Slashdot Log In
Hole in GNU GPL?
from the keeping-money-away-from-lawyers dept.
Public Apology
I posted this piece because I felt Faré raised some subtle but interesting ethical and legal points about the GPL that were worth discussion and clarification. I honestly did not expect to get flamed over my decision to post his submission.
I believe that software licenses and documentation, like software itself, should be discussed as openly and publicly as possible so that bugs can be exposed and repaired. However, words (especially legal words) are far more slippery than code. With words the question, "Is this a bug?" is often far harder to answer than it is in software.
But I was wrong to post this to Slashdot, which is obviously not an appropriate forum for discussion of subtle ethical matters, and it is apparent that any mention of even a hint of a possible tiny imperfection in the GPL does not belong here, and that anyone who dares to mention any such thing on this website must expect - and probably deserves - a series of harsh, even obscene, personal attacks instead of rational rebukes or comments.
Please accept my humble apology. I was wrong. I will try not to make the mistake of posting anything even remotely like this on Slashdot ever again.
- Robin
Update: 01/18 01:37 by CT :Another Public Apology I apologize for Robin's "Humble" apology. Robin posts many good stories on Slashdot, but sometimes when he gets flamed, he takes it very personally. The reality is that every author on Slashdot gets a big load of flame every day as part of their job. They get this for mistakes, misunderstandings, or just because someone had a crappy day. Those of us who have been at it for a long time just don't care any more.
I think Slashdot is a fine forum for arguing subtle points. I just think that when things like the GPL come into question, the hostile kneejerk reactions run rampant, and its a good idea to up your threshold a notch if you prefer a conversation to be a little more mature.
- CmdrTaco
Re:Its still okay (Score:3)
Plus there's a whole range of technicalities that must be dealt with. *Corporations* are legal entities, not "clubs." You would have to sign up to be a member in such a way that you would be and act as part of that corporation, keeping your interests in the software within the framework of that arrangement.
Once you begin using the software for your own personal purposes or in any way outside of the corporation's need for the software, you are either a) breach of contract; and/or b) acting *for* the company by redistributing the software outside the boundaries of the corporation (to yourself). Assuming the latter, you could still be breaching contract by doing so, which could nullify your rights to redistribute (as well as the rights of those that have received the software from you).
So really in order for something like this to be legal, the corporation would have to have a contract set up in such a way that your interest in the software remains within the boundaries and charter of the corporation. Once that ceases to be the case, either you're guilty of using the software incorrectly, or the corporation is guilty of restricting it incorrectly.
As far as I know, no "clubs" have membership agreements that set their members up as employees/agents of the host corporation, which would be required if their use of the software is to be considered "internal."
Re:The postulated "hole" does not exist. (Score:3)
It's probably up to FSF and their law professor to make a GPL FAQ. I talk a bit about licenses in general in my Open Sources article.
Thanks
Bruce
Goats, Gotten (Score:3)
Robin, I could care less that you posted this article, I could care less that you've been flamed, but you shouldn't be subjecting me to the sophistry of your "Public Apology." As difficult as it is, even if you don't have a thick enough skin to ignore the flamage, I really don't think it's right for you to use your position as a Slashdot author to post argumentative content like that.
Fare is right (Score:3)
I wrote RMS about this, and this is the reply I got:
I agree with RMS that normally a corporation letting its employees use software does not count as distribution. However, in this case we have a different situation... Secure Computing (which is completely seperate from the NSA), is being hired by the NSA to make a special version of Linux for them. Therefore, I think you do have to count this as distribution, and as Fare said, it must be distribution to the individuals in the corporation (NSA), not to NSA as a group.If we allow this, then what is to prevent Secure Computing from selling this modified version of Linux to other companies as well? All they have to do is make sure never to sell to an individual (because an individual can request code, but the corporation won't), and they're fine.
Which is a huge gaping hole! Licenses must apply to individuals. How can a company ask for source code?
There's nothing to see here, you can go home now.. (Score:3)
the (false) assumption that corporations are
not legally bound by contracts/licences as
individuals are.
In actuality, the very PURPOSE of incorporation is to create a new legal entity (sort of a fake person) that can take legal responsibility for its own actions, rather than the company's head being explicitly liable.
To put this another way: if corporations weren't bound by licenses as individuals are, why do they even bother to license software (under any license, even proprietary licenses) from each other? Why do CORPORATIONS put their copyright on code they produce, rather than the individual programmers working for them?
