Removing Proprietary Bits from Illegally Closed Open Source? 117
hahnfeld asks: "I maintain an Open Source (GPL) project which is fairly popular among commercial companies who produce proprietary add-ons for the software. Recently I found that someone was selling code derived from my product under a proprietary license. As a settlement, we finally agreed that his software (which had come a long way from the original Open Source base) will be released under the GPL. Obviously, I have plans to distribute the newly GPL'ed code from my project's site. Now that I've made the announcement, many commercial add-on authors are saying that they believe their code may be contained in the software and it is MY responsibility to remove it or they will come after ME. I've received everything from threats to insults from the commercial add-on authors, who believe the newly GPL'ed product will cut into their business. I've already notified everyone who has a proprietary add-on that I know about, and I'm planning on cleaning out anything I find. But short of not distributing the newly GPL'ed software, is there any way for me to protect myself in the event some proprietary code gets left in the GPL code?" As open source gains popularity, this issue is bound to strike another developer. In addition to seeking legal advice, what suggestions would you give to someone unfortunate enough to be in this position?
How to tell? (Score:3, Interesting)
I'm not a professional programmer or anything, but I am in the process of learning, and I'm just wondering how one would go about actually identifying the proprietary bits of code.
Short of searching for "Proprietary code: Go!" comments, does anyone have any insight into this?
Re:How to tell? (Score:1, Funny)
Finding proprietary code is easy, the key is not to search with "Proprietary Code Go!"...it will be marked with comments like this:
I am proprietary
Re:How to tell? (Score:1, Funny)
Re:How to tell? (Score:2, Interesting)
We had to build a system that replaced the paper in the process of a salesman going to your house, signing a deal for life assurance or whatever and that going onto the banks internal systems. This involved a web UI at the salesman end, another UI at the bank end (for validating date and manual approval) and a transport. The transport was the usual IBM MQ, bits of xml validation, PDF generation and database shenanigans. I wrote that bit. The simplest bit was the UI - a simple VB program that showed important bits from the xml for the operator to check (that had to do this due to UK law). One of IBMs programmers, fresh out of college with a certificate for everything, used no parameters in the VB code at all - he put parameters in XML throughout the code, with all the sloowwww parsing involved. To view a new policy took *45 seconds* on a decent pc rather than the sub-second response for a properly written app.
He had done the usual dumb schmuck consultant error - he assumed because something was on his CV HE HAD TO USE IT. XML is a hot skill. So rather than pass an integer to a subroutine, he create a new xmldocument, added the integer to it (under numerous levels of XML), passed this, decoded the xml and retrieved the integer.
Big consultancies like IBM are full of n00b graduates who know everything but only superficially. The world would be better without them.
seany
Re:How to tell? (Score:5, Informative)
If you could tell which parts were proprietary, then this wouldn't be much of an ask slashdot question, now would it.
Here is what sounds like happened:
Some unscrupulous person without any regard to copyright holders' rights took code from multiple sources, used it and released it as their own. The sources included a GPLed project and various bits of code from proprietary sources. The result may have been useful, but it was using stolen GPL code as well as code stolen from other developers trying to make a profit.
It sounds like any number of people could have gone after this product, as several people hold copyright over portions of it. Unfortunatly, that means that the code is not distributable under any license. By GPLing the product, it sounds like the author is opening himself up from the other side, allowing the folks who own the copyright on the proprietary code to sue.
My advice: Don't redistribute the code yourself. If the person who wrote it wants to distribute it, they have to distribute the source too. Let them take the flack. They should be the ones that are hit by the lawsuits. At the very least, get a written statement from them that all the code in the package that was not taken from GPLed sources was written by them. That way you can pass the buck if you do get sued.
Willful violation (Score:2)
I think this would be similar to purchasing stolen items. You don't get to keep them, but if you really didn't know it was stolen, you likely won't be punished, beyond losing the items that didn't belong to you, either.
Re:How to tell? (Score:2)
I'm not a professional programmer or anything, but I am in the process of learning, and I'm just wondering how one would go about actually identifying the proprietary bits of code.
Just release it and see who sues. As long as you respond quickly to any cease and desist orders, most contributors won't actually file lawsuits.
Countersue (Score:4, Insightful)
Re:Countersue (Score:1)
If they wanted to release their code merged with hanfeld's, they should release the source too, and hahnfeld couldn't be sued then. But they don't want.
Sic the FSF on 'em (Score:5, Insightful)
Insn't this one of the senarios where assigning copyright to the FSF is helpful?
Re:Sic the FSF on 'em (Score:2)
Why should I ever voluntarily give up my rights to something I made?
He should get a lawyer. Plain and simple; and if he can't afford one, the FSF will still help him. You really think that they'll say "Nah. We'll pass. We'll let this case go to trial so when you lose everyone can use The Giant Club of Precedent to blugeon our precious "copyleft" (It's a joke! Get it? "Copyleft" instead of "Copyright"! Ha! Ha! Man who doesn't like legal documents filled with jokes written by an overweight long haired nasally geek! Now why doesn't anyone take us seriously?) into oblivion."
Re:Sic the FSF on 'em (Score:2)
If you don't wish to give up your s/w, don't use any open licence. Simple.
The copyright assignment of GNU licensed s/w diminishes noone and allows the FSF to act to protect that copyright, regardless of what duristiction it occurs in.
So, on the blinding chance that you write something good, and a corp decides to illegally take it from you, best of luck pursuing them on your own.
Good laugh. (Score:5, Insightful)
If it turns out that they didn't have copyright to all the code that they promissed to GPL, that settlement is invalid. You have a great case for taking them back to court.
And if other authors do own copyright on some of that code, you don't have the right to distribute it. Simple as that.
