German Court Finds Fantec Responsible For GPL Violation On Third-Party Code 228
ectoman writes "Are firms responsible for GPL violations on code they receive from third parties? A German court thinks so. The Regional Court of Hamburg recently ruled that Fantec, a European media player maker, failed to distribute 'complete corresponding source code' for firmware found in some of its products. Fantec claims its third-party firmware supplier provided the company with appropriate source code, which Fantext made available online. But a hackathon organized by the Free Software Foundation Europe discovered that this source code was incomplete, and programmer Harald Welte filed suit. He won. Mark Radcliffe, an IP expert and senior partner at DLA Piper who specializes in open source licensing issues, has analyzed the case—and argued that it underscores the need for companies to implement internal GPL compliance processes. 'Fantec is a reminder that companies should adopt a formal FOSS use policy which should be integrated into the software development process,' he writes. 'These standards should include an understanding of the FOSS management processes of such third-party suppliers. The development of a network of trusted third-party suppliers is critical part of any FOSS compliance strategy.'"
Premptive STFU to GPL haters (Score:5, Insightful)
So they got caught violating an oss license? (TBH they were just being lazy by relying on their supplier's word. You've got to know and own the product you sell.)
Imagine how much shit they'd be in if they'd been caught violating copyright on a piece of closed source software. Ask anyone who's dealt with the BSA to comment on how friendly and fair they are.
Re: (Score:3)
I was going to say pretty much the same thing. I would imagine that Fantec are now looking to sue whoever supplied those components to them.
Re: (Score:2)
Good luck suing small Chinese factories :)
Re:Premptive STFU to GPL haters (Score:5, Insightful)
Actually at the core of the issue here is not really the GPL. At the core is that they got the code from another company and relied on that company adhering to the license.
Basically the ruling says that when you got the code from a third party, you cannot rely on the third party acting correctly when determining whether your use of the code complies with the license. If the third party violated the license (in this case, by not providing the complete source code), it doesn't protect you from the responsibility of checking the correct licensing yourself when redistributing the code.
That it was about GPL code is only tangential to the issue (although it's almost certainly the reason why it ended up on Slashdot).
Basically the scheme is the following: A gives code to B under a given license. B then gives the code to C in a way that violates A's license. C relies on B having followed A's license and figures out that redistribution in a certain way would not violate A's license. However since B's analysis rests on the false assumption that B complied, it turns out that C's redistribution of the code also violates A's license. But with a closer inspection, C could have found out that B didn't comply. The court ruling now says that C is responsible for violating the license.
Here A is whoever owns the copyright for the code in question, B is Fantec's firmware supplier, C is Fantec, the license is the GPL, and the violation is not distributing the complete corresponding source code.
Re: (Score:2)
Re: (Score:2)
Also the issue that this ruling will have no weight in other countries. It may not even be used consistently in other German states.
Re: (Score:3)
Do you ever sold a car? a microwave? a cellphone? a watch?
All of them contain software, I damn well hope you obtained all the sourcecode for their software
and had it fully checked for all license compliance, as otherwise you are responsible in exactly
the same way. The people who SOLD the non-complant software ORIGINALLY should be
responsible, however thats not whats being done here.
THAT is why this is bad, for everyone.
In fact the GPL doesnt even require you to sell it, is lending your car to someone distrib
Re: (Score:2, Insightful)
While I agree with what you're saying and I think the decision is correct, the problem is that when companies read articles such as this, all they see is, "If we use open source, we could get sued and screwed for something a third party did."
It makes the use of GPL licensed software appear unpredictably dangerous. And there's no getting around that.
Re: (Score:2)
It also gives GPL fanatics an incentive to sneak GPLed code into stuff they supply other developers, then tipping off the original licensor.
Re: (Score:3)
Using code at all is unpredictably dangerous. In most cases, it is impossible for someone to prove that a particular piece of software does not incorporate any unlicensed third party code. Software patents make it all even murkier. Such is life with "intellectual property".
If you compile the software yourself from source, you have at least some chance at finding violations yourself. On the other hand, if you get handed a binary blob to redistribute, you better have a very trustworthy supplier.
Re: (Score:2)
To be honest, businesses should be putting open source under the same scrutiny they have for commercially licensed software as well.
Some actually have, imposing
Re: (Score:2, Informative)
How did this get modded insightful?
