GPL Causing Problems for Derivative Linux Distros 386
NewsForge (Also owned by VA) is reporting on a recent discovery by Warren Woodford about how the GPL could affect derivative Linux distributions. This could make life difficult for those small distros that are being maintained by one or two people in their spare time due to the high amount of work it creates. From the article: "Woodford does supply the source code for MEPIS' reconfigured kernel in a Debian source-package. His mistake seems to have been the assumption that, so long as the source code was available somewhere, he did not have to provide it himself if he hadn't modified it. While he has not contacted any other distributions, he suspects that he is far from the only one to make this assumption. 'We, like 10,000 other people, probably, believed we were covered by the safe harbor of having an upstream distribution available online,' Woodford says. 'I think, of the 500 distributions tracked by DistroWatch, probably 450 of them are in trouble right now per this position.'"
Applies to other GPL software as well (Score:5, Interesting)
From: mrAngry@snootygits.com
Subject: I want the source code to your system!
Polite Reply:
If you would like the source code you are welcome to have it.
Please note however that I have only made changes to a few of the thousands of x system source files.
There are 2 ways that you can have it, the simplest being go to my upstream system writer and download the base code which I used and see the src folder on my FTP/CVS/web server for my own modifications.
Otherwise I am willing to post you a CD/DVD containing the entire source code (original and my modifications). I cannot unfortunately upload the entire x GB folder since I do not have the bandwidth to spare.
Please note however, there will be an administration and postage charge of £10 if you require a DVD image.
have a nice day.
Anyone making source modifications to a system must have at least one source copy of the original so be respectful but don't waste your time worrying about it.
GPL? (Score:4, Interesting)
Re:People who do not read license... (Score:3, Interesting)
These projects may be covered under section 3 (c) of the license:
(relating to pre-compiled binary distribution)
c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)
I don't know about you but I would read that as, provided no changes have been made, stating that a link to the MEPIS source code repository was adequate if that was the nature of the offer recieved when the MEPIS binaries were downloaded, provided the sub-distro is non commercial.
In any event for non-commercial sub-distros I cannot see that a violation in word but not spirit of such a minor nature would cause any eyebrows to be raised, generally you have to work quite hard to get sued under the GPL.
For commercial entities then it's an entirley different matter, but if they don't take the time to read and understand the license then, well, words fail me.
So offer the source code. (Score:2, Interesting)
HTH, HAND
Re:rtfa and still don't get it (Score:2, Interesting)
Bear in mind that, although not directly related to cases where changes are made, handing out CDs to friends *is also* distribution, but thanks to section 3(c) of the license you are perfectly able to refer them to the "bigger" distro supplier for the source code.
There are cases where indeed the big fish are required to provide source code hosting for the smaller distributors.
Re:Quit whining, distro makers (Score:2, Interesting)
Why go after MEPIS and give Google a pass? (Score:1, Interesting)
1) A copy of the GPL be provided (and for a distribution with glibc, a copy of the LGPL as well)
2) A list of the GPL/LGPL packages used and where the source code is available from (the source code can be provided by a previous location *IF* it is non-commerical redistribution)
GPL requires for commerical redistribution (such as can be ordered from the MEPIS store):
1) A copy of the GPL (and LGPL) be provided
2) A written offer for source code on a physical media (such as CD) that costs no more than recovering the costs of performing such redistribution (if time/materials to download and burn all the source packages is worth $50 then the cost is $50 even if the binary CD is only $15)
It seems silly for the FSF to go after MEPIS considering the on-going GPL violation that Google continues with for their Google Search Appliance at http://www.google.com/enterprise/gsa/ [google.com]
Google performs redistribution of a RedHat-like GNU/Linux distribution *WITHOUT* providing any written copy of the GPL or LGPL. There is no copy provided with the written documentation provided. And while there is a copyright/about option in the web administration piece of the appliance, it also fails to provide any copy of the GPL or LGPL. So far, I am not aware of any effort by the FSF to correct Google's actions and the group that provides support for the GSA has stated they have no intentions of changing their actions to comply with the GPL since they consider themselves to already be complying by *NOT* providing any copy of either license!
Also, EndRun Technologies has a small GNU/Linux distributions can be downloaded from:
http://www.endruntechnologies.com/download.htm [endruntechnologies.com]
The source code is not available for download but is available on CD-ROM for a $100 fee.
Re:Applies to other GPL software as well (Score:5, Interesting)
Yup. Seems like total nonsense to me.
Even if he chose to distribute the sources online, the resources required are trivial. A bzip'd source file is rarely much larger than binaries produced from it. We're talking about at most a factor of 2 difference in storage on the server even if he decided to independently place the source to every version of every binary online. And, there are many ways to cut that number down until it's a marginal increase in storage requirements.
There's no requirement that he distribute the source in an elaborate or easy to use way. Just write something that fetches the source to every used package and tosses them on the server somewhere every time a version is released. Remove the old ones from the server and offer to ship a dvd in exchange for handling costs.
Better yet, keep an up-to-date local copy and just check it into a cvs server with every release. (That way you only pay to store the diffs and have the source for every release available should anyone want it.)
If he's right and nobody actually wants or needs to get the source from him, then the additional bandwidth requirements will be tiny. On the other hand, if the added bandwidth *is* important, then it demonstrates that there's a very good reason to require source distribution.
Personally, I've never used a distro for which source packages aren't available. It seems like such an obvious step that I'd think twice before trusting someone who didn't do so automatically *before* getting a letter from the fsf.
patch files? (Score:3, Interesting)
Would this affect any small source-based distro's that use patches on top of the original source files? [sort of like Gentoo, 'cept they aren't small]
Lately I've been thinking about building a small distro based on Gentoo or even just "roll your own" for my self. If I intend on releasing it to the public [I am still uncertain] would patch sets be the easiest route if I were to need to actually modify any code[it will be a source-based distro]?
