Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
GNU is Not Unix

Hole in GNU GPL? 426

Faré writes "It looks like a hole in the GNU GPL [may allow] people to practically turn GNU-free software into proprietary software, in as much as licenses are granted collectively rather than strictly individually. See the recent discussion thread on the cybernethics mailing-list. If collective licenses are enforceable, then there's nothing left to the GNU GPL (or any free software license); if so, I'll go to the bugroff license." Faré, who submitted this, is one of the main participants in the referenced discussion. Richard M. Stallman is another. They raise some interesting points. And the "bugroff license" is a hoot! An apology from Roblimo follows; click below to read it.

Public Apology

I posted this piece because I felt Faré raised some subtle but interesting ethical and legal points about the GPL that were worth discussion and clarification. I honestly did not expect to get flamed over my decision to post his submission.

I believe that software licenses and documentation, like software itself, should be discussed as openly and publicly as possible so that bugs can be exposed and repaired. However, words (especially legal words) are far more slippery than code. With words the question, "Is this a bug?" is often far harder to answer than it is in software.

But I was wrong to post this to Slashdot, which is obviously not an appropriate forum for discussion of subtle ethical matters, and it is apparent that any mention of even a hint of a possible tiny imperfection in the GPL does not belong here, and that anyone who dares to mention any such thing on this website must expect - and probably deserves - a series of harsh, even obscene, personal attacks instead of rational rebukes or comments.

Please accept my humble apology. I was wrong. I will try not to make the mistake of posting anything even remotely like this on Slashdot ever again.

- Robin

Update: 01/18 01:37 by CT :Another Public Apology I apologize for Robin's "Humble" apology. Robin posts many good stories on Slashdot, but sometimes when he gets flamed, he takes it very personally. The reality is that every author on Slashdot gets a big load of flame every day as part of their job. They get this for mistakes, misunderstandings, or just because someone had a crappy day. Those of us who have been at it for a long time just don't care any more.

I think Slashdot is a fine forum for arguing subtle points. I just think that when things like the GPL come into question, the hostile kneejerk reactions run rampant, and its a good idea to up your threshold a notch if you prefer a conversation to be a little more mature.

- CmdrTaco

This discussion has been archived. No new comments can be posted.

Hole in GNU GPL?

Comments Filter:

  • Giving the code to people INSIDE the non-disclosure boundary is not "distribution" within the meaning of the GPL

    I don't follow this. Why not? Heck, there was so much doubt about whether *the same person copying a program from hard disk into memory* was copying prohibited by the Copyright Act that Congress explicitly permitted this (see sec. 117(a)(1) [cornell.edu] of the Copyright Act). Certainly, then, giving a copy to an employee would be prohibited. See sec. 106(1) [cornell.edu] and sec. 109 [cornell.edu] of the Copyright Act. Section 109, in particular, permits a person to dispose of a copy of a program, but prohibits leasing or renting for indirect commercial purposes (which presumably includes saving money) -- thus a corporation could not even "lease" one copy of a program to an employee, much less transfer copies to the lot of them.

    Also, while sec. 106(3) [cornell.edu] of the Copyright Act, which pertains to distribution rights reserved exclusively to the author, refers to a "public" distribution, the GPL does not refer to a "public" distribution; instead it refers only to a distribution. This omission is of course significant and goes to the intent of the author not to permit non-public distributions.

    In case you are still not convinced, think about the fact that the GPL pertains not just to distribution, but also to copying (though it does not pertain to mere "use"). Either before or during any non-public distribution (or use for that matter -- hence the need for sec. 109 of the Copyright Act) you must make a copy.
  • by Anonymous Coward
    Company law explicitly states that *members* of a company are separate legal entities to the company itself. In fact this is a basic underlying principle of company law. Consequently, distribution to members is distribution outside of the company, and must include source code.

    Employees of a company are considered to be a part of the company *only in a tightly limited context of the work they do for the company*. If a company were to allow the employee to take the object code home outside the context of the work, that would be distribution, and must include source code.

    There is no loophole here.
  • There's a very different potential way to get around the GPL. Thus far it's purely theoretical (so far as I know). It's essentially a cryptographic attack.

    Section 3 of the GPL reads in part:

    The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable.

    Here's the catch, though. It doesn't say that the actual commands used to build the executable must be configured. So the source code could be obfuscated by a stack of #ifdef's. The actual command to build the (modified) source is

    make CFLAGS='-DA0=1 -DA1=0 -DA2=1...'

    See where I'm going? The sequence of preprocessor definitions on the command line amounts to a cryptographic key. If the wrong "key" is entered the program might not compile, or it might simply do something different. If this is done pervasively in the modifications it might be impossible to use the source code in practice.

    This, again, is a theoretical attack, and would take a lot of work to do in practice. There would also be the risk of whoever's distributing the software forgetting the key, since including it in the script would amount to it being part of the required source.

    When I mentioned this to RMS, he wasn't terribly worried about it. I don't think it's all that great of a concern in practice, but it's interesting to think about...

  • I thought someone was finally going to bring up the possibility of reducing a piece GPL'd software to a sort of daemon which acts as a shared library. If the interface is designed rationally (i.e. code for it can be written from scratch easily), there would be no need to reuse headers or other GPL'd files. Then proprietary additions to the software could be made through the creation of a proprietary client program.

    I'm not quite sure I'm following here.

    You can compile proprietary code against GPL'ed (or, more likely, LGPL'ed) headers and libraries without problem.

    I can copyright my scripts under whatever super-restricting licenses I want. Just because the architecture or the interpreter is GPL'ed doesn't in any way translate to the things using/running on them.

    What you're describing sounds an awful lot like, say, kernel modules. Proprietary, non-GPL'ed binary kernel modules do exist. Their usefulness is limited, but they're out there and it's perfectly legal.

    What exactly is it that you're objecting to here?
  • All it takes is a judge saying, "The club is a sham. By selling/distributing memberships, they're just trying to hide the fact that they're really selling/distributing the program, contrary to the license."

    If you can prove this, I can't think of any reason a judge would disagree with you.
  • I think this AC is right on the nose. Too bad it was posted as an AC and probably won't be seen by many people.
  • I guess maybe you and I just see things differently here.

    I have no problems with a company taking a GPL'ed program, making trivial changes, making moderate changes, or customizing it quite heavily and using it for their own proprietary needs. Isn't that kinda the point?

    What's wrong with taking an ordering processing application and bastardizing it or just cleaning it up quite a lot and using it for your own site? Sure, it would be nice if you released your enhancements under the GPL, but you're under no obligation to, and I don't really see why someone should be forced to do so.

    If you don't want your programs used in this manner, simply don't release it under the GPL. Write up your own license.
  • Consider code whose entire purpose is to manage a complex website.

    I'm not sure I see what the problem is. Let's say I write a bunch of code, based on something that's been GPL'ed that allows people to make updates to my web site from remote locations (hell, a guestbook application might qualify). Are you of the opinion that I should be required to make the source code to this type of application available?

    The GPL doesn't require making the source available to *users* of the program, only to those that you make the binaries available to. You're not distributing the binaries; you're just making the application available for use, so you're not obligated to redistribute the source code with it.

    I'm afraid I don't see the negative point here.
  • Now, am I receiving that software under the terms of the GPL or under the terms of my non-disclosure/non-compete/etc agreements?

    So long as the code doesn't change hands from one legal entity to another, it's not being distributed. Since you're acting in your job capacity for the same company that's giving you the program (plus proprietary modifications), you have no rights to redistribute the software because your rights over the GPL'ed portion of the code are in conflict with whatever NDA agreements you signed in addition to state/federal law. The GPL (and the law) states that when such a conflict arises, you lose your rights under the GPL to redistribute.

    The company isn't "distributing" it to you any more than your lungs are "selling" oxygen-enriched blood to your heart. It doesn't leave the closed system.

    You can do whatever you want with the GPL'ed portions of the software, but any bit that someone else in the company has added or modified is controlled by its own copyright/license agreement, which effectively means you can't do anything with it outside of your normal job functions.
  • The day bug reports are shot down in flames, merely because you disagree, is the day Closed Source software wins. If you effectively prevent ANYONE from raising an issue, then there is NO difference between the most open, liberal licence and the most closed, frigid restrictions.

    Shame on ALL who have flamed and condemned! Yes, it is important to hear all sides of an argument, or it's no argument at all. It's dictatorship. BUT, it is PERFECTLY POSSIBLE to be decent about it! No matter where you are, or who you are, there is STILL another person at the other end of the line. You never hired Roblimo to be your punching bag, so don't treat him like one!

    I am frankly disgusted by the trolls over this news item. And news it is! If there's a potential hole, it needs reporting! Slashdot did the same with the Sun licence, the Netscape licence, and just about every other Licence that's ever been published! Some of those got fixed as a result, for the benefit of all!

    ANYONE who feels they can do a better job of running a news service than the people who run Slashdot - feel free! Grab the Slash code, or the Squishdot code, and run your -OWN- news service! You can't? Or won't? Then =HOW DARE YOU= tell others how to! If you're not capable, and they are, then maybe they know more about it than you do!

  • Not true at all. See my posting earlier in this discussion for the true story of the GPL, as substantiated by Richard Stallman's own writings.

    Brett,
    Why should anyone believe you on this subject any more than Stallman? You very obviously have a large chip on your shoulder about this, and careful quoting of someone can "prove" just about anything. I've read some of your posts, and even the selected quotes you used can be interpreted in multiple ways; you invariably choose the one that puts Stallman in the worst light.
    My guess is that you're both right about the reasons for the GPL's creation. People's motivations can be fairly complicated, and there's no reason that your explanation and Richard's are mutually exclusive.

    Most of those whose software is licensed under the GPL have no choice as to the licensing, because they are contributing to a project whose code has been "infected" by the GPL.

    I don't understand this claim at all. Most GPLed software I can think of off the top of my head was written more or less from scratch, so this wouldn't really apply. Except for stuff that uses GPLed libraries like readline and libapt, projects are under the GPL because someone thought it was a good idea.

    Daniel
  • No matter what interpratation you choose the GPL is probably still good. Sure some group of people could decide to create their own private version of GPLed software without legal fault, however, they are still restricted from selling their modified code. It is this restriction on commercial transactions which saves the GPL if "group liscenses" are valid.
  • I know that Bruce Perens had some thoughts at one point about using rules on public performances to come up with a free license that closed this loophole. I don't know what those thoughts are exactly though, or what came of them

    I currently have a yet-to-be-published note on this, which is being evaluated by the principals of a Linux-friendly ASP at the moment.

    Thanks

    Bruce

  • Contracts/licenses are probably not "protectable" by copyright.

    There's got to be case law on this, with all of the Board of Realtors copyrighted home sales contract stuff, and the hundreds of companies that make their entire living selling legal boiler-plate. I don't have the time or skill to search it out. Can someone else look into this?

    Thanks

    Bruce

  • I would hate to think even minor threats to the GPL wernt worthy of a mention on slashdot.

