[Buildroot] Buildroot licence for commercial product

[Buildroot] Buildroot licence for commercial product

[Damien Borie]

Hello everybody.

We distribute a product which system is a Linux built with Buildroot. I 
have some question about Buildroot use for a commercial product :
- as the system has been made with Buildroot, must I mention Buildroot 
with a url, display the licence or something like that in my application?
- I saw in another thread, if I understood well, that I must mention 
licence and source code for all modules of the distribution. But what 
does it means exactly? Must I put in my product file system every source 
code and licence of every installed programs? Must I put a visible link 
in my main application or can I only put everything in the file system 
without a clear access?

If a documentation with all informations about using Buildroot for a 
commercial product exists, it will be helpful for me. Or if somebody can 
give me some details...

Thanks

-- 
Damien Borie

TERAWATT / AENERGIA S.A.S.
ZA DUBOSCOA
64990 Villefranque
FRANCE 

tel : +33 (0)5 59 44 26 08
fax : +33 (0)5 59 31 15 11 

[Buildroot] Buildroot licence for commercial product

[Thomas Petazzoni]

Hello Damien,

Warning: I am not a lawyer. I am not a licensing expert.

On Mon, 26 Jul 2010 11:55:11 +0200
Damien Borie <dbe@terawatt.fr> wrote:

> We distribute a product which system is a Linux built with Buildroot.
> I have some question about Buildroot use for a commercial product :
> - as the system has been made with Buildroot, must I mention
> Buildroot with a url, display the licence or something like that in
> my application?

As Buildroot by itself isn't distributed, my understanding is that the
license doesn't require you to mention and distribute Buildroot
together with your product.

However, the GPL says (section 3) :

 ?
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to control
compilation and installation of the executable. 
 ?

And maybe we might see Buildroot as a part of the "scripts used to
control compilation and installation" of other GPL executables (Linux
kernel, Busybox and others).

I think we already had this discussion on the Buildroot list sometime
ago, and I think the consensus was that the main Buildroot contributors
considered that there was no distribution of Buildroot when selling a
product whose firmware was built using Buildroot and that consequently,
mentionning Buildroot and distributing its source code wasn't required.

> - I saw in another thread, if I understood well, that I must mention 
> licence and source code for all modules of the distribution. But what 
> does it means exactly? Must I put in my product file system every
> source code and licence of every installed programs? Must I put a
> visible link in my main application or can I only put everything in
> the file system without a clear access?

It depends on the individual license of each of the modules in your
distribution. There will probably be GPL parts, LGPL parts, MIT/X11/BSD
parts and parts under other licenses. Each license has its own set of
requirements associated to the act of distribution.

Generally speaking, for a GPLv2 module such as the Linux kernel or
Busybox, the requirements are well detailed in section 3 of the licence
(see http://www.gnu.org/licenses/old-licenses/gpl-2.0.html). You may
also be interested by the "Distribution of programs released under the
GNU licenses" section of the GPL FAQ, at
http://www.gnu.org/licenses/gpl-faq.html. You may also want to have a
look at the Practical Guide to GPL Compliance
<http://www.softwarefreedom.org/resources/2008/compliance-guide.html>.

In terms of distribution, the LGPL license have fairly similar
requirements to the GPL. MIT/X11/BSD and other non-copyleft licenses
have fewer requirements, they basically only require attribution.

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] Buildroot licence for commercial product

[Damien Borie]

Ok, thanks for your answers.

I have read this today, and I've made a list of all package in my 
buildroot tree. I'm sure some of them are not installed, or not used,, 
because they where selected for some tests and never deleted...
So I got 9 package under ISC and 3 under BSD which only need to include 
the licence text. Then 3 under BSD which need an acknowledgement. Zlib 
and OpenSSL got special licences which need acknowledgements too.
2 LGPL which need the licence text, and one of them (QT) needs to allow 
to modify QT version.
And finally 13 GPL, 10 without Buildroot ncurses and fakeroot, which 
need to give access to the source code.
Ho, and mgetty for which I don't find the licence...
And, I forget all X11 packages...Xserver Xorg is under BSD-like 
licences, so I can just put the text. But I didn't look for all the sub 
packages and libraries...

I don't know how I will give access to all licences text, copyright, and 
source code, as the system is closed and nobody can connect to it except 
us...

Thank you for your help.