You'd think... (Score:3, Interesting)
Sorry, but we're not there yet. You'd think it'd be time for some natural selection of the Internet. Who the fuck wants to read anything Jack Thompson has to say? Surely we could do without Heroic [rxhearingaids.net] domain [thesoundmonitor.com] and typo [slahdot.org] squatters [bedroombrain.com], couldn't we?
The problem is, even if no one clicks on typosquatter ads for quite awhile, these Heroic pages probably won't go away without a fight. They'll find other ways to make money, other places to hide, all without cancelling the ones that aren't working.
So what happens to all the old Linux distros? Oh, they might even still be available, but the unpopular ones won't be maintained. Remember tomsrtbt [toms.net]? That was my best recovery tool, before I had a cd burner, cheap CDs, and noticed how everyone had ubiquitous CD drives. Now I use RIP [tux.org]. Let's compare those -- tomsrtbt still works on the same computers it did before, but doesn't support the filesystems I need, and my main computer no longer has a floppy drive -- not to mention, it was last released in 2002. RIP probably takes less time to load, even though it pulls some 75 megs into RAM before you use it, versus tomsrtbt's 2 megs, because tomsrtbt is on a floppy (a slower floppy than usual), and RIP is on a CD. And let's not forget, RIP was last released four days ago.
So, why is tomsrtbt still online? It's still on DistroWatch, even.
The problem is, when a project is truly forgotten, you also forget to remove it, even if there's a natural replacement.
Re:patch files? (Score:3, Interesting)
Patches contain parts of the original source therefore the patch is covered by GPL too.
Of course this means that distribution of patches is pointless.. you have to distribute the source *anyway* or you'll have the FSF on your back.
Correct me if I'm wrong... (Score:3, Interesting)
If they request the source code to a GPL package, and the author ignores them, what option do they have? I imagine the original copyright holder(s) would have an action as the original author(s) but I fail to see what standing the FSF has unless they are a copyright holder.
This is an honest question - I don't know how this aspect of law (copyright law, maybe some other laws sneak in?) would actually work. What are the limits?
Of course, the linux distro that isn't chock full of GNU tools is a rare bird indeed...
Re:Applies to other GPL software as well (Score:5, Interesting)
I've been the Mr. Angry in this situation -- I'm not sure if it was a language issue, or why, but instead of telling me "the code is in anonymous cvs from XXX under tag YYY," or sending me a copy, the kernel hacker in question basically told me that he wasn't interested in helping me. It meant that I was stuck unable to make necessary reconfigurations to the only working kernel I could find for my handheld; I was basically stuck with a binary blob that I couldn't modify. I knew that the guy was one of the good guys, but it still really sucked being stuck in a situation that (a) left me unable to use Linux on my handheld, even though someone somewhere had got it working, (b) the GPL was designed to prevent, and (c) was, technically, illegal.
For me it was a much greater waste of time not getting the source code; it was such a waste of time that I gave up and shelved my handheld. You may not care about me personally, but you should bear in mind that fulfilling the GPL's conditions is very important, for reasons besides "it's the law."
Take what it gives. (Score:5, Interesting)
There is no upgrade path from one version of MEPIS to the next.
Well, that's what happens when you mix in non free stuff like Macromedia flash, Real Player, Nvidia drivers, NDis wrappers, Vonage clients, etc. Non free is brittle. It might be less brittle than the Windoze world, but it will never be as easy as the free world.
Free packages in Mepis upgrade with about as much grace as you can expect. Just last week, I upgraded Kontact from a 2003 edition to Etch. This worked out OK through apt-get outside of X. It got all the KDE goodies, xorg and other dependencies and just worked when it was done. There was one hang up, but the system itself told me what magic phrase to type.
There appears to be a very weak mechanism for collecting community know-how as to how to configure the system to "just work" on a particular platform.
Nuts. Mepis is one of the easiest distributions to install. If it works off the CD, it will work off your hard drive and Mepis works with more hardware than anything else I've ever tried.
Mepis is still a great distribution to install for someone when you don't want to spend a lot of time. It demonstrates what free software can do. The problems it has are the problems of non free software in general and those rear their head far less often on a Mepis system than they do on less free platforms. In short, don't give up a useful tool just because one person says some stupid things.
Warren can and will fix this little source code problem and this little non issue will fade away without trace. The chances are that some co operative solution will be easiest. Distributions which use the same package unmodified can get together to share the cost and expense of keeping the source code available.
Re:This is why distros like Gentoo have an advanta (Score:3, Interesting)
Re:Mepis plays fast & loose with GPL (Score:3, Interesting)
A small distro is fine so long as it is architected as a delta on established base. Then you can keep current with the base and the worst that'll ever happen is that the distro-specific deltas have to be adapted and re-applied. If the small distro is viable, it should be able to do that much. Or figure out a way to use community support to maintain and enhance the deltas (for example, to support new hardware). Even if the distro dies, all you lose is whatever its value-add was in the first place.
MEPIS chose instead to say that if you upgrade from Debian sources you are on your own. And if you upgrade, say, from MEPIS 2004 to MEPIS 3 or from MEPIS 3 to MEPIS 6 you have to do a fresh install and all your configuration information and tweaks will be lost.
3b says *any third party* (Score:1, Interesting)
The emphasized part of what you said above is wrong. If you actually read Section 3b, it says that the written offer must be valid for any third party, not just whoever you give the executable to.
The "any third party" phrase in section 3b is one of the few hidden surprises in the GPL. A lot of people miss it even after reading the GPL thoroughly several times.