| ▲ | bluGill a day ago |
| At least he got a response. Meaning the address didn't change mostly. A few years back I worked on an embedded linux project. For our first "alpha" release one of the testers read through the license agreement (as opposed to scrolling past all that legalese like most people do) and found the address to write to to get all the GPL source, he then send a letter to the address and it was returned to sender, invalid address. Somehow the lawyers found out about this and the forced us to do a full recall, sending techs to each machine to install an update (the testers installed the original software and were expected to apply updates, but we still had to send someone to install this update and track that everyone got it). Lawyers want to show good faith in courts - they consider it inevitable that someone will violate the GPL and are hoping that by showing good faith attempts to follow the letter and spirit the court won't force releasing our code when a "rouge employee" manages to violate the license. The more important take away is if your automated test process doesn't send letters to your GPL compliance address to verify it works then you need manual testers: not only are you not testing everything, but you didn't even think of everything so you need the assurance of humans looking for something "funny". |
|
| ▲ | AlbinoDrought a day ago | parent | next [-] |
| The Free Software Foundation closed their office at 51 Franklin St in August 2024 [1]. Their new mailing address is on 31 Milk Street [2]. If this test was reproduced today, we may see different results ;) [1]: https://www.fsf.org/blogs/community/fsf-office-closing-party [2]: https://www.fsf.org/about/contact/mailing |
| |
| ▲ | dunham a day ago | parent | next [-] | | That's recent enough that mail forwarding should work, if they set it up: > Standard mail forwarding lasts 12 months. You can pay to extend mail forwarding for 6, 12, or 18 more months (18 months is the maximum). Edit for source: https://www.usps.com/manage/forward.htm | | |
| ▲ | giancarlostoro a day ago | parent [-] | | > > Standard mail forwarding lasts 12 months. You can pay to extend mail forwarding for 6, 12, or 18 more months (18 months is the maximum). That's kind of awkward when you consider people will find that address for source code where that license file just wont be updated for decades to come, if at all. | | |
| ▲ | __turbobrew__ 21 hours ago | parent | next [-] | | We need DNS, but for mail addresses. | | |
| ▲ | pdfernhout 17 hours ago | parent | next [-] | | Maybe DNS for mail addresses is like a Post Office Box number? :-)
https://en.wikipedia.org/wiki/Post_office_box With 20/20 hindsight, if the FSF had used a P.O. Box number in the license, the license addresses would always be correct even if the FSF office changed addressed or (as now) was no longer maintained. Of course, the cost of a P.O. box over 40 years would have added up to thousands of dollars and that is less money for FSF advocacy. And time spent going to the post office to check the box would also have taken away from advocacy time. Another physical mail DNS-like idea is mail forwarding -- but it typically has time limits at the post office although not for private mail forwarders:
https://en.wikipedia.org/wiki/Mail_forwarding
"Private mail forwarding services are also offered by private forwarding companies, who often offer features like the ability to see your mail online via a virtual mailbox. Virtual mailboxes usually have options to get your mail scanned, discard junk mail and forward mail to your current address." Although strictly speaking, these forwarding services are not quite like DNS (even if they do get at the idea of indirection). A true mail DNS would be more like a service you mail a post card to with a person's or organization's name and which mails a post card back to you which tells you what address to currently write to in order to reach that person or organization. (At least, if you write to that received address during some time-to-live window of validity of the address.) And I guess Encrypted DNS would be like you and the service using more expensive security envelopes instead of post cards? :-) | | |
| ▲ | vitus 5 hours ago | parent [-] | | > Of course, the cost of a P.O. box over 40 years would have added up to thousands of dollars and that is less money for FSF advocacy. And time spent going to the post office to check the box would also have taken away from advocacy time. To be fair, renting office space in downtown Boston also adds up to tens (if not hundreds) of thousands of dollars, every year. By comparison, $500 dollars a year [0] for a medium PO Box (in the lobby of the building for their new office, no less!) is a steal. [0] https://poboxes.usps.com/findBox.html?q=02196 |
| |
| ▲ | schlauerfox 19 hours ago | parent | prev | next [-] | | CGP Grey, a youtube channel, has a video on some of the problems of the postal codes and addresses from earlier this year that I learned about alternates to my familiar US based system. https://www.youtube.com/watch?v=1K5oDtVAYzk | |
| ▲ | ajb 20 hours ago | parent | prev | next [-] | | One thing I've been meaning to try, but never got round to, is to stick a URL on an envelope, pointing at a page with an address, and see if the mail (royal mail, in my case) actually deliver it. I suspect they would but that it would take a few extra days. It's no worse than some of the addresses that they do deliver. | | |
| ▲ | ayewo 19 hours ago | parent [-] | | What about encoding the address as a QR code? This should not require any Internet access to view by whoever is scanning it to be sorted for delivery. | | |
| ▲ | aftbit 19 hours ago | parent [-] | | It also does not help you to update the address later. | | |
