the delivery was delayed and the customer sued the seller and wanted compensation for the delay. This in turn lead to a legal requirement to make the customer aware of limitations. When the US organization for trade (a name which is escaping me) made their recommendation based on the version of law which was "copied" over, they added that one way to do so could be to use all caps or by changing the color or font, which companies adapted by simply picking the first suggestion.

The distance of the original case of the mill shaft and some open source software thats public available on the Internet for free is quite a far one.


OK, but so what? It still in some sense restricts the rights of the person using the software.


Its not about software, so no, it does not restricts the rights of the person using the software. It restricts the right of the consumer who are in a consumer-seller relation.

Disclaimers are about what the buyer can except and have a right to after a transaction. The product in question is more or less irrelevant, through some laws in some places do consider a free gift to also be a transaction between consumer and seller but with a price of zero. This makes the law more complicated. For example, if a baker gives out free bread samples but that happens to be bad, the baker can still be held liable. However if I give a friend a home made cookie the law could easily treat the two cases in a very different way. As much with the law it depend on the situation and the details and the expectations of everyone involved.

This is in part why some open source project do not include disclaimers. They don't consider themselves to be in a consumer-seller relation with anyone and thus do not need to disclaim any consumer expectation which could occur if there were such relation. Some lawyers disagree with doing so because of the baker example above, through there is a lot of uncertainty and a lawyers job is to consider all possible bad outcomes even those that are unlikely to happen, or as it is to my knowledge in this case, never have happened to any open source developer in the world.


In what sense? You can still use the software, you just can't expect its use to yield a particular result and sue the programmer if it doesn't live up to that expectation.


In exactly the sense you just stated.


That doesn't really affect your rights: You still own the program, you may still use the program, and you may even still sue the software vendor if the program doesn't work as expected.

What the disclaimer is supposed to achieve is state that there was no contractual obligation to deliver a piece of working software. For software distributed free of charge, this might be viable, but I would find it rather surprising if such an obligation wasn't automatically implied to at least some degree by any commercial sale.

But this is above my pay grade as I'm not a legal professional or even amateur, for that matter.


That's a question that has to be answered by lawyers and judges. Personally, I doubt that blanket disclaimers really do much of anything in my jurisdiction.


In contract law it is essential that both sides get something of value out of the deal. If not, it's not a contract. This is called "consideration" and it's why e.g. you'll see on the news people pay a symbolic $1 for a failing business or a tumbledown building rather than nothing at all.

For example you can't make a contract in which I just pay you $50 per year. But you can have a contract in which I pay you $50 per year and in exchange you deliver me a girl scout cookie on the 7th of November every year.

The court doesn't (usually) care whether the deal made is a good idea, $50 for a girl scout cookie seems like terrible value, but it _is_ an exchange of two things of value.

Because the GPL spells out what you're getting and what you're swapping for it, it will always satisfy this idea of consideration. In contrast very often "click through" or "shrinkwrap" licenses don't really do so.


I don't know about that. You're getting the right to use the software, which otherwise you don't have.


> ...which otherwise you don't have.

Why not? If I own a chair, I have the right to use it. If I own a copy of the software (that I paid for in a store, for example), then there is nothing in law that says that I cannot use it. I have rights over what I own. Nothing restricts that.

Copyright law exists to protect software writers by providing them with a means to make money making software. This law restricts my ability to make copies. There is no law that restricts my ability to use what I own.


Well obviously their contention is that you're buying a license to use the software and not the software itself. You're free to disagree but it's internally consistent.


They can disagree all they want, but it is on them to prove that I agreed to buy a license, when I am physically holding something I bought. I didn't have to sign a contract for it. Adding terms after the purchase makes it a post-purchase agreement and that is unenforceable in most western jurisdictions.


Somebody should inform all the companies selling enterprise software whose entire model depends on selling seats, then.


Most of those have agreements at the time of purchase. Those are some of the most legitimate dealings in software sales.


Anyway, as I replied to the other guy, Venor v. Autodesk shows that some courts have upheld "shrinkwrap" licensing. I don't think it's a settled question in US law.


That may be their contention, but this is exactly why this is fundamentally different to the copyleft case. The GPL requires none of this.

