Softpanorama (slightly skeptical) Open Source Software Educational Society

May the source be with you, but remember the KISS principle ;-)

---

Softpanorama Copyleft Problems Bulletin, 2005

[Dec 19, 2005] Guidelines Set on Software Property Rights - New York Times

• E-Mail This

• Printer-Friendly
• Reprints
• Save Article

By STEVE LOHR

Published: December 19, 2005

To remove obstacles to joint research, four leading technology companies and seven American universities have agreed on principles for making software developed in collaborative projects freely available.

The legal wrangling over intellectual property rights in research projects involving universities and companies, specialists say, can take months, sometimes more than a year. This legal maneuvering, they say, is not only slowing the pace of innovation, but is also prompting some companies to seek university research partners in other countries, where negotiations over intellectual property are less time-consuming.

"This a great start to addressing the problem," said Peter A. Freeman, assistant director for computer and information science and engineering at the National Science Foundation. "It's a recognition by both sides that for precompetitive research, 'It's the science, stupid.' It's not the intellectual property."

The companies involved in the agreement, which will be announced today, are I.B.M., Hewlett-Packard, Intel and Cisco. The educational partners are the Rensselaer Polytechnic Institute, the Georgia Institute of Technology and the universities of Stanford, California at Berkeley, Carnegie Mellon, Illinois and Texas.

Concern about the issue of intellectual property restraints on collaborative research has been growing among academic and private-sector scientists. The new effort is a byproduct of a gathering of university and industry researchers in Washington last August, sponsored by I.B.M. and the Ewing Marion Kauffman Foundation in Kansas City, Mo., which studies and finances innovation and entrepreneurial activity.

The current problem, said Lesa Mitchell, a vice president at the Kauffman Foundation, was partly an "unintended consequence" of policies meant to encourage universities to make their research available for commercial uses, thus stimulating innovation and economic growth.

The tone was set, Ms. Mitchell said, by the Bayh-Dole Act of 1980, which allowed universities to hold the patents on federally funded research and to license that intellectual property to industry.

Since then, universities, like many corporations, have sought to cash in wherever possible on their intellectual property. The companies and universities have agreed to make intellectual property developed in open collaborations available free for commercial and academic use.

They have also agreed to a set of guidelines addressing the rights of the participating companies and universities, and the public.

The guidelines and framework for the agreement will posted this week at www.ibm.com/university, and at the Kauffman foundation's site, www.kauffman.org.

[Nov 18, 2005]  Sony's CD rootkit infringes DVD Jon's copyright The Register By Andrew Orlowski in San Francisco Sony's rootkit-style DRM software, XCP, designed to prevent copyright infringement, looks like it's breaching the terms of a copyright agreement itself.

The Chronicle of Higher Education/The 'dotCommunist'

A Columbia U. law professor fights to keep open-source software free

By ANDREA L. FOSTER

Eben Moglen is a "dotCommunist" rebel who has long advocated that all software should be free. So even he was surprised when his efforts recently won millions of dollars in support from IBM and other technology companies.

Mr. Moglen, a law professor at Columbia University, is head of the new Software Freedom Law Center, formed in February. The center, supported by $4.2-million in seed money from a number of companies, will provide free legal help to nonprofit makers of open-source software. Such software is free for anyone to use and modify, providing they share their modifications with others.

Re Sticks, Stones and the GPL Responding to Readers

Re: Sticks, Stones and the GPL: Responding to Readers
Posted by: gumout 2004-08-10 10:39:41 In reply to: Phil Albert Section 106 of The Copyright Act says a copyright owner may "do or authorize" six different activities:

Sec. 106. Exclusive rights in copyrighted works Subject to sections 107 through 121, the owner of copyright under this title has the exclusive rights to do and to authorize any of the following:
(1) to reproduce the copyrighted work in copies or phonorecords;
(2) to prepare derivative works based upon the copyrighted work;
(3) to distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of
ownership, or by rental, lease, or lending;
(4) in the case of literary, musical, dramatic, and choreographic works, pantomimes, and motion pictures and
other audiovisual works, to perform the copyrighted work publicly;
(5) in the case of literary, musical, dramatic, and choreographic works, pantomimes, and pictorial, graphic, or
sculptural works, including the individual images of a motion picture or other audiovisual work, to display the
copyrighted work publicly; and
(6) in the case of sound recordings, to perform the copyrighted work publicly by means of a digital audio
transmission.
Where in the six authorized activities does the word "authorize" appear a second time? Which of the
six activities described above gives the copyright owner the exclusive right to authorize another person
to further "authorize" [again] any activities?

The GPL is a nonexclusive license and cannot transfer any NON-TANGIBLE copyright ownership rights.
Unless we can *distribute* our code to others, open source software is a meaningless term.
A copyright owner can *distribute* copies (FIXED IN A TANGIBLE MEDIUM) by:
a) sale or transfer of ownership
b) rental
c) lease
d) lending
That's it folks. There is no exclusive right to nonexclusively sublicense your copyright in a "copyleft" scheme, where every successor is bound by the terms of the same license. The rules of statutory construction do not allow for inserting extra terms. That is an attempt at writing your own copyright law. This scheme cannot be enforced under
section 501 since it is not an "exclusive right" listed in section 106. This "copyleft scheme" *will* give rise to an implied license through promissory estoppel.

With all due respect Mr. Albert, if you have "copylefted" your code, it was an invalid attempt at licensing.
See Bobbs-Merrill Co. v. Straus, 210 U.S. 339 for the statutory interpretation of the scope of the Copyright Act
with respect to the right to "distribute to the public" (vend).
Daniel Wallace

Re: Sticks, Stones and the GPL: Responding to Readers
Posted by: terekhov 2004-08-10 11:19:21 In reply to: gumout 

Copyleft is preempted by 17 USC 109.

Re: Sticks, Stones and the GPL: Responding to Readers
Posted by: gumout 2004-08-10 12:49:04 In reply to: terekhov 

You are indeed correct.
Congress incorporated the principle announced in
the Bobbs-Merrill decision in 1908 into the
Copyright Act of 1976 as section 109.
It is informally known as the "first sale
doctrine". It limits copyright "copies" fixed in a
tangible medium to distribution to the public by
agreement in "privity".

[Aug 8, 2005] Re LGPL module linked with a GPL lib

• To: debian-legal@lists.debian.org

• Subject: Re: LGPL module linked with a GPL lib
• From: "Michael K. Edwards" <m.k.edwards@gmail.com>
• Date: Thu, 4 Aug 2005 03:24:15 -0700

I wrote:
            > They're a sidetrack to be sure; but kind of an interesting sidetrack.
            > His personal history and philosophy strike me as more reminiscent of
            > Dominic de Guzman or Benedict of Nursia than any modern figure.  In
            > any case, I certainly intended no slur on RMS by that, nor on any
            > participant in this discussion.

            You know, it's funny; I make a comment like that, and a few hours
            later I run across Nikolai Bezroukov's comment that "some of [RMS's]
            recent letters look like they have been written by a medieval
            theologian", and I feel dirty.  Not because I meant a slur, because I
            didn't; Dominic and Benedict seem to have been decent, even saintly,
            men, and leaders of men and women, and comparisons to them are
            complimentary in a way that, say, a parallel to Francis of Assisi
            (nice to animals, may have composed a good prayer or two, but a
            certified kook) wouldn't be.  But as thick as my writing style is, I'm
            sure it's hard to tell the difference between my cumulative critiques
            and a real hatchet job like Bezroukov's.