Yes, they should follow the license for all code they use.
No, this would not have been an issue if they had used code under BSD.
Yes, if I had a company that was producing code based on OSS, I'd be making sure I was using BSD licensed (or one of the other more liberal licenses).
It's a simple matter of risk, BSD licensed code is less risky for companies to use. That's not good or bad, it just is.
Re: (Score:2)
Yes, they should follow the license for all code they use.
No, this would not have been an issue if they had used code under BSD.
The problem is that Fantec received code from a third party. If the third party told them correctly what license applied, and Fantec acted accordingly, they would have been fine. If the license had been BSD but the third party lied and Fantec acted accordingly, they would have been fine most likely. If the license was GPL (as it was in this case) or proprietary, the supplier lied, and Fantec acted on the false information (which they did), obviously there was trouble.
But the problem isn't GPL; the problem is not being told which license applied and acting wrongly because of that false information.
Re: Premptive STFU to GPL haters (Score:2)
Yes with BSD you would have end up in exactly the same case: you still need to comply on third party code licensing terms. What, but trolling, makes you think otherwise?
Re: (Score:3, Interesting)
Re: (Score:2)
What I personally don't get when it comes to these cases is...why? Why would you bother taking the risk of using GPL code when you aren't a FOSS company and risk possible lawsuits like this? If you don't want to be a FOSS company there is BSD and there is plenty of proprietary solutions so there is really no damned point in taking the risk when your company isn't a FOSS based company.
They are not in electronics manufacturing business, they are in relabeling Chinese crap business. They dont care about licenses shmihences until you poke them with a very sharp stick. Chinese also dont care about licenses and WOULD provide all the source code (they already do to their own Chinese partners) if that was the requirement.
Re: (Score:2)
Nonsense. With the BSA it would have cost thousands in licensing fees as they dug into the entire company. The vast majority of GPL-related incidents are resolved out of court.
Re:Premptive STFU to GPL haters (Score:4, Interesting)
Why would you take the risk of using proprietary code? Most proprietary vendors have lawyers on retainer and tend to be less forgiving of violations.
If you read TFA you'll see that this is not their first time violating the GPL on the plaintiff's code. The first time, they were allowed to correct the error and sign an agreement that they wouldn't let it happen again. There was a monetary penalty attached to further violations. They did, in fact, violate the licence on the same software AGAIN. They were offered the opportunity to correct the error, pay the agreed upon penalty and call it good, but they refused. Then and only then did they get sued.
How often do you get one for free when violating a proprietary license?
The fact is, most of the time GPL authors will be satisfied if you simply correct the error that they point out. Particularly if it looks like it was simply an error.
Re: (Score:2)
It probably wouldn't have cost them as much as most likely it would have been settled out of court without the need for lawyers and court fees, the BSA just wants to get paid after all and will negotiate,whereas with the GPL there is NO negotiation nor compromise because like it or not that is the way RMS designed the license.
The vast majority of GPL violations get handled out of court. Anecdotal evidence seems to suggest that the payment in most cases is zero.
Most actual court cases around GPL software seem to be brought by Harald Welte, and he in particular settles almost all cases outside court.
Re: (Score:2)
There is zero risk if you comply with terms of the license. Is that so hard to understand?
Re: (Score:3)
What does it mean to be a FOSS company? The way you use it, it's pretty much meaningless. It's a smoke screen. You're trying to make an argument, but you seem yourself a bit puzzled as to what argument you're after.
GPL is a comparatively simple license, and compliance is fairly easy. If someone claims that it's hard, they IMHO admit to being dense. I still don't get it why would someone need to label themselves "a FOSS company" in order to, you know, comply with the terms of just one one of the multitude of
Re: (Score:2)
In some businesses being forced to open your code could be much more damaging that even the largest copyright settlements.
Re:Premptive STFU to GPL white knighters (Score:5, Insightful)
They published code, it got used, they're dealing with it.
What's the problem (apart from them not dealing with it in the way you'd prefer)?
Re: (Score:2)
Stop with the bullshit, AC. You think there was no asking involved? Get a grip.
Re:Premptive STFU to GPL white knighters (Score:4, Informative)
Re:Premptive STFU to GPL white knighters (Score:4, Interesting)
You publish your code. It might get used. Deal with it.
