SDL LGPL violations

Greetings

It has come to my attention that at least one instance of LGPL violation
has occured with respect to SDL. I imagine that this kind of violations
may also be more common, but I haven’t bothered to spesifically seek
more of them out.

The issue is that some projects based on SDL choose to create binary
distributions that include prebuilt SDL libraries, rather than just
distributing their own binaries and instructing the people downloading
them to get the SDL libraries from the SDL homepages, for example. Now
this in itself of course isn’t a license violation, if they’d distribute
also the appropriate source code for the SDL library. Not all do.

I would, in the interest of keeping (L)GPL licensing matters clear, urge
the SDL developers to contact people found doing this sort of things and
ask them to comply with SDL’s LGPL license. As the source distribution
clause is clearly spelled out on the SDL homepage as well, I assume you
might agree. (The alternative would be to clarify this kind of use as
acceptable as an exception to the LGPL, but that’d make things
complicated and lessen the availability of the source code.)

Anyway, the particular offending page that propmpted this mail is at
URL:http://teddy.sourceforge.net/. The Windows binary package contains
SDL DLL’s, but no sources are available from the pages.

Thank you for your attention.–
Mikko Rauhala - @Mikko_Rauhala - URL:http://www.iki.fi/mjr/
- WTA member - URL:http://www.transhumanism.org/
-------------- next part --------------
A non-text attachment was scrubbed…
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: http://lists.libsdl.org/pipermail/sdl-libsdl.org/attachments/20020628/561976a5/attachment.pgp

I would kind of like to see an exception which says that it’s okay to
distribute just the runtime binaries as long as there is a clear pointer to
a place from which the source can be obtained and a promise to find the
source and make it available if that pointer is no longer valid

. I distribute the win32 version of my IceBreaker game from my web site in
binary form with the SDL dlls, and the SDL source in a separate package,
simply because including the SDL source in the package would increase the
package size by 5x. I know for sure that some people then redistribute the
binary package without themselves providing the SDL source. Technically, as
you point out, these people are in violation, but practically speaking…On Fri, Jun 28, 2002 at 01:38:21AM +0300, Mikko Rauhala wrote:

ask them to comply with SDL’s LGPL license. As the source distribution
clause is clearly spelled out on the SDL homepage as well, I assume you
might agree. (The alternative would be to clarify this kind of use as
acceptable as an exception to the LGPL, but that’d make things
complicated and lessen the availability of the source code.)

–
Matthew Miller @Matthew_Miller http://www.mattdm.org/
Boston University Linux ------> http://linux.bu.edu/

Is this really an LGPL violation? Doesn’t really look
like it, and if it is it’s not exactly what I’d call
sinister. You don’t actually have to distribute the
source code with the dlls, or make them available for
download from the same page. It seems like you’re
being a bit of a jackass, frankly.

Andrew.

— Mikko Rauhala wrote:

Greetings

It has come to my attention that at least one
instance of LGPL violation
has occured with respect to SDL. I imagine that this
kind of violations
may also be more common, but I haven’t bothered to
spesifically seek
more of them out.

The issue is that some projects based on SDL choose
to create binary
distributions that include prebuilt SDL libraries,
rather than just
distributing their own binaries and instructing the
people downloading
them to get the SDL libraries from the SDL
homepages, for example. Now
this in itself of course isn’t a license violation,
if they’d distribute
also the appropriate source code for the SDL
library. Not all do.

I would, in the interest of keeping (L)GPL licensing
matters clear, urge
the SDL developers to contact people found doing
this sort of things and
ask them to comply with SDL’s LGPL license. As the
source distribution
clause is clearly spelled out on the SDL homepage as
well, I assume you
might agree. (The alternative would be to clarify
this kind of use as
acceptable as an exception to the LGPL, but that’d
make things
complicated and lessen the availability of the
source code.)

Anyway, the particular offending page that propmpted
this mail is at
URL:http://teddy.sourceforge.net/. The Windows
binary package contains
SDL DLL’s, but no sources are available from the
pages.

Thank you for your attention.

