Swap
Compare Revisions
Showing 32 commits
Ancestor: 85bbbf1ec649
32 2018-06-19 05:06:22
bkuhn
b7ae80de4873 master
Began work in Introduction and Historical Background These are probably too long, but various parts of this may work as replacements for some of the older text in the larger tutorial.
31 2018-06-19 03:04:06
bkuhn
ad0696d1865d
GPL Installation Instructions Article: abstract This is my first draft at an abstract for this article. I suspect that this Abstract is too long, so I may move some it out into other text.
30 2017-05-09 16:38:55
bkuhn
4a26646df629
Various links.
29 2017-05-09 16:15:22
bkuhn
d3e5b8053518
Presentations as prepared by Karen for OSCON 2017.
28 2017-05-09 14:55:04
bkuhn
1b3e3f879121
Copy over build details and CC BY SA logo.
27 2017-05-09 14:52:15
bkuhn
9e66a996bd0e
Change name to this presentation.
26 2017-05-09 14:52:05
bkuhn
a504d9f0417c
Change Karen requested verbally.
25 2017-05-09 14:50:49
bkuhn
e8963927dce4
Copy over install scripts and CC BY SA logo.
24 2017-05-09 14:50:40
bkuhn
3bf344051146
Rename presentation to this one.
23 2017-05-09 14:49:46
bkuhn
64fdf604a13b
Add Karen's name.
22 2017-05-09 14:48:48
bkuhn
88f38214308d
Change base name to the one in this presentation.
21 2017-05-09 14:48:00
bkuhn
c53c74a02bd4
Various changes based on Karen's verbal comments.
20 2017-05-09 14:45:32
bkuhn
0f15eade4ada
Copied over Makefile and CC BY SA logo.
19 2017-05-09 14:40:33
bkuhn
489d24a49f57
Working Makefile installation.
18 2017-05-09 14:40:24
bkuhn
4d3566829d31
Karen corrected me on this term.
17 2017-05-09 14:40:19
bkuhn
922f7f4b87f7
Add Karen's name.
16 2017-05-09 14:24:11
bkuhn
0e6bd590b639
Set up Makefile and add CC By SA logo.
15 2017-05-09 14:23:42
bkuhn
f41608f4f2c3
Add copyright notice.
14 2017-05-09 13:57:02
bkuhn
3329223addbb
Non-Copyright systems slide first draft.
13 2017-05-09 13:22:08
bkuhn
c3c5265c96c8
Links to related Guide sections.
12 2017-05-09 13:12:38
bkuhn
490107d60b96
Add introduction slide.
11 2017-05-09 13:12:21
bkuhn
594a4f744dde
Remove extraneous material to just CCS examples.
10 2017-05-09 12:52:35
bkuhn
a002bf4681ae
Larger presentation -> CCS report examples cp -pa presentations/2hr-GPL-compliance-focus/2hr-GPL.md presentations/ccs-report-examples/ccs-examples.md Plan to reduce this just to the CCS examples.
9 2017-05-09 12:41:30
bkuhn
b5c77f2ede00
correct date again.
8 2017-05-09 12:39:53
bkuhn
4dc867878bd1
Make plural.
7 2017-05-09 12:39:39
bkuhn
81ab95b0919e
CD is not the primary shipped media these days.
6 2017-05-09 12:39:25
bkuhn
e55bdd6f0c9f
Update date.
5 2017-05-09 12:27:37
bkuhn
a55777a6edd2
Reduce slides to only those introducing violations
4 2017-05-09 12:15:39
bkuhn
72ee4d2823b1
2hr compliance to select sides for violation intro cp -pa presentations/2hr-GPL-compliance-focus/2hr-GPL.md presentations/20min-violation-intro/violation-intro.md
3 2017-05-09 12:07:10
bkuhn
8495d9b65ebe
Add final slide with links to pertinent sections.
2 2017-05-09 12:02:13
bkuhn
a53d1919b05a
Shorten length; include only section discussion Shorten this down to include discussion only of specific GPL sections.
1 2017-05-09 11:51:59
bkuhn
9122138cf063
Copy 1hr-GPL.markdown to specific-sections.md cp 1hr-GPL/1hr-GPL.markdown 30min-specific-sections/specific-sections.md Start from the 1hr version to make a short version that talks about just a few specific sections of the GPL.
19 files changed with 1345 insertions and 0 deletions:
gpl-installation.tex | Added tip
 
new file 100644
1
 
% Copyright (C) 2018, Bradley M. Kuhn
2
 
% License: CC-BY-SA-4.0
3
 

	
4
 
\documentstyle[twocolumn]{article}
5
 
\pagestyle{empty}
6
 
\begin{document}
7
 

	
8
 
%don't want date printed
9
 
\date{}
10
 

	
11
 
%make title bold and 14 pt font (Latex default is non-bold, 16 pt)
12
 

	
13
 
\title{\Large\bf A Comprehensive Consideration of Installation Requirements of the GPL}
14
 

	
15
 
%for two authors (this is what is printed)
16
 

	
17
 
\author{\begin{tabular}[t]{c@{\extracolsep{8em}}c@{\extracolsep{8em}}c}
18
 
    Bradley M. Kuhn & Behan Webster \\
19
 
    Software Freedom Conservancy, Inc. & Converse In Code
20
 
\end{tabular}
21
 
}
22
 

	
23
 
\thispagestyle{empty}
24
 

	
25
 
\maketitle
26
 

	
27
 
\subsection*{\centering Abstract}
28
 

	
29
 
The GNU General License (``GPL'') is the most widely used \textit{copyleft}
30
 
license for software.  Copyleft licenses function as copyright license in
31
 
atypical manner: rather than restricting permission to copy, modify and
32
 
redistribute the software, copyleft licenses encourage and enable such
33
 
activities.  However, these license have strict requirements that mandate
34
 
further software sharing by enabling downstream users to easily improve,
35
 
modify, and upgrade the copylefted software on their own.
36
 

	
37
 
GPL has two versions in common use: version 2 (``GPLv2'') and version 3
38
 
(``GPLv3'').  Both versions require those who redistribute the software to
39
 
provide information related to the installation of software modified by
40
 
downstream.  These installation requirements, however, differ somewhat in
41
 
their details.  While some business practices around license compliance
42
 
efforts have reached adequate sophistication to address simpler compliance
43
 
problems, firms have generally given inadequate attention to the installation
44
 
requirements of both common versions of GPL\@.  Misunderstanding of these
45
 
clauses is often common, and violations related to installation instructions
46
 
remain prevalent.
47
 

	
48
 
Furthermore, perceived differences in the requirements, and lack of rigorous
49
 
study of the Installation Information requirements of GPLv3\S6 has allowed
50
 
rumor and impression, rather than a textually grounded adherence to the
51
 
written rules, to govern industry response in adoption of software licensed
52
 
under GPLv3.  The resulting scenario often causes redistributors to assume
53
 
the GPLv2 has \textbf{no} requirements regarding installation information,
54
 
and that GPLv3's requirements in this regard are impossible to meet,
55
 
particularly in security-conscious embedded products.
56
 

	
57
 
This paper explores the installation provisions of both common versions of
58
 
GPL, discusses historical motivations and context for each, and suggests best
59
 
practices regarding installation information for firms that redistribute
60
 
software under both licenses.
61
 

	
62
 
\section{Introduction}
63
 

	
64
 
Free, Libre and Open Source (``FLOSS'') licenses are typically categorized as
65
 
either copyleft or non-copyleft licenses.  The license compliance demands of
66
 
most non-copyleft licenses typically center purely around issues of author
67
 
attribution, and thus are straightforwardly addressed by license compliance
68
 
programs such as OpenChain and SPDX, which focus on the details of properly
69
 
annotating licensing information for software in the supply-chain to assure
70
 
proper downstream license and related author credit notification.
71
 

	
72
 
Copyleft licenses do indeed require proper downstream license and credit
73
 
notification, and thus we can broadly model copyleft license requirements as
74
 
a proper superset of those requirements of non-copyleft licenses.  The
75
 
compliance subset of license annotation is a well-studied problem, and many
76
 
automation tools exist and remain under active development to assist in these
77
 
aspects of compliance. Unfortunately, the nascent state of industry
78
 
compliance efforts currently means that firms are often ill-equipped to
79
 
handle the additional requirements of copyleft licenses.
80
 

	
81
 
In particular, software copyleft licenses are specifically designed to
82
 
promulgate a transparent agenda to champion the rights of downstream users to
83
 
effectively and easily copy, modify, reinstall and redistribute the software
84
 
both commercially and non-commercially.  Proper verification of source code
85
 
for license compliance generally cannot be automated.  Indeed, given that
86
 
program equivalence (often colloquially called the ``Halting Problem'') was
87
 
mathematically proven as an undecidable problem in the computing subfield of
88
 
Theory of Computation, we know that a generalized solution that shows
89
 
specific source code corresponds to a specific set of binaries remains
90
 
unsolvable in the general case.
91
 

	
92
 
We do expect automation tools that approximate solutions for the specific
93
 
cases of most interest to adopter of copylefted software to eventually exist.
94
 
Currently, much research and industry attention has turned toward the
95
 
software engineering problem of ``reproducible builds''.  We find this area
96
 
of endeavor directly applicable to the requirements of copyleft license
97
 
compliance, and believe that reproducible build techniques will eventually
98
 
become as common for  compliance with source code provisioning terms of
99
 
FLOSS licenses as SPDX and OpenChain are for the license notice and
100
 
attribution requirements are today.
101
 

	
102
 
However, even that solution, when it exists, will not fully satisfy the goals
103
 