Ah, then by that logic, we can ignore all copyright laws. Eureka!
To be perfectly clear: I would rather a world where labor to create a work is done and paid for once, and the infinite monopoly granted to any who refuse to work without assurance of pay would be applied to content creation as it is in all other labor fields. Yes, I would rather a world where no copyrights existed at all; Where to get more money you would have to do more work instead of sell more copies which are infinitely reproducible and thus valueless: // regardless of cost to create.
Econ101: infinite supply == zero price;
Not monetizing copies but the work which yields their infinite supply instead is actually how the open source model of software production operates. As a car mechanic or home builder or burger joint would: I do an estimate, agree on a price for the new work (code | feature | installation | maintenance | etc.), then do the work once and get paid once for it, then seek more projects to do more work to get paid further. Instead of the insanity of selling ice to Eskimos -- or 1's and 0's to folks with computers -- I get paid proportional to my work.
Conversely, since copyright does exist, I am not free to utilize any other available configuration of 1's and 0's already created and thus in infinite supply. In response to the ridiculous state of copyright whereby I am disadvantaged by my sane work practice and since I do not foolishly work for free then gamble my livelihood in the closed source copyright futures market -- A market where the work can go underpaid or unpaid if the market value didn't match the demand leading to job insecurity, and whereby the publisher middle men can drain the consumers of orders of magnitude more wealth than the cost to create the work (see how that works? The workers are disadvantaged, yes?); In response for being held to these ridiculous laws in order to make a living in society I choose to assert that my end users have all the rights and capabilities granted to any others who would monetize my work. Unable to rid the world of all copyrights, I expect businesses to obey them as I must. I merely expect that the business community enriched with unbounded advantages provided by GPL'd code not disadvantage me by disallowing my future work upon projects such code makes possible.
Now, perhaps you are feckless enough to assume I can simply ignore copyrights if I want. Perhaps you assume a person can have security in their future while their small business breaks copyright laws at will, and allows others to close off future job opportunities by not releasing source code as the contract under which the work was performed would require. Perhaps you would say: "Just deal with bad actors making a less of a viable future for you." Perhaps you would say the blame lies with me for publishing my code in the first place, and ignore all the other compliant businesses which my work bolsters all of at once and I thus thrive upon. Perhaps you would think we allow ever more egregious infringement of the open source copyrights to proliferate while allowing the brutal punishing of end users for minor copyright infringements against proprietary licensors. Perhaps you would say, that I "might get used. Deal with it.", and then ignore that dealing with it is exactly what is being done in TFA...
Re:Premptive STFU to GPL white knighters (Score:4, Insightful)
So you would make speculative IP creation impossible. Before you created any IP, you would have to establish contact with all possible customers and agree, and contract, a price for the IP you would create. This was the way the system used to work in the 18th century: Dr Johnson had to line up a number of sponsors before he produced his dictionary. The same applied for music: Bach needed a sponsor for his cantatas etc. The invention of copyright then produced an explosion of publishing: because people could retain the IP of their putative great works, they could publish speculatively (possibly with funding from a publisher), and if indeed it turned out they were great works, they would be repaid for their efforts,
Your proposal would, I think, destroy the literature and magazine industries. Yes, magazines have subscribers. But why should I subscribe if I can get a copy as soon as the magazine is published? How can the editor of a magazine get enough readers to contract for something that they will receive free once the first user has received it? How can the writer who /thinks/ he has a great book make a profit from it when the first review copy can be Torrented for free? Why create any new work of literature? Music is slightly different: a live performance is different from a recording, and some groups distribute recordings for free in order to get fans at their concerts. But, in the days of the Kindle etc., an e-copy of a book is approximately as good as a hard copy.
Literature and music are not the same things as burgers and car repairs. The invention of copyright had a massive positive effect on human culture. Very little of the music you listen to and the books and magazines you read would exist without it. Of course, I am not saying that the existing system is perfect - very far from it. Its application to programs and code is very defective. But in throwing the whole thing out, you are losing the good as well as the bad.