Re:Good laugh. (Score:4, Insightful)
Good point. The person who gave that code to you, who said they owned it is in trouble, they gave you code they didn't own. But just because they screwed up, doesn't mean you're off the hook.
If you don't know for sure that you can distribute this code, don't. They notified you of the problem, you should not ignore it. Otherwise you lose the "I didn't know" defense.
Their in fault, not you (Score:5, Insightful)
Thus, you need not heed their meritless threats. Anything distribute along with your GPL'ed code should also be GPL'ed, and if it isn't, you can force it to be so (and you have the right to simply distribute it under the GPL).
The impact this has on their business is not your concern. Its their fault for incorporating their add-ons onto GPL'ed code. There should be no compromise here: you should force anything that was distributed with your GPL'ed code to be GPL'ed as well. Simply distribute the entire thing under the GPL, as is your right to do so. If they try to sue you, they don't have a leg to stand on because the GPL demands that any modification/add-ons to GPL'ed code be GPL'ed.
Re:Their in fault, not you (Score:5, Informative)
Not true. They can pull the code instead of releasing it under the GPL. They own the copyright, and they decide which license it is distributed under. If this not a GPL compatible license then it will have to be removed.
The rights always belong to the copyright holder. The same rights that give the GPL power also allow these companies not to GPL their software.
As an aside, and in response to the original poster: Comments like the parent to this one are exactly why you should disregard any legal advice given in this story and talk to a lawyer. This guy sounded like he knew what he was talking about, but if you listened to him you may have been financially liable. Ignore everybody's copyright advice here and talk to a professional. The FSF has lawyers for exactly this reason, and you should call them.
Re:Their in fault, not you (Score:5, Informative)
Once they've distributed it, that choice is over. If they distribute it and don't GPL it, they're in violation of the license, and can be forced to release it under the GPL. The people who've already bought it have the right to see the source, as that code is based around GPL'ed code.
You can't "take back" a distribution once you've released it into the world or on the net. Thousands of people have already bought it, and thus will have the right to see the source, as the GPL grants.
Re:Their in fault, not you (Score:2)
There are other circumstances involved here, namely that these companies weren't necissarily aware that the code was GPLed due to the deceptive practices of a third party.
If they distribute it and don't GPL it, they're in violation of the license, and can be forced to release it under the GPL.
Just because that is a possible outcome doesn't mean it's the only outcome. Remedies for the license breach would be decided by a judge if the two parties could not come to terms on their own. You don't know wether the judge would force the code open or not.
I'm not saying that the code becoming available isn't the right outcome, but if you assume that the outcome will be what you've decided is the "right" outcome, you could open yourself up to a whole slew of other legal troubles.
Re:Their in fault, not you (Score:2)
Irrelevant. Its their responsibility to determine what license the code is under. Such finger-pointing routines wouldn't work if you gave me a piece of EULA'ed code under a "deceptive practice" and led me to believe it was public domain. I'd still have to (once informed it was EULA'ed) comply.
Why even bother trying to negotiate with them? Just release everything under the GPL. The GPL gives you the right to release their code under the GPL, as they based their code around modified GPL'ed code, or added their code to GPL'ed code to make a product. Thus, the GPL gives you the right to distribute that code under the GPL.
If they decide to sue, use the GPL as a defense. They had no right to release their code under a EULA in the first place if they based it around GPL'ed code. They may try to sue you for violating their EULA or intellectual property or whatever, but you can use as a valid defense that they never had the right to release the code under that license in the first place, because of the GPL.
This is not the problem of the person who submitted this article. He's doing everything by the book. This is the problem of greedy or negligent corporations which are now whining because they have to comply with a license they had gotten away with violating.
Re:Their in fault, not you (Score:2)
The big problem here is that, unlike physical property, which can potentially be returned when stolen, once somebody's code gets out in the wild there's virtually no chance of them preventing it from circulating to all who want it, destroying whatever competetive advantage the code may have given them.
Re:Their in fault, not you (Score:2)
If this person distributes the code under the GPL, then these other companies can sue this company for fraud and misrepresentation, and get compensation for the value of their software lost.
But the code is now out there, incorporated with GPL'ed code. That means it has to be distributed under the GPL, and anything else is a violation of the GPL. We have the right to distribute it under the GPL.
You're in dreamland (Score:2)
Suppose I write a library, which I choose to distribute under some licence that forbids giving away the source code. Are you saying that I must check the intentions of everyone buying my library, to make sure that they aren't planning to GPL it and give away the code, and that if I fail to do so, my code automatically becomes GPL'd?
Could you please cite even the slightest shred of copyright law in your chosen jurisdiction or even common sense that supports this claim?
Re:You're in dreamland (Score:2)
Re:You're in dreamland (Score:2)
How does that follow at all? Every time a major vendor sells a product with a licence agreement, they enter into a contract with the buyer. Are they assumed to be aware of how that buyer intends to use the product, and to give up all rights they would otherwise have over it? You are basically arguing that not only to EULAs have no legal validity -- which we all know is a largely untested area of law anyway -- but that it is the vendor's responsibility to be aware of the wishes of every buyer, which turns established practice on its head. Where is the legal or moral basis for this?
Re:You're in dreamland (Score:2)
Re:You're in dreamland (Score:2)
So you keep saying, but if there was a specific agreement, did it allow for the release of source code under terms compatible with the GPL? And why were they aware or should they have been aware of the relevance of the GPL here? What do you know about this case that the rest of us don't?
Re:You're in dreamland (Score:2)
Re:You're in dreamland (Score:2)
I give up. You're either much better informed about the exact details of this than the rest of us, or just incredibly stupid (or naive).
