Abusing the GPL? 771
"How, you may ask?
Integrate the highly useful GPL code we're eyeing into our only slightly more complex (but much more lucrative) project, thereby saving us at least 30% of the coding involved. The company then go all the way to production with it, but instead of finally compiling the actual project for distribution, they instead compile a bunch of incomprehensible gobbledygook that just happens to compile to the same bytecode. You know the game: globally replace every function name, variable name, and so on from our code with nonsensical names (or random characters), remove all of the comments, and any other form of obfuscation they can introduce. They will then GPL the obfuscated gobbledygook, which isn't much more useful to anyone than reverse-engineered bytecode would be (it is a complex project). 'Voila!' All the benefits of a huge GPL project and countless thousands of volunteer hours and unreadable, incomprehensible source tree.
For the record: I do not think this is right yet, I have not been able to find any precedent for why the GPL should protect against this kind of abuse.
I'm not trying to snitch on my company -- or lose my job, which is why I am posting anonymously -- but hopefully some lawyers out there could point out some iron-clad legal reason preventing this sort of thing. I've read the GPL through at least a dozen times since yesterday, and so far it looks like our lawyer is right. I have not found any relevant linkage either, as I have mentioned. Links to extended legal analyses of the GPL from a technical standpoint (if any exist) would be the most helpful. All help is appreciated."
Spirit of the law (Score:3, Interesting)
So these people violate the "spirit of the GPL." Throw that at them in your court case. Cite other cases (esp. intellectual property cases) in which a decision was made based on the "spirit of the law."
-Evan
Maybe not legal, but what about PR? (Score:3, Interesting)
As far as I can tell, AINL, as long as you do in fact release the source code (and all linked pieces... must be careful about this), you are in compliance with the GPL, even if the souce code has been obsufacated as much as possible. Just remember though, *everyone* will get to see this source code. They will either know that 1. You are ripping them off by 'working around' the GPL. Or 2. Think your company is staffed with the most incompetent imbecil programmers anyhwere. So my question for you is... Why would *any* company want to release something that makes them look bad??? What exactly is the advantage they think they will get from this?
Re:Can't do it. (Score:2, Interesting)
the case of the zmodem source code (Score:1, Interesting)
Go ahead. Try it. Make my day.
Dirty Pool! But also confusing. (Score:1, Interesting)
I question the motivation.
How would this benifit your company? The source will still compile right? It still can be obtained free. right? This just seems silly. The problem people have making money off of GPL'ed software lies not in the open source code but in the fact that people can get for free what you are trying to sell. I mean when was the last time you looked at the source of a project that you just wanted to use, not develope.
Re:Sounds wrong to me (Score:2, Interesting)
Re:Your lawyer is a fucking retard (Score:2, Interesting)
(Of course I'm making the assumption that the original poster is governed by US law; it may be different in other countries)
Re:"viral license" (Score:5, Interesting)
You're a bit confused about when the GPL applies, but the original posting was confused on this point, too. If you process code with a GPL program, for example if you compile it with GCC, it does not apply the GPL to the processed code. Only in the case of linking or another means of creating a derived work, as in your example with Qt or KDE libraries, does the GPL apply.
Microsoft's talk about the GPL is just propoganda. They have no legal case against it. Any legal case they could construct would first have to invalidate Microsoft's own, more restrictive, licenses.
Bruce
Re:Dirty Pool! But also confusing. (Score:5, Interesting)
What if they claim that the obstafacation (sp?) is part of a copy-protection plan and that anybody whom writes a program to un-do it is violating the DMCA.
Could they sue even though the code is in fact GPL?
-J
Re:Dirty Pool! But also confusing. (Score:4, Interesting)
It could lead to a situition where corps. co-opt open source programs, embed a password protection scheme,than obfascate. They could then outright take all the code they want and make a program to give away. Then could then make money off of selling the passwords. All will being covered by the GPL and DMCA.
slashdot != legal advice (Score:2, Interesting)
If anyone wants to prove me wrong, please do so. We need people to stand up for the GPL and protect the hard work that so many people entrust to it's care.
Curious (Score:1, Interesting)
Re:Why did it take so many posts? (Score:5, Interesting)
Also how is the obfuscated version going to be produced. Either feeding the source through some for of obfuscating preprocessor or decompiling the object code would simply be creating a derived work anyway.
Effectivly you'd be trying to argue that you wern't infringing copyright because you scramble and/or encrypt before you distribute. You'd need a very good lawyer to convince any judge with this kind of argument.
