hypothetical(?) GPL problem

Alessandro Rubini rubini at gnu.org
Thu Jun 21 13:54:01 UTC 2001


Hello.

Sorry for the delay, I'm expected to do real work sometimes, though rarely :(
It looks like this might turn in the usual BSD/GPL flame war, but unless
it gets hot it might be constructive as well.

Alessandro:
>> The idea has always been more in the lines of "do ut des": I give my
>> software if you give me back yours (that uses mine, otherwise I have
>> no say in your licensing policies). And it seems a fair game to me.

Marc:
> I think, that's also the idea behind BSD. The difference is, if you want to
> enforce this or not.

Not a minor difference, though.

> Does anybody have any statistics or experiences which
> approach was more effective in the long run? I could imagine, that it is
> more tempting for a company to use a library, if it is BSD-free. And that
> they might consider sending their modifications to the original developers,
> for whatever reason.

They "might consider". But they have no reason to, actually. And there
are a lot of case where they don't.

> While on the other hand, they might be scared off by
> the (L)GPL and thus not touch the library at all. Which results in no return
> at all. What will be of more benefit on a large time scale? Even if only one
> company in one thousand sends patches, this is still more then none at all.

It is more than none, but is it better or worse? You must remember
that in your case you have helped further several proprietary programs.
In the (L)GPL case you only helped free software. (Sure, in the LGPL
case they could do, but your condition included the "being scared off").

Alessandro:
>> Company P can use my free library inside their web server to deliver
>> .png barcode images to the end user. The end user will never know that
>> it's produced by a modified free package. Still worse, a company can

Marc:
> I wonder, why a company would want to hide the origin of a lib, if it would
> have been perfectly legal to do so. In case of the GPL it is clear. If they
> would reveal, that they use your lib, you could sue them.

No, they are allowed to use it, and to not give source to the user
because the user doesn't run the program. And, in any case, nobody is
interested in telling how did they accomplish the result. The result
must look "new millennium technology", this is how the world goes.

> On the other hand, if linking your lib into their program would be
> legal, why would they want to hide this fact from the end user?

Because if all users know, some of them will get the free library and
not pay for the service any more.

> It could be even a plus for them to tell their users, that they use
> a known good lib for their program.

This only works in a few cases. Apache is a good example. When I was
questioning with an Apache developer that lives in my town, he showed
me how nobody has interest in forking a proprietary versio of Apache,
and most companies contributed back. But Apache has a huge developer
community; any fork would suffer from continuous resyncing with the
original product. But for almost every project, a company would take
huge advantage in forking the product and become the leader, putting
the original out of market. This applies to *everything* that I am
doing. I *must* use the GPL to protect myleft from what I would call
"theft".

> So maybe one should only enforce to _acknowledge_ the usage of a
> free lib by closed source software companies, instead of restricting
> the usage itself.

I know there are problems with this, but I don't remember the details
(at least it's not GPL-compatible, but it may be non-enforceable too,
I don't remember).

> The issue, that someone can use your source code to make money has been
> discussed here widely and I think, we agreed, that we are aware of this and
> that we accept this. So if you write a web server and someone uses it to
> earn a living through web hosting, that's considered as being OK. Same for
> compilers or bar codes from web pages.

Yes. My problem is with "proprietarisation by remotisation" (not
English, but I can't find a better way to state it). If someone
extends GCC and sells a "compile on demand" service, this *is* against
user's freedom. You may have a CPU whose compiler is not free yet it
is GCC.  It would be legal, because who has the compiler doesn't
distribute it but only uses it internally. 

>> I think *this* is an issue.
Exactly. I agree with myself here :)

>> Do you remember
>> about http://www.freeworldlicence.org/ , (passed here in December).
> 
> No, but it doesn't make to much sense to me either. You don't want separate
> worlds.

It doesn't make sense to me, either. The point I was making is that
for some kind of resctrictions you *must* have the user sign the
agreement.  You can't control everything via implied agreement. You
can't restrict use of the software without having the users know about
it, or they will behave illegally without even having a chance to know
it.

> You want free software to penetrate the closed source software field
> too and replace some of these existing solutions with free software. But you
> can only achieve this, if you allow both worlds to mix.

Yes. I can run GCC on Windows (if I had one), and this is good. But
proprietarization, as allowed by BSD/MIT licenses, cannot help
spreading of free software as much as it helps spreading proprietary
software. I'm told that Microsoft uses a BSD-derived TCP/IP stack.
I'm told (maybe on this list, I don't remember) that most IP utilities
they ship are berkeley derived (run "strings" on them and check).
 
>> And yes, the more I think about the original question, the more I'm
>> convinced it can be done. Well, companies are already distributing
>> binary stuff that the user must link with the Linux kernel (like the
>> disk-on-chip driver: I used it, no thanks).
> 
> And it brings me back to my original comment: Why should we want to do
> anything against it?

They are circumventing the GPL. It reminds me of the "Ethics of
Circumventing OS" thread (march and april, here).

> There are quite a few examples of companies, that
> started with closed source "contributions" to free programs, but later
> decided to release the source code, often under the GPL.

Often, stuff is GPL'd to avoid it to die. And that code is not usually
high quality code. Sometimes it even had backdoors
(http://www.securityfocus.com/templates/article.html?id=136).

I think there are more examples of companies that proprietarized
without giving back. Let me restate I don't think the BSD-type
licenses are bad, they are just not enough to protect authors.  I
personally wouldn't feel safe using them (yet, for an X module I wrote
I used the MIT license, for compatibility).



Oh, BTW, did you all read the new Microsot EULA at
http://msdn.microsoft.com/msdn-files/027/001/516/eula_mit.htm ?

     (c) Open Source.  Recipient’s license rights to the Software
  are conditioned upon Recipient [...] (ii) not using Potentially
  Viral Software (e.g. tools) to develop Recipient software which
  includes the Software, in whole or in part.  For purposes of the
  foregoing,

So, they forbid you to use a free ("potentially viral") compiler to
compile your own stuff, if it has to be linked with theirs. Oh, and
the (i) point removed above states you can't "distribute such
Software, in whole or in part, in conjunction with Potentially Viral
Software". Interestingly, you can't distribute the software at all, so
this is just a mean to restate the "viral" accusation.

Sorry for the length, thanks for getting that far :)

/alessandro



More information about the Discussion mailing list