Reporting and Fixing License Violations
Shane M. CoughlanThis guide presents some practical tips for solving common Free Software license compliance issues. It is not legal advice, and if in doubt, you should contact a qualified lawyer.
Reporting a violation
Be careful when reporting a violation. Accusations and suspicions voiced on public mailing lists create uncertainty and do little to solve violations. By checking your facts you can help experts resolve violations quickly.
Useful violation reports to companies about a potentially infringing product should contain:
- The name of the product affected
- The reason why a violation is believed to exist
- The name of the project code that may have been violated
- A statement regarding what licence this code is under
- A link to the project site
Useful violation reports to organisations like gpl-violations.org or the FTF should contain:
- The name of the project code that may have been violated
- A statement regarding what licence this code is under
- A link to the project site
- The name and website of the party who may be violating the code
- The reason why a violation is believed to exist
Additional tips:
- Please do not forward long email threads. They make it difficult to assess the situation.
- If you have clear evidence of a violation it is a good idea to tell the copyright holders. They can take legal action if necessary.
You can send violation reports to:
- gpl-violations.org: license-violation@gpl-violations.org
- FSFE's Freedom Task Force: ftf@fsfeurope.org
Handling a violation report
It is important to handle violation reports carefully. Free Software development focuses on community engagement and clear communication. That means it is important to respond to issues reported, even if your reply is initially brief. This helps prevent escalation.
Here are some useful steps:
- Confirm you have received any reports sent in and inform the reporter you are looking into the case
- If the report was made on a public forum try to move the discussion to a non-public space as soon as possible
- Isolate the precise problem. If you don't already have the information, ask the reporter for:
- The name of the product affected or the exact code causing a problem
- The reason why a violation is believed to exist
- The name of the project code that may have been violated
- A statement regarding what licence this code is under
- A link to the project site
- Send updates to the reporter when they are available
Please bear in mind:
- Not every reporter understands licences fully and there may be mistakes in their submissions
- Compliance with the terms of the licences is not optional and lack of compliance can have serious consequences
- You can hire compliance engineers or purchase compliance services from third parties if necessary
You can get more information about best practice in this field by contacting:
- FSFE's Freedom Task Force: ftf@fsfeurope.org
You can obtain compliance engineering support by contacting:
- Tjaldur Software Governance Solutions: http://www.tjaldur.nl
Preventing a violation
The best way to fix violations is to prevent them occuring.
Useful tips:
- Read the licences you will use
- Check out the websites explaining these licences
- Get advice from experts
Useful tips for supply chain management:
- If third parties supply you with code, ensure you have licence compliance stipulated in your contracts
- Ask suppliers to bear the cost of resolving violations
For more information you can contact:
- gpl-violations.org: legal@lists.gpl-violations.org
- FSFE's Freedom Task Force: ftf@fsfeurope.org