I would add that it seems pretty specious to argue that I bought a license when the license was not presented to me at the time I paid for the product and left the store, but I accept that this could be their contention.


Perhaps, but not without precedent. https://en.wikipedia.org/wiki/Vernor_v._Autodesk,_Inc.

(note: the period is part of the URL)


(Note: this isn't true in most civil law jurisdictions)


Agreed, I would like to see some legal precident that proves GP's point.

Additionally, GPL only grants you "additional freedoms" if you're willing to reciprocate. If you want to use it in a closed source work, it very much limits your freedoms. The phrase "permissive license" exist for a reason, and it explicitly excludes the GPL.


> If you want to use it in a closed source work, it very much limits your freedoms.

It's the copyright law which prevents you from using GPL software in closed source works, not the GPL. GPL doesn't care about proprietary software at all, leaving it at the mercy of status quo. It only grants some additional rights to users and developers of free software.


There is no such thing as an EULA attempting to limit your terms. Without a licence, you have no right at all.


The First Sale doctrine gives people who _buy_ something all rights needed to make use of it.

It is... disappointing that modern courts have allowed the First Sale doctrine to be watered down so that today there's every chance you will buy something, paying good money, and then be confronted with new "terms" for how you may use the thing you purchased. But it's not in general clear that such an approach is legal.


> Without a licence, you have no right at all.

On what grounds do you have no right to use a copy of software you bought without obtaining an additional license from the vendor?

As for copying it's copyright, obviously, but I never understood what's the matter with merely using. IANAL but AFAIK in some EU countries it is recognized that there is no legal basis for EULAs and they officially are void, unless signed as a contract prior to the purchase, of course.


> unless signed as a contract prior to the purchase, of course.

Not quite. There is no need to sign anything, what matters is if the EULA was included in the sale contract (so, the buyer was aware that the willingness of the seller to sell you the product depended on the buyer accepting those additional terms as part of the contract). On the other hand, if you do indeed sign an additional contract afterwards on your free will that limits your rights, that might very well be enforcable. But the point is that there is no legal necessity to sign such a contract in order to use the software that you have bought.


> There is no need to sign anything, what matters is if the EULA was included in the sale contract (so, the buyer was aware that the willingness of the seller to sell you the product depended on the buyer accepting those additional terms as part of the contract).

Yes, it doesn't have to be literally signed, but it needs to be an agreement made at the time of purchase. If I agree to buy Windows under the condition that I won't use it for the development of nuclear weapons, so be it.

But it's still not clear why I would need Microsoft's license just to use a copy of Windows I have already bought, sometimes even as part of a computer, which is what parent seemed to claim.


> On what grounds do you have no right to use a copy of software you bought without obtaining an additional license from the vendor

To use software you probably have to install it on your computer - this makes a copy of the software. Then when you run it you make another copy into your computer's memory, and additional copies in the the CPU's cache.

I don't agree with the above argument (I think fair use covers it), but I have heard it. It isn't hard to read the letter of the law and conclude the above is the correct interpretation. (you might need to see some money...)

I honestly do not know how to fix the letter of the law. There are too many special cases. If I have two computers can I install it on both? Can I install it for my family to use? When my computer fails can I install it on the replacement? The above are trick questions: I deliberately asked them to invite answers that imply I can install one copy of software on as many servers as I want for as many users as I want - this seems wrong.


That's not true. When was the last time you saw a EULA on a book or a CD? Software is not fundamentally different. I give you money, you give me a copy of the product, and then copyright law lets me use that copy within certain bounds.


"EULAs on a book" is basically the practice that the First Sale Doctrine is meant to curb. To wit:

"This book is sold subject to the condition that it shall not, by way of trade, be lent, resold, hired out, or otherwise disposed of without the publisher's consent in any form of binding or cover other than that in which it is published."

from https://books.google.com/books?id=v-yrLmQNRvsC&pg=PR4 , but there are many other examples.

Many publishers really didn't like used bookstores and libraries making a single book available to many people over time, replacing the covers as necessary due to wear instead of buying new copies of the book.


I understand why they don't like it but

1) Books go out of print and they don't have anything to sell anymore.

2) A replacement book could cost more than a new cover. I bet libraries would be happy to return the old worn book and get a pristine one, possibly of the same edition, for the cost of fixing the old one.