            And once in a while I go off half cocked (not with "economic
            superiority of the free software system", which was a deliberate
            re-framing of RMS's published philosophy, but with an apparently wrong
            guess about which non-programming source of income keeps his boat
            afloat), and I find myself wishing I'd left the whole topic alone.
            But dammit, this is not a game, this is people's lives and
            livelihoods.           Using deception about the law to claim rights over other
            people's work is wrong, no matter who is doing it.           RMS may sincerely
            believe that the GPL is a successful hack around contract law and the
            limits courts have imposed on other software copyright holders; but I
            don't see how a court could possibly agree with him.  Where the money
            comes from, and where it goes, do have some bearing on whether it's
            proper to accept the FSF's unsubstantiated assertions on legal
            matters; and I want to know the truth, and to see it known and acted
            on by people whose influence over the free software ecosystem is
            greater than mine.

            - Michael

[Apr 06, 2005] Schwartz swipes at the GPL Builder AU Program At Work  "Imagine a developing nation that elects to use free software in the construction of its intellectual property and then finds that it has a rather predatory obligation to give back all the intellectual property to the wealthiest nation in the world that happens to be the author of the GPL," Schwartz said.

Schwartz singled out the GPL provision that says source code may be mixed with other code only if the resultant code also is governed by the GPL. That provision is intended to create a body of software that must remain liberated from proprietary constraints. But Schwartz said that some people he's spoken to dislike it because it precludes them from using open source software as a foundation for proprietary projects.

"Economies and nations need intellectual property (IP) to pull themselves up by their own bootstraps. I've talked to developing nations, representatives from academia and manufacturing companies that had begun to incorporate GPL software into their products, then... found they had an obligation to deliver their IP back into the world," Schwartz said.

The GPL purports to have freedom at its core, but it imposes on its users "a rather predatory obligation to disgorge all their IP back to the wealthiest nation in the world", the United States, where the GPL originated, Schwartz said. "If you look at the difference between the licence we elected to use and GPL, there are no obligations to economies or universities or manufacturers that take the source code and embed it in [their own] code."

[Apr 06, 2005] Sun slams predatory GPL - Computeract!ve

In his most elaborate response yet to the criticism Schwartz said the GPL is unfair and "predatory". The GPL requires developers to publish all the code that they mix in with the original GPL code, where the CDDL allows them to guard their work if they want to.

"Imagine a developing nation that elects to use free software in the construction of its intellectual property and then finds that is has a rather predatory obligation to give back all the intellectual property to the wealthiest nation in the world that happens to be the author of the GPL," Schwartz noted.

The GPL is wrongly used as a way force developers to share their work because the creators have a hidden agenda of forcing a social model on the world, the Sun executive claimed.

He described the authors of the GPL as "individuals and companies that want to use intellectual property models to define social models and economic models rather than intellectual property models."

The controversy over the GLP has led to the Open Source Initiative (OSI)to reform the system for using open source code under licence. The latest version of the license, version 2, was released in 1991.

Linux Pipeline Sun's Schwartz Equates GPL With 'Colonialism'

Schwartz in particular targeted the General Public License, used by many open-source initiatives, in a talk before 700 attendees of the Open Source Business Conference in San Francisco on Tuesday. Under the GPL, developers are required to publish or "give back" their work to the general community. Such licensing practices work to the advantage of the United States, which already enjoys a technology lead over many parts of the world, Schwartz said.

"I do not believe in intellectual-property colonialism," he declared.

Sun took a sounder approach in using the Mozilla Public License as the model for its Sun Community Development and Distribution License, Schwartz said. The CDDL was created for OpenSolaris, the open-source version of Sun's Unix operating system. Sun will make Solaris 10 available as open-source code sometime in the second quarter. The CDDL allows proprietary products to be built on top of open-source code and allows a Third World developer to produce a product for sale in the United States and elsewhere.

Schwartz said he has talked to representatives from academic institutions and developing countries that want the opportunity to sell software they produce with open-source code. The GPL inflicts "a rather predatory obligation to disgorge their IP [intellectual property] back to the wealthiest nation in the world," the United States, he noted. Instead of meeting such a requirement, poorer societies need the right to use open-source code to "bootstrap" their own economic development, he said.

But not everyone agrees. On Wednesday at the same conference, a supporter of Third World development, Lawrence Lessig, law professor at Stanford University and founder of the school's Center for the Internet and Society, expressed doubt that the GPL was a future source of technological imperialism.

Lessig said he has discussed the issue with Brazilians, and they were less concerned with the terms of open-source licenses than with not having access to the technology at all. Members of the Brazilian government told him Microsoft representatives have warned them that open-source software costs more in total cost of ownership than Windows, he said. The Brazilians told him, "We'd rather invest in a free-software infrastructure. It buys commitment to Brazilian society, building up computing expertise, as opposed to sending our capital abroad," Lessig said.

Schwartz swipes at the GPL - ZDNet UK News   Schwartz correctly noted that due to its anarchistic nature The GPL imposes a 'predatory obligation to disgorge IP back to the wealthiest nation in the world'

Schwartz singled out the GPL provision that says source code may be mixed with other code only if the resultant code also is governed by the GPL. That provision is intended to create a body of software that must remain liberated from proprietary constraints. But Schwartz said that some people he's spoken to dislike it because it precludes them from using open source software as a foundation for proprietary projects.

"Economies and nations need intellectual property (IP) to pull themselves up by their own bootstraps. I've talked to developing nations, representatives from academia and manufacturing companies that had begun to incorporate GPL software into their products, then... found they had an obligation to deliver their IP back into the world," Schwartz said.

The GPL purports to have freedom at its core, but it imposes on its users "a rather predatory obligation to disgorge all their IP back to the wealthiest nation in the world", the United States, where the GPL originated, Schwartz said. "If you look at the difference between the licence we elected to use and GPL, there are no obligations to economies or universities or manufacturers that take the source code and embed it in [their own] code."

[Jul 2005] Top Tech News - Software - Sun's Jonathan Schwartz Slams Open-Source Licensing Model Schwartz said the GPL  "exports a form of IP colonialism to nations seeking to create their own means of production" and demand that they return their source code back to developed countries.

Schwartz Attacks GPL; Sun's Mention of "Stewardship" Has People Thinking of Java

At the inaugural Open Source Business Conference, which opened today in San Francisco, Jonathan Schwartz has been giving a keynote. We bring here an early on-the-spot report, written by former JDJ editor-in-chief and LinuxWorld Magazine founding editor, Alan Williamson.

... ... ..

On the subject of Java, Schwartz also addressed criticism of the alleged hypocrisy of Sun's message for not having released Java under GPL.

He answered this criticism by asserting that the licensing of Java was not the issue: Sun wants to keep Java from forking into different incompatible versions, thus depriving the many companies that rely on Java as a standard of their business opportunity.

Schwartz continued to discuss GPL, issuing a cautionary warning regarding the use of this particular license noting that Sun "believes in IP" but not in "IP colonialism." He talked about how licenses imply an obligation and one must be very careful to read the small print.

Finally Schwartz tailed off, talking about how a product should be adopted because it's better and not because it's free.

Forbes.com Follow-Up To Linux's Hit Men

Follow-Up To Linux's Hit Men
Daniel Lyons, 10.16.03, 2:50 PM ET

Dan Lyons' Oct. 14 story, "Linux's Hit Men," generated a flood of reader e-mail. His reply follows. Please go to our discussion board to post your opinion. Dan has promised to weigh in on occasion. --Eds.

Of course the Free Software Foundation is entitled to enforce its GNU General Public License (GPL), just as other organizations are entitled to enforce their copyrights and licenses. My article simply points out that the paradoxical effect of these "enforcement actions" (FSF's term) may be to impede the adoption of Linux. By demanding that licensees publish source code for their own "derivative work" code (in addition to the Linux they're using) the FSF is, in effect, charging a royalty that approaches 100% of the value of the licensee's product.