Re:Premptive STFU to GPL white knighters (Score:4, Insightful)
I agree that the idea of copyright is a good one. I hope most here understand that people who create something like music or software deserve a chance to make a profit before everyone can just download it for free and give nothing back in return. Open source works because there are enough people willing to give back something whether it's a bug report or a few lines of code. Everyone is better off if the software isn't really the thing that is being sold. Now sometimes the software is the thing that is being sold and those who create it 'closed source' deserve to make some money IF people want to use it. In my opinion the problem with copyright isn't the idea, it's a solid and workable method to encourage people and business to create new things. The problem like most problems is that the populace wasn't paying attention and what was a good idea was twisted into a terrible monster just as patents have been. I'm not saying its our fucking fault but I am saying we collectively need to fucking put in some effort to fix it. I have no idea if that's really possible anymore since government has become just as much a monster as copyright and patents, more so even.
Anyway copyright should be limited, No more than 10 years I'd say. If you can't make your money back in that time frame than you fucked up. Patents I think should be something like 5 years or maybe 7. I don't know but I think a sold per-reviewed study could look at all the various industries and pick apart their profit reports and find the sweet spot for both copyright and patents. We have to wash away the greed and absurdness of both these good idea's gone bad. I can't image anyone who really thinks logically that someone should be able to live the rest of their life because they wrote one song 20 years ago. It just doesn't make any fucking sense. There is nothing magic about making music, movies or software. The only difference is once you have made them you have an unlimited supply of them which some people think means it should be worthless and free but if that was the case than no one would bother putting in the time. Sure you'd have some people doing it as a hobby but that isn't the same as doing it as a business and polishing whatever it might be over and over again because you don't have a day job taken up all your time.
I think the US got copyright right way back when but we all closed our eyes for a moment and greed twisted it into something we all hate and despise. The only other thing I have to add is those caught using something that is copyrighted for personal use shouldn't be bankrupted for it. They should have to pay for the product plus a fine of a grand or three. Now people making bootleg copies should face much hasher penalties and corporations that knowingly screw over others should get their asses handed to them since it's going to be rare to catch them in the act.
I'd like to see these problems fixed because I think it would lead to a new renaissance of creativity. Which was the whole point of these laws to begin with.
Re: (Score:3)
I earn a living writing copyrighted works (software), and I'm still against copyright. And it has nothing to do with not wanting to "pay a dollar for a song" - I'm more than happy to do so (as long as it doesn't feed the RIAA).
Re: (Score:2)
You publish your code. It might get used. Deal with it.
Ah, then by that logic, we can ignore all copyright laws. Eureka!
I have a question for you. Why is it that you can take literary works and sample from them without violating copyright but GPL'ed code is viral? If they are both based on copyright, why can't you take small samples of code and incorporate it into non-gpl'ed code? Isn't that hypocritical of you? Why is is that you create a derived work from a literary work and by just rewriting it, you have to pay no royalties and yet GPL advocates want the original author to be able to "steal" all of the derived works even
Re: (Score:2)
If the sample is quite small, you probably could, regardless of the licence, but there would be some legal risks. Just like any other sort of work. For example, pick a popular novel, copy the 1st chapter and write a different story from there. Let's see if you survive the court battle. OTOH, lift a single line and you may be OK. Actually, with just one line, you're much more likely to be OK with GPL software than with a popular novel.
The GPL violations that get people in trouble tend to be a lot more copyin
WTF makes you think anyone said no fair use? (Score:3)
> If they are both based on copyright, why can't you take small samples of code and incorporate it into non-gpl'ed code?
You can. Who said otherwise? Just as you can quote a few sentences from a book, you can copy a few lines from a GPL work.
You can't copy-paste several pages from a typical book, under normal circumstances, and you can't copy-paste several pages from a GPL work with
Re: (Score:3)
We all know that a world without copyright would not work.
Or more precisely: would be a poor world in terms of art and sciense and technology.
Perhaps you have a car, the software in the car costed perhaps about 100 million dollars to be crafted.
Do you really think anyone is able to pay so much money if he can not leverage it on sales of at least a million cars?
How much does a our days movie production cost? A few hundret millions at least. Without copyright no one would be able to make money from a movie, e
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
GPL isn't about sharing, it's about forcing others to share.
no it is about reciprocal sharing. i share with you as long as you agree to share not take.
Re: (Score:2)
Sure it would. Do you actually think there would be no complaints had the supplier copied someone else's proprietary firmware and just hexedited the identifying strings?
Err - what? (Score:5, Insightful)
'A german court thinks so'?
