I inherited a 15+ year old Python application, which I am about to port to Python 3.
The application is a proprietary, web based intranet solution, which is only deployed inhouse and used by colleagues.
Amongst other curiosities I found a library, which got vendored (copy pasted into our repository), which is licensed as GPL.
The library itself was abandoned like 2001!
In the header I read of three contributors.
Could you please advise me how to proceed in order to comply with GPL?
Afaik it is not allowed to use or continue to use the library for the proprietary intranet solution.
I could
ask the three contributors if they agree to re-license the library to e.g. mit/bsd license? (not a good chance to reach them after 18 years)
rewrite the library (only about 150 lines of code with lots of lines to delete because of Windows comp. which I do not need)
replace the library with a different one
release the prop. intranet solution as gpl (hardly practical, as too much company specific stuff hardcoded => too much effort to bring in shape and possibly zero external interest)
extract the library into a separate application, which I could release as gpl - and talk to this new app via rest?
Licensing something under GPL is a different thing than a public release. You can have a GPL-licensed code and you do not have to publish it anywhere outside of your organization.
Licensing something under GPL is a different thing than a public release. You can have a GPL-licensed code and you do not have to publish it anywhere outside of your organization.
I cannot follow. The library was published by a third party publicly back in 2000, and we want to use it in our prop. intranet solution. I thought we are not allowed to do this? If we used that library, we have to also publish our intranet app which makes use of the library?
GPL does not require you to publish anything. Simply said, GPL only requires that you will share the source code with users you distribute the binary version to. So if you distribute the software only to your own intranet servers, you do not have to share the source code with public.
In other words: if there are no users of that software outside your organization, no one (from the outside) will complain nor ask you for the source code.
So when you talk of âsoftwareâ and âsource codeâ you speak of the intranet?
So when I understand you correctly, the current usage is legally correct.
Now, the library is Python 2 only.
I want to port it to Python 3.
Am I allowed to put the library on my companies github account and make it public?
Iâd make some massive changes as it support lots of use cases we do not need.
Iâd also make a release on PyPi (the python package index).
As far as I understood you this is all covered by the GPL license - btw the library uses version 2.
Sure, you can publish your modified version on Github and PyPi as long as you continue to distribute it under the GNU GPLv2, if it contains the âor any laterâ statement you might also consider publishing your version under the âGNU GPLv3 or laterâ.
Yes, you can do it, this right (redistribute) is guaranteed by the GPL license. You can distribute both source and binary forms and both modified and verbatim. You just have to keep original copyright notices (i.e. keep there the name of the original authors and do not pretend that it is completely your creation). With Git or other versioning system, this is no problem because it keeps the history.
This is commendable work. And this is one of great parts of free software â if the original author stops developing the software, others can continue.
Please note that however widespread GitHub is, it is a problematic centralized service/network. Please read the GNU ethical repository criteria. You can use GitHub as a Git hosting until anybody can anonymously clone the repository and download the sources. But it becomes problematic when you try to collaborate with others and accept contributions (including bug reports). Please do not force users and contributors to register at GitHub (i.e. sign a contract with a corporation). Please provide a way to report bugs and contribute patches without having an account at GitHub (or other proprietary centralized service / social network).
Yes, thatâs the usual interpretation I keep reading. It does make
some sense, but⊠can I, the company, keep my employees (who are
entitled to the modified source) from re-distributing it outside
the company (e.g. by an NDA)? Or would that go against the âno
further restrictionsâ clause in the GPL?
Any employee who has access to the modified source code, whether they are âentitledâ to it or just found it, can publish it, as itâs licensed to you (and them) under the GPL. You cannot override these terms, because if you do then you are not complying with the terms of the GPL and you no longer have permission to use the software.
I remember that I read once that if you use the software only in your organization you can forbid your employees to copy the software and release it elsewhere. The reason, when I remember correctly: The employee uses the software only during work on devices provided to them by the organization with the software pre-installed. So the software was never really distributed to the employee and also legally not the individual but the organization uses the software during their working hours.
Unfortunately I can no longer find the article. So I can just tell it out of my head, obviously thatâs no legal advice.
Maybe someone else also remember something like this?
