Skip to content
Forum
Subscribe
Search
●
AI
●
Biz &IT
●
Cars
●
Culture
●
Gaming
●
Health
●
Policy
●
Science
●
Security
●
Space
●
Tech
●
Feature
●
Reviews
●
AI
●
Biz &IT
●
Cars
●
Culture
●
Gaming
●
Health
●
Policy
●
Science
●
Security
●
Space
●
Tech
Forum
Subscribe
Story text
* Subscribers only
Learn more
●
HyperLight
●
Day & Night
●
Dark
●
System
Search dialog...
Sign in dialog...
Sign in
Biz &IT
SFLC tech director finds one new GPL violator every day
The technical director of the Software Freedom Law Center says that GPL …
Ryan Paul
–
|
Credit:
barraquito
Text
settings
Story text
* Subscribers only
Learn more
Bradley Kuhn, the technical director of the Software Freedom Law Center (SFLC), has published a helpful set of guidelines about the most productive way to respond to a suspected violation of GNU’s General Public License (GPL). The guidelines caution against jumping to conclusions and encourages free software enthusiasts to give violators the benefit of the doubt. GPL violations are extremely common, he says, but most of them are accidental.
The SFLC, which was founded in 2005 with the aim of providing legal support for the free and open source software development community, has played a key role in resolving numerous GPL enforcement conflicts. Its approach to GPL enforcement is typically instructive and non-confrontational. Lawsuits are used as a last resort and have consistently resulted in out-of-court settlements. The organization is perhaps best known for litigating a series of high-profile GPL violation cases on behalf of the developers of the open source BusyBox embedded tools.
In his role as the SFLC’s technical director and in his previous position as the executive director of the Free Software Foundation, Kuhn has had extensive involvement in GPL enforcement efforts. His commentary on the subject is, needless to say, very well informed. He published the guidelines this week in response to a recent incident of alleged GPL infringement that was attributed to Microsoft.
An independent programmer found evidence suggesting that Microsoft’s proprietary Windows 7 USB/DVD Download tool was potentially built with source code that was misappropriated from a GPL-licensed project called ImageMaster. The evidence is ambiguous but compelling. Microsoft apparently thought so too, because it pulled the tool in question from its website and is said to be investigating the matter.
Kuhn’s guidelines put the matter into perspective and provide some insight into how such issues should be handled. Kuhn says that he has found, on average, one new company violating the GPL every day over the past few months. GPL violations are so common, he says, that he could easily keep it up for a whole year. He regards it as important work, but doesn’t consider any individual instance of GPL infringement to be a significant revelation. Finding and resolving these issues is a lot like fixing bugs, according to Kuhn. Single cases don’t mean much, but the ongoing effort contributes to a healthier and better-informed commercial ecosystem around free and open source software—one in which companies understand and appreciate their licensing obligations.
Most GPL violations are mere accidents or the result of simple negligence. Instead of immediately publicizing a suspected case of infringement, Kuhn suggests that the best way to start productive enforcement action is to privately contact the company and submit a for request source code and clarification. The next step is to contact the actual copyright holder—the author of the code that is being misused—as they are empowered to legally enforce the licensing terms. This should be done privately, he says, rather than on public mailing lists. He feels that attempting to publicly shame a company into compliance will undermine communication and make it more difficult to proceed.
“Don’t go public first. Back around late 1999, when I found my first GPL violation from scratch, I wanted to post it to every mailing list I could find and shame that company that failed to respect and cooperate with the software freedom community. I’m glad that I didn’t do that, because I’ve since seen similar actions destroy the lines of communication with violators, and make resolution tougher,” Kuhn wrote. “Remember that the primary goal of the GPL is to encourage more software freedom in the world. For many violators, the first experience the violator has with FLOSS is an enforcement action. We therefore must ensure that enforcement action is reasonable and friendly. I view every GPL violator as a potential FLOSS contributor, and try my best to open every enforcement action with that attitude.”
Kuhn’s complete blog entry is worth a look and offers a number of additional recommendations that are equally important. It’s a good resource for free software enthusiasts and developers who are concerned about license violations and want to contribute to productive enforcement efforts. Companies that are looking for additional details about how to avoid accidental GPL violations might want to have a look at the SFLC’s handy compliance guide, which was published last year.
Ryan Paul
Ars Editor Emeritus
Ryan Paul
Ars Editor Emeritus
Ryan is an Ars editor emeritus in the field of open source, and and still contributes regularly. He manages developer relations at Montage Studio.
Comments
Forum view
Loading comments...
Prev story
Next story
Most Read
1.
AI agents now have their own Reddit-style social network, and it's getting weird fast
2.
The TV industry finally concedes that the future may not be in 8K
3.
Inside Nvidia's 10-year effort to make the Shield TV the most updated Android device ever
4.
FCC aims to ensure "only living and lawful Americans" get Lifeline benefits
5.
ICE protester says her Global Entry was revoked after agent scanned her face
Ars Technica has been separating the signal from
the noise for over 25 years. With our unique combination of
technical savvy and wide-ranging interest in the technological arts
and sciences, Ars is the trusted source in a sea of information. After
all, you don’t need to know everything, only what’s important.
More
from Ars
●About Us
●Staff Directory
●Ars Newsletters
●General FAQ
●Posting Guidelines
●RSS Feeds
Contact
●Contact us
●Advertise with us
●Reprints
© 2026 Condé Nast. All rights reserved. Use of and/or
registration on any portion of this site constitutes acceptance of our User Agreement and
Privacy Policy and
Cookie Statement and Ars
Technica Addendum and Your
California Privacy Rights. Ars Technica may earn compensation on
sales from links on this site. Read our
affiliate link policy. The material on this site may not be
reproduced, distributed, transmitted, cached or otherwise used, except
with the prior written permission of Condé Nast. Ad
Choices