Chapter 23
Bracken: a Minor Violation in a GNU/Linux Distribution

In this case study, we consider a minor violation made by a company whose knowledge of the Free Software community and its functions is deep.

23.1 The Facts

Bracken produces a GNU/Linux operating system product that is sold primarily to OEM vendors to be placed in appliance devices used for a single purpose, such as an Internet-browsing-only device. The product is almost 100% Free Software, mostly licensed under the GPL and related Free Software licenses.

FSF found out about this violation through a report first posted on a Slashdot1 comment, and then it was brought to our attention again by another Free Software copyright holder who had discovered the same violation.

Bracken’s GNU/Linux product is delivered directly from their Web site. This allowed FSF engineers to directly download and confirm the violation quickly. Two primary problems were discovered with the online distribution:

FSF contacted Bracken and gave them the details of the violation. Bracken immediately ceased distribution of the product temporarily and set forth a plan to bring themselves back into compliance. This plan included the following steps:

This case was completed in about a month. FSF approved the new EULA text. The key portion in the EULA relating to the GPL read as follows:

Many of the Software Programs included in Bracken Software are distributed under the terms of agreements with Third Parties (“Third Party Agreements”) which may expand or limit the Licensee’s rights to use certain Software Programs as set forth in [this EULA]. Certain Software Programs may be licensed (or sublicensed) to Licensee under the GNU General Public License and other similar license agreements listed in part in this section which, among other rights, permit the Licensee to copy, modify and redistribute certain Software Programs, or portions thereof, and have access to the source code of certain Software Programs, or portions thereof. In addition, certain Software Programs, or portions thereof, may be licensed (or sublicensed) to Licensee under terms stricter than those set forth in [this EULA]. The Licensee must review the electronic documentation that accompanies certain Software Programs, or portions thereof, for the applicable Third Party Agreements. To the extent any Third Party Agreements require that Bracken provide rights to use, copy or modify a Software Program that are broader than the rights granted to the Licensee in [this EULA], then such rights shall take precedence over the rights and restrictions granted in this Agreement solely for such Software Programs.

FSF restored Bracken’s distribution rights shortly after the work was completed as described.

23.2 Lessons Learned

This case was probably the most quickly and easily resolved of all GPL violations in the history of FSF’s Compliance Lab. The ease with which the problem was resolved shows a number of cultural factors that play a role in GPL compliance.

Companies that understand Free Software culture better have an easier time with compliance. Bracken’s products were designed and built around the GNU/Linux system and Free Software components. Their engineers were deeply familiar with the Free Software ecosystem, and their lawyers had seen and reviewed the GPL before. The violation was completely an honest mistake. Since the culture inside the company had already adapted to the cooperative style of resolution in the Free Software world, there was very little work for either party to bring the product into compliance.
When people in key positions understand the Free Software nature of their software products, compliance concerns are as mundane as minor software bugs. Even the most functional system or structure has its problems, and successful business often depends on agile response to the problems that do come up; avoiding problems altogether is a pipe dream. Minor GPL violations can and do happen even with well-informed redistributors. However, resolution is reached quickly when the company — and in particular, the lawyers, managers, and engineers working on the Free Software product lines — have adapted to Free Software culture that the lower-level engineer already understood
Legally, distribution must stop when a violation is identified. In our opinion, Bracken went above and beyond the call of duty by ceasing distribution while the violation was being resolved. Under GPL 4, the redistributor loses the right to distribute the software, and thus they are in ongoing violation of copyright law if they distribute before rights are restored. It is FSF’s policy to temporarily allow distribution while compliance negotiations are ongoing and only in the most extreme cases (where the other party appears to be negotiating in bad faith) does FSF even threaten an injunction on copyright grounds. However, Bracken — as a good Free Software citizen — chose to be on the safe side and do the legally correct thing while the violation case was pending. From start to finish, it took less than a month to resolve. This lapse in distribution did not, to FSF’s knowledge, impact Bracken’s business in any way.
EULAs are a common area for GPL problems. Often, EULAs are drafted from boilerplate text that a company uses for all its products. Even the most diligent attorneys forget or simply do not know that a product contains software licensed under the GPL and other Free Software licenses. Drafting a EULA that accounts for such licenses is straightforward; the text quoted above works just fine. The EULA must be designed so that it does not trump rights and permissions already granted by the GPL. The EULA must clearly state that if there is a conflict between it and the GPL, with regard to GPL’d code, the GPL is the overriding license.
Compliance Officers are rarely necessary when companies are educated about GPL compliance. As we saw in the Bortez case, FSF asks that a formal “GPL Compliance Officer” be appointed inside a previously violating organization to shepherd the organization to a cooperative approach to GPL compliance. However, when FSF sees that an organization already has such an approach, there is no need to request that such an officer be appointed.

1Slashdot is a popular news and discussion site for technical readers.