not possible
You can't discriminate any particular group, it is like free speech, you know some people should really shut up but you better fight for their right to speech.
Open source is being used for both good and evil since the beginning.
A respected security researcher has denied any involvement with Hacking Team after open-source code he wrote was found in smartphone spyware sold by the surveillance-ware maker. Collin Mulliner works in SecLab at Northeastern University in Massachusetts, US, and is a regular at hacking conferences. He told The Register he's …
Downvoted for stating facts? This is El Reg comment section.
The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.
There may be a "non-snooping source license" but it WILL NOT be "open".
Creative Commons has something like this. CC-BY-NC.
You spend a lot of time here, Destroy All Monsters, so you surely know about xkcd, whether you like Randall's artwork or not. He licenses his stuff under it, and his description of it is pretty good, you're free to use it and share it, but not sell it.
Since Hacking Team were selling this guy's product, which they're free to do as long as they follow the terms of the GPL and include the source, he could license it under CC-BY-NC to prevent anyone from selling it. It might dissuade people from wanting to use your software in other projects, but it does prevent someone fucked up from selling your code at least.
During the times of creating the Debian Free Software Guidelines (DFSG) there was a lot of heated discussion around Fields of Endeavour. People were a little uncomfortable with Debian being used on.. certain things. The problem was those "certain things" varied from person to person. For some it could be genetic research, others it was military while there used to be licenses prohibiting software for CB radio (yes this last one actually existed).
In the end, there seemed to be no sensible way of a) working out and agreeing what was universally the "bad thing" and b) having a sensible way of limiting it that could go into a license or the DFSG. Debian now has item #6 as a result.
Could he put in a clause that says that any use of the code for profit making ventures needs to obtain permission from the author, subject to being sued?
No. The GPL does not allow for any additional restrictions to be placed on the use of the software.
This is the reason why GPL software is incompatible with the iOS app store - IIRC Apple limits the number of devices you can install on, etc. (yes, there is some otherwise GPL'd software on iOS, but they are generally using proprietary relicensing - ie. the version for iOS is not GPL'd).
IAAL :-)
A software licence (or any licence), can say whatever the licensor wants it to say (subject only to limited exceptions). So, by all means say, "I grant this licence under GPL [whatever version], but I expressly prohibit its use for any purposes related to surveillance by state or corporate bodies"...
Alternatively, write your own license, describing in plain English what you do, and what you do not, allow and making your demands, e.g. proper credits, non-commercial use, payment of fees etc etc.
IAAL :-)
Oh dear.
So, by all means say, "I grant this licence under GPL [whatever version], but I expressly prohibit its use for any purposes related to surveillance by state or corporate bodies"...
This is explicitly prohibited by the GPL; to do so would mean that the software is not GPL-compatible, meaning that it cannot be legally redistributed as part of a GPL-derived work. IOW, mentioning the GPL in such a work should be considered deliberately misleading.
Vic.
If you release any source code into the wild, how do you enforce usage and payment? How do you know? The answer is "you don't". You're relying on the integrity of those who use the code.
Remember "shareware"? Great idea, great concept, but humans killed it because they didn't live up to the concept. Very few people, if any ever paid anything to an author.
Uh, nope. Only the GPL parts remain GPL. All the stuff they write themselves is under whatever license they want.
If they made changes to the GPL parts, that they'd have to release.
"The company acknowledges in its documentation that it is using his copyrighted software, includes his name and email address, and links to his website where the source code can be found."
And this implies that they used the GPL'd code -as is-, and actually followed the GPL. Go figure.
I suggest you to read at least once the original text of the GPL fully - and try to understand it really and fully.
GPL doesn't enforce copyright only - especially since its aim is copyleft instead - the aim if GPL is turning as much code as it can into GPL one - it's not the MPL.
I know there are many developers who happily exploit GPL code in their non-GPL code, ignoring the GPL requirements. Only the LGPL, or an "aggregate", are exempt.
So, if you're using GPL code in your non GPL code, there a big probability you're violating the license if you distribute it.
I hope it was made clear to all the 'end-users' of their spyware,that if they wished to see the source code of the programs that were 'bugging' them, they need to visit the url below etc, etc.
I believe this is normally a requirement if you distribute software containing GPL code. Quite a few consumer routers, for example, use GPL software and this is often referred to in the documentation, with a copy of the GPL on the accompanying CD.
The magic word is 'linked' not 'used'. This is clearest for compiled languages. Compile various C source files to object files and link them. If any of the source files is GPL, then all of them must be GPL (or multiple licenses including GPL) in order for the reseult to be distributable. The same goes for linking (dynamic or static) to a GPL library.
There are ways to use GPL and closed source software together. Ubuntu is an aggregation of GPL and code with other licenses. Simply distributing two programs on the same DVD does not prevent GPL and closed source from being sold at the same time. Communication via file descriptors is not linking. Although kernel modules and dynamic linking have much in common, closed source kernel modules are explicitly permitted (but sufficient reason for many penguins to buy something else rather than hardware that requires a closed source kernel module for its driver).
