Distributing a proprietary application together with GPL software [closed]

Question

Closed. This question needs to be more focused. It is not currently accepting answers.

---

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 7 years ago.

Improve this question

First, there are many similar questions here, but I found none with direct answers about this specific scenario. If you find a duplicate, please be kind enough to link to the specific answer(s). Also, to avoid question being too broad, consider this specific scenario only.

Assume a proprietary Linux application, which links against LGPL libraries dynamically, and does not link against GPL libraries. It also executes GPL'ed binaries from the file system through standard OS APIs though, to perform some actions.

Then assume a customized mainstream Linux distribution, with visible trademarked logos etc removed.

Then assume a self-contained product, which includes hardware, let's say Raspberry Pi with a bootable SD card with this customized OS. Then it has the proprietary software, which ultimately needs to start when device is switched on.

How to distribute this combination legally?

More specifically, I see (at least) three separate concerns:

1. In general, how to distribute just the customized Linux distro legally? For example, are there tools, or which distros have tools, to download all used default source packages, ready to be included with distribution or archived locally?

   I think it's sometimes thought, that if you distribute a derivative of a mainstream Linux distro, you do not need to distribute the sources of default packages yourself, or that you can just point to the distro source repositories if someone asks for them, but I'm not sure if this is legally valid way to fulfill GPL obligations.

2. How to legally include the proprietary software with the distribution? For example, is it ok to have the proprietary software already installed in the above mentioned SD? Is it ok to have it uninstalled on the same media, and prompt user for it's installation on first boot? Is it required to have it on separate media or downloaded from the net, and installed from that? What are the limits of "certainly OK" and "certainly not OK", is there any consensus or even legal precedent?

3. Is executing GPL programs with hard-coded command strings from a proprietary application OK? My understanding is, this is OK and does not create a derived work. But if this is an issue, would working around it be as simple as creating an LGPL-licensed wrapper? Or just having the commands in modifiable configuration file (a good idea anyway, regardless of licensing issues)?

Note: Except for the techincal aspects of first bullet point, I understand that answers here are not any kind of legal counsel, but answers need to be backed up somehow, this site is not for opinion polls.

Answer 1

So, after some research, here's my own answer. NOT LEGAL ADVICE, and even as layman advice, I am not an expert in the subject.

1. If you are creating a product to be sold, it's best to play it safe. Downloading all source packages for all installed packages is so simple, and with current storage capacities it takes so little space, that there is just no reason to not do it. A shell script like this should do it, example commands for Debian-based distros, script untested:

   # use dpkg to get list of current packages,
   # then download source package for each using apt-get
   for pkg in $(dpkg --get-selections) ; do
       apt-get source --download-only $pkg
   done
   

   This should probably be done for each physically distributed release, to have correct versions of sources. It's not much effort after it's set up once, and a negligible expense, so why settle for less... For rolling online releases, a different approach might be appropriate, such as having a proper package repository including source packages.

2. and 3. are covered by these entries in FSF GPL FAQ:

   • What is the difference between an “aggregate” and other kinds of “modified versions”?
   • I'd like to incorporate GPL-covered software in my proprietary system. Can I do this?
   • What is tivoization? How does GPLv3 prevent it? (Because every modern distro has GPLv3 and LGPLv3 software in it.)

   Basically, as far as I understand these, as long as you make it clear there is a GPL/LGPL part in your product, do not try to prevent user from modifying the GPL part ("tivoization"), and only access GPL programs through the interfaces normally used between programs, such as execution parameters and pipes, you're fine.

   Additionally, I think these FAQ entries might have some weight in a courtroom in most jurisdictions, if it comes to that, as they are written by authors of GPL, and explain intent of the license text, in case the court case boils down to disagreement on interpretation of GPL and LGPL.

Repeat disclaimer: I am not a lawyer, or even a layman expert in the subject.

Answer 2

1. If I read GPL correctly, it is only permitted for internet downloads and provided you just took the binary as it was. Otherwise you should have a copy of the source somewhere. All distributions have archives of sources, but it includes all versions. You need to pick the versions corresponding to versions you distribute. Also you probably won't be distributing all packages, the distributions are huge these days.

2. It is all OK. E.g. Android devices come with GPL Linux and proprietarty applications preinstalled and nobody has any problem with it. They just have to be separate programs.

3. It is OK. They are still separate programs. For things that are not OK, LGPL wrapper won't help you, because it is only permitted as far as code under any other license is.