What would you think of a company that is presenting its new product which is somewhat innovative, but the product is based on OpenSource software and the company does not care about the OpenSource licenses of the used components?
As an OpenSource author I don’t like such companies. Lately I discovered this for one Asian-European company which has released a product this year. They were using OpenSource from a project in which I am involved and which is licensed under LGPL or MPL (to be chosen by the licensee). After notifying them that they were in violation of the license, they added the mandatory attribution in their help file and later seemingly removed(?) the respective units completely (the GUI part of the product is a Delphi program).
They also used components of another (Delphi) project which is released under MPL and therefore requires attribution as well. As you can guess the attribution was missing as well, but was added along with the attribution to the aforementioned project in which I am involved.
So up to now I have undoubtedly identified two OpenSource projects which have a license that does not impose the OpenSource license on the application (like the GPL would). But now the “surprise”. Said company does not even refrain from using a GPL-licensed component and uses it in a way that is in full violation of the GPL. If you link a GPL-licensed component into your application, the application is basically cursed by the GPL and has to be put under GPL as well. They are not only linking the GPLed component into their product, instead they also do not release the modified source code, which is required by the GPL license ([1], [2], [3], [4], [5], [6], [7]).
After I was made aware of the product and found the two LGPL/MPL violations, I also saw one file as part of the application whose name was familiar. The file also had some differences to the other files of the product. Because of this I first started comparing some properties that one can compare without reverse engineering techniques (such as looking at imports, strings …). After this still yielded positive results – meaning the similarities got more obvious – I decided to have a look at the two files – the one in question and the file from the GPL project from which it seemed to be derived. And guess what? … Bingo! While the violation in case of LGPL/MPL was “only” that the attibution was missing, this is an entirely new dimension with the GPL violation.
So I notified the author and GPL-Violations and meanwhile the FSF Europe seems to be informed as well. Of course I have the originally released (installer) files to prove everything and the questionable file has not been changed over the last few version of the product. In near future I will start providing some nice examples of the similarities – product and company name will be published along with the details then. In huge parts of the code the minor differences can be attributed to the different compiler versions – but there are just some things which are not there by chance! I just don’t have enough time currently to dig deeper and possibly find violations through the use of other components in this product. But it seems that the marketing fellows at this company do not actually care to much about other people’s licenses as long as their profits keep coming.
Frankly, I put my stuff under liberal OpenSource licenses so that companies are allowed to use it without imposing my license on their product – therefore I don’t use GPL too often. But if I see that case, I think I couldn’t eat enough to vomit as much as I’d like to … 🙁
// Oliver
PS: Yes, the product does what it promises, although some descriptions on their website are definitely biased by the marketing language used and yes it is sold at a very reasonable price … yet this is no excuse for such a massive license breach.