From their about page:
"By June 2006, the project has hit the magic "100 cases finished" mark, at an exciting equal "100% legal success" mark. Every GPL infringement that we started to enforce was resolved in a legal success, either in-court or out of court."
gpl-violations.org is in an extraordinary good position to help when it comes to GPL violations in the Linux kernel, because they work closely with some kernel developers that
"[..] have transferred their rights in a fiduciary license agreement to enable the successful gpl-violations.org project [..]"
Their website looks a little bit outdated but from what I understood from a talk that Harald Welte gave last year, they are still active. If someone wants to report the Onyx case you can do it at email@example.com but be prepared to provide solid information.
I worked at a big bank too, you'd think they would understand about investment? No. They simply leeched off open source in the same way.
Don't get me won't, I'm not happy about the state of affairs, but banks are usually pretty risk averse (or more accurately, their risk portfolio is catastrophe averse). If an org like a bank doesn't care it seems like a sign that open source either needs some better teeth or it needs to accept that its role in the ecosystem is changing. We might see some short term success calling out bad actors but if there's enough of them to put on a whole play then it seems more useful to focus on why they're all able to book a theatre so easily.
I mean the open source project suddenly being abandoned due to lack of a corporate sponsor would be pretty catastrophic, no?
What struck me the most is that at its heart the bank has these sorts of provisions in its constitution, ie giving back to the community and being in harmony with the environment and being relationship oriented.
It's like the lion not rewarding the mouse in that old fable, due to brand having been subverted by petty bureaucracy and middling management.
I doubt they'd have started using it in the first place if the software looked like it would be abandoned.
If the best 'teeth' open source has is, "we might stop developing this at some point in the future if you don't give us $ for using our work", then as the parent said open source needs better teeth.
And as I mentioned in my parable the lion didn't need the mouse to bite it in order to do the right thing you know what I'm saying?
In other words a 150 year+ institution should just know better and it's a shame to think they've been sucking the world dry for that long without a second thought as to how it might affect their own bottom line.
I always wondered what would happen if some developers used some GPL lib and shipped to customers and it was noticed and caused the company to be sued. Would all the developers be fired on the spot and the software undone?
In a lot of commercial code there is almost literally nothing worth protecting, just sunk-cost. If a finite element package got open sourced, that would be a minor disaster (although even then you're paying for the UX and support not the code) but things like firmware are barely worth the electrons on the drive.
The point being the business impact would probably be fairly minor for most projects.
(It is at this point that I realize that maybe one of the reason that HFT people like arcane formal-proof languages so much—besides just verifying that they won't lose money—is that the ecosystems of unusual languages are smaller, so it's less likely that any problem has a solution involving third-party code, and therefore there's less concern about IP contamination.)
For any sizable software that has been alive for 10 years. There is no way it's safe to open source the repo.
They don't have to release code and the licensed software's owners don't have their rights violated any further
Of course, IANAL
If you choose to exercise your GPLv2 rights, your contract with them is terminated and you will receive no further security updates (considering this is a security product, it makes it pretty useless to you). You are then blacklisted from doing business with them ever again.
I'm more curious about the contributory infringement theory. You cannot have contributory infringement without there being a direct infringement by someone else for the contributory infringer to have contributed to. I don't see offhand who would be the direct infringer whose infringement Grsecurity is contributing to.
> We have in fact never had to terminate a relationship with any customer of ours. We build trusted relationships with our customers, so any talk of "threats" or anything else is simply completely fabricated (as you obviously noted, anyone repeating such claims has no evidence whatsoever for them).
Brad goes into this here. Grsecurity has written extensively about this.
Read the links to their site where they go even further into detail.
Grsecurity is not violating any license. There are multiple quotes from authorities on the matter in that link. If they were, so would Redhat, Canonical, etc.
But the content is very valid, you should give it a fair read, regardless of how you view Brad's language.
I read Peren's claims, and IMHO they're very thin. It seems to be a classic case of "I don't like this" (which is fair enough) and then trying to find "objective" arguments to support that position. Not impressed.
> There is no restriction or prohibition, correct. In fact, we are far more lenient than other companies when it comes to our policies. We have in fact never had to terminate a relationship with any customer of ours.