If I agree to let someone else use my code for some compensation, then I generally have some sort of licence agreement or other contract that specifies how they may use it. It is that agreement that governs whether or not they may GPL it, distribute it, or whatever. The fact that I haven't checked their whole business out (as if I had any right or ability to do that anyway) does not mean they are exempt from the agreement, nor that they may use my code in ways not specified in that agreement (or otherwise allowed to them in law). If this were not the case, the whole software business would fall apart, as no-one could afford to sell their code to a wide market since they'd have to check out every single buyer's intent.
You are arguing that the complete opposite is true, that the obligation to understand how things are used rests with the seller and not the buyer. You have totally failed to justify your position based on any legal references anywhere, and you are arguing for a position that would be totally impractical if you actually tried to implement it. Why do you bother?
Re:Their in fault, not you (Score:1)
If you live your life in denial of what the laws are you'll end up in jail eventually. I wish you luck.
Such finger-pointing routines wouldn't work if you gave me a piece of EULA'ed code under a "deceptive practice" and led me to believe it was public domain. I'd still have to (once informed it was EULA'ed) comply.
Yeah, but the person who decieved you would likely have to pay the large portion of the fine, not you. I don't understand what your point is here. (You haven't thought this through very well.)
Why even bother trying to negotiate with them? Just release everything under the GPL.
Because contracts obtained through deception are invalid and there is no existing agreement giving this guy the right to publish code copyrighted by somebody else. The GPL is a contract, and these add-on companies could not have entered into the agreement if they were decieved.
Re:Their in fault, not you (Score:2)
Summary finding against the defendant who breaches the rights of the third parties, I'm guessing. You just lost.
The fact that the people making the derived product gave it to you under a licence agreement they had no right to agree does not automatically excuse you from any obligations you have if you're in posession of code that belongs to third parties. If those parties have also actually told you that you are breaching their rights, and a court finds that you have persisted in doing so, I don't think you have much of a leg to stand on in any major Western legal system, even those that might allow a defence of ignorance initially.
Unfortunately, case law does not agree (Score:2)
MySQL, with the assitance of the FSF, tried to argue that once the GPL had been breached, Nusphere could not remedy that by releasing all of its modified source and that they needed to renegotiate a new license. The court did not accept that argument.
MySQL v. Nusphere trial reference? (Score:2)
I am not a lawyer. Do not use this as legal advice.
Re:MySQL v. Nusphere trial reference? (Score:2)
Re:MySQL v. Nusphere trial reference? (Score:2)
The question of "no harm at all" would not have been before the court for a preliminary injunction, only irreparability.
I could believe that the judge might have determined that there was no irreperable harm from the copyright component and then might have decided for the purposes of the preliminary injunction hearing only to accept arguments about the irreparability of the trademark infringement (and I think it would be a lot easier to argue that trademark infringement is irreperable). But if you claim the judge ruled about something I don't think could have been considered to be before the court at that hearing, then you I'd need to see specific references to be convinced that this isn't a case of your recollection being skewed.
I'm not a lawyer, so don't take this a legal advice.
Re:MySQL v. Nusphere trial reference? (Score:2)
You're right to be sceptical of my recollection. I spent some time yesterday looking for a copy of this preliminary ruling and I couldn't find it. But something caused these parties to settle.
Frequently when a judge lays out his reasoning in a preliminary motion, it gives the parties a clue as to what issues the judge thinks are significant in the case to come. In judging a preliminary ruling, the judge assumes facts in dispute in favor of the non-moving party. This can often tip the moving party as to how much they can expect if they can actually prove the facts they assert.
Re:Their in fault, not you (Score:2)
But by the sounds of it, the third parties' code was never based on GPL'd code.
As I read this, the poster made a GPL app, call it G. Someone else took this, and made another app derived from it, D. In D was also included some third party code, call it T. G is GPL'd, and the copyright holder for G therefore has the right to go after the makers of D for licence infringement. However, it sounds as though the makers of D have tried to GPL it. If they don't own the rights to the other third party code in it (from T) then they would not normally have that right (which would belong to the copyright holders of T, if they chose to do it). There is no way that the original poster can force the third party authors of T to release their code under the GPL if it isn't derived from GPL code itself.
What this seems to come down to is that the authors of the derived app D are screwed, because they've got GPL'd stuff they can't make proprietary and proprietary stuff they can't GPL in their code, and thus they can't distribute it at all under any licence.
But, of course, this is just a speculation based on the summary here, and it should go without saying that the OP needs to contact someone who can actually make a proper appraisal of the legal situation.
Re:Their in fault, not you (Score:2)
Re:Their in fault, not you (Score:2)
I'm sorry, but that sounds like the hopeful philosophy of a GPL fan, not the legal advice of an informed lawyer. There are so many holes in that argument that even I can spot, I can't believe it would -- or should -- ever hold up in court.
Re:Their in fault, not you (Score:2)
I don't think so, they already distributed it, they either comply with the GPL, or they have violated the authors copyright.
Re:Their in fault, not you (Score:2)
No, in order to distribute their code (which they've already done), they already released their code under GPL and he's licensed to use it under GPL.
Re:Their in fault, not you (Score:2, Interesting)
Again, there's outside circumstances here. Because there was a deceptive third party involved that was distributing this software under another (non-GPL) license, these add-on vendors may not have known they were contributing to GPL software, and would likely not be bound by the terms it it went to court. Most judges won't hold a participent to contract terms they were unaware of due to the deception of another party. An arrangement will have to be made, wether it's forced by a court or mutually agreed upon by both authors, but there's a very good chance that the outcome will not involve the code in question becoming available.
Re:Their in fault, not you (Score:2)
Why do you mention that? If there was no right to create proprietary software, meaning no government control or regulation of ideas, then the GPL wouldn't be necessary. The purist free software advocate would gladly give up the GPL if it meant the end to all copyright holder rights to restrict information.