This supposed "hole" is bogus.
Simple Public License (Score:3)
I am working on a simpler license here:
Simple Public License [vsdl.org]
I forwarded a previous draft of this license to RMS and he said it appeared to be a "free software" license as near as he could tell. I also have run previous drafts through the open-source approval list a few times. This version still has to go to a lawyer for review and legal tightening, at which point I will complete the OSS process, and resubmit it to the FSF for review.
Before you all tell me not to do this, here is why:
The main thing is it is shorter, taking up two pages to the LGPL's 11.
Please review! You can send comments on the license to justin@vsdl.org [mailto].
Re:This guy is a troll! (Score:3)
Right now the GPL seems completely theoretical. But so far, everyone's respected it enough to not have to actually see if it's worth the paper it's printed on.
Re:Rob - Chill Out! (Score:3)
Yet, like many Slashdotters, I was disappointed by Robin posting this story. A single person has posted two messages to a discussion that suggests there is a problem with the GPL. RMS reponded that he doesn't think there is a problem, and no one else suggested that there is a problem. To call this 'news' is ridiculous, and the blurb that accompanied the article was highly sensationalist. That the initial submission was from the mailing list poster further detracts from the credibility of the story.
I just thought this was sloppy and sensationalistic journalism, and left it at that. With Robin's 'apology' I now feel moved to comment. Sarcastic flamebait like this has no place inside a story proper. Robin, if you want to make comment like this, join in the main discussion like the rest of us (and turn off your +1 posting right like others do when it is appropriate).
Remember, Slashdot succeeded because of the insightful comment of Rob and Jeff, and their uncanny ability to post stories that Slashdotters liked. It's great that they've benefited from Andover's business decision, but be wary of now trying to change the editorial content to suit your point of view, Robin--you may just find that you are less in tune with the Slashdot readership than Rob and Jeff.
Finally, let me point out that almost all of the negative comments that were moderated up commented specifically on the newsworthiness and journalistic integrity of the story; they were not criticising the stance of the original poster in any way. Robin's ill-thought retort comes across as highly inappropriate, unnecessarily harsh, and not in tune with the actual content of the discussion.
There, I've said it!
Re:But is that what he's saying? (Score:3)
Re:What goes around comes around.. (Score:3)
Re:Roblimo's "apology" sarcastic and disrespectful (Score:3)
I was curious to see what Roblimo's apology was. I was certainly not expecting a snide attack on the entire Slashdot community. Does this mean you will no longer be working on the Slashdot staff, Robin? I sincerely hope so. No one with your open disdain for the site's users should be involved with it.
I completely disagree with that entire statement. I mean, let's be real for a moment...Basically asking Robin to leave /., just because he gave as well as he got? Last time I checked, sarcasm wasn't a crime and, in this case, I feel it was 100% justified. He should not have even had to apologize for posting this story. Big deal. Feathers were ruffled...people got all worked up...someone may have actually had to THINK about what they were READING for a moment, rather than being spoonfed. ("Oh, the inhumanity!")
Yes, it's possible it could have been more thoroughly researched, but given the volume of article submissions and intricities inherent in each possible article (especially this one...are you an expert on French law? Can you tell me for sure that this so-called "GNU GPL Hole" doesn't exist in terms of their legal system? I doubt it.), it'd be unreasonable to expect every single story to be exhaustively researched before it's posted to the site. Personally, I'd rather see the news "as it's happening" than catch a follow-up summary saying "this is what you missed." That's the beauty of the web.
I think it's a pretty sad state of affairs when members of the /. community are so thin-skinned and hyper-sensitive they'd actually personally attack someone for posting anything. We're intelligent people here. There is no reason to lambaste someone for posting an article that raises questions, regardless of how "resolved" or "disproven" the thing in question happens to be. If there are any questions left to ask about something, it means it's not resolved. You can't advance without continually questioning things and exploring possibilities.
In short (ha!), ease off. The tone of Roblimo's apology should have given you a clue as to just how irrational the rest of the /. "community" was being toward him. I, for one, am ashamed that such things would ever be said to anyone on this website posting anything. (this next part is not directed specifically at invenustus, but everyone as a whole) If you can't be an objective reader and rationally talk about, and/or point out errors in, an article, what are you doing in the comments at all? If you need attention and coddling, go looking for mommy. This isn't the place for it. Let's try to keep /. (comments and all!) something worth reading, eh?
Let's take it to court (Score:3)
The GPL is just begging somebody to take it to court.