Yes, the FSF is entitled to do this. But some people question the wisdom of this policy. They think it will scare off commercial software and hardware developers who want to use open source software but don't want to destroy the value of their product and don't want get into a hassle like the one Cisco Systems (nasdaq: CSCO - news - people ) and Broadcom (nasdaq: BRCM - news - people ) are having. Even within the open source world there is a difference of opinion on this issue.

As many readers point out, if a company doesn't like the GPL, they shouldn't use Linux. That's fair enough. No doubt many will stay away. But is that good for Linux?

Linux News Commentary/Open Source and the Legend of Linksys. An interesting variation on the theme of old 2003 of SCO complain "'The GPL is selectively enforced by the Free Software Foundation such that the enforcement of the GPL by IBM or others is waived ". Also contains an interesting fact that  OpenTV ended up paying the FSF $65,000. But OpenTV also reportedly complied by making available the requested code, so the purpose of the payment is unclear. The FSF's stated mission is not to demand money damages for GPL violations.

The "Legend of Linksys" is a metonymy for this second question, in the reverse: What have people not gotten away with? The legend has at least two sides to it: the legal and the factual. First, the facts.

I have no personal knowledge of any of the facts I am about to describe; if I did, I would not be writing an article about it. But the facts here may be murky, and I welcome correction; my lack of personal knowledge is further complicated by the legendary nature of the story -- legendary, because the negotiations to resolve it were non-public. The sources I used to put this together were mainly the Forbes article "Linux Hit Men" dated October 14, 2003, an article of the same date in Linuxdevices.com quoting Bruce Perens, and several random bulletin board postings about the Linksys product.

Linksys is a very successful purveyor of WiFi routers, in particular the WRT54G 802.11g wireless home gateway. In March, 2003, Cisco Systems (Nasdaq: CSCO) bought Linksys for US$500 million. After the acquisition, in June 2003, complaints appeared on discussion boards such as LKML and Slashdot claiming that Linksys was violating the GPL by not providing source code for certain code used in its WRT54G wireless access point. (See for instance this posting.) The Linksys product included both the Linux kernel and other GPL code.

This is the nightmare scenario for an acquiror worried about open source. In the trade this is known as "buying a lawsuit."

The FSF stepped in, stating publicly that it was spearheading enforcement for multiple copyright holders who had licensed materials under the GPL: "[W]e are leading a coalition of many copyright holders in the WRT54G, as Linux is only one part of a large body of GPL'ed software in the product. We formed this coalition because, having done enforcement cases for a product with a broad range of copyright holders before, we have found that separate enforcement actions and/or law suits from individual copyright holders make attainment of compliance more difficult."

Undoubtedly informal enforcement actions are easier with fewer parties involved. However, this statement as it relates to "law suits" is a bit disingenuous, for two reasons: first, FSF has never actually led a formal defense group to enforce the GPL in court, and second, if it did so, it would likely do so based not on convenience, but necessity, as separate suits might be impossible due to legal due process requirements.

What Can Be Learned

Linksys eventually released the source code at issue. Various Web reports place the release at three to four months after the first demand by the FSF. It is amusing to read the morally outraged postings on this subject that describe this result as glacially slow. It seemed fast to me. The only way to do it faster would have been a scorched earth TRO action or some jackbooted GPL police.

The first take-away from this case is the difficulty of doing enough diligence on software development in an age of vertical dis-integration. Cisco knew nothing about the problem, despite presumably having done intellectual property diligence on Linksys before it bought the company. But to confound matters, Linksys probably knew nothing of the problem either, because Linksys has been buying the culprit chipsets from Broadcom (Nasdaq: BRCM) , and Broadcom also presumably did not know, because it in turn outsourced the development of the firmware for the chipset to an overseas developer.

To discover the problem, Cisco would have had to do diligence through three levels of product integration, which anyone in the mergers and acquisitions trade can tell you is just about impossible. This was not sloppiness or carelessness -- it was opaqueness.

There is no way around this problem if one approaches open-source diligence from a provenance angle. Finding the ultimate source of code is too difficult. This argues for "back-end" risk management like insurance and code matching, which are becoming more and more attractive alternatives as the complexity and prevalence of open source assets increases.

Accepting Controversy

The second take-away is that this was a strong case for the FSF, but to understand why takes us into some of the more excruciating details of kernel development. One online complaint said:

I am unable to build a working Linux kernel based on your tree due to source code missing from arch/mips/brcm-boards/ and other directories. You also seem to have modified the kernel module loading process, as standard kernel modules built from your tree load without warnings on a running WRT54G, but apparently do not function properly. ... I believe it is a violation of the GPL to distribute versions of the Linux kernel that are missing critical, non-modular kernel code.

I quote the above not for the truth of its assertions, but to point out why Linksys got tagged. The writer was unable to build a working kernel. He characterized the undisclosed code as "critical" and "non-modular." Engineers are practical folks, and they don't tend to quibble over adhering to the letter of a license if they can reap its benefits. He could not reap. Consider also this comment (cited above) on the LKML board:

I know that traditionally, Linux has allowed binary-only modules. However, I was always under the impression that this required that the final customer be allowed to remove them at will. That is to say, you couldn't choose to implement a portion of the kernel critical to the system's operation in a module, and then not release that module under the GPL. In this particular case, I would argue that the wireless drivers are critical to this device's operation ...

This writer is making a crucial point: There is some controversy in the free software world over whether some kinds of kernel modules escape GPL terms. But Linksys was not in one of these gray areas. Linksys not only included kernel modules in their code, they included statically linked kernel modules that could not be separated from the kernel. For the FSF, this was game, set and match.

Several commentators have noted that GPL compliance issues are particularly problematic in embedded applications, as well as code developed by overseas developers. The Legend of Linksys bears out both these observations.

It's a Small Welte After All

Across the wide ocean, other enforcement of the GPL runs along a different trail. Harald Welte, a self-appointed enforcer of the GPL who operates a GPL Web site filed two actions with the District Court of Munich to enforce the license. In both cases, Welte was the author of code that had appeared in the defendant's product. The court granted Welte an injunction against Sitecom Deutschland GmbH, prohibiting Sitecom from distributing a wireless networking router until it complied with the GPL. Sitecom appealed the injunction, but lost, and Sitecom later posted the terms of the GPL on its FAQ Web page for the router. Welte also filed for an injunction against Fortinet UK Ltd. based on its firewall products, with similar results.

Though much has been made of these two cases, there are reasons why Welte has already obtained injunctions in Germany while the FSF has not yet sought one in the US. Injunctive enforcement in Germany is so simple and quick that it makes Americans suspicious about piddling legal details like legal due process. In Germany, a preliminary injunction can be obtained ex parte -- in other words, without giving the defendant the chance to defend itself. (This has the appropriately scary sounding name einstweilige Verfuegung.)

Also, in Germany, an author of a component piece of software can enjoin an infringer from distributing the entire program, not just the part he owns. In the US, any injunctive relief requires that the defendant have the ability to present a defense. Moreover, in the U.S., a plaintiff seeking a temporary restraining order must post a bond to compensate the defendant in case the TRO is wrongly issued. In Germany, there are no such niceties. So, before you start flushing your proprietary loadable kernel modules down the commode, remember that the path to an injunction here in the U.S. -- and indeed in most common law countries -- is much more treacherous. This is why injunctions in Germany are likely to happen long before -- or in lieu of -- injunctions in the U.S.

More interesting to U.S. companies are Welte's informal enforcement actions, which have included sending letters to over a dozen large commercial software and appliance products including Motorola (NYSE: MOT) , Acer, Micronet, and Buffalo. The problem is that Welte apparently does not hold the copyright to the code that is the subject of these letters. Welte's approach is to send public letters and announcements first, rather than seek confidential action.

