The GPL explicitly grants anyone the right to share, distribute, and even modify the source code. So yes, that is exactly what it means. They cannot claim they wrote it, but they can absolutely both share and distribute the source code, and are in fact required to if they do make modifications to it. It’s literally the main thing the license is even about.
Small sidenote: distribution of modified source code of GPLv2/v3 covered projects is only mandatory to those who have access to a binary version of the modified sources.
e.g. if you take a GPLv2 covered project that is a simple HTTP server, and you give the binary nobody, then you’re not required to share the source (if the HTTP server is AGPL covered then you need to provide it to anyone who can access the HTTP service and requests the source).
This is an important distinction, as you can’t demand the source of a GPL project from someone who cloned it and made modifications to their own use without distributing a binary of those changes. If I fork Orca and make some changes, and showcase those as screenshots, you have absolutely no right to demand the source for it. If I were to send you a binary of Orca with my changes, then you’d have the right.
I mean this distinction is obviously not applicable here but I wanted to make sure the GPL summary is fully correct. Which is the best kind of correct.
maybe my thinking is off then, but in my mind it’s mainly for first and second parties? as in, orca and bambu both have to share the source when sharing the binary, not necessarily immediately but on request. anything built on top of gpl code can be closed unless it’s agpl. as a third party to all this, can rossman share the code bambu has made on top of orca?
AGPL can be closed too, the license bases the right to the source based on the access to the end product:
GPLv2/v3 - if you have the binary executable output of the GPLv2/3 covered source, you must be granted access to the exact source used to make the binary. This applies to legitimately sourced binaries only - if you were to hack into a company’s servers and get a binary of a modified GPL product, this wouldn’t apply. But extracting a binary from a device you own IS a legitimate access (so e.g. if your phone uses U-boot, the manufacturer must grant you access to their modified U-Boot sources used to build the bootloader)
AGPL - if you have (legitimate) access to a service you can request the source. This is so e.g. web services can be made into GPLed code where modifications must be released (negating the requirement of possession of a binary, since you can’t possess a binary that runs on a remote server). e.g. let’s say I run GTK app via browser using kasmVNC - if the app is GPL, I don’t have to provide the source, if it’s AGPL, I have to provide the source.
I’ve managed to force multiple Chinese companies to release sources that were adamant they don’t have to, just by threatening to report them to the FSF and SFC - both bodies have been wildly successful in prosecuting licence breaches.
Also both the EU and the US have now precedents and laws in place that allow fast-tracking obvious licence violators’ blocking from the market. For a small Chinese company whose main target market is the west, it’s a major blow if their sales and export are blocked because they won’t release the source.
So they try to play hardball, but it’s like modern lifts - the moment you press the right buttons suddenly they do exactly what you want them to.
Your thinking is off, the GPL and derived licenses like the AGPL are viral on purpose. They apply to everybody who uses, downloads, or accesses the software (in the case of the AGPL) and they are explicit about this:
Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License.
what i’m reading from that is that both parties must agree that the work has been conveyed. with the risk of going all sovcit, if the conveyed item is a binary, and the producer does not send the source code to the consumer as instructed by the license, can the consumer really pull the source and distribute it? surely if the license is broken the work falls back on default permissions, e.g. all rights reserved?
The GPL explicitly grants anyone the right to share, distribute, and even modify the source code. So yes, that is exactly what it means. They cannot claim they wrote it, but they can absolutely both share and distribute the source code, and are in fact required to if they do make modifications to it. It’s literally the main thing the license is even about.
Small sidenote: distribution of modified source code of GPLv2/v3 covered projects is only mandatory to those who have access to a binary version of the modified sources.
e.g. if you take a GPLv2 covered project that is a simple HTTP server, and you give the binary nobody, then you’re not required to share the source (if the HTTP server is AGPL covered then you need to provide it to anyone who can access the HTTP service and requests the source).
This is an important distinction, as you can’t demand the source of a GPL project from someone who cloned it and made modifications to their own use without distributing a binary of those changes. If I fork Orca and make some changes, and showcase those as screenshots, you have absolutely no right to demand the source for it. If I were to send you a binary of Orca with my changes, then you’d have the right.
I mean this distinction is obviously not applicable here but I wanted to make sure the GPL summary is fully correct. Which is the best kind of correct.
maybe my thinking is off then, but in my mind it’s mainly for first and second parties? as in, orca and bambu both have to share the source when sharing the binary, not necessarily immediately but on request. anything built on top of gpl code can be closed unless it’s agpl. as a third party to all this, can rossman share the code bambu has made on top of orca?
AGPL can be closed too, the license bases the right to the source based on the access to the end product:
GPLv2/v3 - if you have the binary executable output of the GPLv2/3 covered source, you must be granted access to the exact source used to make the binary. This applies to legitimately sourced binaries only - if you were to hack into a company’s servers and get a binary of a modified GPL product, this wouldn’t apply. But extracting a binary from a device you own IS a legitimate access (so e.g. if your phone uses U-boot, the manufacturer must grant you access to their modified U-Boot sources used to build the bootloader)
AGPL - if you have (legitimate) access to a service you can request the source. This is so e.g. web services can be made into GPLed code where modifications must be released (negating the requirement of possession of a binary, since you can’t possess a binary that runs on a remote server). e.g. let’s say I run GTK app via browser using kasmVNC - if the app is GPL, I don’t have to provide the source, if it’s AGPL, I have to provide the source.
are you sure about that first one? yes they have to give you the source, but what happens if they don’t? i’ve genuinely not thought about that before.
That’s where legal actions come into place.
I’ve managed to force multiple Chinese companies to release sources that were adamant they don’t have to, just by threatening to report them to the FSF and SFC - both bodies have been wildly successful in prosecuting licence breaches.
Also both the EU and the US have now precedents and laws in place that allow fast-tracking obvious licence violators’ blocking from the market. For a small Chinese company whose main target market is the west, it’s a major blow if their sales and export are blocked because they won’t release the source.
So they try to play hardball, but it’s like modern lifts - the moment you press the right buttons suddenly they do exactly what you want them to.
Your thinking is off, the GPL and derived licenses like the AGPL are viral on purpose. They apply to everybody who uses, downloads, or accesses the software (in the case of the AGPL) and they are explicit about this:
what i’m reading from that is that both parties must agree that the work has been conveyed. with the risk of going all sovcit, if the conveyed item is a binary, and the producer does not send the source code to the consumer as instructed by the license, can the consumer really pull the source and distribute it? surely if the license is broken the work falls back on default permissions, e.g. all rights reserved?