So this very large company who shall remain nameless distributes a proprietary software development environment that includes a patched version of a certain, well-known open-source debugging tool.
The patch is to make said open-source tool support their products. It’s not even hidden or anything: the binary is sitting right there in the installation directory, it’s called the exact same thing the vanilla debugger is called and when I run it on the command line, it clearly says “patched for xyz”.
The tool in question is distributed under the GPLv2 and I need to modify it for my own project. So I sent an email to the company to request the source code for their modification, but they refuse by playing dumb and pretending they don’t understand the question. They keep telling me the source code to their IDE is not public. I keep telling them I don’t want their IDE but the source for the modified GPL backend tool they bundle with it. But no: they claim it’s part of their product and they won’t release it.
Anybody knows the best course of action to deal with this? It’s the first company I’ve dealt with that explicitly refuses to honor the GPL. I don’t even think it’s malice: I’m fairly sure the L2 support guy handling my ticket was told to deny my request by his clueless supervisor who didn’t bother escalating it. But it’s also a huge company that’s known to be aggressive and litigious, whereas I’m just one guy and I’m not lawyering up over this. I have other hills to die on.
Who should I pass the potato to? The FSF?
Check the FSF’s violations of GNU licenses page. You can also email the FSF’s licensing and compliance lab at licensing@fsf.org and our team would be happy to assist.
Thanks! I’ll do that if my last-ditch effort to knock some sense into them doesn’t work.
Don’t waste time trying to reason them. If you’re not able and willing and sue them to enforce the GPL license, the company won’t care.
You should directly informe one of the organisations mentioned previously, they may have a lawyer and experience fighting this kind of fight.
Best you can do youself is collect evidence that they’re distributing modified GPL software, and write a precise description of the issue, to help these organisations kickstart their investigation into the GPL violation.
And why leave them nameless? Name and shame. You can get multiple people asking at that point and apply more pressure.
Because I’m not interested in being sued for defamation. Even if I’m totally right and they’re totally wrong, they’ll bury me in legal fees. I’m not rich enough to afford the law.
There a simple incantation u can mutter its the same shield the press uses its called “allegedly”. Otherwise talk to the press themselves doesnt matter who even if they are fucking tiny af doesnt matter then post the link to said article everywhere.
Idk if you can say allegedly, when you’re the person doing the allegation 🤔
Not to mention, OP didn’t specify where they live. Who knows defamation law for the whole world?
Depending on your jurisdiction, you may have anti-SLAPP laws which render a baseless defamation lawsuit against you into a blessing which you can turn around, counter sue for, and end up with a nice payday.
I’m pretty sure nobody here knows who you are. Say the name, and some of us will just make this company’s life a living he’ll by spamming them to give us the source. Win - win (except for that POS company)and you remain anonymous. What are they going to do, sue your Lemmy handle?
That’s flawed logic. The company would pretty easily know who has been emailing to request the source code for that specific tool in the timeline just before this post. The lemmy profile may be anonymous, but I doubt OP’s emails were.
Why would anyone mention anyone was emailing them? I’m talking about just doing the same without any type of other info.
Well the context was a concern about a defamation suit resulting from this post. If the company never found this post then the anonymity of the poster is irrelevant anyway. The company could easily tell who made this post based on the timing of their already existing email correspondance seeing as this is clearly not a request they receive often.
Oh, I didn’t think about it, but you’re right. That does make sense.
This is why we have journalists - worst case, take this information to some newspaper, who will likely LOVE to poke the bear.
OK, maybe that’s a little idealistic, but at least you can try, eh?
Notify the maintainer of the open source tool - they’re in the best position to push for compliance. They have the power to revoke the company’s license.
One of the worst things about the GPL and similar licenses is that they cannot be enforced by the user.
EA is also distributing a modified DOSBox but they only supply the unmodified source. Didn’t have the energy to pursue it.
That’s changeing: in the ongoing SFC vs Vizio, SFC is just a regular user: https://sfconservancy.org/copyleft-compliance/vizio.html
Even FSF updated it’s FAQ, that it’s not true anymore: https://www.fsf.org/news/fsf-to-be-deposed-in-sfc-v-vizio-updates-relevant-faq-entry
Nice!
I’d just email the CEO, media relations, and legal (if you can get all their email addresses), inform them of their non-compliance with the GPL and ask them to resolve this swiftly before it needs to be escalated. Then if you don’t hear back in 2 business days, reply all again CCing someone they might care about: local media to their jurisdiction, the FSF, the EFF, etc.
Yeah, reach the FSF like explained in previous comments. Or maybe contact some attorney if it matters because you may face expensive litigations… Big companies are not friendly. Or maybe contact the SFC (https://sfconservancy.org/).
I recommend contacting Software Freedom Conservancy
Conclusion of this thread:
It took a mightly long time, but the company eventually coughed up the source code. They sent me a big ZIP with an large git repo full of uncommitted changes and a bunch of comments and temp files that really shouldn’t leave the company 🙂 Clearly some engineer just zipped up the local repo on his hard disk without doing any cleanup.
So they complied with the GPL in the end. Just the bare minimum - i.e. providing the source code on request and nothing mode. I wish they put it up in their Github but they don’t want to do that apparently. I’ll clean up the embarrassing files and comments and put it up in mine.
@ExtremeDullard just publish everything, they gave it to you under GPL so you can. Sounds like they deserve all the embarrassment they can get.
Nah… It’s not a matter of embarrassing the company, it’s out of decency for the people who work(ed) there. There’s stuff like “This shit is why Stu was fired - Phil” or “Best leave this out of the repo for now as I don’t want to be included in the next round of downsizing - Tom” this would make Stu, Phil and Tom look bad and possibly hurt their careers. And it would advertise that whoever prepared this ZIP file for me didn’t bother sanitizing company confidential information out of it, possibly putting their job on the line too.
The code is GPL, and I consider the git history part of the code. The rest is inappropriate and potentially hurtful to people who didn’t do anything to deserve grief.
@ExtremeDullard You are too kind and thoughtful, they really don’t deserve you. A company is just a collection of the people who work there. Maybe the reason why they violated GPL in the first place is because Stu, Phil and Tom didn’t care about their work at all. The comments paint a picture of a toxic work environment, and again, that’s just the result of the people working there. Good people need to leave bad companies, it’s the only way to let the bad die without hurting the good.
It’s not kindness 🙂 I only made a GPL claim. All I want is the stuff that the GPL entitles me to have. The rest is off-topic and - as you say - toxic. Nobody needs the off-topic stuff in the Github repo I’ll post the GPL code to: it’s about the code, not the people or whatever drama happened at their workplace.
The thing is that they only need to release the source code to a user of their installer. Also, perhaps they got a special exception from the original author like dynamically linked Linux drivers.
No, not just the installer. Actually the installer doesn’t even matter here as its sole purpose is placing the binary. GPL applies when you make modifications to the program AND you distribute the program. GPL states that you MUST also give the source of the modified binary WHEN requested by those who got the modified program (this is very simplifying it)