I say lets do it and get it over with. I brough up the topic of the GPL and companies recently [slashdot.org] and now I'm saying lets test it.
A few days ago at lunch, a few of us were discussing how the GPL would do in the US court of law. Then someone suggested testing it out. I asked, "how?" and the rest went like this: Have one of us (I'll call #1) write some
small unique code or take some code that they wrote on their own time a while ago, and slap the GPL on it. Sell it to another person (#2). Then have #2 modify it and sell it to a third person (#3), without giving the source nor the license. Thus violating the GPL.
Have person #1 and maybe #3 sue #2 to release the code. Take this to real court and battle it out. Of course this will take some money, but all good experiments do. You also have risk involved, if #2 wins, then the GPL may fall altogether.
Now would something like this be useful if brought to a real court. If #2 looses, then start an appeal to get to another court, to get more clout. This will finally prove that the GPL is legally standing. And the risk is that it could prove the opposite. But is any of this worth it?
Steven Rostedt
The original poster is clueless (Score:3)
In my interpretation, a license is personal -- towards individuals only. Companies are not individuals and have no right as such.
Being the owner of a C corporation, I can say that this is patently false. The whole concept of a company is that it does have many of the same rights as an individual. A company can enter into contracts with other companies or individuals, a company can be sued, etc. If I enter into a contract with a company, then I have a contract with a company, not with individuals within that company.
If the entire assertion is based on the idea that a company isn't a legal entity, then there's nothing to this.
It is individual programmers who have the absolute right to copy, modify, and distribute software (as claimed by the GNU GPL, but as I contend no human law can ever claim otherwise).
This is pure and utter BS. If you work for a company, then any code which you create at work is property of that company, and you- the individual programmer- have no right to distribute that software unless it's explicitly granted (outside the confines of the GPL). Otherwise, we'd never pay for software again, just get to know someone at the company. The GPL, as a legal document, can't really distinguish between a company and a person, and I'm not sure why it would, anyway. Companies can and do distribute software. I own RedHat Linux, did Bob Young personally distribute it?
How did this guy's clueless rantings get this much attention? He should have been pointed to a Business Law 101 site and ignored from then on.
The post was OK, the apology isn't (Score:3)
Even if it turns out that the issues raised by someone somewhere are unfounded, and Slashdot posters are able to explain why, then the post and ensuing discussion have been worthwhile. It certainly isn't obvious to everyone at first blush that some argument or other doesn't hold water, and if nothing else, Slashdot can serve to make that apparent to a broad audience. Certainly, there's nothing obvious about the arcana of software licensing and corporate law. There is a genuine need for a forum like Slashdot to discuss these issues, where people with well-qualified opinions about this kind of subject can inform the rest of us.
Those of you who are flaming Slashdot in general and Roblimo in particular should bear in mind that what's self-evident to you may be completely mysterious to others. It takes a certain kind of humility and patience to understand that, qualities that some of you apparently don't have.
But, Roblimo, this whiny apology just makes the whole thing worse. Maybe you should consider a vacation from Slashdot, you're taking this far too personally.
NDAs and body parts. (Score:3)
NDAs with outside parties are made as part of including the outside party in a contract which changes the outside party to an inside party, an agent of the corporation with defined responsibilities. Typically such a person would be a consultant or a prospective hire. This applies whether the "person" is an individual human or another corporation, limited partnership, or what-have-you.
The outside party becomes a "body part" of the corporate "person", like a fingernail or a ganglion. (Ideally - an important section of the brain. B-) )
(I can imagine a company's lawyer trying to hack up a shrink-wrap contract that purports to be an NDA. But since the body of the relationship in such a case would be the company providing code and the customer paying for it, the subterfuge would be transparent, and no doubt immediately struck if it came to court.)
(if the originator of the modifications thinks they [override the copyleft], then they are legally precluded from distributing their modifications by the GPL/copyright law).
But they AREN'T "overriding" the COPYLEFT. They're creating a relationship between the parties which makes the "person" who signed the NDA a part of an association. Granted he's a limited part. But so are the corporate employees and officers.
Once he's part of the association, giving him the modified code is not "distribution". He can still redistribute the UNmodified version. But the modifications (including any HE makes as part of his deal) are the company's undistributed SECRET. And they stay proprietary until the company releases the signatory from the agreement, publishes the secret, or the secret is exposed through no fault of an NDA signatory.
