> 7 out 10 times, the person on the other end was angry because they assumed the GPL entitled them to all of our source code and they were disappointed when they only found GPL code in the tarball.
Well, if your non-GPL code was directly linked to, or closely interoperated with, any GPL code, those users would have been right.
As far as I understand it, Richard Stallman has gotten his view about linking from FSF’s lawyers, who has advised the FSF about what does and does not count as a “derived work”, in the sense of US copyright law.
If you want to argue that the FSF’s lawyers are wrong, please provide more detailed, and hopefully referenced, arguments (as opposed to plain assertions).
FSF has opinions but not case law - anyone else's opinion is as valid, there's no citation because no court has ruled that dynamic linking is or isn't a derivative work.
You have to construct your own view based on existing statute and vaguely related cases.
Google LLC v. Oracle America, Inc., 593 U.S. 1 (2021) is not a pro-FSF opinion.
Whether linking (dynamic or not) is a derivative work is defined by things like incorporation, similarity, and creative expression.
I think the FSF view is unreasonably confident in its public opinions where the current law is that each potential infraction is going to be decided on a case by case basis. Read 17 USC 101 for yourself and square that with FSF/Stallman opinions.
There's too much nuance to have a stance about what happens when you link a program. "It depends" is the only thing you can say.
I would point towards Oracle v. Rimini, where the Ninth Circuit has specifically ruled (inside a complex and yet-unresolved case) that a system built to interoperate with a copyrighted program does not constitute a derivative work of that program. (https://cdn.ca9.uscourts.gov/datastore/opinions/2024/12/16/2...)
They reference a less on point but better known case (https://en.wikipedia.org/wiki/Lewis_Galoob_Toys,_Inc._v._Nin...., for some reason you have to manually add the period at the end of the link) about whether NES cheat cartridges were copyright infringement. If a work that directly links to and interoperates with a program is a derivative work of that program, the Game Genie really was illegal after all. To me that doesn't seem right, and given the FSF's general opinion on console restrictions (https://www.fsf.org/bulletin/2025/winter/new-nintendo-drm-ba...) I kinda feel like they'd have to agree.
Ehh, I'm not sure it's fair to call the FSF dynamic linking absolutists. They only care about any of this because they've boxed themselves into a corner. They want to prevent people from writing proprietary wrappers around copyleft programs, but they don't want a license so restrictive that proprietary and copyleft programs are forbidden from interacting, and Freedom 0 means they can't explicitly prohibit a copyleft program from being used for suchandsuch purpose.
Not the kernel, but LGPL libraries do have relevant carveouts. And if you've ever heard RMS speak, he is extremely particular and does understand the nuances of all this.
> I then decided to contact Insulet to get the kernel source code for it, being GPLv2 licensed, they're obligated to provide it.
This is technically not true. It is an oversimplification of the common case, but what actually normally should happen is that:
1. The GPL requires the company to send the user a written offer of source code.
2. The user uses this offer to request the source code from the company.
3. If the user does not receive the source code, the user can sue the company for not honoring its promises, i.e. the offer of source code. This is not a GPL violation; it is a straight contract violation; the contract in this case being the explicit offer of source code, and not the GPL.
Note that all this is completely off the rails if the user does not receive a written offer of source code in the first place. In this case, the user has no right to source code, since the user did not receive an offer for source code.
However, the copyright holders can immediately sue the company for violating the GPL, since the company did not send a written offer of source code to the user. It does not matter if the company does or does not send the source code to the user; the fact that the company did not send a written offer to the user in the first place is by itself a GPL violation.
This is an open legal question, which the Conservancy v Vizio case will hopefully change; in that case, Conservancy is arguing that consumers have the right to enforce the GPL in order to receive source code.
Linus rants that the SFC is wrong and argues that the GPLv2 which the kernel is licensed under does NOT force you to open your hardware. The spirit of the GPLv2 was about contributing software improvements back to the community.
Which brings us to the question: what is this guy going to do with (presumably) the kernel source? Force the Chinese to contribute back their improvements to the kernel? Of which there are likely none. Try and run custom software on his medical device which can likely kill him? More than likely.
