The FSF raises the stakes for Cisco
| Benefits for LWN subscribers The primary benefit from subscribing to LWN is helping to keep us publishing, but, beyond that, subscribers get immediate access to all site content and access to a number of extra site features. Please sign up today! |
On December 11, the Free Software Foundation announced the filing of a GPL-infringement lawsuit against Cisco. This action represents another step in a long series of license-compliance issues involving Cisco and its subsidiaries. It may look like just another licensing lawsuit, but it represents an interesting step in the evolution of attitudes toward compliance with the GPL. The eventual outcome is fairly predictable, but the process is still worth watching.
Cisco does look like a serial offender with regard to the GPL. Most of its problems in this area were actually acquired with its purchase of Linksys; routers made by Linksys have been been followed by GPL issues since at least 2003. Over those years, a fairly consistent pattern has developed: a new Linksys product is released which, upon inspection, is determined to be running GPL-licensed software. There is no corresponding source release, which is a clear violation of the GPL. After a series of contacts and negotiations, some of the copyright holders involved succeed in getting a source release - though that release is not always as complete as it should be. The problem appears to be solved - until the next product comes out.
The sad part is that there is almost certainly no real desire on the part of Cisco or Linksys to violate the GPL. The company is being set up for trouble by its suppliers - the firms based in the far east which actually make the hardware sold under the Linksys name. Those suppliers feel, perhaps with good reason, that they need not concern themselves with the details of license compliance. There is not, after all, much of a history of successful license enforcement in that part of the world. So they deliver an infringing product which Cisco then resells; it could well be that Cisco honestly has no idea that those products incorporate software in violation of its license. Of course, it could also be that Cisco does not really want to know about such problems.
Nameless original equipment manufacturers in China are a difficult target for those who would enforce the GPL; a high-profile American company is clearly easier game. Beyond that, though, Cisco is a legitimate target for a lawsuit: the company is distributing GPL-licensed software without making the source available. It is also an appealing target because Cisco is in a position to apply pressure on those nameless suppliers: if a company of that size refuses to resell equipment which does not come with fully-licensed software (whether free or proprietary), its suppliers will learn to pay attention. The FSF is arguing, in essence, that it is Cisco's responsibility to put a program in place to ensure that its suppliers are delivering properly-licensed software. It is Cisco which should be finding licensing problems in its products, not the owners of the code it is using.
The complaint
[PDF] describes a long series of meetings with Cisco. Several times,
the complaint says, "Defendant corresponded with Plaintiff
repeatedly regarding the matter and Plaintiff believed in good faith that a
satisfactory resolution of its concerns could be reached.
" But then
more problems always turned up. So, after a few years, the FSF has given
up:
The complaint alleges that Cisco is guilty of copyright infringement. The
court is asked to provide injunctive relief - taking the offending products
off the market. The FSF is also asking for damages, attorney's fees, and
"all profits derived by Defendant from its unlawful acts
".
All this would be a heavy price for Cisco to pay. And it could well be that a court would go along with most of these requests. The fact of the matter, though, is that things are unlikely to get that far. Unlike, say, SCO, Cisco has not made any statements about the validity of the GPL. It is an active contributor to GPL-licensed projects, including the Linux kernel. Cisco's behavior looks more like negligence than malice. This suit will probably get the attention of people in very high levels of management at Cisco; they, in turn, will almost certainly come to the table and find a way to make the FSF go away. There is no value for them in any other course of action.
So this episode will blow over, probably within a few months. But there are still a couple of interesting things to note here. One is that the Linux kernel is not involved in this suit at all, and neither is Busybox. Those two projects have been at the center of most GPL-enforcement actions thus far. The FSF, though, is focusing on projects that it owns: glibc, GCC, coreutils, binutils, gdb, and wget. That widens the scope somewhat, showing that GPL compliance is not just required for a small number of programs.
Incidentally, all of the code at issue in this suit is licensed under GPLv2; version 3 of the license is not part of this action.
This suit also marks a bit of a change for the FSF, which, traditionally, has strongly favored quiet resolution of GPL-compliance issues. It seems that even the FSF has a point where its patience runs out. It may also be that the influence of the Software Freedom Law Center, which appears to be rather more willing to go to court, is being felt at the FSF. In any case, it is reasonable to expect that the FSF might find itself involved in more legal actions in the future.
This lawsuit will doubtless be used by people to show how use of
GPL-licensed software can create risks for companies. The truth is more
straightforward, though. Use of any copyrighted material without an
accompanying license is generally against the law; incorporating such
material into products will always be a risky thing to do. There is
nothing special about the GPL in that regard.
(Log in to post comments)
The FSF raises the stakes for Cisco
Posted Dec 12, 2008 20:11 UTC (Fri) by flewellyn (subscriber, #5047) [Link]
Good analysis. I think, personally, that the FSF have shown extraordinary patience in trying to negotiate for a full five years before deciding that a lawsuit was warranted.
