This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Feature: Free Software

A GPL requirement could have a chilling effect on derivative distros

By Bruce Byfield on June 27, 2006 (8:00:00 AM)

Share    Print    Comments   

Warren Woodford, the founder of the MEPIS distribution, would prefer to be concentrating on polishing his latest release. Instead, he is distracted by an official notice from the Free Software Foundation that, because MEPIS has not previously supplied source code for the packages already available from the distribution it is based on -- once Debian, and now Ubuntu -- it is in violation of the GNU General Public License (GPL). Woodford intends to comply, but he worries about how this requirement might affect all distributions derived from other distributions -- especially those run by one or two people in their spare time.

The requirement to supply source code is covered by section 3 of the second version of the GPL. Under these sections, the distributor of GPL code is obligated to provide source code "on a medium customarily used for software interchange" for up to three years. In practice, this medium is usually a CD or DVD, or a server from which it can be downloaded. Under section 6 of the GPL, each distributor of the code comes under the obligations specified in section 3. This obligation is specified even more strongly in section 10 of the draft for the third version of the GPL, which specifically states that "downstream users" (those who, like Woodford, adopt the work of another project -- the "upstream distributor" -- for their own use) fall under these obligations.

"We think it's pretty clear," says David Turner, GPL compliance engineer at the FSF. "One problem with allowing people to skip out on source code distribution is that there's nothing that requires the upstream distributor to continue to offer source code. If they stop doing so, the source could become totally unavailable. Or, more commonly, the upstream distributor will upgrade the version of the source code available, leaving downstream distributors totally out of sync. In order to fix bugs, users need to get source code exactly corresponding to the binaries they have available."

Woodford does supply the source code for MEPIS' reconfigured kernel in a Debian source-package. His mistake seems to have been the assumption that, so long as the source code was available somewhere, he did not have to provide it himself if he hadn't modified it. While he has not contacted any other distributions, he suspects that he is far from the only one to make this assumption. "We, like 10,000 other people, probably, believed we were covered by the safe harbor of having an upstream distribution available online," Woodford says. "I think, of the 500 distributions tracked by DistroWatch, probably 450 of them are in trouble right now per this position."

A safe harbor is a legal term, referring to the elimination of the need to comply because a violation was made in good faith.

Compliance in the community

Woodford is exaggerating, but not enough to change the basic truth of what he says. Klaus Knopper, who develops the popular Knoppix live CD, says that he maintains a source repository and will make source code available on request. Talking on behalf of CentOS, Johnny Hughes says, "CentOS has been providing source for all packages, changed and unchanged, in their distribution. CentOS has the same understanding of the GPL as expressed by the FSF on this issue." Similarly, Texstar, the main maintainer for PCLinuxOS, says, "I am aware of the GPL requirements and make all of my source code available via DVD and it can be downloaded from a free server."

However, a majority of distributions and their distributors are apparently unaware of the requirements. "Before I was contacted by the FSF, I didn't know that we needed to actually offer the source code of binaries we didn't modify," says John Andrews, the source code maintainer of Damn Small Linux. "Yet we do comply now, and the FSF occasionally pops in with an email to make sure we do." Similarly, LinuxCD.org, a distributor, makes only Fedora source code available -- and only provides that because it was specifically requested to do so.

Unsurprisingly, no non-compliant distribution was willing to go on record for this article. However, a search through the Web pages of two dozen randomly selected smaller distributions in DistroWatch's top hundred shows only a few download repositories that contain source code, and no offers to provide it on request. The fact that only a few replied to a request for comments may also be significant, suggesting that the maintainers, having become aware of their non-compliance, do not wish to advertise their status -- although it might simply be that, being small operations, they prefer to focus on their work rather than answer questions. Still, even if Woodford's exact percentage is wrong, his suggestion that the majority of distributions are unaware of the GPL requirements does seem accurate.

Implications and solution-seeking

Woodford is now working to come into compliance. "Either I go along or go to court with them about it, and it's a lot easier to go along," he says. "I'm not making any money here. I can't afford a lawyer. I have an income, but I'm just barely staying afloat. We're going to reply to their request, and it seems like the request is consistent with the GPL license."

Woodford also understands that, while the FSF is firm about compliance, it is showing restraint in its effort to get MEPIS to comply. "If we were a big corporate entity, then they would ask us to pay them money," he says.

Yet, despite his willingness to comply, Woodford remains concerned about the implications. According to Turner, because MEPIS distributes both online and on CD and DVD, it would need to provide the source code in both media under the third version of the GPL, although section 3b of the second version would require distribution in only one medium. Woodford is also concerned about the practical considerations of automating the regular extraction of only the packages that MEPIS uses from the Ubuntu repositories.

Even more importantly, Woodford says, "I think that what they're doing is probably going to be bad for creativity in the open source community. There's plenty of people out there who like to be the GPL police. And with this extra little thing in their bag of tricks, somebody is going to go out there looking at everybody who puts out a new release of anything."

"What is really needed for the benefit of the community is if there could be a way to have an exception for the little guy," Woodford says. "But how can you do that when the whole thing is designed around the idea that every entity and every person that uses the GPL is held to the exact same rules and standards? How do you start making exceptions to that?"

Asked about the possibility of adding such an exception to the third version of the GPL, Turner replied, "If someone submitted a comment to that effect, we would of course consider that comment. But I don't think it likely that it will be changed.... I just asked Richard Stallman about this. He noted that the requirement isn't particularly onerous -- source code isn't much larger than binaries."

Woodford, though, disagrees. "If I had been told this when I was getting ready to create MEPIS in the first place, I never would have done it. I didn't have a server, I didn't have a repository, and it would have been a daunting task." His concern is that others will be similarly discouraged.

Andrews from Damn Small Linux also disagrees with Turner and Stallman, saying, "I understand why the FSF makes sure small-time players comply with their requirements. However, I also know from experience that it's quite a burden for the hobbyist or small-time developer who wants to share something cool with the world but doesn't have the finances or organizational structure of the big corporations."

"Of course, non-profit distributors can always arrange with their upstream distributors to help them with the source code distribution," Turner suggests. "If such an arrangement is in place, the problems mentioned above won't happen, and the non-profit distributor will be able to save time and bandwidth."

Major upstream distributors, however, are unlikely to enter such arrangements, if Fedora is any indication. Max Spevack, chair of the Fedora Board, says, "There are several reasons why the Fedora Project would be hesitant to officially sanction downstream distributions to point to upstream code repositories. The first has to do with the issue of forking. If the downstream developer has improvements, those improvements should be fed into the upstream code whenever possible. If downstream doesn't want to push those changes upstream, then it makes sense that the downstream distribution should bear the burden of redistributing the source for the forked code.

"Second, there is an issue of legal liability," Spevack continues. "The upstream party would be assuming legal liability for the downstream modifier, and that is not something that the Fedora Project is interested in doing.

"The third issue is that of cost -- which, while a valid concern, in my opinion is a lesser issue than the other two."

A possible solution for some distributions would be rPath's rBuilder Online, a tool whose use is free for non-commercial purposes and which allows users to build their own distribution using a repository of the Conary packaging system. Since one of the points of a Conary repository is that it contains both source and binary packages, using its version control system to keep track of them, as Erik Troan, one of rPath's founder notes, using "rBuilder automatically solves the problem by providing permanent access to binaries and the sources." Distributions based on rBuilder would still need to maintain their own repositories, but would not need to set up separate source repositories. This is the solution that Foresight Linux has chosen. However, rBuilder Online is not available to commercial distributions, and Conary is still a new and relatively unknown packaging system.

Many derivative distributions, then, seem to be on their own in a difficult situation where good intentions and creativity count for nothing beside the letter of the law.

For Woodford, the situation means struggling for compliance while preparing his next release, and the strain of the additional concerns is taking its toll. "I'm just trying to get back to the point where I can sleep at night," Woodford says. "Last night, I went to bed at 1:30 and just lay in bed thinking of all the technicalities that have been discussed about the GPL and how I'm going to access the source and make it available."

Bruce Byfield is a course designer and instructor, and a computer journalist who writes regularly for NewsForge, Linux.com and IT Manager's Journal.

Bruce Byfield is a computer journalist who writes regularly for Linux.com.

Share    Print    Comments   

Comments

on A GPL requirement could have a chilling effect on derivative distros

Note: Comments are owned by the poster. We are not responsible for their content.

Play by the rules, plain and simple

Posted by: Anonymous Coward on June 28, 2006 04:14 AM
The GPL comes into full force once you start distributing your derived work. If you're tinkering around with a distro and releasing your own in your spare time, then you simply need to find a bit more free time to make the sources available. Besides, if it's a derivative distro, that task should be fairly trivial:

1) Grab the distro from which you are making your derivative.
2) If you haven't changed a particular package, send it straight to FTP.
3) If you've changed a package, find your local copy and send it to FTP.
4) Update distro website with link to FTP.

Voila, instant GPL compliance.

Seriously, there is only one rule with the GPL: if you make changes and want to distribute those changes, then those changes must be freely available to others. If you don't wantto play by those rules, you're free to track down some BSD-style licensed software, or roll your own. The original authors gave you permission to use their software -- which they spent their own time on -- if you play by that one rule.

#

Re:Play by the rules, plain and simple

Posted by: Anonymous Coward on June 28, 2006 07:09 AM
If I were a small distro, I would make it available by request as a DVD, and charge shipping and handling fee's. In other words, if it took me 30 minutes to make the DVD, I should be paid for that time, plus the cost of the media, plus the shipping fee's. Many of these small distro's are operating on virtually nothing, they deserved to be paid fairly for providing the source code!

#

Re:Play by the rules, plain and simple

Posted by: Anonymous Coward on June 28, 2006 07:08 PM
I agree. Charge US$100 plus shipping costs for sending the source code on CD or DVD and everybody's fine.

#

Re:Play by the rules, plain and simple

Posted by: Anonymous Coward on June 28, 2006 10:16 PM
The paretn post is almost legal by teh GPL the post above is not at all. You may only charge teh cost of shipping and medium for requested GPL software, wherr the you are usinga physical medium. This is the method chosen by one distributer.