The judge's comments on the Vizio case are such that should this guy get his hands on the code, he has no right to modify/reinstall it AND expect it will continue to operate as an insulin pump.
This is about as ridiculous as buying a ticket on an airplane and thinking you are entitled to the source code of the Linux in-seat entertainment system.
There are a lot of people hacking on insulin pumps and they are lightyears ahead of commerce. If you want a very interesting rabbit hole to dive into try 'artificial pancreas hacking' as google feed.
I would trust the people that hack on these systems to be even more motivated than the manufacturers to make sure they don't fuck up, it's the equivalent of flying a plane you built yourself.
> it's the equivalent of flying a plane you built yourself
A great analogy because people die that way. I personally would never push code to another person’s insulin pump (or advertise code as being used for an insulin pump) because I couldn’t live with the guilt if my bug got someone else killed.
I know people die that way (GA). But someone is working for the companies that make insulin pumps and they are not as a rule equally motivated so I would expect them to do worse, not better.
And to the best of my knowledge none of the closed-loop people have died as a result of their work and they are very good at peer reviewing each others work to make sure it stays that way. And I'd trust my life to open source in such a setting long before I'd do it to closed source. At least I'd have a chance to see what the quality of the code is, which in the embedded space ranges from 'wow' all the way to 'no way they did that'.
which is why lots of systems and processes (sometimes called red tape) exist to try and prevent the undesired outcome, and dont rely on the competency of a single person as the weak link!
Anytime anybody does something himself, there is a risk. People die because of welding parts cleaned with break-cleaner, people die driving, diving, sky-diving, doing bungee jumping...
Advertising that code, IMHO would be as showing of you doing extreme sports, for example. I do not think is any bad. A good disclaimer should be enough to take away any guilt.
And yet someone IS pushing code to these devices. Every single one.
So the question really becomes - Are these people working on their own pumps with open source more or less invested than the random programmers hired by a company that pretty clearly can't get details right around licensing, and is operating with a profit motive?
More reckless as well? Perhaps. But at least motivated by the correct incentives.
You, an engineer at a major aircraft manufacturer that isn't Boeing, have been working after hours with some of your colleagues on a hobby project to add some modern safety features to an older model of small private plane, because you regard it as unsafe even though it still has a government certification and you got into this field because you want to save lives.
Your "prototype" is a plane from the original manufacturer with no physical modifications but a software patch to use data from sensors the plane already had to prevent the computer from getting confused under high wind conditions in a way that has already caused two fatal crashes.
Now you have to fly somewhere and your options for a plane are the one with the history of fatal crashes or the same one with your modifications, and it's windy today. Which plane are you getting on?
Are you kidding me? How many times have you unwillingly introduced bugs into a code base you didn’t fully understand? That’s basically table stakes for software engineering.
> Definitely not the untested code I wrote myself!
Nobody said it was untested.
> How many times have you unwillingly introduced bugs into a code base you didn’t fully understand? That’s basically table stakes for software engineering.
Which applies just the same to the people the company hired to do it, and now we're back to "the people with a stronger incentive to get it right are the people who die if it goes wrong".
Tested how? With 100% "unit test" coverage? I can certainly see how a random person on the internet might be highly motivated and actually talented enough to contribute to these sorts of projects. But they don't have the budget and resources that commercial entities have. They don't have the same due diligence requirements. They don't have the same liability. If I use a commercial device unaltered, it's the company's fault if the device fucks up or is defective and causes harm. If I install random internet software on my medical device and it fucks up and causes harm, it's my fault.
I say this as someone who might modify my own medical devices because I'm so fucking jaded over the capitalist march towards enshitification and maximizing profit over human lives. There is simply no way random folks on the internet can test these types of systems to any reliable degree. It requires rigorous testing across hundreds to thousands of test cases. They at best can give you the recipe that works well for them and the few people that have voluntarily tried their version. That doesn't scale and certainly isn't any safer than corporate solutions.
> But they don't have the budget and resources that commercial entities have.
Everyone is standing on the shoulders of giants. You're not going from stone tools to jet engines in a month, but you could fix a bug in one in that time.
> They don't have the same due diligence requirements. They don't have the same liability.
