Discussion:
Use of GNU GPL 2.0 code in Mikrotik RBXXX series and others
al
2014-02-04 03:41:57 UTC
Permalink
Dear Mikrotik

We write in respect of your routers:
CCR series
CRS series
RB1xx series
RB230 series
RB3xx series
RB4xx series
RB5xx series
RB600 series
RB7xx series
RB800 series
RB9xx series
RB1xxx series
RB2011 series
RB Crossroads
SXT
OmniTik
Groove
METAL
SEXTANT

and switches:
RB250GS
RB260GS

which are based on, or include, software licensed under GNU GPL 2.0,
a common open source licence - a copy of the licence is available at
http://www.gnu.org/licenses/gpl-2.0.html

As you may be aware, the performance of an act restricted by copyright
in respect of a copyright work, in the absence of an appropriate
licence or other permission, infringes the copyright in that work.

As you may be further aware, the terms of the licence, which govern
the distribution of this software, require you, as distributor, to
fulfil certain commitments. In particular, a distributor of GNU GPL
2.0 'd code is required to:

a.) accompany distribution of object code with a copy of the text of
GNU GPL 2.0, and

b.) where the distribution is by means of a binary version of the
software (in this case, embedded in the router) either accompany the
binary distribution with:

1.) a copy of the source code (e.g. supplying a CD with the
product, or bundling the source code on any integrated disc); or

2.) a written offer to give *any* third party a copy of the
source code, for a charge no greater than your costs of performing
such distribution (e.g. making the relevant source code available
online, whether via http, ftp, svn or otherwise).

For the purposes of the licence, "source code" means the complete
corresponding machine readable source code for all modules it
contains, plus any associated interface definition files, plus the
scripts used to control compilation and installation of the executable.

We have been informed that there is no source code accompanying the
router, nor a written offer.

We would be grateful if you could confirm:
a.) how we can obtain copies of the source code for the GNU
GPL 2.0'd code in your product; and
b.) that you will comply with the terms of the GNU GPL 2.0 in
respect of your continuing distribution of GNU GPL 2.0'd code.

Kind regards,

Ál Cano Santana
Xarxa Integral de Professionals i Usuàries
Guifi.net

PS: Please "Reply All"
al
2014-02-04 12:46:56 UTC
Permalink
----- Mensaje original -----
Enviados: Martes, 4 de Febrero 2014 10:42:44
Asunto: Re: Use of GNU GPL 2.0 code in Mikrotik RBXXX series and
others
Al
No offense to you in this, this looks like an almost exact copy of an
email sent to Mikrotik in 2010.
I'm almost sure that it never was sent it.
I am a strong supporter of GNU and other open source software
licensing and making use of the same myself in a heavy way. I am
also a heavy user of Mikrotik hardware and software at work and at
home.
We have 4223 Mikrotik routers.
for any mikrotik you can have the IP > Services menu and turn on www
The you can go in a web browser to
http://your_router_ip/help/license.html
Then the following comes up (Version 6.7 - my home router) (at the
end of the email, Section 12 focussed here)
12. MISCELLANEOUS
This Agreement represents the complete agreement concerning this
license between the parties and supersedes all prior agreements and
representations between them. It may be amended only by writing
executed by both parties. If any provision of this Agreement is held
to be unenforceable for any reason, such provision shall be reformed
only to the extent necessary to make it enforceable.
For license obligations below that require Mikrotikls to provide
source code or other license obligations, you should contact
MikroTikls SIA
attn: license compliance
Pernavas iela 46
LV-1009, Riga
LATVIA
For license obligations below that require responses by email, you
For license obligations below that require responses by telephone or
fax, you should contact Mikrotikls SIA at: telephone +371 7317700,
fax +371 7317701
To get a CD with the corresponding source code for the GPL-covered
programs in this distribution, wire transfer $45 to MikroTikls SIA,
Pernavas 46, Riga, LV-1009, Latvia. Please contact MikroTikls SIA
for our current account information and wire transfer instructions.
Offer valid for three years from the date of distribution of this
software. This CD will only include the source code of the following
programs and any non-proprietary programs distributed according to
license requirements. This CD will not include MikroTikls
proprietary SOFTWARE.
The following list may or may not include all of the GNU/GPL software
that is included in the distribution. This list is not part of the
GNU/GPL license obligations. For GNU/GLP license obligations, you
must follow the GNU/GPL license procedures.
As far as I can tell they are complying with the GPL by providing a
written offer to provide all GPL sources with every device they sell
and it will come up on any system running the code.
No, they not. They made modifications to GPL'ed code that is not only "separate code".
I cannot find it up on their website or else ware.
While I would prefer them just to have a public repo with the code in
it I think they are compliant.
No, they don't:

http://www.gnu.org/licenses/gpl-violation.en.html

If you think you see a violation of the GNU GPL, LGPL, AGPL, or FDL, the first thing you should do is double-check the facts:

Does the distribution contain a copy of the License?

No, it has not.

Does it clearly state which software is covered by the License? Does it say anything misleading, perhaps giving the impression that something is covered by the License when in fact it is not?

No, it doesn't clearly.

Is source code included in the distribution?

No, it doesn't.

Is a written offer for source code included with a distribution of just binaries?

Not at all.

Is the available source code complete, or is it designed for linking in other non-free modules?

Is it designed for linking in ohter non-free modules.
Others can feel free to show me where my understanding of this is
incorrect.
[...]
If you take a look to this links (that presumably you're get if you buy CD-ROM), you see that a lot of them are broken or links to old versions or out-of-date. AND NO INCLUDE MIKROTIK MODIFICATIONS, because that just public official or not maintained links from copyright holder. Mikrotik are using modifications of new versions of GPL'ed (and other free licences) code and not to offer it.

Mikrotik must to be clear which parts of free software code are using, which ones are modified and offer source code of BOTH. If they want they also can say which one are proprietary software (from scratch).

"Source code" means the complete corresponding machine readable source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable.
Package name License URL
e2fsprogs GPL http://e2fsprogs.sourceforge.net/
ld.so ldso (BSD) ftp://metalab.unc.edu/pub/Linux/GCC
linux kernel GPL http://www.kernel.org/
OpenSSL OpenSSL (BSD) http://www.openssl.org/
ppp PPP (BSD)
ftp://metalab.unc.edu/pub/Linux/system/network/serial/ppp
racoon Raccon (BSD) http://www.kame.net/
netkit-telnet telnet (BSD)
ftp://metalab.unc.edu/pub/Linux/system/network/daemons
termcap LGPL ftp://metalab.unc.edu/pub/Linux/GCC
LinuxBIOS GPL http://www.linuxbios.org/
EtherBoot GPL http://www.etherboot.org/
Bochs LGPL http://www.gnu.org/directory/bochs.html
SGI STL STL http://www.sgi.com/tech/stl/
OpenSSH OpenSSH http://www.openssh.org/
uClibc LGPL http://www.uclibc.org/
SYSLINUX GPL http://syslinux.zytor.com/
NTP NTP http://www.ntp.org/
BusyBox GPL http://www.busybox.net/
expat expat http://expat.sourceforge.net/
Memtest86 GPL http://www.memtest86.com/
cpuburn GPL http://pages.sbcglobal.net/redelm/
libsvg LGPL http://cairographics.org/libsvg
libsvg-cairo LGPL http://cairographics.org/libsvg-cairo
cairo MPL http://cairographics.org/
fontconfig Fontconfig http://www.fontconfig.org/wiki/
freetype Freetype http://www.freetype.org/
net-snmp Net-snmp http://net-snmp.sourceforge.net/
libcroco LGPL http://www.freespiders.org/projects/libcroco/
pango LGPL http://www.pango.org/
librsvg LGPL http://librsvg.sourceforge.net/
glib LGPL http://www.gtk.org/
gtk+ LGPL http://www.gtk.org/
this software is based in part on the work of the Independent JPEG
Group jpeg
Regards
Alexander
Alexander Neilson
Neilson Productions Limited
021 329 681
022 456 2326
Post by al
Dear Mikrotik
CCR series
CRS series
RB1xx series
RB230 series
RB3xx series
RB4xx series
RB5xx series
RB600 series
RB7xx series
RB800 series
RB9xx series
RB1xxx series
RB2011 series
RB Crossroads
SXT
OmniTik
Groove
METAL
SEXTANT
RB250GS
RB260GS
which are based on, or include, software licensed under GNU GPL 2.0,
a common open source licence - a copy of the licence is available at
http://www.gnu.org/licenses/gpl-2.0.html
As you may be aware, the performance of an act restricted by
copyright
in respect of a copyright work, in the absence of an appropriate
licence or other permission, infringes the copyright in that work.
As you may be further aware, the terms of the licence, which govern
the distribution of this software, require you, as distributor, to
fulfil certain commitments. In particular, a distributor of GNU GPL
a.) accompany distribution of object code with a copy of the text of
GNU GPL 2.0, and
b.) where the distribution is by means of a binary version of the
software (in this case, embedded in the router) either accompany the
1.) a copy of the source code (e.g. supplying a CD with the
product, or bundling the source code on any integrated disc); or
2.) a written offer to give *any* third party a copy of the
source code, for a charge no greater than your costs of performing
such distribution (e.g. making the relevant source code available
online, whether via http, ftp, svn or otherwise).
For the purposes of the licence, "source code" means the complete
corresponding machine readable source code for all modules it
contains, plus any associated interface definition files, plus the
scripts used to control compilation and installation of the
executable.
We have been informed that there is no source code accompanying the
router, nor a written offer.
a.) how we can obtain copies of the source code for the GNU
GPL 2.0'd code in your product; and
b.) that you will comply with the terms of the GNU GPL 2.0 in
respect of your continuing distribution of GNU GPL 2.0'd code.
Kind regards,
Ál Cano Santana
Xarxa Integral de Professionals i Usuàries
Guifi.net
PS: Please "Reply All"
Joseph Heenan
2014-02-05 09:32:09 UTC
Permalink
Hi Al,

I can't quite follow everything here; please allow me to ask some
question to clarify what is going on.
Post by al
While I would prefer them just to have a public repo with the code in
it I think they are compliant.
http://www.gnu.org/licenses/gpl-violation.en.html
Does the distribution contain a copy of the License?
No, it has not.
Which distribution are you referring to - the distribution with the
hardware, or are there separate downloads available?

Is the GPL license available (as I think Alexander states) at
http://your_router_ip/help/license.html ?
Post by al
Does it clearly state which software is covered by the License? Does it say anything misleading, perhaps giving the impression that something is covered by the License when in fact it is not?
No, it doesn't clearly.
If there isn't copy of the GPL license, I'm not clear how there can be a
copy of the GPL license that doesn't clearly state was is covered by the
GPL?
Post by al
Is source code included in the distribution?
No, it doesn't.
That in itself may not be a violation (as they seem to instead have
taken to option to include a written offer to provide the source code
going by Alexander's email).
Post by al
Is a written offer for source code included with a distribution of just binaries?
Not at all.
Which distribution are you referring to?
Post by al
Is the available source code complete, or is it designed for linking in other non-free modules?
Is it designed for linking in ohter non-free modules.
I seem to be confused here - you have actually somehow obtained source
code, and it is missing parts? Which parts are missing?

Just to clarify, have you taken them up on the $45 offer to supply
source code on CD that Alexander's email included, or does this not seem
to apply to your router?