    With balance. This didn't have balance. Would you expect to see this as a Slashdot feature:

    Script Kiddie Determines: Linux Sux!
    Posted by ASlashdotJournalist [localhost.]
    Of course you don't see that on Slashdot, because a script kiddie doesn't have the expertise necessary to evaluate Linux for the multitude. Software license evaluation requires some expertise, too.

    Thanks

    Bruce

  • Just because you don't like something doesn't mean it's wrong. Roblimo has discovered the sharp and hysterical edge of the Slashdot mob, which coexists alongside the community's even-handed and insightful edge. Unfortunately the first edge is hurtful, every bit as much as the second encourages one to excellence. Jon Katz discovered the same thing and survived the experience of being dragged through the mud. Now Roblimo's being savaged, and has reacted with a mild rebuke to the community.

    You may not like it, but if you don't think it's deserved then you're not being even-handed. The community has a *large* mindless element nowadays (whatever the subject matter), and yes, their "contribution" can often be hurtful and unfair. Stay in there Robin!
  • Companies are not individuals and have no right as such. The author seems to have missed on a large body of law that says otherwise.

    I'm afraid it is YOU who as made an assumption. What you meant to say was "...have missed a large body of US law..."

    Honestly, not everyone lives in the US. I do, and it appears you do too. But Fare doesn't. And nor do many corperations which might wish to subvert the GPL. We have copyright treaties with other countries, but if something a buisness practice is legal there, there is nothing we can do about it! This is the formost problem for law enforcement on the internet. Its (whatever it is) legal SOMEWHERE. And there aint a thing you can do about it except embargo and block traffic. And you know traffic blocking doesnt work.

    --Nick
  • I'm sorry, but if I hire someone to build me a deck the deck is mine. If I hire someone to write me code, the code is mine. It's the same damn thing.

    Oh, really? So if I hire someone to steal your car, then your car is mine?

    Hamish
  • This guy's entire argument seems to be based on the (false) assumption that corporations are not legally bound by contracts/licences as individuals are.

    I don't think that's what he's saying. I think he's painted this scenario:

    A corporation takes some GPL'd code and modifies it, but doesn't distribute it, so they're not required to share their changes.

    Anyone can join this corporation - all you have to do is ask, and agree that you will not distribute any of the corporation's secrets - for example, the details of their software.

    Turns out this "corporation" exists solely to modify, but not distribute GPL'd code, so if you want access to said code, you must join the corporation and swear to secrecy.

    A bit far fetched, perhaps, but I think that's what he's saying.
    ----
  • One type of company rising to prominence is the "Application Service Provider". Now suppose that I am an application service provider and I want to enjoy the benefits of open source. So I GPL a bunch of my software, my competitor takes it, modifies it, and then I find out that I have no right to ask for the modifications back! This means that I put myself out on a limb but did not get the protection that I hoped to get from the GPL.

    You glossed over this issue with a guestbook application. Something inherently trivial and unimportant. Now suppose that the application was an order processing application? Or something like Open Sales [opensales.com]? (The latter is a very realistic example since it is under a GPL BTW.)

    These are non-trivial but fundamentally oriented towards use in an environment where redistribution of the software does not matter so much as getting others to use your server...

    Cheers,
    Ben
  • What counts as distribution?

    Suppose that I take a GPLed program, and modify it to be very useful in a server that subsequently becomes very widely used. Even though lots of people are using the program, I am not distributing it, and nobody else has a right to my changes.

    For some programs this hole does not matter. For others it could matter a lot. (Consider code whose entire purpose is to manage a complex website.)

    I know that Bruce Perens had some thoughts at one point about using rules on public performances to come up with a free license that closed this loophole. I don't know what those thoughts are exactly though, or what came of them.

    Cheers,
    Ben
  • As I understand it, the slashdot "consensus" which the discussion thread refers to was that a company can sell a binary, built from GPLd sources, to the NSA (or anyone else), and only the customers can legally (by the GPL) demand to see the sources. No outsiders can.

    So those GPLd changes are hidden from the world. They can only become liberated if the customer (NSA) chooses to release them, or if the originator sells the binaries to someone else who demands the sources, or if the NSA resells them to somebody who demands, and subsequently liberates, the sources.

    At least that's how I understand it.

    I don't appreciate this attitude on the company's and NSA's part, but it seems perfectly reasonable from a non-lawyer's legal point of view.

    There seems to be a subplot that the employees who use the binaries are the ones who can demand to see the sources. I don't know about this; it seems to me the company (NSA) paid for them, so it's their choice.

    Am I seeing this wrongly?

    At any rate, altho I don't like the secretive attitude, it seems a very small hole, as only those products which are not sold to the general public, and probably only created on demand in the first place, are the ones which will never see the light of day. I simply don't see how this hurts much, and is certainly no reason to abandon the GPL.

    --
  • Jesus H. Christ. I just feel silly all over for being part of this. First we have a silly story posted, then a bunch of tightasses get all riled up over it. But THEN (the kicker) the editor of the site gets just as bitchy back to the flamers. What a ridiculous medium this is. Please, people, attempt to maintain SOME sense of decorum? If not the rabble in the comments section, could we at least have it from the staff? (That means you too, Malda).

    "Moderation is good, in theory."
    -Larry Wall

  • In the US, at least, corporations have legal status as an individual entity, and are treated as an individual with regards to most legal issues. Although I am not familiar with all the legal subleties involved, it is my understanding that a corporation, at least, can be treated as an individual concerning the GPL.

    There might be some issues with non corporations, but my knowledge of their legal status is slight.
  • GPL compatibility is important in any free software license, otherwise you cut yourself off from an enormous code base.

    I am not worried about GPL zealots creating a GPL version out of spite. That version would offer users of it *fewer* rights than my version, so it would be at a disadvantage.

    RMS has actually read a previous draft of my license and said that he thought it was fair to call it a free software license. It's changed since then, so I will have to resubmit it to him once the lawyer gets done with it--but since nothing has changed philosophically since then, I think that any problems he has with the license now will be small and correctable.

    Also, the GPL uses the word "proprietary" correctly, and does allow for commercial use! I think you are just biased here. I can use GPL'd software on a commercial website, or as the back end of a commercial data system, etc.--the GPL has no problem with commercial use. What it has a problem with is the production of proprietary source code (meaning code which makes strong intellectual property claims, and uses those claims to deny access to the source--the word proprietary here literally means "property of", and refers to the statement of ownership).


  • That's ok, everyone knows that holes in GNU stuff gets patched faster than those in proprietarty stuff. :-)

    Mycroft-X
  • IANAL

    Mr. Rideau is both correct and incorrect. He correctly points out that if the Corporation distributes a binary to the Employee, the GPL insists that the source, and all the rights to distribute the source, must also be made available. He incorrectly infers that the Corporation distributes the software to its employees, in order to use the code.

    If the Corporation wishes to keep its mods secret, it may hire an employee to work on the code while insisting that the code not leave the Corporation's computers or premesis. This does not count as "distribution" because the employee does not gain custody of the code, except in the limited sense that you gain custody of your office window.

    You are free to use the window while at work, but you may not take it home, modify it in unauthorized ways or redistribute it :-).

    However, the GPL does enjoin the redistribution of the code under other licenses (section 4). So while you may make copies and keep them, or a Corporation may cause employees to make modified copies, but retain them, the Corporation cannot permit those copies to leave the premesis under any license except the GPL. If they do, government may prosecute them and the authors may sue them for copyright infringement.

    Under section 8, Mr. Rideau's employee who redistributes the software (presumably against his employer's wishes, and against the terms of his employment) has in fact committed a legal foul, and is subject to penalty. The GPL does not excuse you from conditions or agreements that conflict with its terms, it only prevents you from distributing the code in those cases.

  • Can one company contract to another company to make modifications to a GPLed product under the terms that those modifications may only be distributed back to the original, hiring company?

    I think that's the real hang up right now... If that is the case, then essentially, I can create a product based on GPLed software and then only sell the software to people that agree to my terms, which may override the GPL.

    Otherwise, if a company has a GPLed product, everyone in the world would be theoretically allowed to phone, fax, mail, or email requests fot their modifications to the code, even if they weren't in distribution.

    This whole confusion about who gets what binary and source, etc, is escalating. I'd always interpreted the GPL as being essentially, if someone wanted the source, they get it. If you didn't like that, you'd choose a different license. But now, it appears that one can develope under the GPL and withhold distribution from people who don't agree to your additional terms...

    Oh... if only i had the money to burn, i'd cause a major infraction on the GPL tomorrow, just so everyone would know where they stand... But, I don't have the money, I don't have the product, and I don't have the time... Oh well....
  • Employees of corporations generally have no rights. They do not own the computer they use, the programs installed on it, or the data they generate. They're merely tools. They don't agree to the licenses of any software they use, the corporation does. Therefore, it's not the employees right or responsibility to distributed altered GPLed software if that work was done in a "work for hire" fashion (the general way most work is done for company's... you retain no rights to it and the company retains all).

    I'm just poking around at all sides of this argument... I'm sure i've contradicted myself at some point across the past weeks. But this seems plausible to me.

    But in that light, I can see how a company could fire, *with cause*, an employee who distributed GPL'ed software outside of the company. Trade secrets. Yes, you have a loyalty to the license, but first and formost, most companies demand loyalty from you. If you can't agree to do as you're told (code this for internal use only) then you should say so, rather than ignoring their orders. You won't be held liable for a GPL violation if it's found to be one, the company will... You were acting under orders.
  • It's not that hard to layer value on top of the software distribution. Make it a support group, users group, etc... So long as you're banded together with a common interest and can show that, no one can really penalize you for the perks that you provide to members of your "club".

    And you would need to be providing a very VALUABLE service. Not just redistributing GPLed software, because everyoen will know that they can get it for free... so if you've got something that kick ass that no ones developed yet and you're trying to circumvent the GPL, just go and choose a new license for it...
  • Using the NSA's securing of Linux as an example, I can think of plenty of reasons that a company wouldn't want changes they've done to GPLed software to go public. First off, if they make an iron clad secure version, then of course it's going to be installed in every embassy, base, etc, of every government around the world. They'll all be able to look and verify that indeed they've plugged up tons of holes and not left any back doors laying around.

    And especially in a setting such as the NSA, security by obscurity I think is perfectly acceptable. They have a huge amount of personel on staff that are capable of reviewing their implentations who will all sign NDA's (or not work on the project) and have all passed rigid background examinations.