Things that exist to try to mitigate the misalignment of incentives that comes from paying someone else to create something you depend on. Better for the incentives to align to begin with.
Notice also that these things are floors, not ceilings. The company is only required to do the minimum. You can exceed it by as much as you like.
> If I use a commercial device unaltered, it's the company's fault if the device fucks up or is defective and causes harm. If I install random internet software on my medical device and it fucks up and causes harm, it's my fault.
And then if the community version fixes a bug that would have killed you and you stick with the commercial version you can sue them for killing you. Except that you're dead.
> There is simply no way random folks on the internet can test these types of systems to any reliable degree.
Basically the entire population is on the internet, so the set of them includes all the people doing it for a corporation. Are they going to forget how to do their jobs when they go home, or when they or a member of their family gets issued another company's device and they want it to be right?
Why do people think constantly something made by some random company is automatically better than something made "DIY".
I totally understand, that because of liability and some more availability of resources, you would expect a company product to be "safe". BUT: if it is your butt that is going to be in the line, then I bet you: you will be much more careful that a random engineer in some random company. About the resources available in a big company, they are usually more directed to marketing, legal (including lobbing to avoid right to repair) and oder areas to maximize revenue, and not exactly in quality.
I worked in 2 different big companies which worked in "mission critical systems" and boy! I can tell you some stories about how unsafe is what they do, and how much money is invested in "cover your ass" instead of making products better/safer.
I thought I explained it, but I'll break it down into smaller words. Medical software doesn't just have to solve one particular users's problems. It has to be generalized to the majority of folk seeking treatment for a particular problem. If one particular CPAP user is able to tweak their settings to work better for their particular lifestyle, it is not generalizeable to every CPAP user. A corporation offering a general solution is put under *far* more scrutiny than a random github repo is. A corporation can be sued for releasing a product that kills people, but good luck convincing a court that your family deserves restitution for you installing a random script you found on the internet into your insulin pump. This has fuck all to do with how much corporations care about people. It has everything to do with liability laws and how victims can get restitution. It has everything to do with the actual risks of installing random internet scripts versus the corporations who have to jump through regulatory hoops. And it's not to say corporations get everything right. They fuck things up constantly. But they fuck things up constantly with oversight and regulation and you want me to believe random internet users will make a better product without it. It's nonsense.
Flying in a plane you built yourself is likely safer than flying in the same model of plane built by a company that assembled it for you using lowest-bid labor while making you sign a twenty page lawyer barf disclaiming liability.
Why do you think a random person, who is VERY passionate about something, as to invest all the free hours in life to do something, is less skilled that one who just does it because is needed to survive?
Sorry. I would be much more inclined to have something made by somebody passionate about it, as done by some guy that received hopefully some kind of instruction on how to do things and was then left alone.
In this context (GA) we are not comparing Airbus/Boeing with a garage build. We are comparing some small company making 2 seaters with your hangar and maybe 10 certified aircraft mechanics that will help you a lot on the process.
See my other follow up comment ("same model"). Medical device software development feels much closer to homegrown (or worse) than aeronautical engineering.
You can believe it and simultaneously function in society.
We aren't all building our own planes because it's worse, but because it's time consuming. I don't have 20,000 hours to burn learning about how planes work to make my own.
If we magically beamed the knowledge straight into people's heads and also had a matter fabricator, I'd imagine yes - everyone would build their own plane. And it might be safer, I don't know.
Point is, the ideas are not mutually exclusive. You can believe both and still resolve it internally and with the world
Not the original poster, but that was snark and not meant literally.
Also, building your own plane is absolutely worse, even if you do have expert-level knowledge. That's true for any complex design. Aircraft design, material sourcing, fabrication, assembly and quality control are all very different skill sets, but the real kicker is experience.
The reason why commercial aircraft are so safe is a lot of work goes into investigating and understanding the root causes of accidents, and even more work goes into implementing design fixes and crew training.
My comment rests on the fact that the types of planes you can build yourself are completely different models than the fully assembled models from the likes of Boeing etc. I do agree that a kit 737, if such a thing existed, would be less safe than one off the line.