That doesn't happen, maybe it's even an unprofitable business for publishers, so long live to the First Sale Doctrine.


> A replacement book could cost more than a new cover.

Right. The language above was an attempt to force libraries to buy a brand new copy anyway, and make reselling used books more difficult. In case it isn't obvious, replacing covers is much more common, and gives excellent results, with hardcovers (look up book rebinding).

Also related is the practice of retailers "stripping" a paperback book of it's cover rather than returning it to the publisher. Publishers would therefore like it to be illegal to buy and sell books without covers, or with replacement covers: https://en.wikipedia.org/wiki/Stripped_book


Microsoft printed (not sure if it still does) its EULA on the actual physical software packages.


I mean that the legalities around software are not fundamentally different. The culture around software sales is different. Buy a music CD in a box, no EULA. Buy a software CD in a box, EULA. For no apparent reason.


Most music CDs default to "all rights reserved", Movies on the other hand usually have an agreement only allows personal use, as in You cant open a theater and show DVDs.


In general the claim is that you have particular rights under common law when you purchase something, but the shrinkwrap terms attempt to restrict those rights.


What if the EULA applies to a software product you have bought for money and have received a copy of?

If it does not include an EULA, are you not allowed to use it? Does the same hold for computer games with an EULA?

Or does the existence of an an EULA hold your rights hostage until you agree to it?


What are you talking about? There is no such distinction. The GPL derives its enforcability from the same principle EULA's do.


> The GPL derives its enforcability from the same principle EULA's do.

No. A user is not required to agree with GNU GPL license terms to merely install and use some software licensed under GNU GPL. GPL comes into scene only when some (re)distribution of the code/binary happens.

So, GNU GPL has not much to do with End User License Agreement because the end user never have to agree with GNU GPL unless he/she is going to add one or more link to the chain of users.


Umm, so when you buy a copy of a proprietary software, why don't you have to sign and/or agree to the EULA?

Also, does the seller have to reimburse you if you decline the license (and of course return the copy)?

So you pay for the copy but not for the license, and you got the license free if you paid for the copy, right? (But of course that license comes with a lot of restrictions, just like the GPL.)

But the important thing seems to be that the GPL binds distributors. It's a contract between developers and distributors. (Sure, it's a contract between anybody that acquires a copy.)

Is there a coherent legal overview of this?


You usually have to agree to some EULA. It's part of the contract. Second q depends on whether you could have known what's in the EULA before you bought it. They're not separate things. There is no such thing as 'buying' and 'agreeing to a licence' or anything like that. A 'licence' is just a contract: party A pays $X to party B, in exchange for which party B lets party A copy its IP, under a given set of conditions. 'pay for the copy but not for the licence' is a grammatically correct sentence but meaningless, like when I'd say 'I punch this wall red with my horse'. Copyright is about 'copying', so if that's what you mean by 'distributors', then yes. But so do 'EULA's' and all other IP-related contracts (usually called 'licences').

As to your last question: yes there is, people have written dozens of book about it. Your local university probably has a bunch of them in their library. If you're asking about a website where you can read in a few paragraphs the complete legal context with definitive answers to questions about general cases (i.e., no 'it depends' allowed) - then no, such a thing does not exist. Look at it this way: if a novice programmer goes onto LKML and says 'hey guys, I want to write an OS, can someone point me to an overview' - then at best he'd be pointed to some high-level overview Wikipedia pages, but most likely, people would snicker and press 'delete' (well actually he'd probably receive a bunch of abuse on how he should get off the list, but that's specific to the example I chose...)

FWIW, I did read a bunch of book like the ones I mentioned above when I was writing a paper on a EULA-related topic during my law degree, and as a result I don't make any blanket statements about the topic any more.


> FWIW, I did read a bunch of book like the ones I mentioned above when I was writing a paper on a EULA-related topic during my law degree, and as a result I don't make any blanket statements about the topic any more.

Thanks, that's a completely satisfactory answer. (It's the Feynman-style "it's complicated, and any analogizing just makes it incorrect, thus making the analogy (or simile) useless" answer.)