#

Re:Play by the rules, plain and simple

Posted by: Anonymous Coward on June 29, 2006 04:51 AM
According to a copy of the GPL, the paragraph says:

"b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,"

Emphasis added by me. Whether US$100 reflect my costs to physically perform the source distribution is a matter of calculation and the current circumstances.

Please note that some people may never pay, I may need to buy a CD burner to burn the disc, it will take some work to prepare the disc depending on how the original sources are stored, there's packaging, fees, maybe taxes, you need something to track the money, telephone calls, etc.

I don't know whether US$100 are a good guess. It might be less, it might be more. That probably also depends on where you live.

#

Re:Play by the rules, plain and simple

Posted by: Anonymous Coward on June 29, 2006 01:21 AM
They must provide source code TOGETHER, fucko, with the executables.
==============

    3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:


        a) Accompany it with the complete corresponding machine-readable

        source code, which must be distributed under the terms of Sections

        1 and 2 above on a medium customarily used for software interchange; or,

==============

Second, they don't deserve shit for providing the source code (it's not theirs, it's mostly unmodified from the upstream guys who got it from others, and besides), the only thing they deserve is compensation for cost of shipping and burning DVD ROM (10 min of work at say $30/hour is much less than $100).

#

Re:Play by the rules, plain and simple

Posted by: Anonymous Coward on June 30, 2006 01:11 AM
You really are a dumbass aren't you? So their servers cost nothing, the bandwidth costs nothing, the computers used to burn the media costs nothing, their time is only worth $30 an hour, they don't get paid for the time it took to accumulate the source in the first place so it can be made available upon request? I don't give a rat's ass if it says "accompany", it doesn't say you have to do it for free!
It's fucko idiots like you that will make it impossible for the small guy to publish innovative works because he won't be able to afford it! Poor does not equal dumb, unless of course you are poor, then it does...

#

Re:Play by the rules, plain and simple

Posted by: Anonymous Coward on June 28, 2006 09:16 PM
This is not directed to the parent poster or the ideas convey in the post! It's just additional commentary!

It's this kind of thinking that ruins it for everyone. It's not about skirting the rules, but making it an even playing field for everyone. The most basic theory in physics is that for every action there is an equal and opposite reaction. If you make your own loophole to suit yourself, the next version of the license will make the requirements even more severe even though most people comply.

How about creating an overlay CD instead where you can say "get Suse 10 and install it then install this over the top of it." It's completely legal to the letter of the GPL and you have very little source code to worry with. Honestly, I'm not sure what the big deal is anyway. Adding source to an online repo is easy! I could host it on my home server with no extra charges at all! Obviously if you have a system to checkin/out and replace existing packages, the same program would work just as well for source.

#

Re:Play by the rules, plain and simple

Posted by: Anonymous Coward on June 29, 2006 01:31 AM
The task is not trivial at all. If I create a LiveCD for example, which is only a 8MB download, just being a kernel image + libc and some app, then finding a host for that 8MB is no issue at all. BUT providing the Linux kernel source and GNU libc sources _is_ a problem.

And I honestly thought providing just the changes would be alright. The chances that my tiny server goes down are _much_ larger then that the kernel.org site and all of its mirrors go down. So, please, why wouldn't a reference to a specific kernel version + a<nobr> <wbr></nobr>.diff be enough?

#

Microsoft-class FUD

Posted by: Anonymous Coward on June 28, 2006 04:36 AM
How many Debian and Red Hat derivatives are there? Dozens, if not hundreds. That's some chilling effect.

Warren is crybaby and wrong: "If we were a big corporate entity, then they would ask us to pay them money," he says." They never have, all they do is get companies to come into compliance.

Warren has long been criticized for not honoring the GPL, and for playing games with licenses. Looks like he's no better than Microsoft or any other proprietary vendor who wishes to take, but not give back.

Let's see, first we see 'Get the Facts', then this piece of scare tactic. What next, Bill Gates Is Really A Nice Guy?

#

Re:Microsoft-class FUD

Posted by: Anonymous Coward on June 28, 2006 06:32 AM
Ah. You must be one of those people reselling Mepis without permission - who used his trademarks and NON-GPLed code and started the whole disinformation campaign after they were busted.

He believed that he only had to provide source to things he modified, so long as the original source was available elsewhere. This is NOT an unreasonable belief.

He IS going to be compliant to the degree that the FSF wants - but so sorry - you still won't be able to resell his non-GPLed code or use his trademarks without permission.

#

Re:Microsoft-class FUD

Posted by: Anonymous Coward on June 29, 2006 06:00 AM
woodford has long been a big crybaby over licensing, and over the GPL. He wants to reap the benefits of Free Software without having to play by the rules. Poor guy. No one in their right mind uses Mepis anyway- Warren still hasn't come clean on the specific license terms of the proprietary parts. I do not believe he can be trusted.

#

Re:Microsoft-class FUD

Posted by: Anonymous Coward on June 28, 2006 10:20 PM
This guy most not pay attention to FSF. Yes the FSF has requested monetary charges for sever violations normallin the form of donations to teh FSF or other charity. This is a legal thing that they have to do maintain teh value of teh GPL.

#

Re:Microsoft-class FUD

Posted by: Anonymous Coward on July 16, 2006 11:00 AM
Agreed. This guy does Mepis in his *spare* time. What profit is he seeing here? How is he *stealing* the work of others if he credits them and links to the code.

I think this provision of the GPL is useless AND dangerous. If I were to make a simple 1-line, 10 byte change to the linux kernel and distribute it, this provision would require that I also distribute *every line of code* for the kernel. That's a huge disincentive for the hobbyist programmers who are the reason Linux even exists.

#

This could have a huge impact on GNU Linux

Posted by: Anonymous Coward on June 28, 2006 06:11 AM
There could be a big fallout from this. This goes beyond a few distros. How about mirror sites? Any package they make available they will have to distribute the source for it for 3 years! Anybody selling CD's on E-Bay will ahve to do the same. ANY reseller will have to comply. This is pretty big.
Plus is makes for a much larger hurdle for small distros on their resources.

#

Re:This could have a huge impact on GNU Linux

Posted by: Anonymous Coward on June 28, 2006 06:40 AM
The only reason that there is anything to derive anything from, is because there is the GPL. You're perfectly right it goes beyond a few distros. It's imperative for the survival of all GNU/Linux distros that the GPL is properly upheld.

#

Re:This could have a huge impact on GNU Linux

Posted by: Anonymous Coward on June 28, 2006 07:18 PM
Your claim is not justified. Look at the FSF's page: The BSD license, the Academic Free license, the Apache license, the Open Source license, and many more give the licensee the four rights. It's not just the GPL that's constitutes Free Software.

Whether or not people would have use these licenses to create a similar amount of Free software is a historical question that cannot be confirmed or rejected.

<a href="http://www.fsf.org/licensing/licenses/index_html" title="fsf.org">http://www.fsf.org/licensing/licenses/index_html</a fsf.org>

#

No impact. No fallout. Not new.

Posted by: alandd on June 29, 2006 04:58 AM
This requirement has been in the GPL since 1991. 15 years. If this requirement is so onerous, how did the Linux and distro community grow so much since then?

The sky is not falling!

#

The clause for the little guy

Posted by: Anonymous Coward on June 28, 2006 07:02 AM
There is actually a clause in the GPL (v2) that is very useful for the small-time developer. I think too many people overlook it. One does _not_ have to maintain a source repository online.

Seciton (3) of the GPL deals with the requirement to make source available. It provides three different methods by which it may be done (and only one needs to be followed). Item (3)(b) reads:

"b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange;"

By providing appropriate notice with the binaries, one does not have to provide sources online. The sources do need to be kept, but the small-time developer does _not_ have to maintain/provide an online site for the sources. Those who want the source may request it, but the develor can charge for the cost of CDs/DVDs and the postage to mail them to the requestor.

#

Re:The clause for the little guy

Posted by: Anonymous Coward on June 28, 2006 09:24 AM
This is the exact point I was going to make as well. GPL3 will however change this. Also changed will be the requirement to provide the source for modifications even if you do not distribute them.

#

Re:The clause for the little guy

Posted by: Anonymous Coward on June 28, 2006 10:23 PM
"Also changed will be the requirement to provide the source for modifications even if you do not distribute them." HUH, can somepoint out this cluase? That would bmean every END_USER wi=ould have to provide the source code. I think this one got miss read somewhere.

#

Re:The clause for the little guy

Posted by: Anonymous Coward on June 29, 2006 05:38 AM
Under "The Sting in the Tail: User Access to Source Code":
<a href="http://www.cio.com/blog_view.html?CID=17105" title="cio.com">http://www.cio.com/blog_view.html?CID=17105</a cio.com>

<a href="http://developers.slashdot.org/comments.pl?sid=158664&cid=13290498" title="slashdot.org">http://developers.slashdot.org/comments.pl?sid=15<nobr>8<wbr></nobr> 664&cid=13290498</a slashdot.org>

others i cant find at the moment. one especially from rms himself.

#

Re:The clause for the little guy

Posted by: hanelyp on June 30, 2006 12:27 AM
I was thinking of GPL claus 3c:

        c) Accompany it with the information you received as to the offer

        to distribute corresponding source code. (This alternative is

        allowed only for noncommercial distribution and only if you

        received the program in object code or executable form with such

        an offer, in accord with Subsection b above.)

#

Make it available over bittorrent

Posted by: Anonymous Coward on June 28, 2006 07:04 AM
If you're really that constrained with bandwidth, just distribute it with bittorrent. That should be significantly cheaper.

#

Re:Make it available over bittorrent

Posted by: Anonymous Coward on June 28, 2006 09:22 AM
Bittorrent helps to the extent others are also downloading and/or have their client running at that time. I've tried to bittorrent some things and--becuase it was such an unusual download--found it *much* *faster* on my end to just download directly.

So, bittorrent may not provide much relief for the small-time operation...

