“Companies using Linux for embedded applications may be unwittingly violating the Linux license and even breaking federal securities laws, according to a research published by Wasabi Systems. According to the study, the problem lies with the requirements of the Sarbanes-Oxley Act that companies disclose ownership of intellectual property to their shareholders. The study indicates that dozens of companies are discovered each year to have violated the terms of GPL, and if they are public companies, they are violating Sarbanes-Oxley.”
Companies better start complying with the GPL. This way they won’t get in trouble with the Sarbanes-Oxley Act. And it’s the latter one and not the first one which is the “problem” here.
[from TFA]
> If companies are violating the GPL, they don’t have the
> right to use that software.
Is this true? I thought they only lose the additional rights given by the GPL, namely to modify and redistribute the software. Can anyone clarify this?
– Morin
I think it’s meant “use GPL in their products” e.g. use defined as “distributing and modifying”.
The companies can of course use GPL’ed software internally, but they cannot use GPL’ed software in their products if they don’t comply with the GPL (this is distribution of possibly modified software).
>Is this true? I thought they only lose the additional
> rights given by the GPL, namely to modify and
> redistribute the software. Can anyone clarify this?
Correct. The GNU GPL is a copyright license. It specifically only restricts modification and/or redistribution of the software. Part of Section 0 of “TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION” reads as follows:
Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.
(Emphasis added.)
Actually I see most people blindly believe FSF interpretations of GPL without actually reading the licence themselves.
And the licence is very vague on stating what actually is a devivative work. (it states that US copyright law contains the actual definition, and I (not being US CP right expert myself) would like to have a definitive, internatilonally tested interpretation of said law with regards to combining software modules. So far I have yet to see one.
The problem is not that GPL is too weak. The problem is that it could be effective in more cases that FSF make us believe.
Eg. you put compiled (unchanged) GPL SW and proprietary components on the common flash image in some embedded appliance.
From the outside perspective they are one product and are not distigushable. Will you have to give your components out or not?
I would be happy to know but so far I’m not sure.
Worse matters go with closed source modules. Most kernel hackers agree that it’s ok, but a single copyright holder of the included kernel headers (e.g. from your competitor) could put you in a hot water.
I’d love to see more embedded developement around linux but GPL need serious tydying othewise it’ll becomes a serious obstacle imo.
A single hi prof lawsuit could make a terrible PR damage to GPL and whole OSS movement, and make the industry turn off.
Eg. you put compiled (unchanged) GPL SW and proprietary components on the common flash image in some embedded appliance.
From the outside perspective they are one product and are not distigushable. Will you have to give your components out or not?
According to GPL v.2 you will not have to release sources for your own components, unless they contain substantial GPL’ed sources (one line of code is not enough to make it a derivative product). It’s a bit more complex in regard to linking, dynamic as well as static linking, but you have to use at least a GPL-compatible license. Whether or not the final result counts as a derivative work is however not for me to predict.
However, merely putting GPL’ed components on the same media as proprietary components does not make your components GPL’ed. The GPL-license clearly states this.
Mere aggregation has no influence on licenses.
Here is the licence excerpt in question to make my doubts more clear. I emhasised vague terms which are key to interpretation of GPL. Also please keep in mind that as long as you include GPL licenced binary components its the relation beetwen them (in addition to their source form) and your components that is subject to this interpretation.
What if your components are completely functionally dependend on GPL ones and hide them behind interface you’ve created?
I’m not asking about common sense or current industry practice but whether it is possible that *any* judge in *any* country could interpret them against your favour.
(…)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
This will depend on the interfaces, and the said country. This is however only a problem if you intend not to comply with the GPL.
There is of course no way you can get any guarantee against a judge in some weird country interpreting the GPL in some weird way.
I wholehartedly want to comply with GPL.
But first I have to know what it actually means.
It has nothing to do with complying or not complying. It has to do with the actual license having gray areas that even lawyers are not sure how to interpret.
The shakiness of the GPL around corporate law offices is even worse when it comes to the embedded space. Of course none of the legal clarifications have really come into play because most developers aren’t anal about it.
It’s not shaky in Europe. It’s no more shaky than other licenses.