And okay, they're are not separate things, but this sort of problem seems like what SCOTUS spends long minutes discussing in oral arguments. Because they are indeed separate things, one is a (physical or digital) copy and one is a grant of IP rights. At least't that's how I use the word. At least that's the piece of abstract thing that's necessary to make the copy non-infringing, right?

But, then, it comes down to good or bad faith of the seller. If the seller/vendor does not disclose the exact terms, but gives you the impression that after paying you you can use said copy for such and such purpose, that's seems to be 'false advertising'.


> states, in shrink-wrap fashion, that use of the software without an explicit commercial license binds the user to the GNU GPL

Not quite technically!

The way it works is: you have no permission by default under copyright. The only permission you have to copy is the GPL. If you obey it, fine. If not, you're just violating copyright like any other copyright violation.

This can be an important point: it's a license, not a contract.

It may be unfortunate that the judgement uses the word "contract", presumably because that's the word the defendant used.


A license is a contract. I don't understand the artificial distinction between the two, specifically in reference to GNU GPL.

http://www.technollama.co.uk/a-licence-or-a-contract


Because, as your article points out, in the US there is a requirement for consideration. Sure, the GPL might be a contract somewhere outside of the US but who cares? The ruling was in California.


I like how correct comments like yours around here every time gpl comes up are downvoted to oblivion. shows there's load work to do from the eff to educate people at wtf gpl is


Well, that's what happens when people use wrong terminology and instead of explaining or suggesting fixes you just go "nope, you are wrong, every X is Y because Z says so". And I didn't downvote this post, btw.

On a tangential note, there's also a load of work to do from somebody to educate you wtf EFF is and why it doesn't care about the GPL and who actually does care ;)


there's load work to do from the eff

FSF


A lawyer's job is ultimately to present the strongest case that they are able. If the strongest case they are able to present is not very strong I guess they're in trouble.


This was a ruling that the contract between the plaintiff and defendant existed, not on the validity of the contract (which is the GNU GPL license).

Defendant (Hancom) was trying to say that because they didn't sign anything they didn't have a contract.

But Hancom "represented publicly that its use of Ghostscript was licensed under the GNL GPU"

Therefore, the Judge ruled that in their own words they publicly acknowledged the contract.


It's a very narrow ruling, conditioned on the fact that the defendant, Hancom, publicly acknowledged they were using Ghostscript under GPL. It does not say much, if anything, but IANAL, about a defendant who would not have acknowledged this, which seems like the more interesting question.

Common law judges are very prudent in their ruling.


The defense argued that the license was not enforceable. In the order, the federal court laid out the reasons the license _is_ enforceable. Here's the order:

https://docs.justia.com/cases/federal/district-courts/califo...


This is great - love or hate the GPL, it brings something unique to the table that no other license does and developers should have the ability to license their software under the terms that fits their motivation for developing it in the first place the best - the GPL does exactly that for many.


One thing I often wonder is how a company providing such open source software can find out (and proof) if someone is using it in a closed-source project. All I can think of is "guessing" based on behavior of the downstream tool.

Also, the article doesn't say much about how that lawsuit came to be. Did Artifex approach Hancom beforehand to notify them about the license infringement or just directly sue? I guess in this particular case, Hancom knew what they were doing, but I can imagine some (smaller) companies not being fully aware of open source license specifics and unknowingly running into a lawsuit.


I believe there was a discussion about this in one particular open source project because someone found that the binaries of a proprietary software project contained lots and lots of symbols that were identical to that of the open source project.


>I can imagine some (smaller) companies not being fully aware of open source license specifics and unknowingly running into a lawsuit

This is not a real problem until there are licensing trolls, where their sole purpose is to make money off of breaches.

If a company receives a lawsuit, they can claim ignorance and start to comply with the contract. This would change it into a minor breach of contract, where they would only be liable for actual damages caused. Actual damages would either be nothing or fairly impossible to prove, so the lawsuit would likely be dropped.


Note that if the copyright is registered before hand the infringement occurs actual damages changes to triple actual damages. (In the US) registering a copyright is cheap, but for software you have to register each version separately which adds up quick. You have to register copyright before you can sue for violations in any case.

Most of the time lawyers advise the policy that you don't register until you are ready to sue for a violation. You only get actual damages but this is typically enough. However if you believe someone is actually going to violate your copyright (or you want to spend $25 + plus lawyer fees) you should register before you release software: you will get triple damages.

