olimex A20 image: GPL violation.

Discussion:

luke.leighton

2013-08-28 08:04:51 UTC

i note that you are providing A20 images for download here:
https://www.olimex.com/wiki/A20-OLinuXino-MICRO

i note also that there are people who have requested the source code here:
https://www.olimex.com/forum/index.php?topic=1776.0

i note also that you explain that there are "patches" made and that
you *explicitly* deny people their request under the GPL for those
patches.

this is an explicit GPL violation which i recommend that you correct
promptly. you are explicitly required to release the exact source
code which is used to create the binaries that you are distribution

if you do not correct this oversight you are required under the terms
of the GPL to cease and desist distribution of the images that are
created from the source code that you use.

i trust that you will promptly release the patches used to create the
images and will notify people on the forums at the above URL, as well
as notifying people on the gpl-violations legal mailing list of the
oversight.

l.

luke.leighton

2013-08-28 10:03:12 UTC

Permalink

On Wed, Aug 28, 2013 at 9:27 AM, Tsvetan Usunov, OLIMEX Ltd

Dear Luke
All sources which are used to build the images are linked to our Wiki, you
can try them yourself

do you have a link that you can provide - preferably on the forum as
well - which answers the question that was asked?

All changes and patches are made available to Linux-Sunxi community

where are those changes and patches posted? please advise where they
are made available.

and they
are to be merged in Linux-Sunxi github account, as I wrote in the forum post

you wrote in the forum post "we are not releasing the patches", and
avoided answering the question that was asked.

you've still avoided answering the question that was asked.

could you please answer the question and provide an explicit link to
where the code can be downloaded from?

also can i suggest that in order to avoid this confusion that you
explicitly link on this page here:
https://www.olimex.com/wiki/A20-OLinuXino-MICRO

to exactly and precisely where the source code may be obtained.

the reason why the question was asked on the forum is because you did
not provide source code links on the page.

l.

luke.leighton

2013-08-28 12:20:01 UTC

Permalink

btw tsvetan, a couple of other things:

1) your message has an implicit mocking tone of the business that we
are establishing, whereas you have an already-established business
that provides you with funds to create new boards and new products.

perhaps you could explain to the thousands of people on the
gpl-violations mailing list a) why you have raised an off-topic issue
and have criticised someone who is helping _you_ stay clear of gpl
violations b) what the purpose was for mocking someone who is
establishing a new business

2) as you have been on both the arm-netbooks mailing list and a member
of the sunxi community you will be aware of the efforts to coordinate
GPL compliance for allwinner and that because of the size of the
business that we are establishing we cannot take risks and so have had
to be very very strict.

you will therefore be aware that we put out a request to allwinner to
provide the NAND driver source code, and you will be aware that they
did in fact provide this (albeit not the exact same version because
they had to bypass the manager who is deliberately and constructively
interfering with the direct explicit orders of the Directors of
Allwinner to comply with the GPL).

you will also be aware that the A20 SDK provided boot0 and boot1
source code, and you will also be aware that we also made a request to
allwinner to provide this source code for boot0 and boot1 and they did
so (even though we didn't know it had already been put into the A20
SDK).

you will therefore be aware that in order to comply with the GPL you
will need to build and release *only* binaries that are built from GPL
sources, and as it is your business to sell hardware with GPL code,
you will also be aware that you need to *explicitly* provide that
exact source code.

so.

can you please answer the following questions:

1) where is the source - at what explicit link - can the kernel and
u-boot source be obtained from - which matches the binaries that you
have released.

2) does that source code include the GPL-compliant NAND driver code or
was it built from the GPL-violating libnand binary-only library?
please answer yes or no.

3) did you build the boot0 and boot1 from the A20 SDK source code.
please answer yes or no.

please remember that Allwinner's provision of non-GPL-compliant
binaries does not, under the GPL, exonerate you from also having to
comply with the GPL.

i went to a lot of trouble to help you and other businesses to obtain
GPL-compliant code and i do not appreciate you mocking our business on
public forums. can i suggest you don't do that again?

l.

Post by luke.leighton
On Wed, Aug 28, 2013 at 9:27 AM, Tsvetan Usunov, OLIMEX Ltd

Dear Luke
All sources which are used to build the images are linked to our Wiki, you
can try them yourself

do you have a link that you can provide - preferably on the forum as
well - which answers the question that was asked?

All changes and patches are made available to Linux-Sunxi community

where are those changes and patches posted? please advise where they
are made available.

and they
are to be merged in Linux-Sunxi github account, as I wrote in the forum post

you wrote in the forum post "we are not releasing the patches", and
avoided answering the question that was asked.
you've still avoided answering the question that was asked.
could you please answer the question and provide an explicit link to
where the code can be downloaded from?
also can i suggest that in order to avoid this confusion that you
https://www.olimex.com/wiki/A20-OLinuXino-MICRO
to exactly and precisely where the source code may be obtained.
the reason why the question was asked on the forum is because you did
not provide source code links on the page.
l.

luke.leighton

2013-08-31 00:09:06 UTC

Permalink

https://www.olimex.com/forum/index.php?topic=1776.msg8127#msg8127

tsvetan, hi,

i note that you've replied on the forum, mentioning that there is code
which "contains GPL violations" - this is incorrect.