Now I'm curious. Has the FSF ever actually brought suit before on a GPL matter? I don't recall reading about any such cases; plenty in which they contacted a company or group of developers and got the matter resolved amicably without recourse to the courts, but none in which they actually had to go to court.
No, the FSF hasn't gone to court before.
Posted Dec 12, 2008 22:14 UTC (Fri) by merriam (guest, #474) [Link]
In the fifteen years we've spent enforcing our licenses, we've never gone to court before.
-- Peter Brown, executive director of the FSF
No, the FSF hasn't gone to court before.
Posted Dec 12, 2008 22:34 UTC (Fri) by tialaramex (subscriber, #21167) [Link]
If Cisco responds by fixing the things the FSF complains about, and offers the FSF a modest donation in exchange for dropping the suit, it will, and then once again the FSF has "never gone to court"
Or is that intended as a stronger assertion that they've never sued anyone?
No, the FSF hasn't gone to court before.
Posted Dec 12, 2008 23:00 UTC (Fri) by johill (subscriber, #25196) [Link]
more precisely
Posted Dec 12, 2008 23:41 UTC (Fri) by merriam (guest, #474) [Link]
It's the first time we've ever filed suit in a compliance case.
-- Brett Smith, Licensing Compliance Engineer, Free Software Foundation
Brett Smith's statement, no longer available at technocrat.net
Posted Dec 30, 2008 3:19 UTC (Tue) by merriam (guest, #474) [Link]
To: gnu-prog@gnu.org
Subject: FSF Files Suit Against Cisco For GPL Violations
Date: Thu, 11 Dec 2008 12:40:44 -0500 (09:40 PST)
Hello GNU Maintainers,
You might have seen the press release go out over one of our other
mailing lists, but I wanted to be sure that all of you saw this. This
morning the FSF filed suit against Cisco for violating the GPL and the
LGPL. To make sure everyone understands what's going on and why we did
this, we've put out a press release[1], a blog post with more background
information about the case[2], and if you want, you can even read a
complete copy of the complaint[3].
[1] http://www.fsf.org/news/2008-12-cisco-suit
[2] http://www.fsf.org/blogs/licensing/2008-12-cisco-complaint
[3] http://www.fsf.org/licensing/complaint-2008-12-11.pdf
This isn't a choice we made lightly. It's the first time we've ever
filed suit in a compliance case. But ultimately we felt this was the
best way to make sure that Cisco fulfills its license obligations going
forward.
This shouldn't have any impact on the work you do as GNU maintainers;
since we're the copyright holders for the software in question, all the
work's on us. I just wanted to give you a heads-up. If you all have
any questions about this case, please feel free to contact me.
Best regards,
--
Brett Smith
Licensing Compliance Engineer, Free Software Foundation
--
http://lists.gnu.org/mailman/listinfo/gnu-prog
The FSF raises the stakes for Cisco
Posted Dec 13, 2008 7:59 UTC (Sat) by gdt (subscriber, #6284) [Link]
The company is being set up for trouble by its suppliers - the firms based in the far east which actually make the hardware sold under the Linksys name.
I could buy that if this were the start of the contact with Cisco. But it has been many years and more than enough time has passed for Cisco/Linksys to put in place suitable contracts regarding GPL-style licenses with its down stream suppliers.
During the period mentioned in the filing Linksys managed to renegotiate with their suppliers to lower Linksys's bill of materials by moving the operating system of the WRT54G series from Linux to Vxworks. This tells us that there is close communications between Linksys and their suppliers regarding the software used in Linksys's products. Presumably Linksys met Wind River's licensing requirements for the use of Vxworks in Linksys's products, so what's so hard about meeting the less onerous requirements of the GPL?
The FSF raises the stakes for Cisco
Posted Dec 13, 2008 23:49 UTC (Sat) by gmaxwell (guest, #30048) [Link]
The FSF raises the stakes for Cisco
Posted Feb 12, 2009 21:14 UTC (Thu) by jlokier (guest, #52227) [Link]
FSF, OSI and Busybox
Posted Dec 13, 2008 14:21 UTC (Sat) by man_ls (guest, #15091) [Link]
I was curious to find out what the Open Source camp thought about these cases. You know, the SFLC has a close relationship with the FSF, and they are filing suits on behalf of Busybox. Rob Landley (member of OSI and close friend of Raymond) used to be the Busybox maintainer. It seemed that these cases were a much-needed point of contact between OSI and the FSF.Well, it seems that Landley at least is not feeling so well about the lawsuit, if only because he has some previous dealings with Cisco. He says:
I thought they were doing good. Half the reason I went with them in the first palace is that they were NOT the FSF, that had distanced themselves from the FSF and their suits _weren't_ like the one against Mepis. [...] And now this...Meanwhile, OSI links to this same news item on their homepage, and . It would be nice to know their official position on the matter.
