Forgot your password?
typodupeerror
GNU is Not Unix Open Source

Ask Slashdot: How Best To Deal With a GPLv2 License Infringement? 240

Posted by Soulskill
from the napalm-solves-many-problems dept.
cultiv8 writes "I am a developer and released some code at one point under GPLv2. It's nothing huge — a small Drupal module that integrates a Drupal e-commerce system (i.e. Ubercart) with multiple Authorize.net accounts — but very useful for non-profits. Earlier today I discovered that a Drupal user was selling the module from their website for $49 and claiming it was their custom-made module. I'm no lawyer, but my perspective is this violates both the spirit and law of GPLv2, most specifically clause 2-b: 'You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.' Am I correct in my understanding of GPLv2? Do I have any recourse, and should I do anything about this? I don't care about money, I just don't want someone selling stuff that I released for free. How do most developers/organizations deal with licensing infringements of this type?"
This discussion has been archived. No new comments can be posted.

Ask Slashdot: How Best To Deal With a GPLv2 License Infringement?

Comments Filter:
  • ddos (Score:5, Funny)

    by Anonymous Coward on Sunday December 25, 2011 @12:45AM (#38486554)

    posting on slashdot is like a DDOS for their site.

    • Re:ddos (Score:4, Funny)

      by davester666 (731373) on Sunday December 25, 2011 @01:41AM (#38486760) Journal

      Kill them! We MUST KILL THEM!

      Oh, wait. No, we do that for a GPLv3 infringement.

      For GPLv2, we just send them a nasty email and egg their mother's house.

      • Re:ddos (Score:5, Insightful)

        by kthreadd (1558445) on Sunday December 25, 2011 @05:40AM (#38487360)

        Actually, just politely asking them to comply with the license is probably a better way to start. It may very well be an honest mistake from their side.

        • Re:ddos (Score:5, Insightful)

          by mrjb (547783) on Sunday December 25, 2011 @09:01AM (#38487738)
          Yes, it must have been an honest mistake. "Sorry, I thought I wrote this stolen code myself". Happens to me all the time!
    • The only thing worse than being slashdotted would be space crowbars. I don't know why cultiv8 bothered with slashdotting, when the crowbars would have been so much faster.

  • by Qubit (100461) on Sunday December 25, 2011 @12:46AM (#38486556) Homepage Journal

    Post your question on the gpl-violations mailing list and we'll try to help you work through the details of any (perceived) GPL violation.

    Short answer: Selling GPLed software (even software you did not personally author) is okay. However, you must correctly attribute the copyrighted work re: the upstream author(s), and you must comply with the terms of the GPL license, including providing the complete source.

    • by Qubit (100461) on Sunday December 25, 2011 @12:58AM (#38486622) Homepage Journal

      Hi,

      I need to run off in two shakes of a lamb's tail, but I took a quick look I don't see the GPLv2 (or any GPL license) mentioned anywhere in your code.

      I suggest that you

      1) Put a copy of the GPL (v2, v3, etc...) at the top level of your project. I usually make a file LICENSE.txt that explains that the project is using the GPL, and then put a copy of the GPL at the end of that file.

      2) Put license headers on ALL of your files, so that even if they get separated there is no confusion about either the license or the author. They should look like this:

      UC Authorizenet Multi
              Copyright (C) 2011 Cultiv8 (put your real name here...duh!)

              UC Authorizenet Multi is free software: you can redistribute it and/or modify
              it under the terms of the GNU General Public License as published by
              the Free Software Foundation, either version 2 of the License, or
              (at your option) any later version.

              UC Authorizenet Multi is distributed in the hope that it will be useful,
              but WITHOUT ANY WARRANTY; without even the implied warranty of
              MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
              GNU General Public License for more details.

              You should have received a copy of the GNU General Public License
              along with UC Authorizenet Multi. If not, see .

      Here's a quick link to more information: http://www.gnu.org/licenses/gpl-howto.html [gnu.org]

      • by claar (126368)

        Actually, Drupal modules should not include a LICENSE.txt -- the GPL is already included at the root of the Drupal install, which the module is installed under.

        It's considered a module bug in the Drupal community to include a LICENSE.txt.