Microsofts EULA, and the Apple EULA are extremely shaky in Europe.
It’s easy to find a lawyer without personal integrity what-so-ever (look at SCO/Caldera), willing to try to circumvent the GPL.
Comply with it without any intentions to circumvent what-so-ever, and you won’t get in trouble.
Just like any other license.
t’s not shaky in Europe. It’s no more shaky than other licenses.
It’s more shaky than a BSD license, europe or not.
*LOL*
Leave religion out of this.
*LOL*
Leave religion out of this.
It looks like you just responded to the wrong person.
Not when replying to a known BSD-zealot. One of those who cannot live with other choices than BSD and proprietary.
No, I stick with the technical and practical issues unlike you insane GPL bible thumpers.
It’s more shaky than a BSD license, europe or not.
Care to elucidate or are we supposed to just take that statement on faith.
It’s not shaky in Europe. It’s no more shaky than other licenses.
Microsofts EULA, and the Apple EULA are extremely shaky in Europe.
My problem always lies here: if someone breaks the GPL, people squeal violation all over the place and demand the violator’s head.
Yet, if someone makes a few copies of Windows XP to run on all three of his PCs… It somehow is magically allowed and MS shouldn’t wine. Same goes for people trying to install OS X for Intel on any other machine than a Mac (license prohibits it).
In both cases, a license is broken. In both cases, it is wrong. You cannot approve of one, and disapprove of the other.
This is no personal remark towards you, Dylan, just a note in general. You just provided the perfect comment to reply to
.
Well, that’s fine with me
And you’re right. Licenses are to be followed. If you don’t like the license, don’t use the software.
It’s pure luck for me that the MS EULA is in part void in Denmark.
But not the part with numbers of XP running on machines. If you have 3 PC’es you need 3 licenses. Unreasonable, but that’s the license. Live with it.
Think about the nature of the claim you are making. Actually, let’s look at the issue in terms of the law in general as I think that will make the problematic nature of your claim more apparent.
Murder is illegal & murder is wrong –> what is illegal is also wrong.
Which seems somewhat reasonable on first glance (ignoring the obvious logical fallacy) but reveals itself to be deeply problematic if the law we are considering compels those of a certain skin color to sit at the back of the bus. The class of illegal actions and the class of immoral actions are not necessarily coextensive.
The very same considerations should be brought to bear when considering the licensing terms. It is good to adhere to the terms of the GPL because 1) the terms of the GPL are just and reasonable, and 2) it is good to adhere to the terms of a license on the condition that those terms are just and reasonable.
Violating the terms of a license may indeed be illegal, but it cannot be concluded from this that the license violation is also immoral unless it is first established that the terms of the license are themselves just and reasonable. Unless of course you’re willing to bite the bullet and assert that the law defines not only legal and illegal but also right and wrong.
Personally, I consider it perfectly just and reasonable to require a separate license for each and every machine a piece of software is installed on. I do not, generally speaking, consider it to be either just or reasonable to stipulate, particularly in the form of a “use implies consent” license, that I will limit my use of a piece of software to terms dictated by its publisher. Installing OS X on non-Apple hardware may well violate the terms of the license, but I’ll do it anyway, and I’ll do it in perfectly good conscience, as I don’t consider those particular terms to be just and reasonable. The same is true with respect to making copies of my DVDs for my own personal use, namely for backups and transcoding them for use on other devices.
My problem always lies here: if someone breaks the GPL, people squeal violation all over the place and demand the violator’s head.
Yet, if someone makes a few copies of Windows XP to run on all three of his PCs… It somehow is magically allowed and MS shouldn’t wine. Same goes for people trying to install OS X for Intel on any other machine than a Mac (license prohibits it).
The comparison is slightly unbalanced here. Try to sell fifty thousand routers with an unlicensed Windows system, and see what happens.
Same goes for people trying to install OS X for Intel on any other machine than a Mac (license prohibits it).
Yup, and that part of the license is illegal in Europe or more correctly. It’s void. You can – in Europe – install Mac OS X for x86 on any x86-compatible PC no matter the license, because Apple are not entitled to come up with such licenses in Europe.
Besides that I consider such a license extremely inappropriate.
