Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2009/12/10/microsoft-gpl-enforcement.html

I’d like to
congratulate Rafael
Rivera on his successful GPL compliance work regarding the Microsoft
WUDT software, which is apparently used to make ISOs from stuff you
downloaded from Microsoft software.

I’m of course against the idea of using Microsoft Windows, and why
you’d ever want to make an ISO out of some Microsoft Windows stuff is
beyond my comprehension. However, Rafael identified that the WUDT was
based on some GPL’d software, and as such he was quite correct in
demanding that Microsoft comply with the terms of the GPL (as it has
done before, for example, with
its Windows
Services for Unix). Rafael was first to discover and point out this
violation. More importantly, he also did what we in the GPL enforcement
world call the “compliance engineering work”, which includes
confirming the violation exists by technical measures, and checking that
the complete and corresponding source code actually builds and
installs the binary as expected.

That importance of that latter part of the work is unfortunately not
often identified. GPL is designed to hook up the legal requirements of
a copyright license with certain technical requirements needed to allow
downstream users to modify and improve the software. This is the true
innovation of the GPL: to make copyright law into a tool that gives
users the actual means to improve and redistribute modified versions of
software.

When we check to see if someone is in compliance, it’s not merely about
seeing if they dumped a big pile of source onto the world. We also have
to check carefully that the source builds and that the process produces
a working binary that can be installed by the user. That’s why GPLv2
requires scripts to control compilation and installation of the
executable and what GPLv3 clarifies that requirement even further
into the formally defined Installation Information.

Thanks again to Rafael for doing this work. While everyone knows how
often I fault Microsoft, I have to say they did a timely job in this
particular case. A little under a month is actually the best one can
hope for from initial identification to a violator about a problem to
having in our hands complete and corresponding source code (or
“C&CS”, as we GPL enforcement geeks call it).
Microsoft should have known better than to screw this up after years of
working with the GPL, but everyone makes mistakes, and the real measure
of a company is how quickly they redress a mistake.

Now if we could just get Microsoft to stop the more harmful mistake of
attacking FLOSS with patents, but that’s a tougher problem to
solve…