Even if you manually copy portions of it - and you can, under the GPL - into your code you're still bound by the GPL terms. That's why I wrote "used" - there are many ways to use code.
The GPL (v2) simply says "a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language". V3 is even more generic: "A “covered work” means either the unmodified Program or a work based on the Program."
> The same goes for linking (dynamic or static) to a GPL library.
Wrong again, there sure is a lot of FUD around the GPL.
Statically linking a library into your binary blob does mean that your whole blob must be under the GPL is any of the libraries is. That's not the case where they are dynamically linked (especially since most libraries are under the LGPL which specifically covers this).
If you couldn't dynamically use a (L)GPL library without making your own code GPL then things would be incredibly restrictive - but they aren't.
Statically linking a library into your binary blob does mean that your whole blob must be under the GPL is any of the libraries is. That's not the case where they are dynamically linked
Incorrect. If you link to a GPL'd library, either statically or dynamically, the combined work becomes subject to the GPL.
If cross-license dynamic linking was permitted by the base GPL, then there would be absolutely no reason for the LGPL to exist, since the dynamic linking exception is pretty much the only difference.
Also you could turn most GPL code into a DLL/shared object and use it without being bound by the GPL...
I wonder how many people are using GPL code happily violating the licenses, consciously, or because plain ignorance of what the GPL actually is and requires...
Statically linking a library into your binary blob does mean that your whole blob must be under the GPL is any of the libraries is
Yes.
That's not the case where they are dynamically linked
Yes it is. From the GPL FAQ:
Does the GPL have different requirements for statically vs dynamically linked modules with a covered work?
No. Linking a GPL covered work statically or dynamically with other modules is making a combined work based on the GPL covered work. Thus, the terms and conditions of the GNU General Public License cover the whole combination.
LGPL, obviously, has an explicit allowance for such linking.
Vic.
Whoa! Just two weeks after posting this anecdote to El Reg[1], it seems I need to re-post the story of how I got associated with something unattractive, that I believe cost me dearly in terms of failing to get my business off the ground when Yahoo (the dominant gateway to the web by mindshare at the time) refused to list me.
If you release something open source, you accept that anyone can use it. Including people you don't like. Is there an Islamic State website? If so then it surely uses someone's software, probably perfectly legally.
I first released Open Source web software in the mid-90s. Keeping an eye on Infoseek and Altavista (this being before Google existed), I found my first user to mention the name (and hence show up in results) was the British National Party's website. Not something I'd have wished, but they had every right to use it: that's what being open source is all about. And indeed free speech, though I didn't check up on what contents might have been accessed through the software, nor indeed whether they moderated or otherwise censored public comment.
[1] http://forums.theregister.co.uk/forum/1/2015/07/08/evil_nsa_runs_on_saintly_red_hat_enterprise_linux_apache/
CC BY-NC would work for what he's after, it allows the source to be used freely, but with attribution and not at all in a commercial product. Since I don't think he's selling the code, it would stop for-profits from taking his code and selling it. CC was mostly designed for artwork, but there's no reason you couldn't use it for software that I can see anyway.
I don't think FSF would think too highly of it, but really, who gives a shit about them if you're really that concerned and outraged about a for-profit that does some unethical shit using your tools in their software to make money.
CC BY-NC would work for what he's after, it allows the source to be used freely, but with attribution and not at all in a commercial product.
I don't think so. I didn't see any issues with it being in a commercial product - just a big deal about it being used in a snooping product.
This is the thing with software freedom - you're free to use it for whatever you want, so long as you abide by the licence conditions. As soon as you start trying to define usage scopes, you're narrowing that freedom, and with the amount of inter-linked code currently available, you'd end up with an exclusion on pretty much everything. So we have the situation in force today: you cannot define usage scopes and remain GPL-compliant. And that's a good thing, even if there are certain groups I'd like to see having no access to any of this code - but they probably feel the same way about me.
Vic.
Okay, Collin Mullinard, try this: "This software may not be used to violate the privacy of any person."
Speaking of up-and-coming regrets, there's an 18-year-old dumbass named Austin Haughwout in Clinton, Connecticut. Yeah, kind of close to "Hogwart." In one of the original colonies, no less. Anyway, he designed an experimental drone that can fire what looks like a .22 caliber semiautomatic. I think it's fair to say that this Austin fellow is going to have regrets a lot sooner than Collin ever did.
Hacking Team eventually used his tools and libraries in production, and are complying with the license, Mulliner said. The company acknowledges in its documentation that it is using his copyrighted software, includes his name and email address, and links to his website where the source code can be found.
This is not GPL compliance!
You can point at the upstream website for non-commercial distribution only. That's 3(c) in GPLv2. For commercial distribution, you're releasing under 3(a) or 3(b), and you need to supply your own copies.
Vic.