The Landscape Evolves

Anyone who decries the enforcement actions of the FSF only need read Welte's blog to appreciate the FSF's restraint. Some of Welte's targets have complied voluntarily, but one suspects that is because they were simply unaware of the problem. Welte apparently has no authority to enforce these copyrights. These actions are not really legal enforcement -- more the equivalent of picketing companies that use cheap overseas labor. It is an attempt to embarrass, not enforce.

It is also impossible to avoid observing that Welte often proceeds without the benefit of legal analysis. For instance, he targeted AOpen, which responded, that he "should have directed that letter to their Taiwanese mother company, since the products that I claim are in violation of the GPL are not sold in Germany. They don't get it. Its their problem if they don't comply with the license. Its they who are liable for copyright infringement. I don't care which particular subsidiary of a multinational corportation [sic] is responsible. It is in the best mutual interest of any subsidiary to assure that they comply with license conditions."

Actually, AOpen's point was probably that there was no action under German law because lack of an infringing product in Germany meant it was not within German jurisdiction. But, it so happened, that AOpen was actually compliant, having offered the source code on a German Web site, as Welte later noted in his blog. Nevermind.

This kind of stuff gives lawyers the willies, on the one hand. Lay commentators who post on blogs or bulletin boards about open source legal issues without the benefit of legal reasoning are a dime a dozen, but at least they don't usually sue people. On the other hand, who would you rather be sued by: Welte or the FSF? Given that most of Welte's complaints would fail in the U.S. on procedural grounds that would allow a defendant to jettison the case quickly, he is my plaintiff of choice.

Other enforcement of the GPL has been of less note. The MySQL case, which is the only lawsuit ever filed in the U.S. regarding GPL code, was disposed of on unrelated grounds. The FSF has conducted regular informal enforcement, but none has garnered quite the press of the Linksys matter. In 2002, the FSF engaged in a GPL enforcement action against OpenTV, a San Francisco company that ships a set-top box containing Linux. According to Forbes, OpenTV ended up paying the FSF $65,000. But OpenTV also reportedly complied by making available the requested code, so the purpose of the payment is unclear. The FSF's stated mission is not to demand money damages for GPL violations.

Meanwhile, we are all waiting for the other shoe to drop. And while rumors occasionally circulate that lawsuits will be filed -- as in the case of OpenTV -- there is a big difference between making threats and filing lawsuits. So, get used to standing on one foot, while legend of Linksys lives on. 

---

Heather Meeker is a shareholder at the international law firm Greenberg Traurig, LLP, and specializes in intellectual property transactions for software and other technology clients. Ms. Meeker is the co-chair of the Open Source Committee of the Science and Technology Section of the American Bar Association. She advises clients regularly on open-source licensing issues and open-source business strategies.

[June 10, 2005] NewsFactor Network - Enterprise - Developing Code in the Open-Source Kitchen Developing Code in the Open-Source Kitchen

Many software executives break out in hives at the mere mention of the GPL. Most likely, this is due to the GPL's "restriction on downstream restrictions," a clause that sets the GPL apart from other open-source licenses that allow downstream users to license derivations restrictively.
Don't be surprised if you achieve your business goals sooner. Introducing PlanView Enterprise. You can now align IT with your business strategies, elevate your company's IT performance and increase enterprise-wide visibility. Imagine you love Italian restaurants but you are highly allergic to garlic. To ensure your meal doesn't make you sick, you could carry around a mass spectrometer to detect the particular chemical signature that gives garlic its characteristic odor and flavor. An easier way might be to watch the kitchen prepare your pasta and note what ingredients they use.

Like food lovers, software developers and companies with products that depend on software can get allergies too and must watch the proverbial kitchen to make certain everything turns out just right. For example, improperly incorporating someone else's intellectual property into a development project can make a company and its customers sick.

Copying -- or the incorporation of somebody else's protectable software without a license -- is copyright infringement. It can lead to disruptions in product releases, legal liability, public humiliation and a rash of other problems.

Understandably, everyone who produces software should be concerned that any use and distribution of products that include the code of others is done within the specific license that covers the included code.

Allergic Reaction to the GPL

Many software executives break out in hives at the mere mention of the General Public License. Most likely, this is due to the section of the I call the "restriction on downstream restrictions." This clause sets the GPL apart from other open-source licenses that allow downstream users to license derivations restrictively.

Essentially, the GPL says that you can do whatever you want with the software you licensed under the GPL, except that you cannot add restrictions when you license out the software or a derivation of the software. This causes heartburn as developers want to maintain restrictions on their own code yet still benefit from the open-source code. But the combination of the two often can be considered a derivative work, which requires compliance with the license on the open-source software used.

While many open-source licenses do not have such restrictions, this restriction against downstream restrictions makes the GPL a popular choice among open-source program creators, lest they see their freely contributed code coopted into someone else's expensive program. Like hay fever, we just have to live with it.

Open Source Is No Different

The concerns over open-source inclusions are no different than concerns over incorporating any intellectual property of others into a product. Inclusion of someone else's open-source code without the necessary license is just as harmful as inclusion of someone else's trade secrets.

Granted, usually it is easier to get hold of someone else's open-source code than it is to conduct industrial espionage, and often it can be obtained without any purchasing department oversight. But, however the intellectual property of others is obtained, there has to be a moment where someone says "Hey, here's some code we should include in our code base for our new product."

Training programmers, project managers and code custodians is the key to avoiding improper inclusion of the intellectual property of others. At minimum, someone should document what chunks of code came from where. Everyone involved has to understand that they cannot include code without knowing where it came from and informing the custodian of the code.

Whatever area of the organization is charged with tracking such inclusions -- whether it is the legal department or the project-management department -- someone should be able to produce a list of what was included and the license under which that inclusion was brought in.

Automated Code Detectors

Several vendors currently offer systems or services that can scan a project's code base to detect the use of open-source software. It is likely these systems do more than look for the string "Licensed under the GPL" in the comment fields.

As some of their literature describes, the systems scan for signatures of known open-source programs. This, of course, requires knowledge of most open-source programs and their probable variations. It also requires constant updating as is done with virus signatures.

Such an approach is not nearly as reliable as checking the code at the outset. Code signatures assume that the detector vendors have access to all relevant open-source code. This seems unlikely, given that many code writers who choose the GPL write software programs informally. They don't spend time ensuring that their code propagates to all the popular code repositories.

Meanwhile, back at the Italian restaurant, let's change the scenario slightly. Instead of watching food preparation in your own restaurant that you control, imagine yourself someplace you've never been -- where the unexpected is commonplace and you don't control a thing. Such is the case with licensing code from other developers for inclusion. In such cases, signature checking is probably the only way to detect potentially dangerous inclusions.

If you inherited code, or you are licensing code from a third party that you cannot entirely trust, then go ahead and run the code through a detector. Just remember to rely on it only so far as the detector vendor is willing to guarantee accuracy.

Legal Implications

Legal institutions necessarily trail business and technical developments, and open-source usage is no exception. There are not yet any hard and fast legal rules about what happens when an organization is spotted using someone else's open-source code that is not entirely in compliance with the license for that someone's code.

Even IBM  v. SCO  is not strictly such a case. So even if it ends up making case law, it might not apply to many situations. Most instances of code inclusion will be attributable to individuals acting without authorization of their employers, either because the employing organization really was unaware and did not authorize the inclusion or because proof is lacking of any involvement.

A sensible organization will quickly extract the improperly used code and replace it, or will seek a license that is consistent with its prior actions. In the long run, it always costs an organization more in terms of management time, hard costs and damage to its reputation than it does simply to operate a tight ship in the first place.

Maybe it's unfair to compare brilliantly creative software code with fantastic pasta, but keeping an eye on the chef is easier than post-construction analysis any day. Like scanning the menu, post-construction scanning of code is likely to lead to a false sense of security  if it is overused. There is simply no good substitute for having everyone on the team trained in the proper use of tools and ingredients.