Joseph
al
2014-02-05 16:52:31 UTC
Permalink
----- Mensaje original -----
Enviados: Miércoles, 5 de Febrero 2014 10:32:09
Asunto: Re: Use of GNU GPL 2.0 code in Mikrotik RBXXX series and others
Hi Al,
I can't quite follow everything here; please allow me to ask some
question to clarify what is going on.
Post by al
While I would prefer them just to have a public repo with the code in
it I think they are compliant.
http://www.gnu.org/licenses/gpl-violation.en.html
If you think you see a violation of the GNU GPL, LGPL, AGPL, or
Does the distribution contain a copy of the License?
No, it has not.
Which distribution are you referring to - the distribution with the
hardware, or are there separate downloads available?
Both.

If you want to suffer a GPL violation in your own experience. You can download binaries with have a lot of parts GPL'ed from Mikrotik official website:
http://www.mikrotik.com/download

You can make it for real: download for example RouterOS - x86 - CD Image
http://download2.mikrotik.com/routeros/6.9/mikrotik-6.9.iso

Install it in a PC that you have.

Run it. Use it.

You have running a GNU/Linux changed and you are not get information about that, neither a copy of a GPL license and you don't have source code that binaries you're running. You can take a look in website, you can not find it.

You find that they say that this binaries you get is called "RouterOS". But is Linux! with GNU programs and other free software! There's just a little part that they develop: just graphical interface and some connectors (I'm not sure if something more). They said that all is RouterOS, and RouterOS is not free software.

Another example easer to test:
Go to same download page and download "Winbox":
http://download2.mikrotik.com/winbox.exe

Run it (that is a binary for win32 that you can run it with wine, i.e.).

Tachán! You're a running GTK and other free software programs "with something more"! But they don't say it, they don't provide you a copy of a LGPL license, neither GPL and you don't have source code that binaries you're running. There's not in web page.
"the source should be just as easy to access as the object code"
http://www.gnu.org/licenses/gpl-faq.html#AnonFTPAndSendSources

If you want I can offer more examples, but I think is enough (because I have not all time to fight to respect GPL, is for that I ask for help in this mailing list).
Is the GPL license available (as I think Alexander states) at
http://your_router_ip/help/license.html ?
No, it doesn't.
Post by al
Does it clearly state which software is covered by the
License? Does it say anything misleading, perhaps giving the
impression that something is covered by the License when in
fact it is not?
No, it doesn't clearly.
If there isn't copy of the GPL license, I'm not clear how there can be a
copy of the GPL license that doesn't clearly state was is covered by the
GPL?
There's a copy of another license. You can see it in:
http://demo2.mt.lv/help/license.html
Post by al
Is source code included in the distribution?
No, it doesn't.
That in itself may not be a violation (as they seem to instead have
taken to option to include a written offer to provide the source code
going by Alexander's email).
In itself is a violation not to offer a copy of license. Plus source code offer going by Alexander's email is incompleted or out-of-date.
Post by al
Is a written offer for source code included with a
distribution of just binaries?
Not at all.
Which distribution are you referring to?
There's not a distribution of any product or software of Mikrotik that have source code.
Post by al
Is the available source code complete, or is it designed for
linking in other non-free modules?
Is it designed for linking in ohter non-free modules.
I seem to be confused here - you have actually somehow obtained source
code, and it is missing parts? Which parts are missing?
It's hard to say, because there're missing.

At least:
Sure: libcroco, fontconfig, libsvg, libsvg-cairo, cpuburn
Maybe: e2fsprogs, ld.so, linux, OpenSSL, ppp, racoon, netkit-telnet, termcap, LinuxBIOS, EtherBoot, Bochs, SGI STL, OpenSSH, uClibc, SYSLINUX, NTP, BusyBox, expat, Memtest86, cairo, freetype, net-snmp, pango, glib, gtk+
and others that is hard to identify because I'm didn't do reverse engineering
Just to clarify, have you taken them up on the $45 offer to supply
source code on CD that Alexander's email included,
They have a list of incompleted, out-of-date or broken links in web page. Obviously I'm not going to pay 45$ to get the same but in CD. And, of course IT'S NOT A WAY TO OFFER CODE:
"the source should be just as easy to access as the object code"
http://www.gnu.org/licenses/gpl-faq.html#AnonFTPAndSendSources

Also there are violating GPL because they accept that they are using GPL'ed code but they don't provide a copy of license.
or does this not
seem
to apply to your router?
Joseph
A few questions and answers to understand why Mikrotik violate GPL (but you can read more of them).

Can some lawyer or hacker help me? I thought that in this mailing list can I get help and not to need to explain why Mikrotik are violating GPL (and other Free Software Licences). English is not my first language and is hard to me to explain myself in legal terms.

http://www.gnu.org/licenses/gpl-faq.html#DistributeExtendedBinary
I want to distribute an extended version of a GPL-covered program in binary form. Is it enough to distribute the source for the original version? (#DistributeExtendedBinary)

No, you must supply the source code that corresponds to the binary. Corresponding source means the source from which users can rebuild the same binary.

Part of the idea of free software is that users should have access to the source code for the programs they use. Those using your version should have access to the source code for your version.

A major goal of the GPL is to build up the Free World by making sure that improvement to a free program are themselves free. If you release an improved version of a GPL-covered program, you must release the improved source code under the GPL.

http://www.gnu.org/licenses/gpl-faq.html#GPLInProprietarySystem
I'd like to incorporate GPL-covered software in my proprietary system. Can I do this? (#GPLInProprietarySystem)

You cannot incorporate GPL-covered software in a proprietary system. The goal of the GPL is to grant everyone the freedom to copy, redistribute, understand, and modify a program. If you could incorporate GPL-covered software into a non-free system, it would have the effect of making the GPL-covered software non-free too.

A system incorporating a GPL-covered program is an extended version of that program. The GPL says that any extended version of the program must be released under the GPL if it is released at all. This is for two reasons: to make sure that users who get the software get the freedom they should have, and to encourage people to give back improvements that they make.

However, in many cases you can distribute the GPL-covered software alongside your proprietary system. To do this validly, you must make sure that the free and non-free programs communicate at arms length, that they are not combined in a way that would make them effectively a single program.

The difference between this and “incorporating” the GPL-covered software is partly a matter of substance and partly form. The substantive part is this: if the two programs are combined so that they become effectively two parts of one program, then you can't treat them as two separate programs. So the GPL has to cover the whole thing.

If the two programs remain well separated, like the compiler and the kernel, or like an editor and a shell, then you can treat them as two separate programs—but you have to do it properly. The issue is simply one of form: how you describe what you are doing. Why do we care about this? Because we want to make sure the users clearly understand the free status of the GPL-covered software in the collection.

If people were to distribute GPL-covered software calling it “part of” a system that users know is partly proprietary, users might be uncertain of their rights regarding the GPL-covered software. But if they know that what they have received is a free program plus another program, side by side, their rights will be clear.

http://www.gnu.org/licenses/gpl-faq.html#NonfreeDriverKernelLinux
Does distributing a nonfree driver meant to link with the kernel Linux violate the GPL? (#NonfreeDriverKernelLinux)

Linux (the kernel in the GNU/Linux operating system) is distributed under GNU GPL version 2. Does distributing a nonfree driver meant to link with Linux violate the GPL?

Yes, this is a violation, because effectively this makes a larger combined work. The fact that the user is expected to put the pieces together does not really change anything.

Each contributor to Linux who holds copyright on a substantial part of the code can enforce the GPL and we encourage each of them to take action against those distributing nonfree Linux-drivers.
Joseph Heenan
2014-02-06 10:51:49 UTC
Permalink
Hi Al,
Post by al
If you think you see a violation of the GNU GPL, LGPL, AGPL, or
Does the distribution contain a copy of the License?
No, it has not.
Post by Joseph Heenan
Which distribution are you referring to - the distribution with the
hardware, or are there separate downloads available?
Both.
http://www.mikrotik.com/download
You can make it for real: download for example RouterOS - x86 - CD Image
http://download2.mikrotik.com/routeros/6.9/mikrotik-6.9.iso
Install it in a PC that you have.
Run it. Use it.
You have running a GNU/Linux changed and you are not get information about that, neither a copy of a GPL license and you don't have source code that binaries you're running. You can take a look in website, you can not find it.
You find that they say that this binaries you get is called "RouterOS". But is Linux! with GNU programs and other free software! There's just a little part that they develop: just graphical interface and some connectors (I'm not sure if something more). They said that all is RouterOS, and RouterOS is not free software.
http://download2.mikrotik.com/winbox.exe
Run it (that is a binary for win32 that you can run it with wine, i.e.).
Tachán! You're a running GTK and other free software programs "with something more"! But they don't say it, they don't provide you a copy of a LGPL license, neither GPL and you don't have source code that binaries you're running. There's not in web page.
"the source should be just as easy to access as the object code"
http://www.gnu.org/licenses/gpl-faq.html#AnonFTPAndSendSources
That's actually a GPLv3 condition - GPLv2 allows written offer to be
made for binaries distributed by ftp etc. Do you know if any of the
software is GPLv3?
Post by al
In itself is a violation not to offer a copy of license. Plus source
code offer going by Alexander's email is incompleted or out-of-date.
It's a technical violation, yes. It's the kind of thing that's more
likely to be solved via education - assuming they are actually making
the source available via the written offer.

[By "technical violation" I mean, yes - it's a violation of the license
and they are not in compliance, but if they are actually making the
source code available when people pay $45 for the CD, then many owners
of GPLv2 code would probably not bother to pursue it.]
Post by al
Post by Joseph Heenan
Post by al
Is a written offer for source code included with a
distribution of just binaries?
Not at all.
Which distribution are you referring to?
There's not a distribution of any product or software of Mikrotik that have source code.
Post by Joseph Heenan
Post by al
Is the available source code complete, or is it designed for
linking in other non-free modules?
Is it designed for linking in ohter non-free modules.
I seem to be confused here - you have actually somehow obtained source
code, and it is missing parts? Which parts are missing?
It's hard to say, because there're missing.
Sure: libcroco, fontconfig, libsvg, libsvg-cairo, cpuburn
Maybe: e2fsprogs, ld.so, linux, OpenSSL, ppp, racoon, netkit-telnet, termcap, LinuxBIOS, EtherBoot, Bochs, SGI STL, OpenSSH, uClibc, SYSLINUX, NTP, BusyBox, expat, Memtest86, cairo, freetype, net-snmp, pango, glib, gtk+
and others that is hard to identify because I'm didn't do reverse engineering
If they are actually using busybox, report it following the instructions
on http://www.busybox.net/license.html - I think they do follow up on
technical violations.

If the copyright in any of that software is owned by GNU (nothing
sprints out at me, but others may know better) then (once it is proved
the software is in there) it's worth reporting to them, as they do tend
to persue all violations.

If linux is included, someone from gpl-violations may pick this up. Are
you able to find out for certain?

OpenSSH is BSD licensed; font config is a similarly open license, so
there is no requirement to supply the source for those.
Post by al
Post by Joseph Heenan
Just to clarify, have you taken them up on the $45 offer to supply
source code on CD that Alexander's email included,
"the source should be just as easy to access as the object code"
http://www.gnu.org/licenses/gpl-faq.html#AnonFTPAndSendSources
See before about GPLv2 vs V3. The contents of the CD is an important
deciding factor in how interested the copyright owners of GPLv2 software
will be in this violation, in my opinion.

If there is any GPLv3 software, that's a different matter and the CD is
then not relevant to that software.
Post by al
Also there are violating GPL because they accept that they are using GPL'ed code but they don't provide a copy of license.
Post by Joseph Heenan
or does this not
seem
to apply to your router?
Joseph
A few questions and answers to understand why Mikrotik violate GPL (but you can read more of them).
Can some lawyer or hacker help me? I thought that in this mailing list can I get help and not to need to explain why Mikrotik are violating GPL (and other Free Software Licences). English is not my first language and is hard to me to explain myself in legal terms.
I think generally, for people here to help, it needs to be clear which
version of the GPL the code is licensed under, how the license is being
violated, and which software is involved.
Post by al
http://www.gnu.org/licenses/gpl-faq.html#NonfreeDriverKernelLinux
Does distributing a nonfree driver meant to link with the kernel Linux violate the GPL? (#NonfreeDriverKernelLinux)
Linux (the kernel in the GNU/Linux operating system) is distributed under GNU GPL version 2. Does distributing a nonfree driver meant to link with Linux violate the GPL?
Yes, this is a violation, because effectively this makes a larger combined work. The fact that the user is expected to put the pieces together does not really change anything.
Each contributor to Linux who holds copyright on a substantial part of the code can enforce the GPL and we encourage each of them to take action against those distributing nonfree Linux-drivers.
Here, the opinions of Linus & GNU differs. Linus (and the linux
contributors in general) believe some cases exist where closed source
kernel modules are tolerated;
http://en.wikipedia.org/wiki/Loadable_kernel_module#License_issues


Joseph
al
2014-02-07 13:54:37 UTC
Permalink
----- Mensaje original -----
Enviados: Jueves, 6 de Febrero 2014 11:51:49
Asunto: Re: Use of GNU GPL 2.0 code in Mikrotik RBXXX series and others
Hi Al,
Post by al
If you think you see a violation of the GNU GPL, LGPL, AGPL, or
Does the distribution contain a copy of the License?
No, it has not.
Post by Joseph Heenan
Which distribution are you referring to - the distribution with the
hardware, or are there separate downloads available?
Both.
If you want to suffer a GPL violation in your own experience. You
can download binaries with have a lot of parts GPL'ed from
http://www.mikrotik.com/download
You can make it for real: download for example RouterOS - x86 - CD Image
http://download2.mikrotik.com/routeros/6.9/mikrotik-6.9.iso
Install it in a PC that you have.
Run it. Use it.
You have running a GNU/Linux changed and you are not get
information about that, neither a copy of a GPL license and you
don't have source code that binaries you're running. You can take
a look in website, you can not find it.
You find that they say that this binaries you get is called
"RouterOS". But is Linux! with GNU programs and other free
software! There's just a little part that they develop: just
graphical interface and some connectors (I'm not sure if something
more). They said that all is RouterOS, and RouterOS is not free
software.
http://download2.mikrotik.com/winbox.exe
Run it (that is a binary for win32 that you can run it with wine, i.e.).
Tachán! You're a running GTK and other free software programs "with
something more"! But they don't say it, they don't provide you a
copy of a LGPL license, neither GPL and you don't have source code
that binaries you're running. There's not in web page.
"the source should be just as easy to access as the object code"
http://www.gnu.org/licenses/gpl-faq.html#AnonFTPAndSendSources
That's actually a GPLv3 condition
No, it's not! Why do you say that? Is so clear in FSF site. I don't know why I must to discuss that with you (???)
- GPLv2 allows written offer to be
made for binaries distributed by ftp etc. Do you know if any of the
software is GPLv3?
You have approximated list of programs and you have access to binnaries:
http://www.mikrotik.com/download

You can answer to this question for yourself, if you need it. I don't need it, I know they are violating at least GPLv2.
Post by al
In itself is a violation not to offer a copy of license. Plus source
code offer going by Alexander's email is incompleted or
out-of-date.
It's a technical violation, yes. It's the kind of thing that's more
likely to be solved via education - assuming they are actually making
the source available via the written offer.
You saw it, I sent an e-mail it with education, they answer me empty words. If you want to help, and if you think is necessary, you can BUY (that's the word) the CD, try to compile it and make to run a Mikrotik router with it. Do you say you success? ;) I encourage you!
[By "technical violation" I mean, yes - it's a violation of the license
and they are not in compliance, but if they are actually making the
source code available when people pay $45 for the CD, then many owners
of GPLv2 code would probably not bother to pursue it.]
In FSF website they didn't speak about "technical violation". They speak about "violations". Violation is that Mikrotik are doing right now.
Post by al
Post by Joseph Heenan
Post by al
Is a written offer for source code included with a
distribution of just binaries?
Not at all.
Which distribution are you referring to?
There's not a distribution of any product or software of Mikrotik
that have source code.
Post by Joseph Heenan
Post by al
Is the available source code complete, or is it designed for
linking in other non-free modules?
Is it designed for linking in ohter non-free modules.
I seem to be confused here - you have actually somehow obtained source
code, and it is missing parts? Which parts are missing?
It's hard to say, because there're missing.
Sure: libcroco, fontconfig, libsvg, libsvg-cairo, cpuburn
Maybe: e2fsprogs, ld.so, linux, OpenSSL, ppp, racoon,
netkit-telnet, termcap, LinuxBIOS, EtherBoot, Bochs, SGI STL,
OpenSSH, uClibc, SYSLINUX, NTP, BusyBox, expat, Memtest86, cairo,
freetype, net-snmp, pango, glib, gtk+
and others that is hard to identify because I'm didn't do reverse engineering
If they are actually using busybox, report it following the
instructions
on http://www.busybox.net/license.html - I think they do follow up on
technical violations.
You have binnary, so you know they are using busybox. You report it to busybox people (you give us a link to companies and developers, not to users, I'm a user).
If the copyright in any of that software is owned by GNU (nothing
sprints out at me, but others may know better) then (once it is proved
the software is in there) it's worth reporting to them, as they do tend
to persue all violations.
If linux is included, someone from gpl-violations may pick this up. Are
you able to find out for certain?
OpenSSH is BSD licensed; font config is a similarly open license, so
there is no requirement to supply the source for those.
Post by al
Post by Joseph Heenan
Just to clarify, have you taken them up on the $45 offer to supply
source code on CD that Alexander's email included,
They have a list of incompleted, out-of-date or broken links in web
page. Obviously I'm not going to pay 45$ to get the same but in
"the source should be just as easy to access as the object code"
http://www.gnu.org/licenses/gpl-faq.html#AnonFTPAndSendSources
See before about GPLv2 vs V3. The contents of the CD is an important
deciding factor in how interested the copyright owners of GPLv2 software
will be in this violation, in my opinion.
See before my answer about.
If there is any GPLv3 software, that's a different matter and the CD is
then not relevant to that software.
Now I have no time, anyway I think is irrelevant, but maybe you have time.
Post by al
Also there are violating GPL because they accept that they are
using GPL'ed code but they don't provide a copy of license.
Post by Joseph Heenan
or does this not
seem
to apply to your router?
Joseph
A few questions and answers to understand why Mikrotik violate GPL
(but you can read more of them).
Can some lawyer or hacker help me? I thought that in this mailing
list can I get help and not to need to explain why Mikrotik are
violating GPL (and other Free Software Licences). English is not
my first language and is hard to me to explain myself in legal
terms.
I think generally, for people here to help, it needs to be clear which
version of the GPL the code is licensed under, how the license is being
violated, and which software is involved.
I said it before. I said it with all my technical knowledge. I didn't know how to do reverse engineering neither other technical strategies. But I provide information to download official Mikrotik binaries and you can do this task.
Post by al
http://www.gnu.org/licenses/gpl-faq.html#NonfreeDriverKernelLinux
Does distributing a nonfree driver meant to link with the kernel
Linux violate the GPL? (#NonfreeDriverKernelLinux)
Linux (the kernel in the GNU/Linux operating system) is
distributed under GNU GPL version 2. Does distributing a
nonfree driver meant to link with Linux violate the GPL?
Yes, this is a violation, because effectively this makes a
larger combined work. The fact that the user is expected to
put the pieces together does not really change anything.
Each contributor to Linux who holds copyright on a substantial
part of the code can enforce the GPL and we encourage each of
them to take action against those distributing nonfree
Linux-drivers.
Here, the opinions of Linus & GNU differs. Linus (and the linux
contributors in general) believe some cases exist where closed source
kernel modules are tolerated;
http://en.wikipedia.org/wiki/Loadable_kernel_module#License_issues
It doesn't matter Linus opinion, Linus didn't write the license of his software. I have no time to discussions. I think all of you have sufficient data to investigate that, and if you want to help, you can do it. Is not to help give me more work. You have binnaries.
Joseph
Arnt Karlsen
2014-02-08 11:21:10 UTC
Permalink
On Fri, 7 Feb 2014 13:54:37 +0000 (UTC), al wrote in message
Post by al
----- Mensaje original -----
Enviados: Jueves, 6 de Febrero 2014 11:51:49
Asunto: Re: Use of GNU GPL 2.0 code in Mikrotik RBXXX series and others
Hi Al,
Post by al
If you think you see a violation of the GNU GPL, LGPL, AGPL, or
Does the distribution contain a copy of the License?
No, it has not.
Post by Joseph Heenan
Which distribution are you referring to - the distribution with the
hardware, or are there separate downloads available?
Both.
If you want to suffer a GPL violation in your own experience. You
can download binaries with have a lot of parts GPL'ed from
http://www.mikrotik.com/download
You can make it for real: download for example RouterOS - x86 - CD Image
http://download2.mikrotik.com/routeros/6.9/mikrotik-6.9.iso
Install it in a PC that you have.
Run it. Use it.
..a more proper way to verify and prove Mikrotik etc alleged
GPL compliant binaries and sources, is buy their US$ 45 CD
and compile their source according to their recipe, and then
compare the resulting binaries with the binaries in the routers
you have access to, using check sum programs.

..if these binary checksums all match, then Mikrotik is in
full compliance.

..binaries does not need to run, to be GPL compliant.
And they do not need to be GPL compliant, to run.

..if any of these binary checksums does not match, then chances
are Mikrotik may guilty of criminal copyright infringement, of
criminal fraud to deter and cover up independent investigation
of said criminal copyright infringement, and of criminal fraud
of US$ 45 for each of their US$ 45 CDs, on top of their GPL
violations.

..I remind you all that the teeth in the GPL comes from copyright
law, and from criminal law, reasons important enough to Microsoft
that they decided to spend US$ 85 to 106 millions on the The SCO
Group litigation etc in 2003Q3 and "just" US$ 5 mill on fighting
the "computer virus" threat on their "operating system" products.
--
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.
Ralph Corderoy
2014-02-08 12:11:08 UTC
Permalink
Hi Arnt,
..a more proper way to verify and prove Mikrotik etc alleged GPL
compliant binaries and sources, is buy their US$ 45 CD and compile
their source according to their recipe, and then compare the resulting
binaries with the binaries in the routers you have access to, using
check sum programs.
..if these binary checksums all match, then Mikrotik is in full
compliance.
...
..if any of these binary checksums does not match, then chances are
Mikrotik may guilty of criminal copyright infringement
Doesn't a simple checksum comparison also depend on having sufficiently
close versions of compilers and linkers, e.g. an improvement in compiler
output might break a checksum, especially on a large codebase where
there's more chance of it being exercised.