| ▲ | giancarlostoro 17 hours ago | parent [-] | | It does if it leads to a web page with an address. What happens when all project maintainers die and the source code disappears? | | |
| ▲ | Sophira 6 hours ago | parent | next [-] | | It does, but I think the person you were responding to was referring to the "This should not require any Internet access to view" part. | |
| ▲ | pabs3 14 hours ago | parent | prev [-] | | Hopefully it will never disappear, since Software Heritage and ArchiveTeam will have saved it. https://www.softwareheritage.org/
https://wiki.archiveteam.org/index.php/Codearchiver | | |
| ▲ | fragmede 11 hours ago | parent [-] | | Hope is not a strategy. As much as I hate crypto, something on the blockchain might be more durable. You want something that isn't reliant on any one person or company to continue to exist (though maybe the long now foundation will) and even if Bitcoin goes to zero, I think there will be some die hard true believers to keep running miners even past the built in 2140 expiration date. |
|
|
|
|
| |
| ▲ | solarkraft 20 hours ago | parent | prev [-] | | Even moving once has made the need for this clear to me, it boggles my mind that it isn’t a (common) thing. |
| |
| ▲ | 1oooqooq 19 hours ago | parent | prev [-] | | since this is hacker news... i once had some trouble changing mail address from one supplier (they would send the materials to the new address, but insisted on sending billing/tax info to the old one) so i did the mail forward process some three times + their extensions (i recall it was 6 + 3mo or so)... it got me close to 3 yrs of reliable mail forward from the great folks at usps until i could get thru the supplier personnel thick skull. the only issue "redoing" the request is that people at the old address can block it, so be sure to talk to them first. | | |
| ▲ | giancarlostoro 19 hours ago | parent [-] | | > the only issue "redoing" the request is that people at the old address can block it, so be sure to talk to them first. That's so strange, especially when you consider that for legal purposes, if you receive mail at someone's home, you are now a "resident" and it is harder for police to kick you out. Why would anyone willingly want your mail to come to your address. | | |
| ▲ | grepfru_it 16 hours ago | parent [-] | | Simply receiving mail does not make you a resident. You must establish residency and that is being allowed access to the home, the understanding that you are leaving belongings behind with the ability to access them later, how long you have stayed, and maintaining things like utility bills. A lease is a contract that clearly establishes the guidelines between two willing parties. Absent that, the definition of residency is typically delineated in your state landlord-tenant laws. Disclaimer: in the USA |
|
|
|
| |
| ▲ | mattl a day ago | parent | prev | next [-] | | I wrote a little more about the various offices as someone who used to work there. https://news.ycombinator.com/item?id=43783632 | |
| ▲ | twic 19 hours ago | parent | prev | next [-] | | This test isn't about writing to the FSF, it's about writing to the vendor who supplied the software. | |
| ▲ | brian-armstrong 20 hours ago | parent | prev [-] | | Did they also force RMS to move out? | | |
|
|
| ▲ | ahtihn 8 hours ago | parent | prev | next [-] |
| > court won't force releasing our code when a "rouge employee" manages to violate the license. Is this an actual, real risk? Has a court ever forced anyone to release their code because they were violating the GPL? My understanding is that this is not how this works. If you violate the license you simply don't have a valid one and basically committing copyright infringement. The punishment for that isn't being forced to comply with the license, it's having to pay damages to the copyright owner. Showing good faith doesn't really change the end result: you're using code that you don't have a license to. The only fix is to start complying or stop selling your software until you remove the code you don't have a license to use. |
| |
| ▲ | bluGill 41 minutes ago | parent [-] | | Not that I'm aware of. NEXT however did release objective-C source code, but AFAIK that never went to court (anyone able to find those details - I can't find them now). The text of the GPL is release source code. There are a few people who want release source code to be the only way out of any infringement. If a company intentionally violates the GPL that starts to look like a reasonable argument to courts. However if a company takes "enough" effort to not infringe and does anyway a smaller penalty would apply. If you don't have a license and distributed software, then that is a copyright violation and the author is entitled to damages. Exactly what those are is something the court figures out. However one important piece of evidence is the license was release your source code. Thus lawyers want that additional cover of we knew and decided not to use GPL code, and there are the steps we took to ensure we didn't: since we took effort you shouldn't apply that extreme penalty. I do know that good faith in other areas has made a difference. Companies have been caught bribing foreign officials before - which is a shut down the company level event (many countries have laws that if you bribe a government anywhere, not just in their country). However because the company could show they made good faith efforts to ensure everyone knew not to bribe this was just the act of a rouge employee. How real is it? Hard to say. Good lawyers will tell you that putting in some effort to ensure you don't infringe is cheap protection even if the risk is low. |
|
|
| ▲ | diggan a day ago | parent | prev | next [-] |
