Subject: Re: Misstänkt FOSS i bankappen Swish?

Re: Misstänkt FOSS i bankappen Swish?

From: Jeremiah C. Foster <jeremiah_at_jeremiahfoster.com>
Date: Mon, 3 Nov 2014 21:37:12 +0100

On Wed, Oct 29, 2014 at 07:50:13PM +0100, Johan wrote:
> För den intresserade så finns det en intressant blogpost om bankappen Swish
> och ett eventuellt fynd av GPL-kod i den som ingen vill kännas vid. Koden
> är "Moxie Marlinspike's1 AndroidPinning to be precise, licensed under the
> GPLv3"
>
> http://blog.nullbyte.eu/open-curtains-in-swish-payments-service/

Great blog post.
 
> Läs gärna i kommentarerna där personen som har skrivit kodbiblioteket
> uttalar sig på Twitter att han inte känner till det.
>
> En fråga till er som är erfarna inom FOSS hur gör man i ett sådant här
> fall?

I think you do what the original blog post author did, contact those
who distribute the software and/or contact the author.

> Dvs när man tror att någon använder FOSS utan att följa licensvillkoren?

There are a number of organizations that you can turn to. In this
thread someone mentioned gplviolations.org. That is a good
organization. Their lawyer, Till Jaeger, has never lost a case on the
GPL in Germany. There are other organizations however, like the Free
Software Foundation, Software Freedom Law Center, and the Free
Software Foundation Europe. FSFE would likely be a very good place to
start because there are a lot of reasonable and knowledgeable people
there.

> Vad krävs för att bevisa att man använder viss kod, räcker det med en
> disassemblering eller måste utgivaren erkänna att han använder det?

Very often if you can demonstrate, through disassembly or decomposing
ELF headers or other binary tricks, that the binary in question
contains GPL strings and/or code, then often you can reach an
agreement. The FSF has dozens of ongoing cases of this type and often
they're settled behind closed doors. The distrbutor of the code
(utgivaren) is rarely the software developer. In most cases it is the
device manufacturer who's added some code without doing due diligence
on the code base they've received from a supplier.

Whether the distributor admits or not, they're responsible for all the
licenses of all the code they ship on their device.

Cheers,

Jeremiah

>
> /Johan

> _______________________________________________
> http://www.foss-sthlm.se/
> http://cool.haxx.se/cgi-bin/mailman/listinfo/foss-sthlm

_______________________________________________
http://www.foss-sthlm.se/
http://cool.haxx.se/cgi-bin/mailman/listinfo/foss-sthlm
Received on 2014-11-03