Cheers, Ralph.
Arnt Karlsen
2014-02-08 13:09:51 UTC
Permalink
On Sat, 08 Feb 2014 12:11:08 +0000, Ralph wrote in message
Post by Ralph Corderoy
Hi Arnt,
..a more proper way to verify and prove Mikrotik etc alleged GPL
compliant binaries and sources, is buy their US$ 45 CD and compile
their source according to their recipe, and then compare the
resulting binaries with the binaries in the routers you have access
to, using check sum programs.
..if these binary checksums all match, then Mikrotik is in full
compliance.
...
..if any of these binary checksums does not match, then chances are
Mikrotik may
...be...
Post by Ralph Corderoy
guilty of criminal copyright infringement
Doesn't a simple checksum comparison also depend on having
sufficiently close versions of compilers and linkers, e.g. an
improvement in compiler output might break a checksum, especially on
a large codebase where there's more chance of it being exercised.
..easily, if you charge US$ 45 for a source CD, you probably
wouldn't want to miss such details and face the wrath of the
courts.
--
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.
Bradley M. Kuhn
2014-03-04 17:07:04 UTC
Permalink
I just got caught up on this thread, sorry to all for my late reply.

First of all, I don't necessarily agree with Bruce that $45 is
*necessarily* unreasonable, although it might be. I *do* think it's a
lot of money just to get a copy of source code.

I nevertheless don't want to judge before knowing all the facts. I
think if this matter were up for litigation over copyright infringement
in the USA, this would be a question of fact for the jury: was the $45
fee actually a "charge no more than [Mikrotik's] cost of physically
performing source distribution"?

However, I don't think we should engage in enforcement *merely* over the
"charge/price no more than…" clauses in GPLv2§3(b) and GPLv3§6(b).
Speaking for my own GPL enforcement work, I'd be unlikely to pursue a
matter if the *only* violation of GPL was, for example, "they charged
$45, but it only actually cost them $25 to perform the source
distribution". If they did that, as Arnt says, it *would* be a GPL
violation and *would* be copyright infringement, and it would cause them
to lose their rights of distribution per GPLv2§4 and GPLv3§8.

However, you'd only be able to *prove* that violation via the legal
discovery process (in a USA lawsuit, anyway), and it's not worth
bringing the case for that sort of GPL violation "misdemeanor". I've
got hundreds of "felonies" to go after anyway.

Thus, what concerns me here most is that there are accusations going
back to 2008 on this mailing list that Mikrotik's source code is not
complete, corresponding source (CCS) for their distributed GPL'd
binaries. If that's the case, then we should investigate. However,
during that investigation, we should give Mikrotik the benefit of the
doubt, and determine whether or not what they've provided is CCS.

Those who want to look further in this matter are encouraged to contact
me privately over at the GPL Compliance Project for Linux Developers (
http://sfconservancy.org/linux-compliance/ ) via
<***@sfconservancy.org>.


Finally, with regard to Ralph and Arnt's discussions of binary checksum
as way of CCS verification:

I've do a *lot* of GPL compliance CCS verification; frankly, I've surely
done and/or overseen more of it than anyone else in history. And,
AFAICT, most GPL compliance training courses (like Linux Foundation's)
and would-be GPL enforcers completely ignore this most important issue
of GPL compliance: the source code must correspond to the binaries
distributed, and must include "scripts used to control compilation and
installation of the executable". And, if it doesn't, then it's IMO
missed the point of the GPL entirely and is thus a serious and grave
violation. (I often feel like one of just a few people in the world who
has even ever *read* GPLv2§3's penultimate paragraph.) I'm thus
grateful that folks on this list are discussing this important issue.

That said, rote verification of a sha256sum of the binary virtually
never works in CCS verification. I can't remember a single GPL
enforcement case where I got the same md5sum/sha1sum/sha256sum [0] for
the built binaries. However, I have determined GPL compliance in most
of those cases where the checksums didn't match.

What Ralph hints at is indeed right: All the GPL experts that I know
believe that GPL requires the "scripts used to control compilation and
installation of the executable" to include details about what specific
compiler/linker should be used to build the software. However,
compilers are famous for doing things like including a timestamp in the
binary or a dozen other things that will yield a correct, corresponding
binary but one that doesn't share the exact same checksum as the
original binary. As such, if the checksums don't match, the CCS may
still be adequate, and further investigation is needed to determine
compliance.


[0] I've been doing GPL enforcement since md5sum was the preferred
checksum technique. :)
--
-- bkuhn
Arnt Karlsen
2014-03-05 12:17:15 UTC
Permalink
On Tue, 04 Mar 2014 12:07:04 -0500, Bradley wrote in message
Post by Bradley M. Kuhn
Finally, with regard to Ralph and Arnt's discussions of binary
I've do a *lot* of GPL compliance CCS verification; frankly, I've
surely done and/or overseen more of it than anyone else in history.
And, AFAICT, most GPL compliance training courses (like Linux
Foundation's) and would-be GPL enforcers completely ignore this most
important issue of GPL compliance: the source code must correspond to
the binaries distributed, and must include "scripts used to control
compilation and installation of the executable". And, if it doesn't,
then it's IMO missed the point of the GPL entirely and is thus a
serious and grave violation. (I often feel like one of just a few
people in the world who has even ever *read* GPLv2§3's penultimate
paragraph.) I'm thus grateful that folks on this list are discussing
this important issue.
That said, rote verification of a sha256sum of the binary virtually
never works in CCS verification. I can't remember a single GPL
enforcement case where I got the same md5sum/sha1sum/sha256sum [0] for
the built binaries. However, I have determined GPL compliance in most
of those cases where the checksums didn't match.
What Ralph hints at is indeed right: All the GPL experts that I know
believe that GPL requires the "scripts used to control compilation and
installation of the executable" to include details about what specific
compiler/linker should be used to build the software. However,
compilers are famous for doing things like including a timestamp in
the binary or a dozen other things that will yield a correct,
corresponding binary but one that doesn't share the exact same
checksum as the original binary. As such, if the checksums don't
match, the CCS may still be adequate, and further investigation is
needed to determine compliance.
..I disagree, once you have the _complete_ recipe, with correct
compiler versions, settings, time stamps etc thrown in, you will
be able to prove all your correct checksums etc in GPL compliance
cases. _No_ need to back off here.


..but we should suggest a proper way to do this, so people like
Mikrotek can properly document their checksums and the proper
way to verify their checksums and GPL etc compliance.

..this probably means ditch all common assumtions and document
_all_ variables, possibly even setting up virtual machines for
the compile and checksum jobs and documenting exactly how to
verify the checksums.

..we only need a simple and easy test, such as running
"md5sum -c file-list" in court.
Leave these long tall sweaty tSCOG-like stories on
why-it-failed to the offenders.
Post by Bradley M. Kuhn
[0] I've been doing GPL enforcement since md5sum was the preferred
checksum technique. :)
--
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.
Joseph Heenan
2014-03-05 22:54:46 UTC
Permalink
Hi Arnt,
Post by Arnt Karlsen
..I disagree, once you have the _complete_ recipe, with correct
compiler versions, settings, time stamps etc thrown in, you will
be able to prove all your correct checksums etc in GPL compliance
cases. _No_ need to back off here.
I'm interested to know whether we're talking theoretically or not; have
you yourself personally achieved GPL compliance in this way? Or have you
been able to compile, say, a linux kernel on one machine, then setup
another machine from scratch and produce a kernel with an identical
checksum?

I'd tried to produce identical checksum binaries from various compilers
in the past; I've never succeeded in that, but on one occasion, after
applying an awful lot of preparation, and writing a custom tool that
excluded certain parts of the binary from comparison, we did manage to
produce "identical" binaries.

I'm unsure how many companies would adopt such a strategy. The GPL only
requires them to provide source that matches the binaries, it does not
(by my reading) require them to provide proof beyond doubt that the
source and binaries match.

Joseph
Arnt Karlsen
2014-03-06 12:44:28 UTC
Permalink
On Wed, 05 Mar 2014 22:54:46 +0000, Joseph wrote in message
Post by Ralph Corderoy
Hi Arnt,
Post by Arnt Karlsen
..I disagree, once you have the _complete_ recipe, with correct
compiler versions, settings, time stamps etc thrown in, you will
be able to prove all your correct checksums etc in GPL compliance
cases. _No_ need to back off here.
I'm interested to know whether we're talking theoretically or not;
..I'd like to get this sort of thing, practical, and established
as _the_ way to prove GPL etc compliance. Jurors don't like to
trust some sleazy expert witness dude on things they don't
understand, "they want an _easy_ test they can do themselves."
Post by Ralph Corderoy
have you yourself personally achieved GPL compliance in this way? Or
have you been able to compile, say, a linux kernel on one machine,
then setup another machine from scratch and produce a kernel with an
identical checksum?
..nope, I've been much to busy at Groklaw.net.
(The closest thing would be my own wee bash stunts ahead of
http://wiki.flightgear.org/Scripted_Compilation_on_Linux_Debian/Ubuntu
but we don't do checksum listing here yet, various other things
missing, e.g. building .deb etc packaging, but I did get the guys
to add brlcad style nameing so fgfs can live together with e.g.
boostv1.54.0-4+b1-fgfs-w-glsl-$(git-commit-du-jour) in the same path,
using the distro packaging system to keep track of the experiments,
but we don't use this brlcad style names here, we drop all builds
in their own install trees.)

..but this script is a fine start.
http://wiki.flightgear.org/Scripted_Compilation_on_Linux_Debian/Ubuntu
Post by Ralph Corderoy
I'd tried to produce identical checksum binaries from various
compilers in the past; I've never succeeded in that, but on one
occasion, after applying an awful lot of preparation, and writing a
custom tool that excluded certain parts of the binary from
comparison, we did manage to produce "identical" binaries.
I'm unsure how many companies would adopt such a strategy.
..companies needs a standard way to do these things. Nowadays,
they come in 4 major categories, decent people doing the right
things correctly, decent people getting caught doing the right
things wrongly, doucebags getting caught doing the wrong things
wrongly, and doucebags getting away with it doing the wrong
things "correctly."
"An _easy_ test jurors can do themselves", makes life easier for
decent people, and harder for bad people, which is how most people
wants justice done.
Post by Ralph Corderoy
The GPL only requires them to provide source that matches the
binaries, it does not (by my reading) require them to provide proof
beyond doubt that the source and binaries match.
..then we disagree on our readings, but I do agree it's hard to
require them to provide proof beyond doubt that the source and
binaries match when we have no standard way to prove compliance,
this also leaves jurors etc at the mercy of litigators hiring
more or less sleazy expert witness telling stories on things
the jurors and judges can't easily understand and verify.
--
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.
Joseph Heenan
2014-03-09 14:49:51 UTC
Permalink
Post by Arnt Karlsen
On Wed, 05 Mar 2014 22:54:46 +0000, Joseph wrote in message
Post by Ralph Corderoy
have you yourself personally achieved GPL compliance in this way? Or
have you been able to compile, say, a linux kernel on one machine,
then setup another machine from scratch and produce a kernel with an
identical checksum?
..nope, I've been much to busy at Groklaw.net.
(The closest thing would be my own wee bash stunts ahead of
http://wiki.flightgear.org/Scripted_Compilation_on_Linux_Debian/Ubuntu
but we don't do checksum listing here yet, various other things
missing, e.g. building .deb etc packaging, but I did get the guys
to add brlcad style nameing so fgfs can live together with e.g.
boostv1.54.0-4+b1-fgfs-w-glsl-$(git-commit-du-jour) in the same path,
using the distro packaging system to keep track of the experiments,
but we don't use this brlcad style names here, we drop all builds
in their own install trees.)
I may have skimmed too quickly, but that page seems to be more about
one-step builds. One step builds are great engineering practice (but not
required by the GPL).
Post by Arnt Karlsen
..but this script is a fine start.
http://wiki.flightgear.org/Scripted_Compilation_on_Linux_Debian/Ubuntu
Did you intend to put a different link from the previous one here?
Post by Arnt Karlsen
Post by Ralph Corderoy
The GPL only requires them to provide source that matches the
binaries, it does not (by my reading) require them to provide proof
beyond doubt that the source and binaries match.
..then we disagree on our readings, but I do agree it's hard to
require them to provide proof beyond doubt that the source and
binaries match when we have no standard way to prove compliance,
this also leaves jurors etc at the mercy of litigators hiring
more or less sleazy expert witness telling stories on things
the jurors and judges can't easily understand and verify.
The GPL (v2) says they must provide " a complete machine-readable copy
of the corresponding source code". I find it hard to interpret this in
the way you suggest.