    Likewise, if I made a search engine based on, what? MySQL's not GPLed... Maybe Postgres?, but anyways if i made a search engine based on a GPLed database but I somehow found a way to accelerate queries 100 times normal, why would i want to give that back to the community? I'm not selling it, or distributing it, i'm just using it. And being that a search engine isn't the best of examples these days, but you really run the risk of doing R&D for your competitors as well yourself by using GPLed software if you need to actually turn over your changes back to the community.
  • "Organizations" don't have any speacial status that prevents them from being held to the GNU license for distribution. Corporations would, as they are legally the liscensing entity, so if Bob in IS gives Mary in accounting an update of the internal version of a GNU app, it's the same as Bob copying his customized version from one home computer to another -- totally kosher, as we're talking about a legal individual. You seem to be saying that any "organization" could use this to their advantage, but being an "organization" doesn't make one a Corporation (a legal individual entity). Your church group is not a legal entity (although the church is), so if the group sets fire to a warehouse or distibutes GNU software without source, the individual members will be legally accountable. Being an "organization" is nothing different than being in the same room as other people -- it gives no special legal privleges or responsibilities. Being a Corporation has many responsibilities (corporate taxes for one!). If someone wants to make a "club" that involves incorporating and hiring as employees every person they want to distribute GPL software to without source, then I guess you're right -- that corporation will be the biggest company in history just to avoid doing something that doesn't cost them any money in the first place. Seriously, OVERREACTION ALERT!!!...
  • I thought so too. It just annoys me to see all the Americanocentric nutcases around here automatically assume that the extent of the discussion is limited to the US and that he who doesn't know US law is an idiot.

    Anyway, see ya :)
  • If a company can't sell it, there is much less reason for them to hold on to source code, anyway. Indeed, for some companies, the good will incurred by releasing source code for useful things developed in-house might make it well worth it to do so. Not to mention that I doubt if a company could develop much which is really useful to the public for internal use only. It would really have to be a massive company, and if it were that large, word would get out and someone would create a public version anyway.

  • Not every license has clauses limiting their contact with other licensed stuff, and you're right that the GPL is not the only one that does this (most don't though).

    However I was replying to the statement that the GPL only kicks in when binaries are distributed. If the GPL were only there to keep the source code around, it wouldn't need pages of legalese to do that. Obviously there are a few more rules and requirements included.
  • "Few people (even licensors) recognize this, so your statement is all too commonly seen."

    I'll take as an example the linux kernel. Although the package as a whole is licensed under the GPL+exception, a few of the source files are licensed under the BSD (last time I looked). That's because Linus is not relicensing that code, he is just using it per the BSDL. Nothing at all is stopping anyone from taking those files and redistributing them separately from linux

    However, the converse is not allowed under the GPL. You cannot take a GPL source file and include it with a BSDL project, even if there are no modifications. It's a one-way street.
  • The start of that thread included the following statement: "a license is personal -- towards individuals only. Companies are not individuals and have no right as such."

    Whoever (person or legal entity) that owns a copy of the software is the licensee. Your copy of gcc belongs to you and its license applies to you. However, ABC Corp also has a copy of gcc. That gcc's license applies to ABC Corp. When an ABC Corp employee is given a copy of modified-gcc, the modified-gcc is not being distributed, since it remains within ABC Corp. In the current legal situation that exists in the world today, I see no problem with companies keeping their modifications to themselves. As a case in point, it is apparently illegal to add a Qt front-end to GPL code. However, and RMS has said this, it is permissible to do so for your own private use. But is one breaking the law by giving this same modified code to one's parent, child or spouse? If it's okay to keep this modification secret and within the family, then what's the difference with ABC Corp keeping it within the private company network?

    "Natural law gives rights and responsibilities to individuals; no group of individual, corporation, institution, or state, can claim any right, least these rights are the expression of individuals using their individual rights together."

    I fully agree with these sentiments. However, they are not reflective of the current legal situation. Whether you like it or not, you have to live within reality. Maybe you can change it so that a future legal reality will be different, but for right now the law allows groups to be licensees.
  • This is very disappointing... Basically, this is a case of this one person, "Fare", wanting some publicity. Why didn't Roblimo read the thread? The entire "discussion" about the "hole" was started by "Fare" in the first place, with a leading question for RMS. RMS replies "Sure, that sounds about right", and then "Fare" goes into a tirade about how this means the GPL is worthless. RMS's response? "Um. Not really."

    One of the main participants? He is *the* participant! Seriously, slashdot editors need to email RMS or other gnu people before posting stuff like this. Getting people all worked up because joe random decides that the GPL is worthless is a waste of our collective eyeball time.
  • Well.. either way, right?
    1) Unless the code you receive actually *HAS* the GPL included, and clearly states that it *IS* under GPL, then you have to assume that you do NOT have any license to it, period. You cannot simply say 'well, it's based on GPL code, therefore I have the right to use it.'

    2) As for the company situation.. it would come down to what 'distribution' is. If the company is selling you the software, one could say they were distributing it. I would imagine that in most courts, it would be fair to say that if it is only handed out to a defined class of people, say, those in the employ of the company, then it is not 'distribution'.


  • What slashdot is has EVERYTHING to do with the underlying software. This whole karma/moderation system piqes people to "contend" for karma...it makes it easier to view, so you don't have to see so much noise.

    Side stepping the fact I disagree that slashdot is great, or that karma is the best thing since sliced bread - the fact there *is* karma is what matters, not the actual code implementing karma. There aren't any deep tricks involved in keeping track of karma. You have a database. You have a relation between a name and a karma counter. You score a karma point, you add one to the counter; you lose a karma point, you subtract one. That's really programming 101; first lesson: adding and subtracting one to numbers.

    If there's anything great about slashdot, it's the ideas. Given the ideas, the implementation is rather simple. Probably the only interesting parts code wise are found just outside slashdot, and that's handling of the load.

    -- Abigail

  • The problem is that the GPL only prevents the company from distributing their modifications. They are not distributing them, but they are letting users connect to their server and execute code containing the modifications (which is no longer completely "internal"). Shouldn't that situation be protected by the GPL as well?

    I am quite sure that in all those years, RMS and the FSF have realized binaries can be run. Since the GPL doesn't restrict use of binaries in the way you'd like to see, I claim that restriction was left out on purpose.

    Ergo, the answer to your question is no. You'd need to write yourself another license if you want to restrict your code that way.

    -- Abigail

  • I agree with RMS that normally a corporation letting its employees use software does not count as distribution. However, in this case we have a different situation... Secure Computing (which is completely seperate from the NSA), is being hired by the NSA to make a special version of Linux for them. Therefore, I think you do have to count this as distribution, and as Fare said, it must be distribution to the individuals in the corporation (NSA), not to NSA as a group.

    Uhm, no, of course not. For the same reason that if VA Linux sells the company you work for a computer, it isn't up to you (unless you are the autority) to decide you are entitled to take said computer home. And for the same reason, you, as an individual and employee, aren't (in general) responsible for possible crimes the company makes.

    If Secure Computing makes a secure version of Linux, and sells that to NSA, NSA has the right to demand source from Secure Computing. And the NSA has the right to sell or give away that product, to whomever they want. As long as the provide the source (if asked) as well.

    But the GPL does not give you the right to the modifications Secure Computing makes for NSA.

    The GPL isn't my favourite license, but I agree that there isn't a huge hole.

    -- Abigail

  • I'd like to respond to this:
    Companies can keep their internal modifications secret as long as they don't distribute the code OUTSIDE their non-disclosure boundary - and once they distribute the object outside that boundary, they must also distribute the source.


    That should be as long as they don't distribute the modifications outside the corporation. NDA's with outside parties can't be held to overrule the GPL (if the originator of the modifications thinks they do, then they are legally precluded from distributing their modifications by the GPL/copyright law).


    As to the second point, the boundaries are determined by courts, in particular that corporations are legally considered to be individuals. "NDA boundaries" have no legal standing as individuals. Thus distributing outside the corp _is_ distribution, regardless of any NDAs.



    Lynn

  • It seems Rob's taken things to heart.

    Indeed. You know, I can't help but wonder if this isn't an instance of some sort of culture clash. The same sort of thing that used to happen when September rolled around on Usenet, or when [insert big online service here] got their first Usenet feed. Or whenever anybody from AOL posts.

    As far as I know, Roblimo is first a journalist type. Like some of the communications majors I knew in college. Nothing wrong with that. But maybe Roblimo isn't too familar with the Internet and what can happen in online discussions. Like far too many people in the past, maybe he sees all this flamage and debate, along with the occasional personal attack, and gets shaken up, because he's not used to the way these things go. He's obviously taking it too personally, I'm just wondering if this might be the reason.

    So, maybe we should suggest that he read some nice, friendly Usenet newsgroups for a week or so. I'd recommend anything cross-posted to comp.os.ms-windows.advocacy and comp.os.linux.advocacy. :) Maybe that will introduce him to the sort of... heated discussions that can take place online.

    Know what I mean?
  • Why would you post as an AC now after admitting trolling for the fame before? ;-)
  • No, the reason I don't expect to see that on Slashdot is that it'd be the equivalent of "Release the hounds (slavering hordes, etc)!" :-)

    Even were said script kiddie able to professionally evaluate. :)

  • *makes copious mental notes*

    You'd think it'd be easy (easier) finding a story, living 16 hrs ahead of the states ;)

  • IANAL, or a licence expert.

    Looks fairly reasonable - although it is more restrictive than LGPL, which allows linking to non-free code - yours does not seem to (Clause 2)

    Also, it still has the same problem as GPLed code with linking to other free, but non-GPL licences (MPL, QPL, etc, etc). If that is your intent, that is fair enough, but there is some useful software that is ruled out then (Mozilla for a start)

    What about source code? Do you need to distribute that with any modifications? If I take your source code, and sell my modified version, providing the code back to you, in a form that is usless to you - say without instructions as to what it does or where it goes, I don't think I woudl be in breach of the licence.

    Finally, and most importantly, the clause:

    You will provide us, and any recipient of your derived work, with timely access to your modifications, including the program source code for your derived work, in a convenient electronic form.

    is going to be unaccptable to the OSS, I suspect. What happens if you are un reachable, dead or out of business? I believe the Apple source licence has the same problem.

    What happens if someone wants to fork the code? Do they need to GPL it? If the code has been GPL'ed, can it be relicenced with this licence, with the new forker as the new owner who must recieve all updates?

  • What, someone who actualy knows what they are talking about?

    Anyone would think this was /. 1998!


  • Let's say that what Fare talks about is possible, then I can do exactly the same with proprietary licenses.

    Of course I don't have their code but I could buy a version of Windows and redistribute it inside such an organisation with a small entry fee to the organisation.

    This would allow me to redistribute proprietary software without paying royalties.

    Of course some may say "This won't work because you have the license for x person" but this isn't a problem given that in this interpretation the organisation is a person.

    given that there is no way a judge would sustain this view (or maybe an anarchist judge???) I don't think there is such a big problem.
  • Interesting. Very interesting :)

    One thing I've noticed in this debate, though - one specific legal system is being assumed. Specifically, the US legal system.

    Folks, slashdot is NOT an American-only site and there is a world out there with different laws. While I accept that most of the posters are American due to simple net demographics, I am not :)

    The GPL may well stand up in an American court, or it may not. I really don't know and I'm not a lawyer - though the libraries argument seemed pretty persuasive to me. But what would happen if (hypothetically) I decided that I was determined to violate the GPL out of simple nastiness. I'm in the UK right now - could I do so legally? Or, say, in other member states of the EU (as I have basic freedom of movement within the EU) or the G8?

    It's all well and good debating whether it stands up under US law, but when we're distributing these things across the world is it very relevant if you could hop over the border to Canada or Mexico (for example) and do whatever you pleased with the source?

