GPL Violations On Windows Go Unnoticed?

Scott_F writes "I recently reviewed several commercial, closed-source slideshow authoring packages for Windows and came across an alarming trend. Several of the packages I installed included GPL and LGPL software without any mention of the GPL, much less source code. For example, DVD Photo Slideshow (www.dvd-photo-slideshow.com) included mkisofs, cdrdao, dvdauthor, spumux, id3lib, lame, mpeg2enc, and mplex (all of which are GPL or LGPL). The company tried to hide this by wrapping them all in DLLs. There are other violations in other packages as well. Based on my testing of other software, it seems that use of GPL software in commercial Windows applications is on the rise. My question is how much are GPL violations in the Windows world being pursued? Does the FSF or EFF follow up on these if the platform is not GPL? How aware is the community of this trend?" This new method of detecting GPL violations could help here.

Well..

[WhatAmIDoingHere (742870)]

Did you try to contact the company? If not, that would be the first step.

Re:Well..

[HappySmileMan (1088123)]

I sent an email yesterday telling them that they were in violation of the GPL and that the story reached slashdot, didn't say much else and don't know much, but decided to inform them before they get a bunch of "OMG j00 r copyright n00b" emails.

Re:Well..

[Atzanteol (99067)]

Or at least asking them for the source. It's a common misconception that a GPLd app must be accompanied by source code. The company only has to make it available upon request.

Re:Well..

[by Anonymous Coward]

Yes, GPL software does not need to be accompanied by the source, but it does need to be accompanied by an offer to give you the source. The original article suggests that there was no such offer.

Re:Well..

[Arslan ibn Da'ud (636514)]

That is all very true...selling GPL'd code is perfectly legal. If they refuse to provide sourcecode to their sw upon request, that is illegal, but that hasn't happened, yet.

The violation comes in stripping the GPL off the code....definitely illegal.

Legal vs Legitimate

[NeutronCowboy (896098)]

I have no idea where you got the idea that people claim that copyright infringement is not illegal. From what I can tell (ignoring the crackpots for a second), the distinction between theft/piracy and copyright infringement is made to remove the "hang 'em high!" component of the piracy/theft argument. No one for a second is arguing that it is not illegal.

However, another point you may have missed is the distinction between illegal and illegitimate - or, conversely, the distinction between legal and legitimate. This is for me a critical aspect of the debate whether it is worse to copy mp3s from someone else or to ignore GPL requirements when redistributing software.

Personally, I think that copying mp3s is often a victimless crime (if I didn't have buy the mp3 at full price because I thought it was overpriced, but then download it later from a friend because he has it results in a zero loss for all involved parties), though can screw over people in particular circumstances. As a result, downloading mp3s is for me a crime on the scale of jaywalking. It might therefore be legal to sue someone for $100000 per infringement, but it doesn't seem legitimate to me. On the other hand, ignoring the GPL when distributing software is taking someone's effort to improve the world, reapproprating it and selling it as your own. Monetary gain or not, it's a shit thing to do.

Again, I challenge you to find me posts that say downloading mp3s is not illegal. I'll show you a post arguing about pre-set levies on blank media or a crackpot. Not only that, but on the more subtle point of whether it is the same thing to download MP3s or to break the GPL license, I completely disagree with you. Breaking the GPL license is to me like stealing candy from a baby - you're a complete jack-ass if you do it. Downloading mp3s.... meh, just make sure to not get caught.

Re:Well..

[petard (117521)]

Or at least asking them for the source. It's a common misconception that a GPLd app must be accompanied by source code. The company only has to make it available upon request.

It needs to be accompanied by a written offer for the source if it isn't accompanied by source.

new method of detecting GPL violations

[chalkyj (927554)]

Should be linking to http://developers.slashdot.org/article.pl?sid=07/0 8/25/1648253 [slashdot.org] I guess.

Misleading summary

[CogDissident (951207)]

So, its a software violation on windows, but really its just one program thats not terribly popular that happens to have broken the GPL. I really don't think this is a "windows specific" issue at all. They can, and likely do, violate the GPL on linux or mac all the time. Infact, said company sells software for the iPod.

