In association with heise online

22 May 2009, 14:39

How the GPL is enforced

by Dr. Oliver Diedrich

Cisco is only the latest on the long list of companies that have been forced by the Software Freedom Law Center (SFLC) to comply with the GPL. The Center uses copyright law to protect the freedoms guaranteed by the GPL.

It's perhaps not surprising that makers of network-capable devices, from routers to set-top boxes, use Linux to drive them. There's all this useful open-source software lying around on the internet, ready for downloading, almost always accompanied by the source code – why reinvent the wheel and write, say, your own network operating system plus tools for a SOHO DSL router if, after all, Linux can do all that's needed and will run on virtually any hardware?

FSF GNU If only it weren't for that GPL! It's just too weird: while respectable software licensing agreements are protective and exclusive, they strictly prohibit making any changes to the software or passing it on to others, the Free Software Foundation's General Public License is inclusive, it explicitly permits all of that. You can adapt GPL software to suit your needs, use it any way you like, and pass it on to anyone. And you don't need to ask permission from the program authors or pay them licence fees.

While you're revelling in these unusual freedoms and free-of-charge software, it's very easy to overlook the obligations imposed by the GPL, namely the duty to grant your customers the same freedom you've just profited from, by using GPL software to develop and sell a product. In a world in which the software business is dominated by restrictive licences, secretiveness and above all money, the idealism and openness of the GPL seem a trifle naive. If you get something as a gift, you tend to use it right away without asking any questions.

However, developers who issue their software under the GPL are in no way naive. They usually know very precisely why they're doing it. The GPL is a valid software licence – in both the extensive rights it grants and the obligations it imposes. Some developers, like Harald Welte of, for example, are even ready to enforce the GPL themselves. Others have assigned this right to the FSF, which ultimately takes action via the Software Freedom Law Center (SFLC).

The numerous cases in recent times (among them Cisco, Super Micro Computer, Verizon, Xterasys and Monsoon Multimedia) have all followed the same pattern: a manufacturer uses GPL-licensed software in his device firmware, but neither advises device purchasers of their rights to the software, nor gives them access to the source code, as the GPL requires.

An offender is initially contacted directly, without publicity, and an attempt is made to settle the matter amicably. How often this has already succeeded is not known – neither gpl-violations, SFLC nor FSF brag about their successes. A complaint is made only if no amicable agreement can be reached. This obviously puts the necessary pressure on the discussions, for in the end there's usually an agreement and no court verdict. Only Skype pushed things to the limit – and failed dismally.

All of the agreements look very similar: the company admits the infringement, retrospectively informs its customers, has to appoint a responsible person to prevent any future infringements of the GPL, and pays compensation. That's the end of the matter.

In a climate in which law makers and courts are giving ever more importance to intellectual property, increasingly restrictive copyright law, originally designed to limit rights, is becoming a weapon for enforcing greater freedom in dealing with software.

Companies really shouldn't fall into the trap again and again, because in 2008 the SFLC published a guideline for companies on how to handle the GPL. The Practical Guide to GPL Compliance explains how to avoid infringing the GPL, how to ensure that a distribution of GPL software complies with the licence, and what to do if an author of GPL software claims that a violation of the GPL has been committed. It contains absolutely everything a company needs to know if it wants to use the enormous pool of GPL software – and use it in the way envisaged by the people whose time and work the software embodies.


Print Version | Permalink:
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit