Welte distributed the letters at the CeBit technology show in Hannover, Germany. Among the recipients were telecom giant Motorola and PC manufacturer Acer.
Welte is one of the core developers of the Linux kernel firewall engine Netfilter/iptables and the maintainer of the packet filter subsystem in the Linux kernel. In 2004, he set up Gpl-violations.org, which aims to prevent companies from contravening the rules set down in the GNU General Public License.
Since setting up the project, Welte has made 25 agreements with companies that were violating the GPL, as well as setting up two preliminary injunctions and one court order. Each of these companies used GPL code in products they distributed without making the altered source code available--a requirement of the licence.
ZDNet UK spoke to Welte about tracking down those companies that violate the GPL and how he persuades them to comply.
Q: Why is it important to stop people from violating the GPL?
Welte: You can use all the code out there for free, but if you do modifications, you have to give them back to the community--it's a fairness thing. If we allowed violations to become common, the system would be out of equilibrium. This would result in fewer contributions and it would have a large negative impact on the motivation of developers.
How do you find out whether companies have used GPL-licensed code?
Welte: It's quite hard without having the source code. All you can do is look at the firmware with a hex editor. You can often spot error messages or function names from GPL-licensed code. For example, there is an error message in the Netfilter code that says, "Rusty needs more caffeine." If someone writes a firewall they are very unlikely to come up with the same error message.
If somebody wants to obfuscate the fact that they have used the (GPL-licensed) source code, they can write a program to automatically change the error messages or strings. But if they try to hide it, it's a wilful copyright violation, which is a more serious legal offence.
What happens when you tell companies that they are violating the GPL?
Welte: Lots of companies that we are going after are resellers, so even if the device is sold as Fujitsu Siemens, it's not made by them but is an OEM device. With resellers it's easier, as we simply tell them, and they then put pressure on their upstream vendors.
In some cases, we got an out-of-court agreement and the company agreed to stop distributing software that doesn't comply with the GPL licence, but then did it again. This happened with Belkin and Netgear--half a year after signing the agreement, they introduced new products that came without any indication of source code availability. This has now been sorted out, and they are fully compliant.
In general, we haven't had trouble persuading companies to comply, apart from (PC connectivity company) Sitecom.
What happened with Sitecom?
Welte: When we found out about Sitecom's GPL violation, my lawyer asked them to sign a declaration to stop distributing software that didn't comply with the GPL licence. We didn't receive their signed declaration within the deadline, so we applied for a preliminary injunction. After they received the injunction, they filed an appeal. The court ruled that it will uphold the preliminary injunction.
Even though you have won every case so far, surely there's potential cost involved in pursuing these cases?
Welte: There is a cost of 10,000 euros ($13,282) per case, although the party who loses the case pays all the legal fees. It's not that I have that amount of money spare, but it's worth the risk.
What do companies need to do to make sure their software is GPL compliant?
Welte: The only thing you need to do to comply with the GPL licence is to release the source code. GPL offers two possible ways--you can