FSF, OSI and Busybox
Posted Dec 14, 2008 0:44 UTC (Sun) by sbergman27 (guest, #10767) [Link]
As the maintainer of Busybox, his opinion on this matter carries some weight, in my opinion. Equally interesting would be the opinions of contributors to FSF software, who signed away their rights in the matter, believing the FSF's "trust us" assurances.
The FSF's claims had better bear out. And I hope LWN.net will keep a close eye on this situation.
FSF, OSI and Busybox
Posted Dec 14, 2008 1:18 UTC (Sun) by nix (subscriber, #2304) [Link]
assignment has a grantback clause.
FSF, OSI and Busybox
Posted Dec 14, 2008 4:46 UTC (Sun) by dlang (guest, #313) [Link]
in addition there is no way to undo the copyright assignment if the FSF starts doing things that they don't like.
for the record Rob Landley is a former contributor/maintainer of busybox
Then why are you surprised?
Posted Dec 15, 2008 15:11 UTC (Mon) by khim (subscriber, #9252) [Link]
for the record Rob Landley is a former contributor/maintainer of busybox.
Busybox rejected FSF pleas in the past (by switching to GPLv2 only license) so why they believe FSF will do what they want now? When FSF asks them to do something - they refuse because they have right to do so, but when they ask FSF something they expect that FSF will hear? Why?
Just because
Posted Dec 15, 2008 19:24 UTC (Mon) by man_ls (guest, #15091) [Link]
Are you sure this is relevant? If it is, it shouldn't be. If they have good reasons I'm sure that the FSF would listen to them. That is at least what I expect from them (and why I contribute to FSFE).
FSF, OSI and Busybox
Posted Dec 19, 2008 4:57 UTC (Fri) by lysse (guest, #3190) [Link]
More broadly, it strikes me as strange that one might consider the FSF's being prepared to launch a lawsuit to defend the GPL as in any way incompatible with, or unpredictable given, their stated intention to uphold and enforce the GPL. In short, copyright assigners must surely have seen this coming at some point - indeed, the very action of transferring said copyright to the FSF may well be considered an implicit assent to whatever enforcement actions the FSF deem necessary, simply because of the nature of such an arrangement.
(Of course, in some jurisdictions certain aspects of copyright are not transferable or assignable at all; from the Berne Convention, 6bis:
> Independent of the author's economic rights, and even after the transfer of the said rights, the author shall have the right to claim authorship of the work and to object to any distortion, mutilation or other modification of, or other derogatory action in relation to the said work, which would be prejudicial to the author's honor or reputation.
It is conceivable that an action such as a lawsuit, conducted against the author's express wishes, could be argued to be a "derogatory action in relation to the said work", although I don't know what precedents might exist to support it.)
FSF, OSI and Busybox
Posted Dec 19, 2008 5:02 UTC (Fri) by lysse (guest, #3190) [Link]
FSF, OSI and Busybox
Posted Dec 14, 2008 11:20 UTC (Sun) by ballombe (subscriber, #9523) [Link]
FSF, OSI and Busybox
Posted Dec 14, 2008 11:56 UTC (Sun) by man_ls (guest, #15091) [Link]
It is irrelevant to the present case, but not to the wider issue of copyright violations: Landley has some experience in the matter. Just as Harald Welte, who as kragil noted in the news item also knows a thing or two about violations), and he is quite more sympathetic to the lawsuit:So the FSF's decision to take this problem to court is the most appropriate response that one can think of.It is always interesting to know what knowledgeable people think about an issue, IMHO. That's why I wonder whether Landley's opinion is isolated (and maybe driven by his contract with Cisco).
FSF, OSI and Busybox
Posted Dec 14, 2008 13:48 UTC (Sun) by nix (subscriber, #2304) [Link]
by his, to be frank, irrationally intense dislike of the FSF and all its
doings. Threatening his meal ticket was just an intensifier.
FSF, OSI and Busybox
Posted Dec 14, 2008 15:18 UTC (Sun) by johill (subscriber, #25196) [Link]
FSF, OSI and Busybox
Posted Dec 14, 2008 15:30 UTC (Sun) by nix (subscriber, #2304) [Link]
- they didn't know Cisco was his employer, in which case there's no
reason for them to assume he'd care
- they did know Cisco was his employer, in which case they'd surely not
tell him and give his employer advance notice of a pending suit. (Before
the suit is filed, wouldn't this sort of thing violate attorney/client
confidentiality anyway? I'm not even a US resident let alone a lawyer but
it would seem seriously off to me.)
FSF, OSI and Busybox
Posted Dec 19, 2008 22:25 UTC (Fri) by giraffedata (guest, #1954) [Link]
they'd surely not tell him and give his employer advance notice of a pending suit.
Why wouldn't they want Cisco to have advance notice of the lawsuit? I assume they told Cisco clearly multiple times that they intended to sue (hoping Cisco would respond by making it unnecessary).
Legal process isn't like war.
FSF, OSI and Busybox
Posted Jan 13, 2009 2:05 UTC (Tue) by darkonc (guest, #14197) [Link]
The list could go on....
