1 |
Mivz <mivz@×××××××××××××.net> posted 44A2A093.8060205@×××××××××××××.net, |
2 |
excerpted below, on Wed, 28 Jun 2006 17:30:27 +0200: |
3 |
|
4 |
> Wiktor Wandachowicz wrote: |
5 |
>> I mean, if someone is able to create its own web page and put a binary |
6 |
>> download(s) of its work, then how hard is it to comply with the GPL |
7 |
>> license and just put some more links to the source code? |
8 |
>> It's like the (old?/new?) Decalogue: "You shall not steal". |
9 |
>> |
10 |
> |
11 |
> But if your modification is on top of the Gentoo system and your build |
12 |
> your own Live cd, like Kororaa, do you have to provide all the sources |
13 |
> of all the program's on the live cd? |
14 |
|
15 |
IANAL but from what I've read (and my read of the GPL v2 anyway), the |
16 |
simplest way to think of it is that if you distribute binaries, you must |
17 |
be able to provide source for them. If you aren't providing the binaries, |
18 |
you don't have to worry about source. |
19 |
|
20 |
That means with a LiveCD, presumably including at least a significant |
21 |
handful of binaries, you'll have to provide source for at least those |
22 |
binaries, not just what you may have modified. (This is in agreement with |
23 |
the FSF and what Ciaran says below, tho it conflicts with Chris G's |
24 |
statement on the subject.) The reason you have to provide source for |
25 |
other than your own work is so that the end-user is guaranteed his four |
26 |
freedoms rights to use, examine, modify, and distribute the programs you |
27 |
provided, even if /your/ upstream goes away. IOW, you wouldn't be |
28 |
released from the responsibility of providing sources just because Gentoo |
29 |
disappeared, so to ensure that you can do so, you must make your own |
30 |
arrangements to provide the sources for any GPLed binaries you distributed. |
31 |
|
32 |
The section of the GPL (v2) that deals with this section 3 (section 6 of |
33 |
the GPL v3 draft, which is similar but specifies in a bit more detail the |
34 |
responsibilities of downstream redistributors). There are three clauses, |
35 |
any of which will fulfill your obligations as a distributor under the GPL: |
36 |
|
37 |
<quote> |
38 |
|
39 |
a) Accompany it with the complete corresponding machine-readable |
40 |
source code, which must be distributed under the terms of Sections |
41 |
1 and 2 above on a medium customarily used for software interchange; or, |
42 |
|
43 |
b) Accompany it with a written offer, valid for at least three |
44 |
years, to give any third party, for a charge no more than your |
45 |
cost of physically performing source distribution, a complete |
46 |
machine-readable copy of the corresponding source code, to be |
47 |
distributed under the terms of Sections 1 and 2 above on a medium |
48 |
customarily used for software interchange; or, |
49 |
|
50 |
c) Accompany it with the information you received as to the offer |
51 |
to distribute corresponding source code. (This alternative is |
52 |
allowed only for noncommercial distribution and only if you |
53 |
received the program in object code or executable form with such |
54 |
an offer, in accord with Subsection b above.) |
55 |
|
56 |
</quote> |
57 |
|
58 |
A couple things to note about those clauses: |
59 |
|
60 |
1) Clause B's 3-year minimum doesn't apply to clause A. Many downstream |
61 |
distributors prefer it for this reason -- their obligation to provide |
62 |
source for any particular version disappears when they quit distributing |
63 |
the binaries created from it, no having to keep it around for three more |
64 |
years. |
65 |
|
66 |
2) Clause C depends on your upstream using clause B. Since most major |
67 |
distributions now use clause A, and are thus not subject to the three-year |
68 |
minimum, it's quite possible their sources will no longer be available |
69 |
for the period you are redistributing. (This is certainly true for |
70 |
Gentoo, AFAIK, where the source mirrors aren't likely to be carrying the |
71 |
sources much past the point when the ebuild is no longer in the Gentoo |
72 |
tree. Also note that to provide proper sources for a Gentoo based binary, |
73 |
you'd have to provide any Gentoo patches as well, so simply relying on the |
74 |
sources mirrors won't suffice!) |
75 |
|
76 |
That said, it's not really the big deal that it's being made out to be, |
77 |
for a couple reasons: |
78 |
|
79 |
1) The BIG reason -- The GPL is based and draws its authority from |
80 |
copyright law. End users have no way to enforce their demands for source, |
81 |
no matter /what/ the GPL says -- ONLY the holders of the copyrights on the |
82 |
original programs do. If all you do is make a couple copies for your |
83 |
friends and relatives (Grandma), and they don't care about sources, no |
84 |
problem! Even if you distribute publicly, unless a copyright holder |
85 |
demands that you honor the GPL, there isn't much anyone else can do. |
86 |
It's the copyright holder's program, not the end user's program. |
87 |
|
88 |
Do note however that in many cases, the kernel being a huge example, there |
89 |
may be many copyright holders, any of which can demand action. |
90 |
|
91 |
The reason the current story is making news is that apparently, the Mepis |
92 |
author has a history of not being very forthcoming with sources where the |
93 |
GPL requires they be available, and more importantly, the FSF, owner of |
94 |
the copyrights of much of the core GNU/Linux software (anything with GNU |
95 |
in the name, AFAIK, so the GNU Coreutils and GCC aka GNU Compiler |
96 |
Collection, among others, plus glibc, the g for GNU, without which |
97 |
virtually anything Linux would work, altho it's LGPL not GPL), is the one |
98 |
making the request, and they very much DO have the legal authority to |
99 |
demand the guy comply with the GPL on the stuff of theirs he distributes. |
100 |
|
101 |
2) Keeping straight with the GPL isn't actually that bad anyway. That's |
102 |
ESPECIALLY the case with Gentoo based binaries, since they are normally |
103 |
built from sources all the way out at the user machine, so you, being that |
104 |
user, already HAVE those sources -- all you have to do is manage them. |
105 |