        • by bky1701 (979071)
          Uhhh... that's not how it works. The license only "counts" for the module if you provide some sort of Drupal+modules package. Modules still must include it to be properly licensed when distributed alone. If it is considered a bug, you need better license people... which would not surprise me, considering I know one of Drupal's so-called license experts, who seemed unable to discern what exactly the Creative Commons was all about.

          "4. Conveying Verbatim Copies.

          You may convey verbatim copies of the Progr
          • by claar (126368)

            Yeah, I forgot -- the way it works is that the LICENSE.txt is automatically included when the module is packaged by the system -- that's why module authors shouldn't include it themselves.

            But way to take any opportunity to rag on Drupal -- seems to be the thing to do around here. :)

      • by Donwulff (27374)

        If you take a quick look at the Drupal repository itself, you'll find the statement "Please note that all code which is committed into a Drupal repository must be covered under the terms of the GNU General Public License, version 2 or greater; the same as Drupal itself."
        The only halfway interesting question out of this post seems to be, if you submit your work to a repository which requires all submissions to be GPL, will it be GPL even if you don't explictly declare it as such? I would assume not, as most

        • by shaitand (626655)

          "This whole argument about the works license is, of course, mostly moot since obviously as the Drupal licensing FAQ http://drupal.org/licensing/faq [drupal.org] puts it..."

          The Drupal project saying so doesn't make it true. The modules and themes would only be derivative works if distributed with Drupal. There is no reason a Drupal compatible API couldn't be made and these independent chunks of code run on that.

      • by houghi (78078)

        I need to run off in two shakes of a lamb's tail

        Is that the time it take a Volkswagen to cross a football-field diagonally?
        Or is it 1 score (As in 4 scores and 7 years) divided by the books in the library of congress?
        I get a bit confused with all these measurements.

      • by samkass (174571)

        The parent's advice is almost correct... if you want to distribute under GPLv2, do *not* add the "or (at your option) any later version" or someone else could redistribute it as GPLv3 and then you wouldn't be able to re-integrate their changes into the GPLv2 baseline. If you like GPLv2, make sure you only distribute it under GPLv2 or you lose control.

    • I suspect this guy is out of luck. As you point out there are various ways in which this group could have botched things up that would violate either copyright law or the GPL, but he gives no indication that is the case.

      From what I've read this guy may be thinking about this the wrong way. The reason these people are able to charge for this software (from a 'the market can support such actions' point of view, not a legal point of view) is they are offering support. In short his little bit of drupal code is

  • by Anonymous Coward on Sunday December 25, 2011 @12:46AM (#38486558)

    You can buy a scale Predator drone for less than $1000 and a basic AI package for it for maybe half that. A few flybys and maybe a leaflet drop should be sufficient.

    • by hairyfeet (841228)

      Yeah but see where they get you is the weapons. You ever price a hellfire or a maverick? Them damned things ain't cheap friend, hell it'd be cheaper to buy a brand new ford Mustang and just drive it into someone's house than it would be to fire a single missile! I mean where's the damned Chinese knockoff when you need them huh? How the hell are you supposed to get rid of that crazy ex or deal with the asshole boss if you can't even get affordable heat seeks? This is America dammit, what good is the second a

      • by shaitand (626655)

        "You ever price a hellfire or a maverick? Them damned things ain't cheap friend"

        Which is exactly why the argument that certain classes of weapon shouldn't fall under the 2nd amendment is ridiculous. The purpose is to arm the people to fight the government and weapons that allow it should be freely available. Of course serious weapons take serious bank and with serious bank comes a serious interest in not rocking the boat OR takes a significant group of people all contributing funds like a citizens militia.

        • by hairyfeet (841228) <bassbeast1968&gmail,com> on Sunday December 25, 2011 @10:32AM (#38488008) Journal

          I'll tell you why certain weapons shouldn't be sold...morons. I have a friend that used to be a cop and i'll never forget one of his stories: They pull over this car driving slow and acting funny, when they search the car they find four gangbangers and an RPG in the back seat. Now when my friend said "WTF were you planning to do with an RPG boy?" do you know what they said? Driveby. That's right, they were gonna try to shoot a rocket out of a moving 4 door at a rival's house. Needless to say they were shocked when my friend told them that if they would have tried to fire that thing the backblast have blown them up real good.