    Greg
  • I'm not objecting to anything, except the declining value of top-level stories in slashdot. The front-page story sounded big and new and important, and it turns out to be something that practically everyone has already heard of.

    I'm talking about how you can create proprietary modifications to a GPL'd program, in violation of the spirit of the GPL. You take the parts of the GPL'd code that you want to use, put them in something like a daemon, and access them from a proprietary program.

    Kernel modules are not the same, largely because they are used by the kernel, not the reverse. Also, because they are connected with a general-purpose interface that has valid uses. Someone making a crippled kernel that only works with certain proprietary modules is closer to what I'm talking about.

    Basically, I'm talking about ways to cheat the GPL into being an LGPL, so you can use GPL'd code in your proprietary software. You can even weaken it more than the LGPL because you could get away with checksumming the daemon binary (you can't checksum LGPL'd shared libraries because of the licence term that states that you must not prevent the user from replacing the LGPL'd code).
  • The GPL allows you to charge for the software: "You may charge a fee for the physical act of transferring a copy, ..." (section 1, paragraph 2). You can charge any fee you want. The GPL limits the fee you can charge for distributing the source code, IF you don't distribute the source code with the application (section 3b).
  • I mean really.
    . I will try not to make the mistake of posting anything even remotely like this on Slashdot ever again.
    . It was slightly dumb, but welcome to the world. Maybe having someone else eyeball
    it and ask "does this need wider exposure at this time" would have been better. It's not the decline and fall of western civilization though. If you get too afraid of doing something stupid you'll never do anything at all.

    I do think this deserves some intelligent discussion. It was put before the masses
    before it had been distilled to that point. So
    predictibly enough lots of people now want to pour hot grits on you. Learn, move on - don't make too much of it.

    garyr
  • a list of names and phone numbers cannot be copyrighted, as there is no "originality" in it.

    What about consumer data? I work with a LOT of consumer profile/stereotyping info, is there some way to open these databases on these grounds?
  • There's a second amendment?!? I thought that they removed that from the Constitution with an Xact-O knife.

    For the sake of the children, of course...

  • It's true that the original comments were WAY off base, and don't really apply. However, there's a strange sort of logic that appears when I squint through the lens that this article provides. If I work for a company that has modified a piece of GPLed code, and they give it to me to use in my job (e.g. let's say gnumeric spreadsheet, and I'm a trader for a financial firm that's added a real-time quote handling feature). Now, am I receiving that software under the terms of the GPL or under the terms of my non-disclosure/non-compete/etc agreements? Is the company bound to NOT distribute that code to me because I would be restricted by prior agreements (the GPL strictly prohibits distribution of the code if it would be encumbered by that distribution). Or, do I suddenly have all the rights that the GPL provides? Could the company sue and/or fire for cause if I then posted the changes to the gnumeric mailing list? What if I turn around and start cutting $10 CDs with source? Certainly the latter would trigger my non-compete, so I think that the company is required NOT to distribute to me unless they specifically waive my non-compete and agree to let me use the GPL to it's fullest!

    This might put a hole in a few companies' plans for internal development.... It could also be the downfall of internal use of GNU tools in large organizations. The advantage of Open Source suddenly becomes an onerous proposition. Companies would have to very closely monitor which company information went into GPLed code (e.g. adding a database password to a GPLed program!)

    Ick.
  • Ok, Slashdot has some obnoxious flamers. Given. But Robin, what's with the "you guys don't like me, I'm going home" attitude? Hasn't Slashdot thickened your skin a bit more than this?

    Bottom line is that this article promissed more than it delivered. The thread in question brought up a point which several people quickly pointed out was a non-starter. Why waste Slashdot reader's time? Discussions of what the GPL does or does not have going for it should certainly be persued (the GPL is at the heart of some very large doin's and as such should never be taken for granted). But, this article simply wasn't up to the usual Slashdot standard.

    It's OK we all have off-days. Relax. Have a "drink for nerds" (which appears to be defined as cheap wine, based on the Andover.net party at the Bazaar ;-)

    On a related point, I've seen quite a few requests for "article moderation". Cool idea, I think. It could allow for a much more free-wheeling sort of Slashdot where more articles are published. I still think that an editor (preferably one with experience in the print world) would be a better short-term solution, though. The overall quality of the articles HAS gone up over the last year, but not to the standards of, say, a print newspaper.
  • But the signing of an NDA creates an association between the parties, making the party of the second part an agent of the party of the first, no less than an employee would be. So giving him a copy is not "distributing to the public". Title remains with the secret's owner.

    That would be bad lawyering! The mere creation of an "association" (if that term had any legal meaning in this context) betwen parties would not create an agency relationship, no matter how many "parts" and "parties" may be recited in an attempt to make that conclusory and unsupported assertion sound lawyerly.

    Under Florida law, at least, agency is a very special legal relationship with very particular fidcuiary duties and obligations, typically granting the agent a right to make certain legal acts that are binding upon the principal as though the principal had herself taken those actions. For this reason and others, an NDA does not, by itself, create an agency. In other states, your mileage may vary on this point, but I doubt it.

    Indeed, most well-drafted agreements, including most NDA agreements, expressly disclaim the creation of an agency, joint venture or partnership as a belt-and-suspenders measure. Though these agreements also create associations between the parties, they likewise do not create an agency.

    So giving him a copy is not "distributing to the public". Title remains with the secret's owner.

    Reread section 106 -- title need not pass to render an act one of distribution. Even if this were not the case, the argument is flawed on its face. By this analysis, a distributor of pirated records could avoid prosecution merely by having his customers sign an NDA as a condition of sale.

    Nonsense.

    The copy is a "derivative work" within the meaning of:(2) to prepare derivative works based upon the copyrighted work;

    Of course, even if that were true, it would not change any of the preceding analysis. GPL expressly permits creation of a "work based on the program," a term which is defined to include derivative works, provided that the conditions set forth in Section 2 are met. Section 2 only meaningfully limits the licensure of copies made upon publication or distribution. Section 2 goes further, expressly stating that "the intent is to exercise the right to control the distribution of derivative or collective works based on the Program."

    As an aside, it may be interesting to some to note that not all copies of a work are derivative works within the meaning of the Copyright Act. In particular, verbatim copying, mere "framing" of a work, or failing to add meaningful original text would not fall within the statutory definition in Section 101.
  • So, I guess I need some further explanation of the loophole. The only way I can see it is if a limited partnership (not sole-proprietor) company (not incorporated) did this. Then, there would be no "individual" since it would cover a group that could not be legally assumed to be either humanly or legally individual.

    Right, and even in that case a partnership does not have a separate legal existence. The only "persons" that exist in law are natural humans and corporations. Partnerships are just combinations of "persons"... they don't have any rights in law.

    IANAL, but I'm 3-1 in pro se cases.

    Bottom line, I'm with you. I don't see what the original poster's point is. Corporations have exactly the same rights under GPL as individuals do. So what?

  • I've understood companies to be "individual" in the following sense. All of this applies to coporations (which limits human liability)

    1. companies pay taxes.
    2. companies can be sued.
    3. companies can sue.
    4. companies can enter into contracts.
    5. companies can have loans.
    6. companies can issue loans.

    So, I guess I need some further explanation of the loophole. The only way I can see it is if a limited partnership (not sole-proprietor) company (not incorporated) did this. Then, there would be no "individual" since it would cover a group that could not be legally assumed to be either humanly or legally individual.

  • (I wonder if Roblimo will see my message)

    The guy who posted to that mailing list was obviously laying a trap; he knew what RMS would say and he had his response planned ahead of time. It is the original sense of "ad hominem" meaning you take the words of the person you are debating with in order that they will corner themselves into agreeing with your argument. When RMS didn't agree that there was a problem, even after going along with his group-licensing theory, he submitted a link to his own theory to Slashdot. Now Slashdot is a very effective BS detector. Take LinuxOne for example. The issues raised in the GPL hole story were pretty clearly resolved on Slashdot even better than they were on the mailing list by RMS. I don't think Roblimo should be held to a higher standard of checking the veracity of the contents of links than Hemos is. (Sorry Hemos.)
  • First, I personally support doing things the Linus way: use the GPL, but do not inforce bits that would hurt your friends (people who contribute commersial drivers).

    It can be argued that GPLed code has done some good despite the GPL, not because of it. (Red Hat and Be, Inc., to name two companies, both exploit loopholes in the GPL.)

    I have seen no _real_ evidence regarding the effect the GPL has had on the development of free software companies, but I would suspect that the history of Unix would point towards making people publish the changes they make as being the only way to keep us from stepping backwards. How many closed sorce companies have sprung up off of BSD.. and then died taking their improvments with them? (Note: the community may be diffrent today and people may be less likely to take code proprietary, but the point remains)

    GPL causes is that it promotes fragmentation and incompatibility by preventing commercial developers from using the same code base as those who are publishing open source.

    I don't really know, but from the examples I can think of GPLed software has been less likely to fragment then code under other licenses.. and I see plenty of arguemnts that the non-fragmentation of some projects is due to the GPL's not allow the code to be made proprietary, i.e. fragmented.

    But others -- in particular small developers -- will be badly hurt because they cannot do this.

    This arguement always seemed like bullshit to me. You are always free to contact the copright holder obtain permission to make a commersial copy without the GPL restrictions. I do not really see any reason why a free software programmer should be expected to give ``our colleagues'' who do NOT believe in free software a leg up without some compensation.. they arn't going to give me their source without some compensation are they?

    This is the really wonderful thing about the GPL. It allows the programmer to make a choice about such things when they come up.. an option the programmer looses if they distribute the software without the GPL. Personally, I would always advicate using the GPL, unless you havea good reason not to use it (example: Perl's dose not use the GPL specifically because Larry felt that it would be better if the development fragmented).

    Jeff

    BTW> Sorry about the rant, but I've jsut seen a lot of people bitch about the GPL, but not provide any real evidence as to it's harm. Now, RMS has been an ass on occasion and ESR may be correct that RMS's style (calling it free software) set the movement back (and when I worked at VA we enjoyed many good RMS jokes), but I do not feal these complaints are realevent to the GPL.
  • Hmmm... I think I might agree with some of the posters that this story was not worthy of being posted. But not becaused:

    "But I was wrong to post this to Slashdot, which is obviously not an appropriate forum for discussion of subtle ethical matters, and it is apparent that any mention of even a hint of a possible tiny imperfection in the GPL does not belong here."

    I feel that Slashdot should be a perfect forum for the discussion of the subtle implications of the GPL. I say "should" because there are some topics that seem to bring out the immaturity of the crowd, and as has been commented elsewere, critisisim of any of the core elements of OSS seems to do it in spades.

    The GPL is certainly a cornerstone of our world, in my opinion, it is one of the two or three most important documents of the 20th century. The Internet and Linux would certainly not be what they are today without it. But it is not perfect, and there have come to be other good licenses (including the LGPL), that fill in the gaps for areas where the GPL is not the best choice.