the GPL violations are being committed by you, and your company, as
they are also being committed by anyone else who distributes binaries
compiled from GPL source without providing the full source code and
full tool chain.

if you were *only* providing a link to the source code (which happens
to also include a proprietary binary-only NAND driver) you would not
be violating the GPL.

if people then downloaded that source code themselves - as well as
downloading the proprietary binary-only NAND driver - and compiled it
up and made personal use of it and DID NOT DISTRIBUTE IT, they would
NOT be violating the GPL.

the clauses in the GPL which you're running into only come into play
on DISTRIBUTION, which is unfortunately what your company is doing.

now, i had not checked earlier (i received a report that someone had
downloaded the binaries) but checking the links now, i see you're
actually linking to images hosted on docs.google.com. this is
actually quite clever - it means you're not actually hosting the files
yourself... but you're still responsible for them: you've used
google's service as a means and method of "distribution".

what that means is that by continuing to distribute those binaries
without complying with the software license, you've actually used
someone *else's* service - a rather big company which has quite a few
people on this list who work for that company - whilst your own
company is now in Copyright violation.

would you care to remove those files (and the links) yourself, or
would you prefer that people help you out by clicking the "report
abuse" and then clicking the "Report Copyright Violation" buttons?

you *must* be more careful with this stuff, tsvetan. it's fine to
create an automated script which downloads the mixed GPL + proprietary
binaries and compiles or assembles it: this is what's done for example
with the debian packaging for flash player, and with mstruetypefonts.
they grab the proprietary [non-free] parts using wget and then go from
there.

now if your _customers_ decide to distribute those mixed and
license-incompatible binaries, having built them for themselves - even
using automated scripts that _you_ provided - that's NOT YOUR PROBLEM,
it's theirs. ideally you should warn them, but you'd be in the clear.

does this help explain the situation to you, at all?

l.

Arnt Karlsen

2013-08-31 13:29:55 UTC

Permalink

On Sat, 31 Aug 2013 01:09:06 +0100, luke.leighton wrote in message

Post by luke.leighton
https://www.olimex.com/forum/index.php?topic=1776.msg8127#msg8127
tsvetan, hi,
i note that you've replied on the forum, mentioning that there is code
which "contains GPL violations" - this is incorrect.
the GPL violations are being committed by you, and your company, as
they are also being committed by anyone else who distributes binaries
compiled from GPL source without providing the full source code and
full tool chain.
if you were *only* providing a link to the source code (which happens
to also include a proprietary binary-only NAND driver) you would not
be violating the GPL.
if people then downloaded that source code themselves - as well as
downloading the proprietary binary-only NAND driver - and compiled it
up and made personal use of it and DID NOT DISTRIBUTE IT, they would
NOT be violating the GPL.
the clauses in the GPL which you're running into only come into play
on DISTRIBUTION, which is unfortunately what your company is doing.
now, i had not checked earlier (i received a report that someone had
downloaded the binaries) but checking the links now, i see you're
actually linking to images hosted on docs.google.com. this is
actually quite clever - it means you're not actually hosting the files
yourself... but you're still responsible for them: you've used
google's service as a means and method of "distribution".
what that means is that by continuing to distribute those binaries
without complying with the software license, you've actually used
someone *else's* service - a rather big company which has quite a few
people on this list who work for that company - whilst your own
company is now in Copyright violation.
would you care to remove those files (and the links) yourself, or
would you prefer that people help you out by clicking the "report
abuse" and then clicking the "Report Copyright Violation" buttons?
you *must* be more careful with this stuff, tsvetan. it's fine to
create an automated script which downloads the mixed GPL + proprietary
binaries and compiles or assembles it: this is what's done for example
with the debian packaging for flash player, and with mstruetypefonts.
they

...("they" being "end users" of said flash player and Microsoft fonts,
debian merely distributes its own packaged script which automates the
downloading of the said flash player and said Microsoft fonts in full
compliance to their EULA contract terms)...

Post by luke.leighton
grab the proprietary [non-free] parts using wget and then go from
there.
now if your _customers_ decide to distribute those mixed and
license-incompatible binaries, having built them for themselves - even
using automated scripts that _you_ provided - that's NOT YOUR PROBLEM,
it's theirs. ideally you should warn them, but you'd be in the clear.
does this help explain the situation to you, at all?
l.

--
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.

luke.leighton

2013-08-31 14:12:32 UTC

Permalink

Post by Arnt Karlsen

Post by luke.leighton
you *must* be more careful with this stuff, tsvetan. it's fine to
create an automated script which downloads the mixed GPL + proprietary
binaries and compiles or assembles it: this is what's done for example
with the debian packaging for flash player, and with mstruetypefonts.
they

...("they" being "end users" of said flash player and Microsoft fonts,
debian merely distributes its own packaged script

... which happens to be under a nice free software compatible license...

Post by Arnt Karlsen
which automates the
downloading of the said flash player and said Microsoft fonts in full
compliance to their EULA contract terms)...

*sing-song and hand-waving* blah bla-blah, slightly inconvenient, but
everybody's happy.

thanks for clarifying, arnt, much appreciated.

l.