Although I may appear to be negative, I must state that I absolutely
applaud the efforts to try and produce consistent checksums for binaries
compiled from the same source. If consistent checksums could be
achieved, it would help in a huge number of areas, including GPL compliance.

Joseph
Arnt Karlsen
2014-03-10 10:45:56 UTC
Permalink
On Sun, 09 Mar 2014 14:49:51 +0000, Joseph wrote in message
Post by Joseph Heenan
Post by Arnt Karlsen
On Wed, 05 Mar 2014 22:54:46 +0000, Joseph wrote in message
I may have skimmed too quickly, but that page seems to be more about
one-step builds. One step builds are great engineering practice (but
not required by the GPL).
..it's work in progress, the idea is automate all the boring build
_etc_ stuff so we can focus on FG development, and not on having to
try remember how-we-did-the-build-the-last-time-it-worked-ok."
Post by Joseph Heenan
Post by Arnt Karlsen
..but this script is a fine start.
http://wiki.flightgear.org/Scripted_Compilation_on_Linux_Debian/Ubuntu
Did you intend to put a different link from the previous one here?
..no, I try to help people snip without ditching context. ;o)
Post by Joseph Heenan
Post by Arnt Karlsen
Post by Ralph Corderoy
The GPL only requires them to provide source that matches the
binaries, it does not (by my reading) require them to provide proof
beyond doubt that the source and binaries match.
..then we disagree on our readings, but I do agree it's hard to
require them to provide proof beyond doubt that the source and
binaries match when we have no standard way to prove compliance,
this also leaves jurors etc at the mercy of litigators hiring
more or less sleazy expert witness telling stories on things
the jurors and judges can't easily understand and verify.
The GPL (v2) says they must provide " a complete machine-readable
copy of the corresponding source code". I find it hard to interpret
this in the way you suggest.
..you can't now, and jurors etc are left with conflicting interpretions
that they cannot easily test, they must choose which law shark's story
to believe, and in most cases they try to be reasonable and compromise,
instead compromising the sharpness of the teeth of copyright law and the
GPL.
Post by Joseph Heenan
Although I may appear to be negative, I must state that I absolutely
applaud the efforts to try and produce consistent checksums for
binaries compiled from the same source. If consistent checksums could
be achieved, it would help in a huge number of areas, including GPL
compliance.
Joseph
..critism is neccessary, without it we get nowhere.
--
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.
Jonas Gorski
2014-02-05 13:47:42 UTC
Permalink
Hi,
Post by Joseph Heenan
Hi Al,
I can't quite follow everything here; please allow me to ask some question
to clarify what is going on.
Post by al
While I would prefer them just to have a public repo with the code in
it I think they are compliant.
http://www.gnu.org/licenses/gpl-violation.en.html
If you think you see a violation of the GNU GPL, LGPL, AGPL, or FDL, the
Does the distribution contain a copy of the License?
No, it has not.
Which distribution are you referring to - the distribution with the
hardware, or are there separate downloads available?
There are separate downloads available at
<http://www.mikrotik.com/download>, and they do contain a link to the
previously quoted license agreement at
<http://www.mikrotik.com/downloadterms.html> (although in a very
small, gray font, so easily overlooked - I'd guess this might not be
legally binding in some countries, as you could easily agree to it
without knowing you are "agreeing" to it).

Note that the license text/agreement does not include the GPL itself
(or other licenses) directly, it only links them to the same website -
which then 404s for all licenses I tried. It also lumps all GPL
versions and variations into one "GPL", so likely they are even
misrepresenting the actual licenses for several of these packages,
unless the (missing) gpl.html contains the different versions and
states which ones apply to which packages. Same for "LGPL".

So technically, no, they are indeed not included, at least on the
website. No idea if the links are working on the device itself, but
that would not invalidate the problem on the website itself.
Post by Joseph Heenan
Post by al
Does it clearly state which software is covered by the License? Does
it say anything misleading, perhaps giving the impression that something is
covered by the License when in fact it is not?
No, it doesn't clearly.
If there isn't copy of the GPL license, I'm not clear how there can be a
copy of the GPL license that doesn't clearly state was is covered by the
GPL?
There is a list of Software packages with their appropriate licenses,
but they also state that "The following list may or may not include
all of the GNU/GPL software that is included in the distribution.". So
for me it does not state clearly which software is covered by it, as
it may be incomplete.
Post by Joseph Heenan
Post by al
Is a written offer for source code included with a distribution of just binaries?
Not at all.
Which distribution are you referring to?
I guess the above also answers this one.
Post by Joseph Heenan
Post by al
Is the available source code complete, or is it designed for linking
in other non-free modules?
Is it designed for linking in ohter non-free modules.
I seem to be confused here - you have actually somehow obtained source code,
and it is missing parts? Which parts are missing?
Just to clarify, have you taken them up on the $45 offer to supply source
code on CD that Alexander's email included, or does this not seem to apply
to your router?
I agree with this, currently there seems to be quite a bit of
speculation on the contents of the "CD", without any hard facts.



Jonas
al
2014-02-04 22:45:23 UTC
Permalink
Hello, first formal answer. It's normal they say that they accomplish license.

Next formal step, people from GPL-Violations?

----- Mensaje reenviado -----
De: "Normunds Rustanovics [MikroTik]" <***@mikrotik.com>
Para: ***@blogmail.cc
CC: ***@neilzone.co.uk
Enviados: Martes, 4 de Febrero 2014 8:59:23
Asunto: Re: Use of GNU GPL 2.0 code in Mikrotik RBXXX series and others

Hello Ál,

We do comply with all the mentioned requirements. Instructions for obtaining the required files are in the software license, which is shown upon running the software, and are also made available to you here:
http://demo2.mt.lv/help/license.html

Best regards,
Normunds Rustanovičs
MikroTik







-------- Original Message -------- Subject: Use of GNU GPL 2.0 code in Mikrotik RBXXX series and others
Date: Tue, 4 Feb 2014 03:41:57 +0000 (UTC)
From: al <***@blogmail.cc>

To: ***@mikrotik.com , ***@lists.gpl-violations.org

CC: ***@neilzone.co.uk


Dear Mikrotik

We write in respect of your routers:
CCR series
CRS series
RB1xx series
RB230 series
RB3xx series
RB4xx series
RB5xx series
RB600 series
RB7xx series
RB800 series
RB9xx series
RB1xxx series
RB2011 series
RB Crossroads
SXT
OmniTik
Groove
METAL
SEXTANT

and switches:
RB250GS
RB260GS

which are based on, or include, software licensed under GNU GPL 2.0,
a common open source licence - a copy of the licence is available at http://www.gnu.org/licenses/gpl-2.0.html As you may be aware, the performance of an act restricted by copyright
in respect of a copyright work, in the absence of an appropriate
licence or other permission, infringes the copyright in that work.

As you may be further aware, the terms of the licence, which govern
the distribution of this software, require you, as distributor, to
fulfil certain commitments. In particular, a distributor of GNU GPL
2.0 'd code is required to:

a.) accompany distribution of object code with a copy of the text of
GNU GPL 2.0, and

b.) where the distribution is by means of a binary version of the
software (in this case, embedded in the router) either accompany the
binary distribution with:

1.) a copy of the source code (e.g. supplying a CD with the
product, or bundling the source code on any integrated disc); or

2.) a written offer to give *any* third party a copy of the
source code, for a charge no greater than your costs of performing
such distribution (e.g. making the relevant source code available
online, whether via http, ftp, svn or otherwise).

For the purposes of the licence, "source code" means the complete
corresponding machine readable source code for all modules it
contains, plus any associated interface definition files, plus the
scripts used to control compilation and installation of the executable.

We have been informed that there is no source code accompanying the
router, nor a written offer.

We would be grateful if you could confirm:
a.) how we can obtain copies of the source code for the GNU
GPL 2.0'd code in your product; and
b.) that you will comply with the terms of the GNU GPL 2.0 in
respect of your continuing distribution of GNU GPL 2.0'd code.

Kind regards,

Ál Cano Santana
Xarxa Integral de Professionals i Usuàries Guifi.net PS: Please "Reply All"
Bruce Perens
2014-02-06 16:59:18 UTC
Permalink
<html style="direction: ltr;">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<style type="text/css">body p { margin-bottom: 0cm; margin-top: 0pt; } </style>
</head>
<body style="direction: ltr;"
bidimailui-detected-decoding-type="UTF-8" text="#000000"
bgcolor="#FFFFFF">
<div class="moz-cite-prefix">$45 seems to be significantly larger
than the cost of media and postage, which are the costs of
physically performing source code distribution as specified in the
license. Nor is it necessary, since these days it's easier for all
involved to download the software.<br>
<br>
On 02/04/2014 02:45 PM, al wrote:<br>
</div>
<blockquote
cite="mid:***@blogmail.cc"
type="cite">
<pre wrap="">Hello, first formal answer. It's normal they say that they accomplish license.

Next formal step, people from GPL-Violations?

----- Mensaje reenviado -----
De: "Normunds Rustanovics [MikroTik]" <a class="moz-txt-link-rfc2396E" href="mailto:***@mikrotik.com">&lt;***@mikrotik.com&gt;</a>
Para: <a class="moz-txt-link-abbreviated" href="mailto:***@blogmail.cc">***@blogmail.cc</a>
CC: <a class="moz-txt-link-abbreviated" href="mailto:***@neilzone.co.uk">***@neilzone.co.uk</a>
Enviados: Martes, 4 de Febrero 2014 8:59:23
Asunto: Re: Use of GNU GPL 2.0 code in Mikrotik RBXXX series and others

Hello Ál,

We do comply with all the mentioned requirements. Instructions for obtaining the required files are in the software license, which is shown upon running the software, and are also made available to you here:
<a class="moz-txt-link-freetext" href="http://demo2.mt.lv/help/license.html">http://demo2.mt.lv/help/license.html</a>

Best regards,
Normunds Rustanovičs
MikroTik







-------- Original Message -------- Subject: Use of GNU GPL 2.0 code in Mikrotik RBXXX series and others
Date: Tue, 4 Feb 2014 03:41:57 +0000 (UTC)
From: al <a class="moz-txt-link-rfc2396E" href="mailto:***@blogmail.cc">&lt;***@blogmail.cc&gt;</a>

To: <a class="moz-txt-link-abbreviated" href="mailto:***@mikrotik.com">***@mikrotik.com</a> , <a class="moz-txt-link-abbreviated" href="mailto:***@lists.gpl-violations.org">***@lists.gpl-violations.org</a>

CC: <a class="moz-txt-link-abbreviated" href="mailto:***@neilzone.co.uk">***@neilzone.co.uk</a>


Dear Mikrotik

We write in respect of your routers:
CCR series
CRS series
RB1xx series
RB230 series
RB3xx series
RB4xx series
RB5xx series
RB600 series
RB7xx series
RB800 series
RB9xx series
RB1xxx series
RB2011 series
RB Crossroads
SXT
OmniTik
Groove
METAL
SEXTANT

and switches:
RB250GS
RB260GS

which are based on, or include, software licensed under GNU GPL 2.0,
a common open source licence - a copy of the licence is available at <a class="moz-txt-link-freetext" href="http://www.gnu.org/licenses/gpl-2.0.html">http://www.gnu.org/licenses/gpl-2.0.html</a> As you may be aware, the performance of an act restricted by copyright
in respect of a copyright work, in the absence of an appropriate
licence or other permission, infringes the copyright in that work.