So whether you are allergic to food or the legal ramifications of life as a programmer, make sure you study the license agreement and all the ingredients carefully. Bon appetite.

[June 2, 2005] Missing GPL detail may make it harder to enforce - ZDNet UK News

The GPL may be difficult to enforce due to a lack of clarity over who owns the copyright to the software, according to a legal expert on Monday.

Lucie Guibault, an assistant professor of intellectual-property law at the Institute for Information Law in Amsterdam, said at the Holland Open Software Conference in Amsterdam, that the GPL should clarify who is the author of the software to ensure that open source software distributed under this license receives legal protection.

The copyright of the actual text of the GPL is owned by the Free Software Foundation, but the author owns the copyright to the GPL-licensed software. Authors that wish to release their software under the GPL are advised to include a line in the source code stating "Copyright © [name of author]". Guibault told ZDNet UK that it may not be enough to have the copyright statement in the code.

If the author of GPL-licensed product discovers that a company has not adhered to the terms and conditions of the license, the individual may find it difficult to argue his case in court as the defending party could argue that the copyright appears to belong to the Free Software Foundation, according to Guibault.

"The only name that appears on the license is the Free Software Foundation — they appear to be the licensor," she said.

But Richard Stallman, the founder of the Free Software Foundation and the author of the GPL, claimed that even if this is a problem in the Netherlands, it will not affect free software elsewhere.

"If free software licenses are not valid in the Netherlands, copyright law still applies, so the result could be that no one is allowed to distribute or change free software there. However, the FSF will continue to respect everyone's right to do so," said Stallman.

"Whatever happens in the Netherlands, it won't be a disaster for free software in general. If the Netherlands has put something foolish in its laws, it will just have to fix their laws to do the right thing," Stallman added.

Harald Welte, the founder of GPL-violations.org, said in an interview in March that he is able to take legal action against companies that have violated the GPL as he is the author of the GPL-licensed software that companies have misappropriated.

"Most of the violations we're seeing are happening in the embedded market," said Welte. "They are running the Linux kernel and I have copyright on parts of the Linux kernel. In the cases that went to court, it was me as an individual copyright holder [against the company in question]."

Although Welte has been successful every time he has accused a company of violating the GPL, Guibault claimed that he is primarily relying on the goodwill of companies to settle copyright violations out of court. Welte has so far negotiated about 30 out-of-court settlements, three preliminary injunctions and one court order. None of the cases has ever gone to trial, but if this happened the case could go either way, according to Guibault.

"The accused party could say — the only party I dealt with [in the license agreement] was the Free Software Foundation," said Guibault. "The author of the software could probably argue their way out of it, but it depends on the judge."

The solution to this issue would be relatively simply matter of adding the name of the software author to the license agreement, said Guibault. She said at the conference that the Mozilla Public License is better in this respect as it makes it clear who owns the software.

"It is technically very easy to correct this," said Guibault. "Mozilla may be one of most clearest examples [of an open source license] — you can put you own name there as a developer or contributor. Users of the software don't have to look everywhere to see who grants the license."

One UK legal expert said that Guibault's argument was effectively an issue of evidence, rather than law.

"If I write a piece of software (not as an employee) I am the copyright owner whether or not my name appears on the software or its packaging," said Joel Barry, a partner at legal firm Olswang.

"I get the right to prevent certain forms of misuse prohibited by copyright law. Evidentially if I put my name and the date on the software/packaging that creates a legal presumption under UK law that I am the owner and that the date is the date of creation. If I do not then I need to prove this as a matter of fact."

"If I release my software under a license (e.g. the GNU license) then I permit certain uses under that license. If someone misuses my software I have to prove (i) I am the owner of the copyright in the software, that (ii) the misuse is a breach of the law and (iii) that is it not permitted under the license. Strictly speaking the defendant must prove point (iii) - i.e. that he has a defense under the license," Barry explained.

[May 20, 2005] ACCA_Open_Source_Hidden_Problems_05.05 Open Source: Paper Tiger, Hidden Problems? by Daniel J. Schwartz  Open source software and code has the potential to be a real problem for any organization.  From small packets of code developed by back-office programmers to the very operating system running all of the organization's computer systems, open source presents issues that in-house must address today and prepare for tomorrow.  This article addresses several possible open source issues and provides a brief update on the SCO Group's litigation with IBM and a recent ruling by a German court, in a case of first impression by a tribunal in any country, upholding the validity of one of the most common open source license agreements.
 

Intellectual Property and Technology Law Practice Rather than spend several days writing code to develop a new feature for a proprietary software application, a programmer spends an hour on the Internet searching for previously written, and freely available, code for that feature. Having found suitable code, the programmer clicks his mouse a few times, and downloads the code for use in the proprietary system. Sounds harmless enough, right? Not necessarily, especially if the programmer downloaded open source code. In general, open source refers to any program whose source code is made available for use or modification as users or other developers see fit.1 Open source software is usually developed as a public collaboration by many unrelated programmers and the software is made freely available. One impetus behind the open source movement is that software develops faster when programmers can use, modify and re-distribute others’ source code. Developers of open source software typically make their programs available through one of the open source license agreements. Hundreds of such license agreements exist. However, several particular agreements have become the most popular, including GNU’s General Public License (“GPL”), the MIT License and the Mozilla Public License.2 While each license is different, they universally exclude any warranties regarding the licensed code. Accordingly, the agreements do not provide warranties regarding use, applicability, title or noninfringement of other’s intellectual property. This leaves the licensee relatively exposed and unprotected concerning use of the open source code. Each license agreement also differs in the restrictions it places upon a licensee’s use of code and on the licensee’s ability to create and maintain proprietary software using the licensed open source code. For example, the GPL requires that any modification of the licensed code remain as open source code and be available to others under the GPL.3 Accordingly, if a programmer simply clicks on a button to download even the smallest packet of code and thereby agrees to the GPL, then the GPL may require the entire software program, which incorporates the GPL-code, to be made available as open source under the GPL. This is true regardless of whether the programmer or employer ever intended others to be able to see, read, view and modify their software. Thus, a single click of the mouse may render otherwise proprietary software available to all. For this reason, the GPL is often referred to as the most “viral” open source license agreement – i.e., like a virus, it infects any code into which it gets inserted.4 Even this short review of open source license agreements makes clear that many risks exist regarding your company’s decision whether and how to allow the use of open source code. Complicating this decision is the lack of case law analyzing these open source license agreements. In the only case presenting an opportunity for judicial evaluation of the GPL — the most commonly used open source license agreement — the parties settled before any meaningful rulings by the court.5 In Progress Software, MySQL alleged breach of the GPL, but the court never had the opportunity to rule on this issue. No other U.S. court has addressed the GPL. Therefore, no court has ruled on its enforceability or This advisory was prepared by Jenner & Block’s Intellectual Property and Technology Law Practice for the Information Technology Law & Ecommerce Committee of the Association of Corporate Counsel. May 2005 2 May 2005 even who has the right to bring suit for an alleged breach of the GPL. Recently, however, a German court squarely addressed the GPL and affirmed its enforceability.6 In this case, a group called the “netfilter/iptables project” sought an injunction against Sitecom alleging that Sitecom did not comply with the terms of the GPL in distributing certain software created and provided by “netfilters” under the GPL. Even though the German court questioned the enforceability of certain terms of the GPL under German law, it concluded that Sitecom violated other valid terms of the GPL and issued an injunction against it. While not directly construing any open source license agreement, another much-watched open source software case is the present litigation between SCO Group and IBM relating to the UNIX and Linux operating systems.7 In general, SCO Group alleges that IBM misappropriated SCO’s UNIX intellectual property — which SCO Group asserts ownership of — in the development of IBM’s Linux operating system services business.8 The prevailing thought is that if SCO is successful in this litigation, it could assert claims against users of the Linux operating systems — which include most of the world’s largest companies and many smaller ones as well. Recently, however, the court suggested that it was skeptical SCO would succeed because it had not provided any proof to support its claims in the two years since initiating the suit: “Viewed against the backdrop of SCO’s plethora of public statements concerning IBM’s and others’ infringement of SCO’s purported copyrights to the Unix software, it is astonishing that SCO has not offered any competent evidence to create a disputed fact regarding whether IBM has infringed SCO’s alleged copyrights through IBM’s Linux activities.”9 Suggestions At this point, it is unclear whether open source licensing issues are anything more than a “paper tiger,” or whether these hidden issues will truly materialize into problems for your organizations. The SCO Group litigation illustrates one of the most serious potential problems with licensing software and operating systems (commonly Linux) that incorporate open source code. Because the licenses exclude any warranties of title or noninfringement, you may be faced with a third-party claim that it actually owns the code and that your company is infringing the third-party’s intellectual property or contractual rights. In light of this uncertainty, you need to consider company policies concerning the use of open source code. Managing the risks associated with open source demands that you discuss these issues with your programmers and arrive at known solutions in advance of someone potentially entering into a license agreement without the company knowing about it. You should also consider evaluating the various open source license agreements to ensure that you know which agreements are acceptable for your company’s purposes (which may differ for each project). Furthermore, education and training is extremely important. Making sure that everyone involved in developing software at your organization knows the policies and procedures for dealing with open source issues remains the best weapon against an otherwise uncertain background. 3 May 2005 ©Copyright 2005 Jenner & Block LLP. Jenner & Block is an Illinois Limited Liability Partnership including professional corporations. This publication is not intended to provide legal advice but to provide information on legal matters and Firm news of interest to our clients and colleagues. Readers should seek specific legal advice before taking any action with respect to matters mentioned in this publication. Under professional rules, this publication may be considered advertising material; the attorney responsible for this publication is Daniel J. Schwartz. Cover image from the Collection of the Supreme Court of the United States.

