Remix.run Logo
terinjokes 2 months ago

Why should the test process be sending physical letters (edit: in 2025)? Nothing in the GPLv2 requires a physical letter.

The address the OP sent a letter too has already been removed from the canonical version of the license (and was itself an unversioned change from the original address), and section 3 doesn't require a physical offer if the machine-readable source code is provided.

ndiddy 2 months ago | parent [-]

Some companies still do this mainly to make the GPL request process more annoying so fewer people do it. If you have to mail a letter with a check to cover shipping/handling and wait for the company to send you a CD-R with the code on it, fewer people will look at the code compared to if the company just put it on Github or something.

terinjokes 2 months ago | parent | next [-]

If the goal is to be annoying, sure make sure folks can jump through hoops. I just don't think in 2025 a company legitimately intending to satisfy the GPL requirements needs anything to do with physical mail, since they'll provide it online.

I stopped putting in requests for source code offers because I've had a 0% success rate.

immibis 2 months ago | parent | next [-]

Companies don't legitimately intend to satisfy the GPL requirements.

If you put in a source code request and get no reply you should try to contact the copyright holder or someone like the Software Freedom Conservancy or the EFF, because they are breaking the law. There was a case recently in Germany where a court forced a maker of home routers to give up not just their source code, but also the scripts to install modified software - as required by the license. (As I understand it there is no precedent in a civil law system, but it does mean at least one judge believes Tivoization of GPLv2 software is illegal)

terinjokes 2 months ago | parent [-]

I am keeping an eye on SFC's lawsuit against Vizio[0].

[0]: https://sfconservancy.org/copyleft-compliance/vizio.html

pabs3 2 months ago | parent | prev [-]

Please let the Software Freedom Conservancy know about any companies that are still in violation of the GPL by not satisfying requests for source code.

https://sfconservancy.org/copyleft-compliance/help.html

foxglacier 2 months ago | parent | prev | next [-]

I offer GPL source via physical address because I don't want to distribute it with the software and I think the GPL said you have to do it that way. I also provide an email address for convenience but without it being the official way so I don't really have to respond to those. In 10 years, I've had zero requests either way.

adastra22 2 months ago | parent [-]

Why do you distribute under GPL if you don’t want to distribute the source?

foxglacier 2 months ago | parent | next [-]

It's a 3rd part GPL program that I've modified and distribute with my proprietary software. The not wanting to is just because it's a bit of hassle putting together the files and information on how to compile it in a polished way. If nobody requests it, I can defer that work forever.

fph 2 months ago | parent | prev [-]

Maybe because they have to. If you are reusing GPL code, you don't really have a choice.

bluGill 2 months ago | parent | prev [-]

Most of the time the GPL request is a waste of time with no purpose other than annoy a company. You can download linux source code from many places, why do you want to get it from us?

There is a slight possibility we have a driver that you could get access to, but without the hardware it won't do you any good. Once in a while we have hacked the source to fix a bug, but if it isn't upstream it is because the fix would be accepted (often it causes other bugs that don't matter to use), and in any case if it isn't upstream, the kernel moves so fast you wouldn't be able to use it anyway.

immibis 2 months ago | parent | next [-]

There's actually a near-100% chance that the kernel on my device is not the upstream kernel. There's a near-100% chance that you have added some custom drivers or got them from your upstream. There's also a near-100% chance that you have written some scripts to install the kernel on the device, which you are required (at least one German judge thinks so) to share with me so that I can install a modified kernel on my device.

ndiddy 2 months ago | parent | prev | next [-]

Again I see no purpose in doing things this way besides trying to minimize the amount of people who look at your GPL code for some reason. Isn't it more annoying for the company to make someone in customer support read paper letters, burn the GPL package onto a CD-R, and mail it than it is to simply host the GPL package for each product on a support site or Github or something and include a link in the product documentation?

ack_complete 2 months ago | parent [-]

There's definitely a purpose, it's to obfuscate usage of GPL software and dodgy linkage. There's no other reason for situations like hosting a binary download as a plain download on a website while getting the source requires mailing a check or money order to a UK address.

regentbowerbird 2 months ago | parent | prev [-]

You only have to serve those requests if you distribute your changes yourself.

So presumably as a hardware company you'd be offering your hardware with your custom linux installed, and then people wanting to audit or hack the product they bought would request the code from you.

bluGill 2 months ago | parent [-]

This is GPL2 - there is no requirement that you be able to install/use/hack the software, only that you get the same source.

pabs3 2 months ago | parent [-]

That is incorrect, the GPLv2 requires that you be able to modify the code, build it, reinstall the binary and run the modified binary.

https://sfconservancy.org/blog/2021/mar/25/install-gplv2/ https://sfconservancy.org/blog/2021/jul/23/tivoization-and-t... https://events19.linuxfoundation.org/wp-content/uploads/2017...

immibis 2 months ago | parent [-]

This relies on a court's interpretation. GPLv3 made it explicit that the user has to be provided with everything they need to install modified software. GPLv2 just says "scripts used to control installation" which can be easily interpreted to exclude private signing keys. And the LGPLv2 says when an executable statically links to the library the user must be able to produce a modified executable - nothing at all about being able to install that executable.

adastra22 2 months ago | parent [-]

That is an overly obtuse interpretation. Real law doesn’t work that way. Get in front of a court and the bench judge will shut down that kind of analysis real fast. The intended interpretation is quite clear in context.

immibis 2 months ago | parent [-]

Can you cite when it was interpreted this way please?