Obfuscated Source is NOT source (Score:2, Interesting)
Obfuscated source, as you propose to distribute, is NOT the 'preferred format for making changes', because your company sure as hell isn't going to hack the messy obfuscated byte code when they need to update their product.
That mess that you intend to distribute may not be called 'source'. That affects how you may or may not use the GPL with respect to it, and I suspect that you probably won't be allowed to do it at all, no matter what 'incidental works' are involved. Your lawyer friend is only telling you half the story.
Bad Engineering (Score:3, Interesting)
I can think of a few other, better ways, to use GPL code in commercial projects without pressing everyone's ethics button so hard. Better engineering, better PR, less work. Is that so hard? Sounds to me like the lawyer wants to have a few years steady work, and your CEO is too preoccupied with being evil.
Re:Dirty Pool! But also confusing. (Score:1, Interesting)
There is no sort of notion of Copy Control on GPL code.
So, they made it more difficult to read it. Big Whoop.
If I ever find what company does this, I'll personally put their progream back into readable mode. Then I'll find all of their customers, and give them the source to this product FOR FREE. I'll post it on my webpage, I'll start a sourceforge project, put it on freshmeat, and tell
It will destroy their market, and for what reason? They decided to get all the benefits of GPL, with absolutely none of the detriments. Be a community player, or go play in your own field, I say.
--The Misanthrope
And if somebody DOES succeed in reverse-engineerin (Score:4, Interesting)
To take a lesson from GPL projects... (Score:2, Interesting)
There's an ethical workaround here that gets everybody what they want quite simply.
Modularize the interface to the GPL code. GPL release this module: your company has just contributed to the community, and that is a good thing.
Release your product commercially, and "bundle" with the GPL module and all appropriate GPL documentation. Make sure that during the installation process the separation of liscence is clear.
Your company's proprietary code is Copyrightable, the GPL code stays GPL, Everyone is happy.
Get a different license (Score:3, Interesting)
Without knowing the details of what GPLe'd application is involved, it's hard to give good advise, but you may be able to talk to the authors of the code to re-issue the code under an additional license. Maybe the authors would be willing to release the code under the BSD, LGPL, apache, or other license in exchange for a few bucks...
Of course if this is really old GPL with hundreds of authors this becomes difficult. You would need approval from all the contributers.
Obfuscated translation is copyright infringement (Score:3, Interesting)
I'm not a lawyer, so don't use this as legal advice. Instead, you (the author of this slashdot article) may want to show it to your company's lawyer and suggest that he track this down.
According to this link [ladas.com], there is a case called "Whelan" that established that duplicating the detailed structure of a program was copying of expression rather than ideas, and therefore copyright infringement.
Also, I remember reading a very good article about ten years ago by law professor Pamela Samuelson, I think in Communications of the ACM or some other ACM publication, that talked about this decision and mentioned "detailed structure and flow", which would make the case for infringement even stronger.
Finally, I recall reading somewhere, perhaps in that same article, that there is some common law rule that the standard of similarity by which copyright infringement should be determined is supposed to correspond to how much access the alleged infringer had to the original work. In other words, if the alleged infringer had easy access to the original work (e.g., had carefully read the original GPL'ed source), then the standard for proving infringement is supposed to be easier.
Again, I'm just a layman. Don't use this as real legal advice.
There's a way around this (Score:2, Interesting)
You could make the gobbledygook to be your preferred source, by creating a completely proprietary, non-GPL development environment, which provides a mapping from gobbledygook to human readable code.
In this case, your "source" is the gobbledygook, and you just happen to use a weird IDE...
Nonetheless, it's immoral... but possibly not illegal.
Re:And if somebody DOES succeed in reverse-enginee (Score:3, Interesting)
Slimyness does not pay. (Score:4, Interesting)
Well, assuming what you say is correct, the benefits are few... The chances of getting caught are moderate, but if you or one of your staff is laid off/fired/quits then the word will get out and make its way to the original authors.
Nobody needs to "squeal" either. Say I write a lot of code for GPL's project X and this company comes out with product X' which is almost the same, but better. Their code is extremely obscure as well...
I might out of curiosity, run one of those web-based code checking tools. These are designed to find cheating students and do not require similar variable names, etc.
If caught the costs would be painfully high. I think most software companies would rather face a ravenous pack of lawyers than face the savage hordes of a jilted Open Source community. Every day operations would become difficult due to clogged email/phone lines, not to mention that your good corporate name would be mud.