–
Mikko Rauhala - mjr at iki.fi -
URL:http://www.iki.fi/mjr/
- WTA member -
URL:http://www.transhumanism.org/

ATTACHMENT part 2 application/pgp-signature
name=signature.asc__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

To keep this really straighforeward:

Inclusion of source with a package marked GNU Copyleft (GPL) or Library
GNU Copyleft (LGPL) is not required.
What is required is to make the source readily available for up to three
years.

Modifications to an existing GPL or LGPL must also be available - that’s
in the license.

Source does not have to be included in the shipped product - just readily
available (ie: ftp, website, …) To require otherwsise would make it
IMPOSSIBLE to develop embedded applications - or just unreasonably
expensive.

So this isn’t a violation.
Now if they don’t provide links to obtain the source - THAT is a
violation!

note that in this case they only have to provide links for SDL… their
own code doesn’t have to be released unless it either contains GNU code or
is makred GNU…

mind you - IANAL. But nonetheless this comes from working with GNU
software for >10 years.

Hope this helps.

G’day, eh?
- Teunis

PS: message attached in case of ambiguity…On 28 Jun 2002, Mikko Rauhala wrote:

Greetings

It has come to my attention that at least one instance of LGPL violation
has occured with respect to SDL. I imagine that this kind of violations
may also be more common, but I haven’t bothered to spesifically seek
more of them out.

The issue is that some projects based on SDL choose to create binary
distributions that include prebuilt SDL libraries, rather than just
distributing their own binaries and instructing the people downloading
them to get the SDL libraries from the SDL homepages, for example. Now
this in itself of course isn’t a license violation, if they’d distribute
also the appropriate source code for the SDL library. Not all do.

I would, in the interest of keeping (L)GPL licensing matters clear, urge
the SDL developers to contact people found doing this sort of things and
ask them to comply with SDL’s LGPL license. As the source distribution
clause is clearly spelled out on the SDL homepage as well, I assume you
might agree. (The alternative would be to clarify this kind of use as
acceptable as an exception to the LGPL, but that’d make things
complicated and lessen the availability of the source code.)

Anyway, the particular offending page that propmpted this mail is at
URL:http://teddy.sourceforge.net/. The Windows binary package contains
SDL DLL’s, but no sources are available from the pages.

Thank you for your attention.

–
Mikko Rauhala - mjr at iki.fi - URL:http://www.iki.fi/mjr/
- WTA member - URL:http://www.transhumanism.org/

Actually, read the license. In short, yes you do, and no he’s not.On Fri, Jun 28, 2002 at 10:28:56AM -0700, Andrew Ford wrote:

Is this really an LGPL violation? Doesn’t really look like it, and if it
is it’s not exactly what I’d call sinister. You don’t actually have to
distribute the source code with the dlls, or make them available for
download from the same page. It seems like you’re being a bit of a
jackass, frankly.

–
Matthew Miller @Matthew_Miller http://www.mattdm.org/
Boston University Linux ------> http://linux.bu.edu/

They provide a link to the SDL pages, and yes, he’s
being a jackass.

— Matthew Miller wrote:> On Fri, Jun 28, 2002 at 10:28:56AM -0700, Andrew Ford wrote:

Is this really an LGPL violation? Doesn’t really
look like it, and if it
is it’s not exactly what I’d call sinister. You
don’t actually have to
distribute the source code with the dlls, or make
them available for
download from the same page. It seems like you’re
being a bit of a
jackass, frankly.

Actually, read the license. In short, yes you do,
and no he’s not.

–
Matthew Miller mattdm at mattdm.org
http://www.mattdm.org/
Boston University Linux ------>
http://linux.bu.edu/

---

SDL mailing list
SDL at libsdl.org
http://www.libsdl.org/mailman/listinfo/sdl

Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup

Anyone who distributes the binary versions needs to make the source
available from the same place that the binaries are. In other words, if
your game is picked up by Tucows, and Tucows redistributes it without an
offer to download or otherwise obtain the the SDL source from Tucows, they
are in violation of the LGPL. At least as I read it. Note that the
"Accompany it with the information you received as to the offer to
distribute corresponding source code" clause is only in the GPL, not the
LGPL, and furthermore that it only applies to “noncommercial distribution”
– not a commercial web site, or a gaming mag CD, etc.On Fri, Jun 28, 2002 at 10:44:22AM -0700, Teunis Peters wrote:

Inclusion of source with a package marked GNU Copyleft (GPL) or Library
GNU Copyleft (LGPL) is not required. What is required is to make the
source readily available for up to three years.