    Rob, I don't accept your appology. Maybe this story wasn't right, but because of the content itself, not because of the nature of what was being discussed. I hope that as Slashdot (and it's community) matures, that the knee-jerk reactions to any critisim of OSS or anything else for that matter, fades away. I hope that you will continue to present stories that do bring out that imperfections in the GPL, Linux, Apache, Perl, etc... Without honest opinions regarding their weaknesses, they WILL stagnate and will wind up being no better than anything else that has come before.

    Brad Silva

  • by Fastolfe ( 1470 ) on Monday January 17, 2000 @09:58PM (#1363954)
    Regardless, any decent court would see it for what it's worth: an attempt to redistribute the software against the terms of the license.

    Plus there's a whole range of technicalities that must be dealt with. *Corporations* are legal entities, not "clubs." You would have to sign up to be a member in such a way that you would be and act as part of that corporation, keeping your interests in the software within the framework of that arrangement.

    Once you begin using the software for your own personal purposes or in any way outside of the corporation's need for the software, you are either a) breach of contract; and/or b) acting *for* the company by redistributing the software outside the boundaries of the corporation (to yourself). Assuming the latter, you could still be breaching contract by doing so, which could nullify your rights to redistribute (as well as the rights of those that have received the software from you).

    So really in order for something like this to be legal, the corporation would have to have a contract set up in such a way that your interest in the software remains within the boundaries and charter of the corporation. Once that ceases to be the case, either you're guilty of using the software incorrectly, or the corporation is guilty of restricting it incorrectly.

    As far as I know, no "clubs" have membership agreements that set their members up as employees/agents of the host corporation, which would be required if their use of the software is to be considered "internal."
  • They are harsh because I'm really pissed off. 99% of programmers don't understand licensing. They don't even want to understand licensing because what lawyers do is emotionaly repugnant to them. So, they count on us to help them with licensing. When something like this, from a completely clueless source, makes the front page of slashdot, they are scared away from a good license and they might end up using something that's really full of holes like the Artistic because they haven't heard anything bad about it lately.

    It's probably up to FSF and their law professor to make a GPL FAQ. I talk a bit about licenses in general in my Open Sources article.

    Thanks

    Bruce

  • by Zach Baker ( 5303 ) <zach@zachbaker.com> on Monday January 17, 2000 @08:06PM (#1363956) Homepage
    OK, so I saw this article, which at that time had some comments dismissing the article's premise. So I say, oh well, another would-be Slashdot story discredited by the comments. Then I come back and Robin has done a sengan!!! What in the world? So I have to read this overblown, insincere apology which is obviously meant as a counterflame to some flames I hadn't yet read. Way to drag down the level of discussion.

    Robin, I could care less that you posted this article, I could care less that you've been flamed, but you shouldn't be subjecting me to the sophistry of your "Public Apology." As difficult as it is, even if you don't have a thick enough skin to ignore the flamage, I really don't think it's right for you to use your position as a Slashdot author to post argumentative content like that.

  • by mavpion ( 5416 ) on Monday January 17, 2000 @05:25PM (#1363957)
    I too have a problem with the GPL with regards to Collectives. My problem is specifically in reference to the recent Slashdot thread [slashdot.org] on Secure Computing and their secure version of Linux. Specifically, they are going to put patented code into Linux. This would make distribution of the modified code illegal because the GPL definitely forbids distribution that doesn't grant rights equally and freely to all users.

    I wrote RMS about this, and this is the reply I got:

    ME: However, my question is this: say a government employee decided to release this software to the general public, could he/she do so? And how?

    RMS:In general, I think that use of a package within a company or an agency is not distribution to the staff, so legally speaking the employees have not received the program under the GPL and don't have a right to redistribute it to you.

    I do not like this, in spirit, but I cannot say it is illegal.

    ME: 2) Secure Computing is incorporating patented technology into Linux. If source did get out, could any end user use it, or would it only be legal for those who licensed the patent technology?

    RMS: Its release would not be lawful at all, I think. To release the program, having obtained a patent license which doesn't apply to all subsequent users, would definitely violate the GPL. Thus, the NSA could not release this if they wanted to.

    I agree with RMS that normally a corporation letting its employees use software does not count as distribution. However, in this case we have a different situation... Secure Computing (which is completely seperate from the NSA), is being hired by the NSA to make a special version of Linux for them. Therefore, I think you do have to count this as distribution, and as Fare said, it must be distribution to the individuals in the corporation (NSA), not to NSA as a group.

    If we allow this, then what is to prevent Secure Computing from selling this modified version of Linux to other companies as well? All they have to do is make sure never to sell to an individual (because an individual can request code, but the corporation won't), and they're fine.

    Which is a huge gaping hole! Licenses must apply to individuals. How can a company ask for source code?

  • This guy's entire argument seems to be based on
    the (false) assumption that corporations are
    not legally bound by contracts/licences as
    individuals are.
    In actuality, the very PURPOSE of incorporation is to create a new legal entity (sort of a fake person) that can take legal responsibility for its own actions, rather than the company's head being explicitly liable.
    To put this another way: if corporations weren't bound by licenses as individuals are, why do they even bother to license software (under any license, even proprietary licenses) from each other? Why do CORPORATIONS put their copyright on code they produce, rather than the individual programmers working for them?
    This supposed "hole" is bogus.
  • by trance9 ( 10504 ) on Monday January 17, 2000 @08:05PM (#1363959) Homepage Journal
    One problem with the GPL and LGPL is that they are so long winded that nobody knows what they mean.

    I am working on a simpler license here:

    Simple Public License [vsdl.org]

    I forwarded a previous draft of this license to RMS and he said it appeared to be a "free software" license as near as he could tell. I also have run previous drafts through the open-source approval list a few times. This version still has to go to a lawyer for review and legal tightening, at which point I will complete the OSS process, and resubmit it to the FSF for review.

    Before you all tell me not to do this, here is why:
    • The LGPL (which this is similar to) is 11 pages, and none of my users are willing to read it. Since half of them run my Java servlet framework (WebMacro [webmacro.org]) on NT it isn't true that they have already heard of LGPL.
    • It allows a distributor like Red Hat to continue shipping CD's even if they contain a program on them with a violated license. Under LGPL they would have to recall the entire run.
    • It makes a stronger assertion about crediting the author--for web software, I would like it if my name appeared somewhere where the actual end users could look it up. Under LGPL/GPL your name only appears in the copyright statement, not in the list of authors.


    The main thing is it is shorter, taking up two pages to the LGPL's 11.

    Please review! You can send comments on the license to justin@vsdl.org [mailto].


  • by um... Lucas ( 13147 ) on Monday January 17, 2000 @04:24PM (#1363960) Homepage Journal
    I'm trying to figure out if he brought this up due to the discussion about slashdot's code, or the NSA contracting with a company to secure Linux. Either way, I think it is somehting that needs to be cleared up... And definetly, someone out there needs to follow the GPL to the letter yet violate it in some way, so as to set a legal precedent.

    Right now the GPL seems completely theoretical. But so far, everyone's respected it enough to not have to actually see if it's worth the paper it's printed on.
  • by the way ( 22503 ) on Monday January 17, 2000 @11:33PM (#1363961)
    I'm very interested in discussions of licensing issues, and like many people I'm still undecided about how the GPL would hold up in court.

    Yet, like many Slashdotters, I was disappointed by Robin posting this story. A single person has posted two messages to a discussion that suggests there is a problem with the GPL. RMS reponded that he doesn't think there is a problem, and no one else suggested that there is a problem. To call this 'news' is ridiculous, and the blurb that accompanied the article was highly sensationalist. That the initial submission was from the mailing list poster further detracts from the credibility of the story.

    I just thought this was sloppy and sensationalistic journalism, and left it at that. With Robin's 'apology' I now feel moved to comment. Sarcastic flamebait like this has no place inside a story proper. Robin, if you want to make comment like this, join in the main discussion like the rest of us (and turn off your +1 posting right like others do when it is appropriate).

    Remember, Slashdot succeeded because of the insightful comment of Rob and Jeff, and their uncanny ability to post stories that Slashdotters liked. It's great that they've benefited from Andover's business decision, but be wary of now trying to change the editorial content to suit your point of view, Robin--you may just find that you are less in tune with the Slashdot readership than Rob and Jeff.

    Finally, let me point out that almost all of the negative comments that were moderated up commented specifically on the newsworthiness and journalistic integrity of the story; they were not criticising the stance of the original poster in any way. Robin's ill-thought retort comes across as highly inappropriate, unnecessarily harsh, and not in tune with the actual content of the discussion.

    There, I've said it!
  • So What? Your only required to distribute source code when your distribute the program. So as long as a group of people agree not to redistribute it, they don't have to call themselves a corporation, they just have to have an agreement. Now weither such an agreement is legally binding is another story, and I think thats what he is getting at. But personally I think GPL its best for everyone if we let corperations work on it internally, as they do own the code they created, they should have the freedom to deside who they give it too, just not the freedom to decide who gets it after that once it has left their internal arena.
  • True, but it could also become his employer's argument that his employment contract was to do what was in their best interest etc etc (the rule that states that a contract to do something illegal is null and void - withold changes - is invalid in this case as it is not illegal), and on that point they could be said to have reasonable grounds.
  • by Tamerlane ( 35488 ) on Monday January 17, 2000 @10:35PM (#1363964)

    I was curious to see what Roblimo's apology was. I was certainly not expecting a snide attack on the entire Slashdot community. Does this mean you will no longer be working on the Slashdot staff, Robin? I sincerely hope so. No one with your open disdain for the site's users should be involved with it.

    I completely disagree with that entire statement. I mean, let's be real for a moment...Basically asking Robin to leave /., just because he gave as well as he got? Last time I checked, sarcasm wasn't a crime and, in this case, I feel it was 100% justified. He should not have even had to apologize for posting this story. Big deal. Feathers were ruffled...people got all worked up...someone may have actually had to THINK about what they were READING for a moment, rather than being spoonfed. ("Oh, the inhumanity!")

    Yes, it's possible it could have been more thoroughly researched, but given the volume of article submissions and intricities inherent in each possible article (especially this one...are you an expert on French law? Can you tell me for sure that this so-called "GNU GPL Hole" doesn't exist in terms of their legal system? I doubt it.), it'd be unreasonable to expect every single story to be exhaustively researched before it's posted to the site. Personally, I'd rather see the news "as it's happening" than catch a follow-up summary saying "this is what you missed." That's the beauty of the web.

    I think it's a pretty sad state of affairs when members of the /. community are so thin-skinned and hyper-sensitive they'd actually personally attack someone for posting anything. We're intelligent people here. There is no reason to lambaste someone for posting an article that raises questions, regardless of how "resolved" or "disproven" the thing in question happens to be. If there are any questions left to ask about something, it means it's not resolved. You can't advance without continually questioning things and exploring possibilities.

    In short (ha!), ease off. The tone of Roblimo's apology should have given you a clue as to just how irrational the rest of the /. "community" was being toward him. I, for one, am ashamed that such things would ever be said to anyone on this website posting anything. (this next part is not directed specifically at invenustus, but everyone as a whole) If you can't be an objective reader and rationally talk about, and/or point out errors in, an article, what are you doing in the comments at all? If you need attention and coddling, go looking for mommy. This isn't the place for it. Let's try to keep /. (comments and all!) something worth reading, eh?