@kpfleming Typically a company has a say over itâs employees. The company owns the copyright of their work, and can prevent voluntairy publication with policies.
I thought the original point of @jugmac00 was about having a GPL licensed library in a non-GPL application, possibly violating the license. I am not a lawyer, but is seems to me that the GPL library requires the application to be GPL licensed. As the library is nog LGPL licensed (or is it?).
If you want to address this violation, youâd either have to GPL the aplication-part the library is used in (e.g. the back end). Or youâd have to come up with a replacement library that is LGPL or BSD-like licensed.
Something to consider: sometimes the dual-licensing practice of a company is to keep the GPL statement in the code, whilst the code is actually distributed under a different license, typically after payment. If that is the case, you might be legally allowed to use the code as non-GPL code, despite is also being available as GPL code. In that case your company should have âa receiptâ to prove the legality. The same can be the case for the software provider that provides you the application. The could have bought a license of the library which allows them to re-license it to you.
@kpfleming Typically a company has a say over itâs employees.
That depends on whether your live in a state of law or not.
The company doesnât /own/ their employees. They may have
some right on the software written on the companyâs resources.
If they take some GPL software, build on it, and distribute
it internally, theyâre still bound by the GPL â towards their
employees. But they canât take away rights granted legally to
them.
Of course, as a programmer, itâd be my duty to point out that
Iâm extending some GPL software for the companyâs purposes, and
their right to say âno, better write from scratch, we donât
want to be bound by GPLâ.
The company owns the copyright of their work, and can prevent voluntairy publication with policies.
But they areât outside the law (although some companies try to).
This might be a bit ambiguous and in the end it depends on a court decision (if it goes so far that you need a court to resolve such case).
In depends on the meaning of the word âdistributeâ or âconveyâ and on whether you see the whole company (employer + employees) as a single entity. If you say that the employer distributed the software to particular employees, than the employees should get also the source code. Or if you say that the developer (employee 1) distributed the software to the administrator (employee 2), the administrator should also get the source code. But if you say that the company develops the software for its internal purposes, the software is developed and used by the same legal entity and there is no actual distribution.
To âconveyâ a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying.
So if it is an intranet application running on a companyâs server, it is not conveyed to particular employees. It is questionable whether it was conveyed to the administrator of given server⊠But even if the software is installed on âemployeeâsâ computer, actually it is a companyâs computer â owned by the employer and the employee is just allowed to work on it but does not own it.
If we look at habitual practices in the industry: the software from the third-party vendors is usually licensed to the company, not to particular employees (however employees work on computers where such software is installed). The court might be looking for an analogy between proprietary and free software licenses this way. But even in the case of the proprietary software, there are sometimes employees names in the software or in the license key or the employee is even forced to have an account at the software vendor or have to agree with EULA or other conditions when running the software for the first time.
I basically tend to this reading: the software is developed and used by a single entity (the company) and it is not distributed/conveyed to any other entity. The software stays on the computers owned by the company.
But it is still bit unclear â this might happen:
An employee takes the software from the company and publishes it somewhere else. The software had GPL license headers, so he thought that it is OK to (re)distribute it. The company might sue him for breaking the employment contract or internal rules of the company. And then the (third-party) author of the software/library might sue the company for breaking the GPL license (because âYou may not impose any further restrictionsâ).
An employee is using a software (on a companyâs computer) and sees in the about dialog, that given software is licensed under GPL. So he asks the employee for the source codes, and if he do not get them, he will sue the employee.
Everything depends on: was the software distributed from one legal entity (employer) to another (employee) or is it used by a single legal entity (the company as a whole)?
Do you know about any legal cases? Was this question ever resolved at a court?
Yes, but is âthe companyâ at all allowed to link their proprietary code with the GPLâed code, if they do not distribute it; even if they do not distribute it?
As I understand it, the company must GPL itâs own code base, but they are then not required to give the their code base to the public. And the company can prohibit itâs employees from giving out the code base to the public, since it has not âdistributedâ the code to the employees.
The obligations in the GPL are triggered by distribution, not by linking or any other form of usage. If there is no distribution, then the GPL-covered code can be used in any way that the company wishes.