As you may be further aware, the terms of the licence, which govern
the distribution of this software, require you, as distributor, to
fulfil certain commitments. In particular, a distributor of GNU GPL
2.0 'd code is required to:

a.) accompany distribution of object code with a copy of the text of
GNU GPL 2.0, and

b.) where the distribution is by means of a binary version of the
software (in this case, embedded in the router) either accompany the
binary distribution with:

1.) a copy of the source code (e.g. supplying a CD with the
product, or bundling the source code on any integrated disc); or

2.) a written offer to give *any* third party a copy of the
source code, for a charge no greater than your costs of performing
such distribution (e.g. making the relevant source code available
online, whether via http, ftp, svn or otherwise).

For the purposes of the licence, "source code" means the complete
corresponding machine readable source code for all modules it
contains, plus any associated interface definition files, plus the
scripts used to control compilation and installation of the executable.

We have been informed that there is no source code accompanying the
router, nor a written offer.

We would be grateful if you could confirm:
a.) how we can obtain copies of the source code for the GNU
GPL 2.0'd code in your product; and
b.) that you will comply with the terms of the GNU GPL 2.0 in
respect of your continuing distribution of GNU GPL 2.0'd code.

Kind regards,

Ál Cano Santana
Xarxa Integral de Professionals i Usuàries Guifi.net PS: Please "Reply All"








</pre>
</blockquote>
<br>
</body>
</html>
Alexander Neilson
2014-02-04 09:42:44 UTC
Permalink
Al

No offense to you in this, this looks like an almost exact copy of an email sent to Mikrotik in 2010.

I am a strong supporter of GNU and other open source software licensing and making use of the same myself in a heavy way. I am also a heavy user of Mikrotik hardware and software at work and at home.

for any mikrotik you can have the IP > Services menu and turn on www

The you can go in a web browser to http://your_router_ip/help/license.html

Then the following comes up (Version 6.7 - my home router) (at the end of the email, Section 12 focussed here)

Highlighted Section 12:

12. MISCELLANEOUS

This Agreement represents the complete agreement concerning this license between the parties and supersedes all prior agreements and representations between them. It may be amended only by writing executed by both parties. If any provision of this Agreement is held to be unenforceable for any reason, such provision shall be reformed only to the extent necessary to make it enforceable.

For license obligations below that require Mikrotikls to provide source code or other license obligations, you should contact Mikrotikls by mail at the following address:

MikroTikls SIA
attn: license compliance
Pernavas iela 46
LV-1009, Riga
LATVIA
For license obligations below that require responses by email, you should contact Mikrotikls SIA at: ***@mikrotik.com

For license obligations below that require responses by telephone or fax, you should contact Mikrotikls SIA at: telephone +371 7317700, fax +371 7317701

To get a CD with the corresponding source code for the GPL-covered programs in this distribution, wire transfer $45 to MikroTikls SIA, Pernavas 46, Riga, LV-1009, Latvia. Please contact MikroTikls SIA for our current account information and wire transfer instructions. Offer valid for three years from the date of distribution of this software. This CD will only include the source code of the following programs and any non-proprietary programs distributed according to license requirements. This CD will not include MikroTikls proprietary SOFTWARE.

The following list may or may not include all of the GNU/GPL software that is included in the distribution. This list is not part of the GNU/GPL license obligations. For GNU/GLP license obligations, you must follow the GNU/GPL license procedures.

As far as I can tell they are complying with the GPL by providing a written offer to provide all GPL sources with every device they sell and it will come up on any system running the code.

I cannot find it up on their website or else ware.

While I would prefer them just to have a public repo with the code in it I think they are compliant.

Others can feel free to show me where my understanding of this is incorrect.




Full Licence Text:

MIKROTIKLS MIKROTIK SOFTWARE END-USER LICENCE AGREEMENT

MIKROTIK ROUTEROS SOFTWARE ROUTER SYSTEM

This End-User License Agreement ("License Agreement") is a binding agreement between you (either an individual or a single entity) and MikroTikls SIA ("MikroTikls" or "MikroTik"), which is the manufacturer of the SOFTWARE PRODUCT ("SOFTWARE PRODUCT" or "SOFTWARE") identified above. HARDWARE refers as the computer, which the Software Product is installed on. Any software provided along with the SOFTWARE PRODUCT that is associated with a separate end-user License Agreement is licensed to you under the terms of that License Agreement. The term SOFTWARE or SOFTWARE PRODUCT does not include the software listed after point 12 of this document that is under the GNU General Public License or other free software licenses listed after point 12 of this document.

By opening or installing SOFTWARE PRODUCT MikroTik RouterOS you indicate that you agree with terms of this agreement, if you do not agree with the terms of this agreement, do not open the diskette package and do not install or use the software, instead, return the unopened package of the SOFTWARE including manuals, documentation, or written materials that are associated with this program to the place where you obtained them for full refund and delete all electronic copies of the SOFTWARE and documentation.

1. GRANT OF LICENSE

If you purchased a base license of the SOFTWARE PRODUCT you are granted a non-exclusive license to use the SOFTWARE PRODUCT and accompanying Documentation according to the contents of this License herein:

• SOFTWARE Installation and Use.
You may only install and use one copy of the SOFTWARE on the Computer.

• Back-up Copy.
You may make a single back-up copy of the SOFTWARE PRODUCT. You may use the back-up copy solely for archival purposes. Except as expressly provided in this License Agreement, you may not otherwise make copies of the SOFTWARE PRODUCT, including the printed materials accompanying the SOFTWARE.

2. DESCRIPTION OF OTHER RIGHTS AND LIMITATIONS

• You may not:
• permit other individuals to use the SOFTWARE except under the terms listed in Article 1 "Grant of License" above;
• modify, translate, reverse engineer, decompile, disassemble (except to the extent applicable laws specifically prohibit such restriction), or create derivative works based on the Software;
• copy the Software; or
• remove any proprietary notices or labels on the Software.
• SOFTWARE PRODUCT Transfer.
You may permanently transfer all of your rights under this License Agreement only as part of a permanent sale or transfer of the HARDWARE, provided you retain no copies, you transfer all of the SOFTWARE PRODUCT (including all component parts, the media and printed materials, any upgrades, this License Agreement and, if applicable, the Certificate(s) of Authenticity), and the recipient agrees to the terms of this License Agreement. If the SOFTWARE PRODUCT is an upgrade, any transfer must also include all prior versions of the SOFTWARE PRODUCT.

• Termination.
Without prejudice to any other rights MikroTikls may terminate this License Agreement if you fail to comply with the terms and conditions of this License Agreement. In such event, you must destroy all copies of the SOFTWARE PRODUCT and all of its component parts.

• Trademarks.
This License Agreement does not grant you any rights in connection with any trademarks or service marks of MikroTikls or its suppliers.

3. RECORDS; AUDIT

Licensee shall maintain accurate records as necessary to verify compliance with this Agreement. Licensor may conduct one or more audits to verify such compliance. Audits will be conducted during normal business hours. All audits shall be conducted at Licensor’s expense unless the results establish that Licensee has underpaid Licensor by more than 5% of the amount actually due, in which case Licensee shall pay all amounts due and bear the expense of the audit.

4. UPGRADE PACKAGE

If the SOFTWARE PRODUCT is labeled as an upgrade package, you must be properly licensed to use a product identified by MikroTikls as being eligible for the upgrade package in order to use the SOFTWARE PRODUCT ("Eligible Product"). For the purpose of upgrade package products only, "HARDWARE" shall mean the computer system or computer system component with which you received the Eligible Product. A SOFTWARE PRODUCT labeled as an upgrade package replaces and/or supplements the Eligible Product. You may use the resulting upgraded product only in accordance with the terms of this License Agreement. If the SOFTWARE PRODUCT is an upgrade of a component of a package of SOFTWARE programs that you licensed as a single product, the SOFTWARE PRODUCT may be used and transferred only as part of that single product package and may not be separated for use on more than one computer.

If you receive your first copy of the SOFTWARE electronically, and a second copy on media, the second copy may be used for archival purposes only. This license does not grant you any right to any enhancement, update or upgrade. Rights to the SOFTWARE PRODUCT will be indicated on your invoice.

5. FEATURE PACKAGE

If the SOFTWARE PRODUCT is labeled as a "feature package" that required additional purchase, you must be properly licensed to use a product identified by MikroTikls as being eligible for the "feature package" in order to use the SOFTWARE PRODUCT ("Eligible Product"). For the purpose of "feature package", products only, "HARDWARE" shall mean the computer system or computer system component with which you received the Eligible Product. A SOFTWARE PRODUCT labeled as "feature package" replaces and/or supplements the Eligible Product. You may use the resulting SOFTWARE PRODUCT only in accordance with the terms of this License Agreement. If the SOFTWARE PRODUCT is an "feature package" of a component of a package of SOFTWARE programs that you licensed as a single product, the SOFTWARE PRODUCT may be used and transferred only as part of that single product package and may not be separated for use on more than one computer.

If you receive your first copy of the SOFTWARE electronically, and a second copy on media, the second copy may be used for archival purposes only. Rights to the SOFTWARE PRODUCT will be indicated on your invoice.

6. TRIAL or DEMO VERSION

If the SOFWARE PRODUCT is authorized by MikroTikls as the Trial or Demo version, the Rights to the SOFTWARE cannot be transferred as described in Article 2 (b) of this License Agreement.

MikroTikls shall have no obligation to fix any defects, which arise from the use of Trial or Demo version program.

7. COPYRIGHT

All title and intellectual property rights in and to the SOFTWARE PRODUCT, accompanying printed materials, and any copies of the SOFTWARE PRODUCT, are owned by MikroTikls or its suppliers. You may not copy the printed materials accompanying the SOFTWARE PRODUCT. All rights not expressly granted under this License Agreement are reserved by MikroTikls SIA and its suppliers.

The SOFTWARE PRODUCT is protected by US copyright laws and international copyright treaties, as well as other intellectual property laws and treaties. The SOFTWARE PRODUCT is licensed, not sold.

8. DUAL-MEDIA SOFTWARE PRODUCT.

You may receive the SOFTWARE PRODUCT in more than one medium. Regardless of the type or size of medium you receive, you may use only one medium that is appropriate for the Computer. You may not use or install the other medium on another computer. You may not loan, rent, lease, lend or otherwise transfer the other medium to another user, except as part of the permanent transfer (as provided above) of the SOFTWARE PRODUCT.

9. LIMITED WARRANTY

MikroTikls warrants that for a period of ninety (90) days from the days of acquisition, the Software, if operated as directed, will substantially achieve the functionality described in the Documentation. MikroTikls does not warrant, however, that your use of the SOFTWARE will be uninterrupted or that the operation of the SOFTWARE will be error-free or secure and hereby disclaims any and all liability on account thereof. In addition, the security mechanisms implemented by the SOFTWARE have inherent limitations, and you must determine that the SOFTWARE sufficiently meets your requirements.