As to the second point, the boundaries are determined by courts, in particular that corporations are legally considered to be individuals. "NDA boundaries" have no legal standing as individuals. Thus distributing outside the corp _is_ distribution, regardless of any NDAs.
"NDA boundaries" do not have to have legal standing as individuals. "NDA boundary" is simply a shorthand term for defining the location of the "skin" of the corporation's (or other association's) "body" with respect to a particular secret.
What goes around comes around.. (Score:3)
What bugs me is the potential for an employee to be fired for distributing this source back to the community. Now it becomes his argument that the GPL grants him the right to do this, and they should not have fired him.
So now the company is sued for violating the GPL by that individual. The GPL still holds. And the whole mess just becomes a lesson that violating the GPL is a bad idea.
Dave
Re:Why not just use BSD license? (Score:3)
> There's no reason why a company shouldn't be able to take Linux,
> add some nice commercial proprietary binary only stuff into it and
> then sell it.
No reason?! Well, take for example the shell program mc. According to its help page, mc was written by Miguel de Icaza, Janne Kukonlehto, and ten other programmers. Since they wrote it, they had the privilege of copyrighting it, ANY WAY THEY PLEASE. As the creators and owners of the program, it was not yours, not mine, but theirs and only theirs to dispose of.
That means that they could come up with any licensing terms that satisfy their whims. They could have offered it as a commercial product, to be paid for on either a per-user, or per-CPU, or per-site basis. They could have released it under the terms that it could only be used on Tuesdays, and then only by left-handed Zoroastrians. Or they could have given it away absolutely for free, as you suggest.
Mr. de Icaza and Co. chose not to give mc away for free. They chose, instead, to restrict its redistribution by placing it under the GPL. In terms of the profits that the developers made from this program, the results are the same as if they had given it away for free: zero. From the point of view of us in the general public, for them to choose the more restrictive GPL rather than placing their code in the public domain may well have resulted, paradoxically, in more access for us; in exchange for us losing the right to trivially modify mc and then drag it into the proprietary domain, we are guaranteed free access not only to the code as it exists today but to all future versions as well.
But it doesn't matter whether Mr. de Icaza & Co. had good or bad intentions when they chose to license mc as they did, nor did they have to consider whether the license they chose was good or bad for society in general (except of course they would have to live with their consciences). mc is their code and they were free to license it however they liked.
Besides, why do you imagine that one can't add proprietary stuff to a Linux distribution? An example of this is a shrinkwrapped deluxe Redhat distribution that's sitting on my bookshelf. It came with at least two proprietary products (BRU backup software and a commercial accelerated X server) right in the same box with the GPL'd Linux kernel and GNU tool set.
> It is called the free market.
I may be in a minority here, but I at least don't get all swoony over the phrase "free market," and I have to laugh at the notion embedded in the phrase "invisible hand." (What do you mean "invisible"? I can see it right there, coming out of Alan Greenspan's sleeve.) The so-called "free market," a propagndistic misnomer if I ever heard one, isn't some a priori ideal, neither is it some kind of miraculous automatically-thriving, self-regulating socio-economic powerhouse; instead it is a delicate, probably inherently unstable system which requires constant effort just to keep it afloat. Please have a look at Karl Polanyi's book, The Great Transformnation for details of its antecedents, its early history and its weaknesses.
Yours WDK - WKiernan@concentric.net
This guy is a troll! (Score:3)
And boo to Slashdot for posting this ridiculous story without actually reading the links first. There's been far too much of that lately, as the comments keep seeming to indicate...
Re:A very different potential hole in the GPL... (Score:3)
And there you hit on the reason tactics like this won't stand up in court.
If you can write and maintain code that uses such an "encryption", then so can lots of other people. I.e. it's "source code". (If you're so brilliant nobody else can maintain your source, you might as well write breakthrough apps in clean Java, or Ada, or whatever, rather than resort to such time-and-energy-wasting tactics as shrouding the source via makefiles.)
If you can't do it yourself, that means you're getting some software help. At which point the so-called "source" isn't source code as the GPL defines it.
In that case, what the GPL calls "source" includes either the makefile with the keys, or the source from which those makefiles are automatically (or semi-automatically) derived.
The most important thing to remember about the GPL, and about legal instruments in general, if you're a technical type, is:
I.e. don't get caught up in trying to out-fox the GPL, or other areas of law, by complicating or substituting components in the relevant mechanisms. The law, and judges, generally see right through that.