Re:Misleading summary

[Mark J Tilford (186)]

Part of the GPL says that they must "give any other recipients of the Program a copy of this License along with the Program." (section 1 at http://www.gnu.org/licenses/old-licenses/gpl-2.0.h tml [gnu.org] ). If the program did "included GPL and LGPL software without any mention of the GPL", it's a violation as far as any GPL software is concerned. I looked over the LGPL briefly, but didn't see any problems. ( http://www.gnu.org/licenses/lgpl.html [gnu.org] if anybody else wants to look.)

Re:Misleading summary

[mr_mischief (456295)]

Several others have pointed these things out:

1. They must include a copy of the license.
2. They must provide a written offer with the package to provide the source on request.
3. They cannot strip attributions in what they provide

I don't know that they've done the last one, but it makes sense along with the other violations

Probably common

[Jugalator (259273)]

I hate being a pessimist, but packaging OSS in binaries without mentioning it is probably being incredibly common.

Be sure to report it.

[kebes (861706)]

At a minimum, document everything and send a report to the GPL-violations homepage [gpl-violations.org] (in particular, refer to contact info [gpl-violations.org]). That website tracks GPL violations and is in contact with the FSF. They will probably pass the information along to those whose copyright is being infringed, so that they can take direct action.

The normal course of action is that the authors of the GPL code will send friendly "please comply with the license" messages. Usually the infringing party will comply with the GPL before threat of lawsuits are mentioned.

It's definitely unfortunate that consistent policing of proprietary vendors is necessary (they, of all people, should know better!)... but ultimately I think most projects can be made to comply with the GPL without too much trouble, once they are uncovered.

So, in short, document your findings and notify the appropriate people!

Re:Be sure to report it.

[Vulva R. Thompson, P (1060828)]

This snippet from the FAQ is probably worth posting for others that run into this issue (before posting on Digg or Slashdot). Note the last paragraph, emphasis mine:

"How can I help gpl-violations.org ?

Firstly by not reacting to a technical GPL violation in an extreme fashion. Secondly by checking the violation is indeed a violation.

Join the mailing lists, discuss issues there first. Be polite but firm when dealing with companies and remember that the goal is to ensure a company stops violating the GPL and does not violate it again, rather than to leave a smoking crater at the location of their HQ... at least not on the first offence.

Keep records of conversations with companies. Co-ordinate with others. A company faced with eight different stories will find it hard to deal with. A company faced with a single accurate information source can respond better.

Beware the "public shaming" bomb. It's easy to let off, but very hard to defuse if you made a mistake or the issue turned out to be minor and is rapidly resolved. In addition companies may become very defensive in such cases and decide to "tough it out". We want to build bridges and giving a company no way to avoid losing face hinders that, especially in certain cultures."

FSF pursues all violations

[Brett Smith (1081153)]

The FSF investigates and pursues GPL violations on its software on all platforms. I've handled violations on Windows, MacOS X, GNU/Linux, and embedded devices. We provide complete instructions for reporting violations [fsf.org] on our web site; if you're finding any kind of violation on FSF-copyrighted software, please don't hesitate to contact us.

-- Brett Smith, FSF Licensing Compliance Engineer

On its software

[fotbr (855184)]

They won't pursue shit unless they own the copyright being violated, which is as it should be.

Your code, your responsibility to look after it, not some third party organization's responsibility. (yes, I know submitter isn't complaining about HIS code being used)

fsf is a fair weather friend

[Speare (84249)]

The FSF will only work to enforce the GPL if the GPL code in question is signed over to the FSF. While I can understand that legal logic, I have a hard time with the concept of creating something, keeping a copyright in force, and then signing the copyright away for no benefit to myself. The only benefit would be that the FSF would then fight when someone uses it in an "unauthorized" manner. If I'm not going to hold my own copyright, why not just specifically disavow copyright and let it enrich everybody via the public domain?