I'm not sure what damages means in terms of the GPL though. In the case of a book you can say the book sold for some amount of dollars so every sale of your illegal copy cost me that amount of dollars.


> If a company receives a lawsuit, they can claim ignorance and start to comply with the contract.

Are you sure claiming ignorance would make a difference? I tried to google it and found the Wikipedia article on "Ignorantia juris non excusat"[1], which claims that in most countries, not knowing a certain law provides no protection whatsoever.

https://en.wikipedia.org/wiki/Ignorantia_juris_non_excusat


"Usually, whether a breach is material or minor is determined on a case by case basis, with the court using six different guidelines to make its determination. The six guidelines are

1) the extent to which the breaching party has already performed,

2) whether the breach was intentional, negligent or the result of an innocent mistake,

3) how certain it is that the breaching party will perform the rest of the contract,

4) how much of the benefit of the contract the non-breaching party has gotten despite the breach,

5) the extent to which the innocent party can be compensated and,

6) how difficult it would be on the breaching party if the court were to decide that the breach was material and that the innocent party was under no obligation to perform his side of the bargain. "[1]

See point 2. My understanding is that ignorance of the law is basically never an excuse, but ignorance of the facts, for contracts, could be[2].

For example, company X could argue they are ignorant of the fact that software Z is intellectual property of company Y, distributed under GPL. If they stop breaching once informed of that fact they can argue it was an innocent mistake.

But in this case Hancom was advertising that it was using the code under the GPL, so, they certainly can't claim ignorance.

[1]https://nationalparalegal.edu/public_documents/courseware_as...

[2]https://en.wikipedia.org/wiki/Mistake_(contract_law)


Pretty much all GPL'd code comes with a GPL license header, so you'd need someone to strip that header off.

It would be hard to hide the identity of that someone, thanks to Git.

Once that someone takes the stand, the truth becomes hard to conceal because presumably company X doesn't pay them enough to lie under oath.


one way is to engineer in obscure but reproducible behaviour, along the lines of A->B->C results in D.

people who are likely to steal code are unlikely to audit it sufficiently to identify esoteric behaviour.


That's a good idea, very similar to map makers hiding small deficits to find copiers.

That gets awfully close to DRM, though.


It's not DRM (or even "close to it"), it's a "canary trap", or a "barium meal test". The modern equivalents in images, audio files, ebooks, etc. are usually called watermarks, even though they aren't visible (so sometimes called an "invisible watermark"), and are used extensively (including by ebook publishers that don't use DRM).


It seems like that would be just for the purpose of detection and wouldn't stop people from using either the map or the software.

DRM is bad because it both doesn't stop pirates and hurts normal users. This allows detection of pirates and hurts no one.


I imagine if you use strings, like in

printf("Could not open ghostscript project %s", project)

You could find the "Could not open ghostscript project %s" part in the binary?


The GPL has been upheld many times previously, e.g. in BusyBox enforcing its copyright.

https://en.wikipedia.org/wiki/BusyBox#GPL_lawsuits

In one enforcement, the defendant defaulted and the SFLC ended up with a pile of violating televisions!

http://www.groklaw.net/article.php?story=20100803132055210

The enforceability of the GPL is in no way news. That anyone would continue to try to violate it is the real WTF.


> Of course, whether Artifex will actually win the case it’s now allowed to pursue is another question altogether.

It's fairly clear that they will win the case in one fashion or another. I am predicting that the case will quickly be settled out of court for a lump sum plus a running licensing fee. You have a public admission from the defendant that they integrated the plaintiff's Ghostscript software into their own without either: 1) making the resulting Hancom office suite open source, or 2) paying Artifex a licensing fee for the software.

The case against Hancom was solid under copyright infringement, and now has the added sting of breach of contract.


Excellent news.


Yeah few more contributions to GPL projects from companies or/and removing GPL code base from some products using GPL without contibuting back.


I see this attitude, but don't understand it. It seems based on a view that more software is always better, no matter how it comes in to being. But of course, attacking the legal constructs under which assumptions people create software means fewer people would create it in the first place. It is privileging parasites over the host.

