Re: [mpd-devel] upmpdcli is illegal
Ah, my mistake. I indeed interpreted Marcus Kellerman as Max Kellerman. It seemed close enough :) And indeed, if those patches don't end up linked with libspotify it would not infringe on their copyright. I would seriously consider switching to a different license if feasible, just to be sure nobody can complain about this kind of thing in the future. Kind regards, and best of luck, Maarten de Vries On 04-11-18 18:25, Jean-Francois Dockes wrote: Just responding to this specific point for the moment: I don't think that Max Kellerman has any code in upmpdcli. There are some patches from Marcus Kellerman (different first name). In any case, these patches are in an external module (the Python gmusic module, not linked with upmpdcli), so they would not affect the main code license. If you have reason to think otherwise, please point me to the exact patches. I will shortly be reviewing the licenses for whatever code is included in or linked to upmpdcli, as a first step to see what needs to be done (maybe nothing :) ) Cheers, jf Maarten de Vries writes: > Small correction: > > I just noticed that Max actually does have some patches in the project, > so he is a copyright holder. > > > Kind regards, > > Maarten de Vries ___ mpd-devel mailing list mpd-devel@musicpd.org http://mailman.blarg.de/listinfo/mpd-devel
Re: [mpd-devel] upmpdcli is illegal
Just responding to this specific point for the moment: I don't think that Max Kellerman has any code in upmpdcli. There are some patches from Marcus Kellerman (different first name). In any case, these patches are in an external module (the Python gmusic module, not linked with upmpdcli), so they would not affect the main code license. If you have reason to think otherwise, please point me to the exact patches. I will shortly be reviewing the licenses for whatever code is included in or linked to upmpdcli, as a first step to see what needs to be done (maybe nothing :) ) Cheers, jf Maarten de Vries writes: > Small correction: > > I just noticed that Max actually does have some patches in the project, > so he is a copyright holder. > > > Kind regards, > > Maarten de Vries ___ mpd-devel mailing list mpd-devel@musicpd.org http://mailman.blarg.de/listinfo/mpd-devel
Re: [mpd-devel] upmpdcli is illegal
Small correction: I just noticed that Max actually does have some patches in the project, so he is a copyright holder. Kind regards, Maarten de Vries On 04-11-18 14:59, Maarten de Vries wrote: Hi, I've followed this GPL crusade with interest and some appreciation. GPL violations are a serious thing and should not be ignored. In that sense, it's nice to inform a fellow open source developer of the GPL violation that is happening in their project. I do think that the situation here deserves a more nuanced picture though. It actually isn't trivial to find the license for libspotify, which is necessary to determine whether or not linking to it is allowed by the GPL. The best I could find is this (from https://github.com/mopidy/libspotify-deb/blob/master/libspotify/armel/LICENSE): > For the current terms and conditions, please read: > > http://developer.spotify.com/en/libspotify/terms-of-use/ That in turn gives a 404 page. However, the internet archive comes to the rescue here with an archived version at: https://web.archive.org/web/20140331175200/https://developer.spotify.com/technologies/libspotify/terms-of-use-us/ This license is quite clearly not GPL compatible since it has plenty of restrictions. Note however that the source distribution doesn't violate the GPL, as there is no combined or derived work yet (there will be once the compiling/linking is done). It may be in violation of the libspotify license, but I only skimmed that license to determine that it is not GPL compatible. Still, stating that a binary distribution is illegal is somewhat of an overstatement. Copyright generally is not a matter for a criminal court, but has to be enforced in a civil court. That means that a stakeholder (in this case copyright holder) would have to file a lawsuit. I doubt that any of the contributors to upmpdcli want to take such action. Technically the risk exists, so for that reason it's nice to notify Jean-Francois. @Max: Since your copyright is not infringed, you are not a stakeholder, and your request for removal of non GPL compatible parts has no legal weight. It might be worth taking that into account when phrasing the request, as not to misrepresent your standing in the matter. I'm purely stating this to clarify the situation to Jean-Francois, not as an attack on your email. Moving forward, I believe there are three options: 1) Ignore the possible conflict, and assume that nobody wants to take any legal action. My estimate is that this would be safe, but being aware of the violation might have some influence if someone *does* file a lawsuit. 2) Switch from libspotify to using a GPL compatible library to interact with the spotify API. 3) Switch the project to a less troublesome license, such as LGPL, BSD-3-Clause, Apache 2.0 or something else. This is complicated if there are contributions from others, since all copyright holders need to agree to relicense the work. However, it is not impossible, and there are precedents even if not all copyright holders can be reached for approval. Personally, I believe option 2 would be the safest, mainly because the license for libspotify is quite restrictive and may not be suitable for inclusion in any open source project, GPL or otherwise. The risk is still limited, since spotify would have to file a lawsuit, and they have been ignoring other open source projects using their library. So it seems unlikely that they want to sue. Ignoring other projects also doesn't help in building a case in a civil court. I would also attempt option 3, because I wouldn't want to worry about contributors to my project potentially suing me over things like this. Keep in mind that I'm not a lawyer, and anything I say may be incorrect. Nobody should rely on legal advice from any random people on the Internet, be it me or Max. @Jean-Francois: Thank you for open sourcing your work. It is always nice to see a fellow open source developer making their work available for others :) Kind regards, Maarten de Vries On 04-11-18 13:22, Max Kellermann wrote: Hi Jean-Francois, today, I came across your project due to a MPD bug report. I'm sorry I have to tell you that your project is illegal. You claim that it is licensed under the terms of the GPL, but your code repository ships with a C header from the proprietary Spotify API: https://opensourceprojects.eu/p/upmpdcli/code/ci/dcd37d30e1aa074b9ef205872e01e39a6079ee8d/tree/src/mediaserver/cdplugins/spotify/libspotify/api.h Including this header from upmpdcli makes upmpdcli a "derived work" of this proprietary library. This however is what the GPL forbids, unless the whole "derived work" is made available under the terms of the GPL. Since you own most of the copyright of upmpdcli, you obviously don't violate your own copyright. But there are more (minor) contributors, whose copyright you have been violating. And as a side effect, every redistribution of upmpdcli b
Re: [mpd-devel] upmpdcli is illegal
Hi, I've followed this GPL crusade with interest and some appreciation. GPL violations are a serious thing and should not be ignored. In that sense, it's nice to inform a fellow open source developer of the GPL violation that is happening in their project. I do think that the situation here deserves a more nuanced picture though. It actually isn't trivial to find the license for libspotify, which is necessary to determine whether or not linking to it is allowed by the GPL. The best I could find is this (from https://github.com/mopidy/libspotify-deb/blob/master/libspotify/armel/LICENSE): > For the current terms and conditions, please read: > > http://developer.spotify.com/en/libspotify/terms-of-use/ That in turn gives a 404 page. However, the internet archive comes to the rescue here with an archived version at: https://web.archive.org/web/20140331175200/https://developer.spotify.com/technologies/libspotify/terms-of-use-us/ This license is quite clearly not GPL compatible since it has plenty of restrictions. Note however that the source distribution doesn't violate the GPL, as there is no combined or derived work yet (there will be once the compiling/linking is done). It may be in violation of the libspotify license, but I only skimmed that license to determine that it is not GPL compatible. Still, stating that a binary distribution is illegal is somewhat of an overstatement. Copyright generally is not a matter for a criminal court, but has to be enforced in a civil court. That means that a stakeholder (in this case copyright holder) would have to file a lawsuit. I doubt that any of the contributors to upmpdcli want to take such action. Technically the risk exists, so for that reason it's nice to notify Jean-Francois. @Max: Since your copyright is not infringed, you are not a stakeholder, and your request for removal of non GPL compatible parts has no legal weight. It might be worth taking that into account when phrasing the request, as not to misrepresent your standing in the matter. I'm purely stating this to clarify the situation to Jean-Francois, not as an attack on your email. Moving forward, I believe there are three options: 1) Ignore the possible conflict, and assume that nobody wants to take any legal action. My estimate is that this would be safe, but being aware of the violation might have some influence if someone *does* file a lawsuit. 2) Switch from libspotify to using a GPL compatible library to interact with the spotify API. 3) Switch the project to a less troublesome license, such as LGPL, BSD-3-Clause, Apache 2.0 or something else. This is complicated if there are contributions from others, since all copyright holders need to agree to relicense the work. However, it is not impossible, and there are precedents even if not all copyright holders can be reached for approval. Personally, I believe option 2 would be the safest, mainly because the license for libspotify is quite restrictive and may not be suitable for inclusion in any open source project, GPL or otherwise. The risk is still limited, since spotify would have to file a lawsuit, and they have been ignoring other open source projects using their library. So it seems unlikely that they want to sue. Ignoring other projects also doesn't help in building a case in a civil court. I would also attempt option 3, because I wouldn't want to worry about contributors to my project potentially suing me over things like this. Keep in mind that I'm not a lawyer, and anything I say may be incorrect. Nobody should rely on legal advice from any random people on the Internet, be it me or Max. @Jean-Francois: Thank you for open sourcing your work. It is always nice to see a fellow open source developer making their work available for others :) Kind regards, Maarten de Vries On 04-11-18 13:22, Max Kellermann wrote: Hi Jean-Francois, today, I came across your project due to a MPD bug report. I'm sorry I have to tell you that your project is illegal. You claim that it is licensed under the terms of the GPL, but your code repository ships with a C header from the proprietary Spotify API: https://opensourceprojects.eu/p/upmpdcli/code/ci/dcd37d30e1aa074b9ef205872e01e39a6079ee8d/tree/src/mediaserver/cdplugins/spotify/libspotify/api.h Including this header from upmpdcli makes upmpdcli a "derived work" of this proprietary library. This however is what the GPL forbids, unless the whole "derived work" is made available under the terms of the GPL. Since you own most of the copyright of upmpdcli, you obviously don't violate your own copyright. But there are more (minor) contributors, whose copyright you have been violating. And as a side effect, every redistribution of upmpdcli by others is illegal. It is impossible for anybody to contribute to your project. Linux distributions are forbidden from shipping packages. By the way, runtime linking to this library (using dlopen()
[mpd-devel] upmpdcli is illegal
Hi Jean-Francois, today, I came across your project due to a MPD bug report. I'm sorry I have to tell you that your project is illegal. You claim that it is licensed under the terms of the GPL, but your code repository ships with a C header from the proprietary Spotify API: https://opensourceprojects.eu/p/upmpdcli/code/ci/dcd37d30e1aa074b9ef205872e01e39a6079ee8d/tree/src/mediaserver/cdplugins/spotify/libspotify/api.h Including this header from upmpdcli makes upmpdcli a "derived work" of this proprietary library. This however is what the GPL forbids, unless the whole "derived work" is made available under the terms of the GPL. Since you own most of the copyright of upmpdcli, you obviously don't violate your own copyright. But there are more (minor) contributors, whose copyright you have been violating. And as a side effect, every redistribution of upmpdcli by others is illegal. It is impossible for anybody to contribute to your project. Linux distributions are forbidden from shipping packages. By the way, runtime linking to this library (using dlopen()) doesn't protect you, just in case you were thinking about that. This is just a technical detail without legal implications. Please remove all traces of proprietary code from your repository as soon as possible. Max ___ mpd-devel mailing list mpd-devel@musicpd.org http://mailman.blarg.de/listinfo/mpd-devel