And tactics like "well, the makefiles aren't part of the source code, so what if we put..." are nothing more than cases of nerds thinking they can get away with changing the law simply by changing the mechanism.
Study the GPL carefully. You'll note it hardly ever references the components of what the software community considers the mechanism of program distribution, especially key components like:
- Executables (.EXE)
- Source files (.c,
.pl, .f, etc.) - Libraries (.a,
.o) - Compilers (gcc)
- Makefiles
- Scripts
The reason references to these are essentially absent in the GPL, and in other (meaningful and enforceable) legal instrumentals, is that these terms identify little more than a file format. They certainly don't identify anything legally enforceable in terms of concepts the GPL cares about.E.g. anything you can write in C, you can write in Perl, or in a makefile, or in a shell script, at least in theory. Add a (proprietary) interpreter, and theory can become practice.
So the GPL defines, and talks about, source code, not just source files versus other sorts of files that might or might not contain source code.
Don't waste time speculating on how to move and transform the source code for a project such that it magically becomes something that doesn't "count" as source code under the GPL, because the law, and a judge, will see that for what it is -- a mere, and rather foolish, subterfuge.
The upshot? The day somebody ships so-called "source code" that is missing a key makefile needed to build it, such that the "code" is GPL'ed (and, say, copyrighted by the FSF, due to signovers and such), is the day they can expect a polite-but-firm letter from the FSF essentially ordering distribution of said makefile since it's part of the real source code. (Or of whatever goes into making it, if it's automatically generated.)
(Of course, all these issues, clever tricks, legal inanities, and so on were hashed out on gnu.misc.discuss years ago, but maybe those archives aren't so easy to research, or maybe people would just spout off their theories about how the law works rather than do the research of previous discussions. Note that, of course, you can find lawyers here or there that'll disagree with my assessment above, but it represents the arguments the FSF has actually made to convince real lawyers in real circumstances to agree to the FSF's terms rather than try to "get around" the GPL. The most telling aspect of my research into these issues is the fact that nobody's trashed the GPL when the underlying software is copyrighted by the FSF in all these years, despite several attempts to do so, and plenty of incentive.)
Re:The GPL has much bigger problems than this. (Score:3)
I was appreciating your reply up until this point. I was not aware of the history of the GPL, and will have to do some research myself, but regardless of its intentions, it is, IMO, still a Good Thing. I reiterate my point above: programmers choose to use the GPL. If you want to make money on your programs, you can, and there really is nothing RMS or anyone can do about it. I believe the purpose of the GPL is to protect code from proprietership(word?) and foster a community of open and shared innovation. How does this pit colleague against colleague? In the Real World is does anything but that. In RMS's mind, perhaps he accomplished that with Symbolics. Perhaps this whole idea was sparked by a vendetta, but there's no reason for RMS to put forth a liscense that would harm the very people central to his agenda! Perhaps he was spiteful towards Symbolics, I suppose he has a right to be. Perhaps his actions were not justifiable (if what you say is true, I don't think they were) but you can't overlook everything that GPL'ed code has accomplished just because of the sketchy nature of its origin.
Re:FSF audits? (Score:3)
This is why we want moderation of articles. (Score:3)
Moderation allows a large number of people to collectively decide an news items worth.
In this case, -1,troll.
In addition, article moderation allows for less articles submitted as we can check for duplicates. Also it would give you guys more of a break. Allow yourselves ultra-moderation if you want, so that you can set the score of an article and not allow the regular moderators to adjust it.
-----
Re:Its still okay (Score:3)
Technically, they can't seel it. But they can sell MEMBERSHIPS to an organization which will distribute only the binaries! Every new version gets new membership (with new membership fee), you can upgrade your memberships, etc. This technique allows for NORMAL, CLOSED SOURCE practices to take place using Open Source software! m
Re:Its still okay (Score:4)
binaries!
Where in the GPL does it say that clubs/organizations can distribute internally without source?
There is a big difference between a club member and an corporate employee, and those differences is why this "club" idea has no basis in legal reality at all (keeping in mind the GPL is a legal contract)...
The real way to cheat GPL (and why it will fail) (Score:4)
I thought someone was finally going to bring up the possibility of reducing a piece GPL'd software to a sort of daemon which acts as a shared library. If the interface is designed rationally (i.e. code for it can be written from scratch easily), there would be no need to reuse headers or other GPL'd files. Then proprietary additions to the software could be made through the creation of a proprietary client program.