> Legal process isn't like war.
FSF, OSI and Busybox
Posted Jan 13, 2009 4:31 UTC (Tue) by giraffedata (guest, #1954) [Link]
You have a pretty-much no-holds-barred system there the point is to win 'at all costs'
The legal process I know isn't anything like that. First of all, most holds are barred. There are rules that fill books, and a referee always there to ensure only the most sportsmanlike holds are used. And in civil court, few litigants are interested in winning at all costs. In fact, most cases people would like to win don't even become lawsuits because the minimum cost of winning would exceed the payoff.
I don't think a surprise lawsuit is anything like a surprise attack anyway. Imagine a military attack where you suddenly inform the enemy that you're going to bomb him as soon as he's had time to prepare a thorough defense, including getting from you all the details of what kind of bomb you will drop and where. That's what a surprise lawsuit would be.
FSF, OSI and Busybox
Posted Dec 14, 2008 17:27 UTC (Sun) by hppnq (guest, #14462) [Link]
It is irrelevant to the present case, but not to the wider issue of copyright violations
The only thing I found somewhat relevant is the mention of Linksys as a model citizen on the BusyBox license page. All in all it very much sounds like a "Sue anyone except my friends" model, which is not uncommon I guess.
The rest of Landley's rambling is simply personal stuff that I found unpleasant and uninteresting to read.
relevance of Landleys comments
Posted Dec 15, 2008 10:32 UTC (Mon) by pjm (guest, #2080) [Link]
I think the primary relevance of the cited blog is not Landleys relationship with Busybox but rather the issues he raises in the first 1–3 paragraphs of http://landley.net/notes.html#11-12-2008 (and the “last week” entry it references): that it is valuable to have large hardware procurers/suppliers like Cisco on ones side (e.g. having free software driver support as one of their condition of procurement), and his impression as a Cisco insider that this suit jeapordizes Ciscos steps in that direction: and hence that this “bull in a china shop” approach is a tactical error for FSFs goals.
relevance of Landleys comments
Posted Dec 15, 2008 12:55 UTC (Mon) by Ze (guest, #54182) [Link]
his impression as a Cisco insider that this suit jeapordizes Ciscos steps in that direction: and hence that this bull in a china shop approach is a tactical error for FSFs goals.
Can anybody say with a clear conscience that the previous approach had worked to get cisco to get it's linksys division' house in order? clearly it hadn't since 5 years after cisco bought linksys, the linksys division of cisco was still fixing GPL compliance issues after product is released.
I'm going to make an entirely reasonable guess at what is going to happen. This will all blow over in month or two, cisco will keep it's linux plans on track (especially since the BSD's would be affected just the same , since they use some FSF GPL software) and that they will finally push their GPL compliance procedures at cisco out to their linksys subdivision.
relevance of Landleys comments
Posted Dec 15, 2008 23:24 UTC (Mon) by pjm (guest, #2080) [Link]
relevance of Landleys comments
Posted Dec 15, 2008 23:39 UTC (Mon) by landley (guest, #6789) [Link]
> worked to get cisco to get it's linksys division' house in order?
Yeah. Me.
relevance of Landleys comments
Posted Dec 18, 2008 14:36 UTC (Thu) by Ze (guest, #54182) [Link]
>> worked to get cisco to get it's linksys division' house in order?
>Yeah. Me.
So why is linksys still causing the same problem with new products? have $$$ blinded you to the problem here? or have you just been bought heart and soul.
order
Posted Dec 18, 2008 23:53 UTC (Thu) by pjm (guest, #2080) [Link]
Regarding the current case, he has already once in these comments replied to the charge of being influenced by money in his opinions on this matter, if you care to look.
I would ask you to refrain from such comments no matter who you're replying to, but I think you owe Rob Landley much more credit than you're giving.
relevance of Landleys comments
Posted Jan 13, 2009 2:22 UTC (Tue) by darkonc (guest, #14197) [Link]
From my rather distant perch, it seems more like Cisco's simply been assuming that their GPL-friendliness (which has, incidently probably resulted in increased sales).. would give them a bye with result to their linksys-group violations.
It's actually two different issues with two different divisions of th company.
If the FSF's lenience has been truly productive, it would be good to know how..
FSF, OSI and Busybox
Posted Dec 27, 2008 16:02 UTC (Sat) by anton (subscriber, #25547) [Link]
Equally interesting would be the opinions of contributors to FSF software, who signed away their rights in the matter, believing the FSF's "trust us" assurances.When Gforth became GNU software, the FSF asked us to decide whether we wanted to keep the copyright and enforce the license ourselves, or whether we would transfer the copyright to the FSF and let them do the enforcement. Since none of us writes enforcement letters, lawsuits etc. as a hobby, we decided to transfer the copyright to the FSF. And I expect that the FSF will enforce the Gforth licence (GPLv3), and go to court if necessary. If they did not, I would feel that the FSF had betrayed our trust.