Where a user of a binary-based distribution would have to specifically go |
106 |
to the trouble of collecting the sources for stuff they don't modify, as a |
107 |
separate task from collecting the binaries, Gentoo users will normally |
108 |
already have those sources close at hand. |
109 |
|
110 |
Even discounting clause C above (which again isn't of much use unless |
111 |
your upstream uses clause B, Gentoo doesn't, nor do most major |
112 |
distributions), it's still relatively easy to supply sources in compliance |
113 |
with the GPL. The biggest choice you have to make is whether you want to |
114 |
supply only those who ask, therefore far fewer, but have to do it for |
115 |
three full years (clause B) or whether that three years is a worse problem |
116 |
than just making sure you have both available at the same time and in a |
117 |
similar way (clause A). |
118 |
|
119 |
For clause A, if you are already supplying the binaries (a LiveCD say), |
120 |
just supply a way to get the sources at the same time if desired. Online, |
121 |
this means putting a link to the sources right next to the link to the |
122 |
LiveCD ISO or other binaries. At a conference, it can be having your |
123 |
laptop with the sources with you, and a sign instructing those who want |
124 |
sources to ask, you'll be happy to burn a CD for them right there, for a |
125 |
couple bucks or whatever. (The physical cost. For a couple bucks I doubt |
126 |
many will quibble, but while I've seen several say labor can be included, |
127 |
I'm not sure on that, so best to check before you try it.) The important |
128 |
thing to note here is that because you are offering the two at the same |
129 |
time, clause A, the 3-year minimum of clause B doesn't apply so you don't |
130 |
have to worry about sources as soon as you quit offering the binaries. |
131 |
|
132 |
For clause B, many people simply tarball their sources at the same time |
133 |
they create their binaries, then file them away in case they get a |
134 |
request. The LiveCD should then include a README or the like with your |
135 |
email and/or snail-mail address, and instructions to contact you for the |
136 |
sources, which you will be happy to provide upon request and submission of |
137 |
the fee if you decide to charge one. If you charge even a small fee (say |
138 |
$5), covering your physical costs including postage and media (again, I'm |
139 |
not sure if reasonable labor is allowed, I think it is but don't know), |
140 |
that will discourage most, while fulfilling the GPL for those that do have |
141 |
a want/need for the sources. Note that use of a VCS, which many |
142 |
distributing anything modified will be using already, should make managing |
143 |
a request for sources for a 2-year-11-month-29-day old release almost as |
144 |
easy as managing a request for current sources. As you are allowed to |
145 |
charge a fee based on what it costs you, and with a fee discouraging those |
146 |
who don't have a good need for it, it shouldn't be a big problem, provided |
147 |
only that you've properly managed the sources at the time of the release |
148 |
in the first place, which is only good practice anyway, the better to |
149 |
trace and solve bugs and the like. With clause B, complying with the GPL |
150 |
requires that you honor source requests for three years, but with an |
151 |
appropriate fee and proper release time source management, it won't be |
152 |
overwhelming. |
153 |
|
154 |
Now, tying up a couple loose ends... |
155 |
|
156 |
One solution that has been suggested for small distributors is that they |
157 |
team up for providing sources. There's nothing saying you can't |
158 |
subcontract out your responsibility to provide sources, and it's a |
159 |
reasonable solution. In fact, that seems it could be a bit of a business |
160 |
opportunity, providing that service. Distributors could be charged a |
161 |
small annual fee for service maintenance, plus bandwidth charges, similar |
162 |
to how web or other server hosting solutions work. |
163 |
|
164 |
As mentioned, the GPL v3 draft is similar but somewhat different in the |
165 |
details. AFAIK, it now allows a fee up to 10 times the physical cost of |
166 |
provision of the source, rather than the strictly at-cost requirement of |
167 |
v2. If labor is included, that could easily reach $1000, which would |
168 |
certainly discourage the trivial requests. OTOH, the draft GPLv3 is |
169 |
somewhat stricter on the responsibilities of downstream redistributors, |
170 |
requiring them to provide sources independent of upstream where they may |
171 |
have gotten away with a simple pointer to the upstream sources previously. |
172 |
Apparently, there have been a couple cases where sources ceased to be |
173 |
available at all after upstream ceased to provide them and downstream had |
174 |
no copies, thus both the stricter wording in GPLv3 and the more active |
175 |
enforcement by the FSF of the existing GPLv2 where it has copyright |
176 |
standing to do so, as in the current case in the headlines, Mepis. |
177 |
However, the 10-times-cost allowance in GPLv3 should more than offset the |
178 |
additional responsibilities, allowing one to make it worth their while to |
179 |
provide those sources. |
180 |
|
181 |
Finally, don't forget that the GPL isn't the only license out there. |
182 |
As the differences between the GPLv2 and (draft) GPLv3 illustrate, |
183 |
complying with one license doesn't mean you've complied with all of them, |
184 |
in terms of fulfilling your legal obligations as one who has chosen to |
185 |
distribute the copyrighted works of another, FLOSS (Free/Libra and Open |
186 |
Source Software) or not. It's really a big responsibility to be |
187 |
distributing the works of another; significantly more so if you are |
188 |
distributing the works of many, under a number of different licenses, as |
189 |
is the case with any distribution or LiveCD Linux, even a small one. |
190 |
|
191 |
-- |
192 |
Duncan - List replies preferred. No HTML msgs. |
193 |
"Every nonfree program has a lord, a master -- |
194 |
and if you use the program, he is your master." Richard Stallman |
195 |
|
196 |
-- |
197 |
gentoo-dev@g.o mailing list |