Re: [License-discuss] Reverse Engineering and Open Source Licenses
Actually there is an excellent reason why distribution is key here. The LGPL is a copyright license. Its reasoning is based on the idea that if you do something otherwise forbidden by copyright, then you're forced to either follow the license, or be sued for copyright violation. But this only works if you do something otherwise forbidden by copyright. Receiving a copy of a library is not forbidden. Current US precedent says that an API is not covered by copyright, and therefore programming to the API is allowed. (There is a lawsuit between Oracle and Google that potentially could change this.) And precedent exists saying that the virtual copy in RAM from dynamic linking is allowed. But distribution is covered by copyright law. Therefore if you are writing and distributing an application which is meant to be dynamically linked to an LGPL library, the *only* thing you typically do which requires copyright permission is to distribute the library. No matter what the library author may think of your actions, until you distribute the library, you do not require permission. But once you have, then we're into the question of whether your actions fell within the permission granted by the license or not. And if you and the author of the library cannot reach agreement, then the disagreement will need to be settled by a court. Which could rule either way. So if you want to be cautious, here is what you do. Do not distribute *GPL software unless you intend to comply with the author's understanding of their license. Which frequently will match the FSF's understanding. And they've written a FAQ explaining what that is. So play it safe according to that FAQ, and you should be fine. This is all, of course, according to my understanding of US law. I have no idea how different the situation may be in other countries. And I still am not a lawyer. :-) On Thu, Mar 5, 2015 at 1:09 AM, Wiedemann, Claus-Peter claus-peter.wiedem...@bearingpoint.com wrote: -Ursprüngliche Nachricht- Von: Ben Tilly [mailto:bti...@gmail.com] Gesendet: Donnerstag, 5. März 2015 03:51 An: License Discuss Cc: ftf-le...@fsfeurope.org; karen.copenha...@gmail.com; arm...@tjaldur.nl; Wiedemann, Claus-Peter; Schwegler, Robert Betreff: Re: [License-discuss] Reverse Engineering and Open Source Licenses [...] The intended interpretation of the drafters is made clear at https://www.gnu.org/licenses/gpl-faq.html#LGPLStaticVsDynamic. They distinguish by how the software is distributed. If you distribute code that dynamically links to an LGPL library that is already present, you have not created a Combined Work. On the other hand if you distribute the library you will dynamically link to with your code, you *have* created a Combined Work. There is a grey area where you distribute both, but not at the same time. My suspicion is that they would at that point distinguish based on whether or not you intend to link them. I don't think it makes a difference wrt to the Combined Work aspect. The fact that a Combined Work or better a work that uses the Library is created is independent from the specific way of distribution. It does not matter if you distribute the library together with the program, or not. If the program needs it to run, it is a work that uses the Library. Some people think they can evade the LGPL obligations for the program (e.g. permit reverse engineering) by not distributing the library. I don't think that works. The reason why the FAQ makes a distinction here is simple. If the library is already present on the user's computer, then one can assume that the user is already in possession of the corresponding source code (which must have been provided earlier together the library). In this case there is no obligation to provide the source code again. In LGPL V2.1, this is made explicit in section 6e) e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. Best regards Claus-Peter (not a lawyer, either) BearingPoint GmbH Geschäftsführer: Marcel Nickler (Vorsitzender), Hans-Werner Wurzel (stellv. Vorsitzender), Kiumars Hamidian, Matthias Loebich, Kai Wächter, Dr. Robert Wagner Vorsitzender des Aufsichtsrats: Beat Leimbacher Sitz: Frankfurt am Main Registergericht: Amtsgericht Frankfurt am Main HRB 55490 The information in this email is confidential and may be legally privileged. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. ___ License-discuss mailing list
Re: [License-discuss] Reverse Engineering and Open Source Licenses
Sorry, but this is a ridiculously heavyweight way of thinking about things. The problem with thinking in a heavyweight fashion is that it is easy to lose track of what is going on, and hard for anyone else to wade through it and point out the error. However I'll try. On page 6 you are arguing for a specific interpretation based on your claim that an alternate one would not achieve the aims of the drafters of the LGPL. But you set up a false dichotomy. There are other possible interpretations that you have not considered. And rather than trying to reason it out from first principles, it is better to just ask the source. The intended interpretation of the drafters is made clear at https://www.gnu.org/licenses/gpl-faq.html#LGPLStaticVsDynamic. They distinguish by how the software is distributed. If you distribute code that dynamically links to an LGPL library that is already present, you have not created a Combined Work. On the other hand if you distribute the library you will dynamically link to with your code, you *have* created a Combined Work. There is a grey area where you distribute both, but not at the same time. My suspicion is that they would at that point distinguish based on whether or not you intend to link them. Before you argue against this interpretation, I remind you that your argument on page 6 rests on the expertise of the drafters of the license. In your words, We know that the inventors of the GNU licenses and GNU software are very sophisticated experts. But if you accept them as experts, you are in no position to argue about what they say about how their own license is supposed to be interpreted. For the record, I am not a lawyer. This is not legal advice. And in common law countries, until a legal precedent is set, there is no way to tell whether the courts will interpret the license in the way that the drafters hope they will. On Wed, Mar 4, 2015 at 7:16 AM, Reincke, Karsten k.rein...@telekom.de wrote: Dear Colleagues; In the past I was involved in some full discussions concerning the issue ‘reverse engineering and open source licenses’. Although personally esteeming and inspiring, such discussions sometimes became a bit explosive: If – at least – the LGPL-v2 indeed requires to allow the reverse engineering of those programs which use LGPL-v2 licensed components, then companies are not able to protect these ‘private’ programs against revealing the embedded business relevant secrets, even if they do not distribute the corresponding source code. And – as far as I know – at least some companies have therefore forbidden to link essential programs against the LGPL-v2. I have taken the view that this ‘rule of reverse engineering’ cannot be applied in case of distributing dynamically linkable programs. By arguing that way, I caused astonishment and dissents. But often, I was also asked to note down my argumentation, because some of my partners wanted to review it in detail. They had the hope to get a solution for conflict of using open source software compliantly and protecting their business relevant software. During the last two month, I had the pleasure to fulfill this request by writing the corresponding article. Now, I am indeed sure that all important open source licenses including the LGPL-v2 allow reverse engineering only in case of distributing statically linked programs. Moreover: I am definitely sure, that none of these open source licenses requires to allow reverse engineering in case of distributing dynamically linkable programs and that particularly even the LGPL-v2 does not require reverse engineering in case of distributing dynamically linkable programs. Unfortunately, the deduction of this position had to become more complex than initially thought. But fortunately, it could preserve a straight-forward argumentation: After having started with a linguistic disambiguation and transposing the license statements into a logical formula, it derives the results by using logic ways of inferring a conclusion. And this method is applied for the LGPL-v2, for the LGPL-v3, and for the other most important open source licenses. Hence, for now, I – for myself - am indeed sure, that my argumentation is valid and mandatory. But subjective certainty is not enough. As long as we do not have a legal decision, the best way to become sure is to invoke a discussion (and a consensus) by publishing the results. For that purpose, we decided, not only to insert the analysis into the OSLiC, but to distribute that chapter also as an autonomous article (http://opensource.telekom.net/oslic/en/planning/results.html ). Thus, it is also licensed under the der CC-BY-SA-3.0. So, feel free to use it, to modify it, and/or to share it. The sources of the pdf are part of the OSLiC repository (https://github.com/dtag-dbu/oslic/ ). We, Deutsche Telekom AG and I, Karsten Reincke, are indeed hoping to having contributed something which
Re: [License-discuss] Reverse Engineering and Open Source Licenses
-Ursprüngliche Nachricht- Von: Ben Tilly [mailto:bti...@gmail.com] Gesendet: Donnerstag, 5. März 2015 03:51 An: License Discuss Cc: ftf-le...@fsfeurope.org; karen.copenha...@gmail.com; arm...@tjaldur.nl; Wiedemann, Claus-Peter; Schwegler, Robert Betreff: Re: [License-discuss] Reverse Engineering and Open Source Licenses [...] The intended interpretation of the drafters is made clear at https://www.gnu.org/licenses/gpl-faq.html#LGPLStaticVsDynamic. They distinguish by how the software is distributed. If you distribute code that dynamically links to an LGPL library that is already present, you have not created a Combined Work. On the other hand if you distribute the library you will dynamically link to with your code, you *have* created a Combined Work. There is a grey area where you distribute both, but not at the same time. My suspicion is that they would at that point distinguish based on whether or not you intend to link them. I don't think it makes a difference wrt to the Combined Work aspect. The fact that a Combined Work or better a work that uses the Library is created is independent from the specific way of distribution. It does not matter if you distribute the library together with the program, or not. If the program needs it to run, it is a work that uses the Library. Some people think they can evade the LGPL obligations for the program (e.g. permit reverse engineering) by not distributing the library. I don't think that works. The reason why the FAQ makes a distinction here is simple. If the library is already present on the user's computer, then one can assume that the user is already in possession of the corresponding source code (which must have been provided earlier together the library). In this case there is no obligation to provide the source code again. In LGPL V2.1, this is made explicit in section 6e) e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. Best regards Claus-Peter (not a lawyer, either) BearingPoint GmbH Geschäftsführer: Marcel Nickler (Vorsitzender), Hans-Werner Wurzel (stellv. Vorsitzender), Kiumars Hamidian, Matthias Loebich, Kai Wächter, Dr. Robert Wagner Vorsitzender des Aufsichtsrats: Beat Leimbacher Sitz: Frankfurt am Main Registergericht: Amtsgericht Frankfurt am Main HRB 55490 The information in this email is confidential and may be legally privileged. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