Under very few legal codes is it OK to distribute something that you do not have the appropriate copyright/licence.
Even if you don't investigate properly to find out if you do or don't, that doesn't get you off the hook.
It may alter the penalties, but the fundamental legality isn't really in question, pretty much anywhere.
Raising 'GPL' is a red-herring here - 'Oh - I diddn't realise that machine had an unlicenced copy of windows on it' - is exactly the same case.
Re: (Score:3)
I seem to recall a German court doing the same thing with MP3 licencing and Microsoft about 10 years ago. They licenced it from someone who did not have the rights, and MS got fined, not the supplier. At least they're consistent.
Re: (Score:2)
Distribution is fine. It's copying that is restricted by copyright.
For example, I can go and buy a game in a box from a shop. I then give you that game. I'm distributing the game, but I am not copying it. Copyright doesn't stop me because copyright is for copying, not distribution.
Why does that matter? Well consider this: what happens when I buy a machine with GPL software preinst
FOSS license compliance is difficult for many (Score:5, Insightful)
A previous employer of mine really really really wanted to offer FOSS support & products as part of their lineup. In the end, the lawyers won, as they couldn't craft a policy that would allow anyone other than a lawyer to make the decisions. This was mostly for GPLv2 and v3, but they got the dev managers completely wound up about all the license types. Mostly this resulted in the company punting on the FOSS idea.
It's not terribly surprising that some small outfit decided to outsource the responsibility, assuming they were in a similar "analysis paralysis" situation. Too bad they did not understand the intent of the licenses and just "do the right thing."
Re:FOSS license compliance is difficult for many (Score:5, Insightful)
Compliance is easy. Never even look at GPL code. If it's not under BSD, don't touch it.
Re: (Score:2)
Compliance is easy. Never even look at GPL code. If it's not under BSD, don't touch it.
I'll stick with my Linux instances, running GCC compiled code thanks very much. If you want to make your job harder and more expensive, feel free and I'll try to poach your customers.
Re: (Score:2)
Compliance is easy. Never even look at GPL code. If it's not under BSD, don't touch it.
That is completely idiotic in this context. The problem wasn't that the company used GPL code and didn't comply with the license. The problem is that they bought code from another company, they believed that they had all the copyrights, and the company that sold the code cheated on them.
That can happen with proprietary code as well, as Microsoft found out when a company sold them lots of video code that they had originally written for Apple, and to which Apple had the copyrights.
Re: (Score:2)
No. They bought code from another company, knowing it was GPL. The source the other company supplied was incomplete.
Had they bought code, knowing it was BSD this would never have been an issue.
Re: (Score:2)
Had they bought code, knowing it was BSD this would never have been an issue.
But how do you know what is in the code if you don't examine it? It could still contain GPL-ed code, or code copied from a competitor by an industrial spy.
Re: (Score:2)
And had Fantec dealt with the issue properly when it was first brought to their attention, this would not have gone to court.
Fantec had the opportunity to do the right thing but decided instead to risk the court ruling against them.
Re: (Score:2)
Or if they had appropriately specified a deliverable in source form that they then ran make on to produce the binary firmware.
So you're saying that if they had told the same 3rd party that delivered mis-matched source and binary for some reason to stick to BSD they would have magically become competent and not included any GPL or proprietary code anyway?
Re: (Score:2)
Re: (Score:2)
In the real world it works the opposite.
The BSD code is quite legally incorporated into a GPL project.
Later a GPL zealot finds the code in a commercial project and runs around like a chicken with it's head cut-off. Later still it's explained to them what happened and they disappear, never to apologize. Rinse, repeat.
Re: (Score:2)
If this happens so often you'd have an actual, concrete example of this happening, right?
Re: (Score:2)
There are good number in the /. archives.
Re: (Score:2)
Re:FOSS license compliance is difficult for many (Score:5, Insightful)
Re: (Score:2)
Re: (Score:3)
It is not a common practice to have lawyers involved in software tool decisions. Having worked as a software engineer and consultant for companies ranging from 3 employees to Fortune 500s. None of them ever had lawyers review software licenses.
At my most recent job at a Fortune 500, I reported 2 cases where we were completely ignoring licenses: one was a click-through that said I agree to allow the company logo to be used in their marketing. Naturally, I have no such authority and putting that in a click
Re: (Score:3)
Re: (Score:2)
I remember reading that that the GNU GPL is a license, not a contract, and that most proprietary software is accompanied by both. My vague understanding is that lawyers aren't familiar enough working with the GNU GPL's 'bare license' situation.