Re:Their in fault, not you (Score:1)
It had nothing to do with the necissity for the GPL, nor what I think of it.
Re:Their in fault, not you (Score:1)
Re:Their in fault, not you (Score:2, Informative)
Not technically true. It's perfectly legal to distribute a GPL'd program and an entirely closed-source
Re:Their in fault, not you (Score:2)
If I steal the Mona Lisa and give it to you and the police can't find me, that doesn't mean that you can keep the painting openly. Just because I'm legally liable for all sorts of crimes does *not* mean that you then have the right to do whatever you want with the Mona Lisa. If you attempt to, I dunno, chop up the Mona Lisa *knowing* that it's stolen, *you* will be liable for that crime (though I'm still liable for all the things I've done).
In this case, you are definitely incorrect.
Re:Their in fault, not you (Score:2)
The other companies in question chose to allow company X to integrate its code with theirs. Its code happened to be integrated with GPL'ed code, which means that anything it MUST be released under the GPL, as MUST anything else it integrates with (ref. to GPL). The other companies had the obligation to make sure that company X didn't have any GPL'ed code. They didn't do that. THEIR FAULT. Now they pay the price. They are OBLIGATED to distribute their code under the GPL because they "knew or SHOULD HAVE KNOWN that the code they were merging with had GPL'ed code in it". In other words, the burden is on them.
These other companies seem to be claiming that "they didn't know the code they were merging with was GPL". This seems like turning a blind eye to the problem. If you merge code with someone else, its your responsibility to look over their code and make sure you won't be violating any licenses by doing so. In other words, these other companies were in a situation where they said "don't ask don't tell". They willed themselves to be ignorant of any problems. THEIR FAULT.
Re:Their in fault, not you (Score:2)
This is from a guy who's
The other companies in question chose to allow company X to integrate its code with theirs.
Quite likely. However, you have no way of knowing what this agreement included. It could be an informal verbal agreement, where he gets no particular legal rights. It could be a written one prohibiting redistribution of their own source as part of the agreement, which means that if he tries to redistribute the source, the license they grant him becomes invalid. This is quite common.
Its code happened to be integrated with GPL'ed code, which means that anything it MUST be released under the GPL, as MUST anything else it integrates with (ref. to GPL). The other companies had the obligation to make sure that company X didn't have any GPL'ed code. They didn't do that. THEIR FAULT. Now they pay the price. They are OBLIGATED to distribute their code under the GPL because they "knew or SHOULD HAVE KNOWN that the code they were merging with had GPL'ed code in it". In other words, the burden is on them.
This is simply stupid. If I produce a license, say that's something like this [globus.org], the only person who gets screwed over is the person licensing it, if he intends to merge with GPLed code. There's no implied license, as you seem to feel is the case. The merging person simply does not have the ability to produce a derivative work an apply both the license he was granted at the same time, because doing so would violate clauses of one or the other licenses.
Just because they say it's your responsiblity... (Score:4, Interesting)
EXACTLY (Score:1)
So to recap, people here ARE NOT LAWYERS, and if you want legal advice about someone making threatening statements about you breaking the law, I would strongly urge you to start taking this seriously by talking to a person who can give you a serious, and correct, answer. The fifty different ideas presented here have been refuted and re-refuted fifty times each, which should give you a hint: none of the arguments seem to be able to hold their own.
And for god's sake, stop asking questions about very complicated legal issues while providing only the barest and most vague details and then expecting people who have no legal knowledge or training (like the above poster so graciously admitted) to solve your problem in pretty, neat paragraphs.
Re:EXACTLY (Score:2)
Re:Just because they say it's your responsiblity.. (Score:2)
I think what would happen if you tried this is that you'd piss off/scare the parties involved, they'd retain a lawyer, they'd start sending nasty notes and look at taking legal action with you. Which is what they should do.
Basically, it comes down to this. The original guy infringed the GPL. He needs to stop distributing the code. You may be able to sue him for damages for using your code without license. It doesn't mean that he can give away other code that he doesn't own, however.
GPL - What's the use? (Score:1, Insightful)
And most open source developers dont have the resources to spend thousands (or probably millions) in litigation fees.
So, if they've released code in GPL, and some company uses that code, and doesnt make their code GPL what can the developer do about it.
I used to hold the GPL in high esteem till I thought of it as this - "hey, you saw mine - now show me yours"
I mean, what if today I want to write some code and sell it. If I use someone else's code - I need to open up mine too. Face it - GPLed code doesnt fetch you money. So, just because some other person didnt want to make money off his hard work - I wont be able to do so either !!
Probably I'm not being able to express my logic properly, but we sure need something more than GPL and something more to define the *real* meaning of open source.
Re:GPL - What's the use? (Score:2)
Clearly, the GPL and licenses like it are the "*real* meaning of open source" though, since they force the code to remain open forever. Wether that's a good thing or not is another question.
"hey, you saw mine - now show me yours"? (Score:2)
You always have the option not to use the GPL'd code. There are closed-source alternatives for pretty much anything GPL'd software can do. Of course, you have to pay for it. Further, most GPL authors are willing to license their code for proprietary use -- again, if the money is right.
GPL'd code is not FREE code. There is a price. If it's not the price you want to pay, then don't buy it!
Re:GPL - What's the use? (Score:2, Interesting)
By the nature of proprietary software, you can't make it free. By being able to take free code and incorporate it in propriatary app (probably with some added value), code would continually move from the free world into the proprietary. In other words, the proprietary codebase would be all code (proprietary + free), while the free codebase will contain the free code only. This would doom free code to become and/or remain marginal.
With a clear separation you now have two basic possibilities: use free code creating more free code and use proprietary creating more proprietary.
