Post by Arnt KarlsenOn Fri, 07 Mar 2014 11:41:25 +0100, Kern wrote in message
Post by Kern SibbaldPost by Arnt KarlsenOn Thu, 06 Mar 2014 13:03:04 +0100, Kern wrote in message
Perhaps all this was obvious to you, but my main point is that from
the standpoint of an open source developer, what I am hearing on
this list about checksumming worries me that you are going in a
direction that could put more burden on developers not
just those who violate the GPL.
..having taken part in 11 years of Groklaw.net, I feel a wee bit of
short term agony on our part right now, will prevent another few
decades of frivolous litigation, once we have checksumming etc
frivolous lawsuit swatter tools in place in the courts.
..but we must make those tools available first.
Post by Kern SibbaldPost by Arnt Karlsen..pity, you could have use this in your (secret?) lawsuit on Bareos.
Now, that is a very curious comment "secret?". I didn't know there
was anything secret about this lawsuit. It is documented on the
Bareos website
...where they mention how they were not properly served... ;o)
OK, now I understand your comment.
Yes, Bareos posted this comment on their website shortly after
Bacula Systems announced the lawsuit. The facts are:
1. Bacula Systems doesn't do the formal notification,
it is the court, and that takes time. So Bareos
really should complain about the international judicial procedure.
2. Within a day or two Bareos hired a Swiss lawyer.
3. Within an hour of Bareos' contacting the Bacula Systems lawyer, he
received a courtesy copy directly from the Bacula Systems'
lawyer.
4. Bareos' lawyer with the case in hand then officially requested
a formal notification.
5. Based on the fact that the Bareos Swiss lawyer has *everything*,
the judge ruled that the notification was complete.
6. Bareos retains their comment on their website.
Post by Arnt KarlsenPost by Kern SibbaldThe lawsuit is about alleged theft of proprietary code and unfair
competition. Bareos also violated the Bacula copyright license, held
by the FSFE and after working with the FSFE corrected the most
flagrant violations. However, it is my belief that they are still
violating the copyright in two senses, one the commercial
(not putting the copyright where it should be), two violating
basic author's rights. Since I am no longer the copyright owner,
I can only act concerning part two: author's rights. My own
http://blog.bacula.org
Warning, it is longwinded. (this comment not made with any
negative intention).
..indeed ;o), but messing around with copyright notices is
a "Big Mistake", even without that thick Austrian accent.
..the expensive part is in your allegations of "unfair competition",
this will be hard to prove cheaply either way, "The SCO Group" also
tried that, and failed, but your alleged facts looks better founded,
and those are offtopic here, except as a litigation tactic.
Post by Kern SibbaldChecksums would not be of any use in this case.
..read "checksums" as "tests the jurors can easily do themselves",
such easy test would be useful if we had them now.
Yes, I agree that would be useful, and I will not complain if
you succeed in doing it.
However, permit me to suggest an alternative strategy that
might prove useful.
First my assumptions that may not be valid or may be hard to do:
1. Your goal is to make sure the "vendor" doesn't have any
additional functionality in his binary that is not present in the
distributed source code.
2. You can require the "vendor" to release the binaries with
debug symbols turned on or if they are stripped they must
be done in a way that they can be re-integrated as with rpm debug
packages.
3. You can require the *exact* build scripts that they used
to produce the binaries (i.e. which compiler, optimization options,...
4. Now at that point, one could (as a fairly big project) write a
program that
breaks the binary up into subroutines and puts them into some human
readable form (assembly language, or perhaps reconstructed C, C++).
Call it the "reconstructed source".
Now you can do a fairly high level comparison of the two programs on a
subroutine by subroutine basis (object file by object file or whatever) to
search and find any code that is included in the distributed binary that
is not in the distributed source. Comparing the "reconstructed source"
from the vendor's binary and a binary that you build, could also then
show up any major discrepancies or "code that was left out of the
distributed source".
Best regards,
Kern
Post by Arnt KarlsenPost by Kern SibbaldBest regards,
Kern
Post by Arnt KarlsenMaybe Bareos can use this in their defense and countersuit? ;o)
http://www.baculasystems.com/blog/bacula-systems-sa-files-lawsuit-against-bareos-gmbh-co-kg
http://www.bareos.org/en/news/items/lawsuite-between-bacula-systems-sa-and-bareos-gmbh-co-kg-copy.html