That's very unlikely. Legally, it is quite trivial: GPL allows you to do certain things. So you check: Is your use allowed either by copyright law, or by the GPL. If yes, then you're fine. If not, don't use it.
The GPL says roughly "you may do X if you do Y". Because it's no contract, it means if you do X without doing Y then you have copyright infringement. Without the GPL license, doing X would be copyright infringement, whether you do Y or not. If it was a contract, the copyright holder could force you
Re: (Score:2)
Ssshhhh!! The lawyers concluded that more lawyers would be required. Looks like it backfired on them.
Re: (Score:3)
The outsourcing is what got them into trouble in the first place. They got both a binary and sources from their supplier and assumed that those two matched, without verifying that by doing the build themselves.
Re: (Score:2)
If you think FOSS licensing is confusing, try a proprietary license where even just using the software internally can lead to liability and they're not going to let you go if you say you're sorry and won't do it again.
This is why they hate us (Score:2, Insightful)
Shit like this. No wonder everything's going BSD.
Did anyone try to work things out with the company?
All stuff like this does is make people afraid of open source.
And why does it seem that all these troublemakers are from Germany?
Yes, when asked to comply the company lied. German (Score:5, Informative)
Contrast that to when I pointed out to Plesk that they were violating the Apache license. They very quickly apologized and posted the code, putting an end to the issue. All they needed to do is post the code that they compiled in order to come into compliance.
The court opinion is six pages, Im guessing three of those are boilerplate. Are there any fluent speakers of German who can read through it and tell us the facts as expressed by the court?
Re: (Score:2)
The court opinion is six pages, Im guessing three of those are boilerplate. Are there any fluent speakers of German who can read through it and tell us the facts as expressed by the court?
The court didn't really go into much of anything, in short it concluded that the source was incomplete which means no rights were granted by the GPLv2 which means their distribution was a copyright violation. That they didn't know about it seems entirely irrelevant to the ruling. In fact it's so totally absent that going by this ruling you might think that if your copyright is violated, you can sue every mirror and every one of them would be guilty, no matter how much good faith belief they might have it's
Thank you, that's unfortunate (Score:2)
Re:This is why they hate us (Score:5, Insightful)
> Shit like this. No wonder everything's going BSD.
You wish.
While it sound like a silly juvenile retort, it really is the case.
Why would anyone with a pathological need to "win in the market" or "be associated with the cool brand" bother with BSD to begin with?
> Did anyone try to work things out with the company?
No. People just like to litigate for fun. They like to waste the money.
Don't be such an idiot. If anything gets in front of a judge it's because one or both sides refused to compromise. The FSF has a long history of quickly dispensing these things by allowing the offending party to come into compliance.
Re: (Score:3)
Ooooo, someone's a little butthurt, yeah? BSD offers more freedom and is a license that wasn't cooked up by a bearded, fat-ass Jew who likes to eat his own toejam.
Why do you actually care? If you don't want to comply with the GPL then don't use GPLed code - your choice.
As a developer I actually *don't care* if you use my code - my code is written to do a job I need it to do, and rather than keeping it all to myself I release it in case its useful to other people. I usually use GPL under the premise that any improvements someone makes to the code will be made available to other people - they're benefitting from my code, why shouldn't other people benefit from their
Re: (Score:2)
I see that Stormfront and its sociopathic, nerd-focused sister sites are starting to make themselves apparent on Slashdot.
Re: (Score:2)
Their initial reaction was to deny everything.
When confronted with undeniable proof, they simply blamed a contractor and said that they were not responsible.
At that point, what options are left?
Re: (Score:2)
Shit like this. No wonder everything's going BSD.
so insightful, all those millions and millions of BSD based smartphones.
Re: (Score:2)
Yep, I have one. So do the millions of other iPhone users.
Re: (Score:2)
Did you even try to read TFA?