This is the root of my problem with GNU in general: why show everybody how you achieved and developed a certain technological capability, without letting people actually use that method? If you only want certain people to be able to use that method, then only show those certain people how it's done. I think it's just a bit petty to show the code but not authorize its use. The "unauthorized" user can't steal it because you will always have it. The "unauthorized" user can extend it and keep those extensions hidden, but I fail to see how that really hurts me: I can extend my copy too. If I give an ice cream cone to my brother, I can't dictate to him how he eats it.

Re:fsf is a fair weather friend

[kebes (861706)]

I have a hard time with the concept of creating something, keeping a copyright in force, and then signing the copyright away for no benefit to myself

No benefit to yourself? If you're putting code under the GPL, it's usually because you believe in the principles of the GPL (keeping code open source, encouraging freedom, etc.). In such a case, the benefit of signing copyright over to the FSF is that they will take care of enforcement on your behalf.

If I'm not going to hold my own copyright, why not just specifically disavow copyright and let it enrich everybody via the public domain?

If you want your code to be public domain, then you would release it to the public domain in the first place (or use a BSD license). Using the GPL is not a substitute for public domain: it is a license which guarantees certain things, namely it guarantees that the code will remain open and shareable ("free"). If you don't care about code remaining open and shareable, then don't license it under GPL. If you do care about it being open and shareable, then license it under GPL. If you further don't want to deal with the hassles of protecting said license, sign over the copyright to the FSF, who have much experience in such matters.

This is the root of my problem with GNU in general: why show everybody how you achieved and developed a certain technological capability, without letting people actually use that method? ... I think it's just a bit petty to show the code but not authorize its use.

You are basically saying that you prefer BSD to GPL. That's fine. (So, go ahead and license your code that way.) However, understand that the purpose of the GPL is to encourage all code to be "free," where free means: open source, shareable, and guaranteed to remain so.

You appear not to care about the "guaranteed to remain so" part. That's fine. But understand that many among us find closing the source of code that was freely distributed to be rather unfriendly... and we're using copyright law as a tool to help guarantee that the code remains free. This guarantee helps encourage more people to create and to release (because many people would not release their code if they knew that others would commercialize/extend it without giving back). That is, copyright law is achieving, in this case, its stated goal: to encourage the production and dissemination of content.

That, in my mind, is the brilliance of the GPL: it co-opts copyright law, uses it in an unconventional way, and thereby achieves the fundamental purpose of copyright law: to give an incentive for creation and free distribution of creative works.

Windows devs don't know much about GPL

[Shados (741919)]

I used to work for a very large (not software) company (somewhere in fortune 20) that was using GPL stuff left and right without complying to the terms and redistributing.

I personaly don't care much for the GPL, but I do care for complying with licenses and copyright, so I mentionned it to them. Their answer was "GPwhat? No, its free code people give away on the net!". My reply was a long explaination of the difference between "free to do whatever" and the GPL, and even repeating several time, I'd literaly get the same answer: "But...its free! What conditions could there be?".

Eventually I got through by explaining to a project manager, who essentially said that the day someone asks for the source, we'll give it, and that will be that. I still don't think they realised what it meant considering the amount of trade secrets that were in the code, but...

Rentacoder & others

[drspliff (652992)]

I've noticed that on a lot of the rentacoder style sites where people are asking for clones of this or that or just a general program (e.g. I want a DVD writing application), in order for developers to remain profitable they cannot write everything from scratch - like Nero and others have have done (just an example).

On a few occasions when I used to freelance, I've warned people that in order to deliver something on time they'd need to buy-in external components, and to deliver something on budget they'd need to use existing GPL/LGPL or BSD licensed components along with some suggestions and a full rundown of the licensing requirements.

In response to atleast one of these I was just told to strip the copyright from a GPL component and hide it in the application.

The problem isn't really in the violations themselfs, but in the commercial commodity software ecosystem (mostly Windows) where people build up software portfolios as fast as possible for the lowest cost just to try and get market share (and profit). In this desparate effort to get products to market most are just a re-branded combination of existing software, which usually end up violating source code licenses.

Basically when consumers start caring about ethical software the industry will start changing. Until then we still have a problem :)

Addressing a few comments...

