thufir, hooray! there is something which i can agree with you on. read on...
On Fri, Mar 6, 2015 at 11:43 PM, thufir <[email protected]> wrote: > On 2015-03-06 03:30 PM, thufir wrote: >> >> "For example, my capable colleague Helene Tamer constantly insisted, that >> Deutsche Telekom AG could not give up her restrictions to use LGPL >> libraries until >> I had offered a reliable proof that the LGPL does not require reverse >> engineering." > > > Admittedly, I have no idea how to parse that sentence and lost interest at > that point. First off, it doesn't matter what LGPL has to say about, > because, at least in the U.S.A., reverse engineering is legal: > > 'Sec. 103(f) of the DMCA > <http://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act> (17 U.S.C. ยง > 1201 (f) > <http://www4.law.cornell.edu/uscode/html/uscode17/usc_sec_17_00001201----000-.html>) > says that a person who is in legal possession of a program, is permitted to > reverse-engineer and circumvent its protection if this is necessary in order > to achieve "interoperability"' -wikipedia likewise in the E.U. member states - where each country is required to enact laws that comply with the Directives issued - it is similarly recognised in the Directive on Copyright Law. this may be more relevant to you karsten as you are in danger of misadvising your colleagues at Deutsche Telecom, which is required to obey Germal Law. i therefore strongly STRONGLY advise you to take legal advice. > So, even if the LGPL prevents, or allows, reverse engineering, it doesn't > matter, because reverse engineering is legal. this is my understanding as well. and it is also the case from the latest EU Copyright Directive. the license is completely irrelevant. the thing is: it doesn't matter if one part of a license's statements permit or do not permit you to do one thing or another: if there is a Law in a particular country which says "this is legal or this is illegal", what the license states is COMPLETELY irrelevant. [side-note: this is why there are always those stupid-sounding clauses in software licenses which say "anything which makes this clause irrelevant doesn't mean that the entire license may be disregarded" because otherwise a lawyer would be able to go "ah ha! you got the law wrong! therefore my client can do whatever they like! har har"] > No license can make reverse > engineering illegal. ... in the countries where there are laws that permit reverse-engineering for interoperability purposes: correct. "So, I thankfully can now o er a thoroughly elaborated proof for the assertion that there - in general - is a way to distribute open source software compliantly without permitting reverse engineering," no, karsten, you may not provide any elaborated proof, nor may you provide any such assertion. ok, let me clarify: you may *of course* do so, but... how do i be subtle about this... if you do so, you are in danger of misadvising the people who may be taking your advice authoritatively when they should instead be consulting proper legal advice on Copyright Law within the legal jurisdiction in which they operate. there is a *very very good reason* why any Corporation should do that, and it's this: when a Corporation takes legal advice, then as long as they follow that advice to the letter, they are then indemnified through insurance of the legal firm should the legal advice they are given turn out to be completely wrong. if that company has *not* taken legal advice, and their actions turn out to be wrong, they may be sued *without* recourse to indemnity insurance. so - please karsten: GET LEGAL ADVICE. and, when consulting that legal advice, please present them with the following statements for evaluation: karsten has unfortunately made incorrect assertions that are in danger of being at odds with the EU Copyright Directive which permits reverse-engineering. in the case where software is distributed in accordance with the LGPL, the source code is required to be released, and, as such, she is correct in that reverse-engineering would be illegal because it would, if the license was properly complied with, *not even be necessary* on that specific software component. this is assuming that the distributor of the software is actually compliant with the LGPL license, because if they do not comply with the license (including releasing all source code of the LGPL licensed software) then that is a different matter. to reiterate: software that is released in full compliance with the LGPL should have its source code made fully publicly available, thus making reverse-engineering of that SPECIFIC SOFTWARE AND THAT SPECIFIC SOFTWARE ONLY, not only unnecessary (i.e. entirely moot) but also, interestingly - and this is entirely a side-note - illegal to even attempt [in the USA and the E.U. member states at least] HOWEVER, karsten, compliance with the LGPL is very very specific. you MUST ensure that the ENTIRE TOOLCHAIN is made available, to the extent where the PRECISE and EXACT binary may be reproduced without fail without exception down to the absolute without fail absolute guaranteed 100% absolute last binary digit. [in carrying out LGPL and GPL compliance checks, many developers will use the exact same tools as made available then carry out a "binary diff". if anything other than the date of compilation (which is inserted into the binary by the compiler) is different, then the company is NOT in compliance with the software license, usually because they have provided different versions of the tools by mistake. i.e. if you have not provided the exact and same tools, you are NOT in compliance with the LGPL/GPL]. so, coming back to that side-note: the ONLY reason why (under both the USA law and the EU Copyright Directives) it would be illegal to attempt to reverse-engineer properly-compliant LGPL software is precisely and exclusively *because* it is a requirement of the LGPL to make all source and tools available, such that the entire binary may be recreated exactly and precisely from its original source code. that this is so DOES NOT extend that illegality or "unnecessariness" to: * any software that *uses* that LGPL component or any other LGPL components involved in the software * any software that is LGPL licensed which is released incorrectly or not properly in accordance with the intended software license. so in short: in the case where software is released under the LGPL, the full source and tools shall be made available thus making reverse-engineering completely moot (unnecessary), and in the case where there exists proprietary code - even code which uses LGPL-licensed dynamic libraries - the proprietary code has absolutely nothing to do with the LGPL so is specifically "back to square one", and may *legally* be a target of reverse-engineering efforts as part of any interoperability efforts on the part of any individual within the jurisdiction of either the USA or any E.U. member state or any other country in which reverse-engineering is permitted. so karsten, i apologise for not reading the full text of what you wrote, but i don't have to: just by looking at the conclusion that you wrote, i can see that what you wrote is at best irrelevant, but in the worst-case scenario you are in danger of misleading people within Deutsche Telekom, who should be taking legal advice rather than believing at face-value the conclusions that you draw. PLEASE GET PROPER LEGAL ADVICE. it is *really* important, in a corporate context, for the reasons outlined above as related to indemnification. l. _______________________________________________ License-discuss mailing list [email protected] http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
