Open Source Question - Joseph Irvine

Posted on 2011-10-10
Last Modified: 2013-11-13

I donwloaded a major SDK that is open source for a project I am working on for embedded hardware. There are 100,000+ source files comprising these packages. It is all GPL.

I write software that includes code protected under patent. It is extraordinarily proprietary and its revealing could jeopardize our business. Some of this code, for example, deals with encryption and other technologies we can't afford to have broken.

I recognize the simplest option is to use no open-source code. However, much of the 100,000+ files are critical, and that is a lot of work to redo.

I am trying to get someone to better explain the GPL ramifications. I understand there are some issues with what constitutes derivative works. We will be making modifications and improvements to the existing GPL code which we are happy to share.

For the core "secret sauce" code, however, we would put it in separate source code files in isolation outside the purview of GPL. If we compile these as libraries or modules and simply include calls in the GPL to the libraries, would that work? I believe we would still want to refrain sharing the libraries, even though the source would no longer be available, we don't want a competitor to integrate them into a competing product.

I would appreciate any guidance on what is and isn't permissible, and how I can combine private code with GPL code while maintaining privacy on important code we have. We are happy to contribute general code to the GPL and redistribute it.

Thank you,
Joseph Irvine
Question by:jkeagle13
    LVL 13

    Expert Comment

    by:Hugh McCurdy
    I suggest you consult with a lawyer that specializes in patent law.  Ideally, a lawyer that has his/her undergraduate degree in Computer Science, Computer Engineering or similar.
    LVL 37

    Expert Comment

    It is explained well by an attorney here:

    While he does say at the end that you should probably consult with an attorney for a specific case, in general the rule is this:
    If you have two pieces of code that are dynamically linked, they are separate. One is under GPL, the other under whatever it is under (proprietary, LGPL, anything). The linked code is not 'derived from the program' and is therefore not under the GPL.

    Any modifications you make to the GPL code to enable the dynamic linking would be under the GPL and would be open source. So you need to set up your code in such a way that your "secret sauce" code is not built on top of GPL code but merely interfaces with it by dynamic linking.
    LVL 37

    Expert Comment

    Also, some SDKs are published under both the GPL and the LGPL libraries. If you can get LGPL versions of all your GPL code, then it will be even simpler since the LGPL gives you freedom to basically do whatever you want with applications built from the code.
    LVL 37

    Expert Comment

    Here's another article by a lawyer:

    Apparently (as far as I can tell) there hasn't been a court case to set a precedent, but if the GPL code and the proprietary code build separate executables or dlls and no compiled, built file contains code from both licenses, you will most likely be covered.
    LVL 8

    Accepted Solution

    Consult the Software Freedom Law Center:  
    (I also do consulting in this area, although I am not a lawyer.)

    More details are needed to offer a better opinion.  If you make changes to GPL source, you need to make arrangements to distribute those changes to anyone who receives the binaries.  If your changes to the GPL source make it require your proprietary code, then you must release this proprietary code under a compatible license.

    TommyS's comment about libraries is, unfortunately, a misunderstanding of GPL and a mis-reading of his Siteppoint reference. The same misunderstanding is also represented in the Novell reference.  (Incidentally, both references pre-date GPL v3, which clarifies the meaning of derived work.)  

    Creating a library and using dynamic linking does not, in itself, separate GPL and proprietary software.  In general, linking (whether static or dynamic) a LGPL (not GPL) library with proprietary software does not affect the status of the proprietary software.  (This is example given in the references.)  In general, the converse is not true.  If the program requires the library to execute, the library is an integral part of the derivative work, whether it is statically or dynamically linked.

    Using an SDK, licensed under GPL, to develop a proprietary program is not likely to have any influence on the status of the proprietary code.  Making changes to the SDK, as you describe, which call proprietary code does sound like it creates a derived work, which will affect the licensing status.  

    One comment about finding a lawyer:  Although you may find one who is conversant in IP law (and in particular, copyright, not patent law), most are not conversant with Open Source licenses.  Even when they are familiar with the GPL, they tend to be cautious and offer advice on how to protect proprietary code which is often cumbersome or unnecessary.  A lawyer's role is to protect the client from liability, no matter now remote, not to deliver a product to customers.  

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    This article is meant to give a basic understanding of how to use R Sweave as a way to merge LaTeX and R code seamlessly into one presentable document.
    Displaying an arrayList in a listView using the default adapter is rarely the best solution. To get full control of your display data, and to be able to refresh it after editing, requires the use of a custom adapter.
    Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now