And the attitude is almost always myopically limited to the GPL. Would you react the same way to a suit that substituted the infringement of Microsoft copyright? "Microsoft sued someone for infringing their copyright, so now I'm scared to link their code" doesn't pass the giggle test.


Fewer contributions? Or fewer companies abusing open-sourced code?


Most probably both. However this is probably for the best.


Dura lex, sed lex (c), and there's no way around it.


That means Hancom would have to open-source its entire suite of apps.

Ask HN: What if the vendor had structured their product in a way that GhostScript is its own stand-alone app. Would they still be obligated to release their entire code, or just the portion that uses GhostScript?


As long as it's not linked to their binaries, invoking it separately is fine.

I believe they might need to allow for others to download the source of Ghostscript whether modified or not, but that part isn't hard. :)


Here is a link to the actual opinion if anyone else is interested.

https://scholar.google.com/scholar_case?case=377952933561079...


Actually, a more accurate statement is thst a federal judge has ruled that a plaintiff in a case has alleged the existence of circumstances in which the GPL would be an enforceable legal contract.


Basically: If you admit to having a contract, then you have a contract.


while an important step, the last line of the article makes it clear it is still pretty early in this process.


In my opinion, software equivalent in functionality to Ghostscript should be written using a BSD or similar license. Is there anyone willing to sponsor it?


Maybe ask Hancom :p


moral of the story is, know you licences. Adhere to the license terms. Seek out projects with more permissive licenses if you plan to do closed source.

It is simple to work around licence issues with your project. You just have to put in the work. Know that your design may have to factor in extra time because you can't use lib XYZ because you have to write your own library to do the same thing. If using lib XYZ will save a bunch of time, then know that you will have to adhere to lib XYZ license. Maybe writing a wrapper application that you opensource, and your closed source application interfaces with might be a design consideration.

In the end, it's your project, your call. Just know when you make a decision you weigh the pro's and con's of going forth with that decision.


What happens if they claim they downloaded it from somewhere else that didn't include the license.txt file? There is no proof they ever were even notified of the license. (this is why we usually have people sign contracts)


Adobe is about 34 years old, so the copyright on any program that interacts with an Adobe file format (e.g. postscript, pdf) cannot have expired yet (in the absence of time travel). So if the source code did not come with a license, it is their responsibility to obtain one, or they can't use it.


> “Upon discovering Hancom’s abuse of the GNU GPL and infringement of Artifex’s valuable copyright in Ghostscript, Artifex demanded that Hancom cease its infringement and remit to Artifex a reasonable royalty for Hancom’s years of unlicensed use of Ghostscript,” the company said in its complaint. “Rebuffed by Hancom, Artifex turns to this Court to enjoin Hancom from further infringement and to seek relief and recovery for Hancom’s abuse of Artifex’s open source license.”

So the suit was filed only after Artifex had notified Hancom of the license and attempted to work out a solution out of court. There's no way to argue they didn't know about the license beyond a certain date, and it sounds like they willfully continued to infringe upon the license after said date.


If they used code that they downloaded without a license, they have violated copyright law. (All code created in the US and most other countries has a copyright at creation.)

So they either accepted the GPL or violated copyright.


This article seems to be declaring victory in war, when really only a minor battle in the war has been won.


No, the article is pretty clear that this isn't about the terms of the GNU GPL itself, just about whether there was a contract in this particular case.


I'm not a big fan of the GPL personally, but this is great!


Doesn't MySQL distribute in a similar dual-licensed fashion?


I wonder if this applies to non copy left licenses as well.


Probably. In the previous case they mention, the license was the Artistic License, which isn't copyleft, and it was considered infringement.


The article somewhat overstates the significance of this case in terms of precedential value.

On a procedural level, understand that this is a district court opinion and is not binding on any other court. Of course, if other courts find the arguments persuasive, they can adopt the reasoning. But no court has to adopt the reasoning in this opinion.

On a substantive level, it's important to look at the arguments the court is addressing and how they are addressed:

1) Did the plaintiff adequately allege a breach of contract claim?

We're at the motion to dismiss phase here and the court is only looking at plaintiff's complaint and accepting all of the allegations as true.

There are essentially only 2 arguments the court addresses: A) Was there a contract here at all?; and B) Did the plaintiff adequately allege a recognizable harm?

