Thanks for Rafael Rivera, an Excellent GPL Compliance Engineer

Created
Thu, 10/12/2009 - 21:00
Updated
Thu, 10/12/2009 - 21:00

I'd like to congratulate Rafael Rivera on his successful GPL compliance work regarding the Microsoft WUDT software, which is apparently used to make ISOs from stuff you downloaded from Microsoft software.

I'm of course against the idea of using Microsoft Windows, and why you'd ever want to make an ISO out of some Microsoft Windows stuff is beyond my comprehension. However, Rafael identified that the WUDT was based on some GPL'd software, and as such he was quite correct in demanding that Microsoft comply with the terms of the GPL (as it has done before, for example, with its Windows Services for Unix). Rafael was first to discover and point out this violation. More importantly, he also did what we in the GPL enforcement world call the “compliance engineering work”, which includes confirming the violation exists by technical measures, and checking that the complete and corresponding source code actually builds and installs the binary as expected.

That importance of that latter part of the work is unfortunately not often identified. GPL is designed to hook up the legal requirements of a copyright license with certain technical requirements needed to allow downstream users to modify and improve the software. This is the true innovation of the GPL: to make copyright law into a tool that gives users the actual means to improve and redistribute modified versions of software.

When we check to see if someone is in compliance, it's not merely about seeing if they dumped a big pile of source onto the world. We also have to check carefully that the source builds and that the process produces a working binary that can be installed by the user. That's why GPLv2 requires scripts to control compilation and installation of the executable and what GPLv3 clarifies that requirement even further into the formally defined Installation Information.

Thanks again to Rafael for doing this work. While everyone knows how often I fault Microsoft, I have to say they did a timely job in this particular case. A little under a month is actually the best one can hope for from initial identification to a violator about a problem to having in our hands complete and corresponding source code (or “C&CS”, as we GPL enforcement geeks call it). Microsoft should have known better than to screw this up after years of working with the GPL, but everyone makes mistakes, and the real measure of a company is how quickly they redress a mistake.

Now if we could just get Microsoft to stop the more harmful mistake of attacking FLOSS with patents, but that's a tougher problem to solve…