FSF, OSI and Busybox
Posted Dec 14, 2008 1:45 UTC (Sun) by ewan (subscriber, #5533) [Link]
That's 'previous dealings' as in they've been paying him to do anything they think will help them.It's not entirely clear why he's so pissed off (other than he obviously dislikes the FSF, and now the SFLC are helping them out as well as him) - he seems to be fairly clear that Cisco are going heavily into using Linux, and it seems pretty clear they're not complying with the licence. So what's Landley's problem exactly?
FSF, OSI and Busybox
Posted Dec 14, 2008 4:55 UTC (Sun) by dlang (guest, #313) [Link]
I haven't taken the time to wade through the details, so I can't say which side is right, so I'm not taking sides here.
FSF, OSI and Busybox
Posted Dec 14, 2008 7:02 UTC (Sun) by Ze (guest, #54182) [Link]
what you are pointing at is a quote from the contract that rob just signed with Cisco. Rob points out in the previous days comments that busybox had been listing Cisco as an example of the right way to do license compliance. so to see them be sued by the FSF seems odd.
Why does it seem to be odd? BusyBox isn't in the suit and furthermore BusyBox isn't FSF.
I haven't taken the time to wade through the details, so I can't say which side is right, so I'm not taking sides here.
Personally I'm going to err on the side of caution here and say that it's an ongoing problem that FSF is sick of trying to get them to comply after the fact rather than as part of the product development.The FSF have been going to cisco for five years to keep fixing the same problem just on different products. How is this fair? When cisco has clearly had enough time to get their act together and pro-actively fix a problem they know exists. The simple answer is that it's cheaper for them to react to FSF's complaints then to pro-actively prevent them since FSF's resources are free for them to use. With the situation up until now , cisco was effectively getting the investigation into GPL compliance for new products for free , rather than having to pay for it themselves.
It's akin to getting your brakes done at a mechanic , than having to go back every time and get him to bleed them. He clearly knows he's got to bleed the brakes as part of the job but he only does it when you come back and ask him to do it.
Rob clearly is upset that FSF entirely separate actions might interfere with his meal ticket.
FSF, OSI and Busybox
Posted Dec 16, 2008 0:05 UTC (Tue) by landley (guest, #6789) [Link]
> with his meal ticket.
Actually, I've received far more money from the SFLC's enforcement actions (without ever _asking_ for a dime, they just sent it to me) than I've ever received from Cisco. By your logic I should be gung-ho SFLC and drop Cisco like a rock.
I also note I've been contacted by four other people trying to hire me in the past month. That's without _looking_ for work; they came to me.
> The FSF have been going to cisco for five years to keep fixing the same
> problem just on different products.
The current FSF license enforcement guy has been on the job for maybe a year. I met him in New York this September when we were both on a panel at a conference HP flew me in for. When I talked to him he said he was the entirety of the FSF's licensing division, just that one guy. I asked him about the Mepis suit, and he didn't know about it because that had been handled by his predecessor. He was very up front about being new on the job.
So here's a guy who didn't know anything about a 2 year old conflict that made news here on LWN more than once, claiming to have a 5 year relationship with Cisco that long predated him. (I also point out that the SFLC didn't _exist_ 5 years ago, and the first time the complaint says the FSF did anything "through counsel" was this February. So they're _both_ new at this.)
They're suing Cisco over a Broadcom toolchain, which as far as I can tell Broadcom never gave Cisco the source to in the first place. The FSF is chosing to sue Cisco rather than Broadcom, not because Cisco is more in the wrong but because (as far as I can tell from the outside) they think Cisco is more easily intimidated due to having previously folded to the BusyBox guys (again, back before the SFLC existed).
Translation: if you settle a GPL suit, you open yourself to more from other parties. That's a wonderful message to send, isn't it?
I agreed to work with Cisco _because_ I liked what they were doing, not the other way around. I've amicably left a number of employers because the work they wanted me to do either wasn't interesting or wasn't something I was comfortable doing, and I've turned down plenty more offers of work I simply didn't want to do. (I admit this is a luxury, but it's one I currently have.)
Broadcom or Cisco responsibility?
Posted Dec 16, 2008 23:33 UTC (Tue) by xoddam (subscriber, #2322) [Link]
> can tell Broadcom never gave Cisco the source to in the first place.
It's even theoretically possible that the supplier was abiding by the
licence, if they offered the source but the integrator never got
around to obtaining it. OTOH a more likely scenario is that the
supplier failed to supply correct and/or complete corresponding
source code and the integrator accepted the binaries without
confirming that the source matched.
Either way, if Cisco is redistributing software, it's Cisco's
responsibility to ensure that it's in compliance with the copyright
requirements on that software. Which, in the case of GPL'd software,
means actually obtaining the corresponding source code from the
supplier and making it available down the line.
(Of course I know nothing of the facts here, I'm just speculating).