–
Matthew Miller @Matthew_Miller http://www.mattdm.org/
Boston University Linux ------> http://linux.bu.edu/

We distribute win32 binaries with the SDL runtime. We’ve kept the readme
file for where to get the SDL source, which is AFAICR all that needs to be
done for by a non-commercial project. If they’re not doing this, that’s a
problem.

That said, it’d be a good thing to distribute from the thing’s download
page the source for the exact version of SDL used to make the binary.
This is useful because that version may not be around on the SDL page
anymore. Newer versions will probably work, but if they don’t, what do
you do then? Having the source is important, but for technical reasons
more than legal ones, IMO.On Fri, Jun 28, 2002 at 01:38:21AM +0300, Mikko Rauhala wrote:

It has come to my attention that at least one instance of LGPL violation
has occured with respect to SDL. I imagine that this kind of violations
may also be more common, but I haven’t bothered to spesifically seek
more of them out.

–
Joseph Carter You expected a coherent reply?

lilo: well then, you are probably a responsible thinker.
Welcome to a very small club.
Overfiend: welcome me when you join

-------------- next part --------------
A non-text attachment was scrubbed…
Name: not available
Type: application/pgp-signature
Size: 273 bytes
Desc: not available
URL: http://lists.libsdl.org/pipermail/sdl-libsdl.org/attachments/20020628/af3e98ff/attachment.pgp

Where in the license does it say that providing a link to the SDL pages is
adequate for anything other than binaries also distributed from those pages?
I’d love to be wrong here, but I just don’t see it.On Fri, Jun 28, 2002 at 10:37:55AM -0700, Andrew Ford wrote:

They provide a link to the SDL pages, and yes, he’s
being a jackass.

–
Matthew Miller @Matthew_Miller http://www.mattdm.org/
Boston University Linux ------> http://linux.bu.edu/

If SDL is relicensed as GPL, this is true. For LGPL, it’s not. You could
relicense SDL if you want, but you need to make it clear that you’re doing
that. Also, it’s a pain for other people who might want to distribute your
app (Tucows, etc, as I mentioned), since the “pointer” method isn’t valid
for them.On Fri, Jun 28, 2002 at 10:50:56AM -0700, Joseph Carter wrote:

We distribute win32 binaries with the SDL runtime. We’ve kept the readme
file for where to get the SDL source, which is AFAICR all that needs to be
done for by a non-commercial project. If they’re not doing this, that’s a
problem.

–
Matthew Miller @Matthew_Miller http://www.mattdm.org/
Boston University Linux ------> http://linux.bu.edu/

You’re absolutely correct. I’m going to go sue
electronics boutique, since I bought some loki-titles
and could not get the source code for SDL at the
retail counter. MY RIGHTS ARE BEING VIOLATED HERE AND
I TAKE THIS VERY SERIOUSLY. This isn’t directed
at you, just this nonsense which I’d like to put an
end to.

— Matthew Miller wrote:> On Fri, Jun 28, 2002 at 10:37:55AM -0700, Andrew Ford wrote:

They provide a link to the SDL pages, and yes,
he’s
being a jackass.

Where in the license does it say that providing a
link to the SDL pages is
adequate for anything other than binaries also
distributed from those pages?
I’d love to be wrong here, but I just don’t see it.

–
Matthew Miller mattdm at mattdm.org
http://www.mattdm.org/
Boston University Linux ------>
http://linux.bu.edu/

---

SDL mailing list
SDL at libsdl.org
http://www.libsdl.org/mailman/listinfo/sdl

Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup

Did Loki include the SDL source on the CDs? That would have done it too, of
course.