of many firms.  Frankly, most firms do not share the idealistic goals of
104
 
software freedom activists who design copyleft licenses.  These activists
105
 
seek to defends the rights of software users by creating copyleft licenses
106
 
that mandate source code provisioning, which include the rights to modify and
107
 
install modified versions of the software.  However, in what the inventor of
108
 
copyleft, Richard M.~Stallman, called ``pragmatic idealism'', copyleft
109
 
licenses make reasonable trade-offs regarding how much disclosure is required
110
 
to downstream.  While conventional wisdom often considered copyleft licenses
111
 
to contain substantial and complicated requirements, ultimately the
112
 
requirements are substantially more permissive than most industry-standard
113
 
proprietary licenses, which often complete prohibit redistribution of the
114
 
software and disclose absolutely no source code.  Copyleft licenses typically
115
 
make a clear compromise between maximal software freedom for the downstream
116
 
recipient and permission for firms to distribute proprietary software in
117
 
aggregation with copylefted software.
118
 

	
119
 
By way of hypothetical counterexample, consider this possible ``copyleft''
120
 
license that one might create:
121
 

	
122
 
\begin{quotation}
123
 
  \begin{center}
124
 
    {\Large The Unreasonably Overly Broad Copyleft License}
125
 
  If you distribute this software in any form, you agree to publicly release
126
 
  the complete source code of all software that you and your successors in
127
 
  interest write, in any form, for perpetuity.
128
 
\end{quotation}
129
 

	
130
 
Besides likely being unenforceable for various reasons, firms would quickly
131
 
ban all software under this license, and ban all employees from ever using
132
 
such software at home or work.  A highly broad license of this nature, even
133
 
if succeeded in the very short term in a few instances, would fail long-term
134
 
to reach the long term goal of maximizing software freedom for users.
135
 
Copyleft, therefore, must find a balance between two competing goals:
136
 

	
137
 
\begin{itemize}
138
 

	
139
 
\item Ensure the rights to copy, share, modify, redistribute,
140
 
  and reinstall the software for downstream users.
141
 

	
142
 
\item Entice firms that do not seek the same goals as the activists to adopt,
143
 
  share and improve the copylefted software to assure its promulgation.
144
 
\end{itemize}
145
 

	
146
 
In essence, much FLOSS licensing balances these competing goals.
147
 
Non-copyleft licenses favor the latter much more than the former, and
148
 
copyleft licenses seek to create an optimal policy between the ``maximal
149
 
software freedom'' vs. ``adoption and popularity'' dichotomy, to assure that
150
 
in the long term, users have these specific rights, but also allow for short
151
 
term interest of firms and individuals alike who may not share the software
152
 
freedom activist perspective.
153
 

	
154
 
\section{Historical Background}
155
 

	
156
 
Despite the awareness of copyleft activists, the adoption of copyleft
157
 
licenses has been wrought with acrimony and accusation.  To our knowledge,
158
 
there are no specific empirical studies of attitudes and reasoning why firms
159
 
initially rejected copyleft (and that some still do).  However, consideration
160
 
of anecdotes can illuminate study of the reasons why confusion exists
161
 
regarding copyleft licensing requirements in general, and in particular
162
 
(which will be the focus of this article) the installation requirements of
163
 
the GNU General Public License (``GPL'').
164
 

	
165
 
The Free Software Foundation (``FSF''), which is the license steward for all
166
 
existing versions of the GPL, was the first to license software under GPL\@.
167
 
Released in 1991, GPLv2 came into wide use by other software authors,
168
 
including those of Linux.  During the 1990s, the alternative body of software
169
 
released under GPLv2 gained slow but steady adoption, until major firms could
170
 
no longer ignore it.
171
 

	
172
 
In 2001, Microsoft launched a series of political attacks against the GPL\@.
173
 
Over a period of months, various Microsoft executives called the GPL
174
 
``unAmerican'' and a ``cancer'' on the software industry.  This was the first
175
 
time most in the industry had ever heard of the GPL, and the rhetoric created
176
 
the expected fervor.
177
 

	
178
 
The industry context of the time was the growing adoption of GPL'd software,
179
 
and Linux, in particular, by firms.  While Microsoft was not the first to
180
 
draw negative attention to GPL's copyleft provisions, but sadly the
181
 
misunderstandings launched in these attacks remain with us today.
182
 

	
183
 
Adoption of FLOSS grew quickly in the last two decades.  License compliance
184
 
and FLOSS supply-chain adoption techniques have become essential components
185
 
of most large firms along with this adoption.  However, these tools and
186
 
procedures have focused on the straightforward problems of license notice,
187
 
attribution, and supply-chain FLOSS inclusion discovery techniques.  The
188
 
finer points of copyleft license compliance, particularly source code
189
 
provisioning and installation requirements of GPL, remain often
190
 
misunderstood, and sometimes outright ignored.
191
 

	
192
 
Historically, firms have often reacted to the two popular versions of the GPL
193
 
in the same pattern.  During the feverish anti-copyleft rhetoric of the
194
 
1990s, firms widely considered the GPLv2 as a toxic license they could not
195
 
abide.  Eventually, executives and lawyers at major firms learned what their
196
 
engineers often already knew: that GPLv2 was not unreasonable, its
197
 
requirements were well understood and could be respected by businesses that
198
 
produced both FLOSS and proprietary products.
199
 

	
200
 
We now see the same process happening, albeit much more slowly, with GPLv3.
201
 
We hear rhetoric drawing attention to perceived differences between GPLv2's
202
 
and GPLv3's requirements, which seem untenable to firms, some of whom
203
 
maintain GPLv2'd forks of projects that have moved on to the
204
 
``GPLv3-or-later'' upstream.
205
 

	
206
 
\end{document}
presentations/20min-violation-intro/Makefile | Added tip
 
new file 100644
1
 
# Makefile for Presentation
2
 
#
3
 
# You can change the PRESENTATION_BASE below, or if you like, or set it as
4
 
# an environment variable before you type make.
5
 

	
6
 
ifndef PRESENTATION_BASE
7
 
PRESENTATION_BASE=violation-intro
8
 
endif 
9
 

	
10
 
DO_INCREMENTAL_POINTS = -i -s
11
 

	
12
 

	
13
 
# This should be the path to your checkout of the repository.  Under that
14
 
# directory, you must have a checkout of /Admin/Forms/TeX.
15
 

	
16
 
PATH := $(PATH):/usr/share/tex4ht
17
 

	
18
 

	
19
 
PANDOC=/usr/bin/pandoc
20
 
TEX4HT=tex4ht
21
 
T4HT=t4ht
22
 
PDFLATEX = pdflatex
23
 
LATEX = /usr/bin/latex
24
 
BIBTEX = bibtex
25
 
FIG2DEV = fig2dev
26
 
DVIPS=/usr/bin/dvips
27
 

	
28
 
PDF_FIGS = ui/conservancy/logo.pdf
29
 
EPS_FIGS = ui/conservancy/logo.eps
30
 

	
31
 
all:	err $(PRESENTATION_BASE).ps $(PRESENTATION_BASE).html
32
 
all:	$(PRESENTATION_BASE).html
33
 

	
34
 
.SUFFIXES: .fig .postscript .eps .pdf .pstex_t .pstex .ps .dvi .tex
35
 

	
36
 
.postscript.pdf:
37
 
	ps2pdf $< $@
38
 

	
39
 
.postscript.eps:
40
 
	ps2epsi $< $@
41
 

	
42
 
.dvi.ps:
43
 
	$(DVIPS) $< -o $@
44
 

	
45
 
.tex.dvi:
46
 
	$(LATEX) $<
47
 

	
48
 
.fig.pdf:
49
 
	$(FIG2DEV) -L pdf -p "portrait" -c $< > $@
50
 

	
51
 
.fig.pstex_t:
52
 
	$(FIG2DEV) -L pstex_t $< > $@
53
 

	
54
 
.fig.pstex:
55
 
	$(FIG2DEV) -L pstex $< > $@
56
 

	
57
 
$(PRESENTATION_BASE).tex: $(PDF_FIGS) $(PRESENTATION_BASE).md
58
 
	$(PANDOC) -S -s -f markdown -t latex $(PRESENTATION_BASE).md -o $(PRESENTATION_BASE).tex
59
 

	
60
 
$(PRESENTATION_BASE).pdf: $(PRESENTATION_BASE).tex $(PDF_FIGS)
61
 
	$(PANDOC) -S -s -f markdown -t latex $(PRESENTATION_BASE).md -o $(PRESENTATION_BASE).tex
62
 
	$(PDFLATEX)  $(PRESENTATION_BASE).tex
63
 
	$(PDFLATEX)  $(PRESENTATION_BASE).tex
64
 

	
65
 
$(PRESENTATION_BASE).html: $(PRESENTATION_BASE).md
66
 
	$(PANDOC) $(DO_INCREMENTAL_POINTS) -s -S --template ./ui/conservancy/pandoc-s5-template.html -f markdown -t s5 $(PRESENTATION_BASE).md -o $(PRESENTATION_BASE).html
67
 