> I would trust the people that hack on these systems to be even more motivated than the manufacturers to make sure they don't fuck up
I would think it's the opposite. People that hack on this only risk their own life. Companies risk many people's lives and will get sued. Of course the person doing the hacking doesn't want to die but they're also willing to take the risk.
The absolute worst-case scenario of messing this up as a company is that you get sued and they win, or you're forced to settle. You pay out some money, post a public apology, whatever. If things get really bad, the company goes under. But you're likely still far richer than the average person, and the blame is distributed enough that no one gets a criminal sentence - not that it was a realistic option to begin with.
The baseline worst-case scenario of messing this up on yourself is that you die.
Right, but getting sued is basically the least risky activity ever. Okay, a little dramatic but: you won't go to jail, and if you're rich and become less rich you're still better off than most people. In pure absolutionist terms, being a business owner is basically always less risky than being labor.
Why is it ridiculous? If the license says you have the right to obtain the source code to software that was distributed to you, then you have the right to obtain the source code. It doesn't matter what your intended use of it is.
Rather crucially, the license itself does not say that you have the right to the source code. It is only the separate written offer which gives you that right. If you did not receive such an offer, you don’t have any right to it. But then, the company has already, unquestionably, violated the GPL, and the company can be sued immediately. Specifically, you don’t have to first ask the company for the source code! The lack of a written offer is in itself a clear violation.
> But then, the company has already, unquestionably, violated the GPL, and the company can be sued immediately.
You were right up to this point. Medical devices requiring a prescription must be obtained via specialized suppliers, like a pharmacy for hardware. These appliances are not sold directly to end users because they can be dangerous if misused. This includes even CPAP machines.
In theory, that written offer only needs to go to the device suppliers. Who almost universally have no interest in source code. When the device is transferred or resold to you, it need not be accompanied by the offer of source.
If that was true, anyone reselling an Android phone could open themselves up to legal liability. Imagine your average eBayer forgetting to include an Open Source Software Notice along with some fingerprint-encrusted phone.
Here's an appeal to the law, the doctrine of copyright exhaustion (also known as the first sale doctrine) dictates that copyright is exhausted upon the first sale of the device (i.e. to the distributor) and they have no rights to control or prevent further sales.
That the GPL potentially fails to achieve what it intends to is neither a legal argument, nor particularly surprising.
Distribution agreement is generally different from a sale. Distributors act as agents of the manufacturer. It’s not yet counted as a sale. Most warranties are limited to first owner and do not transfer. How do you think this squares with that? Does it mean I don’t get warranty on the dishwasher I got from Costco? It’s also the same principle of a distributor acting as an agent that enables the manufacturer to have a contract with you.
Wouldn't that imply that end-user license agreements are all unenforceable because the software was sold through a retailer, and even if it wasn't you could just a get a secondhand copy?
By my understanding EULAs are based on contract law and having a clickwrap agreement that requires you agree to it before using the software, not copyright law. Except perhaps to the extent that copyright law would prevent you from creating a derivative work that doesn't require you to agree to that clickwrap agreement prior to using the software.
I think the usual argument is that you don't own the digital good, you have a license to use it, and that license is between you and the originator (or their reseller) directly. And you aren't allowed to resell the license.
> No, not if the same itself was unlawful because Alice signed a contract to not sell it like that.
It's the contract that's the violation, isn't it? What would the first sale doctrine be if in order to get a copy you could be required to sign a contract not to exercise your rights under it? For that matter, how could state-level contract law override the federal first sale doctrine?
The "derivative work" hack also seems kind of fragile. The normal way to get someone to agree to something is that they need a right from the license, which they then don't get if they don't agree to it. But if it doesn't give them anything that they need then "there are ways to use the copy they own and have a right to use without agreeing to any additional terms" is more like the default you're trying to hack your way out of than something they're exploiting a loophole to get into, and where does that leave you if anything slips?
Suppose Alice is a three year old. She owns the copy, she presses the button and now she has a running copy even though she's not competent to enter into a contract, and then Bob buys it from her. Or Alice owns the copy and Carol presses the button, and then maybe Carol could be sued, but also maybe Carol lives in another country, and either way Alice now owns a running copy she never agreed not to sell. And then you want to be able to say "but that's cheating" except that it's not any less cheating than what you were doing to try to get them to agree to it.