> The FSF is chosing to sue Cisco rather than Broadcom...
If it's Cisco and not Broadcom which is making software derived from
FSF-copyrighted code available to the public in violation of the
licence, this is logical. It's Cisco's responsibility to make sure
it follows the licence conditions, even if the problem originated
elsewhere.
Broadcom or Cisco responsibility?
Posted Dec 17, 2008 0:31 UTC (Wed) by dlang (guest, #313) [Link]
much as they would like to, the FSF cannot say that any company failed to comply with the GPL on something the FSF controls and therefor looses the ability to use the GPL on something the FSF doesn't control
now, I agree that a settlement is probably going to cover all GPL software, but they already did that and the FSF is playing hardball.
"toolchain", not "driver"
Posted Dec 17, 2008 0:44 UTC (Wed) by xoddam (subscriber, #2322) [Link]
That's "toolchain", not "driver", no mention of the Linux kernel.
FSF, OSI and Busybox
Posted Dec 17, 2008 14:15 UTC (Wed) by hppnq (guest, #14462) [Link]
Translation: if you settle a GPL suit, you open yourself to more from other parties. That's a wonderful message to send, isn't it?
Not an uncommon spin of course, and you are free to entertain it, but I think we have passed the point where ignorance and misinformation are significant or even relevant factors in Free Software adoption.
You make it sound as if LinkSys has been punished more than enough by the BusyBox tough guys and the Hall of Shame (to the extent that they are now an example of good behaviour for other offenders), which, indeed, is not such a great message, but one that will be ignored by most parties involved. LinkSys most of all, it seems.
FSF, OSI and Busybox
Posted Dec 18, 2008 13:07 UTC (Thu) by Los__D (guest, #15263) [Link]
Translation: if you settle a GPL suit, you open yourself to more from other parties. That's a wonderful message to send, isn't it?Except it is: "if you settle a GPL suit, you open yourself to more from other parties unless you start complying with the GPL for all your releases". And yes, that IS a wonderful message to send.
Broadcom or Cisco
Posted Dec 18, 2008 15:28 UTC (Thu) by ajb (guest, #9694) [Link]
FSF, OSI and Busybox
Posted Dec 20, 2008 14:18 UTC (Sat) by Tet (subscriber, #5433) [Link]
The FSF is chosing to sue Cisco rather than Broadcom, not because Cisco is more in the wrong but because (as far as I can tell from the outside) they think Cisco is more easily intimidatedIt might not be pretty, but that's how the law works. When you have multiple infringing parties, it makes sense to sue the one you think has the highest likelihood of getting you a return. In this case, that happens to be Cisco rather than Broadcom. Whatever else though, Cisco do seem to be redistributing GPLed code without adhering to the terms of the license. Were you in Cisco's position, and about to release a product to the market, wouldn't you want to check that all of your licensing obligations had been met (whether you built the product yourself or bought it from Broadcom or someone in Taiwan is irrelevant here). Yet Cisco didn't do that. At best it's negligence, but repeating the same mistake again and again tends to imply it's something else. That alone makes them fair game in my book.
FSF, OSI and Busybox
Posted Dec 21, 2008 10:14 UTC (Sun) by Ze (guest, #54182) [Link]
So here's a guy who didn't know anything about a 2 year old conflict that made news here on LWN more than once, claiming to have a 5 year relationship with Cisco that long predated him. (I also point out that the SFLC didn't _exist_ 5 years ago, and the first time the complaint says the FSF did anything "through counsel" was this February. So they're _both_ new at this.)
Yes but it's quite possible that FSF was doing things itself before the SFLC and that they weren't doing them through counsel. That still doesn't predate a 5 year saga with cisco/linksys.
They're suing Cisco over a Broadcom toolchain, which as far as I can tell Broadcom never gave Cisco the source to in the first place. The FSF is chosing to sue Cisco rather than Broadcom, not because Cisco is more in the wrong but because (as far as I can tell from the outside) they think Cisco is more easily intimidated due to having previously folded to the BusyBox guys (again, back before the SFLC existed).
Actually I'm pretty sure they are suing cisco since they are the bigger infringer and they've repeatedly been told about the problem and fixed that particular issue without fixing the general compliance problem.
FSF, OSI and Busybox
Posted Dec 28, 2008 12:48 UTC (Sun) by Wol (subscriber, #4433) [Link]
They're suing Cisco over a Broadcom toolchain, which as far as I can tell Broadcom never gave Cisco the source to in the first place. The FSF is chosing to sue Cisco rather than Broadcom, not because Cisco is more in the wrong but because (as far as I can tell from the outside) they think Cisco is more easily intimidated due to having previously folded to the BusyBox guys (again, back before the SFLC existed).
Dare I suggest you should read the GPL? If you make and sell me a copy of Cent OS Linux, the GPL is very clear it is you who are responsible for giving me a copy of the source, not Cent OS.