The B/C analysis is vastly in favour of crediting the original authors. I think your managers and your lawyers are playing dice with your company's future. If I was a share holder (let alone an OS geek or an employee like yourself) I'd be quite pissed.
Good luck!
-b
Short parade (Score:3, Interesting)
Just buy the damn code (Score:1, Interesting)
On more than one occasion I have written to authors of GPL code, stating outright that I am willing to pay for their code under a different license, only to be *given* written permission to use the code in a proprietary fashion.
Is a CVS repository a "preferred form"? (Score:2, Interesting)
Clearly, type 4 is what normally gets distributed when someone modifies a GPL project. But arguably, type 3 or even 2 could be preferred by some people. (Especially if you neglected to modify the comments in the original code as you made your changes- it could be better to remove comments than to include untrue statements).
However, when I work on C++ code, if type 5 or 6 is availible, then I strongly prefer to use them as I study how to make my changes. Yet many (most?) people wouldn't be comfortable exposing all the dirty, broken, wrongheaded mistakes they made over years of developement, which is what would happen if CVS revisions were included.
All of items 2,3,5, and 6 refer to commments of one sort or another- things that make no difference when the program executes, and don't even effect the compiler, but serve just to inform interested humans. A CVS repository, a separate document file, /*comments inside code*/, even useful_and_descriptive_variable_names are all Auxiliary Documentation that is not technically part of the code.
Where should we draw the line? Where does the law draw the line?
Defining Source legally is not so easy. (Score:3, Interesting)
Secondly even if your definition - must be human readable - is accepted, there are humans who can read machine language, in hex (I'm sure we've all got anecdotes about our favourite guru programmer doing just that). And to be honest most programmers, with a little effort, could train themselves to do the same.
Finally - you're assuming the obfuscated text is no longer source and that therefore there is a separate text which is the 'real source'. Let's think about how someone normally forks a GPL project, something like -
- take original GPL'd source code
- make modifications
- release new code, with source, and acknowledgement of original authors
But the GPL doesn't AFAIK require the release of the original source - only the source for your new version. Releasing the original code is the responsibility of the authors of the original project.
So in this case, obfuscation is part of the modifications, along with inclusion of some home-grown code (the original GPL code was only 30% of the whole right?). So legally how is there a difference?
However, these points in themselves lead to reasons why this approach would be unsuccessful. Namely,
- if hex machine code is human-readable then obfuscated C certainly is. Plus if it's been obfuscated mechanically - it can be de-obfuscated mechanically. Partially anyway.
- they have to acknowledge the original code's authors and therefore the original project. People can compare the obfuscated code with the original code and figure a lot of it out.
Using a combination of these I can forsee that it would be possible to generate a completely 'plain source' version and keep it in step with the obfuscated one, with relative ease.
To sum up - I think legally they can do this, but I doubt it will gain them much advantage.
But I am not a lawyer.
Re:You are not anal enough either. (IAAL) (Score:3, Interesting)
You may have somehow missed out on this, but lawyers are paid to disagree with other lawyers. No matter what your lawyer says, I guaran-goddamn-tee it that every other lawyer on earth will disagree with him if I pay them to do so.
The question you should be asking your lawyer is not "What do you think this contract means?" but instead "Do you think you could win this case?"
On second thought -- don't ask your lawyer if he thinks he could win the case. The other thing lawyers make money from is claiming to be able to win cases for you. Ask some other lawyer if he thinks your lawyer could win the case after making it clear that you can't afford his services.
The Devil is in the Details (Score:3, Interesting)
I can think of a zillion reasons why the proposition described above would not work, but there simply isn't enough information to answer the question in slam-dunk fashion. Suffice it to say, however, that I am seriously doubtful that such a trivial pretense as a byte-code or object-code copy produced by other means could avoid a claim for copyright infringement.
Even so, to the extent that an "on the edge" defense is being prepared, the defendant had better be right. With such willfullness, a prevailing plaintiff is likely to obtain substantial statutory damages, perhaps as much as $150,000, an award of attorney fees, and an injunction against release of the product. If they made profits from the product in excess of that amount attributable to the taking, a prevailing plaintiff could elect for the greater amount.
In short, a commercial entity that tries to do so may well be poorly advised. But once again, I don't know enough particulars to make a determination one way or the other.
The question they have to ask themselves, "do I feel lucky?"