The two cases you listed ae fairly concrete examples. Putting GPL and proprietory components on a common flash image is merely amalgamating two existing works, and is thus not a derivative work (since neither original work is modified). It’s just like selling three different books as a single set — if you have the license to distribute each book, you have the license to distribute them as a set.
Closed source modules are also fairly clear. Linking a binary module against the kernel modifies both the kernel and the binary module, and the result is a derivative work of both.
That aside, your point about the fuzziness of “derivative work” is well-taken. However, your wrong in saying that the GPL needs to better define it. The GPL has no legal standing to define “derivative work”. The definition must be figured out from copyright law and precedence. The GPL is a copyright license, and can only govern what happens when you try to distribute a deriviative work — it cannot tell you, in a legally binding manner, what constitutes a deriviative work.
If that’s the case, the excerpt I later brought is at best redundant and misleading and at worse potentially selfcontradicting.
Funny how wasabi systems’ business model is BSD-based.
http://wasabisystems.com/
“Wasabi Certified BSD, a certified, tested, and optimized version of the BSD operating system, offers the rich functionality of BSD Unix without Linux’s troublesome GPL License.”
So they’re doing themselves a favour, while hurting opensource as a whole when crying wolf. Neat.
Wasabi Systems is a NetBSD shop. See http://www.osnews.com/story.php?news_id=3187
That is why they kind of “fight against” Linux and the GPL license.
They seem to have learned a few marketing tactics from the big boys. Wasabi Systems is just trying to drum up business with a marketing trick. They would have you believe that the white paper is some kind of benevolent research that they did to protect businesses when in actuality, it is just one more FUD tactic.
“According to the study, the problem lies with the requirements of the Sarbanes-Oxley Act that companies disclose ownership of intellectual property to their shareholders.” … “If companies are violating the GPL, they don’t have the right to use that software. And if they don’t have the right to use the software, they’re violating federal law if they claim that they do.”
Certain points of their study seem entirely valid, but the jumps in logic they take scream “FUD” to me. A GPL advocate could take this very same study and come to a different conclusion: GPL’d software is great, but there are even more serious consequences for violating its license.
People don’t choose the GPL because they want someone to violate it or because they want to violate it themselves. Don’t violate the GPL, and you won’t have any problems.
The only companies that have reason to worry about this are those that are breaking the law in the first place.
“Don’t violate the GPL, and you won’t have any problems.”
I don’t think anyone disagrees with this, the issue is exactly what violates the GPL. Even the FSF has admitted that the GPL needs clairfication.
And if in doubt you can contact FSF
The FSF doesn’t make law. You contact an attorney. But of course a GPL zealot like you would say contact comrade Stallman for all the info you need.
I’ve never claimed they made laws.
Nor do I consider Stallman a “comrade”. There is nothing communistic over GPL. Not even the slightest bit.
I’m not a GPL zealot. There are many cases where I consider LGPL or MPL or the MIT-license (or revised BSD) to be much better choices. GUI Tool Kits for an instance.
And if you want to create proprietary software products, then GPL is of course a mistake.
I prefer GPL for what I call End User Software, but the underlying elements in an OS is something I prefer to be licensed differently. GPL with an exception can be useful here. LGPL or the MIT license are other choices. LGPL is however even more complex than GPL.
of course a GPL zealot like you would say contact comrade Stallman for all the info you need.
You just confirmed you are an anti-GPL zealot who refuses to conduct a rational discussion.
If fsf isn’t the copyright holder, they can only make advises.
Whether any attorney will follow them is completely another matter.
In which case you contact the copyright holder.
As you would with any other license.
What if he/she tells you X and than tells ~X to the judge?
If you can prove he (or she) said X to you, then you’re off the hook.
Hands has it absolutely correct. This is a bunch of BS. There may be other federal laws being violated when the GPL is violated, but it isn’t necessarily a SOX violation.
Without getting into the merits of the GPL, the simple fact is that SOX never mentions the words “intellectual”, “property”, “IP”, “software” or “license”. The concept that “the problem lies with the requirements of the Sarbanes-Oxley Act that companies disclose ownership of intellectual property to their shareholders” is just patently false. Sarbanes only requires companies to disclose off balance sheet liabililities and any contractual obligations that are reasonably likely to have a material impact on the financial condition of the company. There is no requirement to regularly report on IP per se.