 For more information, please contact: Daniel J. Schwartz, Partner djschwartz@jenner.com Tel: 312 923-2846 Endnotes 1 See www.opensource.org/docs/definition.php. 2 The full text of these agreements can be found at http://www.gnu.org/licenses/licenses.html, http://www.opensource.org/licenses/mit-license.php, and http://www.mozilla.org/MPL/, respectively. The GNU and Mozilla sites also have particularly helpful “frequently asked questions” or “FAQ” sections at http://www.gnu.org/licenses/gpl-faq.html and http://www.mozilla.org/MPL/mpl-faq.html. The FAQ sections provide explanations of use and interpretation of the license agreement as well as examples of how the license is meant to address certain situations, including the use of licensed code in proprietary systems. 3 Section 2(b) of the GPL states: “You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions. . .(b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License…” 4 GNU also provides a “Lesser GPL” or “LGPL” agreement. Open source developers do not use the LPGL as frequently as the other licenses, in part because the LPGL more readily allows licensees to use the code in proprietary systems. See http://www.gnu.org/licenses/why-not-lgpl.html. 5 See Progress Software Corp. v. MySQL AB, 195 F.Supp.2d 32 8 (D.Mass. 2002). 6 See http://www.jbb.de/judgment_dc_munich_gpl.pdf. 7 SCO Group v. International Business Machines, Corp., No. 2:03-CV-00294 DAK (D.Utah) 8 SCO Group is involved in additional litigation with Novell over purported ownership rights to certain aspects of the UNIX operating systems. In that litigation, Novell asserts that it — not SCO Group — own that intellectual property. 9 SCO Group v. International Business Machines, Corp., 2005 WL 318784 *5, No. 2:03-CV-00294 DAK (D.Utah Feb. 9, 2005)

IT Business Edge

With Jeremy Boynes, CTO of Gluecode Software, which sells a suite of open source software built on top of widely used open source developer projects from the Apache Software Foundation.

Question: Which features of the BSD license, or BSD-style licensing, make it more appropriate for your use? Or is it more a matter of the GPL NOT being at all appropriate?
Boynes: While there are many successful and broadly used open source projects that are licensed under GPL, BSD-style licensing is more appropriate for commercial companies such as Gluecode that are striving to build product-derived "value-add" functionality on top of open source. Most companies that are built around GPL projects, including Red Hat, tend to be professional services or consulting organizations. With BSD-style licensing, individuals and organizations can build product features on top of open source without being obligated to contribute these back to the open source project. The BSD licensing model helps individuals and organizations leverage existing open source technologies to enter new markets and to compete in those markets based on their unique technology differentiation. Gluecode has chosen to use BSD-licensed technology to add value on our own terms. Gluecode has integrated a number of Apache 2.0-licensed projects, including Apache Geronimo (application server), ActiveMQ (messaging), and Apache Derby (database) to create an integrated open source stack for the lightweight container market. Gluecode adds value to this stack with features that make application deployment easier, more manageable and more scalable. End users get the benefits of using well-known, trusted open source along with the additional features that Gluecode provides.

Question: What input, if any, do you receive from clients on their licensing preferences? Do you find you do a lot of education among clients on licensing issues?
Boynes: Gluecode has two categories of customers: end-user customers and ISV customers who are looking to bundle and redistribute the open source stack with their own applications. Licensing is not a big issue for end users; they want a product that works as advertised and that has the backing of a commercial vendor for support. However, ISVs that are bundling or embedding open source have to be very aware of the open source licensing and the impact on IP and distribution. In these areas, GPL can be problematic, whereas BSD licensing tends to be more favorable for ISVs and OEMs. Licensing is a complex issue, and one that is constantly evolving. We make it easier on our customers by sticking to one licensing model. All of the core open source projects that we use are Apache 2.0-licensed.

Question: Is Gluecode's license GPL-compatible?
Boynes: Can you run Gluecode on GPL-based technology like Linux? The answer is yes. We don't use any GPL-licensed components in our product, but people are certainly free to run it on Linux or alongside MySQL, both of which are GPL.

GPL Sued For Software Price Fixing @ LBN

The Free Software Foundation (FSF) and the General Public License (GPL), the great enabler of the open source movement, were sued last Thursday for restraint of trade under the Clayton Antitrust Act (15 US Code Section 26) in the US District Court for the Southern District of Indiana.  

The pro se suit, filed by physicist, computer programmer and Groklaw gadfly Daniel Wallace, charges that the GPL “contract licensing scheme” artificially fixes software prices.  

Wallace is asking the court for an injunction that would outlaw the use of the GPL in the United States.

The four-page suit claims that the “Free Software Foundation has entered into contracts and otherwise conspired and agreed with individual software authors and commercial distributors of commodity software products such as Red Hat Inc. and Novell Inc. to artificially fix the prices charged for computer software programs through the promotion and use of an adhesion contract that was created, used and promoted since at least the year 1991 by the Free Software Foundation Inc. This license is known as the GNU General Public License. The price -fixing scheme implemented with the use of the GNU General Public License substantially lessens the ability of individual software authors to compete in a free market through the creation, sale and distribution of computer software programs.”

Mr. Wallace claims that his “ability to work and create commercial computer programs is dependent upon a market free of restraints on trade through price-fixing schemes” and that the “rapid adoption of the GNU General Public License in schemes to deflate or eliminate the free market valuation of computer programs threatens to diminish or destroy [his] ability to earn future revenues in the career field of computer programming.”

He said in an interview on Sunday  that he would probably ask the court for a summary judgment.

Even open source advocates have expressed doubt that the GPL can stand up in court and credit the Free Software Foundation’s skillful avoidance of a legal showdown for preserving the GPL this long.