It is Linksys that are selling copies of Linux, therefore it is Linksys that are responsible for providing the source. Otherwise, taken to its extreme, it would mean that nobody would be responsible for providing the source! (I was going to say "nobody other than the original author", but they can't be bound by the licence, which means effectively it would be "nobody at all"!)
Cheers,
Wol
FSF, OSI and Busybox
Posted Dec 28, 2008 16:34 UTC (Sun) by dlang (guest, #313) [Link]
you need to hurry and shut down all the violation of the GPL. you could be the RIAA of the opensource community (after all, what linux user _hasn't_ burned a CD and given it to someone)
The FSF raises the stakes for Cisco
Posted Dec 14, 2008 9:38 UTC (Sun) by lordsutch (guest, #53) [Link]
John, one nitpick: you write: "There is no corresponding source release, which is a clear violation of the GPL." The GPL (at least v2; I haven't waded into the v3 waters) does not require the distribution of source unless it is requested by someone that receives a binary, as long as a written offer to provide source is given. Thus the incomplete-source runaround the FSF documents may not be enough in a court of law as long as Cisco can document a good-faith effort to provide the source for each request in a timely fashion. Particularly since the GPL does not specify any time limit on how long a source request should take, this argument could be problematic if it ever gets in front of a judge. (IANAL, of course.)
The FSF raises the stakes for Cisco
Posted Dec 14, 2008 20:54 UTC (Sun) by ballombe (subscriber, #9523) [Link]
That the key: if CISCO did not include a written offer with their product, then they are not in compliance, and this is easy to check.
The GPL says "a written offer ... to give any third party... a complete machine-readable copy of the corresponding source code".
An written offer says "the source code is available at URL xxx" is not an offer to provide anything else, so if URL xxx does not include the complete source code, then CISCO did not provide a written offer for then complete source code.
The FSF raises the stakes for Cisco
Posted Dec 14, 2008 15:09 UTC (Sun) by johill (subscriber, #25196) [Link]
On the other hand, and this hasn't been mentioned either, which too I've been missing: if they have distributed just a single product without said written offer in the past, then, as far as I understand, they have automatically lost all their rights under the GPL, and are thus always in violation of copyright if they use the source in a future product, until those rights have been reinstated by the copyright holder.
This seems relevant to the case, since all those demands the FSF is making imply that without Cisco meeting those demands they will not reinstate Cisco's rights to the source code, which must surely be their leverage?
The FSF raises the stakes for Cisco
Posted Dec 14, 2008 18:06 UTC (Sun) by paulj (subscriber, #341) [Link]
"Accompany it with a written offer, valid for at least three years,to give any third party, [the source, etc.]."
How can the length of time be misinterpreted, in any reasonable way?
The FSF raises the stakes for Cisco
Posted Dec 14, 2008 19:23 UTC (Sun) by johill (subscriber, #25196) [Link]
Cisco isn't malicious -- just organizationally-challenged
Posted Dec 14, 2008 17:10 UTC (Sun) by shaneo (guest, #48399) [Link]
The strongest argument against Cisco in this case is simply the fact that this happens EVERY time Linksys releases a new product and Cisco-proper--which acknowledges the importance of GPL compliance in its other product lines--doesn't step in to stop the madness. The FSF has been more than patient with Cisco (as Jonathan notes above) and they've chosen now to apply leverage.
It's sad that Cisco couldn't get its act together to prevent this, especially considering their awareness and compliance with their enterprise and carrier products. Perhaps this is the call to action they needed.
Cisco isn't malicious -- just organizationally-challenged
Posted Dec 15, 2008 16:52 UTC (Mon) by NAR (subscriber, #1313) [Link]
Cisco isn't malicious -- just organizationally-challenged
Posted Dec 17, 2008 11:22 UTC (Wed) by etienne_lorrain@yahoo.fr (guest, #38022) [Link]
So there is a linked-in wireless driver - probably closed source (i.e. not developped by Linksys, they just licensed it from another company) - and that is possibly/probably the reason the source of the whole product is closed.
People cannot complain about those two things at the same time:
1) GPL is too restrictive, companies should be able to produce/sell Linux derived products using binary only drivers (wireless drivers, windows printers/modems, graphic and video drivers, hardware RAID...).
2) The open-source driver for their well known chipset (from the list above) does not exists, is not debugged enough - is not working.
Because if the GPL system were working correctly, the offending company would have had to pay more for the driver (so that it could be released as open source) before they produce/sell their own product.
And so there would be an available and working open source driver for Linux for your own computer on your distribution.
Cisco isn't malicious -- just organizationally-challenged
Posted Dec 18, 2008 11:59 UTC (Thu) by alex (subscriber, #1355) [Link]
If not, a simple ftp://ftp.gnu.org/gnu/ link somewhere in the license documentation would be (nearly) enough...Except it's not as your "nearly" comment alludes to. The responsibility of ensuring the source code is available resides with the entity distributing the binaries. I suppose if they made arrangements with a third party to ensure the source would be available for the next 3 years they might get away with it.