MikroTikls also warrants that the media containing the Software, if provided by MikroTikls, is free from defects in material and workmanship and will so remain for (90) days from the date you acquired the Software. MikroTikls’ sole liability for any breach of this warranty shall be, in MikroTikls’ sole discretion:

• to replace your defective media; or
• to advise you how to achieve substantially the same functionality with the SOFTWARE as described in the Documentation; or
• if the above remidies are impracticable, to refund the license fee you paid for the Software. Repaired, corrected, or replaced SOFTWARE and Documentation shall be covered by this limited warranty for the period under the warranty that covered the original SOFTWARE or if longer, for thirty (30) days after the date (a) of shipment to you of the repaired or replaced Software, or (b) MikroTikls advised you how to operate the SOFTWARE so as to achieve the functionality described in the Documentation. Only if you inform MikroTikls of your problem with the SOFTWARE during the applicable warranty period and provide evidence of the date you acquired the SOFTWARE will MikroTikls be obligated to honor this warranty. MikroTikls will use reasonable commercial efforts to repair, replace, advise, or refund pursuant to foregoing warranty within 30 days of being so notified.
THIS IS A LIMITED WARRANTY AND IT IS THE ONLY WARRANTY MADE BY MIKROTIKLS. MIKROTIKLS MAKES NO OTHER EXPRESS WARRANTY AND NO WARRANTY OR CONDITION OF NONINFRIGEMENT OF THIRD PARTIES’ RIGHTS. THE DURATION OF IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION, WARRANTIES OF MERCHANTABILITY AND OF FITNESS FOR A PARTICULAR PURPOSE, IS LIMITED TO THE ABOVE LIMITED WARRANTY PERIOD; SOME STATES DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, SO THESE LIMITATIONS MAY NOT APPLY TO YOU, NO MIKROTIKLS DEALER, AGENT, OR EMPLOYEE IS AUTHORIZED TO MAKE ANY MODIFICATIONS, EXTENSIONS, OR ADDITIONS TO THIS WARRANTY. If any modifications are made to the SOFTWARE by you during the warranty period; if the media is subjected to accident, abuse, or improper use; or if you violate the terms of this Agreement, then this warranty shall immediately be terminated. This warranty shall not apply if the SOFTWARE is used on or in conjunction with hardware or SOFTWARE other than the unmodified version of hardware and SOFTWARE with which the SOFTWARE was designed to be used as described in the Documentation.

THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE OR BY JURISDICTION.

10. LIMITATION OF LIABILITY

UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, TORT, CONTRACT, OR OTHERWISE, SHALL MIKROTIKLS OR ITS SUPPLIERS OR RESELLERS BE LIABLE TO YOU OR ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, OR FOR ANY DAMAGES IN EXCESS OF MIKROTIKLS’ LIST PRICE FOR A LICENSE TO THE SOFTWARE AND DOCUMENTATION, EVEN IF MIKROTIKLS SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY CLAIM BY ANY OTHER PARTY. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. FURTHERMORE, SOME STATES DO NOT ALLOW THE EXCLUSION ORLIMITATION OF INCIDENTAL OR CONSEQUENTAL DAMAGES, SO THIS LIMITATION AND EXCLUSION MAY NOT APPLY TO YOU.

EXPORT REQUIREMENTS

You may not export or re-export the Software or any copy or adaptation in violation of any applicable laws or regulations.

12. MISCELLANEOUS

This Agreement represents the complete agreement concerning this license between the parties and supersedes all prior agreements and representations between them. It may be amended only by writing executed by both parties. If any provision of this Agreement is held to be unenforceable for any reason, such provision shall be reformed only to the extent necessary to make it enforceable.

For license obligations below that require Mikrotikls to provide source code or other license obligations, you should contact Mikrotikls by mail at the following address:

MikroTikls SIA
attn: license compliance
Pernavas iela 46
LV-1009, Riga
LATVIA
For license obligations below that require responses by email, you should contact Mikrotikls SIA at: ***@mikrotik.com

For license obligations below that require responses by telephone or fax, you should contact Mikrotikls SIA at: telephone +371 7317700, fax +371 7317701

To get a CD with the corresponding source code for the GPL-covered programs in this distribution, wire transfer $45 to MikroTikls SIA, Pernavas 46, Riga, LV-1009, Latvia. Please contact MikroTikls SIA for our current account information and wire transfer instructions. Offer valid for three years from the date of distribution of this software. This CD will only include the source code of the following programs and any non-proprietary programs distributed according to license requirements. This CD will not include MikroTikls proprietary SOFTWARE.

The following list may or may not include all of the GNU/GPL software that is included in the distribution. This list is not part of the GNU/GPL license obligations. For GNU/GLP license obligations, you must follow the GNU/GPL license procedures.

Package name License URL
e2fsprogs GPL http://e2fsprogs.sourceforge.net/
ld.so ldso (BSD) ftp://metalab.unc.edu/pub/Linux/GCC
linux kernel GPL http://www.kernel.org/
OpenSSL OpenSSL (BSD) http://www.openssl.org/
ppp PPP (BSD) ftp://metalab.unc.edu/pub/Linux/system/network/serial/ppp
racoon Raccon (BSD) http://www.kame.net/
netkit-telnet telnet (BSD) ftp://metalab.unc.edu/pub/Linux/system/network/daemons
termcap LGPL ftp://metalab.unc.edu/pub/Linux/GCC
LinuxBIOS GPL http://www.linuxbios.org/
EtherBoot GPL http://www.etherboot.org/
Bochs LGPL http://www.gnu.org/directory/bochs.html
SGI STL STL http://www.sgi.com/tech/stl/
OpenSSH OpenSSH http://www.openssh.org/
uClibc LGPL http://www.uclibc.org/
SYSLINUX GPL http://syslinux.zytor.com/
NTP NTP http://www.ntp.org/
BusyBox GPL http://www.busybox.net/
expat expat http://expat.sourceforge.net/
Memtest86 GPL http://www.memtest86.com/
cpuburn GPL http://pages.sbcglobal.net/redelm/
libsvg LGPL http://cairographics.org/libsvg
libsvg-cairo LGPL http://cairographics.org/libsvg-cairo
cairo MPL http://cairographics.org/
fontconfig Fontconfig http://www.fontconfig.org/wiki/
freetype Freetype http://www.freetype.org/
net-snmp Net-snmp http://net-snmp.sourceforge.net/
libcroco LGPL http://www.freespiders.org/projects/libcroco/
pango LGPL http://www.pango.org/
librsvg LGPL http://librsvg.sourceforge.net/
glib LGPL http://www.gtk.org/
gtk+ LGPL http://www.gtk.org/

this software is based in part on the work of the Independent JPEG Group jpeg



Regards
Alexander

Alexander Neilson
Neilson Productions Limited

***@neilson.net.nz
021 329 681
022 456 2326
Post by al
Dear Mikrotik
CCR series
CRS series
RB1xx series
RB230 series
RB3xx series
RB4xx series
RB5xx series
RB600 series
RB7xx series
RB800 series
RB9xx series
RB1xxx series
RB2011 series
RB Crossroads
SXT
OmniTik
Groove
METAL
SEXTANT
RB250GS
RB260GS
which are based on, or include, software licensed under GNU GPL 2.0,
a common open source licence - a copy of the licence is available at
http://www.gnu.org/licenses/gpl-2.0.html
As you may be aware, the performance of an act restricted by copyright
in respect of a copyright work, in the absence of an appropriate
licence or other permission, infringes the copyright in that work.
As you may be further aware, the terms of the licence, which govern
the distribution of this software, require you, as distributor, to
fulfil certain commitments. In particular, a distributor of GNU GPL
a.) accompany distribution of object code with a copy of the text of
GNU GPL 2.0, and
b.) where the distribution is by means of a binary version of the
software (in this case, embedded in the router) either accompany the
1.) a copy of the source code (e.g. supplying a CD with the
product, or bundling the source code on any integrated disc); or
2.) a written offer to give *any* third party a copy of the
source code, for a charge no greater than your costs of performing
such distribution (e.g. making the relevant source code available
online, whether via http, ftp, svn or otherwise).
For the purposes of the licence, "source code" means the complete
corresponding machine readable source code for all modules it
contains, plus any associated interface definition files, plus the
scripts used to control compilation and installation of the executable.
We have been informed that there is no source code accompanying the
router, nor a written offer.
a.) how we can obtain copies of the source code for the GNU
GPL 2.0'd code in your product; and
b.) that you will comply with the terms of the GNU GPL 2.0 in
respect of your continuing distribution of GNU GPL 2.0'd code.
Kind regards,
Ál Cano Santana
Xarxa Integral de Professionals i Usuàries
Guifi.net
PS: Please "Reply All"
r***@hush.com
2014-02-07 10:55:16 UTC
Permalink
Post by al
Dear Mikrotik
CCR series
CRS series
RB1xx series
RB230 series
RB3xx series
RB4xx series
RB5xx series
RB600 series
RB7xx series
RB800 series
RB9xx series
RB1xxx series
RB2011 series
RB Crossroads
SXT
OmniTik
Groove
METAL
SEXTANT
http://www.mikrotik.com/download/share/linux_3_3_6_patch.gz
Post by al
RB250GS
RB260GS
which are based on, or include, software licensed under GNU GPL
2.0,
a common open source licence - a copy of the licence is available at
http://www.gnu.org/licenses/gpl-2.0.html
As you may be aware, the performance of an act restricted by
copyright
in respect of a copyright work, in the absence of an appropriate
licence or other permission, infringes the copyright in that work.
As you may be further aware, the terms of the licence, which
govern
the distribution of this software, require you, as distributor, to
fulfil certain commitments. In particular, a distributor of GNU
GPL
a.) accompany distribution of object code with a copy of the text of
GNU GPL 2.0, and
b.) where the distribution is by means of a binary version of the
software (in this case, embedded in the router) either accompany the
1.) a copy of the source code (e.g. supplying a CD with the
product, or bundling the source code on any integrated disc); or
2.) a written offer to give *any* third party a copy of the
source code, for a charge no greater than your costs of performing
such distribution (e.g. making the relevant source code available
online, whether via http, ftp, svn or otherwise).
For the purposes of the licence, "source code" means the complete
corresponding machine readable source code for all modules it
contains, plus any associated interface definition files, plus the
scripts used to control compilation and installation of the
executable.
We have been informed that there is no source code accompanying
the
router, nor a written offer.
a.) how we can obtain copies of the source code for the GNU
GPL 2.0'd code in your product; and
b.) that you will comply with the terms of the GNU GPL
2.0 in
respect of your continuing distribution of GNU GPL 2.0'd code.
Kind regards,
Ál Cano Santana
Xarxa Integral de Professionals i Usuàries
Guifi.net
PS: Please "Reply All"
al
2014-02-08 12:21:27 UTC
Permalink
That link doesn't work.