	
68
 
$(PRESENTATION_BASE).dvi: $(PRESENTATION_BASE).tex $(EPS_FIGS)
69
 
	$(LATEX)  $(PRESENTATION_BASE).tex
70
 
	$(LATEX)  $(PRESENTATION_BASE).tex
71
 

	
72
 
clean:
73
 
	/bin/rm -f $(PRESENTATION_BASE).ps $(PRESENTATION_BASE).pdf $(PRESENTATION_BASE).log texput.log $(PRESENTATION_BASE).lg $(PRESENTATION_BASE).tmp $(PRESENTATION_BASE).xref *.4ct *.4tc *.aux *.dvi $(PRESENTATION_BASE)*.html *.idv *.lg *.tmp $(PRESENTATION_BASE).css $(PRESENTATION_BASE).log $(PRESENTATION_BASE).out $(PRESENTATION_BASE)-js.* $(PRESENTATION_BASE).tex
74
 

	
75
 
err: ; $(ERR)
76
 

	
77
 
install: all
78
 
	/usr/bin/rsync -HavP --exclude ui ./ copyleft.org:/var/www/presentations/$(PRESENTATION_BASE)/
79
 
	-ssh copyleft.org 'mkdir -p /var/www/presentations/$(PRESENTATION_BASE)/ui/conservancy/'
80
 
	/usr/bin/rsync -HavP ui/conservancy/  copyleft.org:/var/www/presentations/$(PRESENTATION_BASE)/ui/conservancy/
81
 
	-ssh copyleft.org 'find /var/www/presentations/$(PRESENTATION_BASE) -exec chmod gou+r {} \;'
82
 
	-ssh copyleft.org 'find /var/www/presentations/$(PRESENTATION_BASE) -type d -exec chmod gou+rx {} \;'
83
 
	./pres-cmd
presentations/20min-violation-intro/cc-by-sa-4-0_88x31.png | Added tip
 
new file 100644
 
binary diff not shown
Show images
presentations/20min-violation-intro/pres-cmd | Added tip
 
new file 100755
1
 
#!/bin/sh
2
 

	
3
 
talk=half-day-gpl/violation-intro
4
 

	
5
 
rsync -HavP ./  /home/pres/$talk/
6
 
rm -rf /home/pres/$talk/ui
7
 
rsync -HavP ~/talks/ui/  /home/pres/$talk/ui/
8
 
find /home/pres/$talk -exec chmod gou+r {} \;
9
 
find /home/pres/$talk -type d -exec chmod gou+rx {} \;
presentations/20min-violation-intro/violation-intro.md | Added tip
 
new file 100644
1
 
% The What and How of GPL Violations
2
 
% Bradley M. Kuhn &amp; Karen M. Sandler
3
 
% Tuesday 9 May 2017
4
 

	
5
 
# What's a GPL Violation?
6
 

	
7
 
+ GPL (both v2 and v3) require:
8
 
     + The whole work licensed under GPL.
9
 
     + (which means all copyrighted material added must be under
10
 
       GPL-compatible licenses.)
11
 
     + Complete, Corresponding Source (CCS) of that work provided, under GPL.
12
 

	
13
 
+ The licenses terminate upon violation &hellip;
14
 
     + &hellip; thus failure to comply means lost distribution rights.
15
 
     + &hellip; enforcement uses this rights termination as leverage to
16
 
       restore compliance.
17
 

	
18
 
# Enforcement is Technical
19
 

	
20
 
+ Copyleft's policy goals related to technical acts.
21
 
     + modifying, building, and installing software is a technical process.
22
 

	
23
 
+ In embedded systems, this process is rarely straightforward.
24
 
     + GPL's requirements are strict.
25
 

	
26
 
+ In enforcement, we talk about &ldquo;the CCS adequately meeting GPL's requirements&rdquo;
27
 

	
28
 
# Compliance-Friendly Development
29
 

	
30
 
+ Use revision control ...
31
 
    - ... to pull in vendor branch.
32
 
    - ... to tag releases.
33
 

	
34
 
+ Avoid "Build Guru" ...
35
 
    - ... by documenting build process.
36
 
    - ... and versioning it, too.
37
 

	
38
 
# GPL Binary Requirements
39
 

	
40
 
(v2 &sect; 3, v3 &sect; 6)
41
 

	
42
 
+ Four options:
43
 
    - Source alongside binary (v2/v3).
44
 
    - Offer for source (v2/v3).
45
 
    - Internet side-by-side distribution (v3).
46
 
    - Torrent distribution (v3).
47
 

	
48
 
# Source Alongside Binary
49
 

	
50
 
+ Simplest option
51
 

	
52
 
+ **Obligations end at distribution time.**
53
 

	
54
 
+ Physical media required.
55
 

	
56
 
# Offer For Source
57
 

	
58
 
+ Useful if not shipping media already.
59
 

	
60
 
+ Lasts three years.
61
 

	
62
 
+ Mail fulfillment required (not in v3).
63
 

	
64
 
# Side-By-Side Distribution
65
 

	
66
 
+ Not in GPLv2, pedantically speaking.
67
 

	
68
 
+ Always been considered compliant for v2.
69
 

	
70
 
+ v3 clarifies this.
71
 

	
72
 
# Peer-to-Peer Distribution 
73
 

	
74
 
+ v2 obviously couldn't consider this.
75
 

	
76
 
+ v3 allows distribution of equally seeded source and binary.
77
 

	
78
 
# Preparing Corresponding Source
79
 

	
80
 
(v2 &sect; 3, v3 &sect; 1)
81
 

	
82
 
+ Make sure all sources are present.
83
 
     - revision system helps a lot here.
84
 

	
85
 
+ Build scripts
86
 
     - make sure someone skilled in art can build it.
87
 

	
88
 
# Termination
89
 

	
90
 
(v2 &sect; 4, v3 &sect; 8)
91
 

	
92
 
+ v2 is automatic and permanent.
93
 

	
94
 
+ v3 has auto-reinstatement.
95
 
    - 60 day self-correction timeout.
96
 
    - 30 day penalty-less after notice.
97
 

	
98
 
+ Usually, you need copyright holder to reinstate.
99
 

	
100
 
#  Actual Enforcement
101
 

	
102
 
+ [*The Principles of Community-Oriented GPL Enforcement* at sfconservancy.org/linux-compliance/principles.html](https://sfconservancy.org/linux-compliance/principles.html).
103
 

	
104
 
+ Send a Letter, carefully finding right person.
105
 

	
106
 
+ Communication is key.
107
 

	
108
 
+ Ask for CCS candidates.
109
 

	
110
 

	
111
 
# The "Rounds"
112
 

	
113
 
+ Ideally (it's only happened to me twice) the first source release is
114
 
  perfect.
115
 
     + but we don't live in an ideal world.
116
 

	
117
 
+ The worst we've ever experienced is 22 rounds.
118
 

	
119
 
+ We send detailed reports.
120
 

	
121
 
# More Info / Talk License
122
 

	
123
 
<img align="right" src="cc-by-sa-4-0_88x31.png" />
124
 

	
125
 
+ Specific Sections of Copyleft Guide relating to these topics:
126
 
      - [GPLv2 &sect;4: Termination on Violation](https://copyleft.org/guide/comprehensive-gpl-guidech8.html#x11-510007.1)
127
 
      - [GPLv3 &sect;7: Understanding License Compatibility](https://copyleft.org/guide/comprehensive-gpl-guidech10.html#x13-850009.10)
128
 
      - [GPLv3 &sect;8: A Lighter Termination](https://copyleft.org/guide/comprehensive-gpl-guidech10.html#x13-860009.11)
129
 
      - [A Practical Guide to GPL Compliance](https://copyleft.org/guide/comprehensive-gpl-guidech14.html)
130
 
<span class="fitonslide">
131
 
<p>Presentation and slides are: Copyright &copy; Bradley M. Kuhn (2008&ndash;2011, 2015, 2017), Karen M. Sandler (2017), and are licensed under the <a rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/legalcode">Creative Commons Attribution-Share Alike 4.0 International License</a>. </p>
132
 