If you want to sell your code you can. But you can't sell other's code, and I don't see anything wrong in it.
Bait and DRM (Score:1)
Seems to me that it's _their_ responsibility to keep track of what they did to the code, not yours. When you release something under the GPL, you're still the owner of the copyright. But I believe that whoever then modifies the software has the copyright on their code (derivative work?).
You shouldn't have to keep track of someone else's patches. Is Linus responsible if DRM _isn't_ added into the kernel?
idea for tool builders: metadata (Score:1)
Could this be prevented if there were a metadata system which tracked license & ownership of code (at least at a per-method level)?
You'd have to plug (convenient) support into the IDEs and code repositories, but it seems like it would be an improvement.
Re:idea for tool builders: metadata (Score:2)
A contribution to a work means that part ownership of the copyright of that work goes to the contributer. (There are some interesting potential legal landmines with regard to what would constitute a "work": Single source file? Whole distribution? My guess as a non-lawyer is a court would go with "All of the above".)
The only way to strip out a propreitary bit of code would be to roll back through a source-control program, remove all the commits from the source history, and rebuild the program with new, non-owned code. So you'd need a way to mark commits as "proprietary", and roll them out.
Another thing you could try is keeping two trees, one "pure", and one with the proprietary stuff, and make sure to factor out any differences such that you can swap in the pure or proprietary code at any time. Takes a bit more design, but hey, that's true of most open source anyhow.
EveryAuction? (Score:3, Informative)
The software being discussed seems to be EveryAuction [everysoft.com]. Is that correct? (Hahnfeld's email address is listed at the beginning of the Slashdot story as matth@everysoft.com.)
Re:Already slashdottet? (Score:1)
Actually, everysoft.com is hosted by sourceforge, but the forums are on another host.
Re:Already slashdottet? (Score:2)
Not sure I understand (Score:1)
Let me get this straight...are they saying that their code is contained in the original GPL product that you put together, and it must be removed or they will ($gratuitous_threat)?
Or are they saying they think their code is included in the derived product that you just settled on, that is soon to be released under the GPL?
There's a difference there. If it's your original product, how did their proprietary stuff get there? Did you hack into their networks, swipe their proprietary code, and add it to your open source project?
If it's the derived product that is being released as part of the settlement, the "how did it get there" question applies, but I'd also ask some more questions. How do they know they have code there? Did they collaborate on the add-on? Did they at any time give any code for any reason to the person who is settling with you? Under what terms?
There's also this point: You're not releasing the code under the GPL. The developer is the derived product is releasing it. Why would all these other companies want to block him from distributing his project for free, by coming after you?
($gratuitous_IANAL_message), but it seems to me like they might have GPL-protected code in the products they've derived off your project, so it seems like they are using nasty and unpleasant tactics to try to scare you into backing off or whatever.
Get a good IP lawyer, and if one isn't available I'd definitely be hooking up with the FSF to see if they can provide any assistance.
Re:Not sure I understand (Score:1)
What a mess...
Re:Not sure I understand (Score:1)
I sincerely wish you luck.
the thing to remember here is that you haven't done anything wrong, and I wouldn't cave in to them just because they're being intimidating. My gut feeling, knowing as little about the situation as I do, is that the folks who are threatening you fear having to GPL their derived products as well, so they're employing bsa or riaa-style tactics on you.
if it comes down to it, set up a paypal account. I will be happy to donate to any legal fund set up to fight these guys.
Practical Suggestions (Score:3, Insightful)
<ianal>
I'd send a nice general "cover" letter to the company in question that used your GPL'd code as the basis for their extended code.
I'd thank them for recognizing and adhering to licensing restrictions, in this case the GPL. I'd mention that you, too, want to adhere to all licensing restrictions. Thus, if they incorporated others works that are bound by other specific licenses besides the GPL to make clear to you exactly which parts of the code are restricted in non-GPL ways.
If they don't have the time to mark other's code, at the very least they could mark code which is unambiguously "yours+their extensions".
Be prepared at any time in the future to remove chunks of code from the GPL project if some third party presents irrefutable evidence that such code is under their copyright and that they do not wish to distribute their code that way. Kinda like old RSA code used to be.
Someone may argue that you didn't properly adhere to the licensing agreements for that code, but that's where you have to be able to demonstrate that you made a good faith effort to adhere to all of the restrictions that you knew about. If the company did not inform you of those restrictions and you asked them to do so, then it will be more difficult to fault you. After all, it is that company that made agreements with the other licensors, NDAs, etc. and it is their responsibility to adhere to those agreements when giving code over to you.
</ianal>Um... (Score:2, Interesting)
BTW, would future authors of these sorts of "Ask Slashdot" questions, please do a little self-promotion and include the name of the software in question? These discussions are nearly worthless when I can't do some Googling for background info.
Re:Um... (Score:1)
Either/or (Score:4, Interesting)
If they were aware of the licensing restrictions on the code they were working with, then they are morally in the wrong and a court will probably rule against them.
If they were not so aware, as in if the software company concealed the knowledge of GPL restrictions from them, or had them working on a separate segment of the code which was included in the project but not directly involved with the GPL, then it's the software company's fault in scheduling conflicting licenses. It is not YOUR responsibility to PUBLISH the source code, it is that company's; you might only be distributing that source, and perhaps not even that. The software company would have the options of:
(1) Withdrawing the program from the market completely;
(2) Replacing your GPL'd code with equivalent proprietary code, and keeping the codebase secret;
(3) Replacing the other coders' proprietary code with open-sourceable code (or licensing their code for open-source use) and publishing the codebase;
(4) Publishing the codebase as-is, and risk being sued by the other coders;
(5) Keeping the codebase secret, and risk being sued by you.