Sure, maybe anyways but let's assume it is, the parties to that contract are the manufacturer and the copyright holder. The contract allows the manufacturer to distribute it to the distributor without requiring the distributor to agree to the terms and itself become a party. The distributor can then sell the device with the software on it on without acquiring a license and becoming a party to the contract because the copyright has been exhausted (first sale doctrine).
EULA's get around this by forcing the end user to become a party to the contract via a click wrap agreement. There is usually no such click wrap agreement binding the distributor in the case of the GPL. And the GPL doesn't require the creation or maintenance of such a click wrap agreement so the manufacturer would be free to remove it even if the original software had one.
> first sale doctrine) dictates that copyright is exhausted upon the first sale of the device (i.e. to the distributor).
The copyright doesn’t go away when copies are sold to a distributor. Someone (probably the manufacturer) still has legal obligations to the copyright holder.
copyright doesn't give you the kind of rights that a GPL license does - which is not based on copyright, but on contract law (ala, it's in the name - licenses).
A sale of an object does not transfer those licenses (but those licenses are still valid on the seller - a manufacturer selling widgets will have to obey the GPL clauses. If an end user of this widget wants the source code, they have to go back all the way to the manufacturer, rather than any of the middle-men presumably).
> When the device is transferred or resold to you, it need not be accompanied by the offer of source.
This is false. The person transferring the device must either pass along the offer they received (GPLv2 clause 3(c), and only if performing non-commercial redistribution), or pass along the source code (GPLv2 clause 3(a)).
By my understanding under US law first sale doctrine means that 3 (both (a) and (c)) doesn't apply, copyright has been exhausted and the intermediate party here doesn't need a license at all to sell the device on. Even if you want to argue the GPL is a contract and not just a license the intermediate owner has never been required to become a party to it. Even if for some reason they agreed to the contract - and somehow it was a binding contract despite the complete lack of consideration - it seems unlikely that the courts would interpret 3 to apply because reselling a device isn't "distributing" within the meaning of copyright law because of first sale doctrine.
It's a medical device that requires a prescription. You can't buy it off the shelf. They're not distributing software to you either. You must go through a medical equipment supplier who transfers the device to you after insurance has paid for some or all of it.
For the same reason you can't find an airplane entertainment system in the trash and call up the company and demand source code.
It doesn't matter what form it takes. Compiled binaries of GPL code are being distributed. The recipients of that binary are entitled to the source of the GPL portions in a usable form:
"The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable."
The GPL here doesn't extend beyond the kernel boundary. Userland is isolated unless they have GPL code linked in there as well. If they were careless about the linkage boundaries then that's on them.
The recipient of that object code is the medical device supplier, not the end-user.
It's subsequently transferred to you after presenting a prescription, without any accompanying offer of source code.
In other words, assume you are the second owner in all cases when it comes to certified medical equipment.
AFAIK if you find an Android phone in the trash, you are not entitled to source either since you never received the offer of source during a purchase transaction. You know that little slip of paper you toss as soon as you open some new electronics that says "Open Source Software Notice".
> In other words, assume you are the second owner in all cases when it comes to certified medical equipment.
By that logic, _any_ company can effectively ignore the GPL constraints by just selling it to a reseller, first; one that they have a contract with to _not_ offer the source code when they re-sell it.
It is my understanding that, if I use GPL in my code, and I distribute it to someone that then re-distributes it to someone else... the GPL is still binding. I don't see why that wouldn't be the case with hardware using GPL'd software.
So when I buy a product with GPL code via Amazon, Amazon is the one with the rights to receive the source? That medical supplier is getting paid via the medical coverage the end user is paying for.
> The spirit of the GPLv2 was about contributing software improvements back to the community.
It may be the case that when all is settled, the courts determine that the letter of the license means others' obligations are limited to what the judge in the Vizio case wrote. And Linus can speak authoritatively about his intent when he agreed to license kernel under GPL.
But I think that it's pretty clear—including and especially the very wordy Preamble—not to mention the motivating circumstances that led to the establishment of GNU and the FSF, the type of advocacy they engage in that led up to the drafting/publication of the license, and everything since, that the spirit of the GPL is very much in line with exactly the sort of activism the SFC has undertaken against vendors restricting the owners of their devices from using them how they want.