  • by nevets ( 39138 ) on Monday January 17, 2000 @05:18PM (#1363965) Homepage Journal
    From the Bugger off license:
    The GPL is just begging somebody to take it to court.

    I say lets do it and get it over with. I brough up the topic of the GPL and companies recently [slashdot.org] and now I'm saying lets test it.

    A few days ago at lunch, a few of us were discussing how the GPL would do in the US court of law. Then someone suggested testing it out. I asked, "how?" and the rest went like this: Have one of us (I'll call #1) write some
    small unique code or take some code that they wrote on their own time a while ago, and slap the GPL on it. Sell it to another person (#2). Then have #2 modify it and sell it to a third person (#3), without giving the source nor the license. Thus violating the GPL.

    Have person #1 and maybe #3 sue #2 to release the code. Take this to real court and battle it out. Of course this will take some money, but all good experiments do. You also have risk involved, if #2 wins, then the GPL may fall altogether.

    Now would something like this be useful if brought to a real court. If #2 looses, then start an appeal to get to another court, to get more clout. This will finally prove that the GPL is legally standing. And the risk is that it could prove the opposite. But is any of this worth it?

    Steven Rostedt
  • by Trailer Trash ( 60756 ) on Monday January 17, 2000 @03:39PM (#1363966) Homepage

    In my interpretation, a license is personal -- towards individuals only. Companies are not individuals and have no right as such.

    Being the owner of a C corporation, I can say that this is patently false. The whole concept of a company is that it does have many of the same rights as an individual. A company can enter into contracts with other companies or individuals, a company can be sued, etc. If I enter into a contract with a company, then I have a contract with a company, not with individuals within that company.

    If the entire assertion is based on the idea that a company isn't a legal entity, then there's nothing to this.

    It is individual programmers who have the absolute right to copy, modify, and distribute software (as claimed by the GNU GPL, but as I contend no human law can ever claim otherwise).

    This is pure and utter BS. If you work for a company, then any code which you create at work is property of that company, and you- the individual programmer- have no right to distribute that software unless it's explicitly granted (outside the confines of the GPL). Otherwise, we'd never pay for software again, just get to know someone at the company. The GPL, as a legal document, can't really distinguish between a company and a person, and I'm not sure why it would, anyway. Companies can and do distribute software. I own RedHat Linux, did Bob Young personally distribute it?

    How did this guy's clueless rantings get this much attention? He should have been pointed to a Business Law 101 site and ignored from then on.

  • by Get Behind the Mule ( 61986 ) on Tuesday January 18, 2000 @12:45AM (#1363967)
    Uh, Roblimo, there was nothing wrong with posting this item. Others may have been familiar with these issues, but I wasn't, and now I know a little more having read about it. I can't imagine that I'm the only one.

    Even if it turns out that the issues raised by someone somewhere are unfounded, and Slashdot posters are able to explain why, then the post and ensuing discussion have been worthwhile. It certainly isn't obvious to everyone at first blush that some argument or other doesn't hold water, and if nothing else, Slashdot can serve to make that apparent to a broad audience. Certainly, there's nothing obvious about the arcana of software licensing and corporate law. There is a genuine need for a forum like Slashdot to discuss these issues, where people with well-qualified opinions about this kind of subject can inform the rest of us.

    Those of you who are flaming Slashdot in general and Roblimo in particular should bear in mind that what's self-evident to you may be completely mysterious to others. It takes a certain kind of humility and patience to understand that, qualities that some of you apparently don't have.

    But, Roblimo, this whiny apology just makes the whole thing worse. Maybe you should consider a vacation from Slashdot, you're taking this far too personally.
  • by Ungrounded Lightning ( 62228 ) on Monday January 17, 2000 @05:10PM (#1363968) Journal
    That should be as long as they don't distribute the modifications outside the corporation. NDA's with outside parties can't be held to overrule the GPL

    NDAs with outside parties are made as part of including the outside party in a contract which changes the outside party to an inside party, an agent of the corporation with defined responsibilities. Typically such a person would be a consultant or a prospective hire. This applies whether the "person" is an individual human or another corporation, limited partnership, or what-have-you.

    The outside party becomes a "body part" of the corporate "person", like a fingernail or a ganglion. (Ideally - an important section of the brain. B-) )

    (I can imagine a company's lawyer trying to hack up a shrink-wrap contract that purports to be an NDA. But since the body of the relationship in such a case would be the company providing code and the customer paying for it, the subterfuge would be transparent, and no doubt immediately struck if it came to court.)

    (if the originator of the modifications thinks they [override the copyleft], then they are legally precluded from distributing their modifications by the GPL/copyright law).

    But they AREN'T "overriding" the COPYLEFT. They're creating a relationship between the parties which makes the "person" who signed the NDA a part of an association. Granted he's a limited part. But so are the corporate employees and officers.

    Once he's part of the association, giving him the modified code is not "distribution". He can still redistribute the UNmodified version. But the modifications (including any HE makes as part of his deal) are the company's undistributed SECRET. And they stay proprietary until the company releases the signatory from the agreement, publishes the secret, or the secret is exposed through no fault of an NDA signatory.

    As to the second point, the boundaries are determined by courts, in particular that corporations are legally considered to be individuals. "NDA boundaries" have no legal standing as individuals. Thus distributing outside the corp _is_ distribution, regardless of any NDAs.

    "NDA boundaries" do not have to have legal standing as individuals. "NDA boundary" is simply a shorthand term for defining the location of the "skin" of the corporation's (or other association's) "body" with respect to a particular secret.

  • by lapdog ( 73128 ) on Monday January 17, 2000 @03:28PM (#1363969) Homepage
    If a company wants to keep the source a secret, my problem is not that they violate the GPL by doing so. Their maintentance, bugfixes, etc. become their problem and less of the communities.

    What bugs me is the potential for an employee to be fired for distributing this source back to the community. Now it becomes his argument that the GPL grants him the right to do this, and they should not have fired him.

    So now the company is sued for violating the GPL by that individual. The GPL still holds. And the whole mess just becomes a lesson that violating the GPL is a bad idea.

    Dave
  • by anonymous cowerd ( 73221 ) on Monday January 17, 2000 @07:46PM (#1363970) Homepage

    > There's no reason why a company shouldn't be able to take Linux,
    > add some nice commercial proprietary binary only stuff into it and
    > then sell it.

    No reason?! Well, take for example the shell program mc. According to its help page, mc was written by Miguel de Icaza, Janne Kukonlehto, and ten other programmers. Since they wrote it, they had the privilege of copyrighting it, ANY WAY THEY PLEASE. As the creators and owners of the program, it was not yours, not mine, but theirs and only theirs to dispose of.

    That means that they could come up with any licensing terms that satisfy their whims. They could have offered it as a commercial product, to be paid for on either a per-user, or per-CPU, or per-site basis. They could have released it under the terms that it could only be used on Tuesdays, and then only by left-handed Zoroastrians. Or they could have given it away absolutely for free, as you suggest.

    Mr. de Icaza and Co. chose not to give mc away for free. They chose, instead, to restrict its redistribution by placing it under the GPL. In terms of the profits that the developers made from this program, the results are the same as if they had given it away for free: zero. From the point of view of us in the general public, for them to choose the more restrictive GPL rather than placing their code in the public domain may well have resulted, paradoxically, in more access for us; in exchange for us losing the right to trivially modify mc and then drag it into the proprietary domain, we are guaranteed free access not only to the code as it exists today but to all future versions as well.

    But it doesn't matter whether Mr. de Icaza & Co. had good or bad intentions when they chose to license mc as they did, nor did they have to consider whether the license they chose was good or bad for society in general (except of course they would have to live with their consciences). mc is their code and they were free to license it however they liked.

    Besides, why do you imagine that one can't add proprietary stuff to a Linux distribution? An example of this is a shrinkwrapped deluxe Redhat distribution that's sitting on my bookshelf. It came with at least two proprietary products (BRU backup software and a commercial accelerated X server) right in the same box with the GPL'd Linux kernel and GNU tool set.

    > It is called the free market.

    I may be in a minority here, but I at least don't get all swoony over the phrase "free market," and I have to laugh at the notion embedded in the phrase "invisible hand." (What do you mean "invisible"? I can see it right there, coming out of Alan Greenspan's sleeve.) The so-called "free market," a propagndistic misnomer if I ever heard one, isn't some a priori ideal, neither is it some kind of miraculous automatically-thriving, self-regulating socio-economic powerhouse; instead it is a delicate, probably inherently unstable system which requires constant effort just to keep it afloat. Please have a look at Karl Polanyi's book, The Great Transformnation for details of its antecedents, its early history and its weaknesses.

    Yours WDK - WKiernan@concentric.net

  • by Dirtside ( 91468 ) on Monday January 17, 2000 @03:34PM (#1363971) Journal
    First of all, the slashdot user who submitted the story is the same one who's posting this so-called "hole" on the mailing list to begin with. Go read his first message, then Stallman's reply, then his next message, then Stallman's next reply. There's no hole in the GPL; or if there is, then this isn't it. This guy seems to just be trying to stir up controversy so that he can get mentioned on Slashdot, or maybe get a movie contract, or something.

    And boo to Slashdot for posting this ridiculous story without actually reading the links first. There's been far too much of that lately, as the comments keep seeming to indicate...

  • It'd probably be hell to maintain anyways.

    And there you hit on the reason tactics like this won't stand up in court.

    If you can write and maintain code that uses such an "encryption", then so can lots of other people. I.e. it's "source code". (If you're so brilliant nobody else can maintain your source, you might as well write breakthrough apps in clean Java, or Ada, or whatever, rather than resort to such time-and-energy-wasting tactics as shrouding the source via makefiles.)

    If you can't do it yourself, that means you're getting some software help. At which point the so-called "source" isn't source code as the GPL defines it.

    In that case, what the GPL calls "source" includes either the makefile with the keys, or the source from which those makefiles are automatically (or semi-automatically) derived.

    The most important thing to remember about the GPL, and about legal instruments in general, if you're a technical type, is:

    The law does not pertain to mechanism.

    I.e. don't get caught up in trying to out-fox the GPL, or other areas of law, by complicating or substituting components in the relevant mechanisms. The law, and judges, generally see right through that.

    And tactics like "well, the makefiles aren't part of the source code, so what if we put..." are nothing more than cases of nerds thinking they can get away with changing the law simply by changing the mechanism.

    Study the GPL carefully. You'll note it hardly ever references the components of what the software community considers the mechanism of program distribution, especially key components like:

    • Executables (.EXE)
    • Source files (.c, .pl, .f, etc.)
    • Libraries (.a, .o)
    • Compilers (gcc)
    • Makefiles
    • Scripts
    The reason references to these are essentially absent in the GPL, and in other (meaningful and enforceable) legal instrumentals, is that these terms identify little more than a file format. They certainly don't identify anything legally enforceable in terms of concepts the GPL cares about.