| An updated version would say to make sure every email address you use/show in the application/terms/policies are usable and someone receives it. When reviewing stuff that introduces new emails and whatnot I always spend 10-20 seconds sending an email with "Please respond if you see this" to verify it actually works and someone receives it, as I've experienced more than once that no one actually setup the email before deploying the changes that will show the email to users. |
|
| ▲ | chasd00 19 hours ago | parent | prev | next [-] |
| reminds me of this old joke. Two testers walk into a bar, the first says "i'll have a beer please" and they get their beer as expected. The second says "I just want water" and they get the water just like the asked. Then a user walks into the bar and asks "where's the bathroom?". The bar explodes. |
|
| ▲ | terinjokes a day ago | parent | prev [-] |
| Why should the test process be sending physical letters (edit: in 2025)? Nothing in the GPLv2 requires a physical letter. The address the OP sent a letter too has already been removed from the canonical version of the license (and was itself an unversioned change from the original address), and section 3 doesn't require a physical offer if the machine-readable source code is provided. |
| |
| ▲ | ndiddy a day ago | parent [-] | | Some companies still do this mainly to make the GPL request process more annoying so fewer people do it. If you have to mail a letter with a check to cover shipping/handling and wait for the company to send you a CD-R with the code on it, fewer people will look at the code compared to if the company just put it on Github or something. | | |
| ▲ | terinjokes a day ago | parent | next [-] | | If the goal is to be annoying, sure make sure folks can jump through hoops. I just don't think in 2025 a company legitimately intending to satisfy the GPL requirements needs anything to do with physical mail, since they'll provide it online. I stopped putting in requests for source code offers because I've had a 0% success rate. | | |
| ▲ | pabs3 14 hours ago | parent | next [-] | | Please let the Software Freedom Conservancy know about any companies that are still in violation of the GPL by not satisfying requests for source code. https://sfconservancy.org/copyleft-compliance/help.html | |
| ▲ | immibis a day ago | parent | prev [-] | | Companies don't legitimately intend to satisfy the GPL requirements. If you put in a source code request and get no reply you should try to contact the copyright holder or someone like the Software Freedom Conservancy or the EFF, because they are breaking the law. There was a case recently in Germany where a court forced a maker of home routers to give up not just their source code, but also the scripts to install modified software - as required by the license. (As I understand it there is no precedent in a civil law system, but it does mean at least one judge believes Tivoization of GPLv2 software is illegal) | | |
| |
| ▲ | foxglacier 11 hours ago | parent | prev | next [-] | | I offer GPL source via physical address because I don't want to distribute it with the software and I think the GPL said you have to do it that way. I also provide an email address for convenience but without it being the official way so I don't really have to respond to those. In 10 years, I've had zero requests either way. | | | |
| ▲ | bluGill a day ago | parent | prev [-] | | Most of the time the GPL request is a waste of time with no purpose other than annoy a company. You can download linux source code from many places, why do you want to get it from us? There is a slight possibility we have a driver that you could get access to, but without the hardware it won't do you any good. Once in a while we have hacked the source to fix a bug, but if it isn't upstream it is because the fix would be accepted (often it causes other bugs that don't matter to use), and in any case if it isn't upstream, the kernel moves so fast you wouldn't be able to use it anyway. | | |
| ▲ | ndiddy a day ago | parent | next [-] | | Again I see no purpose in doing things this way besides trying to minimize the amount of people who look at your GPL code for some reason. Isn't it more annoying for the company to make someone in customer support read paper letters, burn the GPL package onto a CD-R, and mail it than it is to simply host the GPL package for each product on a support site or Github or something and include a link in the product documentation? | | |
| ▲ | ack_complete 14 hours ago | parent [-] | | There's definitely a purpose, it's to obfuscate usage of GPL software and dodgy linkage. There's no other reason for situations like hosting a binary download as a plain download on a website while getting the source requires mailing a check or money order to a UK address. |
| |
| ▲ | regentbowerbird a day ago | parent | prev | next [-] | | You only have to serve those requests if you distribute your changes yourself. So presumably as a hardware company you'd be offering your hardware with your custom linux installed, and then people wanting to audit or hack the product they bought would request the code from you. | | |
| ▲ | bluGill 21 hours ago | parent [-] | | This is GPL2 - there is no requirement that you be able to install/use/hack the software, only that you get the same source. | | |
| |
| ▲ | immibis a day ago | parent | prev [-] | | There's actually a near-100% chance that the kernel on my device is not the upstream kernel. There's a near-100% chance that you have added some custom drivers or got them from your upstream. There's also a near-100% chance that you have written some scripts to install the kernel on the device, which you are required (at least one German judge thinks so) to share with me so that I can install a modified kernel on my device. |
|
|
|