>> Try and run custom software on his medical device which can likely kill him? More than likely
I think this sentence is very sad. Not only this is a hard accusation, it is also the primary argument of the anti right to repair movement. An argument that I think is extremely bogus and ill intentioned, and I particularly (like Mr. Rossman) viscerally dislike.
Maybe the primary motivation is a) curiosity, and b) just for kicks to know if they honor the license.
If you have a pacemaker implanted, do you believe you have the right to modify and update the software that operates it? Separately, do you think it's remotely a good idea?
> If you have a pacemaker implanted, do you believe you have the right to modify and update the software that operates it?
Yes, of course. It is abhorrent that people have devices implanted into their bodies and are in any way prevented from obtaining every last detail about how those devices operate.
> Separately, do you think it's remotely a good idea?
In rare circumstances, yes. See, by way of example, Karen Sandler's talk on her implanted pacemaker and its bugs, for specific details on why one might want to do so.
Obviously yes to the first question. How could you possibly not have the right to operating your own heart.
Naturally it would generally not be a good idea.
If you carefully read what I wrote, you will notice that I never claimed otherwise. Whether or not third parties have standing to sue on a GPL violation is immaterial to my point, none of which is “an open question”.
The written offer is part of the licence, as is the need to respond to that offer with the source code offered. It is all part of the same agreement.
A written offer on its own would not normally be directly enforceable in many (most?) jurisdictions, for the same sort of reason that retailers can't be held to incorrectly published prices (in the UK at least, a displayed price is an “invitation to tender”, not a contract or other promise) except where other laws/regulations (anti bait&switch rules for instance), or the desire to avoid fighting in the court of public opinion, come into effect.
But in this instance, the written offer and the response to that offer are part of the wider licence that has been agreed to.
> the same sort of reason that retailers can't be held to incorrectly published prices (in the UK at least, a displayed price is an “invitation to tender”, not a contract or other promise)
The hell? Over here, the price tags are a sort of public contract, to which the seller pre-commits. The seller forgot to change the tags? That's not the buyer's problem.
Since money has not exchanged hands, you could always decide not to buy at the counter. So atleast in the countries I have been, it is not legally binding.
> If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.
That section (and similar in section 6d) is not about the written offer of source code. The written offer of source code is instead covered in section 6c.
> c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.
So according to the legal theory expressed in this thread so far, nobody can sue anybody and there's no obligation to provide source code. The copyright holder couldn't sue because the license was followed (an offer was provided) and the end user couldn't sue because the offer doesn't have to be followed up on.
Or, instead of theorycrafting reasons why it shouldn't work, you could "just" sue them and see if the judge agrees.
The customer spends money to buy the product along with the source code offered. It's part of the transaction. Not honoring part of the transaction is a breach of contract.
Maybe it’s not technically “breach of contract”, and an offer might or might not be a contract. But if you don’t honor an offer you made, you must surely be guilty of something. Otherwise, all offers would be meaningless and worth nothing.
> you must surely be guilty of something. Otherwise, all offers would be meaningless and worth nothing.
You don't have to be "guilty" of anything to be liable in civil law (which contract law is a part of). "Guilt" is a concept from criminal law. It isn't required for contracts to be enforceable.
In general (there are exceptions) offers alone aren't enforceable and don't result in a contract. You need other elements (agreement by the parties, plus something done in return for what's offered) for a contract to be formed - and then it's enforceable.
I think they're just saying the GPL doesn't really cover consumer/distributor (dis)agreements, it only covers copyright. While the spirit of the GPL is user-first, it still has to be realized within the confines of copyright law. Even though many people might conflate the spiritual goal and the legal agreement, it doesn't grant "users" any extraordinary legal powers.
It's not illegal to not honor written offers, it's illegal to distribute copyrighted material in violation of it's license.
On the shelves are three insulin pumps: one with a 5-year warranty, one at a bargain barrel price that comes with no warranty, and one accompanied by a written offer allowing you to obtain the source code (and, subject to the terms of the GPL, prepare your own derivative works) at no additional charge any time within the next three years.
