[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: A newbie's confusion about GPL

on Sat, Oct 18, 2003 at 11:35:06PM +0800, Dasn Cups (dasn@users.sf.net) wrote:
> On Sat, Oct 18, 2003 at 11:09:08AM -0400, Paul Smith wrote:
> > If you use GPL'd code and distribute the results and refuse to hand out
> > the source code, the copyright holder of the GPL'd code can sue you for
> > copyright violation.
> > 
> > If you really meant code owned by the GNU project, the copyright holder
> > is most likely the Free Software Foundation (FSF), and they would sue
> > you, if it came to that.
> > 
> The problem is that if I refuse to hand out the source code, who will know
> that I used GPL'd code? By disassembling?

Various means.

First note that the lifetime of copyright in the US and most Berne
signatories is authors life + 70 years.  Odds are that your liability
for infringement will extend into the foreseable future.

Statute of limitations is 3-5 years for various remedies, _from date of
infringement_.  Meaning:  if fifteen years from now you distribute,
copy, broadcast, or otherwise exercise an exclusive right of authors in
violation of the GPL, your liability will extend another 3-5 years (for
various remedies) from that point.

GPL violation can be detected by various means.  First:  be aware that a
great many people are aware of GPLd code, particularly more poular
projects.  The odds that someone will become aware of an infringement of
your project over its lifetime are pretty good.

I've talked with Jeremy Allison, one of the Samba developers, about this
a few times.  Turns out that a freely available, source-code accessible,
implementation of the MS SMB / CIFS protocol which often performs
_better_ than Microsoft's own product, is highly tempting to a good
number of folks.

Ways infringement has been noted:

  - Watching network traffic.  The Samba team knows SMB protocols and
    traffic signals.
  - Binary signatures.  Executables and libraries cary distinctive
    signatures which are readily detected.

  - Infringers source tree accessible.  It's happened.  Browse right on
    in and surf.

  - Developer migration.  Peple working on Product X leave project and
    drop a note to GPL team saying "you might want to look at this".

  - Customer suspicions.  Customer (or prospective customer) sees
    proprietary product and thinks "Hmm...this looks an awful lot
    like...".  On analysis, this is readily determinable.

Finally, while legal countermeasures are one option, an equally
effective one is to simply publicize the fact that a given product is in
GPL violation and that the company producing it is failing to comply
with GPL terms, if other negotiations fail.  Since most violations are
for commercial purposes, the prospect of facing zero demand (and
potentially high-stakes fraud suits from customers) for a product known
to contain infringing software.

Of course, if you feel this is an acceptable business risk, you're more
than welcome to test the system.


Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    Bush/Cheney '04: Over a billion Whoppers served.

Attachment: signature.asc
Description: Digital signature

Reply to: