Hi,
I've followed this GPL crusade with interest and some appreciation. GPL
violations are a serious thing and should not be ignored. In that sense,
it's nice to inform a fellow open source developer of the GPL violation
that is happening in their project. I do think that the situation here
deserves a more nuanced picture though.
It actually isn't trivial to find the license for libspotify, which is
necessary to determine whether or not linking to it is allowed by the
GPL. The best I could find is this (from
https://github.com/mopidy/libspotify-deb/blob/master/libspotify/armel/LICENSE):
> For the current terms and conditions, please read:
>
> http://developer.spotify.com/en/libspotify/terms-of-use/
That in turn gives a 404 page. However, the internet archive comes to
the rescue here with an archived version at:
https://web.archive.org/web/20140331175200/https://developer.spotify.com/technologies/libspotify/terms-of-use-us/
This license is quite clearly not GPL compatible since it has plenty of
restrictions. Note however that the source distribution doesn't violate
the GPL, as there is no combined or derived work yet (there will be once
the compiling/linking is done). It may be in violation of the libspotify
license, but I only skimmed that license to determine that it is not GPL
compatible.
Still, stating that a binary distribution is illegal is somewhat of an
overstatement. Copyright generally is not a matter for a criminal court,
but has to be enforced in a civil court. That means that a stakeholder
(in this case copyright holder) would have to file a lawsuit. I doubt
that any of the contributors to upmpdcli want to take such action.
Technically the risk exists, so for that reason it's nice to notify
Jean-Francois.
@Max: Since your copyright is not infringed, you are not a stakeholder,
and your request for removal of non GPL compatible parts has no legal
weight. It might be worth taking that into account when phrasing the
request, as not to misrepresent your standing in the matter. I'm purely
stating this to clarify the situation to Jean-Francois, not as an attack
on your email.
Moving forward, I believe there are three options:
1) Ignore the possible conflict, and assume that nobody wants to take
any legal action. My estimate is that this would be safe, but being
aware of the violation might have some influence if someone *does* file
a lawsuit.
2) Switch from libspotify to using a GPL compatible library to interact
with the spotify API.
3) Switch the project to a less troublesome license, such as LGPL,
BSD-3-Clause, Apache 2.0 or something else. This is complicated if there
are contributions from others, since all copyright holders need to agree
to relicense the work. However, it is not impossible, and there are
precedents even if not all copyright holders can be reached for approval.
Personally, I believe option 2 would be the safest, mainly because the
license for libspotify is quite restrictive and may not be suitable for
inclusion in any open source project, GPL or otherwise. The risk is
still limited, since spotify would have to file a lawsuit, and they have
been ignoring other open source projects using their library. So it
seems unlikely that they want to sue. Ignoring other projects also
doesn't help in building a case in a civil court.
I would also attempt option 3, because I wouldn't want to worry about
contributors to my project potentially suing me over things like this.
Keep in mind that I'm not a lawyer, and anything I say may be incorrect.
Nobody should rely on legal advice from any random people on the
Internet, be it me or Max.
@Jean-Francois: Thank you for open sourcing your work. It is always nice
to see a fellow open source developer making their work available for
others :)
Kind regards,
Maarten de Vries
On 04-11-18 13:22, Max Kellermann wrote:
Hi Jean-Francois,
today, I came across your project due to a MPD bug report.
I'm sorry I have to tell you that your project is illegal. You claim
that it is licensed under the terms of the GPL, but your code
repository ships with a C header from the proprietary Spotify API:
https://opensourceprojects.eu/p/upmpdcli/code/ci/dcd37d30e1aa074b9ef205872e01e39a6079ee8d/tree/src/mediaserver/cdplugins/spotify/libspotify/api.h
Including this header from upmpdcli makes upmpdcli a "derived work" of
this proprietary library. This however is what the GPL forbids,
unless the whole "derived work" is made available under the terms of
the GPL.
Since you own most of the copyright of upmpdcli, you obviously don't
violate your own copyright. But there are more (minor) contributors,
whose copyright you have been violating.
And as a side effect, every redistribution of upmpdcli by others is
illegal. It is impossible for anybody to contribute to your project.
Linux distributions are forbidden from shipping packages.
By the way, runtime linking to this library (using dlopen()) doesn't
protect you, just in case you were thinking about that. This is just
a technical detail without legal implications.
Please remove all traces of proprietary code from your repository as
soon as possible.
Max
_______________________________________________
mpd-devel mailing list
[email protected]
http://mailman.blarg.de/listinfo/mpd-devel
_______________________________________________
mpd-devel mailing list
[email protected]
http://mailman.blarg.de/listinfo/mpd-devel