I do not see any way a court would hold you liable for making the software company publish the code; it was not your decision to tie their code up with yours. If it does head to court, though... Get a good lawyer.
Re:Either/or (Score:1)
You have some really good points!
I would just wish to clarify something - about making the software company publish the code under the GPL.
I don't think hahnfield actually made the software company do anything. It was a settlement. The software company chose on their own to release the code under GPL to avoid the hassle of going to court - because unlike the guy working on open source code, a court actually can make the software company do something.
Star Office (Score:2)
It's taking Sun years to replace the code that doesn't have an OS license. Unless you find it worth your time to rewrite lots of other peoples' code, I would suggest you either get the person who "opened" it for you to fix this or come to an alternate agreement with them.
Follow the FSF's advice (Score:1)
The FSF have some good information on how to run a project, including a section on legal matters [gnu.org] that covers getting the appropriate paper work from contributors before you integrate their code. Unfortunately I don't see how you get access to the actual text of the documents to replicate this process for yourself. Perhaps you could make your project an FSF project?
How to stop frivolous lawsuits (Score:1, Insightful)
Ok camapny A wrote modification from your GPLed software and now you're goingn to put it up under te GPL on your website but company B is saying it contains there pripitory code? Tell them to go screw themselfs assumeing tis is US Copyright. Comany A is the one that broke the law and the only thing the courts can do is take away and destroy any copys of it you have.
Read Copyright law.
http://www.copyright.gov/title17/
fact 1. Copyright is not exclusive like Patents and trade marks. If two people come up wit the same patent or trademark idepently only one of them gets it but ir two people come up with the same copywriteable work indentantly both get thare own copyright for it. Diffrant editions of books have seperate copyrights.
Fact 2. Illigaly created works are in the public demain.(2)
The important thing to bring up in any lawsuit you get into is that company A are the only ones that broke the law not you(1). Hopefully you made some chage to thare code befor releaseing it(adding the required this software is GPLed message or something) Then you can say that your new version is based of of Companys A work and not company B's closed source work. Remember you can't copyright ideas(3).
footnotes:
0:The only ways to truely pervent frivolous lasuits is to ether kill the procicuters or kill yourself.
1:"Exclusive rights in copyrighted works36
Subject to sections 107 through 121, the owner of copyright under this title has the exclusive rights to do and to authorize any of the following:
(1) to reproduce the copyrighted work in copies or phonorecords;
(2) to prepare derivative works based upon the copyrighted work;
(3) to distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending;
(4) in the case of literary, musical, dramatic, and choreographic works, pantomimes, and motion pictures and other audiovisual works, to perform the copyrighted work publicly;
(5) in the case of literary, musical, dramatic, and choreographic works, pantomimes, and pictorial, graphic, or sculptural works, including the individual images of a motion picture or other audiovisual work, to display the copyrighted work publicly; and
(6) in the case of sound recordings, to perform the copyrighted work publicly by means of a digital audio transmission."
2:"... protection for a work employing preexisting material in which copyright subsists does not extend to any part of the work in which such material has been used unlawfully."
3:"In no case does copyright protection for an original work of authorship extend to any idea, procedure, process, system, method of operation, concept, principle, or discovery, regardless of the form in which it is described, explained, illustrated, or embodied in such work."
Make them tell you what to remove... (Score:2)
Also, if this is a matter of Plug-in publishers bullying you, cripple plug ins. If they want to still market their products, they will begin to panic when they realize they are not supported under new versions of your program. If they won't play nice, take your ball and go. Make them beg to get back in the game.
But that's just my opinion.
Use your rights, damn it (Score:2)
EACH AND EVERY ONE OF THESE COMPANIES threatening you if you publish their propietary code has, indirectly, admitted to ripping you off. THEY are the ones who should be sweating, they have no right to the code that they wrote proprietary extensions to and it's black letter law that you have the right to order them to immediately cease and desist any and all future infringement of YOUR code.
This may put the companies out of business, or expose them to massive suits for non-performance. IT'S NOT YOUR RESPONSIBILITY. They are violating your IP rights, you have the unconditional right to order them to stop regardless of the consequences to them.
It won't take them long to realize that they have two options. One, they can lay off everyone (you've killed their product!) and sue the original infringer for damages while their clients sue them. They can't threaten you for exercising your own rights, especially after they tried to do it to you!
Or two, they can pay you a reasonable fee for the right to use the code in a proprietary product. Say, something between $20k-$50 plus the right to distribute the code in the infringing product today under any and all licenses you choose. If they want to pull code out, they can... at their expense. Just because something is released under the GPL doesn't mean you can't also license it for proprietary use.
Meanwhile expect to see the original infringer get hit with massive suits for fraud. They may think they pulled a fast one on you, but as long as you stand up for your rights you may yet have the last laugh as that company is forced into bankruptcy for stealing your code and presenting it as its own.
(IANAL disclaimer, etc.)
Re:Use your rights, damn it (Score:1)
Re:Use your rights, damn it (Score:2)
Since these companies are claiming that the code released by the primary infringer contains their propietary code, I don't see how any of them can make meaningful claims that they aren't distributing their changes - if they weren't distributing the changes, how did the primary infringer get the code to provide to this guy? Maybe there's a reasonable explanation out of this paradox, but it seems that the burden of proof is on them to defend their use of his code at this point.
(N.B., this doesn't mean that he has any right to their code either - but these intimidation tactics have got to stop. Everyone is entitled to their IP rights, not just companies with an arrogant attitude.)
um... this is more of a "Tell Slashdot" (Score:2)
This issue is definitely something the GPL crowd would like to be aware of, and its good that you posted it, but I think your best advice would come from a legal professional.
Simple! (Score:2)
Gosh! A single line of C code, what's Ask Slashdot coming to these days?!?!