#

Re:Make it available over bittorrent

Posted by: Anonymous Coward on June 28, 2006 05:50 PM
No. Bittorrent servers can be bandwidth limited, just enough to provide a reasonably fast download for one or two people. Since, when more than a few people download, they all share off each other, you effectively never have to download to more than a few people, no matter how many users you get. The issue you're talking about is one where the original tracker has gone down, which should not be relevant in this situation, unless Mepis goes out of business.

#

Re:Make it available over bittorrent

Posted by: Anonymous Coward on June 29, 2006 12:57 AM
No. Bittorrent is typically slower, particularly when there are only one or two downloaders. And I do mean when the tracker is up.

Even when a torrent is quite popular, the ratio of uploaders to downloaders is crucial. Most uploaders are still downloading - seeders generally only hang around for a short while. And of course most home broadband users have much higher download speeds than upload speeds, unlike companies with dedicated internet servers. So for each downloader trying to download at 512Kb/sec or more, you probably only have 256Kb/sec of upload available.

My download speed normally = about 150KB/sec. I have a 1Mb connection, and virtually all HTTP and FTP servers that I use seem to cope with that these days.

My download speed on bittorrent is much more variable, but ranges between 5KB/sec to about 60KB/sec.

The point of bittorrent isn't about maximising download speeds. It's about keeping downloads cheap and practical, and it does that very well. Personally, I don't generally care if an overnight download takes two hours or four - I'm too busy sleeping at the time.

#

Re:Make it available over bittorrent

Posted by: Anonymous Coward on June 29, 2006 05:42 AM
Well the GPL doesn't say that you have to provide the same download speed does it.

That would be the way around it. Just cap the download speed to such an extreme that people would rather get it somewhere else.

#

One of the most interesting features of this...

Posted by: Anonymous Coward on June 28, 2006 07:45 AM
... is Stallmans reaction to it and his blindness to the concerns of others... The trouble is is that the "spirit" of the GPL is to ensure that changes made to code are made available to those who use them... Putting this kind of onerous requirement on those who make changes WILL stifle innovation and prevent people from making their own distros which is a shame... As far as I can see the problem lies with collecting all the source packages and managing them (which is no small task especially on an ongoing basis) rather than distribution... One way out of this of course is to try and get a "central" place (shared by the small distros) where they can all refer to the source packages...

It's a pity that the FSF are acting like a large corporation (which they are doing more and more so these days, very M$-like, with their own particular brand of FUD) and forgetting the purpose of the GPL...

#

Re:One of the most interesting features of this...

Posted by: Anonymous Coward on June 28, 2006 08:25 AM
If it's a commercial enterprise, you're making money on the distribution so re-distributing the sources isn't a huge overhead, just include it in your base costs.

For non-commercial distributors there is already a 'get out' clause. Just use the binaries from the upstream project instead of recompiling your own from sources, and then section 3.c of the GPL can apply instead.

3.c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

#

Re:One of the most interesting features of this...

Posted by: Anonymous Coward on June 28, 2006 03:12 PM
Do you think we do not recognize a corporate errand-boy when we see one? Crawl back into your bosses' tool-box, and tell them you need to be sharpened.

#

Re:One of the most interesting features of this...

Posted by: Daniel Carrera on June 28, 2006 04:50 PM
It's nowhere near as onerous as you make it out to be. I don't say that it is "no trouble at all", but it's much less than you suggest. You write:

"As far as I can see the problem lies with collecting all the source packages and managing them"

Actually, this is not hard at all. You get the sources from the same place you got the binaries (thanks to the GPL). For example, if you are making a derivative of Ubuntu (as in the MEPIS case) then Ubuntu itself already has done all the collecting of sources. Thanks to the GPL, Ubuntu already provides you with all the sources for all the packages you are using.

Same thing applies for any given GPL application or GPL collection. The GPL ensures that getting the sources is never more difficult than getting the binaries themselves.

You see? The same requirement that puts a burden on distributors ensures that this burden is manageable.

As for modifications, if you modified the source, then by definition you have the modified sources in your computer, so you just include those.

The main potential lies on the actual distribution of the sources, not their compilation. The mail alternatives are whether you make the sources available right when you give out the binaries or you offer to make them available for 3 years.

Personally, I don't like the 3 year option, so I always make the sources available right with the binaries. How I do that depends on how I distribute the binaries:

1) If I'm distributing on-line, then I put the sources on-line:

In this instance, the main cost is the annoyance of uploading the files, and possibly the cost of disk space (but probably not, modern disks are cheap). Bandwidth is unlikely to be high because most people don't care about the sources.

2) If I'm selling CDs in person (e.g. at a conference):

In this instance, I keep the sources a computer with a CD burner and next to the stack of CDs I put a sign that says "if you want the sources ask me and I'll burn you a CD for $2".

This meets the GPL requirement. Nobody asks for the sources.

2) If I'm selling CDs on-line:

The best option is to just ship the binaries and the sources together. If you are selling a distribution, like MEPIS, this means that you have to send two CDs instead of one and add $1-$2 to the cost of distribution.

The biggest problem in my experience is when you want to use CafePress, because they don't have a method for sending a 2-CD package.

In the end, distributing sources is an annoyance, but nothing I would call onerous. It's only a mild annoyance.

Cheers,
Daniel.

#

Re:One of the most interesting features of this...

Posted by: Anonymous Coward on June 28, 2006 05:58 PM
That wasn't really my point, to me it seems like there is a lot of wasted effort and duplication... All the "little guys" are collecting up their packages and putting them into their distro... As such this puts an overhead in place for everyone... If there could be a central place where the sources could be stored and those who want it could be "pointed to that place" (it could even be via something like apt) then it would save everyone some time and folks could get on with producing their distro and making their enhancements...

Let's face it, where you get the source for samba (for example) from is academic if the distro hasn't changed it...

But again, the GPL is designed to ensure that modifications to source code are available and I think the spirit of that is being missed by enforcing that you MUST be able to provide a source copy of everything (regardless of whether you've changed it or not)... Rather than being able to say, it uses version 2.2.1 and you can find a copy over "there"...

(BTW, I'd agree in the case of MEPIS there should be little to complain about since his hardwork has been done for him, but the general point still applies...)

#

Re:One of the most interesting features of this...

Posted by: Ronald Trip on June 28, 2006 10:53 PM
No the general point doesn't apply.

Mr. Woodford would like to point to Ubuntu for the sources and not have the hassle of providing the source to the binaries HE ships.

If we allow Mr. Woodford to escape his distributors obligations, shouldn't the same apply to Ubuntu? What if Ubuntu says: "Here are our diffs and over there is the Debian Mothership. Get your sources there!" It is the same principle. That Ubuntu is a little bigger than Mepis, doesn't make a difference. What is good for the goose is good for the gander.

What if Debian says: "Hey, listen, we don't want to get into the source distribution hassle any more than Ubuntu or Mepis do! Here are our diffs and here is a list with 15,000 links to the individual source locations. Happy downloading and compiling!"

A practice like that sends a licensee on a wild goose chase to get the corresponding sources to his binary distro. This is unnecessary, because a distributor will have the sources himself already aggregated. At least if the distributor is worth his salt. Without access to the complete source, he can't maintain his own product.

It also has legal ramifications. All Mepis users have an agreement with Mr. Woodford under the GPL. Pointing to Ubuntu is not enough. The GPL doesn't require non-parties to provide source code to people who ask for it. It would be perfectly legal for Ubuntu to say that they are not going to provide source code to Mepis users. They are not obligated to do this under the GPL.

The source distribution requirement in its current form is in place to stop people from "proprietizing" GPL-ed code. If it weren't there, people could just forever point to each other for the sources and never have to deliver per the GPL. If you give me a binary under the GPL, I have direct business with you, not with a developer who doesn't even know I exist and have a binary made from his source code.

#

Re:One of the most interesting features of this...

Posted by: Anonymous Coward on June 29, 2006 01:07 PM
No, that's still not my point... I suggested a central place to get the sources (I didn't and DON'T suggest that it would be from some other distribution)... I would also suggest the use of a "tool" (whatever form that takes) that will go get the sources from that central place... You can then provide a definition file for your distribution that will instruct the tool to get the sources for your distribution... Thereby satisfying the GPL requirements but not putting the burden of having to collect and manage/distribute the sources yourself...

#

So what you're saying...

Posted by: Anonymous Coward on June 29, 2006 11:45 PM
is that the smaller distros should band together and share the cost of maintaining the unmodified upstream sources, freeing them individually to only manage the sources they themselves have modified?

It sounds good. If (for example) MEPIS, Rock Linux, Peanut, and whoever else decide that they'll put up a sources server and all point their users there, that's a great solution.

There would still be lots of details to work out. Like how to differentiate between the sources modified by one distribution that are still stock in another. Like who pays what portion of what bills, and who does the admin work on the site. It's a lot of politics and such, but it may work.

#

Much as I enjoy watching Stallman-bashers ...

Posted by: Anonymous Coward on July 16, 2006 08:36 AM
That's nuts. This is NOT hard to understand for anyone who actually READS the GPL, and I can't see any other way for RMS to respond. Honestly.

The problem is that a lot of people seem to think "oh, open source, that means GPL" and act like the two are equivalent terms. SO you get people attaing open source because they don't like the GPL, attacking people who don't use the GPL because they DO like it, or using the GPL for their own sofwtare and telling people "no, you don't have to comply with it"...

If people are going to use the GPL, they need to understand it. If people don't actually want to enforce the GPL, then they should use a license that DOES match what they are willing to enforce like BSDL or one of the Creative Commons licenses... and that should apply whether they're Linus Torvalds or Joe Shareware.

#

"liability"?

Posted by: Anonymous Coward on June 28, 2006 08:25 AM
I'd be interested to know what "liability" is assumed by an upstream provider that agrees to provide code for a downstream provider that doesn't modify the relevant package sources. The upstream provider already has the liability of providing the source code for every package they ship for 3 years. As long as there is a reasonable window between them shipping it and any downstream packagers shipping it (e.g. a few months) they're not assuming onerous additional liability that I can see

#

Copyrighted code

Posted by: Anonymous Coward on June 28, 2006 10:29 PM
The liability comes in if the upstream vendor has been distributing tainted, non-GPL compatible, copyrighted code. There are legal protections; i.e., that 'safe harbor' thing, I'd guess; but they may not cover every eventuality, and most companies will take the easy way out, and just say, "No."