If you had, you'd know that this is the second time they have violated the license on that code and that the first time they were allowed to simoply correct the error and sign an agreement not to do it again with a penalty to be paid if they did. You would also know that they DID do it again and were offered an out of court settlement where they (again) correct their error and pay the agreed upon penalty. You would finally know that they refused that offer and then (and only the
More of a "better chance you get caught" (Score:2)
A third-party firmware supplier could also supply you something that included copyrighted code under some other license (doesn't have to be a free software/open source one) without meeting the requirements of the license. And you would distribute that infringing on the copyright.
Of course if the source code isn't supplied it's harder for the copyright holder to find out.
A Case for mediation (Score:2)
It looks like there is an attempt to make an example of this company when perhaps mediation would have been a more suitable approach give they attempted to comply but failed procedurally rather than pursued a policy of wilfully evasion.
Re: (Score:2)
Probably. This isn't the first time this has happened. They aren't the first company to fail to audit code their suppliers provided. At some point you have to stop and say "OK, by this point everybody ought to know what they need to do. It's been in the news enough that nobody can claim it's not well-known. So from here on out, no more excuses. No more passing the buck. You know what you need to do, do it or accept the consequences.". If you don't, the failures won't be addressed.
Any third-party code? (Score:2)
Shouldn't any company including any third-party code in their products already have a process in place to make sure that code's all properly licensed and they're in compliance? This isn't about GPL or FOSS code. If one of your suppliers includes proprietary code in the firmware they supply to you that isn't properly licensed or you aren't following the license terms don't you have the same problem?
just write your own damn code (Score:2)
Or... (Score:2)
Or, they could just say "that's too much hassle, let's stop being involved in FOSS development".
I don't understand the confusion (Score:2)
One analogy that I'm particularly fond of in this matter is that if you receive a counterfeit bill and you somehow become aware that it is counterfeit, if you still try to spend it knowing that it is counterfeit, you are actually breaking the law. If you don't know that it's counterfeit, you aren't
Ignorance of the code (Score:2)
Being ignorant about what the code you're building a product from is no one's fault but the vendor's. I agree 100% with the ruling.
Too many people like to try to play the "I didn't know" card. You're responsible for knowing what you're distributing, especially when you're charging for a product.
I recently worked for a company that had to completely rework a piece of their product line because one developer decided he liked a GPL'd library better than a more-free-for-commercial-use library. It cost t
So using GPL licensed code (Score:2)
Is a risk for a company to do. Even after posting all the code they have online for free access, they get sued.
If it was all proprietary, no one would be in court now. Lawyers wouldn't be getting rich.
Re: (Score:3)
I see the liars are out in force today.
As much of a risk as any copyright violation is.
Are you illiterate? They got in trouble precisely because they failed to comply with the license by blindly posting something that didn't actually work i.e. it was missing code.
Or they would be in court for violating someone else's license.
Re:Is this what they really want? (Score:5, Insightful)
This isn't a GPL thing.
This is a general IP thing.
If you are not - as a buisness selling software (even if in embedded hardware) requiring your suppliers to state that all software used is compliant with relevant licences, with appropriate penalty clauses or indemnification if they are not - then your lawyers don't deserve to be employed.
Exactly the same happens if you ship unlicenced windows on your systems.
Re: (Score:2)
They provide you the means of complying with the licence though - it's just that it involves actual cash, rather than required actions.
Re: (Score:2)
Re:Bigger Issue (Score:5, Insightful)
This isn't going to make it easier to convince companies to adopt the GPL. It's not necessarily accurate, since Fantec clearly didn't exercise due diligence with their third-party software, but that's what a lot of upper management is going to hear.
I don't doubt the theoretical potential for this to be FUDed; but it isn't as though Fantec would have been any better off if their shoddy firmware contractor had been out of compliance with code under any other licence... Somehow, the fact that you can get your ass handed to you for violating software licenses seems to be Super Scary when it's OSS; but just part of doing business when it's proprietary; but it's the same principle at work either way.
Re: (Score:2)
If the firmware had been proprietary and in-house (either their house or the contractor's) they wouldn't have been in violation; but 3rd-party proprietary components would have played out in almost exactly the same way.
Re: (Score:2)
If the Fantec product had been proprietary, they wouldn't have been under violation, and they couldn't have verified if there was a licensing issue with any firmware provided by their supplier, which would have been noted in any good contract.
No more so than they could with GPLed software.