</span>
presentations/30min-specific-sections/Makefile | Added tip
 
new file 100644
1
 
# Makefile for Presentation
2
 
#
3
 
# You can change the PRESENTATION_BASE below, or if you like, or set it as
4
 
# an environment variable before you type make.
5
 

	
6
 
ifndef PRESENTATION_BASE
7
 
PRESENTATION_BASE=specific-sections
8
 
endif 
9
 

	
10
 
DO_INCREMENTAL_POINTS = -i -s
11
 

	
12
 

	
13
 
# This should be the path to your checkout of the repository.  Under that
14
 
# directory, you must have a checkout of /Admin/Forms/TeX.
15
 

	
16
 
PATH := $(PATH):/usr/share/tex4ht
17
 

	
18
 

	
19
 
PANDOC=/usr/bin/pandoc
20
 
TEX4HT=tex4ht
21
 
T4HT=t4ht
22
 
PDFLATEX = pdflatex
23
 
LATEX = /usr/bin/latex
24
 
BIBTEX = bibtex
25
 
FIG2DEV = fig2dev
26
 
DVIPS=/usr/bin/dvips
27
 

	
28
 
PDF_FIGS = ui/conservancy/logo.pdf
29
 
EPS_FIGS = ui/conservancy/logo.eps
30
 

	
31
 
all:	err $(PRESENTATION_BASE).ps $(PRESENTATION_BASE).html
32
 
all:	$(PRESENTATION_BASE).html
33
 

	
34
 
.SUFFIXES: .fig .postscript .eps .pdf .pstex_t .pstex .ps .dvi .tex
35
 

	
36
 
.postscript.pdf:
37
 
	ps2pdf $< $@
38
 

	
39
 
.postscript.eps:
40
 
	ps2epsi $< $@
41
 

	
42
 
.dvi.ps:
43
 
	$(DVIPS) $< -o $@
44
 

	
45
 
.tex.dvi:
46
 
	$(LATEX) $<
47
 

	
48
 
.fig.pdf:
49
 
	$(FIG2DEV) -L pdf -p "portrait" -c $< > $@
50
 

	
51
 
.fig.pstex_t:
52
 
	$(FIG2DEV) -L pstex_t $< > $@
53
 

	
54
 
.fig.pstex:
55
 
	$(FIG2DEV) -L pstex $< > $@
56
 

	
57
 
$(PRESENTATION_BASE).tex: $(PDF_FIGS) $(PRESENTATION_BASE).md
58
 
	$(PANDOC) -S -s -f markdown -t latex $(PRESENTATION_BASE).md -o $(PRESENTATION_BASE).tex
59
 

	
60
 
$(PRESENTATION_BASE).pdf: $(PRESENTATION_BASE).tex $(PDF_FIGS)
61
 
	$(PANDOC) -S -s -f markdown -t latex $(PRESENTATION_BASE).md -o $(PRESENTATION_BASE).tex
62
 
	$(PDFLATEX)  $(PRESENTATION_BASE).tex
63
 
	$(PDFLATEX)  $(PRESENTATION_BASE).tex
64
 

	
65
 
$(PRESENTATION_BASE).html: $(PRESENTATION_BASE).md
66
 
	$(PANDOC) $(DO_INCREMENTAL_POINTS) -s -S --template ./ui/conservancy/pandoc-s5-template.html -f markdown -t s5 $(PRESENTATION_BASE).md -o $(PRESENTATION_BASE).html
67
 

	
68
 
$(PRESENTATION_BASE).dvi: $(PRESENTATION_BASE).tex $(EPS_FIGS)
69
 
	$(LATEX)  $(PRESENTATION_BASE).tex
70
 
	$(LATEX)  $(PRESENTATION_BASE).tex
71
 

	
72
 
clean:
73
 
	/bin/rm -f $(PRESENTATION_BASE).ps $(PRESENTATION_BASE).pdf $(PRESENTATION_BASE).log texput.log $(PRESENTATION_BASE).lg $(PRESENTATION_BASE).tmp $(PRESENTATION_BASE).xref *.4ct *.4tc *.aux *.dvi $(PRESENTATION_BASE)*.html *.idv *.lg *.tmp $(PRESENTATION_BASE).css $(PRESENTATION_BASE).log $(PRESENTATION_BASE).out $(PRESENTATION_BASE)-js.* $(PRESENTATION_BASE).tex
74
 

	
75
 
err: ; $(ERR)
76
 

	
77
 
install: all
78
 
	/usr/bin/rsync -HavP --exclude ui ./ copyleft.org:/var/www/presentations/$(PRESENTATION_BASE)/
79
 
	-ssh copyleft.org 'mkdir -p /var/www/presentations/$(PRESENTATION_BASE)/ui/conservancy/'
80
 
	/usr/bin/rsync -HavP ui/conservancy/  copyleft.org:/var/www/presentations/$(PRESENTATION_BASE)/ui/conservancy/
81
 
	-ssh copyleft.org 'find /var/www/presentations/$(PRESENTATION_BASE) -exec chmod gou+r {} \;'
82
 
	-ssh copyleft.org 'find /var/www/presentations/$(PRESENTATION_BASE) -type d -exec chmod gou+rx {} \;'
83
 
	./pres-cmd
presentations/30min-specific-sections/cc-by-sa-4-0_88x31.png | Added tip
 
new file 100644
 
binary diff not shown
Show images
presentations/30min-specific-sections/pres-cmd | Added tip
 
new file 100755
1
 
#!/bin/sh
2
 

	
3
 
talk=half-day-gpl/specific-sections
4
 

	
5
 
rsync -HavP ./  /home/pres/$talk/
6
 
rm -rf /home/pres/$talk/ui
7
 
rsync -HavP ~/talks/ui/  /home/pres/$talk/ui/
8
 
find /home/pres/$talk -exec chmod gou+r {} \;
9
 
find /home/pres/$talk -type d -exec chmod gou+rx {} \;
presentations/30min-specific-sections/specific-sections.md | Added tip
 
new file 100644
1
 
% Considering Key Sections of the GPL
2
 
% Bradley M. Kuhn &amp; Karen M. Sandler
3
 
% Tuesday 9 May 2017
4
 

	
5
 

	
6
 
# Conditional Permissions
7
 

	
8
 
+ A copyleft license grants copyright permissions, conditionally.
9
 

	
10
 
+ Think of the phrase: &ldquo;provided that&rdquo;
11
 

	
12
 
+ &ldquo;provided that&rdquo;: appears (in some form) only
13
 

	
14
 
+ 4 times in GPLv2
15
 

	
16
 
+ 9 times in GPLv3.
17
 

	
18
 
# Considering Sections of the GPL
19
 

	
20
 
+ GPL interacts extensively with 17 USC&sect;106(2) &amp; 17 USC&sect;106(3)
21
 

	
22
 
+ GPL hinges on modification and distribution.
23
 

	
24
 
# Why Permission to Modify?
25
 

	
26
 
+ Your new copyrights are your copyrights:
27
 
     + you are fixed it in a tangible medium.
28
 

	
29
 
+ Exclusive right of copyright holders:
30
 
     + Control on &ldquo;preparation of derivative works&rdquo;
31
 
     + Distribution of the work.
32
 
     + Note the combination of these.
33
 
     
34
 
+ Again, see 17 USC&sect;106
35
 

	
36
 
+ N.B.: &ldquo;derivative works&rdquo; is USA-centric, modify is more international)
37
 

	
38
 
# Modification As a Center Provision
39
 

	
40
 
+ GPL's central tenant:
41
 

	
42
 
+ You can make a modified version of various types privately as much as you'd like.
43
 

	
44
 
+ When you distribute that modified version, you have requirements to meet.
45
 

	
46
 
+ Technological considerations dictate necessity of more complex rules for
47
 
certain types of modifications.
48
 

	
49
 
# GPLv2 &sect; 2(a-b)
50
 

	
51
 
<span class="fitonslide">
52
 
<p>[GPLv2&sect;]2. You may modify your copy or copies of the Program or any
53
 
portion of it, thus forming a work based on the Program, and copy and
54
 
distribute such modifications or work under the terms of Section 1 above,
55
 
provided that you also meet all of these conditions:
56
 
<br/>
57
 
<br/>
58
 
a) You must cause the modified files to carry prominent notices stating
59
 
that you changed the files and the date of any change.
60
 
<br/>
61
 
<br/>
62
 
b) You must cause any work that you distribute or publish, that in
63
 
whole or in part contains or is derived from the Program or any
64
 
part thereof, to be licensed as a whole at no charge to all third
65
 
parties under the terms of this License.
66
 
</p>
67
 
</span>
68
 

	
69
 
# GPLv3&sect;5(a-c)
70
 

	
71
 
<span class="fitonslide">
72
 
<p>
73
 
You may convey a work based on the Program, or the modifications to
74
 
produce it from the Program, in the form of source code under the
75
 
terms of section 4, provided that you also meet all of these conditions:
76
 
<br/>
77
 
<br/>
78
 
a) The work must carry prominent notices stating that you modified it, and
79
 
giving a relevant date.
80
 
<br/>
81
 
<br/>
82
 
b) The work must carry prominent notices stating that it is released under
83
 
this License and any conditions added under section 7.  This requirement
84
 
modifies the requirement in section 4 to "keep intact all notices".
85
 
<br/>
86
 
<br/>
87
 
c) You must license the entire work, as a whole, under this License to anyone
88
 
who comes into possession of a copy.  This License will therefore apply,
89
 
along with any applicable section 7 additional terms, to the whole of the
90
 
work, and all its parts, regardless of how they are packaged.  This License
91
 
gives no permission to license the work in any other way, but it does not
92
 
invalidate such permission if you have separately received it.
93
 
</p>
94
 
</span>
95
 

	
96
 
# GPLv2&sect;2&para; penultimates
97
 

	
98
 
<span class="fitonslide">
99
 
<p>
100
 
These requirements apply to the modified work as a whole.  If
101
 
identifiable sections of that work are not derived from the Program,
102
 
and can be reasonably considered independent and separate works in
103
 
themselves, then this License, and its terms, do not apply to those
104
 
sections when you distribute them as separate works.  But when you
105
 
distribute the same sections as part of a whole which is a work based
106
 
on the Program, the distribution of the whole must be on the terms of
107
 
this License, whose permissions for other licensees extend to the
108
 
entire whole, and thus to each and every part regardless of who wrote it.
109
 
<br/>
110
 
<br/>
111
 
Thus, it is not the intent of this section to claim rights or contest
112
 
your rights to work written entirely by you; rather, the intent is to
113
 
exercise the right to control the distribution of derivative or
114
 
collective works based on the Program.
115
 
</p>
116
 

	
117
 
</span>
118
 

	
119
 
# GPLv3 &sect;0 &para;1-5
120
 
<span class="fitonslide">
121
 
<p>
122
 
  "Copyright" also means copyright-like laws that apply to other kinds of
123
 
works, such as semiconductor masks.
124
 
<br/>
125
 
<br/>
126
 
  "The Program" refers to any copyrightable work licensed under this
127
 
License.  Each licensee is addressed as "you".  "Licensees" and
128
 
"recipients" may be individuals or organizations.
129
 
<br/>
130
 
<br/>
131
 
To "modify" a work means to copy from or adapt all or part of the work
132
 
in a fashion requiring copyright permission, other than the making of an
133
 
exact copy.  The resulting work is called a "modified version" of the
134
 
earlier work or a work "based on" the earlier work.
135
 
<br/>
136
 
<br/>
137
 
  A "covered work" means either the unmodified Program or a work based
138
 
on the Program.
139
 
</p>
140
 

	
141
 
# Binaries (Object Code) are Modifications
142
 

	
143
 
+ Software that the computer understands is different than software humans
144
 
  read.
145
 

	
146
 
+ There is often a process required to modify (and/or translate) the software
147
 
  from human-readable
148
 
      + This process can be done ahead of time.
149
 

	
150
 
+ Separation of source and binary create first proprietary software.
151
 
      + GPL uses the fact that binaries are modifications (which are often
152
 
        distribution) to prevent proprietarization.
153
 

	
154
 
# GPLv2 &sect; 3(a-b)
155
 

	
156
 
<span class="fitonslide">
157
 
<p>
158
 
<p>[GPLv2&sect;]3. You may copy and distribute the Program (or a work based on it,
159
 
under Section 2) in object code or executable form under the terms of
160
 
Sections 1 and 2 above provided that you also do one of the following:
161
 
<br/>
162
 
<br/>
163
 
a) Accompany it with the complete corresponding machine-readable
164
 
source code, which must be distributed under the terms of Sections
165
 
1 and 2 above on a medium customarily used for software interchange; or,
166
 
<br/>
167
 
<br/>
168
 
b) Accompany it with a written offer, valid for at least three
169
 
years, to give any third party, for a charge no more than your
170
 
cost of physically performing source distribution, a complete
171
 
machine-readable copy of the corresponding source code, to be
172
 
distributed under the terms of Sections 1 and 2 above on a medium
173
 
customarily used for software interchange;
174
 
</p>
175
 
</span>
176
 

	
177
 
# GPLv3 &sect; 6(a-b)
178
 

	
179
 
<span class="fitonslide">
180
 
<p>
181
 
[GPLv3 &sect; ] 6. Conveying Non-Source Forms.
182
 
<br/>
183
 
<br/>
184
 
You may convey a covered work in object code form under the terms
185
 
of sections 4 and 5, provided that you also convey the
186
 
machine-readable Corresponding Source under the terms of this License,
187
 
in one of these ways:
188
 
<br/>
189
 
<br/>
190
 
a) Convey the object code in, or embodied in, a physical product
191
 
(including a physical distribution medium), accompanied by the
192
 
Corresponding Source fixed on a durable physical medium
193
 
customarily used for software interchange.
194
 
<br/>
195
 
<br/>
196
 
b) Convey the object code in, or embodied in, a physical product
197
 
(including a physical distribution medium), accompanied by a
198
 
written offer, valid for at least three years and valid for as
199
 
long as you offer spare parts or customer support for that product
200
 
model, to give anyone who possesses the object code either (1) a
201
 
copy of the Corresponding Source for all the software in the
202
 
product that is covered by this License, on a durable physical
203
 
medium customarily used for software interchange, for a price no
204
 
more than your reasonable cost of physically performing this
205
 
conveying of source, or (2) access to copy the
206
 
Corresponding Source from a network server at no charge.
207
 
</p>
208
 
</span>
209
 

	
210
 
# GPLv3 &sect; 1 &para; 1, 4-6
211
 

	
212
 
<span class="fitonslide">
213
 
<p>
214
 
The "source code" for a work means the preferred form of the work
215
 
for making modifications to it.  "Object code" means any non-source
216
 
form of a work.
217
 
<br/>
218
 
<br/>
219
 
The "Corresponding Source" for a work in object code form means all the
220
 
source code needed to generate, install, and (for an executable work) run the
221
 
object code and to modify the work, including scripts to control those
222
 
activities.  However, it does not include the work's System Libraries, or
223
 
general-purpose tools or generally available free programs which are used
224
 
unmodified in performing those activities but which are not part of the work.
225
 
For example, Corresponding Source includes interface definition files
226
 
associated with source files for the work, and the source code for shared
227
 
libraries and dynamically linked subprograms that the work is specifically
228
 
designed to require, such as by intimate data communication or control flow
229
 
between those subprograms and other parts of the work.
230
 
<br/>
231
 
<br/>
232
 
The Corresponding Source need not include anything that users
233
 
can regenerate automatically from other parts of the Corresponding
234
 
Source.
235
 
<br/>
236
 
<br/>
237
 
The Corresponding Source for a work in source code form is that
238
 
same work.
239
 
</p>
240
 
</span>
241
 

	
242
 
# More Info / Talk License
243
 

	
244
 
<img align="right" src="cc-by-sa-4-0_88x31.png" />
245
 

	
246
 
+ Specific Sections of Copyleft Guide relating to these topics:
247
 
     - [Modified Source and Binary Distribution](https://copyleft.org/guide/comprehensive-gpl-guidech6.html#x9-410005)
248
 
     - [GPLv3 &sect;5: Modified Source](https://copyleft.org/guide/comprehensive-gpl-guidech10.html#x13-780009.8)
249
 
     - [GPLv3 &sect;6: Non-Source and Corresponding Source](https://copyleft.org/guide/comprehensive-gpl-guidech10.html#x13-790009.9)
250
 

	
251
 
<span class="fitonslide">
252
 
<p>Presentation and slides are: Copyright &copy; Bradley M. Kuhn (2008&ndash;2011, 2015, 2017), Karen M. Sandler (2017), and are licensed under the <a rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/legalcode">Creative Commons Attribution-Share Alike 4.0 International License</a>. </p>
253
 
</span>
presentations/Basic-Legal-Issues-for-Understanding-Copyleft.odp | Added tip
 
new file 100644
 
binary diff not shown
presentations/Landscape-of-GPL-Enforcement.odp | Added tip
 
new file 100644
 
binary diff not shown
presentations/ccs-report-examples/Makefile | Added tip
 
new file 100644
1
 
# Makefile for Presentation
2
 
#
3
 
# You can change the PRESENTATION_BASE below, or if you like, or set it as
4
 
# an environment variable before you type make.
5
 

	
6
 
ifndef PRESENTATION_BASE
7
 
PRESENTATION_BASE=ccs-examples
8
 
endif 
9
 

	
10
 
DO_INCREMENTAL_POINTS = -i -s
11
 

	
12
 

	
13
 
# This should be the path to your checkout of the repository.  Under that
14
 
# directory, you must have a checkout of /Admin/Forms/TeX.
15
 

	
16
 
PATH := $(PATH):/usr/share/tex4ht
17
 

	
18
 

	
19
 
PANDOC=/usr/bin/pandoc
20
 
TEX4HT=tex4ht
21
 
T4HT=t4ht
22
 
PDFLATEX = pdflatex
23
 
LATEX = /usr/bin/latex
24
 
BIBTEX = bibtex
25
 
FIG2DEV = fig2dev
26
 
DVIPS=/usr/bin/dvips
27
 

	
28
 
PDF_FIGS = ui/conservancy/logo.pdf
29
 
EPS_FIGS = ui/conservancy/logo.eps
30
 

	
31
 
all:	err $(PRESENTATION_BASE).ps $(PRESENTATION_BASE).html
32
 
all:	$(PRESENTATION_BASE).html
33
 

	
34
 
.SUFFIXES: .fig .postscript .eps .pdf .pstex_t .pstex .ps .dvi .tex
35
 

	
36
 
.postscript.pdf:
37
 
	ps2pdf $< $@
38
 

	
39
 
.postscript.eps:
40
 
	ps2epsi $< $@
41
 

	
42
 
.dvi.ps:
43
 
	$(DVIPS) $< -o $@
44
 

	
45
 
.tex.dvi:
46
 
	$(LATEX) $<
47
 

	
48
 
.fig.pdf:
49
 
	$(FIG2DEV) -L pdf -p "portrait" -c $< > $@
50
 

	
51
 
.fig.pstex_t:
52
 
	$(FIG2DEV) -L pstex_t $< > $@
53
 

	
54
 
.fig.pstex:
55
 
	$(FIG2DEV) -L pstex $< > $@
56
 

	
57
 
$(PRESENTATION_BASE).tex: $(PDF_FIGS) $(PRESENTATION_BASE).md
58
 
	$(PANDOC) -S -s -f markdown -t latex $(PRESENTATION_BASE).md -o $(PRESENTATION_BASE).tex
59
 

