Kernel source unavailable...
Bill Bogstad
bogstad-e+AXbWqSrlAAvxtiuMwx3w at public.gmane.org
Wed May 4 14:03:28 EDT 2011
On Wed, May 4, 2011 at 10:08 AM, Tom McLaughlin <tmclaugh-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
>
> On 5/4/11 2:47 AM, Bill Bogstad wrote:
>> On Wed, May 4, 2011 at 1:12 AM, Jarod Wilson <jarod-ajLrJawYSntWk0Htik3J/w at public.gmane.org> wrote:
>>> On May 4, 2011, at 1:02 AM, Edward Ned Harvey wrote:
> <snip>
>> Legally, everything I've ever read says that whoever gave you
>> a binary licensed under the GPL is responsible for making a direct
>> offer for the source.
>> Not just passing it off to someone else not even involved in the
>> binary distribution.
>
> I don't believe that's a true statement. They simply have to show where
> the source can be obtained. The third party is not responsible for
> providing the source for you but you are responsible for making sure
> that a copy is available. If the third party no longer makes it
> available then it's your job to provide another avenue. See 6(d) of the
> GPLv3
We are talking about Linux kernel (GPLv2), but I'll handle your v3
argument first:
Here is 6(d) from GPLv3
---
d) Convey the object code by offering access from a designated place
(gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to copy
the object code is a network server, the Corresponding Source may be
on a different server (operated by you or a third party) that supports
equivalent copying facilities, provided you maintain clear directions
next to the object code saying where to find the Corresponding Source.
Regardless of what server hosts the Corresponding Source, you remain
obligated to ensure that it is available for as long as needed to
satisfy these requirements.
---
The exception for third party source distribution appears to only be
if the object code was made available via a network server AND there
are clear directions
on the object only server for where to go on a different source
server. The original poster bought a phone. They didn't download the
software from a network server. Nor did they receive any (let alone
clear) instructions on where to download the source. Even with this
exception, the last sentence makes the
distributer of the binary ultimately responsible if the source server
goes away. This is part of the basis on which I said you can't just
hand wave your responsibility away by pointing at an unrelated third
party.
In fact 6(b) is more relevant as it is specifically about distribution
in a physical product:
--
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a written
offer, valid for at least three years and valid for as long as you
offer spare parts or customer support for that product model, to give
anyone who possesses the object code either (1) a copy of the
Corresponding Source for all the software in the product that is
covered by this License, on a durable physical medium customarily used
for software interchange, for a price no more than your reasonable
cost of physically performing this conveying of source, or (2) access
to copy the Corresponding Source from a network server at no charge.
--
The original poster got no written offer for either physical media or
direction to a download server. As I see it, this would be a
definitive violation of GPLv3.
The direct violator is MetroPCS and I don't know if the law allows a
developer to go after LG or not in this case. Given that MetroPCS is
a moderately
big company there is a chance that leaning on them (in order to lean
on LG) might have an effect. This is why I referenced the Best Buy
et. al case in my
previous email. In that case it least, it appears some lawyers
thought that the law would allow liability for GPL violations to pass
through a retailer to
reach a manufacturer so they brought a suite directly against the
manufacturers as well.
Now on to GPLv2 which is the relevant license for the Linux kernel.
Section 3 is the one relevant to object code/executable distribution.
3(a) seems the only part relevant to a third party source distribution
exception:
---
c) Accompany it with the information you received as to the offer to
distribute corresponding source code. (This alternative is allowed
only for noncommercial distribution and only if you received the
program in object code or executable form with such an offer, in
accord with Subsection b above.)
---
As this was clearly not noncommercial distribution by MetroPCS, this
seems to not be relevant. Even if it was, MetroPCS would have been
required to provide the same info they got from LG on obtaining
source. They didn't. So this section is irrelevant twice. The
final sentence of section 3:
---
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
---
would appear to allow MetroPCS to distribute the source from the same
stores as they sell their phones rather then providing a written offer
or source
in the box with the phone. I'm betting they don't meet the
requirements for this exception for a written offer either.
I still stand by my statement that you can't just handwave your
responsibility to provide source to people to whom you give binaries
under a GPL license.
Yes, there are third party exceptions; but with GPLv2 they only apply
if you are noncommercial. With GPLv3, if the third party source
provider goes away you are still ultimately responsible. So make
sure that YOU have copies of the source because if the third party
goes away you are very possibly now in
violation. Even with the exceptions, you need to be clear and
explicit about what the recipient needs to do to get the EXACT source
that you used. Retailers, manufacturers, and even hobbyist hackers
almost never get it right without having been sued (or at least
browbeaten).
Bill Bogstad
More information about the Discuss
mailing list