Re: Kernel Firmware issue: are GPLed sourceless firmwares legal to distribute ?
Stephen Gran [EMAIL PROTECTED] wrote: [...] If it is a license from the copyright holders, than the only ones who can sue Debian for distribution of sourceless GPL'ed works are, er, the people who originally gave out those works in that form. I understand there is some contention around whether this claim is accurate (and I claim no deep understanding of international copyright and contract law to make a claim for either side), but I think that is the fairly simple counter argument. [...] While fairly simple, it is totally incorrect, as public distribution in breach of copyright carries criminal liability in England, as I previously posted. See the Copyright Designs and Patents Act as amended, under the criminal liability heading. http://www.jenkins-ip.com/patlaw/cdpa1.htm I suspect most of the EU has similar law these days, although I cannot name them. By the way, we could be sued by the copyright holders of any firmware which has been reproduced without permission: that is, the copyright holders are not those issuing them under GPL. I remind aj that I am not a lawyer, but have been punished for copyright mistakes in the past, so learnt about it. -- MJR/slef My Opinion Only: see http://people.debian.org/~mjr/ Please follow http://www.uk.debian.org/MailingLists/#codeofconduct -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel Firmware issue: are GPLed sourceless firmwares legal to distribute ?
MJ Ray wrote: While fairly simple, it is totally incorrect, as public distribution in breach of copyright carries criminal liability in England, as I previously posted. See the Copyright Designs and Patents Act as amended, under the criminal liability heading. http://www.jenkins-ip.com/patlaw/cdpa1.htm I suspect most of the EU has similar law these days, although I cannot name them. You're correct, there is criminal liability in most of Europe for intentional infringement of copyright. Many countries do however require the copyright holder to file charges against the infringer first. The police won't act by itself (how could they, they have no evidence of an illegal act unless the copyright holder files the accusation of distribution without a license). I do wonder, are the copyright holders of the firmware the only people with standing to sue? If the combination of firmware and GPL-licensed kernel is a derivative of the kernel, then anyone with a copyright interest in the kernel can sue for not obeying the GPL. Arnoud -- Arnoud Engelfriet, Dutch European patent attorney - Speaking only for myself Patents, copyright and IPR explained for techies: http://www.iusmentis.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel Firmware issue: are GPLed sourceless firmwares legal to distribute ?
On Fri, Oct 20, 2006 at 02:10:37PM +0200, Arnoud Engelfriet wrote: MJ Ray wrote: While fairly simple, it is totally incorrect, as public distribution in breach of copyright carries criminal liability in England, as I previously posted. See the Copyright Designs and Patents Act as amended, under the criminal liability heading. http://www.jenkins-ip.com/patlaw/cdpa1.htm I suspect most of the EU has similar law these days, although I cannot name them. You're correct, there is criminal liability in most of Europe for intentional infringement of copyright. Many countries do however require the copyright holder to file charges against the infringer first. The police won't act by itself (how could they, they have no evidence of an illegal act unless the copyright holder files the accusation of distribution without a license). I do wonder, are the copyright holders of the firmware the only people with standing to sue? If the combination of firmware and GPL-licensed kernel is a derivative of the kernel, then anyone with a copyright interest in the kernel can sue for not obeying the GPL. Please check past debian-legal discussion about this. IANAL and everything, but all times we discussed the issue the opinion that prevaled, was that the firmware do not constitute a derivative work of the kernel, in the same way that if the firmware is contained in a flash on the card, it does not constitute a derivative work of the kernel, and in the same way a free compressor which can generate compressed archive with builtin uncompressor binaries, is not a derivative work of the compressed files it contains. More arguments on this can be found in the list archive. Friendly, Sven Luther -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel Firmware issue: are GPLed sourceless firmwares legal to distribute ?