Damien Borie

TERAWATT / AENERGIA S.A.S.
ZA DUBOSCOA
64990 Villefranque
FRANCE 

tel : +33 (0)5 59 44 26 08
fax : +33 (0)5 59 31 15 11 



Thomas Petazzoni a ?crit :
> Hello Damien,
>
> Warning: I am not a lawyer. I am not a licensing expert.
>
> On Mon, 26 Jul 2010 11:55:11 +0200
> Damien Borie <dbe@terawatt.fr> wrote:
>
>   
>> We distribute a product which system is a Linux built with Buildroot.
>> I have some question about Buildroot use for a commercial product :
>> - as the system has been made with Buildroot, must I mention
>> Buildroot with a url, display the licence or something like that in
>> my application?
>>     
>
> As Buildroot by itself isn't distributed, my understanding is that the
> license doesn't require you to mention and distribute Buildroot
> together with your product.
>
> However, the GPL says (section 3) :
>
>  ?
> The source code for a work means the preferred form of the work for
> making modifications to it. For an executable work, complete source
> code means all the source code for all modules it contains, plus any
> associated interface definition files, plus the scripts used to control
> compilation and installation of the executable. 
>  ?
>
> And maybe we might see Buildroot as a part of the "scripts used to
> control compilation and installation" of other GPL executables (Linux
> kernel, Busybox and others).
>
> I think we already had this discussion on the Buildroot list sometime
> ago, and I think the consensus was that the main Buildroot contributors
> considered that there was no distribution of Buildroot when selling a
> product whose firmware was built using Buildroot and that consequently,
> mentionning Buildroot and distributing its source code wasn't required.
>
>   
>> - I saw in another thread, if I understood well, that I must mention 
>> licence and source code for all modules of the distribution. But what 
>> does it means exactly? Must I put in my product file system every
>> source code and licence of every installed programs? Must I put a
>> visible link in my main application or can I only put everything in
>> the file system without a clear access?
>>     
>
> It depends on the individual license of each of the modules in your
> distribution. There will probably be GPL parts, LGPL parts, MIT/X11/BSD
> parts and parts under other licenses. Each license has its own set of
> requirements associated to the act of distribution.
>
> Generally speaking, for a GPLv2 module such as the Linux kernel or
> Busybox, the requirements are well detailed in section 3 of the licence
> (see http://www.gnu.org/licenses/old-licenses/gpl-2.0.html). You may
> also be interested by the "Distribution of programs released under the
> GNU licenses" section of the GPL FAQ, at
> http://www.gnu.org/licenses/gpl-faq.html. You may also want to have a
> look at the Practical Guide to GPL Compliance
> <http://www.softwarefreedom.org/resources/2008/compliance-guide.html>.
>
> In terms of distribution, the LGPL license have fairly similar
> requirements to the GPL. MIT/X11/BSD and other non-copyleft licenses
> have fewer requirements, they basically only require attribution.
>
> Thomas
>   

[Buildroot] Buildroot licence for commercial product

[Yann E. MORIN]

Damien, All,

On Monday 26 July 2010 17:49:46 Damien Borie wrote:
> I don't know how I will give access to all licences text, copyright, and 
> source code, as the system is closed and nobody can connect to it except 
> us...

The easiest, IMHO, is to have a leaflet listing all packages you identified
and the name of the license that applies to each of them, plus the full text
for each license.

Then, for GPL-licensed (and similar licensed) packages, you can provide
access to the complete and corresponding source code on-line, eg. on a
FTP server. Bundling a CD with your product would be ultimate, and very
well regarded.

As a side note, be extra carefull about the toolchain, as parts of it will
end up on the target. Examples are the C library file (eg. libc.so.0,
libm.so.0, ...) and others (eg. libgcc.so.0 from gcc, ...). So you should
also count those packages in.

All this is from a non-lawyer, so you'd better check with yours.

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] Buildroot licence for commercial product

[Thomas Petazzoni]

Hello Damien,

On Mon, 26 Jul 2010 17:49:46 +0200
Damien Borie <dbe@terawatt.fr> wrote:

> I have read this today, and I've made a list of all package in my 
> buildroot tree. I'm sure some of them are not installed, or not
> used,, because they where selected for some tests and never deleted...

Normally, "make external-deps" is supposed to tell you everything
Buildroot downloads to build the target system.

> So I got 9 package under ISC and 3 under BSD which only need to
> include the licence text. Then 3 under BSD which need an
> acknowledgement.

By acknowledgement, I assume you mean the 4-clause BSD license, which
says:

"
3. All advertising materials mentioning features or use of this software
   must display the following acknowledgement:
   This product includes software developed by the <organization>.
"

I must confess I'm not sure in practice how one is supposed to respect
this requirement.

> Zlib and OpenSSL got special licences which need
> acknowledgements too.

The Zlib license does not seem to have an advertising clause like the
4-clause BSD license. The acknowledgement is only appreciated:

"
    1. The origin of this software must not be misrepresented; you must
not claim that you wrote the original software. If you use this software
in a product, an acknowledgment in the product documentation would
be appreciated but is not required.
"

In the OpenSSL license, you're correct, there is an acknowledgement
clause as well.

> 2 LGPL which need the licence text, and one of them (QT) needs to
> allow to modify QT version.

I am not sure what you mean here about QT.

Moreover, with the LGPL, you not only have to provide the licence text,
but also the complete source code of the LGPL component. See section 4
of http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html (if the LGPL
license version is indeed 2.1).

> And finally 13 GPL, 10 without Buildroot ncurses and fakeroot, which 
> need to give access to the source code.

Right, and the licence text.

> Ho, and mgetty for which I don't find the licence...
> And, I forget all X11 packages...Xserver Xorg is under BSD-like 
> licences, so I can just put the text. But I didn't look for all the
> sub packages and libraries...

Yeah, this is where "make external-deps" can help.

> I don't know how I will give access to all licences text, copyright,
> and source code, as the system is closed and nobody can connect to it
> except us...

I think a fairly sane and reasonable way is :

 * To create a webpage that lists all the free software components that
   you've used in your device, the version of these components, the
   modifications you made to these components (patches), the licence of
   these components. All with a link to the tarball of each component,
   hosted on your server and a link to the full license text.

 * To add to your product a simple paper that contains the list of the
   components, their license, and a link to the webpage mentionned
   before.

This way, you're transparent on what your device contains in terms of
free software, which license it is under, and you give the full source
code for all of them.

Of course, I am not a lawyer, so the suggestions above are not legal
advice.

Regards,

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com