Many posters think this is just a paper tiger, but if the responsibilities get too great, many small developers with a good idea may also just say, "No," and not distribute their good ideas.

I don't know which way I think that this one may go.

Geek Unorthodox

#

No redistribution reqd for unmodified source code

Posted by: Anonymous Coward on June 28, 2006 08:34 AM
For unmodified packages, reuse the up-stream binaries. That's what ection 3.c of the GPL is for - to protect hobbyists (i.e. non-commercial distros)

"Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) "

#

Re:No redistribution reqd for unmodified source co

Posted by: Daniel Carrera on June 28, 2006 05:12 PM
Not quite... this only applies if indeed you received an offer of source code. But you might not have. Under section 3 you have 3 options:

a) Provide the source code right away.
b) Include an offer to provide the sources.
c) Accompany it with the offer you received.

You can only use option (c) when the person that *you* got the binaries from chose to use option (b). If the upstream distributor chose option (a) (which I think is the case for most distributions) the then only options left to you are (a) and (b).

This state of affairs is necessary. If I am the upstream distributor, I don't want to be forced to keep the sources for 3 years. I want to have the option of giving you the sources right when you get the binaries and then forget about it.

Cheers,
Daniel.

#

Poor,Poor, Greedy, Selfish, And Stupid, Warren

Posted by: Anonymous Coward on June 28, 2006 08:38 AM
From day One Warren Woodford has been a contrarian where GPL compliance was concerned. He wants to take and use --freely-and-without-strings-- the millions of lines of GNU/Linux code contributed by people, many of which have far less resources than he. He then wants special considerations bestowed upon him and his efforts because he's a one man operation, a "Little Guy".

He obviously never stopped to consider that the reason why he is a one man operation is because he wouldn't have it any other way. He could have started Mepis as a not-for-profit dot ORG. He being greedy, selfish, and totaly lacking in true community spirit opted to go it alone.

Now too, that he has opted to move the Mepis core distro from the truly free Debian community core, to the (cleverly disguised) "commercial" Ubuntu core. He has moved even farther yet from the community. People were interested in Mepis for one core reason. Because it was a "User Friendly" Debian with the KDE desktop.Such being the case, Kubuntu will make Mepis redundant and irrelevent.

Add to that the short sighted, stupid choice of the Mepis Logo. It being an insult to the likely non geek first adopters of desktop GNU/Linux. The ones that would willingly accept some amount of discomfort in the transition. The freedom, privacy, and religious advocacy communities. The last thing in the world they want to see on their desktops is the trademark symbol of their most bitter enemy, A Pyramid. It represents the centralized, top down, tyranical control of humanity under all seeing eye of the illuminated elite. Very Poor Choice!

Warren has his choices and options to consider, but none of them include side-stepping the GPL. Deal with that Warren.

#

Re:Poor,Poor, Greedy, Selfish, And Stupid, Warren

Posted by: Anonymous Coward on June 28, 2006 09:26 AM
Did it feel better to get that off your chest? Did Warren or one of the other "little guy" distro's kick you as a child and now it's payback time? ROFL!

The little guys should just make the source available via bittorrent or make the requester pay for the service and materials/expenses of receiving the source code. Even people writing/using "free" software have to make a living somehow while they are busy upholding the letter of the law.

#

Re:Poor,Poor, Greedy, Selfish, And Stupid, Warren

Posted by: Anonymous Coward on June 28, 2006 12:50 PM
I read with an open mind your first paragraph. I'm new to linux and open source and find this all very interesting.

I started to get the idea that you have a hard on for warren in your second paragraph.

In your third paragraph I learned that Ubuntu is "cleverly disguised 'commercial'" code. I like the free commercial code.

Then I get to your fourth paragraph and realize you're just a complete whack job. I hope one of your friends notices you're off your meds and gets you back on them. Good luck!

#

Re:Poor,Poor, Greedy, Selfish, And Stupid, Warren

Posted by: Joe Klemmer on June 29, 2006 06:01 AM
> I hope one of your friends notices you're off your meds and gets you back on them.


Damn, that's funny right there. I don't care who you are, that's funny.

Git-R-Done!


-- My name is Mater. Like Ta-mater but without the Ta.

#

Re:Poor,Poor, Greedy, Selfish, And Stupid, Warren

Posted by: Anonymous Coward on June 28, 2006 05:12 PM
It's a misunderstanding, he's going to correct it and get his distro compliant. So how about cutting the guy some slack.

You say "Deal with that Warren". Isn't that exactly what he's doing?

#

Re:Poor,Poor, Greedy, Selfish, And Stupid, Warren

Posted by: Anonymous Coward on June 29, 2006 02:27 AM
Please explain why you think Ubuntu is a cleverly disguised commercial core.
Everything in their "main" repository is open. Pretty much everything in the "universe" repository is a straight sync from Debian. The other two ("restricted" and "multiverse") provide all the stuff that people want, but (through no fault of Ubuntu) isn't free. This includes things like Java and nVidia/ATi drivers.

#

Re:Poor,Poor, Greedy, Selfish, And Stupid, Warren

Posted by: Anonymous Coward on June 30, 2006 12:48 AM
I think he meant that ubuntu isn't a democratic but a corporate distro that means to, in the end, be profitable. It lets business influence its decisions -- the too soon dapper release is a good example of this. Debian, on the other hand, is democratic, will never be profitable and hence doesn't let business influence its decisions.

There's over a hundred derivatives that live off of the true and free debian community behind them.

#

Re:Poor,Poor, Greedy, Selfish, And Stupid, Warren

Posted by: Anonymous Coward on July 16, 2006 11:02 AM
Wow. Ubuntu is commercial huh?

Are you sure you don't mean Fedora or Mandriva? Last I checked, you had to pay to get the versions worth downloading.

With Ubuntu, Mepis, and most other distros, you get everything you need and want for free.

Go spread your anti-Ubuntu FUDD or Slashdot or Digg.

#

seems it would be easy to comply

Posted by: Anonymous Coward on June 28, 2006 09:36 AM
if your distro is mostly piggybacked on another distro, because you can basically store and forward a request for most sources onto the upstream distro. The requestor will get the source DVD from you, but it's mostly a repackaging of what you get from someone else on a just-in-time basis. Now, it could be that the upstream distro won't comply, but hey, that's not your problem. The FSF should go after the real culprit there. The way the world works in the 21st century is that you have interdependent supply chains.

You take any request you get and quote a $75 materials and handling fee (not at all unreasonable by the way), PLUS whatever is on the quote you get from your upstream provider. Cost plus.

#

Re:seems it would be easy to comply

Posted by: Daniel Carrera on June 28, 2006 05:17 PM
Not really. Under the GPL, the upstream distributor has two options:

a) Make the sources available for download from the same place you downloaded them.
b) Give you an offer for the sources, valid for 3 years.

If the distributor chose option (a), they are under no obligation to give you the sources later if you ask for them. This is important because if I am an upstream distributor I don't want that sort of burden. I'd rather just give you the sources on day 1 and then forget about it.

Cheers,
Daniel.

#

rBuilder is available to commercial distributions

Posted by: Anonymous Coward on June 28, 2006 10:08 AM

I just wanted to correct a small misperception about rBuilder. The rBuilder Online service is indeed available for use by commercial Linux distributions, as long as the contents of those distributions are freely, publically available. An example of this is <a href="http://www.rpath.org/rbuilder/project/asterisk/" title="rpath.org">#key,</a rpath.org> the publically-available distribution derived by Digium from rPath Linux. The rBuilder product is available commercially as well, and Digium's <a href="http://www.digium.com/en/products/software/abe.php" title="digium.com">Asterisk Business Edition</a digium.com> product is built with rBuilder, is also based on rPath Linux, but is a purchased product not freely available. The Conary technology upon which rBuilder is built is itself open source software, licensed under the terms of the <a href="http://www.opensource.org/licenses/cpl1.0.php" title="opensource.org">Common Public License.</a opensource.org>



I wanted to point that out because making it easy to comply with the GPL really is a useful characteristic of the Conary repository technology, rBuilder, and rBuilder Online, and it's useful for any distributor to know that this tool exists and can make their lives easier.



Also, it's not a requirement that distributions that use Conary or rBuilder use rPath Linux as their base; that's just an easy way to go about it.



Thanks!



-mkj

#

Source Rpms

Posted by: Anonymous Coward on June 28, 2006 10:09 AM
I found the source rpms for the fedora core packages, but what am I supposed to do with them?
They don't install like rpms. I don't even know how to get the source for most of the distributions. Then I have to burn twice as many cds if I want the source code.
Maybe it would just be easier if everyone just assumed that every user was a programer and just gave them the source code.

#

Re:Source Rpms

Posted by: Anonymous Coward on June 28, 2006 11:35 AM
If you have never used source rpms, just download one and try the following.
$ cd ~
$ cp -a<nobr> <wbr></nobr>/usr/src/redhat/ rpmbuild
$ echo '%_topdir %(echo $HOME)/rpmbuild' >><nobr> <wbr></nobr>.rpmmacros
$ rpm -ivh xxxxx.rpm (your SRPM)
$ cd ~/rpmbuild/SPECS/
$ rpmbuild -bb yyyyy.spec (there should be a spec file)

You'll find the compiled binary RPM(s) in ~/rpmbuild/RPMS/. You don't even have to be a superuser. This is not an "official" way, but you'll understand how easy it is to compile an SRPM.

#

apt-get source

Posted by: Anonymous Coward on June 28, 2006 11:26 PM
For Debian derivatives (Debian, Knoppix, Ubuntu,
LinEx, Xandros, DeMuDi etc. etc.; see <a href="http://www.debian.org/misc/children-distros.html" title="debian.org">http://www.debian.org/misc/children-distros.html</a debian.org>) it works like this:

if you want to install program foo:

apt-get install foo

if you want instead to study the source and the distributor's modifications to it:

apt-get source foo

HOW DIFFICULT IS THAT? (*)

(*) (OK, sometimes the name of the source package is a bit different from the binary package, e.g. atlas3-sse2-dev doesn't come from source package
atlas3-sse2-dev but from atlas3, which also
generates atlas3-headers, atlas3-3dnow-dev, etc. you get my point)

#

How is the hobbyist distributing the binaries?

Posted by: EnviroTO on June 28, 2006 01:44 PM
I don't get why distributing source would be difficult or onerous. If you have the means to distribute the binaries why wouldn't you have the means to distribute the source? If the binaries are distributed electronically simply do the same with the source, if it is distributed by CD do the same with the source. The cost of distributing source is going to be a fraction of the cost of distributing the binaries because most people wouldn't bother with getting all the source. If the kernel source is easily available separate from the rest of the source you can probably reduce the amount of source downloaded or source CDs cut significantly. Why the doom and gloom on such a simple requirement?

#

Re:How is the hobbyist distributing the binaries?

Posted by: Daniel Carrera on June 28, 2006 05:22 PM
Generally, I agree. In most cases, distributing the sources is only a relatively small annoyance, and not a catastrophic problem.

I can think of a couple of fairly specific cases where it would be more than an annoyance:

1) I once tried to sell GPL software through Cafe Press but couldn't because in Cafe Press you can only sell 1 CD at a time. I wanted to sell a binary CD along with a sources CD, all in one package. If I can't do that, I'd be stuck with the 3 year requirement, which I didn't want.

2) If you are giving out many LiveCDs at cost, distributing two CDs would double your cost. The best option is to have a computer nearby with the sources and have a sign that says "if you want the sources ask me and I'll burn you a CD for $3". This works well at a conference booth for example, but may not work in other situations.

Some times you just need to think through it for a while to find a good solution. You can go to the Debian Legal mailing list and ask them for ideas. They were the ones who suggested the sign with the offer to burn CDs.

Cheers,
Daniel.

#

Re:How is the hobbyist distributing the binaries?

Posted by: Anonymous Coward on June 28, 2006 10:05 PM
This particularly affects embedded distributions like OpenZaurus. The OpenEmbedded build system creates a ~20 megabyte firmware image, which is really all you need to use with your PDA, but in the process of creating that image it downloads and compiles hundreds of megabytes of source code from all over the place, including GNU FTP, kernel.org, and OZ's own mirrors. It is easily imaginable that someone would have the means to distribution custom Zaurus firmwares but not the all the source materials used to make that FW.

That said, this does look like a lot of FUD. As has been pointed out, the main source of this article is a guy who has long been criticized for playing games with licenses. I don't think that the FSF is going to enforce this against just anyone who doesn't have the means to provide complete source code. It looks like there's a good reason he's getting nasty-grams from the FSF.

#

Charging for Access

Posted by: Anonymous Coward on June 28, 2006 02:30 PM
GPL V3: <a href="http://gplv3.fsf.org/draft" title="fsf.org">http://gplv3.fsf.org/draft</a fsf.org>
Object code physical media distribution:
"for a price no more than ten times your cost of physically performing source distribution" - 10 times my assumed hourly rate times my disinterest in the query [0-1] plus shipping. So it may be expensive, and even paying for wasted time, if someone really thinks to need the source.

Remember the charges for physical FSF tapes in the olden days:).

Section 6[3] doesn't seem to require online distribution of the sources when the object is distributed only via http/ftp. Any way of
distribution (cdrom, ftp,<nobr> <wbr></nobr>...) seems to be sufficient to fulfil the requirements for the GPL.

cu
Peter

PS: flaming someone like the mepis author doesn't help anyone except m$.

#

The usual FSF burden...

Posted by: Anonymous Coward on June 28, 2006 03:24 PM
True, MEPIS could be a bit more GPL-compliant. Likewise for many other GNU/Linux distributions.
This has a price over their developers, though.

But I tend to side with Warren and a number of readers: the FSF and other GPL extremists are taking their toll over the community, stifling innovation by imposing a burden on the developers. Kororaa LiveCD 0.2 yesterday, MEPIS today... who's next ?

It's a _fact_ that not-entirely-free-software (GNU/Linux basis with hundreds of FLOSS applications, and several proprietary drivers to make users' hardware work as it should: fast, stable) is better than completely free software that does not work !
Remember:
* the "enemy" is proprietary software, not not-completely-however-nearly-entirely-free-softw<nobr>a<wbr></nobr> re. The usual amount of anti-GPL and anti-FLOSS FUD surrounding such news events is bad for free software they fancy they're defending.
* free software is a MEANS of reaching the GOAL of "freeing" more people from proprietary software. Free software itself is not a GOAL.

If I show relatives that my FLOSS is uber-cool and why this philosophy is uber-cool, but that it won't run any slightly complex game at more than 10 FPS or worse (yes, I've tried several free First Person Shooters, PlanetPenguinRacer, Neverball, on the same computer machine, with free drivers and the usual proprietary ones), they're still going not to want it.
I strongly believe the MEPIS and Kororaa approach is the way to go for the goal I mentioned above: use free software with proprietary drivers that work, while working on acceptable free software drivers. This is why I distribute only MEPIS and Kororaa via BitTorrent (often more than 1GB/24h on a 512K ADSL line, not bad).

Last summer, I tested about 8 GNU/Linux distros. MEPIS was the only one that would use the 1024x768 screen of my laptop properly. Ubuntu 5.10 Beta wouldn't even start a X server, no matter what driver I chose.
The computer was more than two years old at the time, it has a NVidia card. Kanotix and Knoppix still mess up the screen big time in 1024x768 mode.
I guess should burn a CD-RW with Kororaa to try and see whether proprietary drivers are the reason to MEPIS working properly...

I'm a CS student, and my own software is not GPL-licensed. Too restrictive. LGPL with exception permitting redistribution in unmodified binary form (this aims at easing redistribution, obviously) is a good median choice.

Lionel Debroux.

#

LGPL indeed a better choice than GPL

Posted by: Anonymous Coward on June 28, 2006 08:05 PM
However, this is still not optimal. Copyleft is a good thing if the term "Derivative works" would be defined more clearly by the license. The FSF definition is simply too broad and has nothing to do with ethnical behaviour or what Free software is all about.

Laurence Rosen once mentioned four cases as indicator when software is not a derivative work:

<a href="http://www.linuxjournal.com/node/6366/" title="linuxjournal.com">http://www.linuxjournal.com/node/6366/</a linuxjournal.com>

Unfortunatey, that's just a negative definition and there's no standard license text that can be used, yet. However, that's a start. And until an attorney publishes a good text, people should indeed use the LGPL for every software.

#

Re:LGPL indeed a better choice than GPL

Posted by: Anonymous Coward on June 29, 2006 01:02 PM
It's great that Rosen has the opinion that the use of a GPL'd library that was merely intended to be a library of helper functions does not force the calling application to be released under the GPL.

However, that's only his opinion expressed in a magazine, and has no force of law.

I just looked up the GNU Scientific Library, which always struck me as a great example of a bad use of the GPL. Here's an excerpt from its FAQ page on licensing:


If I wanted to distribute an application which uses GSL what license would I need to use?

The GNU General Public License (GPL).

The bottom line for commercial users:

GSL can be used internally ("in-house") without restriction, but only redistributed in other software that is under the GNU GPL


In other words, the maintainers of this library either don't agree with Rosen's opinion, or they don't regard their work as being just a library of support functions.

#

A stifling burden? Really?

Posted by: alandd on June 30, 2006 02:08 AM
"...stifling innovation by imposing a burden on the developers."

The GPL is what allows developers to redistribute code and binaries at no cost. It IS what allows the innovation in the first place. And yet you say the requirement that the source be passed along stifles innovation and imposes a burden?

Let's look at <a href="http://freshmeat.net/stats/#license" title="freshmeat.net">http://freshmeat.net/stats/#license</a freshmeat.net> to see how your assertion stacks up to real choices by real programming projects.

66.66% of the projects indexed by Freshmeat use the GPL license. The rest of the top five licenses are rounded out with:
2 - LGPL 6.29%
3 - BSD License (original) 3.09%
4 - BSD License (revised) 2.51%
5 - Freeware 2.45%

Do you really think the GPL is "stifling innovation?" If the burden is so great, why do the vast majority choose it as a license, by a huge margin? It's not even close!

You have an interesting opinion and evidently see the GPL as a burden, for you. However the a huge majority of developers and projects obviously disagree.

#

You either play be the rules, or you dont

Posted by: Anonymous Coward on June 28, 2006 04:05 PM
It is important that all distros play by the rules, we cant have acceptions, its simply not good enough. If the FSF lets people abuse the GPL then we may as well not have a license. The license is here to protect free software and provide benefit to each other.

Is it fair that one distro such as debian provides all source and another doesn't? Remember folks we are here to try and make free software available to all, so we must all do our duties.

Personally I do not respect Mepis for doing this, but now he knows so the issue can be addressed.

#

Just made myself compliant

Posted by: blindcoder on June 28, 2006 04:22 PM
I just made my distribution compliant by adding these lines to the "Download" page:

<tt>To get the source code of individual packages you can use the program

scripts/Download

from the source of LVP. Alternatively, you can contact me and get the source shipped to you on a CD-R/DVD-R for 15 EUR plus package and shipping.</tt>

Is this what the FSF wants? Probably not, but hey, at least everyone does follow the rules to the letter!

#

Re:Just made myself compliant

Posted by: Anonymous Coward on June 28, 2006 10:36 PM
You may not be compliant to GPLv2 as you have noe wya to guarentee those source for three years after from YOUR last distribution. That is a requirement in the GPLv2 that is the problem. This is what got Warren in trouble. As for GPLv3 software it seems that the requirement is much more strict,

#

Re:Just made myself compliant

Posted by: blindcoder on June 28, 2006 11:16 PM
My three new harddisks in a raid5 array tell a different story about this, but hey, feel free to call me after 2 years and 11 months<nobr> <wbr></nobr>:-)

#

Re:Just made myself compliant

Posted by: Anonymous Coward on June 28, 2006 11:24 PM
"You may not be compliant to GPLv2 as you have noe wya to guarentee those source for three years after from YOUR last distribution..."

The three year length of offer only has teeth if you're continuing to distribute (e.g. a newer version).

If you enter into non-compliance by withdrawing the source code offer before three years pass, the most the copyright holder can do is revoke your license to distribute. If you are no longer distributing your last distribution, you won't care.

As long as you don't withdraw the offer while you're still distributing, they can't prove you won't be compliant at some future time...

So I don't see a problem with just providing a written offer to make a CD for $75 for anyone who asks. Just make the original source CD when you make the distribution, keep it on your shelf, if anyone asks and pays the $75, make a copy of the CD and send it to them. NO PROBLEM!

#

Re:Just made myself compliant

Posted by: Anonymous Coward on June 29, 2006 06:27 AM
b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for
software interchange;

THe above is a quote form the GPL. Unless you can prove that $75 dollars is the cost to make and ship a CD then you are going to be in violation of the GPL.

#

Re:Just made myself compliant

Posted by: blindcoder on June 29, 2006 02:04 PM
That'd be pretty easy:
GettinG CD-Rs/DVD-Rs from shop, going to said shop, going back, time I need to do so * salary/hour and all that and I'm easily over 15 EUR (which is my charge).

#

Re:Just made myself compliant

Posted by: Anonymous Coward on June 29, 2006 02:50 PM
Typically the law works such that the person persuing you has to prove that it DOESN'T cost you $75 to produce the CD. Not that you have to prove that it does. They may be able to prove that someone else can produce it for substantially less but that proves nothing. It's not the customer who determines the price.

#

I don't see a problem here

Posted by: Johnny Hughes on June 28, 2006 05:42 PM
If debian (before) and ubuntu (now) did not make thier source code easily available, then Mepis would not have been able to be built in the first place.

I'm not sure what the problem is, I mean how hard is it to just create a directory and put the source right beside the binaries?

It is key that the sources be provided, without the sources there is no GPL. If RedHat didn't provide sources, there would be no Mandriva or CentOS. If Debian didn't provide sources, there would be no Ubuntu.

I am a CentOS developer, we have made sources available since day one<nobr> <wbr></nobr>... but what I don't understand is why people think this is hard.

#

Re:I don't see a problem here

Posted by: blindcoder on June 28, 2006 06:43 PM
I don't think it is hard, just unknown what the consequences mean.

I myself am a ROCK Linux developer and a/the LVP developer. ROCK downloads the sources from the ROCK mirrors or - failing that - from the original source. Now, if we don't modify the source before compiling it, do we still need to make them available on our own servers? Or is it enough to point to the original project?

Same goes now for LVP. Is it enough to point to the original server? To the ROCK servers (LVP is built using ROCK)? Or do I have to support my own way of distributing the sources of Linux Kernel, Xorg, glibc etc?

#

Re:I don't see a problem here

Posted by: Johnny Hughes on June 28, 2006 06:52 PM
If some distributes a binary<nobr> <wbr></nobr>... then tehy need to distribute the source as well.

So<nobr> <wbr></nobr>... if the binary is on your CD to make your product work<nobr> <wbr></nobr>... tehn YOU need to distribute the source. Regardless of whether someone else distributes the same source or not.

What if your upstream guy disappears<nobr> <wbr></nobr>:)<nobr> <wbr></nobr>... then your customers have to get the source from you.

Personally, we also SIGN our sources, so that people know that this is the particular SRPM that we used and that it is dsitributed by CentOS.

#

Re:I don't see a problem here

Posted by: blindcoder on June 28, 2006 07:07 PM
The thing with the upstream vendor is exactly the problem I run into right now.
LVP used to use <a href="http://loop-aes.sourceforge.net/" title="sourceforge.net">loop-aes</a sourceforge.net>, but I can't find the older versions anywhere on the net anymore. I've now contacted the author in the vain hope that he still has them.
What am I supposed to do if he doesn't supply them to me anymore?
I can stop distributing the old binaries, sure. But there's still the binaries already distributed. Am I now supposed to wait until someone comes around to sue my pants off?

#

Re:I don't see a problem here

Posted by: Anonymous Coward on June 28, 2006 11:53 PM
Does this help with loop-aes?:


<a href="ftp://ftp.nl.debian.org/debian/pool/main/l/loop-aes-source/" title="debian.org">ftp://ftp.nl.debian.org/debian/pool/main/l/loop-a<nobr>e<wbr></nobr> s-source/</a debian.org>


ncftp<nobr> <wbr></nobr>...main/l/loop-aes-source > ls -l


-rw-rw-r-- 1 ftp ftp 192156 mrt 24 2005 loop-aes-source_2.2d-5_all.deb


-rw-rw-r-- 1 ftp ftp 7614 mrt 24 2005 loop-aes-source_2.2d-5.diff.gz


-rw-rw-r-- 1 ftp ftp 641 mrt 24 2005 loop-aes-source_2.2d-5.dsc


-rw-rw-r-- 1 ftp ftp 233504 jan 10 2005 loop-aes-source_2.2d.orig.tar.gz


-rw-rw-r-- 1 ftp ftp 259208 apr 30 16:17 loop-aes-source_3.1d-3_all.deb


-rw-rw-r-- 1 ftp ftp 10415 apr 30 16:17 loop-aes-source_3.1d-3.diff.gz


-rw-rw-r-- 1 ftp ftp 613 apr 30 16:17 loop-aes-source_3.1d-3.dsc


-rw-rw-r-- 1 ftp ftp 206148 apr 10 15:47 loop-aes-source_3.1d.orig.tar.gz




and as for "what am I supposed to do", I'd say sure, its a lot of work to burn a set of DVDs with the source to all packages in your distribution every time you publish a new stable version, but surely you're doing that already (what if your computer crashes?)


IANAL, but as I see it all you have to do then is



  • Promise to provide the source DVDS to anyone asking, and do this for all versions of your distribution that are "out there" and less than 3 years old


  • Keep that promise by selling copies of those DVDs to anyone actually crazy enough to want them
    (BTW: has to be offered for not-much-more-than-cost-price + shipping & handling, because your customers already paid for it when they bought the binary distribution from you; they are entitled to it)


Sure it must be annoying but you don't announce a new stable version on the distrowatch website every month, do you?

#

Re:I don't see a problem here

Posted by: blindcoder on June 29, 2006 02:08 PM
Thanks for the loop-aes links. The author already supplied me with the old versions, though.

Well, I didn't do it before. I - as many others - assumed that having the source code "out there" and a mechanism to get them at the time of release (./scripts/Download -all) as well as my patches to the source code (./package/base/linux/*.patch) would be enough.
Right now, I'm not so sure anymore, so I started hunting down the old versions.
There's no financial price to be paid for LVP.

Well, not every month, but every 2-3 months.

#

Re:I don't see a problem here

Posted by: Michael Creel on June 28, 2006 07:44 PM
The issue is not that it's hard, it's that it uses resources (developer time, server capacity...) to duplicate source code archives that already exist.

#

Re:I don't see a problem here

Posted by: Anonymous Coward on June 28, 2006 08:04 PM
Why do you say Mandriva is using RH sources?
because they use RPM as the FSF's LSB requires for compliance?

They get their sources from the original project source repositories, not from Red Hat.
There is only one software package in Mandriva that comes from Red Hat, and it actually is not RPM, it is sndconfig. Mandriva uses the rpm packages, customised from day one, and their own, customised from day one version of rpm, called rpmi.

Personally, when the FSF's LSB group started saying exactly what software was required for compliance, beyond the base system, I stopped caring what the FSF wanted, they proved they have no clue what they should be doing then.

no Distro that does not use rpm for package manager can be lsb compliant?
since the<nobr> <wbr></nobr>.deb package manager is more flexible and powerfull, I would never expect Debian to change to rpms.

Slackware will also never be lsb compliant, since binaries is not what Slackware is using for most software installation.

slightly different issue, lsb and gpl, but both are FSF, and the lsb has become a joke because of the FSF policy.

#

Re:I don't see a problem here

Posted by: Jeremy Akers on June 28, 2006 09:25 PM
Mandriva (Mandrake) was derived from RedHat, it was originally based on RedHat RPM's

-Jeremy

#

Re:I don't see a problem here

Posted by: madcap_loon on July 02, 2006 06:50 PM
LSB is not a part of FSF, neither is FSF involved with it in any way. Where did u get this idea from? It is a part of the Free Standards Group, which is not and has nothing to do with Free Software Foundation.

Besides Mandriva is one of the distributions that showcases how it's LSB compliant during the installation slide show. And yes the original Mandrake Linux was derived off of Red Hat.

Please do you home work correctly before accusing and associating incorrect stuff together.

#

Is PK complying with the GPL?

Posted by: Anonymous Coward on June 28, 2006 07:33 PM
This looks like a pretty important topic to me. I'm the developer of ParallelKnoppix. I've added the following comments to the PK homepage. "PK is built by adding some packages, configuration and scripts to the Knoppix CD image. The packages are in binary form, and come from Debian repositories. The configuration files and scripts are themselves source code. While source code archives for the binaries distributed by PK exist, I don't mantain such archives. The reason the Free Software Foundation wants people to maintain source code archives is so people who use distributed binaries will be able to modify them and fix bugs. Now, PK is developed with the philosophy that every new release will be at least as good as the previous one, and source code archives for all distributed binaries exist somewhere for the binaries on the current version. So I can provide source code upon request for any binary package I distribute with the current version by downloading it myself and sending it to whoever asks for it. But what about a version of PK that's two years old - do I have to supply source code? For one thing, I'm no longer distributing old versions (except the first, for sentimental reasons only). I have to say that I would simply stop distributing PK before I would set up a (in my view redundant) source code archive. This is an important issue, I think, and it needs to be cleared up. The reason is that anyone, not only the FSF, can demand compliance. So if this is really a legal obligation, the door to shutting down a big, vibrant, interesting part of the Linux world is wide open."

#

Maybe I'm getting too excited here...

Posted by: Michael Creel on June 28, 2006 07:58 PM
GPL, ver 2:

3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:


a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)



So, by section 3c, since Klaus Knopper has a source archive, I guess I'm covered. Whew! I was seeing a gloomy day ahead for noncommercial derived distros.

#

Re:Is PK complying with the GPL?

Posted by: Anonymous Coward on June 29, 2006 12:37 AM
So I can provide source code upon request for any binary package I distribute with the current version by downloading it myself and sending it to whoever asks for it. But what about a version of PK that's two years old - do I have to supply source code? For one thing, I'm no longer distributing old versions<nobr> <wbr></nobr>...


I haven't rechecked the license just now, but I am pretty sure that you need to be able to provide source code for old versions for 3 years after you stop distributing the binaries. (This is assuming that you haven't put the source code packages online so they can be downloaded along side of the binaries as you describe). Also, you should not rely on being able to download the sources from someone else if you receive a request for the sources from someone who downloaded your distro. It would be wise to have local backups of all sources.

I have to say that I would simply stop distributing PK before I would set up a (in my view redundant) source code archive.


Not to be mean or anything, but that is a valid option if you cannot comply with the licenses.

It seems to me from reading this article that too many people that are distributing free software simply are not reading the licenses carefully. I made sure to read and understand the GPL and LGPL before I started posting my own packages online. The FSF has a handy FAQ page on the GPL if you have trouble understanding the license yourself. (And I found that even when I thought I understood it, their interpretation could be a little different than mine).

I understand that some of the provisions of the license can be a little burdensome at times for developers and especially people who only repackage free software. Some people may not have the server space or bandwidth to support storing sources for an entire custom distro. But, I agree that these requirements are necessary to ensure that free software remains free and available.

If you are unable to provide side-by-side downloads of source code, then provide a written offer to send anyone who receives your distro or packages a CD-R containing all of the required materials. And be sure to keep a copy of those materials yourself!

#

Re:Is PK complying with the GPL?

Posted by: Michael Creel on June 29, 2006 05:53 PM
I have looked at the GPL ver. 2, and have consulted with the FSF. I think that a noncommercial derived distro complies as long as it can point to an upstream source code archive, and directly supply source for any modified binaries. This is reasonable and not a burden, in my opinion. I also think that obliging commercial distros to share in the costs of making source code available is a good think. Obliging noncommercial distros that are often the work of a single person to maintain a full source code archive with a 3 year history does not seem like a productive thing to require. Currently, this is not mandated by GPL ver. 2, but it seems like some such requirement could be part of ver. 3. I hope it doesn't work out that way! I have fun working on PK and sharing it, but it's something I do in my limited spare time. Adding a layer of difficulty to this sort of project could quash a lot of interesting work.

#

Re:Is PK complying with the GPL?

Posted by: nanday on June 29, 2006 02:51 AM
If you're not sure if you're in compliance, contact David Turner at the FSF and find out. If you're not in compliance, the FSF will explain what you need to do, and give you some time to come into compliance. The FSF is strict on compliance, but it's also fair.

You need to make sure that you have accurate information.

-- Bruce Byfield

#

Re:Is PK complying with the GPL?

Posted by: Michael Creel on June 29, 2006 05:44 PM
I have consulted with the FSF, and I've re-read the GPL. I believe that PK is in compliance with the GPL ver. 2, and that staying in compliance for noncommercial derived distros is not a difficult thing to do. On the other hand, I have looked at the current draft of Ver. 3, and it looks to me like it could be harder to satisfy.

#

Maybe I'm just tired...

Posted by: Anonymous Coward on June 28, 2006 10:11 PM
..but doesn't this also create a problem for anyone who gives away an Ubuntu CD (for example). By definition, if I give someone a CD, I'm distributing non-modified binaries. If that CD happens to be of an old version, and Ubuntu no longer host the source for that version, by the current logic, I am in breach of the GPL.

Just off to download sources for every distro I have a copy of (it's either that or put the old versions through the shredder!)

#

Re:Maybe I'm just tired...

Posted by: Anonymous Coward on June 28, 2006 10:52 PM
Not as long as it's still packaged as "Ubuntu".

However, if I take Ubuntu, replace its logos with my own, call it "Blackburn Rovers FC Linux" (or whatever), and start giving that away (which I'm entitled to do under the GPL): then I have to provide sources.

#

Where does it say that

Posted by: Anonymous Coward on June 29, 2006 12:38 AM
in the GPL?

#

Re:Maybe I'm just tired...

Posted by: Anonymous Coward on June 29, 2006 02:26 AM
My point was that the definition has been clarified to include distribution of non-modified binaries. By changing logos etc, you are creating a separate distribution, but if you're just leaving everything as-is, you are still distributing the binaries, and therefore need to (offer to) distribute the source.

Personally I think that what is required is a definite statement from the FSF as to whether the scenario alluded to is an issue. TBH this is just a "reducto ad absurbam" argument, but that is what often what is required to make a situation unambiguous.

#

sources should be easily available

Posted by: Anonymous Coward on June 28, 2006 10:27 PM
What I don't understand these days, is how distributions don't even offer the sources in the commercial box set! If someone is interested in doing development for a distribution, how do they do that if they can't find the source, and it's not distributed in the same build environment the distribution uses? It's incredible!

 
The only systems I know of that make this easy are the BSDs. You can pull down the source trees, install CVS, and start doing builds exactly the way the core developers do. Slackware also allows you to just pull the the Slackpack source and make a new one, but it's not as nice as running a tree.

 
Open Source is worthless without source code and a build environment. Otherwise anyone that wants to contribute to a project has to do the work of putting the distribution together all over again from the upstream sources! Stupid, stupid, stupid. This explains a lot of the breakage we see in Linux distributions today, and why the BSDs brag about Quality. Even Debian does not even pretend anyone is going to set up a buildd machine to churn through their sources. 'Nuff said.

#

Re:sources should be easily available

Posted by: Anonymous Coward on June 29, 2006 12:21 AM
The BSDs come from an academic background, where priorities are a bit different than in the hobbyist world where Linux lives. I fully agree with the parent post, and the BSDs do have something to brag about. Controlled release engineering is indeed one of them.

Over the past decade I have come to the conclusion that the path of least pain is BSD for servers, OSX for desktops, with exceptions where applicable.

Without some discipline, Linux is well on its way to become the next Windows (quality-wise). These GPL hassles only server to distract from the core issues.

#

Re:sources should be easily available

Posted by: Anonymous Coward on June 29, 2006 01:12 AM
What do you mean exactly by "in the commercial box set" ?

I find your post interesting, but I have to disagree.
Offering the entire source with each distribution means severely reduced functionality for LiveCDs and LiveDVDs, where space is constrained. The larger the binaries, the larger the sources...
Anyway, many (most) users use FLOSS without contributing, because of lack of skills, for instance. Take Firefox, OO.o, etc: they are - fortunately - not used by developers only.
Source code is of the uttermost irrelevance for "Joe Sixpack"; functionality is of the uttermost relevance.

Lionel Debroux.

#

It's about respecting the wishes of the authors

Posted by: mattdm on June 28, 2006 11:47 PM
When someone (me, for example) decides to license their hard work under the GPL, they're saying "okay, I'm giving this to you, and in return, I simply want these few things". One of those things is: when you distribute the binary, you make the source available too.

If you distribute GPL'd binaries without following these rules, you're not being respectful of the authors' intent in chosing to offer their work to you under this license. You're taking it and benefiting without doing the small, easy things they asked in return. That's simply not cool.

#

It's about respecting the wishes of the copyright

Posted by: Anonymous Coward on June 29, 2006 12:46 PM
A very similiar argument could be made for movies, music, games, books, and other creative content.

I'll leave it as an exercise for the reader to find the contrary attitude <a href="http://slashdot.org/" title="slashdot.org">here.</a slashdot.org>

#

He doesn't have the source

Posted by: Anonymous Coward on June 29, 2006 01:19 AM
I quote from the article with my emphasis in bold--


"I'm just trying to get back to the point where I can sleep at night," Woodford says. "Last night, I went to bed at 1:30 and just lay in bed thinking of all the technicalities that have been discussed about the GPL and how I'm going to access the source and make it available."


I take that to mean he has been shipping binaries in Mepis for which he has not bothered to get the source himself. He doesn't recompile the binaries? He just takes the binaries from Ubuntu or Debian and repackages them into Mepis.


From a technical stand point, there is nothing deterimental to the end product if he doesn't recompile everything. But, the fact that he doesn't even have the source and has no structure for himself to use the source surprises me.


He has been betting his business and distro on the ability to get binaries from someone else. He would have had to go through this source aquisition effort anyway if his binary provider were to stop offering binaries!

#

Headline is a troll

Posted by: Anonymous Coward on June 29, 2006 01:24 AM
The rules of the GPL have not changed for many years. The rule requiring that the source be supplied has always been in the GPL. There is no "could have a chilling effect," as if the requirement is new or something. It either has always had a chilling effect or it hasn't had a chilling effect.

I guess the goal was to get lots of hits and comments. Trolling works, even for News Forge editors.

#

Re:Headline is a troll

Posted by: Anonymous Coward on June 29, 2006 06:04 AM
Yep. Newsforge has gotten pretty pointless. It's too bad, it used to be better.

#

OT: Mepis tools license?

Posted by: alandd on June 29, 2006 02:21 AM
Warren is learning he must comply with the GPL. That's good. He may not like some requirements of it but he distributes GPL'd code and therefore must follow it.


He now has on the site a nice page about various licenses included in the distro (<a href="http://www.mepis.org/node/10344" title="mepis.org">http://www.mepis.org/node/10344</a mepis.org>). This is a nice addtion to Mepis licensing documentation.


Will he now clarify the license for the Mepis installer and other non-free code included in the distro? (See: <a href="http://www.mepis.org/node/137" title="mepis.org">http://www.mepis.org/node/137</a mepis.org> and <a href="http://www.newsforge.com/comments.pl?sid=53313&cid=121990" title="newsforge.com">http://www.newsforge.com/comments.pl?sid=53313&ci<nobr>d<wbr></nobr> =121990</a newsforge.com>)

#

I don't see the issue

Posted by: Anonymous Coward on June 29, 2006 02:37 AM
If the FSF enforcing the rules discourages some people to make new distributions of linux, I'm fine with that. I think we already have more than enough. I'd rather people contribute to existing linux distributions then comming up with yet another linux distribution.