> We're generally only concerned with fraudulent customers who would lie during the quoting process with the intent to cause damage to the business by intentionally reposting all updates received online. Obviously, they have the right under the GPL to do that (the fraudulent representation notwithstanding), but we also obviously have the right to refuse future business with them. As noted by the lawyer in the link above, that right has been repeatedly reaffirmed by the US Supreme Court. It's not controversial whatsoever.
Usually what happens in the onyx customer forum is that a person asks for something. The forum minion says it's been forwarded and being worked on and then the cycle repeats until one of the customers gets pissed and starts threats.
It doesn't help that the GPL is not an easy document to read by the way :-/
It's also just basic common courtesy IMO to assume someone made an honest mistake even when you suspect they didn't (because sometimes your suspicions are incorrect).
If you can’t go after them, going after their customers would kill their business.
But this approach seems too cute to be feasible even on the long shot that the GPL would allow it.
In the early days of internet pirate sites there existed an argument that it was only the people distributing that could get sued for infringement. Similar when streaming happened it was argued that no copy was downloaded, and the users clearly did no distributing. With cable decoders (in countries without anti-drm) it was similar argued that no distribution occurred by the users or the producers of the cards.
Since then a lot of court cases has happened and as far as I know neither of those arguments have held up. There is usually a law or two that get digged up in order to have something to charge people with, and law makers has been quite diligent in address those kind of arguments in new laws.
But there is one major caviat. Those cases has all been by large media owners with both large teams of lawyers and "close" relationships with the legal and political system. A lone developer will have a much more difficult time.
If you don’t agree to
The gpl normal copyright law applies and you can’t copy the program outside of fair use in your jurisdiction
That’s what’s in violators’ minds. NDA and multi million lawsuits like they are doing anything.
Unless it can be enforced, it means absolutely nothing more than a wish...
We basically live in a digital kleptocracy. Everyone steals from everyone. I tend not to, but that’s because I’m a complete control freak, and have a hard time letting go.
I think that decompilers are so good, these days, and the use of intermediate steps like LLVM, mean that people won’t have much difficulty figuring out what’s going on, under the hood. With the financial incentives, it is quite possible to hire top-notch folks to implement, and even improve the work.
Also, I don’t think anything I do is so great that I want to hide how I do it. In fact, I see people do stuff in more clever fashion all the time. My own advantage is in how I do stuff, and it would be great if folks copied it. I don’t think many would. It’s a pain, and is only efficient once it becomes habit.
Go ahead and steal my stuff. Get rich. I doubt my stuff will be the “secret” to your success. My only hope is that, if you do use it, there might be a tiny piece of high-quality software in there. I do feel as if we should all strive to do the best quality work possible, and take some personal pride in our craft.
I don’t mind that going viral, and I don’t think a license will affect that.
Seriously. Why was what I wrote bad?
I just put enough legal fig leaf on to make sure I don't get sued for anything, do the very best work I can, and put it out there, for all to use.
I literally wrote a post, encouraging people to open-source their software, and I led by example; not decree, which is usually the best way to proceed.
Is the MIT license a bad license? If so, why?
I have found that if I make it GPL, then a lot of folks won't use it. I want people to use my stuff. I think it's good stuff, and can benefit users, by being a high-quality component.
I think I do have one GPL project; an ffmpeg wrapper that uses the GPL H.264 codec. I could probably get away with not licensing it GPL, but why bother? It's not gonna save the world. I suspect no one will have much of a use for it, anyway.
A true free(libre) software license protects the _user's freedom._ Releasing under MIT License doesn't do this because of the problems raised in OP. If your MIT work is incorporated into another product and used (hypothetically) by a foreign government to spy on people, then you haven't protected users, you've protected _developers_ ability to benefit from your work for free.
I'm not a gunsmith. I write small iOS apps and libraries. I'd rather they didn't get used for nefarious purposes, but I am not interested in exerting any kind of control over what happens after I put them out.
I have done some rather more ambitious and socially-relevant stuff, and that is all MIT. We switched to that from GPL a year or two ago, as the GPL was interfering with the willingness of people to use it.
Since the software is actually a lifesaving infrastructure, every non-use could mean lives lost.
You want it for free, give something back. (Is my thinking)
I'm not particularly interested in getting paid. My stuff will never be the "magic beans" that will turn some moribund idea into a unicorn. It's just "window dressing," or simple extensions that will help to improve the quality of the software.