On 10/17/06 15:06, Anthony Towns wrote: On Tue, Oct 17, 2006 at 03:49:25PM -0400, Nathanael Nerode wrote: The answer to the question in the subject is simple: NO. Thankyou for your opinion. I note you seemed to neglect to mention that you're not a lawyer. I agree. Out of curiosity, I asked my corporate consul about rendering advice on this issue for which he estimated $2500 to start (which would probably be $5k total). This is a corporate attorney who already has some understand of Linux. So, that's one ballpark estimate of what it would cost to get real advice. Based on my previous experiences with copyright, trademark corporate legal issues, my _guess_ would be that the resulting advise would first be based on the side of the actions of the larger corporations. Then, secondly, based on the assumption of good faith intentions of the linux kernel authors developers. In other words, because (as far as the kernel developers and authors can determine) they are acting in good faith by giving the software to Debian in a legal way, Debian is also acting in good faith. Better still, since corporations like Redhat, Novell and (with it's behemoth legal team) IBM also distribute this same software, your legal chances are outstandingly good. As I'm not a lawyer, my experience was to be given the legal advice and then have to decide what to do. One poignant example was when Bill Gates' corporate attorney for Corbis threatened linux/ppc with copyright infringement over the use of the Rosie the Riveter image. That was interesting. In this kernel firmware issue, if the authors of this sourceless firmware threatened Debian (Qlogic, etc), then you would have to decide what to do. In my case, I chose to not honor Corbis' copyright claim and refused to pay the the royalties they asked for. It seemed like there was a good chance that their copyright claim was invalid. You have to decide if you should fight or fold. In the end, it cost me nothing to fight. They gave up rather easy after a few entertaining phone calls. Realistically, Qlogic (or any of the other companies in question here) threatening Debian, the whole free software world the applicable companies over copyright infringement of a file they knowingly released is similar to poking yourself in the eye with a fork. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel Firmware issue: are GPLed sourceless firmwares legal to distribute ?
Anthony Towns wrote: On Tue, Oct 17, 2006 at 03:49:25PM -0400, Nathanael Nerode wrote: The answer to the question in the subject is simple: NO. Thankyou for your opinion. I note you seemed to neglect to mention that you're not a lawyer. That should not keep him from being concerned when this need no source because their isn't has some remarkable parallels to the DLink's unsuccessful argument that the GPL was not applicable in Welte vs. DLink. Kind regards T. -- Thomas Viehmann, http://thomas.viehmann.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel Firmware issue: are GPLed sourceless firmwares legal to distribute ?
This one time, at band camp, Don Armstrong said: On Wed, 18 Oct 2006, Anthony Towns wrote: On Tue, Oct 17, 2006 at 03:49:25PM -0400, Nathanael Nerode wrote: The answer to the question in the subject is simple: NO. Thankyou for your opinion. I note you seemed to neglect to mention that you're not a lawyer. That should be abundantly apparent to anyone who has been paying attention. Regardless, it doesn't dismiss the crux of the argument: baring competent legal advice to the contrary,[1] distributing sourceless GPLed works is not clear of legal liability. Doing otherwise may put ourselves and our mirror operators in peril. I think the argument here revolves around whether the GPL is a contract to our users, or a license from the copyright holders. If it is a license from the copyright holders, than the only ones who can sue Debian for distribution of sourceless GPL'ed works are, er, the people who originally gave out those works in that form. I understand there is some contention around whether this claim is accurate (and I claim no deep understanding of international copyright and contract law to make a claim for either side), but I think that is the fairly simple counter argument. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Re: Kernel Firmware issue: are GPLed sourceless firmwares legal to distribute ?
On Wed, 18 Oct 2006 13:06:19 +0100 Stephen Gran wrote: This one time, at band camp, Don Armstrong said: [...] baring competent legal advice to the contrary,[1] distributing sourceless GPLed works is not clear of legal liability. Doing otherwise may put ourselves and our mirror operators in peril. I think the argument here revolves around whether the GPL is a contract to our users, or a license from the copyright holders. If it is a license from the copyright holders, than the only ones who can sue Debian for distribution of sourceless GPL'ed works are, er, the people who originally gave out those works in that form. I understand there is some contention around whether this claim is accurate (and I claim no deep understanding of international copyright and contract law to make a claim for either side), but I think that is the fairly simple counter argument. How so? Let's assume that *only* copyright holders can sue the Debian Project and mirror operators (whether this is true or false is irrelevant for this discussion). What makes you think that every and each copyright holder acted in good faith when started to distribute firmware under the terms of the GNU GPL v2, while keeping the source code secret? Some copyright holder could be deliberately preparing a trap, in order to be able to sue at whim, whenever he decides he wants to. Moreover, maybe the undistributability could be intended: some copyright holder could have intentionally chosen the GNU GPL v2, while retaining source code, in order to be the *only one* legally allowed to distribute that firmware (you know, forcing users to visit his website and stuff like that...). Or even worse, who says that the copyright holder is actually aware that the firmware is distributed inside a GPL'd driver? In some cases, the firmware blob could be included in the driver without retaining proper copyright and permission notices. The blob could *appear* to be GPL'd, while it's not. Hope that helps. -- But it is also tradition that times *must* and always do change, my friend. -- from _Coming to America_ . Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 pgpsSEcTTVMRF.pgp Description: PGP signature
Re: Kernel Firmware issue: are GPLed sourceless firmwares legal to distribute ?