I don't think anyone could make a case for communicating with a daemon being a creation of a derivative work. It is the same as the way you can make a script that runs programs which may be (and, in fact, are) GPL'd, without releasing the script under the GPL.
The fact is that there is no way to freely distribute and freely allow modification of software while forcing all later modifications to be released to free. Programs can interact, yet be seperate. There are many examples of programs which would be useless without the existance of another program (ex.: anything that isn't it's own operating system...), but they are clearly seperate and the copyrights are held by seperate people.
The GPL will not be upheld by legal threats, but by PR and competitive threats. Violation of the spirit of the GPL in this manner will create immense hostility from the Free Software community. Massive numbers will jump onto the hijacked project to duplicate the functionality of the proprietary additions, while eliminating annoying bugs and (of course) giving it away for free.
I fully expect that some company will try this trick some day, and be brought to their knees as a massive grassroots PR campaign paints them as evil corporate monopolists demanding money for an inferior product.
Re:Stallman's right IMHO. In this case that's good (Score:4)
I think this may be too broad, legally speaking. Absent express definitions to the contrary, I believe a court would interpret "distribution" in the context in which it is used: a license to exercise exclusive rights to distriubute [cornell.edu] under the Copyright Act.
Accordingly, we should look for a transfer of title, rental, lease or lending. Accordingly, control or possession of a copy transferred among employees or agents of the corporation probably do not constitute a distribution. On the other hand, control or possession of a copy by a non-employee, non-agent, even if subject to nondisclosure would probably constitute, at least, a lending (bailment) of the copy.
There are cases, I recall, holding that infringement occurs when a consultant/third-party is given access to copyrighted works for the purpose of repairing software on behalf of the licensee. However, I seem to remember that these cases went off on copying, rather than distribution.
I'm just spitballing here, but it seems to me that a plaintiff asserting breach of GPL would probably do just fine in the case of a defendant who gave a customer/non-disclosee copies of a work.
It would be fun to research the judicial gloss on this statutory language to see how it informs the question of distribution within a corporation.
Nevertheless, for these reasons, I think "non-disclosure boundary" is probably too broad a range to permit non-distribution exchanges of copies. I imagine that the result would be probably much closer to an "in the family" (employees and actual agents) test.
Re:Off on the wrong foot (Score:4)
Corporations are individuals in the eyes of the law. They can be sued. They can even be convicted of crimes. Their directors can be held personally accountable for their [i.e. the corporation's] actions. Being an individual under the law is why corporations exist! There's a reason why you aren't on the hook to pay the bills when a company you own shares in blows up, and that reason is that the corporation is a legal entity unto itself. The corporation is responsible for paying its bills -- the shareholders aren't.
The first line of the post from Mr. Rideau says it all: "in my interpretation [ ... ] companies are not individuals and have no right as such".
While I happen to think the bugroff license is cute and witty, the fact remains that the law is not terribly interested in Mr. Rideau's gross misinterpretation of the notion of the corporation's rights as an individual. Slashdot dropped the ball on this one. The GPL is as sound today as it was yesterday. We don't know how well it'll stand up in court, but if it's defeated, it certainly won't be because of some cockamamie "interpretation" that says corporations lack rights as individuals under the law.
Stallman's right IMHO. In this case that's good. (Score:4)
Companies can keep their internal modifications secret as long as they don't distribute the code OUTSIDE their non-disclosure boundary - and once they distribute the object outside that boundary, they must also distribute the source.
Giving the code to people INSIDE the non-disclosure boundary is not "distribution" within the meaning of the GPL, so it does not confer on such people the right to disclose the modified code without the approval of the company's official decision-making process.
This is good. It means that a company can adopt GPLed open-source software without taking an increased risk that any company-secret changes they make for internal use only will be disclosed without their permission. That will make them more willing to adopt GPLed open-source software.
They'll still have to distribute the source to their changes if they distribute the changes themselves generally. And they're more likely to distribute anything useful but NON-company-secret than they would if they were working with closed-source code.
The only problem I see is if this speculation by legally-uninformed people, raising a spectre of employees disclosing their secrets, scares off management that otherwise would adopt GNU-licensed code.
Rob - Chill Out! (Score:4)
Calls for artticle moderation are valid, despite the fact that this may very well be difficult to implement.
Rob, chill out. You posted an article that alot of peopel thought hadn't been background checked efficiently. That doesn't mean we hate you, it means we think you made an error in judgement. I'm sure the overwhelming amount of people who responded to this article would be saddened if you ever left slashdot - you are slashdot.