It's mostly "brand reinforcement" and portfolio material. I want people to use it, and am willing to remove any obstacles.
I know that's unusual, but that's how I roll. It's a labor of love.
The infrastructure project that I wrote is designed for as many people as possible to use. We don't care whether or not someone wants to try using it to make money (good luck with that). It saves lives.
But, back to the original topic, if I had released software with a particular coercive license, and some corporation then went and used it against that license, I would probably be pissed. Not sure if I'd be pissed enough to hire an attack lawyer, though. I don't think I'm that dedicated.
As the link warns, this is a secondhand translation, and my summary is thirdhand. Do your own reading, especially in the original language, if able.
The general point here is that the Chinese legal system declared that the GPL legalese is OK, but that judges have the power to evaluate it in context of the case and retain the authority to override the legalese when it results in inappropriate outcomes.
In this specific ruling, the judges ruled that bundling ('aggregation') of GPLv3 and unlicensed code did not infect the unlicensed code with the GPLv3, resulting in a loss for the defendant.
If Onyx is bundling GPLv3 code with non-GPLv3 code, based on this single case, they are not required to disclose the source of the non-GPLv3 code that is aggregated with the GPLv3 code. If they have also/instead modified GPLv3 code, then they would probably be required to publish the source for the works derived from GPLv3 code.
The usual arguments here are that modifying a bundle of GPLv3 code to include non-GPLv3 code is itself a 'derivative work' of GPLv3 code, or that the GPLv3 specifies that such bundling shall result in the bundled code being forcibly licensed under GPLv3. The Chinese court apparently did not accept this line of reasoning.
Firstly (a minor detail) I don’t think GPL requires you to “publish” source code per se. Just make sure that every recipient of a binary copy can also receive the source code.
But more importantly, the license doesn’t “infect” things. In no way can you be forced to license your code according GPL. Failure to comply with the GPL simply means the license isn’t applicable and the situation reverts back to normal copyright rules.
[I’m not your lawyer and this is not legal advice.]
It can have that effect. My understanding is that if you include GPL code in your software and distribute it without sharing your source code, you are committing an ongoing contract/copyright violation that can be remedied either by recalling and destroying the offending products, complying with license terms by releasing your source code, or settling with the original copyright owner (effectively, paying a license).
As for a court forcing you to release the code, that is in fact what the GPL contract requires so the court is within its rights to require specific performance instead of monetary damages. Even though common law courts strongly prefer monetary damages, they will turn to specific performance if they think it's appropriate.
All of this is going to turn on some questions about when you can bring copyright infringement vs. contract actions. It's not an area I'm super familiar with, but see my response below about at least one case that suggests you could sustain a contract action for a GPL violation in some circumstances.
 In the way that requires you to release your own software under the GPL. Of course, there are ways to use GPL software that don't implicate that. I'm not talking about those.
Do you know of any cases with the GPL where a court has in fact done so? I'm not aware of any outcomes where code has been forcefully licensed as a penalty. Absent strange outside circumstances (like a signed contract) I'd instinctively (but without legal training) think that that a court would treat the violator as "acting without a license" rather than "had specifically agreed to the terms of a contract and then broken it".
https://www.synopsys.com/blogs/software-security/breach-gpl-... https://www.omm.com/resources/alerts-and-publications/alerts... https://www.natlawreview.com/article/important-open-source-r...
> A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an “aggregate” if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate.
If I write a piece of software and release it under the GPL, I can sell it as proprietary code as well, dual-licensed. I am in no way obligated to provide updates and changes under the GPL too.
Import halt via complaint in appropriate US Customs regulatory regime and / or court, about infringement of intellectual property. This can embargo a company's product nationally in the US, and gets the attention of the producer.
Not quite on topic:
Stopping Infringing Products From China: Section 337 Cases.
By Bill Perry - China Law Blog -- August 22, 2016
Turns out that one is called Oryx
So, it doesn't need to be publicly available (as in, you and me are not Onyx users, therefore we don't need to have access to it), just to its users. Screenshot shows their user requesting it and being denied the request, hence, GPL violation.
_and distribute it_
Running it server-side is fine. That's what the AGPL addresses.
If you modify GPL code and only use it yourself without distributing it, you never have to give anyone else access to the modifications.