Weighing your options, you go with pump #3. You write to the company asking for the GPL source. They say "nix". They're in breach.
The GPLv2 under which Linux is licensed does not prohibit that insulin pump from bricking itself if you tried to install "your own derivative work" that wasn't signed by the manufacturer.
This is not only possible but also prudent for a device which can also kill you.
So gpl is a licensor-licensee contract, if code and license is not shared to the user, then there is no contract to which the user is a party, rather the user is a beneficiary.
The offer of source code seems to be a way to facilitate the conveyance of source code through opt-in means separately from the object code rather than some legal trickery to create a user-licensee contract.
While the offer may indeed convey a licensee-user obligation, a compliant distribution would attach a license anyway, converting the user into a licensee and licensor to licensee in a recursive fashion
I wonder if lawyers specialize in this, it sounds very cool and not at all standard law, but somehow compatible with contract law
The written offer with a limited term of three years is just one permitted method of distribution. If an offer was never made then they're not covered by that clause and are bound to comply by other means without the protection of the three year window.
Yes. I did not cover these cases because approximately nobody does that.
I mean, the absolutely simplest, and cheapest, way for companies to comply with the GPL is to ship the source code together with the software. Stick it in a zip file in a directory somewhere. The company can then forget the whole thing and not worry about anyone contacting them and ranting about source code and the GPL. But no company does that.
The other simple way for companies to comply with the GPL is for companies to provide a link to download the source code at the same place that users download the program itself. If the user did not download the source code when they had the chance, that’s the user’s problem. This will also let the company ignore any GPL worries. No company does this, either.
(The GPL provides a third way for individuals and non-profits, which is not relevant here.)
What's the consideration in the written offer? Promises aren't enforceable in court. For a contract to be enforceable, it has to be an exchange of something, not a one sided offer.
> The GPL requires the company to send the user a written offer of source code
It should be noted that this is just one of three options that someone who wants to distribute binaries of GPL code can choose from. It's the most commonly chosen one, and one is only available for noncommercial distribution, so the odds are good that this is the option they are using.
The other available option is to accompany the binary with the source code.
That one leads to an interesting possibility where someone could end up with a binary and there is no one obligated to provide source to them. As far as I know this has not actually arisen, but it seems like something that is bound to happen sometime.
Suppose company X decides to make a generic hardware platform that other companies can buy to build their products on. X's platform is basically a small single board computer with WiFi, Bluetooth, dual, USB ports, a couple Ethernet ports, and some GPIO ports. X ports Linux to their hardware.
When X ships a system it comes with an SD card with a Linux distribution installed including their custom kernel. It is configured to boot from the first SD card slot, and then to run a custom login system that looks at the second SD card slot and if there is a card in there it mounts it, looks for an executable on its root name application.exe, and runs that as root. X includes in the box a small thumb drive with a copy of the source code for everything on the SD card.
The idea is that a company Y that wants to make something like a WiFi access point or an air quality monitor can buy these boards from X, put them in a case with whatever peripherals or sensors they need like air quality sensors, write the software for the application, put it on an SD card, and put that in the second SD card slot.
So lets say Y buys 1000 of these systems from X, builds 1000 of their access points or whatever from them, and sells them.
One of their customers asks Y for the source code of the GPL parts. Does Y have to provide it?
I'd say they do not. They are not making copies or derivative works. They are just receiving physical copies from X and passing those on unmodified to their customers. This should fall squarely under the First Sale Doctrine in US copyright law, and similar rules in other jurisdictions.
How about if they ask X for a copy?
X has made copies and derivative works and distributed them. But X satisfied their GPL requirements by including a thumb drive with the source with each board they shipped to Y.
Not according to the original reasoning by its creators, but opinions differ wildly. However, this is irrelevant to the point; the written offer, which is separate from the GPL, is what is failing to be honored, not the GPL. If you did not receive such a written offer, the GPL, in itself, makes no guarantee that you have the right to the source code.