You've brought thousands of people together tom participate in debate. Be proud of it
You're having a bad day. Walk away from the computer, get drunk, have a shower with your girl. Wake up tomorrow a happy man.
Stallman's reply and my take on the situation (Score:4)
I agree with that position, as a question of legal interpretation of the GPL. The reason is that the company is not distributing the program in that case.
I don't think it is ethically right to permanently withhold useful improvements. But that is a different question from what the GPL permits.
I saw this hole ages ago. The bottom line is that corporations function largely as fictitious people. Authorized people can enter into contracts on behalf of a corporation. The contract can outlive the person's employment or even the person. And it can enter into contracts on behalf of its employees, assuming that those contracts are legal.
The interesting test case would be one where a company makes changes that they want to keep to themselves to GPL'ed code and one of the employees releases them. What it would be testing is whether the employees could act as individuals with respect to the enhancements to the code.
I agree with RMS that it would be ethically wrong, violating the spirit, if not the letter of the GPL. Furthermore, I don't think it is in the interest of the company doing it. Eric Raymond has written about the reasons that projects don't fork [tuxedo.org] in Homesteading the Noosphere [tuxedo.org]. Nearly all of the reasons that apply to a forked open source project apply in greater measure to an internal project by a company. But there are a couple of other issues that are special in this case:
In the end, I think it is an unlikely scenerio to last very long. In the short run, I could see a company wanting to keep some development private. A hardware manufacturer might keep drivers secret until they release their product in order not to tip their hand to the competition. I honestly don't think that is something we even want to try to discourage. If allowing them to do that encourages them to release open source drivers after the product release, I applaud them.
Off on the wrong foot (Score:5)
What a messy article ;) (Score:5)
If you are a corporate employee, this can override certain 'human rights' you might think you have. You may not be entitled to your own thoughts, or ideas. You probably are safe from being legally tortured to death with pitchforks, look on the bright side :)
This fellow's hysteria seems to be based on the notion that people who are part of corporations have some sort of 'individual' rights. It's a pleasing argument, but largely hypothetical. Expect corporate powers over 'their own bodies' to become stronger and stronger as they are challenged.
To a corporation, firing and suing an employee to ruin the employee's life because the employee posted internal GPL code is the same as you cutting your toenails or burning off a _wart_. There is reason to believe that this perspective would hold up in court, because the employee theoretically had complete freedom to join, or not join, the corporation in the first place. Having joined, the employee's 'rights' or lack of same are spelled out in contract law... the person might find that they themselves did not own the ideas they used to modify the GPLed software, or any of the other ideas they talked about at work or came up with at home- so after being fired they could be left with _only_ publically GPLed work, and the company project which they forcibly publicized ahead of schedule- and everything else they did, not having been GPLed by anyone, is property of the company and if they tried doing anything with that, they'd be hosed, slammed into the pavement by a very slam-dunk sort of case in which they are STEALING TRADE SECRETS not theirs to GPL.
That is an ugly scenario, but it is quite real. So the trouble is not the corporate employee being harmed for exercising their right to GPL- they have no such right, they are a corporation's toenail in the legal sense and are not entitled to any such grandstanding. The trouble is on a more pragmatic level, and it's a medium sort of trouble, not a big trouble.
Basically, the corporation can fork a GPLed project and put massive resources behind trying to produce a significantly different version, all under tight wraps. It's allowed to discipline its parts as it sees fit, and is allowed to keep its work entirely to itself until it releases it with a well-funded publicity splash. At this point it must release source, and anyone can extend off this reference point- but the corporation can turn around and begin another round of complete revamping under complete secrecy, refusing to cooperate with outsiders.
I spoke to RMS about this, seeing it as a sort of loophole. He remained unperturbed, and I think I understand why- to RMS, 'free' development will always outpace, always outproduce such closed environments. For RMS this isn't even an issue, much less a loophole, to him it's the corporations being fools by turning away from a world full of willing helpers.
I don't know if he's right or not. Certainly he has a point- though there are also examples of types of work where a controlled team can outperform the bazaar- particularly game or art projects where the project's goals and values are very much a judgement call. On the other hand, OSS moves really fast- in the event of a radically altered GPLed codebase being sprung on the world, everything about it would be known and understood within days- there's not a lot of strategic advantage to keeping secrecy when you're inevitably going to make full disclosure anyhow.