----- Mensaje original -----
Enviados: Viernes, 7 de Febrero 2014 11:55:16
Asunto: Re: Use of GNU GPL 2.0 code in Mikrotik RBXXX series and others
Post by al
Dear Mikrotik
CCR series
CRS series
RB1xx series
RB230 series
RB3xx series
RB4xx series
RB5xx series
RB600 series
RB7xx series
RB800 series
RB9xx series
RB1xxx series
RB2011 series
RB Crossroads
SXT
OmniTik
Groove
METAL
SEXTANT
http://www.mikrotik.com/download/share/linux_3_3_6_patch.gz
Post by al
RB250GS
RB260GS
which are based on, or include, software licensed under GNU GPL 2.0,
a common open source licence - a copy of the licence is available at
http://www.gnu.org/licenses/gpl-2.0.html
As you may be aware, the performance of an act restricted by
copyright
in respect of a copyright work, in the absence of an appropriate
licence or other permission, infringes the copyright in that work.
As you may be further aware, the terms of the licence, which
govern
the distribution of this software, require you, as distributor, to
fulfil certain commitments. In particular, a distributor of GNU GPL
a.) accompany distribution of object code with a copy of the text of
GNU GPL 2.0, and
b.) where the distribution is by means of a binary version of the
software (in this case, embedded in the router) either accompany the
1.) a copy of the source code (e.g. supplying a CD with the
product, or bundling the source code on any integrated disc); or
2.) a written offer to give *any* third party a copy of the
source code, for a charge no greater than your costs of performing
such distribution (e.g. making the relevant source code available
online, whether via http, ftp, svn or otherwise).
For the purposes of the licence, "source code" means the complete
corresponding machine readable source code for all modules it
contains, plus any associated interface definition files, plus the
scripts used to control compilation and installation of the
executable.
We have been informed that there is no source code accompanying the
router, nor a written offer.
a.) how we can obtain copies of the source code for the GNU
GPL 2.0'd code in your product; and
b.) that you will comply with the terms of the GNU GPL 2.0 in
respect of your continuing distribution of GNU GPL 2.0'd code.
Kind regards,
Ál Cano Santana
Xarxa Integral de Professionals i Usuàries
Guifi.net
PS: Please "Reply All"
Nuno Brito
2014-03-09 17:09:53 UTC
Permalink
What if there's a one-byte change somewhere in a build script, or a
space added to a source file?
Don't use just SHA or MD5. There exists similarity hashing for that
specific purpose.

I'm solving that question with SSDEEP and SPDX. Once a byte changes, the
similarity between nearly identical files returns a value of 99% and I
store a snapshot of hashes for a set of files inside an SPDX document.

I didn't found SPDX documents so easy to generate but they are really
simple for humans to read. So I wrote a tool for this purpose, fairly
simple. Here is a real example of what can go inside one SPDX:

-------------
## File

FileName: jfreechart-1.0.17-demo.jar
FileType: OTHER
FileChecksum: SHA1: 580d2b5c99c715b8cfee6eeb3825bee65f294558
FileChecksum: SHA256:
0ff0c95cbb4d288f541c82db7623a237e3a0f874dfcf9366c3cf5c98405e0043
FileChecksum: MD5: ae1dc5c6086ce487857ad7a6183cc725
FileChecksum: SSDEEP:
12288:8idVxJdeQwgrwt6V56ViGQ6o6LxiUR8LywpJWzlC38hK6AOtwp6vTsowx8Z:pdXJdgg2mkwSiURhIJWzlu8JXTsowxC
FileSize: 824 Kb (844423 bytes)
-------------

You can get the whole SPDX document from
https://opensourceprojects.eu/p/triplecheck/code/23/tree/tool/run/products/jfreechart-1.0.17.tar.gz.spdx

SSDEEP is not perfect. There exists better but this is an established
algorithm and fairly established since some years. The tool I've written
for creating these snapshots is freeware, code licensed as EUPL and
programmed in Java code.

With kind regards,
Nuno Brito

---
email: ***@triplecheck.de
phone: +49 615 146 03187
Send legal mailing list submissions to
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.gpl-violations.org/mailman/listinfo/legal
or, via email, send a message with subject or body 'help' to
You can reach the person managing the list at
When replying, please edit your Subject line so it is more specific
than "Re: Contents of legal digest..."
1. Re: Use of GNU GPL 2.0 code in Mikrotik RBXXX series and
others (Kern Sibbald)
2. Attitudes of violators based on company size (was Re: Use of
GNU GPL 2.0 code in Mikrotik RBXXX series and others)
(Bradley M. Kuhn)
3. Re: Use of GNU GPL 2.0 code in Mikrotik RBXXX series and
others (Bradley M. Kuhn)
Content-Transfer-Encoding: 7bit
Precedence: list
MIME-Version: 1.0
Date: Fri, 07 Mar 2014 14:45:01 +0100
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: Use of GNU GPL 2.0 code in Mikrotik RBXXX series and
others
Message: 1
On Fri, 07 Mar 2014 11:41:25 +0100, Kern wrote in message
On Thu, 06 Mar 2014 13:03:04 +0100, Kern wrote in message
Perhaps all this was obvious to you, but my main point is that from
the standpoint of an open source developer, what I am hearing on
this list about checksumming worries me that you are going in a
direction that could put more burden on developers not
just those who violate the GPL.
..having taken part in 11 years of Groklaw.net, I feel a wee bit of
short term agony on our part right now, will prevent another few
decades of frivolous litigation, once we have checksumming etc
frivolous lawsuit swatter tools in place in the courts.
..but we must make those tools available first.
..pity, you could have use this in your (secret?) lawsuit on Bareos.
Now, that is a very curious comment "secret?". I didn't know there
was anything secret about this lawsuit. It is documented on the
Bareos website
...where they mention how they were not properly served... ;o)
OK, now I understand your comment.
Yes, Bareos posted this comment on their website shortly after
1. Bacula Systems doesn't do the formal notification,
it is the court, and that takes time. So Bareos
really should complain about the international judicial procedure.
2. Within a day or two Bareos hired a Swiss lawyer.
3. Within an hour of Bareos' contacting the Bacula Systems lawyer, he
received a courtesy copy directly from the Bacula Systems'
lawyer.
4. Bareos' lawyer with the case in hand then officially requested
a formal notification.
5. Based on the fact that the Bareos Swiss lawyer has *everything*,
the judge ruled that the notification was complete.
6. Bareos retains their comment on their website.
The lawsuit is about alleged theft of proprietary code and unfair
competition. Bareos also violated the Bacula copyright license, held
by the FSFE and after working with the FSFE corrected the most
flagrant violations. However, it is my belief that they are still
violating the copyright in two senses, one the commercial
(not putting the copyright where it should be), two violating
basic author's rights. Since I am no longer the copyright owner,
I can only act concerning part two: author's rights. My own
http://blog.bacula.org
Warning, it is longwinded. (this comment not made with any
negative intention).
..indeed ;o), but messing around with copyright notices is
a "Big Mistake", even without that thick Austrian accent.
..the expensive part is in your allegations of "unfair competition",
this will be hard to prove cheaply either way, "The SCO Group" also
tried that, and failed, but your alleged facts looks better founded,
and those are offtopic here, except as a litigation tactic.
Checksums would not be of any use in this case.
..read "checksums" as "tests the jurors can easily do themselves",
such easy test would be useful if we had them now.
Yes, I agree that would be useful, and I will not complain if
you succeed in doing it.
However, permit me to suggest an alternative strategy that
might prove useful.
1. Your goal is to make sure the "vendor" doesn't have any
additional functionality in his binary that is not present in the
distributed source code.
2. You can require the "vendor" to release the binaries with
debug symbols turned on or if they are stripped they must
be done in a way that they can be re-integrated as with rpm debug
packages.
3. You can require the *exact* build scripts that they used
to produce the binaries (i.e. which compiler, optimization
options,...
4. Now at that point, one could (as a fairly big project) write a
program that
breaks the binary up into subroutines and puts them into some human
readable form (assembly language, or perhaps reconstructed C, C++).
Call it the "reconstructed source".
Now you can do a fairly high level comparison of the two programs on a
subroutine by subroutine basis (object file by object file or whatever)
to
search and find any code that is included in the distributed binary
that
is not in the distributed source. Comparing the "reconstructed source"
from the vendor's binary and a binary that you build, could also then
show up any major discrepancies or "code that was left out of the
distributed source".
Best regards,
Kern
Best regards,
Kern
Maybe Bareos can use this in their defense and countersuit? ;o)
http://www.baculasystems.com/blog/bacula-systems-sa-files-lawsuit-against-bareos-gmbh-co-kg
http://www.bareos.org/en/news/items/lawsuite-between-bacula-systems-sa-and-bareos-gmbh-co-kg-copy.html
Precedence: list
MIME-Version: 1.0
Date: Fri, 7 Mar 2014 14:49:53 -0500
Content-Type: text/plain; charset=us-ascii
Subject: Attitudes of violators based on company size (was Re: Use of
GNU GPL
2.0 code in Mikrotik RBXXX series and others)
Message: 2
Is it your perception that the majority of GPL violations arise from
"wealthy companies", or just that those which are most often brought
to
light, or perhaps those which are considered worth pursuing, are by
wealthy
companies?
When I line up just about any company next to Conservancy or FSF, they
are
*all* wealthy compared to those orgs, so my perspective is admittedly
skewed.
But, that said, the violators that give us the most trouble coming into
compliance are usually wealthy corporations who expend more resources
on
skirting their responsibilities than on trying to comply.
In my experience, most violators that are small companies tend to be
regretful of their failure to comply and work quickly to come back into
compliance. Thus, they don't typically require long, drawn-out
multi-year
efforts (with outside legal counsel involved) to achieve GPL
compliance.
By contrast, in my experience, larger, wealthier violators effectively
have
"money to burn" on fighting on every single compliance issue and seeing
"what
they can get away with".
(There are exceptions to this, of course, the above is a
generalization.)
However, what's worse is that these wealthy violators have created a
distributing cottage industry. There are now an entire group of
well-known
outside counsel who specialize (in part) in defending wealthy violators
that
A few years ago, at OSCON, one of these lawyers came up to me, shook my
hand,
and thanked me for enforcing the GPL because it had been "so good for
his
business". I told him that he just made me want to puke, and I meant
that
literally: I felt sick to my stomach the rest of that day just thinking
about
what he'd said. Frankly and sadly, making a bunch of seedy lawyers
rich has
been an unfortunate side-effect of upholding the rights granted by the
GPL.
That said, the alternative is to let the violators get away with it,
which is
a much worse outcome.
I should finish by saying that there are at least a few wealthy
companies
that have a good ethos and have chosen to do the right thing and are
wonderful actors on GPL compliance. I don't want to name names lest I
leave
any of them out, but some of their representatives even subscribe to
this
mailing list and answer questions. :)
My view on that: it's really unfair to those few companies who spend so
much
money on getting compliance right that there are so many competitors
who
would rather pay high priced outside counsel than just comply with the
license.
-- bkuhn
Precedence: list
MIME-Version: 1.0
of
"Thu, 06 Mar 2014 22:18:37 +1000")
Date: Fri, 07 Mar 2014 16:29:16 -0500
Content-Type: text/plain; charset=us-ascii
Subject: Re: Use of GNU GPL 2.0 code in Mikrotik RBXXX series and
others
Message: 3
Why not simply have the makefiles for the program in question do a
shasum of the source, put that checksum into some source file and have
the file linked into the binaries in a way that can easily be found.
This is the basis of Ed's idea, but the problem becomes wasting a lot
of
space. A shasum of the entire source in aggregate, plus "scripts used
to control compilation and installation of the executable", won't be
that helpful.
Although I guess the question then becomes "what goes into the shasum"
Exactly right!
What if there's a one-byte change somewhere in a build script, or a
space added to a source file?
What you want is a more fine-grained set of shasums for each component,
possibly with pathnames somehow encoded, etc.
The idea would not just to be able to tell "does this source match"
(the
answer to that is almost always "no", anyway) but "what source is
missing when it doesn't match", or "how can I quickly check that the
change to the sources since this was built is surely benign"?
Now some GPL violators will simply strip the feature out before
shipping but for those who don't, it will help in verifying that the
source they distribute matches the binaries.
Right, this idea is purely to make testing compliance of good actors
easy.
_______________________________________________
legal mailing list
https://lists.gpl-violations.org/mailman/listinfo/legal
Loading...