FreeSoftware = !(PROPRIETARY BITMASK) && YourSoftware;
You're screwed [kinda] (Score:1)
The agreement you made with that other guy could be invalid. If he agreed to give you someone elses code, the agreement definatelly is and you can
a>Remove the code like thay say (if you still want to distribute)
-or-
b> Have the guy you made the agreement with remove the code either willingly or through the courts.
If it's no big deal and it's not a lot of code, just do it. It's the quickest and most pain-free way...
Re:You're screwed [kinda] (Score:2)
I wonder if this has even ever been hammered out before. Probably, but it would take a lawyer to track down the case law.
It could be that the entire deal was bad the moment the guy tried to GPL the code he didn't own, so you'd want a revised agreement first.
Also, if he wrote the code under NDA from the propriatary people, they *might* be able to claim that his code exposes important knowledge about their own software that constitutes a trade secret (If someone wrote part of a driver for, say, Nvidia, I suspect this could be the case).
Re:You're screwed [kinda] (Score:1)
There's 4 of the 6 movies of star wars that you can buy right now. Yet because the set is incomplete there isn't an handy carrier yet. You can make your own proprietary carrier, just for the star wars movies, and sell it or do whatever you want, including give out the blueprints if you want to. However if you include any of the pictures or images from star wars, you cannot call it the "official star wars carrier".
or say you make your own extension to PERL, you can do what you want with your code, as long as it does not have any GPL code you can keep your code closed.
Some jerkass decided to take someone elses free code, and close it, then he added someone elses proprietery extensions to it, then, on top of that opened the code back up when he got caught, openening up other peoples code. Now those people are pissed off.
No it's not like water, if you take GPL'd code and make something else, the finished product, even if it no longer does the same thing it did before, must be gpl'd
Re:You're screwed [kinda] (Score:3, Insightful)
if you take GPL'd code and make somethin else, the finished product, even if it no longer does the same thing it did before, must be gpl'd
I realize that.
My question (I'll restate and perhaps be clearer)
A = The guy that wrote the original GPL work.
B = The guy that illegally grabbed the GPL stuff, then merged it with propriatary stuff, then illegally tried to GPL someone else's code.
I am, for the moment, ignoring the fact that B is already in hot water for distributing a derivative work containing GPLed code under a non-GPL license. We all agree that B is already in hot water for doing that.
My question relates to the second bit: B has made an invalid license in trying to GPL the derivative code he made. It contains non-GPLed code that he does not own which he does not have the right to GPL, thus the derivative project cannot be GPLed as a whole. He attempted to GPL the derivative work as a whole. This license is necessarily *invalid*.
I believe that the derivative work contains three sections of code. The propriatary code from the third party, the GPL code from A, and some additions from B.
Now, B has made this invalid licensing under the GPL of his derivative work as a whole. Since this is invalid with respect to the propriatary extensions, my question is whether his license is still in place (and binds him) as regards his *own* contributions to the derivative work, or whether the entire thing simply goes out the window.
If B makes three licenses that say:
"I am licensing A's contribution under the GPL", that's valid
"I am licensing B's contribution under the GPL" this is valid, as he's the copyright holder
"I am licensing third party propriatary bits under the GPL", this is not valid.
However, the first two licenses still hold (though only the second one is important).
This guy made a *single* license that applies to the work as a whole. Are his own contributions to the derived work now GPLed or not?
Now just a cotton-pickin' minute here... (Score:1)
Just how are you supposed to be able to tell what is proprietary code? Unless they thoughtfully marked each block they touched, and each file they added with some helpful comment to allow you to identify it then they are indulging in a catch-22. If their code is marked, fine, remove it. If it isn't, sorry, they need to identify it so you can remove it. It is not up to you to have to guess what is proprietary and what is not.
Anyone sending threats gets a form letter. "I intend to release this code under the GPL on dd/mmm/yyyy, if you have proprietary code you do not wish disclosed please send me a patch removing the code or some other reasonable means for me to identify and remove it. Failure to do so implies informed consent to publish under the GPL."
Sadly, chances are you will wind up in court anyway, so have a lawyer on retainer and primed to deal with people who will almost certainly try to bully you with legal harrassment.
not a question for slashdot. (Score:2)
"Hi, I've been threatened with a lawsuit, seeing as how most of you know nothing about the law, I'd like to know what you think I should do?"
You might as well ask a magic 8-ball.
Re:not a question for slashdot. (Score:1)
Re:not a question for slashdot. (Score:1)
Give FSF Co-ownership (Score:2)
This way, you still own the copyright, but if you're somehow unable to defend it, the FSF can do so.
Re:Give FSF Co-ownership (Score:2)
The FSF is a single point of failure for the GPL. They're also the source of my single sense of unhappiness with it.
Linus feels the same way -- he's gone GPL v2 only, which eliminates their revision power as regards the Linux kernel.
Re:Give FSF Co-ownership (Score:2)
As I also said, I think that you should give co-ownership to any organization which stands up for the freedoms you want to protect, including the FSF, OSI, EFF, etc. This way, there is no single point of failure.
Re:Give FSF Co-ownership (Score:2)
Do tell.
The FSF doesn't have the power to do anything with your license.
Ah. We'll see.
The GPL just says "version X.x of the GPL OR any later version.
Yes, that's precisely what I'm objecting to.
In other words, the USER GETS TO CHOOSE which one to follow, according to the FSF.
Which is completely meaningless, because anyone that gets their hands on your code can then use the revision if they want. You have zero guarantees that, say, Red Hat or SuSE won't be granted rights to use the source without reopening it. Don't laugh -- this has been brought up as possible material for the GPLv3, and is why Linus refuses to grant revision ability to the FSF.
That's better, as it gives the user more FREEDOM.
