WARNING: This document is made public for archival and historical purposes only. Not all of the information is current, and accuracy cannot be guaranteed.
Chapter 23 Bracken: a Minor Violation in a GNU/Linux Distribution
In this case study, we consider a minor violation made by a company whose knowledge of the Free Software
community and its functions is deep.
23.1 The Facts
Bracken produces a GNU/Linux operating system product that is sold primarily to OEM vendors to
be placed in appliance devices used for a single purpose, such as an Internet-browsing-only device.
The product is almost 100% Free Software, mostly licensed under the GPL and related Free Software
licenses.
FSF found out about this violation through a report first posted on a
Slashdot1
comment, and then it was brought to our attention again by another Free Software copyright holder who had
discovered the same violation.
Bracken’s GNU/Linux product is delivered directly from their Web site. This allowed FSF engineers to directly
download and confirm the violation quickly. Two primary problems were discovered with the online
distribution:
No source code nor offer for source code was provided for a number of components for the distributed
GNU/Linux system; only binaries were available
An End User License Agreement (“EULA”) was included that contradicted the permissions granted
by the GPL
FSF contacted Bracken and gave them the details of the violation. Bracken immediately ceased distribution of
the product temporarily and set forth a plan to bring themselves back into compliance. This plan included the
following steps:
Bracken attorneys would rewrite the EULA to comply with the GPL and would vet the new EULA
through FSF before use
Bracken engineers would provide source side-by-side with the binaries for the GNU/Linux distribution
on the site (and on CD’s, if ever they distributed that way)
Bracken attorneys would run an internal seminar for its engineers regarding proper GPL compliance
to help ensure that such oversights regarding source releases would not occur in the future
Bracken would resume distribution of the product only after FSF formally restored Bracken’s
distribution rights
This case was completed in about a month. FSF approved the new EULA text. The key portion in the EULA
relating to the GPL read as follows:
Many of the Software Programs included in Bracken Software are distributed under the terms
of agreements with Third Parties (“Third Party Agreements”) which may expand or limit the
Licensee’s rights to use certain Software Programs as set forth in [this EULA]. Certain Software
Programs may be licensed (or sublicensed) to Licensee under the GNU General Public License
and other similar license agreements listed in part in this section which, among other rights,
permit the Licensee to copy, modify and redistribute certain Software Programs, or portions
thereof, and have access to the source code of certain Software Programs, or portions thereof.
In addition, certain Software Programs, or portions thereof, may be licensed (or sublicensed) to
Licensee under terms stricter than those set forth in [this EULA]. The Licensee must review the
electronic documentation that accompanies certain Software Programs, or portions thereof, for
the applicable Third Party Agreements. To the extent any Third Party Agreements require that
Bracken provide rights to use, copy or modify a Software Program that are broader than the
rights granted to the Licensee in [this EULA], then such rights shall take precedence over the
rights and restrictions granted in this Agreement solely for such Software Programs.
FSF restored Bracken’s distribution rights shortly after the work was completed as described.
23.2 Lessons Learned
This case was probably the most quickly and easily resolved of all GPL violations in the history of FSF’s
Compliance Lab. The ease with which the problem was resolved shows a number of cultural factors that play a role
in GPL compliance.
1.
Companies that understand Free Software culture better have an easier time withcompliance. Bracken’s products were designed and built around the GNU/Linux system and Free
Software components. Their engineers were deeply familiar with the Free Software ecosystem, and their
lawyers had seen and reviewed the GPL before. The violation was completely an honest mistake. Since
the culture inside the company had already adapted to the cooperative style of resolution in the Free
Software world, there was very little work for either party to bring the product into compliance.
2.
When people in key positions understand the Free Software nature of their softwareproducts, compliance concerns are as mundane as minor software bugs. Even the most
functional system or structure has its problems, and successful business often depends on agile response
to the problems that do come up; avoiding problems altogether is a pipe dream. Minor GPL violations
can and do happen even with well-informed redistributors. However, resolution is reached quickly when
the company — and in particular, the lawyers, managers, and engineers working on the Free Software
product lines — have adapted to Free Software culture that the lower-level engineer already understood
3.
Legally, distribution must stop when a violation is identified. In our opinion, Bracken went
above and beyond the call of duty by ceasing distribution while the violation was being resolved. Under
GPL §4, the redistributor loses the right to distribute the software, and thus they are in ongoing
violation of copyright law if they distribute before rights are restored. It is FSF’s policy to temporarily
allow distribution while compliance negotiations are ongoing and only in the most extreme cases (where
the other party appears to be negotiating in bad faith) does FSF even threaten an injunction on
copyright grounds. However, Bracken — as a good Free Software citizen — chose to be on the safe
side and do the legally correct thing while the violation case was pending. From start to finish, it took
less than a month to resolve. This lapse in distribution did not, to FSF’s knowledge, impact Bracken’s
business in any way.
4.
EULAs are a common area for GPL problems. Often, EULAs are drafted from boilerplate text
that a company uses for all its products. Even the most diligent attorneys forget or simply do not know
that a product contains software licensed under the GPL and other Free Software licenses. Drafting a
EULA that accounts for such licenses is straightforward; the text quoted above works just fine. The
EULA must be designed so that it does not trump rights and permissions already granted by the GPL.
The EULA must clearly state that if there is a conflict between it and the GPL, with regard to GPL’d
code, the GPL is the overriding license.
5.
Compliance Officers are rarely necessary when companies are educated about GPLcompliance. As we saw in the Bortez case, FSF asks that a formal “GPL Compliance Officer” be
appointed inside a previously violating organization to shepherd the organization to a cooperative
approach to GPL compliance. However, when FSF sees that an organization already has such an
approach, there is no need to request that such an officer be appointed.
1Slashdot is a popular news and discussion site for technical readers.