Larry Rosen, the former general counsel of the Open Source Initiative (OSI), the body that authorizes open source licenses, has called the GPL and LGPL an “impenetrable maze of technological babble” and has raised questions as to the GPL’s legitimacy because of its obtuseness, its idiosyncratic misinterpretation of copyright law, its lumping of collective works in with outlawed derivative works and treating them like they’re the same thing, and its legally untenable position of forbidding anyone from linking unmodified GPL and non-GPL software.

Open source zealots would claim that software doesn’t rest as firmly on copyright law as Rosen suggests and that the copyright claim basic to Rosen’s argument can be shot full of holes.

The only known time the GPL has been hauled into an American court was in 2001-2002 during a contract flap between MySQL AB and its then US distributor, NuSphere, the Progress Software subsidiary. Progress sued for breach of contract and MySQL countersued charging NuSphere with trademark infringement and breaking the GPL in federal court in Massachusetts.

The GPL charge wasn’t central to the case and its validity wasn’t specifically ruled on, but before the case was settled out-of-court in late 2002, the judge hearing it purportedly deemed the GPL “enforceable and binding.”

At least that’s what the Free Software Foundation, which helped MySQL out with the case, said she said after a go at mediation failed and the case bounced back to her court.

According to what was reported at the time, Judge Patti Saris didn’t use the words “enforceable and binding” in open court but the Free Software Foundation, which had filed an affidavit in support of MySQL, insisted that’s what she meant.

Evidently the judge never questioned the GPL license, quoted sections of it at Progress’ chief counsel, asked how exactly NuSphere had complied with this or that GPL term, indicated that Progress needed to comply with the license and told MySQL lawyers that they could come back with a new motion for a preliminary injunction stopping NuSphere from selling the MySQL database if discovery indicated NuSphere hadn’t fully complied with the GPL.

The judge refused to grant an injunction MySQL wanted at that point because she wasn’t convinced MySQL had been irreparably harmed and anyway NuSphere was back in compliance with the GPL by then.

The GPL part of the squabble revolved around the central gotcha in the GPL that scares a lot of people off open source. NuSphere had linked a proprietary storage module called Gemini to MySQL and didn’t immediately provide the Gemini source code although it did a few months later, theoretically bringing it into compliance.

When a GPL product is combined with a non-GPL product, the GPL says the source code for the non-GPL product has to be released. NuSphere claimed its Storage Engine didn’t have to be GPL’d because it wasn’t a MySQL derivative. It was based on technology that Progress had developed years before and used elsewhere.

NuSphere maintained that it hadn’t violated the GPL at all. It said the idea that it violated the license by statically linking proprietary software to MySQL is an extreme interpretation of the GPL.

It also claimed that MySQL had broken the GPL by adding conditions, something GPL disallows, demanding that a commercial license be used for code distributed over a network because of linking.

NuSphere had a problem with the Free Software Foundation’s view that even a trivial violation of the GPL puts the licensee at the mercy of the licensor, who may legally refuse to re-authorize the licensee to distribute the licensor’s GPL software even if the licensee fully rectifies his earlier violation.

Ironically, NuSphere underwrote MySQL’s shift to the GPL and reimbursed the company, then known as TCX Datakonsult, for losses it might suffer from going GPL. MySQL previously used a semi-open license of its own called the Free Public License as well as a traditional commercial license.

For those who are looking for it, Mr. Wallace’s suit against the Free Software Foundation is Civil Complaint No. 1:05-cv-0618-JDT-TAB.

GROKLAW -- An interesting GPL loophole.

Government backs renegade open source licence Builder AU Program At Work

The federal government's recently-launched open-source content management system does not meet industry standards, local software developers and a leading IT lawyer claim. Last week, Special Minister of State Senator Eric Abetz launched a fully-documented open source CMS, which will be freely available to government agencies and not-for-profit groups. The software is based on local company Squiz's MySource Matrix application. However, the terms of the licence under which MySource Matrix -- and several other modules developed by the Australian Government Information Management Office -- does not comply with open source requirements. "I don't consider the Squiz open-source licence to be compliant with the Open Source Definition (OSD)," lawyer Jeremy Malcolm told ZDNet Australia . The definition is defined by the Open Source Initiative (OSI), the community body which certifies a software licence as open source. "The main problem is that Squiz has to be notified of any modifications and copyright for any derivative works have to be assigned to the company," he said. According to Malcolm, the requirement that copyright be assigned is pretty unique to the Squiz licence and this constrains developers' ability to make modifications to the software and derive other software from it. This is in breach of clause 3 of the OSD. He pointed out that other projects such as OpenOffice.org required an assignment of copyright for amendments to be accepted into the official project code, but stipulated that "it should not be a condition of the licence". Two local software developers who work with open-source solutions echoed Malcolm's sentiments. "I wouldn't touch any software under that licence under any circumstances," said Nick Lothian, "and I'd be surprised if any sensible business would." "In almost any case a business would be better off under a conventional commercial licence where the source was a supplier," he continued. Fellow developer Brandon Franklin questioned the legality of forcing all copyright to be assigned to Squiz. However, Squiz managing director John-Paul Syriatowicz said it was OSI that was dragging the chain on giving the company proper licence accreditation. "Squiz is committed to the open-source path, however, it seems the goal posts are moving," he said. "As you are no doubt aware, OSI is currently taking steps to address a series of open-source licensing concerns including licence proliferation, understandability and code re-combination and re-use. "Squiz will re-adjust its business and licensing strategy to incorporate OSI’s changes but at this stage it is too early to say exactly how. We still find the dual licensing model employed by MySQL very attractive so at this point (without seeing the outcome of the OSI policy changes) it seems likely we will move in that direction," Syriatowicz said.

MySQL AB allows customers to acquire its database software under a commercial licence or an open-source licence. If customers use the commercial licence they are not required to distribute modifications to the MySQL code. A secondary licensing concern is that AGIMO's OSS package includes Squiz-developed modules that the company normally provides at a cost of AU$20,000. These modules are under a commercial licence. Squiz executive director Stephen Barker told ZDNet Australia  many of its commercial modules would eventually make it into the core MySource Matrix product and be available under its open-source licence. Barker said if commercial entities wanted the costly modules now, they would have to pay for it, but "they could wait and obtain them for free when Squiz extracts the commercial value from them". A spokesperson for AGIMO was unavailable for comment at press time.

Sun's Schwartz Attacks GPL

Re:Nothing wrong with hating the GPL... (Score:1) by $1uck (710826) on Wednesday April 06, @01:20PM (#12156103)

What about using gpl code extending it and not distributing it? I mean I don't think a government would be too keen on distributing their software anyhow. I didn't think goverments were into selling software anyhow. You're not required to hand out your code if your not handing out your software.

Re:Nothing wrong with hating the GPL... (Score:0) by Anonymous Coward on Wednesday April 06, @01:34PM (#12156302)

The bigger issue: Fewer employed programmers with GPL. GPL a great tool to keep salaries down, cuz we need fewer programmers.

Re:Nothing wrong with hating the GPL... (Score:0) by Anonymous Coward on Wednesday April 06, @02:19PM (#12156862)

That's the problem. Developing countries might not have the resources available to rewrite GPL'd code, and so they are "forced" to use it and release their own code. A rich country can develop its own alternatives if it needs to, protecting its own code.

Release src only if publically release binary (Score:4, Informative) by Anonymous Coward on Wednesday April 06, @12:31PM (#12155361)

ATTENTION GPL allows one to keep everything private one does for self/company/corporation. It's spelled out in the license. You need only release any source you have done IF you publically release the binary. We use lots of heavily modified GPL in house, but of course we could never give out our hard work for free, to anyone. It would be corporate suicide if we did that. I know we aren't the only large software company doing that. We don't, of course, ever use source code in publically released software, but we do when for nearly all private, multi-$000 sales.