          So that is why you can't buy a hellfire, because some dipshit that has seen too many Rambo movies will get a hold of it and try to do a driveby on his ex with the damned thing. I mean can you imagine some methhead all paranoid with a pack of hydra missiles and a launcher?

          But don't worry friend because if the government ever rolls the tanks i'm sure the national guard armories will be nicely emptied faster than you can say Arab Spring.

          • by shaitand (626655)

            "if they would have tried to fire that thing the backblast have blown them up real good"

            It's called natural selection. Best to just let it happen.

            "I mean can you imagine some methhead all paranoid with a pack of hydra missiles and a launcher?"

            No I can't. If a methhead had a pack of hydra missiles and launcher he'd sell it for meth along with his momma and girlfriend. ;)

            "But don't worry friend because if the government ever rolls the tanks i'm sure the national guard armories will be nicely emptied faster th

      • As for TFA I'd say he's SOL. they are selling support and installation which is 100% fine and dandy by the GPL, just ask Red Hat. If you didn't want others to be able to profit from your work you should have released as a proprietary module and not the GPL.

        The flip side of this though is why i think we'll never see a truly kick ass Linux desktop that can stand toe to toe with the polish of OSX and Windows, and that's because it takes millions of dollars worth of code to put that level of polish and with GPL somebody could just offer all the work you did for free if you built in on Linux which is why Jobs used BSD for Apple. that's why at least for me every time I try to deal with a Linux desktop it feels like a bazillion little programs all built without a care in the world in how they were gonna integrate together beyond CLI because...well that's pretty much what it is, tons of coders scratching personal itches instead of working together for a solid unified whole.

        In the end the GPL is a double edged sword in that on the one hand it ensures that if you hand out code under GPL then under GPL it will stay but the flip side is nobody is gonna invest the insane levels of money it would take to make a truly integrated world class desktop out of it because like with Ubuntu there would be 50 free knockoffs and it would be damned hard to recoup your investment much less make a profit. i mean has Canonical even made a profit yet?

        I agree w/ you, but I can think of at least one case where it would have made sense for companies to GPL code: once a software is either EOLed, or its support for a platform is dropped. I have a couple of cases in mind. Remember Windows NT 3.51 on RISC platforms - MIPS and Alpha? Microsoft dropped support for these platforms in version 4.0 when it migrated, after NEC & Compaq had dropped support themselves, leaving all existing users of those platforms high and dry.

        In such a case, MS would have do

    • Sounds like we can drop a miniature version of a N.U.K.E. [sluggy.com] of sorts (two parter) instead of just one or two leaflets. "The argument is weak but the repetition is compelling."

  • by Anonymous Coward on Sunday December 25, 2011 @12:48AM (#38486562)
    Why do people release software under a license and then ask basic questions like this? Particularly, why do they need to ask Slashdot all the time?

    The guy can try to sell your module all he wants, provided that a) He hasn't altered the copyright you placed on it (You did put a valid Copyright on each source file, in the GPL header, right?) and b) He makes the GPL sources available to anyone who has purchased a copy of the module and has then requested them, or anyone who has received a copy of the module and has requested them.

    Basically, he can't claim its his and he can't change the license, but if anyone is dumb enough to give him cash for something they could get for free elsewhere, that's their problem. If you're still not sure, contact the FSF. Or, hell, just read their damn website!
  • by rgbrenner (317308) on Sunday December 25, 2011 @12:48AM (#38486568)

    They aren't actually selling his module.. it says:

    We are providing complete support, configuration and installation for this module.

    Not the same thing at all. Besides the FSF says selling GPL'd software is ok [gnu.org]

    You would have a case if they were claiming it was their module.. but I wasn't able to find even that on their site.

    • by Anonymous Coward on Sunday December 25, 2011 @01:04AM (#38486636)
      Exactly. I did not see anywhere where they claimed it was their own custom module. It is completely legit for them to sell this module and/or support for it. I assume that the code is all in PHP, so when they provide it to their customers, there is no additional "source" code needed since it's already not a binary.

