FSFE and GPL-Violations.org on Reporting (and Avoiding) Licensing Issues

by Ostatic Staff - Dec. 09, 2008

The FSF Europe's Freedom Task Force and GPL-Violations.org have jointly prepared a few guidelines on how to best report (and avoid) license violations. Some of the advice is common sense (suspected violations are best handled in private, reported only to the involved parties, and organizations such as GPL-Violations and the appropriate branch of the Free Software Foundation), but reminders are always useful, especially in the heat of the moment.

The guide illustrates that reporting a possible license violation should be as specific as filing a bug report. Forwarded email threads, if necessary, should only include pertinent information. Links to the project, the parts of the code involved, as well as the license by which the code is protected should be included. The guide also advises that reports detail how those filing the complaint interpret the license as having been violated.

The approach here is twofold, and the guide is also clear on how to respond if you've been informed of a possible code violation. The main points are that it's important to take the suspected violation seriously, but that reported violations can come from a variety of sources with varying (and not necessarily correct) interpretations of the licenses used. Even if two out of three reports aren't violations, they all need to be examined to sufficiently determine this.

The guide doesn't claim to be legal advice, and suggestions given won't necessarily apply to every licensing situation that will arise. It is a solid starting point for those creating new and modifying existing code to reasonably approach potential issues and, hopefully, avoid them altogether.

This guide should help ease some fears about open source adoption -- and code modification and redistribution. Handling GPL license violations has historically been a civil affair, with a majority of those violating the licenses simply fixing the error (it's only repeated, willful violations that prompt legal action). GPL-Violations.org has a fairly comprehensive FAQ for vendors, and answers questions about source code release requirements.