Tech

Guides

Business Applications ▪ Database Management ▪ Disaster Recovery ▪ Enterprise Servers & Storage ▪ IT Security ▪ Java ▪ Microsoft Office Suite ▪ Network Admin ▪ Open Source ▪ SMB ▪ SOA ▪ Tech Management ▪ Software/Web Development ▪ Windows Server ▪ Wireless Tech

Software/Web Development TechGuides

Defender of the Linux faith

By Ingrid Marson, ZDNet UK, Special to ZDNet Asia
Thursday, March 24, 2005 10:44 AM

Harald Welte is single-handedly tackling companies that violate the GPL, and has some advice for those wanting to escape his wrath.

Earlier this month, open source developer Harald Welte personally handed over warning letters to 13 technology companies at the CeBIT technology show in Hannover, Germany, including telecoms giant Motorola and PC manufacturer Acer.

Welte is one of the core developers of the Linux kernel firewall engine Netfilter/iptables and the maintainer of the packet filter subsystem in the Linux kernel. In 2004 set up gpl-violations.org, which aims to prevent companies from contravening the rules set down in the GNU General Public License.

Since setting up the project, Welte has made 25 agreements with companies that were violating the GPL, as well as setting up two preliminary injunctions and one court order. Each of these companies used GPL code without making the source code available--a requirement of the licence.

ZDNet UK spoke to Welte about tracking down those companies that violate the GPL and how he persuades them to comply.

Q: Why is it important to stop people from violating the GPL?
A: You can use all the code out there for free, but if you do modifications you have to give them back to the community--it's a fairness thing. If we allowed violations to become common, the system would be out of equilibrium. This would result in fewer contributions and it would have a large negative impact on the motivation of developers.

How do you find out whether companies have used GPL licensed code?
It's quite hard without having the source code. All you can do is look at the firmware with a hex editor. You can often spot error messages or function names from GPL-licensed code. For example, there is an error message in the Netfilter code that says, "Rusty needs more caffeine." If someone writes a firewall they are very unlikely to come up with the same error message.

If somebody wants to obfuscate the fact that they have used the [GPL-licensed] source code, they can write a program to automatically change the error messages or strings. But if they try to hide it, it's a wilful copyright violation, which is a more serious legal offence.

What happens when you tell companies that they are violating the GPL?
Lots of companies that we are going after are resellers, so even if the device is sold as Fujitsu Siemens, it's not made by them, but is an OEM device. With resellers it's easier as we simply tell them, and they then put pressure on their upstream vendors.

In some cases we got an out-of-court agreement and the company agreed to stop distributing software that doesn't comply with the GPL license, but then did it again. This happened with Belkin and Netgear — half a year after signing the agreement, they introduced new products that came without any indication of source code availability. This has now been sorted out and they are fully compliant.

In general, we haven't had trouble persuading companies to comply, apart from [PC connectivity company] Sitecom.

What happened with Sitecom?
When we found out about Sitecom's GPL violation, my lawyer asked them to sign a declaration to stop distributing software that didn't comply with the GPL license. We didn't receive their signed declaration within the deadline, so we applied for a preliminary injunction. After they received the injunction they filed an appeal. The court ruled that it will uphold the preliminary injunction.

[More information on the Sitecom case can be found here]

Even though you have won every case so far, surely there's potential cost involved in pursuing these cases?
There is a cost of €10,000 per case, although the party who loses the case pays all the legal fees. It's not that I have that amount of money spare, but it's worth the risk.

What do companies need to do to make sure their software is GPL compliant?
The only thing you need to do to comply with the GPL license is to release the source code. GPL offers two possible ways--you can either include the source code when you distribute the binary program, or you can provide a written offer to provide the source code, which must then be provided to all third parties that request it. If companies are only using GPL-licensed software internally, they only need to distribute the source code to their employees.

What source code do companies need to release?
The free software parts that they have used and anything that is derived from that. If they write additional programs, such as a front end that is not derived from GPL licensed code, they do not need to release the code for that.