	
60
 
$(PRESENTATION_BASE).pdf: $(PRESENTATION_BASE).tex $(PDF_FIGS)
61
 
	$(PANDOC) -S -s -f markdown -t latex $(PRESENTATION_BASE).md -o $(PRESENTATION_BASE).tex
62
 
	$(PDFLATEX)  $(PRESENTATION_BASE).tex
63
 
	$(PDFLATEX)  $(PRESENTATION_BASE).tex
64
 

	
65
 
$(PRESENTATION_BASE).html: $(PRESENTATION_BASE).md
66
 
	$(PANDOC) $(DO_INCREMENTAL_POINTS) -s -S --template ./ui/conservancy/pandoc-s5-template.html -f markdown -t s5 $(PRESENTATION_BASE).md -o $(PRESENTATION_BASE).html
67
 

	
68
 
$(PRESENTATION_BASE).dvi: $(PRESENTATION_BASE).tex $(EPS_FIGS)
69
 
	$(LATEX)  $(PRESENTATION_BASE).tex
70
 
	$(LATEX)  $(PRESENTATION_BASE).tex
71
 

	
72
 
clean:
73
 
	/bin/rm -f $(PRESENTATION_BASE).ps $(PRESENTATION_BASE).pdf $(PRESENTATION_BASE).log texput.log $(PRESENTATION_BASE).lg $(PRESENTATION_BASE).tmp $(PRESENTATION_BASE).xref *.4ct *.4tc *.aux *.dvi $(PRESENTATION_BASE)*.html *.idv *.lg *.tmp $(PRESENTATION_BASE).css $(PRESENTATION_BASE).log $(PRESENTATION_BASE).out $(PRESENTATION_BASE)-js.* $(PRESENTATION_BASE).tex
74
 

	
75
 
err: ; $(ERR)
76
 

	
77
 
install: all
78
 
	/usr/bin/rsync -HavP --exclude ui ./ copyleft.org:/var/www/presentations/$(PRESENTATION_BASE)/
79
 
	-ssh copyleft.org 'mkdir -p /var/www/presentations/$(PRESENTATION_BASE)/ui/conservancy/'
80
 
	/usr/bin/rsync -HavP ui/conservancy/  copyleft.org:/var/www/presentations/$(PRESENTATION_BASE)/ui/conservancy/
81
 
	-ssh copyleft.org 'find /var/www/presentations/$(PRESENTATION_BASE) -exec chmod gou+r {} \;'
82
 
	-ssh copyleft.org 'find /var/www/presentations/$(PRESENTATION_BASE) -type d -exec chmod gou+rx {} \;'
83
 
	./pres-cmd
presentations/ccs-report-examples/cc-by-sa-4-0_88x31.png | Added tip
 
new file 100644
 
binary diff not shown
Show images
presentations/ccs-report-examples/ccs-examples.md | Added tip
 
new file 100644
1
 
% Examples of CCS Reports
2
 
% Bradley M. Kuhn &amp; Karen M. Sandler
3
 
% Tuesday 9 May 2017
4
 

	
5
 
# CCS "Round" Reports
6
 

	
7
 
+ Evaluate each CCS candidate.
8
 

	
9
 
+ Someone "skilled in the art" attempts to build.
10
 

	
11
 
+ Detailed notes are sent, asking for new CCS candidate "round".
12
 

	
13
 
+ Some anonyomized real world examples.
14
 

	
15
 
# No Build Instructions
16
 

	
17
 
<hr/>
18
 
    The primary issues we found were a dearth of build instructions as well 
19
 
    as a complete lack of installation instructions.  There was no 
20
 
    information that mentioned how one might build each package so we had to 
21
 
    guess about which Makefile and/or build script to run for each package.
22
 
    And in many cases it was not possible or straight-forward to build - this
23
 
    must be resolved in the next source candidate.
24
 

	
25
 
# Making General Recommendations
26
 

	
27
 
<hr/>
28
 
    We generally recommend that the source release be a single file (ie. one
29
 
    tarball containing all packages required for the build) that includes a
30
 
    README or similar in the main directory explaining exactly how to build
31
 
    and install all of the packages.  See section 21.2 of
32
 
    http://compliance.guide/pristine-example for an excellent example.
33
 

	
34
 
# Suspicious, But Not Captious.
35
 

	
36
 
<hr/>
37
 
    Also, we noticed that some packages mentioned in the "OPEN SOURCE
38
 
    SOFTWARE NOTICE" included with the device (and also downloaded as part of
39
 
    the source release; see
40
 
    Open_Source_Software_Notice_and_Privacy_Policy.pdf ) could not be found
41
 
    in the source release.  For example, we found "Software: Samba 3.0.XX" in
42
 
    the notice, but could not find any trace of Samba in the source release.
43
 
    Please ensure that all the software included in the notice is included in
44
 
    the source release as well.
45
 

	
46
 
# Nesting Doll Packages
47
 

	
48
 
<hr/>
49
 

	
50
 
    Once extracted, the 3 .rar files above produce the following output 
51
 
    files:
52
 
         * busybox-1.21.1.rar
53
 
         * AB_A0101.123.tar.gz
54
 
         * source.rar
55
 
         * a small text file that gives two-word descriptions of the above files
56
 

	
57
 

	
58
 
# Actual(ly Trying to) Build
59
 

	
60
 
<hr/>
61
 

	
62
 
    This file included no instructions for how one might build it so we 
63
 
    tried to run "make" but received the following error:
64
 

	
65
 
    $ make
66
 
    .../busybox-1.21.1/scripts/gcc-version.sh: line 11: 
67
 
    arm-none-linux-gnueabi-gcc: command not found
68
 

	
69
 
# Toolchain?
70
 

	
71
 
+ The toolchain is rarely considered mandatory as part of &ldquo;the
72
 
  scripts&rdquo;.
73
 

	
74
 
+ Admittedly, it doesn't *control* compilation, it *is* compilation.
75
 

	
76
 
+ The script here is explaining precisely what type of toolchain is needed.
77
 

	
78
 
+ Something like: &ldquo;GCC vX built with the following ./configure
79
 
  line&rdquo; is usually adequate.
80
 

	
81
 
+ But including the toolchain is a nice step to make it easy for your users.
82
 

	
83
 
<hr>
84
 
> the scripts used to **control compilation** and installation of the executable.
85
 

	
86
 
<p align=right>
87
 
&mdash; GPLv2&sect;3
88
 
</p>
89
 
</span>
90
 

	
91
 
# We Guess at Compiler Anyway
92
 

	
93
 
<hr/>
94
 
    So we searched for an arm-none-linux-gnueabi- cross-compiler in the 
95
 
    other files but could not find one.  We then tried to use our own (be 
96
 
    editing the PATH appropriately), which did get us past this error.  Note 
97
 
    that this is not acceptable in a source release - the cross-compiler 
98
 
    that a user must use needs to be clearly indicated (name, version, etc.) 
99
 
    and/or included with the source release.
100
 

	
101
 
# Feedback on Small Problems
102
 

	
103
 
<hr/>
104
 

	
105
 
     Once we had the custom cross-compiler configured, we then ran into these 
106
 
     errors:
107
 
     
108
 
     $ make
109
 
     .../busybox-1.21.1/scripts/gen_build_files.sh: Permission denied
110
 
     make: *** [gen_build_files] Error 127
111
 
     
112
 
     $ make
113
 
     .../busybox-1.21.1/scripts/mkconfigs: Permission denied
114
 
     make: *** [include/config/MARKER] Error 126
115
 
     
116
 
     $ make
117
 
     /bin/sh: applets/usage_compressed: Permission denied
118
 
     make[1]: *** [include/usage_compressed.h] Error 126
119
 
     make: *** [applets_dir] Error 2
120
 
     
121
 
     $ make
122
 
     .../busybox-1.21.1/scripts/trylink: Permission denied
123
 
     make: *** [busybox_unstripped] Error 126
124
 
     
125
 
     In each case, we found the mentioned file and then added executable 
126
 
     permissions to it (ie. "chmod u+x scripts/gen_build_files.sh").  This 
127
 
     must be fixed in the next source release - please set the executable 
128
 
     bits on the above files appropriately in the archive file you 
129
 
     distribute.
130
 

	
131
 
# Install Instructions missing
132
 

	
133
 
<hr/>
134
 
     After fixing the above, a "busybox" binary was generated.  However, 
135
 
     there were no instructions to indicate how one might install this binary 
136
 
     on the device.  Such instructions are required by GPLv2, under which 
137
 
     BusyBox is licensed.  Please include the instructions in your next 
138
 
     source release.
139
 

	
140
 
# Build "Only Seems" To build
141
 

	
142
 
<hr/>
143
 
     For the AAB_A0101.123.tar.gz package, we ran "./build.sh", the build
144
 
     took about 140 seconds, which is less than one would expect for building
145
 
     all of the programs listed in the "OPEN SOURCE SOFTWARE NOTICE".  The
146
 
     only files we could immediately find that were clearly the result of
147
 
     this "./build.sh" invocation were some kernel image binaries, found in
148
 
     path/path/path/path/path/KERNEL_OBJ .  This path was not mentioned at
149
 
     all and we had to guess at where they might be.
150
 

	
151
 
# Maybe Proprietary Kernel Modules?
152
 

	
153
 
<hr/>
154
 
     Furthermore, there were no .ko files generated, which is abnormal for a
155
 
     build of the kernel, Linux.  Please ensure that all .ko files which are
156
 
     used on the system are generated with "./build.sh" or a similar script.
157
 

	
158
 
# Weird versioning
159
 

	
160
 
<hr/>
161
 

	
162
 
     * The following libraries have different versions in the firmware than
163
 
        is built from the candidate CCS.  Specifically, your candidate CCS
164
 
        contains version "1800", and the firmware has version "2400".  Since
165
 
        most of these libraries are licensed under the LGPL, you are required
166
 
        to have the complete, corresponding source present for the correct
167
 
        version as distributed in the firmware.  You also must include the
168
 
        "scripts to control compilation and installation of the executable".
169
 
     
170
 
           * lib/libgio-2.0.so.0.2400.2
171
 
           * lib/libglib-2.0.so.0.2400.2
172
 
           * lib/libgmodule-2.0.so.0.2400.2
173
 
           * lib/libgobject-2.0.so.0.2400.2
174
 
           * lib/libgthread-2.0.so.0.2400.2
175
 
           * lib/libz.so.1.2.5  (version 1.2.2 is provided in the sources)
176
 
      
177
 
# Weird Build Issues Over Many Candidates
178
 

	
179
 
<hr/>
180
 
    You mentioned in your Round 6 commentary that you have corrected the
181
 
    thatlib issues.  However, we are unable to see what you mean.  There are
182
 
    now two copies of thatlib, one in 2624.7_524/uclinux-rootfs/lib/thatlib/,
183
 
    as well as the one in yourlibs.  We aren't sure which one you intend to
184
 
    be built to generate the binaries on the firmware.  When we try to build
185
 
    the yourlibs one from scratch, by cleaning the whole area, we get the
186
 
    following build issues.  Here's what we did:
187
 

	
188
 
# Getting Really build-technical
189
 

	
190
 
<hr/>
191
 

	
192
 
    We ran:
193
 

	
194
 
      make -C libsrc/thatlib install
195
 

	
196
 
    which did not work because of a missing Makefile error. We read the
197
 
    build source and discovered that the Makefile, etc, for that directory
198
 
    is generated by running:
199
 

	
200
 
       cd libsrc/thatlib/thatlib-0.9.22_mipsel-uclibc; sh configure_thatlib_mipsel-uclibc
201
 

	
202
 
    Once we did that
203
 

	
204
 
       make -C libsrc/thatlib install
205
 

	
206
 
     worked correctly. The only remaining binaries were in build source and
207
 
     discovered that the Makefile, etc, for that directory is generated by
208
 
     running:
209
 

	
210
 
       cd libsrc/thatlib/thatlib-0.9.22_mipsel-uclibc; sh configure_thatlib_mipsel-uclibc
211
 

	
212
 
# Getting Really build-technical
213
 

	
214
 
<hr/>
215
 

	
216
 
    Once we did that
217
 

	
218
 
       make -C libsrc/thatlib install
219
 

	
220
 
     worked correctly. The only remaining binaries were in
221
 
     ./libsrc/thatlib/\{YOURLIB_ROOT_DIR\}/ which looks like a build with a
222
 
     misconfigured environment somehow, so we simply removed that
223
 
     directory.
224
 

	
225
 
     Then, after running make clean, thatlib failed with the following
226
 
     errors. Random .o/.so files laying around in the thatlib source
227
 
     directory, and then it failing to build correctly after they are
228
 
     removed.  If there some set of .so files you claim are not required
229
 
     as part of the C&CS since thatlib is LGPL'd, we understand that, but
230
 
     the rest of the sources must build and install those other .so's.
231
 
     Here's the build error we get in the bdvdlibs version:
232
 

	
233
 
# Getting Really build-technical
234
 

	
235
 
<hr/>
236
 

	
237
 
     mkdir .libs/libthatlibwm_default.a.tmp
238
 
     (cd .libs/libthatlibwm_default.a.tmp && ar x ../../.libs/libthatlibwm_default.a)
239
 
     mkdir .libs/libthatlibwm_default.a.tmp
240
 
     (cd .libs/libthatlibwm_default.a.tmp && ar x ../../.libs/libthatlibwm_default.a)
241
 
     /opt/toolchains/crosstools_sf-linux-2.6.18.0_gcc-4.2-9ts_uclibc-nptl-0.9.29-20070423_20080702/bin//mipsel-uclibc-
242
 
       ld -o libthatlibwm_default.o -r .libs/libthatlibwm_default.a.tmp/*.o
243
 
     /opt/toolchains/crosstools_sf-linux-2.6.18.0_gcc-4.2-9ts_uclibc-nptl-0.9.29-20070423_20080702/bin//mipsel-uclibc-
244
 
       ld: .libs/libthatlibwm_default.a.tmp/default.o: Relocations in generic ELF (EM: 3)
245
 
     /opt/toolchains/crosstools_sf-linux-2.6.18.0_gcc-4.2-9ts_uclibc-nptl-0.9.29-20070423_20080702/bin//mipsel-uclibc-
246
 
       ld: .libs/libthatlibwm_default.a.tmp/default.o: Relocations in generic ELF (EM: 3)
247
 
     /opt/toolchains/crosstools_sf-linux-2.6.18.0_gcc-4.2-9ts_uclibc-nptl-0.9.29-20070423_20080702/bin//mipsel-uclibc-
248
 
       ld: .libs/libthatlibwm_default.a.tmp/default.o: Relocations in generic ELF (EM: 3)
249
 
     /opt/toolchains/crosstools_sf-linux-2.6.18.0_gcc-4.2-9ts_uclibc-nptl-0.9.29-20070423_20080702/bin//mipsel-uclibc-
250
 
       ld: .libs/libthatlibwm_default.a.tmp/default.o: Relocations in generic ELF (EM: 3)
251
 
     .libs/libthatlibwm_default.a.tmp/default.o: could not read symbols: File in wrong format
252
 
     make[4]: *** [libthatlibwm_default.o] Error 1
253
 

	
254
 
# Proprietary Linux Modules Are Everywhere 
255
 

	
256
 
<hr/>
257
 
     We did find one .ko file that was already included in the package, but
258
 
     wasn't built when we ran "./build.sh".  This is
259
 
     path/path/android_X.X/device/device-type/mydevice.ko , which notes that
260
 
     its license is "GPL v2" in the modinfo, but for which we could find no
261
 
     source code in the source release.  Please ensure that the source code
262
 
     for mydevice.ko is included in the next source candidate.
263
 

	
264
 
# Proprietary Linux Modules Are Everywhere 
265
 

	
266
 
<hr/>
267
 

	
268
 
     * The following files are derivative of the kernel named Linux and
269
 
        therefore covered by the GPL.  However, no source code, scripts to
270
 
        control compilation nor installation are included in your CCS
271
 
        candidate:
272
 
              lib/modules/myfilesystem.ko
273
 
              lib/modules/mydevicecontroller.ko
274
 
              lib/modules/myblockdevice.ko
275
 
              lib/modules/mypcicard.ko
276
 

	
277
 
# Non-Technical GPL Compliance Issues
278
 

	
279
 
<hr/>
280
 
    Regarding over the air updates: we'd like to see a screenshot or other
281
 
      details documenting what has now been implemented by BestBuy to make
282
 
      sure the offer for source appears to users appropriately after
283
 
      upgrade.  There was a consensus reached on the last conference call
284
 
      how this would be done, so we only need follow up and implementation
285
 
      on that.
286
 

	
287
 

	
288
 
# Binary Comparison.
289
 

	
290
 
<hr/>
291
 

	
292
 
     Note that we did not receive a firmware image to compare this with 
293
 
    (though we do have the device).  Company's website did not appear to 
294
 
    have any firmware images available for download.  It would be helpful to 
295
 
    have such an image for the next CCS check.
296
 

	
297
 
    The above source candidate was downloaded from 
298
 
    http:///sourcez.company.com/en/search/index.htm?keywords=X1234Y, which 
299
 
    was alluded to in Company's 2017-01-18 email to us that said:
300
 

	
301
 
    "You can check this website 
302
 
    http://sourcez.company.com/en/search/index.htm "
303
 

	
304
 
    The email did not mention how to use that website, but we found that by 
305
 
    entering "X1234Y" into the top right search box that we could find the 
306
 
    source file list.
307
 

	
308
 
    Note that the offer for source included in the web UI of the device said 
309
 
    to email NAME@COMPANY.com , which is how the above instructions for 
310
 
    downloading the source were received.
311
 

	
312
 
# More Info / Talk License
313
 

	
314
 
<img align="right" src="cc-by-sa-4-0_88x31.png" />
315
 

	
316
 
+ Specific Sections of Copyleft Guide relating to these topics:
317
 
      - [The Pristine Example](https://copyleft.org/guide/comprehensive-gpl-guidech22.html#x29-15900021)
318
 
      - [Details of a Compliant Distribution](https://copyleft.org/guide/comprehensive-gpl-guidech16.html#x21-12700015)
319
 

	
320
 
<span class="fitonslide">
321
 
<p>Presentation and slides are: Copyright &copy; Bradley M. Kuhn (2008&ndash;2011, 2015, 2017), Karen M. Sandler (2017), and are licensed under the <a rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/legalcode">Creative Commons Attribution-Share Alike 4.0 International License</a>. </p>
322
 
</span>
presentations/ccs-report-examples/pres-cmd | Added tip
 
new file 100755
1
 
#!/bin/sh
2
 

	
3
 
talk=half-day-gpl/ccs-examples
4
 

	
5
 
rsync -HavP ./  /home/pres/$talk/
6
 
rm -rf /home/pres/$talk/ui
7
 
rsync -HavP ~/talks/ui/  /home/pres/$talk/ui/
8
 
find /home/pres/$talk -exec chmod gou+r {} \;
9
 
find /home/pres/$talk -type d -exec chmod gou+rx {} \;
presentations/non-copyright-systems/Makefile | Added tip
 
new file 100644
 
# Makefile for Presentation
 
#
 
# You can change the PRESENTATION_BASE below, or if you like, or set it as
 
# an environment variable before you type make.
 

	
 
ifndef PRESENTATION_BASE
 
PRESENTATION_BASE=ccs-examples
 
endif 
 

	
 
DO_INCREMENTAL_POINTS = -i -s
 

	
 

	
 
# This should be the path to your checkout of the repository.  Under that
 
# directory, you must have a checkout of /Admin/Forms/TeX.
 

	
 
PATH := $(PATH):/usr/share/tex4ht
 

	
 

	
 
PANDOC=/usr/bin/pandoc
 
TEX4HT=tex4ht
 
T4HT=t4ht
 
PDFLATEX = pdflatex
 
LATEX = /usr/bin/latex
 
BIBTEX = bibtex
 
FIG2DEV = fig2dev
 
DVIPS=/usr/bin/dvips
 

	
 
PDF_FIGS = ui/conservancy/logo.pdf
 
EPS_FIGS = ui/conservancy/logo.eps
 

	
 
all:	err $(PRESENTATION_BASE).ps $(PRESENTATION_BASE).html
 
all:	$(PRESENTATION_BASE).html
 

	
 
.SUFFIXES: .fig .postscript .eps .pdf .pstex_t .pstex .ps .dvi .tex
 

	
 
.postscript.pdf:
 
	ps2pdf $< $@
 

	
 
.postscript.eps:
 
	ps2epsi $< $@
 

	
 
.dvi.ps:
 
	$(DVIPS) $< -o $@
 

	
 
.tex.dvi:
 
	$(LATEX) $<
 

	
 
.fig.pdf:
 
	$(FIG2DEV) -L pdf -p "portrait" -c $< > $@
 

	
 
.fig.pstex_t:
 
	$(FIG2DEV) -L pstex_t $< > $@
 

	
 
.fig.pstex:
 
	$(FIG2DEV) -L pstex $< > $@
 

	
 
$(PRESENTATION_BASE).tex: $(PDF_FIGS) $(PRESENTATION_BASE).md
 
	$(PANDOC) -S -s -f markdown -t latex $(PRESENTATION_BASE).md -o $(PRESENTATION_BASE).tex
 

	
 
$(PRESENTATION_BASE).pdf: $(PRESENTATION_BASE).tex $(PDF_FIGS)
 
	$(PANDOC) -S -s -f markdown -t latex $(PRESENTATION_BASE).md -o $(PRESENTATION_BASE).tex
 
	$(PDFLATEX)  $(PRESENTATION_BASE).tex
 
	$(PDFLATEX)  $(PRESENTATION_BASE).tex
 

	
 
$(PRESENTATION_BASE).html: $(PRESENTATION_BASE).md
 
	$(PANDOC) $(DO_INCREMENTAL_POINTS) -s -S --template ./ui/conservancy/pandoc-s5-template.html -f markdown -t s5 $(PRESENTATION_BASE).md -o $(PRESENTATION_BASE).html
 

	
 
$(PRESENTATION_BASE).dvi: $(PRESENTATION_BASE).tex $(EPS_FIGS)
 
	$(LATEX)  $(PRESENTATION_BASE).tex
 
	$(LATEX)  $(PRESENTATION_BASE).tex
 

	
 
clean:
 
	/bin/rm -f $(PRESENTATION_BASE).ps $(PRESENTATION_BASE).pdf $(PRESENTATION_BASE).log texput.log $(PRESENTATION_BASE).lg $(PRESENTATION_BASE).tmp $(PRESENTATION_BASE).xref *.4ct *.4tc *.aux *.dvi $(PRESENTATION_BASE)*.html *.idv *.lg *.tmp $(PRESENTATION_BASE).css $(PRESENTATION_BASE).log $(PRESENTATION_BASE).out $(PRESENTATION_BASE)-js.* $(PRESENTATION_BASE).tex
 

	
 
err: ; $(ERR)
 

	
 
install: all
 
	/usr/bin/rsync -HavP --exclude ui ./ copyleft.org:/var/www/presentations/$(PRESENTATION_BASE)/
 
	-ssh copyleft.org 'mkdir -p /var/www/presentations/$(PRESENTATION_BASE)/ui/conservancy/'
 
	/usr/bin/rsync -HavP ui/conservancy/  copyleft.org:/var/www/presentations/$(PRESENTATION_BASE)/ui/conservancy/
 
	-ssh copyleft.org 'find /var/www/presentations/$(PRESENTATION_BASE) -exec chmod gou+r {} \;'
 
	-ssh copyleft.org 'find /var/www/presentations/$(PRESENTATION_BASE) -type d -exec chmod gou+rx {} \;'
 
	./pres-cmd
presentations/non-copyright-systems/cc-by-sa-4-0_88x31.png | Added tip
 
new file 100644
 
binary diff not shown
Show images
presentations/non-copyright-systems/non-copyright.md | Added tip
 
new file 100644
 
% GPL's Handling of Non-Copyright Systems
 
% Bradley M. Kuhn &amp; Karen M. Sandler
 
% Tuesday 9 May 2017
 

	
 
# Non-Copyright Systems
 

	
 
+ Patents, NDAs, &amp; other agreements often impact software.
 

	
 
+ GPL is essentially a copyright license.
 
     - so, how does GPL handle these systems?
 

	
 
+ As always, GPL has **conditional** permissions.
 
     - some such conditions relate to these other legal regimes.
 

	
 
+ Compliance for these is much more legalistic than technical.
 

	
 

	
 
# GPLv2&sect;7
 

	
 
<span class="fitonslide">
 
<p>[GPLv2&sect;]7. If, as a consequence of a court judgment or allegation of patent
 
infringement or for any other reason (not limited to patent issues),
 
conditions are imposed on you (whether by court order, agreement or
 
otherwise) that contradict the conditions of this License, they do not
 
excuse you from the conditions of this License.  If you cannot
 
distribute so as to satisfy simultaneously your obligations under this
 
License and any other pertinent obligations, then as a consequence you
 
may not distribute the Program at all.  For example, if a patent
 
license would not permit royalty-free redistribution of the Program by
 
all those who receive copies directly or indirectly through you, then
 
the only way you could satisfy both it and this License would be to
 
refrain entirely from distribution of the Program.
 
</p>
 
</span>
 

	
 
# GPLv3 Improvements
 

	
 
+ GPLv3 expands GPLv2&sect;7 into multiple sections.
 

	
 
+ Creates detailed rules.
 
      - an improvement
 
      - legal compliance analysis is less complicated.
 

	
 
# Staffing Question
 

	
 
+ In complex environments, both lawyers &amp; developers should analyze
 
  compliance obligations.
 

	
 
+ Simple environments (i.e., no actual proprietary components in product),
 
  less expertise &amp; cross-disciplinary staff time needed.
 

	
 
# More Info / Talk License
 

	
 
<img align="right" src="cc-by-sa-4-0_88x31.png" />
 

	
 
+ Specific Sections of Copyleft Guide relating to these topics:
 
      - [GPLv2 &sect;7: “Give Software Liberty or Give It Death!”](https://copyleft.org/guide/comprehensive-gpl-guidech8.html#x11-540007.4)
 
      - [GPLv3 &sect;10: Explicit Downstream License](https://copyleft.org/guide/comprehensive-gpl-guidech10.html#x13-880009.13)
 
      - [GPLv3 &sect;11: Explicit Patent Licensing](https://copyleft.org/guide/comprehensive-gpl-guidech10.html#x13-890009.14)
 
      - [GPLv3 &sect;12: Familiar as GPLv2 &sect;7](https://copyleft.org/guide/comprehensive-gpl-guidech10.html#x13-920009.15)
 

	
 
<span class="fitonslide">
 
<p>Presentation and slides are: Copyright &copy; Bradley M. Kuhn (2008&ndash;2011, 2015, 2017), Karen M. Sandler (2017), and are licensed under the <a rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/legalcode">Creative Commons Attribution-Share Alike 4.0 International License</a>. </p>
 
</span>
presentations/non-copyright-systems/pres-cmd | Added tip
 
new file 100755
 
#!/bin/sh
 

	
 
talk=half-day-gpl/ccs-examples
 

	
 
rsync -HavP ./  /home/pres/$talk/
 
rm -rf /home/pres/$talk/ui
 
rsync -HavP ~/talks/ui/  /home/pres/$talk/ui/
 
find /home/pres/$talk -exec chmod gou+r {} \;
 
find /home/pres/$talk -type d -exec chmod gou+rx {} \;