      So yeah, sorry to break this to the author, but it looks like those guys aren't actually doing anything wrong.
    • Do they have to provide the source upon request for free, or advertise the source in some way?
      • by bky1701 (979071)
        ...it is a Drupal module, which are programmed in PHP. The executable is the source.
    • by cultiv8 (1660093)
      I'm the OP. He changed verbiage on his site after he started getting flack on the drupal forums. [drupal.org]
  • ...the Software Freedom Law Center [softwarefreedom.org]

    They exist specifically for evaluating and defending against this sort of infringement. They're experts, and their services are generally free.

  • Two words: Stallman sword [xkcd.com]
  • by HTMLSpinnr (531389) on Sunday December 25, 2011 @12:51AM (#38486586) Homepage

    This is probably a bit of hindsight advice, but try to understand the license you choose for your work before releasing under said license. Releasing code under GPLv2 w/o understanding how downstream "users" can legally use it doesn't help when you have to question the legality of someone charging money for the work. If they provide the source and attribution to your work, they're good to go.

    If this wasn't the intended use, then consider a different license that more agrees with the ideals which the code was released under. Granted - if you reassign your code to AGPL or something of that sort, many people will either not comply or avoid the work entirely to avoid needing to disclose *their* surrounding source too.

    • by tibit (1762298) on Sunday December 25, 2011 @01:50AM (#38486790)

      Heck, they can even do something cleverer, like Redhat does: they are free to cancel any subscription/service agreement that you may have with them if you exercise your rights to further redistribution. It does not violate GPL, for GPL is about distribution and distribution only, and they are not hindering your right to that. If you subscribe to RHEL, you are of course free to redistribute any source RPMs you downloaded from their network, but if you do so, they are free to cancel your subscription. And they will if you're a big enough fish (say, if you'd try to run your own "clone" distro based on their SRPMS).

      This seems to be a sensible business model even to people who'd wish to sell their stuff for big bucks: who the heck will abandon a multi-$k subscription by exercising their right to redistribute GPL code? No one sane; in most cases, unless they have plenty of money to burn. Ah, and IIRC Redhat will not renew your subscription if so terminated: you're essentially blacklisting yourself for life.

      • by shaitand (626655)

        They can't block your access to the source (for the binaries they gave you) no matter what 'subscription' they terminate. That would be a GPL violation.

        Also, SOMEONE obviously isn't concerned with this because they are packing up a clone named CentOS.

  • by mysidia (191772) * on Sunday December 25, 2011 @12:54AM (#38486594)

    Earlier today I discovered that a Drupal user was selling the module from their website for $49 and claiming it was their custom-made module. I'm no lawyer, but my perspective is this violates both the spirit and law of GPLv2

    It is perfectly fine to sell someone else's GPLv2 module for $49; the GPLv2 specifically allows you to sell software.

    There's also no GPLv2 problem with the part about "We are providing complete support, configuration and installation for this module."; the GPL doesn't restrict what extra services can be bundled with software.

    Now there would be a problem if they distribute the GPLv2 software, with your copyright notices remove, or attempt to redistribute under more restrictive terms than the GPLv2.

    If what they are selling is USE of a GPLv2 module through their drupal hosting service, where the software is not actually ever distributed to the end user, then well, the GPLv2's redistribution requirement that redistributions be under the GPL doesn't come to bear until they actually distribute the code.

    • In the case of a script, which is what this seems to be, source code is provided automatically. Provide the script and you've provided the source as required.

    • Absolutely correct, but may I add that the GPL explicitly allows you to sell services on software or software as a service. Selling software bundled is OK as well as long as you distribute sources and retain the GPL, of course. In this case it's a little questionable how they are advertising it and there is no immediately available source they are linking to but they're right on the line before "breaking the rules" - it really comes down to how they respond when you ask them for sources or if they are using

  • by Dwonis (52652) on Sunday December 25, 2011 @01:39AM (#38486756)
    To everyone here who writes comments like, "I think the GPL says such-and-such", just read the fucking thing [gnu.org]. Seriously, it's not a hard document to understand.
    • As someone who uses the GPL a lot I tend to re-read it maybe twice a year. It really isn't a difficult document to understand and until you really sit down and read it you don't realize how great the terms are. People often mistake the GPL as being a license people use to just give away software, but that's not what it's about. It really does protect a lot of rights and give a lot of power to the creators of the software and it's aggressive approach to freedom really gives the creators an edge if used corre