Final analysis- this really isn't about the GPL so much as it's about corporatism. Like it or not, corporations get to own people and their ideas, legally. They also get to play in the fields of OSS alongside ill-funded hackers, and what they lack in nimbleness and cooperativeness they gain in sheer ability to market and distribute on a global scale.
It may be that eventually corporations will set the course for OSS by using their capacity to control collective programming skills and choke off communications. However, in a way this hardly matters- the source will get out there, no amount of GPL-allowable obfuscation (i.e. minimal) would stand up to the eyes of the world for longer than six hours or so, and frankly, if anyone thinks the amount of kluge and mess created by a world of corporate OSS 'coders' trying to trip each other up... would be worse than the current world of _closed_ corporate coders collectively trying to do exactly the same thing, with no expectation of eventual source disclosure.
Expect the corporations to abuse their privileges as hard as it can. It only adds a scattering of immensely rich, and twisted and obnoxious 'individuals' to the talent pool. Think of it like having some prima donnas who keep re-inventing everything, and just roll with it...
Corporations are *people* under the law (Score:5)
Sadly, this is untrue. Someone else pointed this out earlier but it bears repeating: in the United States, a corporation is a "natural person" under the law, entitled to all the same rights as people who happen to be made of meat.
This great Adbusters article [adbusters.org] goes into a lot of detail of the history of corporations and how we ended up in this mess. From the article:
Adbusters is wonderful, you should subscribe.
Summary for the lazy (Score:5)
Background: GPL says that you can't just distribute a binary (in essence). If you distribute at all, it must be with source.
The Issue: Can a company make an internal distribution of GPL software and not release it? (E.g. NSA secure linux, or Corel closed beta)
View 1: Companies are not people. A developer in a company may modify the code and give to other workers in the company. These other workers have all the rights to source from the GPL. Thus, if one worker decides to publish the modified code, the company cannot (legally) do anything, it's GPL code still. Thus, internal distributions of software can only be enforced through threat of firing. Even if only a binary is leaked, people who d/l the binary can require the company to give the source!
View 2: Yes of course. That is not subject to the terms of the GPL, you are not distributing it. The problem with this view is that what if I want to sell modified GPL code? I can say: $10 to join NickSoft, Inc. Then I will send you code, but you may not distribute as terms of 'employment' with NickSoft. Boom, there goes GPL.
The original poster says both views are flawed and you cannot have any other (legally they are mutally exclusive).
RMS says, yeah maybe its a flaw, but its really minor.
Again, this is only my interpretation. Read the original posts.
(My personal opinion is close to RMS', its a very tough issue and is hard to avoid, however one states a GPL-like licence. I'd say leave it be)
--Nick
Don't panic (Score:5)
The idea is that someone creates an organization, and then requires everyone to be in the organization as a condition for software distribution. Then the modified GPLed program is only distributed to club members, and all the club members agree to only distribute the program within the club. In a sense, the Trillian project (which is porting the GNU tools and Linux to the IA64 architecture, which is still under nondisclosure agreements) is such a club.
So, does the fact that this can be done break the GPL protections? No, because it doesn't get around the requirement to provide sources to everyone who gets binaries. Attempts to do this kind of thing for a different reason (e.g. charge everyone big bucks for being in the club and forbid them from sharing information with outsiders) may run afoul of antitrust provisions in the US and the EU (forcing people to be in a club before you do business with them may not be legal, depending on the circumstances).
RMS often points out that the GPL (and other licenses) shouldn't be written, or read, as if they represent the whole of the law. Just because the GPL doesn't exclude some possibility doesn't mean that it is legal. It may be illegal for another reason.
Hey hey, wait a minute (Score:5)
First of all, Faré is French and resides in France. So before attacking his integrity, honesty, manhood, morals, intelligence, competence or whatever, ask yourself this question, American-boy: do you have any idea as to how French law applies to this issue? What if it were the case (perhaps not in France, but somewhere else) that this loophole _were_ applicable and an issue under some other country's law?
Also, as other posters have said, Faré is worried about what might happen if a corporation were created with the express purpose of hoarding otherwise GPL'd code. This might be an issue.
Finally, please don't fuck cybernethics up! If you want to join in on the discussion, that's great, but the membership is really soaring, and it'd be very unfortunate to see the list deteriorate, and I'm afraid that this is going to be the case. So try to keep the S/N ratio up.
Anyway, if anyone cares, Faré and I are on IRC right now (#tunes at openprojects.net). If you've got a problem with him (or me!), come over... we've already got the boxing ring set up.