Understand that in a complaint for breach of contract, a plaintiff has to allege certain things: (i) the existence of a contract; (ii) plaintiff performed or was excused from performance; (iii) defendant's breach; (iv) damages. So, the court is addressing (i) and (iv), which I refer to as (A) and (B) above.

As to (A), the argument the defendant appears to have made is that an open source license is not enforceable because a lack of "mutual assent." In other words, like a EULA or shrink-wrap license, some argue that an by using software subject open source license doesn't demonstrate that you agreed to the terms of that license.

The court, without any real analysis, says that by alleging the existence of an open source license and using the source code, that is sufficient to allege the existence of a contract. The court cites as precedent that alleging the existence of a shrink-wrap license has been held as sufficient to allege the existence of a contract.

But the key word here is "allege." As the case proceeds, the defendant is free to develop evidence to show that there was no agreement between the parties as to the terms of a license. So, very little definitive was actually decided at this stage. All that was decided is that alleging that an open source license existed is not legally deficient per se to allege the existence of a contract.

As to (B), defendant apparently argued that plaintiff suffered no recognizable harm from defendant's actions. The court held that defendant deprived plaintiff of commercial license fees.

In addition, and more important for the audience here, the court held that there is a recognizable harm based on defendant's failure to comply with the open source requirements of the GPL license. Basically, the court says that there are recognizable benefits (including economic benefits) that come from the creation and distribution of public source code, wholly apart from license fees.

This is key - if the plaintiff did not have a paid commercial licensing program, it could STILL sue for breach of contract because of this second type of harm.

That being said, none of this argument is new. There is established precedent on this point.

2) Is the breach of contract claim preempted?

Copyright law in the United States is federal law. Breach of contract is state law. A plaintiff cannot use a state law claim to enforce rights duplicative of those protected by federal copyright law.

So, what the court is looking at here, is whether there is some extra right that the breach of contract claim addresses that is not provided under copyright law.

In other words, if the only thing that the breach of contract claim was addressing the right to publish or create derivative works, then it would be duplicative of the copyright claim. And, therefore, it would be preempted.

Here, the court held that there are two rights that the breach of contract claim addresses that are different from what copyright law protects: (A) the requirement to open source; and (B) compensation for "extraterritorial" infringement.

The real key here is (A), not (B). With respect to (A), the court here is saying that the GNU GPL's copyleft provisions that defendant allegedly breached are an extra right that is being enforced through the breach of contract claim that are not protected under copyright law. Therefore, the contract claim is not preempted.

(B) is a bit less significant for broader application. What (B) is saying is that because the plaintiff is suing for defendant's infringement outside the U.S. ("extraterritorial" infringement), and federal copyright law doesn't necessarily address such infringement, that's an "extra element" of the breach of contract claim. I say this is less significant because it wouldn't apply to a defendant who didn't infringe outside the United States. So, if you were the plaintiff here and the defendant was in California and only distributed the software in the U.S., argument (B) wouldn't apply.

I hope this clarifies what is/is not significant about the opinion here.


"GNL GPU", must be Nvidia's new line of graphics cards.


This is why if someone were the (usually) imaginary "Free Software zealot" that would like to prevent a private business from profiting off public work, it would be necessary for software not only to be under a Free license, but for the copyright assignment to be held by someone that agrees with said Free Software "zealot".


Or to put it another way: if you are contributing to a Free Software project and the copyright is held by some other entity to who you have duly assigned rights, then you may find that they decided to sell the right to use some of your contributions. So, be careful who you turn your copyright assignment over to.


That happened when Hancom issued a motion to dismiss the case on the grounds that the company didn’t sign anything, so the license wasn’t a real contract.

Hancom's CEO is a thief.


Congratulations to Stallman. After all these years the GPL has been tested in court. The man must be drunk with joy... Three cheers for the Mr. Stallman and his gcc (joining in on his celebrations)


The GPL has such strong terms, I think there is good reason to avoid ever reading any GPL codebase. Tainting yourself may imperil any code you write for the rest of your lifetime. And to that end, I think github should place a large warning on any GPL repo before letting you see it, as well as delisting them from search results (or at least hiding the contents)




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: