% $Header: /cvsroot/latex-beamer/latex-beamer/solutions/conference-talks/conference-ornate-20min.en.tex,v 1.7 2007/01/28 20:48:23 tantau Exp $ \documentclass{beamer} % This file is a solution template for: % - Talk at a conference/colloquium. % - Talk length is about 20min. % - Style is ornate. % Copyright 2004 by Till Tantau . % % In principle, this file can be redistributed and/or modified under % the terms of the GNU Public License, version 2. % % However, this file is supposed to be a template to be modified % for your own needs. For this reason, if you use this file as a % template and not specifically distribute it as part of a another % package/program, I grant the extra permission to freely copy and % modify this file as you see fit and even to delete this copyright % notice. \mode { \usetheme{Warsaw} % or ... \setbeamercovered{transparent} % or whatever (possibly just delete it) } \usepackage[english]{babel} % or whatever \usepackage[latin1]{inputenc} % or whatever \usepackage{times} \usepackage[T1]{fontenc} % Or whatever. Note that the encoding and the font should match. If T1 % does not look nice, try deleting the line with the fontenc. \title{GNU GPL License Enforcements} \subtitle {What the community can do to enforce the GPL} \author{Harald Welte} \institute {gpl-violations.org\\hmw-consulting.de} % - Use the \inst command only if there are several affiliations. % - Keep it simple, no one is interested in your street address. \date[DORS/CLUC 2010] % (optional, should be abbreviation of conference name) {DORS/CLUC 2010, May 2010, Zagreb/Croatia} % - Either use conference name or its abbreviation. % - Not really informative to the audience, more for people (including % yourself) who are reading the slides online \subject{Embedded Linux} % This is only inserted into the PDF information catalog. Can be left % out. % If you have a file called "university-logo-filename.xxx", where xxx % is a graphic format that can be processed by latex or pdflatex, % resp., then you can add a logo as follows: % \pgfdeclareimage[height=0.5cm]{university-logo}{university-logo-filename} % \logo{\pgfuseimage{university-logo}} % Delete this, if you do not want the table of contents to pop up at % the beginning of each subsection: %\AtBeginSubsection[] %{ % \begin{frame}{Outline} % \tableofcontents[currentsection,currentsubsection] % \end{frame} %} % If you wish to uncover everything in a step-wise fashion, uncomment % the following command: %\beamerdefaultoverlayspecification{<+->} \begin{document} \begin{frame} \titlepage \end{frame} \begin{frame}{Outline} \tableofcontents % You might wish to add the option [pausesections] \end{frame} % Structuring a talk is a difficult task and the following structure % may not be suitable. Here are some rules that apply for this % solution: % - Exactly two or three sections (other than the summary). % - At *most* three subsections per section. % - Talk about 30s to 2min per frame. So there should be between about % 15 and 30 frames, all told. % - A conference audience is likely to know very little of what you % are going to talk about. So *simplify*! % - In a 20min talk, getting the main ideas across is hard % enough. Leave out details, even if it means being less precise than % you think necessary. % - If you omit details that are vital to the proof/implementation, % just say so once. Everybody will be happy with that. \begin{frame}{About the speaker} \begin{itemize} \item Using + playing with Linux since 1994 \item Kernel development since 1999 \item IT security specialist, focus on network protocol security \item Board-level Electrical Engineering \item System-level Software for PPC, ARM, x86 \item IANAL, but companies not complying with the license forced me to spend lots of time with legal issues \end{itemize} \end{frame} \section{FOSS Licenses} \subsection{Free Software and Copyleft} \begin{frame}{Free Software}{Definition by the FSF} % - A title should summarize the slide in an understandable fashion % for anyone how does not follow everything on the slide itself. Free Software has to ensure the following key freedoms: \begin{itemize} \item Freedom to use the software for any purpose \item Freedom to make copies "to help your neighbor" \item Freedom to study its functionality (source code) \item Freedom to fix it yourself (make modifications) \end{itemize} \end{frame} \begin{frame}{Copyleft}{A concept to ensure Freedom} Copyleft is an idea to use copyright to ensure Software Freedoms \begin{itemize} \item Use/claim copyright on the software \item Create a license that is permissive enough for the 4 Freedoms \item However, put some conditions/obligations in the license \begin{itemize} \item ensure the source code will always be available \item ensure nobody is able to remove the 4 Freedoms from the software \end{itemize} \item Use that license for the software. \end{itemize} \end{frame} \subsection{The GNU GPL} \begin{frame}{The GNU GPL}{An implementation of Copyleft} The GNU General Public License (GPL) \begin{itemize} \item is a Copyleft Free Software License \item assures the original author that his work will always have the freedoms \item establishes a level of fairness: You can use my code, if you share your additions back with us. \item is a big motivation factor for many community members \end{itemize} \end{frame} \begin{frame}{Revisiting the GPLv2 License Terms} The GNU GPLv2 \begin{itemize} \item Regulates distribution, not use (running the program) \item Allows distribution of source code and modified source code, if \begin{itemize} \item The license is mentioned \item A copy of the license text accompanies each copy \end{itemize} \item Allows distribution of or modified binaries, if \begin{itemize} \item The license is mentioned \item A copy of the license text accompanies each copy \item The source code is either included with the copy, or a written offer is made on how the source can be obtained. \end{itemize} \end{itemize} \end{frame} \begin{frame}{Complete Corresponding Source Code}{As required by GPLv2} \dots complete source code means all the source code for all modules it (the software) contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. \begin{itemize} \item For a C language program, this means \begin{itemize} \item Source Code \item Makefiles \item compile-time configuration (e.g. kernel .config) \end{itemize} \item General rule \begin{itemize} \item Intent of the license is to enable the user to run modified versions of the program \item If you provide everything needed for that, there will be no discussion \end{itemize} \end{itemize} \end{frame} \begin{frame}{Modifications of GPL'd source code}{The details that matter} \begin{itemize} \item In the GPL, it does not matter if you have modified the GPL'd program or if you ship it unmodified. \item You always have to provide the source code! \item If you modify the source code, your changes have to be visible/identifiable \item For practical reasons, I suggest shipping original upstream tarball + a diff/patch with your changes \end{itemize} \end{frame} \subsection{GPL - Embedded Systems} \begin{frame}{GPL and Embedded Systems}{Interpreting the meaning} \begin{itemize} \item The GNU GPLv2 was written for the GNU project, at the time this project was working on replacing individual application programs on top of a proprietary UNIX operating system kernel. \item scripts used to control compilation and installation \begin{itemize} \item Intent: To enable the user to modify + run modified versions \item In case of embedded systems, the "scripts used to control installation" include the software required for installing the program onto the target device \end{itemize} \end{itemize} \end{frame} \begin{frame}{GPL and Embedded DRM}{Sometimes called Tivo-ization} \begin{itemize} \item Some companies want to lock down their Linux-based system, by \begin{itemize} \item Cryptographic verification of bootloader by ROM loader \item Cryptographic verification of kernel image by bootloader\dots \end{itemize} \item This is problematic from a GPL point of view, since \begin{itemize} \item You are depriving the user from practically exercising his right to run modified versions of the program \item Thus, violation not of the GPLv2 wording, but likely of the GPL's intention \item Legal outcome unclear, different scholars have different opinions, also depends on jurisdiction \end{itemize} \item GPLv3 makes this intent explicit in the license text \end{itemize} \end{frame} \subsection{GPL - Compatible source code offer} \begin{frame}{Complete + Corresponding Source}{For every Release you make} \begin{itemize} \item Whenever you {\em distribute} GPL licensed software, the license applies. This includes \begin{itemize} \item Actual sale of a physical embedded device with the software in flash \item Download of a firmware update as a file from a website \item Shipping of firmware updates on physical storage \item Distribution of firmware updates e.g. by over-the-air mechanisms in DVB-S or other networks \end{itemize} \item Every time, the conditions of the license have to be fulfilled (mention there's software under GPL, include full license text, include or offer complete corresponding source code \item For every release you ever ship (even beta release if it ever is shipped only to one customer), you need the {\em complete corresponding} source code. \end{itemize} \end{frame} \subsection{GPL - Derivative Works} \begin{frame}{Derivative Works}{Keeping it clean} Derivative works are a question of copyright law, not the GPL \begin{itemize} \item whenever you couple a GPL and a non-GPL program tightly (e.g. static/dynamic linking), your're entering a legal grey area \item there is little or no precedent on derivative works of software \item you're violating the intention of the author. If he wanted you to link from proprietary programs, he would have used LGPL \item try to work {\em with} the community, rather than against it \end{itemize} \end{frame} \section{GPL Violations and License Enforcement} \subsection{GPL Violations} \begin{frame}{GPL Violations} \begin{itemize} \item GPL violations are not new, just like GPL licensed software is not new \item However, increased popularity of GNU/Linux based systems increase GPL violations \item Today, many more people and companies unfamiliar with the history and values of Free Software start using and (re)distributing FOSS \end{itemize} \end{frame} \subsection{Business Risk of GPL Violations} \begin{frame}{Business Risk of GPL Violations}{Or: How to convince your managers} If you ship a product that is incompliant to the GNU GPL, \begin{itemize} \item you are committing a copyright infringement not different from shipping a product with unlicensed copies of MS Windows \item you can face civil and criminal charges in court \item civil charges include (German jurisdiction) \begin{itemize} \item immediate cease + desist (halt of product sales) \item information of which quantity of the product has been sold to whom \item damages for lost revenue (see dual licensing) \end{itemize} \item civil charges can also be filed against every distributor/store/importer \end{itemize} \end{frame} \subsection{GPL Enforcement} \begin{frame}{Early GPL Enforcement} \begin{itemize} \item The Free Software Foundation (FSF) has alway been doing GPL enforcement on software {\em of which they are the copyright holder} \begin{itemize} \item They do so quietly, without much public notice \item The quiet route sometimes leads to lengthy negotiations \item The FSF only holds copyright on some Free Software programs \end{itemize} \end{itemize} \end{frame} \begin{frame}{The Linksys WRT54G case} During 2003, the Linksys WRT54G case drew a lot of attention \begin{itemize} \item Linksys was selling 802.11 WLAN Access Points and Routers \item Lots of GPL licensed software embedded into the device, including Linux, uClibc, busybox, iptables \item FSF-led alliance took their usual {\em quiet} approach \item Linksys bought itself a lot of time \begin{itemize} \item Some sources were released two months later \item Full GPL compliance only achieved four months later \end{itemize} \end{itemize} \end{frame} \begin{frame}{Aftermath of the Linksys case} \begin{itemize} \item Some developers were not happy with the Linksys case \begin{itemize} \item Linksys didn't loose anything by not complying from the beginning \item Four months delay is a long time given short product lifetimes \end{itemize} \item More embedded devices started to use Linux and other FOSS \item The netfilter/iptables project started to do their own enforcement \begin{itemize} \item Using German copyright law against German subsidiary of vendor \item Using direct legal / copyright based approach \end{itemize} \item The gpl-violations.org was later established \end{itemize} \end{frame} \begin{frame}{GPL Enforcement by the Community} \begin{itemize} \item The GPL is a Copyright License \item GPL enforcement is thus Copyright enforcement \item Copyright enforcement can normally only be done by copyright holders! \item Alternative (less tested) legal approaches \begin{itemize} \item Competition / Anti-Trust law (by a GPL-abiding competitor) \item Consumer protection (The product without source code is incomplete) \end{itemize} \end{itemize} \end{frame} \begin{frame}{GPL Enforcement Requirements} \begin{itemize} \item Clean copyright situation \begin{itemize} \item Who wrote which (part of a) software \item Was the copyright transferred to an employer? \end{itemize} \item Evidence for the violation \begin{itemize} \item Test purchase of the software on storage medium \item Detailed screenshots of download side, downloaded software images \item Evidence shows no notice of GPL or source code availability/offer \end{itemize} \item Copyright holders who want to do enforcement \end{itemize} \end{frame} \begin{frame}{GPL Enforcement by the Community} \begin{itemize} \item Authors/Developers of a project need to care about entities that violate their license \item Legal options in case of a violation \begin{itemize} \item One or multiple copyright holders do their own enforcement \item Copyright transfer to an entity that does enforcement \begin{itemize} \item Free Software Foundation \item http://conservancy.softwarefreedom.org/ \item Fiduciary License Agreement with the FSF Europe \end{itemize} \end{itemize} \end{itemize} \end{frame} \subsection{gpl-violations.org} \begin{frame}{The gpl-violations.org work} \begin{itemize} \item Use all legal means neccessarry to bring infringing product in compliance \item We only act where we hold copyright (Linux kernel) \item We typically only act within Europe, mostly in Germany \item Success so far \begin{itemize} \item More than 100 amicable agreements as results of settlements \item More than 5 preliminary injunctions halting sales of products until compliance \item Multiple actual court cases with court verdict \end{itemize} \end{itemize} \end{frame} \section*{Summary} \subsection*{Summary} \begin{frame}{Summary} % Keep the summary *very short*. \begin{itemize} \item GPL compliance is not difficult if you think about the problem when you start product development. \item A large part of the task can be automatized by using a proper build system. \item There are questionable legal {\em grey areas}. To minimize the risk, I'd try to stay out of them. \end{itemize} \end{frame} \subsection*{Outlook} \begin{frame}{Outlook} Outlook \begin{itemize} \item Blatant GPL violations in embedded devices are declining, but are likely to continue due to lack of skill or negligence. \item We'll see more {\em derivative works} types of GPL violations, and we'll see actual legal enforcement and precedent in this area over the next years. \item Stronger copyright protection demanded by content industry will also mean stronger protection for FOSS licenses. Imagine GPL enforcement with "three strikes" law in France ?!? \end{itemize} \end{frame} \end{document}