    E.g. anything you can write in C, you can write in Perl, or in a makefile, or in a shell script, at least in theory. Add a (proprietary) interpreter, and theory can become practice.

    So the GPL defines, and talks about, source code, not just source files versus other sorts of files that might or might not contain source code.

    Don't waste time speculating on how to move and transform the source code for a project such that it magically becomes something that doesn't "count" as source code under the GPL, because the law, and a judge, will see that for what it is -- a mere, and rather foolish, subterfuge.

    The upshot? The day somebody ships so-called "source code" that is missing a key makefile needed to build it, such that the "code" is GPL'ed (and, say, copyrighted by the FSF, due to signovers and such), is the day they can expect a polite-but-firm letter from the FSF essentially ordering distribution of said makefile since it's part of the real source code. (Or of whatever goes into making it, if it's automatically generated.)

    (Of course, all these issues, clever tricks, legal inanities, and so on were hashed out on gnu.misc.discuss years ago, but maybe those archives aren't so easy to research, or maybe people would just spout off their theories about how the law works rather than do the research of previous discussions. Note that, of course, you can find lawyers here or there that'll disagree with my assessment above, but it represents the arguments the FSF has actually made to convince real lawyers in real circumstances to agree to the FSF's terms rather than try to "get around" the GPL. The most telling aspect of my research into these issues is the fact that nobody's trashed the GPL when the underlying software is copyrighted by the FSF in all these years, despite several attempts to do so, and plenty of incentive.)

  • by friedo ( 112163 ) on Monday January 17, 2000 @07:48PM (#1363973) Homepage
    The story of the GPL is a sad one, and I would like to see it draw to a close. Hopefully, this will happen as programmers recognize the true intent of the GPL: to pit colleague agaisnt colleague, and to transform open source from a public good into a weapon directed against those who engage in activities of which Richard Stallman personally does not approve.

    I was appreciating your reply up until this point. I was not aware of the history of the GPL, and will have to do some research myself, but regardless of its intentions, it is, IMO, still a Good Thing. I reiterate my point above: programmers choose to use the GPL. If you want to make money on your programs, you can, and there really is nothing RMS or anyone can do about it. I believe the purpose of the GPL is to protect code from proprietership(word?) and foster a community of open and shared innovation. How does this pit colleague against colleague? In the Real World is does anything but that. In RMS's mind, perhaps he accomplished that with Symbolics. Perhaps this whole idea was sparked by a vendetta, but there's no reason for RMS to put forth a liscense that would harm the very people central to his agenda! Perhaps he was spiteful towards Symbolics, I suppose he has a right to be. Perhaps his actions were not justifiable (if what you say is true, I don't think they were) but you can't overlook everything that GPL'ed code has accomplished just because of the sketchy nature of its origin.

  • by friedo ( 112163 ) on Monday January 17, 2000 @04:00PM (#1363974) Homepage
    It doesn't matter. You can charge any ammount of money you want for your binaries, distribution media, etc. All the GPL requires is that you make the source code available for free or for the cost of shipping.
  • by bons ( 119581 ) on Monday January 17, 2000 @05:05PM (#1363975) Homepage Journal
    As it is now, An article is posted if one person thinks it's a good idea. It is rejected if one person thinks it isn't.

    Moderation allows a large number of people to collectively decide an news items worth.

    In this case, -1,troll.

    In addition, article moderation allows for less articles submitted as we can check for duplicates. Also it would give you guys more of a break. Allow yourselves ultra-moderation if you want, so that you can set the score of an article and not allow the regular moderators to adjust it.



    -----

  • by Mike_K ( 138858 ) on Monday January 17, 2000 @04:29PM (#1363976)
    No matter what interpratation you choose the GPL is probably still good. Sure some group of people could decide to create their own private version of GPLed software without legal fault, however, they are still restricted from selling their modified code.

    Technically, they can't seel it. But they can sell MEMBERSHIPS to an organization which will distribute only the binaries! Every new version gets new membership (with new membership fee), you can upgrade your memberships, etc. This technique allows for NORMAL, CLOSED SOURCE practices to take place using Open Source software! m

  • by NMerriam ( 15122 ) <NMerriam@artboy.org> on Monday January 17, 2000 @05:38PM (#1363977) Homepage
    But they can sell MEMBERSHIPS to an organization which will distribute only the
    binaries!


    Where in the GPL does it say that clubs/organizations can distribute internally without source?

    There is a big difference between a club member and an corporate employee, and those differences is why this "club" idea has no basis in legal reality at all (keeping in mind the GPL is a legal contract)...
  • by TheDullBlade ( 28998 ) on Monday January 17, 2000 @03:59PM (#1363978)
    Slashdot stories really are getting worse in the way they misrepresent minor stories as major disasters or breakthroughs. This is a rather trivial issue that has been kicked around for ages, and can't really be resolved without a legal battle (after all, you can make all the logical arguments you wish, but nothing is certain in court).

    I thought someone was finally going to bring up the possibility of reducing a piece GPL'd software to a sort of daemon which acts as a shared library. If the interface is designed rationally (i.e. code for it can be written from scratch easily), there would be no need to reuse headers or other GPL'd files. Then proprietary additions to the software could be made through the creation of a proprietary client program.

    I don't think anyone could make a case for communicating with a daemon being a creation of a derivative work. It is the same as the way you can make a script that runs programs which may be (and, in fact, are) GPL'd, without releasing the script under the GPL.

    The fact is that there is no way to freely distribute and freely allow modification of software while forcing all later modifications to be released to free. Programs can interact, yet be seperate. There are many examples of programs which would be useless without the existance of another program (ex.: anything that isn't it's own operating system...), but they are clearly seperate and the copyrights are held by seperate people.

    The GPL will not be upheld by legal threats, but by PR and competitive threats. Violation of the spirit of the GPL in this manner will create immense hostility from the Free Software community. Massive numbers will jump onto the hijacked project to duplicate the functionality of the proprietary additions, while eliminating annoying bugs and (of course) giving it away for free.

    I fully expect that some company will try this trick some day, and be brought to their knees as a massive grassroots PR campaign paints them as evil corporate monopolists demanding money for an inferior product.
  • by werdna ( 39029 ) on Monday January 17, 2000 @04:47PM (#1363979) Journal
    Giving the code to people INSIDE the non-disclosure boundary is not "distribution" within the meaning of the GPL, so it does not confer on such people the right to disclose the modified code without the approval of the company's official decision-making process.

    I think this may be too broad, legally speaking. Absent express definitions to the contrary, I believe a court would interpret "distribution" in the context in which it is used: a license to exercise exclusive rights to distriubute [cornell.edu] under the Copyright Act.


    (3) to distribute copies or phonorecords of the copyrighted
    work to the public by sale or other transfer of ownership, or by
    rental, lease, or lending;


    Accordingly, we should look for a transfer of title, rental, lease or lending. Accordingly, control or possession of a copy transferred among employees or agents of the corporation probably do not constitute a distribution. On the other hand, control or possession of a copy by a non-employee, non-agent, even if subject to nondisclosure would probably constitute, at least, a lending (bailment) of the copy.

    There are cases, I recall, holding that infringement occurs when a consultant/third-party is given access to copyrighted works for the purpose of repairing software on behalf of the licensee. However, I seem to remember that these cases went off on copying, rather than distribution.

    I'm just spitballing here, but it seems to me that a plaintiff asserting breach of GPL would probably do just fine in the case of a defendant who gave a customer/non-disclosee copies of a work.

    It would be fun to research the judicial gloss on this statutory language to see how it informs the question of distribution within a corporation.

    Nevertheless, for these reasons, I think "non-disclosure boundary" is probably too broad a range to permit non-distribution exchanges of copies. I imagine that the result would be probably much closer to an "in the family" (employees and actual agents) test.
  • by Tackhead ( 54550 ) on Monday January 17, 2000 @03:54PM (#1363980)
    Amen, amen, amen! Moderators, give that AC more points! This story isn't off on the wrong foot, he's off on the wrong leg!

    Corporations are individuals in the eyes of the law. They can be sued. They can even be convicted of crimes. Their directors can be held personally accountable for their [i.e. the corporation's] actions. Being an individual under the law is why corporations exist! There's a reason why you aren't on the hook to pay the bills when a company you own shares in blows up, and that reason is that the corporation is a legal entity unto itself. The corporation is responsible for paying its bills -- the shareholders aren't.

    The first line of the post from Mr. Rideau says it all: "in my interpretation [ ... ] companies are not individuals and have no right as such".

    While I happen to think the bugroff license is cute and witty, the fact remains that the law is not terribly interested in Mr. Rideau's gross misinterpretation of the notion of the corporation's rights as an individual. Slashdot dropped the ball on this one. The GPL is as sound today as it was yesterday. We don't know how well it'll stand up in court, but if it's defeated, it certainly won't be because of some cockamamie "interpretation" that says corporations lack rights as individuals under the law.

  • As I read the law, Stallman is right:

    Companies can keep their internal modifications secret as long as they don't distribute the code OUTSIDE their non-disclosure boundary - and once they distribute the object outside that boundary, they must also distribute the source.

    Giving the code to people INSIDE the non-disclosure boundary is not "distribution" within the meaning of the GPL, so it does not confer on such people the right to disclose the modified code without the approval of the company's official decision-making process.

    This is good. It means that a company can adopt GPLed open-source software without taking an increased risk that any company-secret changes they make for internal use only will be disclosed without their permission. That will make them more willing to adopt GPLed open-source software.

    They'll still have to distribute the source to their changes if they distribute the changes themselves generally. And they're more likely to distribute anything useful but NON-company-secret than they would if they were working with closed-source code.

    The only problem I see is if this speculation by legally-uninformed people, raising a spectre of employees disclosing their secrets, scares off management that otherwise would adopt GNU-licensed code.

  • by Nailer ( 69468 ) on Monday January 17, 2000 @08:06PM (#1363982)
    It seems Rob's taken things to heart. While I didn't read the vast majority of flamebait posts, neither do most people. The Slashdot community moderated up the posts that criticized the decision. None of them criticized Rob personally. They spanned both sides of ther argument.

    Calls for artticle moderation are valid, despite the fact that this may very well be difficult to implement.

    Rob, chill out. You posted an article that alot of peopel thought hadn't been background checked efficiently. That doesn't mean we hate you, it means we think you made an error in judgement. I'm sure the overwhelming amount of people who responded to this article would be saddened if you ever left slashdot - you are slashdot.

    You've brought thousands of people together tom participate in debate. Be proud of it ,but please expect that occasionally their opinions will differ from yours.

    You're having a bad day. Walk away from the computer, get drunk, have a shower with your girl. Wake up tomorrow a happy man.


  • by dsplat ( 73054 ) on Monday January 17, 2000 @06:32PM (#1363983)
    RMS wrote:

    I agree with that position, as a question of legal interpretation of the GPL. The reason is that the company is not distributing the program in that case.

    I don't think it is ethically right to permanently withhold useful improvements. But that is a different question from what the GPL permits.