Francesco Poli writes: What makes you think that every and each copyright holder acted in good faith when started to distribute firmware under the terms of the GNU GPL v2, while keeping the source code secret? Some copyright holder could be deliberately preparing a trap, in order to be able to sue at whim, whenever he decides he wants to. If the prospective plaintiff is the person who submitted opaque or object code, the relevant affirmative defense here is called estoppel. Pick your favorite form of estoppel -- several apply. Other copyright holders could sue with at least a colorable position, but not the one who added the sourceless code in the first place. Michael Poole -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel Firmware issue: are GPLed sourceless firmwares legal to distribute ?
The answer to the question in the subject is simple: NO. This is a matter of copyright law. If we do not have permission to distribute, it is illegal to distribute. GPL grants permission to distribute *only* if we distribute source. So, GPLed sourceless == NO PERMISSON. I will list the usual caveats so that nobody else brings them up. (1) Obviously if we have an alternate license (dual-licensing) which doesn't require source we can use that license. (2) If the material is so trivial it is uncopyrightable we can obviously distribute it. (The classic example is CRC tables, which contain no creative content beyond the CRC polynomial which is generally public domain.) Likewise if it was published prior to 1988 in the US without copyright notices, or is in the public domain for some other reason. (3) If the copyright holder for the firmware donated the firmware to Linux with the understanding that it would be redistributed by Debian and other distributors, this may constitute an implicit license to distribute. This would be a case of dual-licensing, but an unpleasant one because we'd be relying on an *implied* license. This requires tracing down the donation of the material to the Linux kernel and ascertaining the state of mind of the donor (perhaps by reading press releases). This clearly applies only to some of the firmware; other pieces have no such 'paper trail'. Also, this implicit license *does not* include a license to modify, because I've never seen any indication that any firmware donor intended that their firmware be modified. (4) If the hex lumps really are the preferred form for modification, then we have the source and this is not a case of 'sourceless firmware'. I have not yet seen a case where there is any evidence that this is true. It is, however, theoretically possible. If the firmware author came forward and said Yes, that's the form in which we modify the firmware, this would be the case. Sven Luther wrote: Hi debian-legal, ... It seems the firmware kernel issue has reached a deadpoint, as there is some widely different interpretation of the meaning of the GPL over sourceless code. For some background, the kernel/firmware wiki page includes both a proposed GR, the draft position statement by the kernel team, as well as an analysis of how we stand : http://wiki.debian.org/KernelFirmwareLicensing. But this is beside the point. The real problem is that there are a certain amount of firmware in the kernel, embedded in the drivers, which have no license notice whatsoever, and as thus fall implicitly under the common GPL license of the linux kernel. The audit from Larry lists some 40+ such firmware blobs. Actually, I have to split this into two categories: * hex lumps explicitly licensed under the GPL by the copyright holder (e100 for instance) * hex lumps with no license notice - these may be implicitly under the common GPL license for the kernel - but they may also be present inappropriately, with stripped copyright notices and no license at all, if they were inserted into the kernel by someone other than the copyright holder. This has happened at least once already. There is some claims that some of those blobs represent just register dumps, but even then one could argue that the hex blobs doesn't in any way represent the prefered form of modification, but rather some kind of register name/number and value pair. (Well, perhaps the registers are numbered 0,1,2,3,4,5... and the values are listed in that order) So, the RMs are making claims that those sourceless GPLed drivers don't cause any kind of distribution problem, This is a case of the RMs not thinking clearly, perhaps. while i strongly believe that the GPL clause saying that all the distribution rights under the GPL are lost if you cannot abide by all points, including the requirement for sources. Yep. Since i am seen as not trusthy to analyze such problems, i think to deblock this situation, it would be best to have a statement from debian-legal to back those claims (or to claim i am wrong in the above). Friendly, Sven Luther -- Nathanael Nerode [EMAIL PROTECTED] Bush admitted to violating FISA and said he was proud of it. So why isn't he in prison yet?... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel Firmware issue: are GPLed sourceless firmwares legal to distribute ?