Their supplier provided them with a product which incorporated third party code. The supplier assured them that the third party licence was being adhered to. This turned out to be incorrect, and Fantec got hauled up for breaking the licence. In this case the third party code was GPLed, but lets suppose that it came from Microsoft under one of their licences - if the licence hadn't been adhered to they still could've been hauled up to court.
The licence is pre
Re:Bigger Issue (Score:5, Informative)
They didn't adopt the GPL they borrowed code that was GPL so they had to do less work rather than spend tends of thousands of dollars doing the work themselves. It's not the first time I've heard of a company thinking their added code totaling a fraction of a percent of the project is somehow worth more than the rest. It's also not the firs time I've seen willful ignorance on behalf of a device maker.
I few years back I was sourcing some kit for an ISP and discovered the ADSL modems were based on Linux + BusyBox. I asked the manufacturer if I could have the source so we could try some local modifications only to be told "the chipset maker doesn't supply that" and I would have to talk to them (in China) about it. I argued the point but they refused to accept that they had a legal obligation. Fortunately about a year later they entered into a settlement with the gpl-violations.org but by then I was no longer working for that ISP.
Re: (Score:2)
The whole point of GPL and other open source is indeed to save you money so that you don't reinvent the wheel. There is nothing wrong whatsoever with using open source to save yourself extra work. You never need to "adopt" GPL principles to use GPL code.
Re: (Score:3)
The whole point of GPL is that it's a bargain, you get the code and you share the improvements if you distribute the result. That bargain is not being met if they refuse to release the source code and that's my whole point. We have companies who think the device driver they add is somehow worth more than the rest of the project and so they shouldn't have to follow the rules.
Re: (Score:3)
No, that's not the point of the GPL. The point of the GPL is to uphold the four software Freedoms, has defined by rms in the Free Software concept.
The GPL may be useful for saving money, but that's just an helpful side effect, not the main purpose.
And you may not need to adopt its principles, but you certainly need to adopt its requirements.
Not just due diligence, lying and covering up (Score:5, Informative)
That second scenario is what Plesk did. I pointed out they weren't in compliance and as an Apache copyright holder I insisted that they comply.
They immediately posted the Apache code they were using, ending the matter. The only effect on them is that now a couple of Slashdot readers know that they did the right thing.
I think that's the big takeaway - when you mess up, don't lie and initiate a cover-up, just fix it and move on.
Re: (Score:2)
To make matters worse, this is the second time they violated the GPL on the same code. The first time they were allowed to fix it and sign an agreement not to do it again with an agreed upon penalty for non-compliance.
Re: Not just due diligence, lying and covering up (Score:2)
Then other companies with more clever management will take advantage of it and will outperform them. Isn't that free market in action?
Re: (Score:3)
I missed that part, and yes, trying to cover it up only hurts. I still expect a fair number of management employees to walk away with the soundbite that GPL equals lawsuits.
Hopefully the management employees will also notice that the average number of GPL violation cases going to court is below 1 per year, and that most of the settlements are really, really cheap.
Hopefully they will not notice that there are very few developers of GPL'd software who are willing to defend it in court, and therefore the GPL can be ignored on most code if you are sufficiently brave.
Re: (Score:3)
This isn't going to make it easier to convince companies to adopt the GPL.
That's their problem, to be honest. And it's good for me if they wish to make themselves less competetive by giving into FUD.
The thing is the same issue applies equally to GPL code and proprietary code. If a third party had used someone else's proprietary code, they'd be in an even bigger heap of shit, but no one would be saying that it is going to hinder the uptake of proprietary code.
Basically the rule is you need to do due dilligi
Re: (Score:2)
What if your supplier is a GPL fanatic who planted the violation on purpose for the express reason of forcing you to cough up your own code?
Re: (Score:2)
What if your supplier is a crook who uses unlicensed code for the express reason of making more money by not paying?
What if, what if?
You did have a contract, right?
Re: (Score:2)
That's their problem, to be honest. And it's good for me if they wish to make themselves less competetive by giving into FUD.
You've taken the words out of my mouth. I was just going to say that re-use of de-facto industry standard GPL code in most cases brings huge financial savings. If my competitor doesn't want to leverage that, it's their loss. Same goes for re-use of open communications protocols. Bitch all you want about "dinosaurs" like, say, X.25, but that thing is by now patent free and comes with an extensive machine readable conformance test suite, and is a free download. There is way more if you care to dig in the ITU-