Re:Release src only if publically release binary (Score:4, Informative) by GigsVT (208848) on Wednesday April 06, @01:19PM (#12156084) (Last Journal: Saturday April 02, @06:49PM)

but we do when for nearly all private, multi-$000 sales. Then you are violating the GPL. You can't sell it without distributing it, unless you have them using it on your servers somehow and never sent them any binaries. (i.e. the whole dot-bomb application service provider business model)

Re:Release src only if publically release binary (Score:0) by Anonymous Coward on Wednesday April 06, @01:51PM (#12156520)

Then you are violating the GPL. You can't sell it without distributing it, unless you have them using it on your servers somehow and never sent them any binaries. (i.e. the whole dot-bomb application service provider business model) I think you missed where the guy said "but of course we could never give out our hard work for free" and then put that together with "but we do when for nearly all private, multi-$000 sales." Basically, the people buying the software are getting GPL software including the GPL-licensed source code. But in that case, they are making money, so they release it, and probably not expecting the customer to release the GPL code out into the public, although its well within their rights.

Re:Release src only if publically release binary (Score:3, Insightful) by L7_ (645377) on Wednesday April 06, @01:52PM (#12156533)

From his post, he is distributing the source... but only to those clients/customers that are buying it, not to the general public. It was my impression that you could sell modified GPL made binaries to customers (with the source) without distributing the source or binary to the general public, or even contributing your modified source back to the original GPL'ed project that you started your project from. So, from how I understand it, I don;t think that he is violating the GPL.

Re:Release src only if publically release binary (Score:0) by Anonymous Coward on Wednesday April 06, @02:01PM (#12156653)

What's to stop the company he sold it for from distributing it if they wanted to, or if someone inside leaked a copy? Doesn't GPL allow free copying? Also, wouldn't adding a non-disclosure clause be violating the GPL?

I don't see how that's possible (Score:2) by bogie (31020) on Wednesday April 06, @02:09PM (#12156737) (Last Journal: Tuesday October 29, @11:47AM)

So basically your saying I can take any GPL code I want, modify it, sell it to whoever I want, but then say "its a private sale" and never re-release any GPL code. That makes zero sense to me. By it leaving the company in anyway its being distributed and therefore has to be available. The whole "oh but is a private sale" thing doesn't wash. Perhaps I'm just wrong here but if I am I hope someone could explain why. Isn't that why we get on the cases of companies that sell GPL products but never release the changes to the public?

Re:I don't see how that's possible (Score:0) by Anonymous Coward on Wednesday April 06, @02:19PM (#12156869)

The source only needs to be released to those to whom the binaries are distributed. In this case, the vendor must provide the source to each customer, but not necessarily to "the general public." However, under the terms of the GPL, any of those customers can turn around and release the source to whomever they wish, potentially including the general public.

Re:I don't see how that's possible (Score:3, Informative) by srleffler (721400) on Wednesday April 06, @02:29PM (#12156972)

The fact that the sale is 'private' isn't the point. The issue is that you're only obligated to give the source to the people to whom you give/sell binaries. If you give the binaries to five customers, you have to release the source to those five customers. If you release the binaries to whoever wants them, you have to do likewise with the source. Simple. As others have pointed out, the customers receiving the binaries and source are free to redistribute them, and probably cannot be constrained from doing so by any non-disclosure agreement..

Re:I don't see how that's possible (Score:0) by Anonymous Coward on Wednesday April 06, @03:18PM (#12157607)

You cannot prevent one of those 5 customers from giving the software to someone else. True. But generally they wouldn't bother, because software that costs that much is rarely useful to anyone but the person who bought it. I believe the GPL also says that "3rd party" requests for the source must be honored for no more than what media costs. A common misconception. This is not actually the case. What the GPL says is that if you want to, instead of giving someone the source code, you can give them a written statement promising to give it to them if they want it: if you do that, then they must pass copies of that statement on to anyone they give the binaries to, and you must give source code to anyone who received that statement along with their copies of the binaries. So if one your 5 customers gives the software to Jim Bob Jones then Jim Bob Jones can request source from you. Only if you did not provide the source code with the binaries. If you did, then Jim Bob Jones has no right to get anything from you - he must go to the customer he got the binaries from, and they must give him the source code.

here is how i understand it... (Score:1) by DarkTempes (822722) on Wednesday April 06, @02:49PM (#12157173) (http://www.archspace.org/)

from what i understand this is how it works. whoever receives a binary licesened under the GPL (and derivative works are still under the GPL) has the right to request/receive the source code. then that receiver (who could have paid or not paid or whatever) has the right to redistribute that copy but are not 'obligated' to. basically the company would only be obligated to give the source out to people it gave the binary out to (and possibly anyone who just managed to get their hands on the binary, including theft [accepting cases where it was in-house only and never sold and thus considered a trade secret]). the only thing is i don't see how that's a viable buisness practice because ONE buyer could just release their version for free. i suppose the only way i see that as a viable buisness practice is selling a) support and b) new versions (and thus not caring if people give out your software and figuring that they'll just buy it anyway to support you)

Re:I don't see how that's possible (Score:1) by GoCoGi (716063) on Wednesday April 06, @03:23PM (#12157678)

Yes, you can sell GPL code to anyone, but the one getting the code will be granted all the freedoms the GPL provides as well. The recieving company could also sell the recieved modified source or give it away for free. So it's only a matter of time until someone releases it publicly and legally for free. The GPL allows to keep private changes private, because you are not infringing on anyones freedoms by doing that and anyone who somehow got the binaries is legally entitled to get the source, too and enjoys all the GPL-freedoms. And how would you force someone to publish private changes anyway? There are things like the Affero GPL for web-services and the GPL3 will probably also include forced-publishing for servers that are also run publibcly. But noone could ever know that you did modifications, if they are totally private anyway

Re:I don't see how that's possible (Score:2) by HiThere (15173) * <charleshixsn@NoSPaM.earthlink.net> on Wednesday April 06, @03:52PM (#12158050)

You are allowed to take GPL code, modify it, and sell it to customers. You are obligated to make the source available to those customers on request without additional fees (except for minimal handling charges). HOWEVER: Those customers receive the code under the GPL. You are forbidden to attach any additional restrictions as to what THEY do with the code. (E.g., they can resell it, go into competition with you, start a business distributing it on CDs, put it up on an ftp server for download over the internet, etc.)

Ha! (Score:4, Insightful) by Anonymous Coward on Wednesday April 06, @12:10PM (#12155057)

This from one of the biggest advocates for the non-immigrant guest worker programs !!! His motto was "All your cheap labor belong to us". Not it's, "All your property belong to us". What a clown. Developing nations don't give a fuck about "intellectual property". Just look at the US when it was a young country.

Re:Ha! (Score:5, Informative) by ShieldW0lf (601553) on Wednesday April 06, @12:33PM (#12155406)

I think he's referring to the fact that the US was pretty much the number one copyright offender in the world when they got started. The British were flipping and the Americans just flipped them off. It was only when the US started having significant developments of their own that they started to care about "IP"

Re:Ha! (Score:0) by Anonymous Coward on Wednesday April 06, @12:34PM (#12155434)

Meanwhile Hollywood is formed in California to help avoid paying royalties on the film making patents they infringed. Much later, Unix is written without patent protection, MS-DOS is written without patent protection, Windows is written without patent protection... and then "business method" (and from that, software) patents are recognized thanks to the State Street decision. So now, given that software was only patentable here in the past decade or so, what was the point of this whole argument again? I got distracted by a shiny thing and forgot.

Re:Ha! (Score:2) by Minna Kirai (624281) on Wednesday April 06, @01:29PM (