Linux users (read: end users) are NOT liable for GPL violations and are NOT liable under sarbanes-oxley – because they are individual entities who are using a PRODUCT (whether they know what’s in it or not).
Companies that MAKE linux based products (or other products under the GPL or other ‘free’ licenses) can be liable under sarbannes-oxley IF they are deemed to have violated the terms of the GPL and don’t properly disclose their ownerships.
Most of the companies that make such products can hire an IP attorney to go over the GPL if the higher ups don’t know what is going on. Having an attorney on site is common practice these days for these publically traded companies
FUD, simply FUD. This is discusting
Quoting from:
http://www.wasabisystems.com/gpl/soxgpl.html
“The simplest answer is not to cheat. However, there are two problems with this simple response. First, most companies do cheat, because compliance is expensive; […]”
Nice slap in the face of their potential customers.
cheers,
dalibor topic
But what I wonder is, why bother with the licensing issues of embedded linux if BSD is available?
Yeah, this is a typical troll question, but I’m serious–what would be the advantage that offsets the extra legal overhead?
And if you think there is no legal overhead, I would argue that anything that makes something more complicated to deal with, especially if not technically relevant to the project (as licensing is not), is overhead.
It’s smart marketing to point out the pitfalls of the GPL license and emphasise the benefits of the more free BSD license.
Please not another
“free” vs “free” flamewar.
Wasabi Systems is just pointing out the strings attached with the GPL. The BSD license is more free than the GPL. That’s just fact. The funny thing is that the GPL license is probably more business friendly than BSD when you look at it from the perspective of an organization like Trolltech.
At least you are free to violate other software licenses, and not violate Sarbanes-Oxely. At least that is what I gathered from the article.
I suppose only violating the GPL is a SOX violation, and violating other software licenses is okay. Otherwise, why write an alarming article about it?
From the article: “Linux is a powerful operating system,” says Jay Michaelson, an author of the study and Wasabi Systems’ General Counsel. “But if companies violate the license, the consequences can be more severe than they think. . . ”
Before I read this, I thought violating *any* software license was illegal, but now I see it’s only illegal to violate the GPL. I guess it’s okay to violate other software licenses. Otherwise: what the difference?
From Wasabi’s website:
“Wasabi Certified BSD, a certified, tested, and optimized version of the BSD operating system, offers the rich functionality of BSD Unix without Linux’s troublesome GPL License. ”
Whew, thank god, Wasabi exists. Now I can violate the Wasabis license agreement, and not do anything illegal. After all, only violationg the GPL is illegal.
At least you are free to violate other software licenses, and not violate Sarbanes-Oxely. At least that is what I gathered from the article.
Wrong this actuallly applies to any software licence. “the problem lies with the requirements of the Sarbanes-Oxley Act that companies disclose ownership of intellectual property to their shareholders”
If you illegaly bundled in a product some MS software that you had no valid licence for, you to would be violating the Sarbanes-Oxley Act. It simply means that for any third party software you use in a product that you distribute then you must have a valid licence for it. The implication of the article is that the BSD licence is so loose that it is nearly impossible to violate it.
The author, who has an obvious agenda, ignores the fact that violating *any* software license (including Wasabi’s) can get you into trouble.
Although you would never know it from the title, the article refers exclusively to people who *violate* the GPL. It’s like saying that people who drive cars may face jail terms for DUI.
Take a look at Wasabi Systems website: “Wasabi Certified BSD, a certified, tested, and optimized version of the BSD operating system, offers the rich functionality of BSD Unix without Linux’s troublesome GPL License.” In other words Wasabi is a direct competitor with GPL’d software. Right on the front page of Wasabi’s web-site they are bashing the GPL. Nothing like an unbiased “study” I always say. I wonder who wrote the article, no mention of that. Hmmm.
“If companies are violating the GPL, they dont have the right to use that software.”
Is that even acurate? My understand of the GPL is that it does not restrict, only distribution.
I knew it, Linux, is a big law-breaking OS. got you red handed.
Yup, The GPL is one of many problems of Linux.