  • by raster (13531) on Sunday December 25, 2011 @02:08AM (#38486856) Homepage

    If your software were a compiled language (eg c/c++/java etc.) then if they didn't provide the original source OR didn't provide it on request by you AS A CUSTOMER (the license is granting rights to the people they distribute to - ie customer), then they violate. If they have put the php through some code obfuscator and don't provide the original source before obfuscation, then this would come under the "compiled" category i'd say. What they are doing is perfectly legal under the GPL.

    If it's nice to do or not is another matter, but it doesn't violate GPL unless they do the above.. and this ONLY applies to people they distribute the product to - i.e. that person gains the rights under the GPL and if they do not follow through with them they violate the GPL as the license was distributed to them.

    The idea that everyone must make the source of their GPL product available for free is not enshrined inside the GPL at all. It's simply something many do because its simply easier and more practical, less work, or it is nicer to the community that provided them with the source to begin with, but nowhere in the actual legalities of the license does it require this (3rd parties in this case means only 3rd parties you distribute the program to, not all 3rd parties in the world).

    • by TheEmperorOfSlashdot (1830272) on Sunday December 25, 2011 @04:38AM (#38487228)

      If your software were a compiled language (eg c/c++/java etc.) then if they didn't provide the original source OR didn't provide it on request by you AS A CUSTOMER (the license is granting rights to the people they distribute to - ie customer), then they violate. If they have put the php through some code obfuscator and don't provide the original source before obfuscation, then this would come under the "compiled" category i'd say. What they are doing is perfectly legal under the GPL.

      The code was stripped of its existing GPL and redistributed under a new license. Even though the source code is available (because PHP is distributed in source form), it's no longer clear that the code is still covered by the GPL - someone purchasing this package wouldn't know that they were entitled to redistribute or modify the code. That's the crux of the violation:

      I'm no lawyer, but my perspective is this violates both the spirit and law of GPLv2, most specifically clause 2-b: 'You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.'

      • There was some question of whether the original script had the proper copyright notices (which aren't required, but are a good idea). The reason such notices are a good idea is that not only is it a "GPL violation" it is also against the law to remove copyright notices. I remember copyright notice removal to have penalties associated with it under the criminal code, actually, although it's been a long time since I looked at that...

    • by mark-t (151149)

      ...the license is granting rights to the people they distribute to - ie customer

      Actually, the license is granting rights to anyone who might want to redistribute the software, or create a derivative work. The GPL is not an end-user license.

      GPL software is copyrighted. By default, that means that nobody can legally copy it (fair use notwithstanding) without any sort of explicit permission from the copyright holder (or agencies authorized by the copyright holder). The GPL explicitly grants permission t

  • Dear Diary,

    Today I learned that some programmers attach licenses to their code, without ever reading the text of the license. Sadly, I find it to be on par with many congressmen, who vote for bills they've never read.

    Who knows what I will learn tomorrow?

  • If you are licensing your software under the GPL, then you are granting permission to everyone who abides by its terms to create derivative works of your software and distribute them however they desire, including selling them. The provisions of the GPL require only that one not charge any additional fees for the source code itself beyond, perhaps, material costs that might be involved in sending that code to them. They further are not under any obligation to distribute the source code to anyone who does

  • .. that you'd probably be able to sue them to the very pits of inferno if you'd get one of the MAFIAA lawyers to sue them. Whether you actually have a case or not is not relevant for that. Before you ask yourself how to deal with this situation, ask yourself what your legal standpoint is and what you want out of this. As other posters have pointed out, legally you may not have much if anything to complain about. Have you tried contacting the "offenders" yourself to ask what they are doing and where you come
  • Punch 'em in the troat.
  • The GPL is, really, a lot like water rights. Proprietary software is like water from a well, where the well owner controls access and distribution. Water from the nearby stream is free to all, as with GPLed software, but some collect and haul the water, charging their customers for the convenience of delivery.

"Of course power tools and alcohol don't mix. Everyone knows power tools aren't soluble in alcohol..." -- Crazy Nigel

Working...