However, I don't think providing the sources will really discourage people from creating new distributions. So we will probably have hundreds of new linux distributions come out in the future.<nobr> <wbr></nobr>:(

#

The distro gene pool could use some bleaching

Posted by: Anonymous Coward on June 29, 2006 03:11 AM
Why is everyone's first reaction to not liking some aspect of their distro "Hey, I'll make my own"! What happened to the good old days when there were less than a dozen, and none of them sucked? Do we really need distributions which are derived from Ubuntu or Knoppix which are derived from Debian? Sheesh!

Maybe this is a good thing. Maybe the bar to entry into the distribution world *should* be a little higher.

#

Needs attention

Posted by: Anonymous Coward on June 29, 2006 04:26 AM
Woodford's concerns definitely need to be answered. Given that it is a burden on small distributors, FSF cannot say you cannot distribute if you don't release the source code for a package that you didn't even modify. I think that is not the philosophy behind the open source movement. It has to be conducive to such small players. This issue, I think, definitely does not have an YES or NO answer. It _has_ to be considered and discussed. -Praveen.

#

Fine. Discuss. But it is moot

Posted by: alandd on June 29, 2006 04:54 AM
The GPL is clear. You distribute under the GPL license, even unchanged binaries, you have to provide the code. That is what it says. Discussions will not change it.


Your statement "Given that it is a burden on small distributors, FSF cannot say..." is irrelevant. The FSF is not the bad guy here. They are enforcing part of the GPL under which the player, big or small, are operating. Burden or not the requirement is what it is.


Carry this discussion to the GPL v3 license since it is not yet cast in stone. All the discussion in the world will not change the current GPL.


The answer to Woodford's concerns are YES and NO. His concerns are his problem and any other GPL'd work distributer. It is part of the rules of the game and if it is too much of a burden, your choice is to not play. Woodford plays, he must follow the rules. FSF must enforce the rules on everyone, big or small, or they are meaningless.

#

Re:Needs attention

Posted by: Anonymous Coward on June 29, 2006 06:34 AM
The problem with the parent is that they are confusing FSF with the OSS movement two very different things. Personal I lean more towards the OSS but the FSF does have the right and responsiblity to make you play by their rules if you are going ot use their license.

#

Burden of the GPL

Posted by: Anonymous Coward on June 29, 2006 05:42 AM
It is examples like this that caused me to stop putting the GPL license on my software. I'd
rather provide my code free (as in freedom)
than anchor it to a license and the FSF.

#

Re:Burden of the GPL

Posted by: Anonymous Coward on June 29, 2006 08:25 AM
nobody cares what you do with your own code, that's not the issue here. the issue here is Warren crying over having to obey the rules that allow him to use other people's code. Lots of it.

#

about time

Posted by: Anonymous Coward on June 29, 2006 05:53 AM
Warren has played fast and easy with licenses for a long time. I'm not saying that there isn't a burden here, but he has a knack for talking out both sides of his mouth. Saying things like he has committed to releasing the installer under the GPL, and that "it's news to me that the scripts were not GPLed already. I don't consider any scripts to be proprietary" are all part of his overall attitude of wanting his cake and eating it, too.

From the very early days, he has always found an excuse for not wanting to comply as seen here: <a href="http://www.mepis.org/node/99/" title="mepis.org">http://www.mepis.org/node/99/</a mepis.org> . What are/were his motivations for joining the DCC then leaving? Now comes his much ballyhooed Ubuntu alliance.

So now is the time for Warren Woodford to finally show his cards, and what happens? An article magically appears in Newsforge, with fantastic headlines. Newsforge, why that's headed up by his buddy Roblimo, right? The one that does all those Mepis Point and Click books. Hmmmmm. Something smells a little funny here.

#

Re:about time

Posted by: Anonymous Coward on June 29, 2006 06:58 AM
Yep, that's been his traditional response. Rather than complying with the ruling, it's just more spin and FUD. The worst part is that his followers pick up on this and continue to minimize the problem. Not good for Linux or the GPL.

#

Re:about time

Posted by: Anonymous Coward on June 29, 2006 12:17 PM
I clicked through and found this comment on the mepis site:

"Source Code for the MEPIS Installer, _is_ a _legal_ requirement, if you _distribute_ _any_ GPL code, you _have_ to publish your own source, even if it's too damn ugly for your toilet paper."

Is that accurate? I thought that the GPL applied to redistribution (and possibly modification) of a self-contained piece of code such as a binary executable (along with the libraries it uses) or a shell script, but not necessarily an installer script or binary that happened to move executables and libraries into place. Gee, that would make the GPL more viral than I thought.

I haven't read the GPL that closely though.

#

Source packages do contain the unmodified source

Posted by: Anonymous Coward on June 29, 2006 06:52 AM
We at Ark Linux (<a href="http://www.arklinux.org/" title="arklinux.org">http://www.arklinux.org/</a arklinux.org>) don't provide any source except in the form of our source packages -- and this is certainly not in violation of the GPL:

A correctly done src.rpm file (and its equivalent in dpkg) is basically an archive file containing the complete, unmodified source code, and patches applied on top of it, and a script advising the package manager how to unpack the source, apply the patches, and build it.

So anyone providing a properly built source package is NOT violating the GPL -- the unmodified source can be extracted from the package, even on systems not using the same package manager (e.g. you'd use rpm2cpio for a<nobr> <wbr></nobr>.src.rpm file if you don't have rpm).

Unless the distributions are into really bad packaging practices (such as modifying the source tarball instead of applying patches on top of it), this is a non-issue.

bero (bero _at_ arklinux _DOT_ org)

#

what a completely retarded, inaccurate headline

Posted by: Anonymous Coward on June 29, 2006 08:27 AM
Trolling for clicks, newsforge?

#

Derivatives will be chilled by...

Posted by: Anonymous Coward on June 29, 2006 08:30 AM
...not having all that great GPL code in the first place.

#

Strict enforcement of all terms

Posted by: Anonymous Coward on June 29, 2006 12:52 PM
This is somewhat OT, but this type of action by the FSF demonstrates that unless you agree to EVERY term of a free or open source license, you shouldn't accept software under that license AND you shouldn't use that license for your own software.

So this may militate against the program to reduce the proliferation of open source licenses. Sure, the OSI can stop certifying new ones, but that doesn't take away the need for them when developers realize that existing licenses are not an exact fit (and it seems they do need to be an exact fit - see above).

#

So just don't use Linux. Use *BSD

Posted by: Anonymous Coward on June 30, 2006 04:50 AM
This is Yet Another Problem GPL Creates.
The BSD license allows for what MEPIS wants.
The GPL is just nice for corporations, contrary to the myth that was propagated. The BSD license leverages the playing field for all.

#

Re:

Posted by: Anonymous Coward on June 30, 2006 03:31 PM
awww boo hooo....
warren should read more, stay awake worrying less<nobr> <wbr></nobr>:)
Why should debian/ubuntu have to shoulder the burden of providing the source code to mepis users...would warren feel the same if he had to shoulder the burden of providing the source for someone making a new distro based on mepis? Wouldnt THAT be a burden!

Shameful IMO!

#

If no changes, is it not simply copying?

Posted by: Anonymous Coward on June 30, 2006 06:45 PM
As I understand it, I can copy GPL programs and distribute them all I want, without having to make source code available. Because they're simply copies.

Now, while Mepis is putting together a distribution, for those packages which have not been modified at all, are they not simply being copied? It seems perfectly reasonable to point users to the original source rather than have Mepis provide it.

#

Re:If no changes, is it not simply copying?

Posted by: Anonymous Coward on July 01, 2006 05:13 AM
Yeah, that's what they thought too, but it's in the GPL that they have to provide the source themselves. And the FSF isn't going to let them slide (because the freedom of all of mankind is at stake, as usual when Richard Stallman gets involved).

#

innovation without available source? lol!

Posted by: Anonymous Coward on July 03, 2006 07:55 PM
lots of people are talking that this clause is slowing down innovation... if upstream developers and hobby developers like me dont have access to modified source code... doesent that block "innovation" if you call fixes/enhancements innovation?
how does the binary redist of some help the community (of developers) that are working on all the things those binary only vendors sell?

infact violating the gpl for one project is already a "major violation" of the authors rights but doing it for a full linux distro?

when its e.g. about rpm based distros theres a simple way to automatically generate a src rpm... whats the problem with also uploading the src rpms online?

if you are a really free project btw... you get space / bandwidth etc... all for free...

when using a well designed package management theres no work overhead besides uploading a few more packages to your free mirrors.

i dont feel sorry at all. and if they distribute linux with violating the license they should better go and fix it...

for the "2 people make their own distro" part... why do they do it in the first place? to make money? to make money without complying to the software licenses of the software they sell?

if its just for the community theyd already have all their patches sent upstrean and there wouldnt be any need to "secretly modify em without giving the patches back"

think about it.

#

So...

Posted by: Anonymous Coward on July 03, 2006 08:39 PM
We have someone complaining about how difficult GPL compliance is, and stupidly admitting that he has been in noncompliance since he started the project.

He is lucky that a lone developer hasn't sued him for statutory damages for every copy of the program that Mepis has ever distributed. The FSF only enforces the licenses of works that have been assigned to it. There are many widely distributed GPLed projects that have not assigned their rights to the FSF.

He should be THANKING the FSF for this free legal advice, and for not suing the hell out of him. Instead, he is admitting liability to the world and who knows how many other potential litigants.

This shows some serious immaturity.

#

The community could solve this

Posted by: Anonymous [ip: 64.81.160.223] on December 09, 2007 01:57 AM
We need people developing deriative works to get together and create an NPO. This NPO would simply distribute source code. Then all member entities can request the NPO send it off. Viola, NP.

You might think this is the same as debian having the source. No it's not. 1) The NPO would be a source distributing service for member entities, and 2) The member entities would be able to request that they sned things out for them.

It's not that hard of a problem to solve, and I'm sure would ease the burden on everyone.

#

This story has been archived. Comments can no longer be posted.



 
Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya