Small correction:
I just noticed that Max actually does have some patches in the project,
so he is a copyright holder.
Kind regards,
Maarten de Vries
On 04-11-18 14:59, Maarten de Vries wrote:
Hi,
I've followed this GPL crusade with interest and some appreciation.
GPL violations are a serious thing and should not be ignored. In that
sense, it's nice to inform a fellow open source developer of the GPL
violation that is happening in their project. I do think that the
situation here deserves a more nuanced picture though.
It actually isn't trivial to find the license for libspotify, which is
necessary to determine whether or not linking to it is allowed by the
GPL. The best I could find is this (from
https://github.com/mopidy/libspotify-deb/blob/master/libspotify/armel/LICENSE):
> For the current terms and conditions, please read:
>
> http://developer.spotify.com/en/libspotify/terms-of-use/
That in turn gives a 404 page. However, the internet archive comes to
the rescue here with an archived version at:
https://web.archive.org/web/20140331175200/https://developer.spotify.com/technologies/libspotify/terms-of-use-us/
This license is quite clearly not GPL compatible since it has plenty
of restrictions. Note however that the source distribution doesn't
violate the GPL, as there is no combined or derived work yet (there
will be once the compiling/linking is done). It may be in violation of
the libspotify license, but I only skimmed that license to determine
that it is not GPL compatible.
Still, stating that a binary distribution is illegal is somewhat of an
overstatement. Copyright generally is not a matter for a criminal
court, but has to be enforced in a civil court. That means that a
stakeholder (in this case copyright holder) would have to file a
lawsuit. I doubt that any of the contributors to upmpdcli want to take
such action. Technically the risk exists, so for that reason it's nice
to notify Jean-Francois.
@Max: Since your copyright is not infringed, you are not a
stakeholder, and your request for removal of non GPL compatible parts
has no legal weight. It might be worth taking that into account when
phrasing the request, as not to misrepresent your standing in the
matter. I'm purely stating this to clarify the situation to
Jean-Francois, not as an attack on your email.
Moving forward, I believe there are three options:
1) Ignore the possible conflict, and assume that nobody wants to take
any legal action. My estimate is that this would be safe, but being
aware of the violation might have some influence if someone *does*
file a lawsuit.
2) Switch from libspotify to using a GPL compatible library to
interact with the spotify API.
3) Switch the project to a less troublesome license, such as LGPL,
BSD-3-Clause, Apache 2.0 or something else. This is complicated if
there are contributions from others, since all copyright holders need
to agree to relicense the work. However, it is not impossible, and
there are precedents even if not all copyright holders can be reached
for approval.
Personally, I believe option 2 would be the safest, mainly because the
license for libspotify is quite restrictive and may not be suitable
for inclusion in any open source project, GPL or otherwise. The risk
is still limited, since spotify would have to file a lawsuit, and they
have been ignoring other open source projects using their library. So
it seems unlikely that they want to sue. Ignoring other projects also
doesn't help in building a case in a civil court.
I would also attempt option 3, because I wouldn't want to worry about
contributors to my project potentially suing me over things like this.
Keep in mind that I'm not a lawyer, and anything I say may be
incorrect. Nobody should rely on legal advice from any random people
on the Internet, be it me or Max.
@Jean-Francois: Thank you for open sourcing your work. It is always
nice to see a fellow open source developer making their work available
for others :)
Kind regards,
Maarten de Vries
On 04-11-18 13:22, Max Kellermann wrote:
Hi Jean-Francois,
today, I came across your project due to a MPD bug report.
I'm sorry I have to tell you that your project is illegal. You claim
that it is licensed under the terms of the GPL, but your code
repository ships with a C header from the proprietary Spotify API:
https://opensourceprojects.eu/p/upmpdcli/code/ci/dcd37d30e1aa074b9ef205872e01e39a6079ee8d/tree/src/mediaserver/cdplugins/spotify/libspotify/api.h
Including this header from upmpdcli makes upmpdcli a "derived work" of
this proprietary library. This however is what the GPL forbids,
unless the whole "derived work" is made available under the terms of
the GPL.
Since you own most of the copyright of upmpdcli, you obviously don't
violate your own copyright. But there are more (minor) contributors,
whose copyright you have been violating.
And as a side effect, every redistribution of upmpdcli by others is
illegal. It is impossible for anybody to contribute to your project.
Linux distributions are forbidden from shipping packages.
By the way, runtime linking to this library (using dlopen()) doesn't
protect you, just in case you were thinking about that. This is just
a technical detail without legal implications.
Please remove all traces of proprietary code from your repository as
soon as possible.
Max
_______________________________________________
mpd-devel mailing list
mpd-devel@musicpd.org
http://mailman.blarg.de/listinfo/mpd-devel
_______________________________________________
mpd-devel mailing list
mpd-devel@musicpd.org
http://mailman.blarg.de/listinfo/mpd-devel