    I saw this hole ages ago. The bottom line is that corporations function largely as fictitious people. Authorized people can enter into contracts on behalf of a corporation. The contract can outlive the person's employment or even the person. And it can enter into contracts on behalf of its employees, assuming that those contracts are legal.

    The interesting test case would be one where a company makes changes that they want to keep to themselves to GPL'ed code and one of the employees releases them. What it would be testing is whether the employees could act as individuals with respect to the enhancements to the code.

    I agree with RMS that it would be ethically wrong, violating the spirit, if not the letter of the GPL. Furthermore, I don't think it is in the interest of the company doing it. Eric Raymond has written about the reasons that projects don't fork [tuxedo.org] in Homesteading the Noosphere [tuxedo.org]. Nearly all of the reasons that apply to a forked open source project apply in greater measure to an internal project by a company. But there are a couple of other issues that are special in this case:

    1. The corporation can't release to anyone external. They can't hire an outside contractor to work on it for them. That would be restricting the third party's right to redistribute the source. That restriction may apply even to providing it to their own employees. It would not apply to a team voluntarily restricting their own rights to redistribute their enhancements, I think. Ask a lawyer.
    2. Because of the first issue, they would have to merge in any changes happening on the public fork entirely through their own effort or forego the benefits of any additional development there. As time went on the value of their version to them would fall. And the value of their changes to the rest of the world would as well.


    In the end, I think it is an unlikely scenerio to last very long. In the short run, I could see a company wanting to keep some development private. A hardware manufacturer might keep drivers secret until they release their product in order not to tip their hand to the competition. I honestly don't think that is something we even want to try to discourage. If allowing them to do that encourages them to release open source drivers after the product release, I applaud them.
  • by Anonymous Coward on Monday January 17, 2000 @03:26PM (#1363984)
    Companies are not individuals and have no right as such. The author seems to have missed on a large body of law that says otherwise. The entire position seems based on his opinion or personal preference rather than actual juridical decisions. I might have read more than two replies into the thread if he had bothered to offer court decisions supporting his belief that licenses can only apply towards individuals. But what do I know, I'm just an Anonymous Coward.
  • by Chris Johnson ( 580 ) on Monday January 17, 2000 @07:26PM (#1363985) Homepage Journal
    OK, I went over this and actually wrote RMS about it _months_ ago. Here's the story:

    If you are a corporate employee, this can override certain 'human rights' you might think you have. You may not be entitled to your own thoughts, or ideas. You probably are safe from being legally tortured to death with pitchforks, look on the bright side :)

    This fellow's hysteria seems to be based on the notion that people who are part of corporations have some sort of 'individual' rights. It's a pleasing argument, but largely hypothetical. Expect corporate powers over 'their own bodies' to become stronger and stronger as they are challenged.

    To a corporation, firing and suing an employee to ruin the employee's life because the employee posted internal GPL code is the same as you cutting your toenails or burning off a _wart_. There is reason to believe that this perspective would hold up in court, because the employee theoretically had complete freedom to join, or not join, the corporation in the first place. Having joined, the employee's 'rights' or lack of same are spelled out in contract law... the person might find that they themselves did not own the ideas they used to modify the GPLed software, or any of the other ideas they talked about at work or came up with at home- so after being fired they could be left with _only_ publically GPLed work, and the company project which they forcibly publicized ahead of schedule- and everything else they did, not having been GPLed by anyone, is property of the company and if they tried doing anything with that, they'd be hosed, slammed into the pavement by a very slam-dunk sort of case in which they are STEALING TRADE SECRETS not theirs to GPL.

    That is an ugly scenario, but it is quite real. So the trouble is not the corporate employee being harmed for exercising their right to GPL- they have no such right, they are a corporation's toenail in the legal sense and are not entitled to any such grandstanding. The trouble is on a more pragmatic level, and it's a medium sort of trouble, not a big trouble.

    Basically, the corporation can fork a GPLed project and put massive resources behind trying to produce a significantly different version, all under tight wraps. It's allowed to discipline its parts as it sees fit, and is allowed to keep its work entirely to itself until it releases it with a well-funded publicity splash. At this point it must release source, and anyone can extend off this reference point- but the corporation can turn around and begin another round of complete revamping under complete secrecy, refusing to cooperate with outsiders.

    I spoke to RMS about this, seeing it as a sort of loophole. He remained unperturbed, and I think I understand why- to RMS, 'free' development will always outpace, always outproduce such closed environments. For RMS this isn't even an issue, much less a loophole, to him it's the corporations being fools by turning away from a world full of willing helpers.

    I don't know if he's right or not. Certainly he has a point- though there are also examples of types of work where a controlled team can outperform the bazaar- particularly game or art projects where the project's goals and values are very much a judgement call. On the other hand, OSS moves really fast- in the event of a radically altered GPLed codebase being sprung on the world, everything about it would be known and understood within days- there's not a lot of strategic advantage to keeping secrecy when you're inevitably going to make full disclosure anyhow.

    Final analysis- this really isn't about the GPL so much as it's about corporatism. Like it or not, corporations get to own people and their ideas, legally. They also get to play in the fields of OSS alongside ill-funded hackers, and what they lack in nimbleness and cooperativeness they gain in sheer ability to market and distribute on a global scale.

    It may be that eventually corporations will set the course for OSS by using their capacity to control collective programming skills and choke off communications. However, in a way this hardly matters- the source will get out there, no amount of GPL-allowable obfuscation (i.e. minimal) would stand up to the eyes of the world for longer than six hours or so, and frankly, if anyone thinks the amount of kluge and mess created by a world of corporate OSS 'coders' trying to trip each other up... would be worse than the current world of _closed_ corporate coders collectively trying to do exactly the same thing, with no expectation of eventual source disclosure.

    Expect the corporations to abuse their privileges as hard as it can. It only adds a scattering of immensely rich, and twisted and obnoxious 'individuals' to the talent pool. Think of it like having some prima donnas who keep re-inventing everything, and just roll with it...

  • AC wrote:

    Companies are not individuals and have no right as such. The author seems to have missed on a large body of law that says otherwise.

    Sadly, this is untrue. Someone else pointed this out earlier but it bears repeating: in the United States, a corporation is a "natural person" under the law, entitled to all the same rights as people who happen to be made of meat.

    This great Adbusters article [adbusters.org] goes into a lot of detail of the history of corporations and how we ended up in this mess. From the article:

    Then came a legal event that would not be understood for decades (and remains baffling even today), an event that would change the course of American history. In Santa Clara County vs. Southern Pacific Railroad, a dispute over a railbed route, the US Supreme Court deemed that a private corporation was a "natural person" under the US Constitution and therefore entitled to protection under the Bill of Rights. Suddenly, corporations enjoyed all the rights and sovereignty previously enjoyed only by the people, including the right to free speech.

    This 1886 decision ostensibly gave corporations the same powers as private citizens. But considering their vast financial resources, corporations thereafter actually had far more power than any private citizen. They could defend and exploit their rights and freedoms more vigorously than any individual and therefore they were more free. In a single legal stroke, the whole intent of the American Constitution -- that all citizens have one vote, and exercise an equal voice in public debates -- had been undermined. Sixty years after it was inked, Supreme Court Justice William O. Douglas concluded of Santa Clara that it "could not be supported by history, logic or reason." One of the great legal blunders of the nineteenth century changed the whole idea of democratic government.

    Adbusters is wonderful, you should subscribe.

  • by Nimmy ( 5552 ) on Monday January 17, 2000 @03:43PM (#1363987) Homepage
    Here is my interpretation of the issue. Reading this is not a substitute for reading the real posts.

    Background: GPL says that you can't just distribute a binary (in essence). If you distribute at all, it must be with source.

    The Issue: Can a company make an internal distribution of GPL software and not release it? (E.g. NSA secure linux, or Corel closed beta)

    View 1: Companies are not people. A developer in a company may modify the code and give to other workers in the company. These other workers have all the rights to source from the GPL. Thus, if one worker decides to publish the modified code, the company cannot (legally) do anything, it's GPL code still. Thus, internal distributions of software can only be enforced through threat of firing. Even if only a binary is leaked, people who d/l the binary can require the company to give the source!

    View 2: Yes of course. That is not subject to the terms of the GPL, you are not distributing it. The problem with this view is that what if I want to sell modified GPL code? I can say: $10 to join NickSoft, Inc. Then I will send you code, but you may not distribute as terms of 'employment' with NickSoft. Boom, there goes GPL.

    The original poster says both views are flawed and you cannot have any other (legally they are mutally exclusive).

    RMS says, yeah maybe its a flaw, but its really minor.

    Again, this is only my interpretation. Read the original posts.

    (My personal opinion is close to RMS', its a very tough issue and is hard to avoid, however one states a GPL-like licence. I'd say leave it be)

    --Nick
  • by JoeBuck ( 7947 ) on Monday January 17, 2000 @03:35PM (#1363988) Homepage

    The idea is that someone creates an organization, and then requires everyone to be in the organization as a condition for software distribution. Then the modified GPLed program is only distributed to club members, and all the club members agree to only distribute the program within the club. In a sense, the Trillian project (which is porting the GNU tools and Linux to the IA64 architecture, which is still under nondisclosure agreements) is such a club.

    So, does the fact that this can be done break the GPL protections? No, because it doesn't get around the requirement to provide sources to everyone who gets binaries. Attempts to do this kind of thing for a different reason (e.g. charge everyone big bucks for being in the club and forbid them from sharing information with outsiders) may run afoul of antitrust provisions in the US and the EU (forcing people to be in a club before you do business with them may not be legal, depending on the circumstances).

    RMS often points out that the GPL (and other licenses) shouldn't be written, or read, as if they represent the whole of the law. Just because the GPL doesn't exclude some possibility doesn't mean that it is legal. It may be illegal for another reason.

  • by Kaufmann ( 16976 ) <rnedal&olimpo,com,br> on Monday January 17, 2000 @05:34PM (#1363989) Homepage
    As a colleague of Faré in the Tunes project [tunes.org] (shameless plug) and a subscriber to (and occasional participant in) the cybernethics mailing list, I'd like to point a few things out.

    First of all, Faré is French and resides in France. So before attacking his integrity, honesty, manhood, morals, intelligence, competence or whatever, ask yourself this question, American-boy: do you have any idea as to how French law applies to this issue? What if it were the case (perhaps not in France, but somewhere else) that this loophole _were_ applicable and an issue under some other country's law?

    Also, as other posters have said, Faré is worried about what might happen if a corporation were created with the express purpose of hoarding otherwise GPL'd code. This might be an issue.

    Finally, please don't fuck cybernethics up! If you want to join in on the discussion, that's great, but the membership is really soaring, and it'd be very unfortunate to see the list deteriorate, and I'm afraid that this is going to be the case. So try to keep the S/N ratio up.

    Anyway, if anyone cares, Faré and I are on IRC right now (#tunes at openprojects.net). If you've got a problem with him (or me!), come over... we've already got the boxing ring set up.

Bus error -- please leave by the rear door.

Working...