[Scott_F (19754)]

Just to address a few comments so far:

- Selling GPL and LGPL software is fine ("nominal fee" clause). The issue is that some of the packages that they are using are GPL'd and the company is LINKING against them. When you link to a GPL package when compiling your software, even if it is a DLL (same address space, symbols resolved in memory), the work becomes one as a whole and the whole package must be GPL. If the package is not GPL'd, it is a violation, even if you provide a license file (which they don't). When you link to a LGPL package, you do NOT need to LGPL your software BUT you need to provide a copy of the LGPL, a way for them to download the source to the LGPL package, and the object files used to link the software as a whole (this last one is heavily overlooked).

- It doesn't matter how popular a software package is. They are still violating the terms of the GPL and LGPL at $60 per sale. "But the code is free!" ... no. Someone else wrote it and copyrighted it. If you want to sell software, you had better properly license or write everything yourself or you're cheating people out of their time.

- I did not contact the company because I am not a copyright holder in any of the packages whose licenses are being ignored. I contacted all of the projects to let them know of the violations. I have also contacted the FSF for ANOTHER software package (Wondershare DVD Slideshow Builder) who is using vcdimager in addition to most of the above named packages (ffmpeg, dvdauthor, mplex, spumux, mencoder). There are still a few others who I've found just in this category of software who are using GPL/LGPL software.

- The spirit of the GPL isn't just to let code proliferate (not that I am a spokesman for the GPL.. I don't know how it wants to be remembered... :-P). It is to let code freely proliferate (free as in speech, not beer). Any time a copyright issue comes up, it will always be a legal one because that is the nature of the beast. Copyrights exist due to laws. You can also argue that the company is bottling up the spirit of the GPL and selling it. (OK, that last one was rediculous).

This company and a couple others I'd seen make no mention of the GPL, LGPL, or any other licensing terms and provide no means to download the source code for the LGPL packages.

The reason this came up is because almost every package I installed seemed to contain these exact packages. The companies are profiting from GPL / LGPL software without respecting the licenses.

-Scott

Re:Bill's response

[Opportunist (166417)]

It shouldn't need interpretation if it's in a DLL, that should've been compiled.

Though... it would explain the speed of the average Windows executable...

Re:Bill's response

[Bottlemaster (449635)]

The company tried to hide this by wrapping them all in DLLs.

There would have been no violation to hide if they had left those utilities in their original form. But because they turned them into libraries and linked to them, the company must abide the GPL with respect to its own code.

It sounds to me like the company isn't trying to hide anything. They're just clueless.

Re:What's the issue here?

[tinkerghost (944862)]

Are you seriously saying that if I bundle mkfsiso with my app and shell out to call it, I have to release my source code too?

No, we are saying that you have to include a copy of the GPL & an address/url where they can get the source of mkfsiso. Your code is your code, but msfsiso isn't yours so you have to follow the rules it's authors established on how it can be used.

Now assuming that the violation is only with the lack of a copy of the GPL & the URL, it's a 2 minute fix to add those to the liscense.txt file that nobody reads for the next run of CDs. I don't think that anyone would argue that that type of fix is an excessive request by the copyright holders in exchange for the volumes of work put into creating mkfsiso.

This reminds me of the big argument the founder of Slackware got into, when he announced he was going to sell distributions. Yes, sell! Oh my god, the horrors of actually charging for somehthing!

Funny doesn't seem like that at all to me. Charge for the work he put into building the distro vs require that he follow the licenses on the works he included in the distro. Two very distinct issues at hand. Seeing as I am almost certain I have seen that software & I believe it comes with a copyright notice on it declairing copyright belongs to the company selling it, I do feel this is a touch different than selling a distro with notices that the copyright belongs to the individual owners.

Re:welcome!

[Maximum Prophet (716608)]

Is it a new rule on /. that EVERY article has to include a comment featuring the tired, stale "overlords" joke?

Yes. What slashdot should do is have a link to the auto-joke creation page, where it takes the subject and automatically creates the Overlord, Beowolf, and in Soviet Russia jokes. Once those are taken care of by an AI, people won't feel the need to repeat them.

I for one welcome our Auto-Joke Creation Overlords, but imagine a Beowolf cluster of them. In Soviet Russia, the auto-joke creates you!!!