> If you did not receive such a written offer, the GPL, in itself, makes no guarantee that you have the right to the source code
Wrong. The requirement to provide source code under the GPL is primarily governed by Section 3 of the GNU General Public License v2 and Section 1 of the GNU General Public License v3. The whole point of the the GPL is to make it so users of software could get source code to the software.
In my experience, companies care about things that affect them but not their competitors. But government shenanigans tend to affect all companies equally, and so does not affect market share, and is therefore mostly ignored by companies.
Many years ago, before mobile internet was reasonable and before wireless internet was available, and before even electrical outlets were something which could be counted on to be present on trains, I took a 6 hour train ride. I had no laptop. I printed out, on paper, the entire source code of the project I was working on, and brought a red pen. I read through the whole thing, from start to finish. Many subtle bug fixes, refactorings, and efficiency improvements were made that day.
"You mean the latest masterpiece of fantasy storytelling from Lucasfilm's™ Brian Moriarty™? Why, it's an extraordinary adventure with an interface of magic, stunning, high-resolution, 3D landscapes, sophisticated score and musical effects. Not to mention the detailed animation and special effects, elegant point 'n' click control of characters, objects, and magic spells. Beat the rush! Go out and buy Loom™ today!"
“The reason is that, in other fields [than software], people have to deal with the perversity of matter. [When] you are designing circuits or cars or chemicals, you have to face the fact that these physical substances will do what they do, not what they are supposed to do. We in software don't have that problem, and that makes it tremendously easier. We are designing a collection of idealized mathematical parts which have definitions. They do exactly what they are defined to do.
And so there are many problems we [programmers] don't have. For instance, if we put an ‘if’ statement inside of a ‘while’ statement, we don't have to worry about whether the ‘if’ statement can get enough power to run at the speed it's going to run. We don't have to worry about whether it will run at a speed that generates radio frequency interference and induces wrong values in some other parts of the data. We don't have to worry about whether it will loop at a speed that causes a resonance and eventually the ‘if’ statement will vibrate against the ‘while’ statement and one of them will crack. We don't have to worry that chemicals in the environment will get into the boundary between the if statement and the while statement and corrode them, and cause a bad connection. We don't have to worry that other chemicals will get on them and cause a short-circuit. We don't have to worry about whether the heat can be dissipated from this ‘if’ statement through the surrounding ‘while’ statement. We don't have to worry about whether the ‘while’ statement would cause so much voltage drop that the ‘if’ statement won't function correctly. When you look at the value of a variable you don't have to worry about whether you've referenced that variable so many times that you exceed the fan-out limit. You don't have to worry about how much capacitance there is in a certain variable and how much time it will take to store the value in it.
All these things are defined a way, the system is defined to function in a certain way, and it always does. The physical computer might malfunction, but that's not the program's fault. So, because of all these problems we don't have to deal with, our field is tremendously easier.”
Counterpoint, I have definitely taken them into consideration when designing my backup script. It's the reason why I hash my files before transferring, after transferring, and at periodic intervals.
And if you're designing a Hardware Security Module, as another example, I hope that you've taken at least rowhammer into consideration.
He makes a valid distinction, in a very specific sense. As long as we understand a program correctly, then we understand its behavior completely [0]. The same cannot be said of spherical cows (which, btw, can be modeled by computers, which means programs inherit the problems of the model, in some sense, and all programs model something).
However, that "as long as" is doing quite a bit of work. In practice, we rarely have a perfect grasp of a real world program. In practice, there is divergence between what we think a program does and what it actually does, gaps in our knowledge, and so on. Naturally, this problem also afflicts mathematical approximations of physical systems.
[0] And even this is not entirely true. Think of a concurrent program. Race conditions can produce all sorts of weird results that are unpredictable. Perfect knowledge of the program will not tell you what the result will be.
> (2011, proxied quote from The Cambridge Student via The Escapist; the link in that article is dead, and a search on the site for “Newell” turns up no results)
Here’s the latest copy of the original article in The Cambridge Student:
You may believe yourself and your actions to be ignored by the watchers, but you might still want everyone in general to be free of watchers. Both since being constantly watched is detrimental to the human condition, but also since some people may actually dare to improve society if they are not watched.
Well, if your non-GPL code was directly linked to, or closely interoperated with, any GPL code, those users would have been right.
reply