On Tue, Oct 17, 2006 at 03:49:25PM -0400, Nathanael Nerode wrote: The answer to the question in the subject is simple: NO. Thankyou for your opinion. I note you seemed to neglect to mention that you're not a lawyer. Cheers, aj signature.asc Description: Digital signature
Re: Kernel Firmware issue: are GPLed sourceless firmwares legal to distribute ?
Sven Luther [EMAIL PROTECTED] wrote: So, the RMs are making claims that those sourceless GPLed drivers don't cause any kind of distribution problem, while i strongly believe that the GPL clause saying that all the distribution rights under the GPL are lost if you cannot abide by all points, including the requirement for sources. When Debian distributes kernel binaries, Debian makes use of clause 3a (accompany with source code), not 3b (written offer) or 3c (pass on written offer). So source has to accompany everything, even if no one is asking. Debian may decide to make a policy decision that the chances of anyone getting sued are slim. That is presumably what Red Hat etc. are doing. Red Hat's risk profile is a bit different, in that Red Hat would probably be sued directly, while it is more likely that Debian's mirrors and CD distributors would be the target of a lawsuit (and not, for example, the ftpmasters). Cheers, Walter Landry [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel Firmware issue: are GPLed sourceless firmwares legal to distribute ?
On Wed, Oct 04, 2006 at 09:31:27PM +0200, Frank Küster wrote: Walter Landry [EMAIL PROTECTED] wrote: Sven Luther [EMAIL PROTECTED] wrote: So, the RMs are making claims that those sourceless GPLed drivers don't cause any kind of distribution problem, while i strongly believe that the GPL clause saying that all the distribution rights under the GPL are lost if you cannot abide by all points, including the requirement for sources. When Debian distributes kernel binaries, Debian makes use of clause 3a (accompany with source code), not 3b (written offer) or 3c (pass on written offer). So source has to accompany everything, even if no one is asking. Well, I think Sven didn't make the point of disagreement clear. It is whether what in the course of the GR's has been called sourceless firmware is in fact sourceless. If I understood Anthony Towns correctly, the ftpmasters and many others want to give those drives the benefit of doubt and assume that they aren't sourceless, but are, e.g., just dumps of unnamed registers and therefore the preferred form for modification. After all, they were what was given to the kernel people when the driver was released as .c and .h files under the GPL. Indeed, but even in the case of pure register dumps, there is no way the actual firmware blob in the current kernel constitutes the preferred form of modification. That said, it is my experience that more often than not, those firmware blobs are indeed code, especially when one talks about a device with an embedded mips core for example. We could try to do a determination firmware by firmware, depending on its size and stuff like that, but we are particularly trying to postpone this work post-etch. So the real question is whether we want to do that, whether in the particular cases there's in fact any doubt, etc. The ftp-master position has always been one of erring on the side of caution though. Friendly, Sven Luther -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel Firmware issue: are GPLed sourceless firmwares legal to distribute ?
On Wed, Oct 04, 2006 at 09:31:27PM +0200, Frank Küster wrote: So the real question is whether we want to do that, whether in the particular cases there's in fact any doubt, etc. A quick survey based on the size of the firmware blobs suggests 1/3 of them may be register dumps, while 2/3 are most probably code. That makes a bit less than 30 problematic ones. Friendly, Sven Luther -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel Firmware issue: are GPLed sourceless firmwares legal to distribute ?
Walter Landry [EMAIL PROTECTED] wrote: Sven Luther [EMAIL PROTECTED] wrote: So, the RMs are making claims that those sourceless GPLed drivers don't cause any kind of distribution problem, while i strongly believe that the GPL clause saying that all the distribution rights under the GPL are lost if you cannot abide by all points, including the requirement for sources. When Debian distributes kernel binaries, Debian makes use of clause 3a (accompany with source code), not 3b (written offer) or 3c (pass on written offer). So source has to accompany everything, even if no one is asking. Well, I think Sven didn't make the point of disagreement clear. It is whether what in the course of the GR's has been called sourceless firmware is in fact sourceless. If I understood Anthony Towns correctly, the ftpmasters and many others want to give those drives the benefit of doubt and assume that they aren't sourceless, but are, e.g., just dumps of unnamed registers and therefore the preferred form for modification. After all, they were what was given to the kernel people when the driver was released as .c and .h files under the GPL. So the real question is whether we want to do that, whether in the particular cases there's in fact any doubt, etc. Regards, Frank -- Frank Küster Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich Debian Developer (teTeX/TeXLive)