Meaningless semantics. It has a legal, practical impact that we both recognize and that I and many others have an issue with. Saying that this is "better" because it's a "freedom" issue is simply meaningless. Should I be allowed to shoot you because it's a "freedom" issue?
Thus you're concerns and those of Linus are completely unwarranted on this matter.
Oh. Thanks for straightening Torvalds and me out.
The end-user being able to choose which version of the GPL gives the end user more FREEDOM.
As stated above, semantic arguments are meaningless for our situation.
Also, note, that the copyright author not the GPL grants the user the right to choose which version of the GPL to use.
True. Unfortunately, a very rarely exercised option. Torvalds does it, and a number of other people, but not enough to put a firm clamp on the FSF running amok. On the up side, just as the GPL virally spreads through code, the version-restricted GPL virally spreads through the regular GPL, so I'm fairly comfortable that this is not a problem. Eventually everyone will be forced into a single version of the license.
Though I'd argue it should, since this gives the user more freedom.
Okay, I could point out that the GPL is designed to allow the developer freedom, and the BSD license the user freedom, and by your logic the BSD license would be superior, but it's a semantic argument, as I said above. "More freedom"...who cares? The practical impact is what matters.
As I also said, I think that you should give co-ownership to any organization which stands up for the freedoms you want to protect, including the FSF, OSI, EFF, etc. That way, there is no single point of failure.
That's idiotic. Most people using the GPL specifically use it because they do *not* want a BSD-style license. Giving co-ownership does nothing but add another point of failure (where the thing could be relicensed by a single corrupt party to be closed source). It does *not* add additional robustness to your license -- it significantly decreases it.
All your code are belong to GPL (Score:1)
Methinks this only applies where the code is mixed though - if you never used their code and they never used yours, noone should be claiming rights over anyone else's stuff. I'm not sure about seperately developed plugins, but a plugin developed without any use of the main app's source is quite rare
one (Score:1, Informative)
Let me elaborate.
Everyauction has a GPL auction script.
I have an auction package that is not Everyauction and uses NO GPL code.
Now another company writes a program that is a derivitave of Everyauction code and was released on a propriatary basis. This company ALSO used some of my code in his new program.
Everyauction has settled with this other company to GPL the product.
I say NOT WITH MY CODE, you must remove my code first..
There are other authors of seperate programs who's code was also included. None of which care to donate their work to either GPL script.
Mod Parent Up (Score:3, Interesting)
Its an interesting point because the AC acted in good faith and it is that third-party who did the dirty. However if the code isn't attributed during the merge, it becomes very difficult to say which bit came from where.
My view is that the merger was the same as the third-party inadvertantly disclosing AC's proprietary software. The third-party becomes responsible for any tidying up.
Re:one (Score:2)
Re:one (Score:1, Interesting)
you've got a lawyer already, use it (Score:2)
In general, I'd avoid any solution that relies on NDAs. There are too many ways that too many people could get hamstrung and/or tied up in court for too long by them, especially if any of the commercial developers consider themselves in competition, not to mention what they could do to you in the future (of course your future work is ALWAYS going to be suspect, if you ever venture into any of the areas covered by stolen code).
At first thought, I'd say expect the developers of the commercial add-ons to follow your site, and stand up and go over the code, identifying their code. The problem being that you'd potentially be giving competetors eachother's code, potentially allowing both of them to steal the competitor's code AND sue you for giving their code to their competitor. Of course, any halfway decent lawyer should easily spot things like this.
Perhaps what you need to do is pull out sections of code that you would like to add to the main codebase and then post small sections, which should be enough for the owner to identify the code, but not enough to give away any significant functionality. If a developer can send you the code that follows it, throw that module away. To me, a 90 day period would seem sensible since, as I mentioned earlier, any commercial developer that fails to check your site/release-notes/mailing-list in that long isn't serious. Again, the lawyer can figure out the finer points here.
No (Score:2)
But short of not distributing the newly GPL'ed software, is there any way for me to protect myself in the event some proprietary code gets left in the GPL code?
No. But depending on the financial status of the company violating your copyright, and whether or not your "settlement" was legally binding settlement, you could possibly sue for incidental damages or something.
If you don't have a real "settlement," you could mitigate your potential damages and pay for a full code review and then turn the charges over to the copyright infringer.
No Remedy, but a treatment (Score:2)
1. Send the source to your new release to known plug-in makers with a notice of a 90 day window to review for code that may belong to them.
2. Make a new release (not the one you have in mind now), with a notice that says that those who are possibly affected that are not on your list should contact you within 30 days for a review copy, followed by a 60 day time to review.
Neither of these will free you of the possibility that someone will come later and claim ownership of some this or that of code, but it should put you in the clear on having made an attempt beforehand.
Jeez this is scary (Score:2)
I'm no expert in US law (I don't live there), but even with my basic knowledge of how it works and reading the obviously simplified summary here, I can see that most of the posts offering legal advice here are way off base. The scary thing is that equally off-base people are clearly moderating them up because they sound convincing, regardless of their legal correctness!
It seems to me that the only sensible action for the original poster to take immediately (aside from speaking to a lawyer again) can be some sort of legal move to force those who derived from his GPL'd work to either GPL the derivative (if they can) or stop distributing it. If the derived work cannot be GPL'd because it also includes indepently licensed third-party bits, then that narrows the options to one.
I don't understand why the OP is so keen to host the derived now-supposedly-GPL'd work using his own resources, though. He gains no obvious benefit from doing so, and if US law allows for penalties for distributing code contrary to its licence, it seems to leave him open to action by the third parties if they are being ripped off. If US law actually says that the OP can distribute something just because someone told him it was GPL'd, even though it actually wasn't, it would be about the only legal system in the Western world that did...