Written by 
Why oh why do people jump to conclusions without properly investigating things? I haven’t ranted in a while because, well, there’s really nothing to rant about as of late. However, this morning, I read this news article on violation of the GPL by a site called Cipherfunk.org. If you take a look at the article, it goes on to explain that Cipherfunk was offering patches to various bug reports in Ubuntu because Ubuntu hadn’t fixed the bugs (bugs listed: #36596, #38802…possible fixes for: #16873, #38181, #47775) quick enough for the likes of Cipherfunk. Interestingly enough, this is the beauty of Open Source right? If you don’t like how something works, you have the right to get the source code and fix it yourself! In this case, that is just what Cipherfunk.org did. So what’s the big stink about? Source Code and $$$.
The problem is that two Ubuntu contributors asked for Cipherfunk.org to comply with the GPL by removing cost associated with distribution of source code. This is harmless in itself and applauded by many in the community. However, it’s not the why they did it that is wrong…it’s the HOW they did it. How they did it is by first informing the Cipherfunk.org that it was wrong to charge $$ for the source, and second by touting various sections of the GPL where they believed Cipherfunk was in violation. Why is this wrong? Let’s examine things a bit.
The big stink everyone brought up is not that Cipherfunk WASN’T distributing the source code…but that Cipherfunk WAS CHARGING for the source code which they believed was in violation. However, having seen this same case (where Warren Woodford and MEPIS distribute their sourced code for a cost) I know for a fact that the GPL allows one to do this. But let’s take a look at the GPL shall we?
Does the GPL allow me to charge a fee for downloading the program from my site?- Yes. You can charge any fee you wish for distributing a copy of the program. If you distribute binaries by download, you must provide equivalent access to download the source–therefore, the fee to download source may not be greater than the fee to download the binary.
We can see here that if you provide the program at a charge, you can’t charge more for the source and that you may also charge a fee to download if the fee is not greater than the cost of downloading the binary. So, what did Cipherfunk do that got people up in arms? They required a donation before downloading the source. From Cipherfunk.org:
Well, the GNU General Public Licence states — as part of Section 3) of the licence that I must provide source code on request for no more than the cost of physically performing the distribution.Given that the host this box is on actually costs me $110.95AUD every thirty (30) days to run, $9.90, as nice as that is — still will cost me over $100 AUD to distribute the code at all.
Now, I consider (in this technologically advanced day and age) that ‘the internet’ is an acceptable way of distributing software for public use, so effectively, my request to get people to help me pay for hosting — seemed quite rational to me, but apparently, some people don’t share my view — and I wouldn’t want to put anyone out.
I consider the whole thing a disappointment. I don’t like threats, but I am especially concerned at the number of people who grabbed the code, without even saying thankyou for my efforts.
It wasn’t as if i’d asked anyone to cure cancer, find me a job, or pay off my debts — what I did say was effectively “help me pay for hosting this for you or help me advertise my other website (in a rather cut-throat market), thanks. and, as i’m obligated to — you’ll get the sources, binaries and even some support from me, until Canonical can upstream these fixes.
So what actually happened? Was there a GPL violation? Not at all. Requiring a donation that is less than the cost of bandwidth to provide the source is allowed IAW the GPL. So the finger pointing…what did it accomplish? Other than making those who point the fingers look like idiots, not much. I guess it could have caused a rift in the Linux community as well…though effects like this are often hard to calculate.
What could have happened in this case? The contributors COULD have tried to get these patches integrated into the source tree at Ubuntu OR they could have taken the time to find out why the source code wasn’t being distributed for free by simply asking. Instead, the send robotic ‘you-are-wrong’ emails like this.
Hi, I've noticed that you're providing kernel binaries at http://64.71.152.24/dapper-binaries/ . As I'm sure you're aware, the kernel is released under the terms of the GNU General Public License v2. Under section (3) of the license, when distributing derivitives of this code you are obliged to either a) accompany it with the source code, or b) provide a written offer to provide the source code on request for no more than the cost of physically performing the distribution Currently you are doing neither of these, and as a result are breaching the license of the code. As one of the copyright holders of the code, I would request that you conform to your obligations under the license. This is not required for the X driver, as it is not released under the GPL. Thanks, -- Matthew Garrett | mxxx9@sxxf.uxxm.org
What does this email tell us? First, it tells us that the person writing it believes they are immediatley correct. It assumes that the person being written to is completely wrong. It also offers no assistance to correct said issue, instead opting for a “fix these two things immediately” tone.
Instead, accusations flew and the Linux for Human Beings can now be seen as Linux for Slapping Human Beings that help fix its problems in the face. That’s right, 5 bugs could have been squashed in one swoop yet instead of approaching this in a manner of one developer/contributor to another (i.e. “hey, I see you’ve developed a patch for this problem…can I see how you did this by looking at your source code? Oh, you’re having problems distributing your source code due to bandwidth and are charging for it? Ok, let me see if I can find any help for you or possibly get a mirror”) they approached the situation as a superior approaches a subordinate. To me, this is silly. This guy at Cipherfunk was helping, not hindering. What should have happened was to help him distribute the code by providing mirrors, more bandwidth, etc. Instead, they’ve distanced themselves from an obviously talented person and left a bitter taste in his mouth.
What can we learn from this? We can learn patience instead of immediate accusation and finger pointing. We can learn that swatting at hands that help you is something you might not want to do. We can learn that a little bit of research can go a long way. And we can learn what not to do in a Linux community by trying to stay away from the mob mentality that developed in the Ubuntu and Linux community around Cipherfunks’ patch release and subsequent news posting.
Sometimes, I’m embarrassed of my fellow Linux users/devs/contributors. I sure hope Paul Drain, aka Cipherfunk.org’s webmaster, doesn’t stop contributing to Ubuntu. A little investigation and understanding can go a long way. I hope Ubuntu patches this fiasco up quickly and those two contributors who wrongly pointed fingers apologize for being ignorant so we can get back to the way things were.
This content is published under the Attribution-Noncommercial-Share Alike 3.0 Unported license.