The company I'm currently working for distributes a product which is essentially Ubuntu + it's own proprietary user space. As it wanted to control the updates that go out we mirrored the Ubuntu release and made an apt repository available. When I was building the server I made sure we mirror the source packages as well so apt-get source will work. You get exactly the same source code as you would downloading from Ubuntu's servers (modulo the snapshot date) but this way ensures we are in compliance.
If companies can have lawyers looking at the contracts they sign with proprietary vendors why can't they offer the same care and attention to detail when dealing with FLOSS code? It's not rocket science.
Cisco isn't malicious -- just organizationally-challenged
Posted Dec 18, 2008 18:23 UTC (Thu) by dlang (guest, #313) [Link]
Cisco isn't malicious -- just organizationally-challenged
Posted Dec 19, 2008 23:49 UTC (Fri) by giraffedata (guest, #1954) [Link]
It isn't malicious, but it's obviously not simple negligence either. It's impossible to believe that at some point in the lengthy release process a Cisco employee didn't ask a representative of the far east manufacturer if there is any code in there it didn't write. And if so, what Cisco would have to do to get a license to distribute it.
Not only that, the unimportance of copyright in the far east country in question does not explain the copyright violation, as the article suggests. The far east company is in the business of producing products for the US and European markets, for customers subject to US and European laws; I'm sure it is more familiar with US copyright issues than those of the home country.
Someone had to have actively decided to ignore the problem. Instead of negligence, I would call that insouciance or apathy, or maybe recklessness.
You really can't distinguish between Cisco and Linksys in this discussion; if Cisco management chooses to let its Linksys employees run wild, it's part of Cisco's recklessness. But it would be fair to say there are two pieces to Cisco, one that's good with GPL compliance and one that isn't.
Cisco isn't malicious -- just organizationally-challenged
Posted Dec 20, 2008 10:34 UTC (Sat) by rwmj (subscriber, #5474) [Link]
You just have to replace GPL software with (eg) Windows CE in there to see how serious this is.
In fact, Cisco has taken HUGE strides in ensuring [Windows licensing] across Cisco-proper. However, Linksys is still held at arm's length [and continues to include unlicensed copies of Windows CE in their routers].
How many nanoseconds do you think Microsoft would have tolerated those sorts of violations? The FSF by contrast has been far more than just "patient". It has been exceptionally forgiving of something which, in the proprietary world, would have seen Cisco's offices raided repeatedly from day 1.
Cisco has saved probably hundreds of millions in licensing and support by using Linux and the GNU toolchain, and being "organizationally-challenged" is no excuse at all.
Rich.
Cisco isn't malicious -- just organizationally-challenged
Posted Dec 22, 2008 4:04 UTC (Mon) by shaneo (guest, #48399) [Link]
Cisco has been down this same path (serially, in some cases) with commercial vendors as well. Always quick to remedy, Cisco isn't trying to steal anything from them either and always pays (and sometimes pays contractual penalties as well).
I don't think you understand how licensing typically works w/ big companies that have LOTS of products, global presence, and few controls. Software in most of these companies is described as an "image" or a "load" and rarely contains a "Bill of Materials" that describes everything in that image. Lacking that Bill of Materials, how can a manufacturing group (which is separate and distinct from the group that built the software) enforce compliance by shipping the code? Thus my point on this being organizational in nature.
Sure, the basic commercial licensing model still holds: $BIG_COMPANY decides to build a product, they decide what components they are going to use/license, they contact those vendors and negotiate a deal for including their software in the product, and some money changes hands. The problem is different for "freely-downloadable" software--most engineers are NOT familiar with open source licenses and aren't aware what they are (or potentially are) obligating their company to when downloading the software. This is a shift in the problem from your Microsoft CE use-case, since you can't just go out and download Microsoft CE and embed it in your product...you need license keys, etc.
In many ways, ease of access to the code is the weak link in the chain for Cisco and other values of $BIG_COMPANY.
And to be clear, I'm not saying that Cisco isn't on the hook for compliance here, I'm simply making the point that non-compliance is not done with intent or malice. Doesn't make it right and Cisco SHOULD improve its processes (and I'd bet that this suit will be the catalyst for that exact response), but Cisco shouldn't earn the wrath of the Slashdot fan-boys for this. There are too many other valid reasons for Cisco to earn their wrath...
The FSF raises the stakes for Cisco
Posted Dec 15, 2008 16:40 UTC (Mon) by coriordan (guest, #7544) [Link]
It's worth pointing out that this is a pro-business move.
There are other big businesses (competitors of Cisco) that are distributing free software and complying with their obligations and giving freedom to users. It is essential that the licences be enforced so that compliant businesses don't feel that doing so is a waste of time.
From my knowledge of corporate approval processes, paranoia is more common than ignorance, so I'd be very surprised if Cisco didn't know what software was in the products they ship. Trying to claim honest (serial) negligence would seem a stretch.