Anyway, I agree that it’s pedantic, which is why I didn’t bring this up
myself. However, as far as I can tell, it is indeed the letter of the
license, and no one is a “jackass” for pointing that out.On Fri, Jun 28, 2002 at 11:09:51AM -0700, Andrew Ford wrote:

You’re absolutely correct. I’m going to go sue electronics boutique,
since I bought some loki-titles and could not get the source code for SDL
at the retail counter. MY RIGHTS ARE BEING VIOLATED HERE AND I TAKE THIS
VERY SERIOUSLY. This isn’t directed at you, just this nonsense which
I’d like to put an end to.

–
Matthew Miller @Matthew_Miller http://www.mattdm.org/
Boston University Linux ------> http://linux.bu.edu/

That depends on whether you think useless pedantry is
"jackass"ish or not And it’s not so much that he
pointed it out. It’s more of the “do something about
it” tone. In any case, this is a waste of time and
I’m not going to contribute to it anymore.

— Matthew Miller wrote:> On Fri, Jun 28, 2002 at 11:09:51AM -0700, Andrew Ford wrote:

You’re absolutely correct. I’m going to go sue
electronics boutique,
since I bought some loki-titles and could not get
the source code for SDL
at the retail counter. MY RIGHTS ARE BEING
VIOLATED HERE AND I TAKE THIS
VERY SERIOUSLY. This isn’t directed at you,
just this nonsense which
I’d like to put an end to.

Did Loki include the SDL source on the CDs? That
would have done it too, of
course.

Anyway, I agree that it’s pedantic, which is why I
didn’t bring this up
myself. However, as far as I can tell, it is indeed
the letter of the
license, and no one is a “jackass” for pointing that
out.

Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup

I didn’t get that impression from the original message at all. It was very
polite. Some people in the open source / free software are very concerned
with correctness, and for good reason: we don’t have a lot of money or
lawyers. It’s important that was follow our own licenses correctly, because
we don’t want their force to be weakened by widespread misuse. That’s fair
enough. To that end, it’d be very nice if the SDL authors explicitly made
the “it’s okay to just point to the web site” thing an addition to the
license.On Fri, Jun 28, 2002 at 11:35:02AM -0700, Andrew Ford wrote:

That depends on whether you think useless pedantry is "jackass"ish or not
And it’s not so much that he pointed it out. It’s more of the “do
something about it” tone. In any case, this is a waste of time and I’m

–
Matthew Miller @Matthew_Miller http://www.mattdm.org/
Boston University Linux ------> http://linux.bu.edu/

From “Copying” in the SDL 1.2.4 source package:

" If distribution of object code is made by offering access to copy
from a designated place, then offering equivalent access to copy the
source code from the same place satisfies the requirement to
distribute the source code, even though third parties are not
compelled to copy the source along with the object code."

To me, this sounds very much like it’s time to buy a few MB of extra web space. (Running low…)

//David

.---------------------------------------
| David Olofson
| Programmer

`-----> We Make Rheology Real

Heres more of my two cents…
And isnt that saying that the compiled code and the source code should both
be avalible side by side? That has nothing to do with third party required
libraries, especially ones that arnt/do not have to be statically linked.On 28-Jun-2002, David Olofson wrote:

From “Copying” in the SDL 1.2.4 source package:

" If distribution of object code is made by offering access to copy
from a designated place, then offering equivalent access to copy the
source code from the same place satisfies the requirement to
distribute the source code, even though third parties are not
compelled to copy the source along with the object code."

To me, this sounds very much like it’s time to buy a few MB of extra web space. (Running low…)

//David

.---------------------------------------
| David Olofson
| Programmer

david.olofson at reologica.se
Address:
REOLOGICA Instruments AB
Scheelev?gen 30
223 63 LUND
Sweden
---------------------------------------
Phone: 046-12 77 60
Fax: 046-12 50 57
Mobil:
E-mail: david.olofson at reologica.se
WWW: http://www.reologica.se

`-----> We Make Rheology Real

---

SDL mailing list
SDL at libsdl.org
http://www.libsdl.org/mailman/listinfo/sdl

–
Patrick “Diablo-D3” McFarland || unknown at panax.com
"Computer games don’t affect kids; I mean if Pac-Man affected us as kids, we’d
all be running around in darkened rooms, munching magic pills and listening to
repetitive electronic music." --Kristian Wilson, Nintendo, Inc, 1989

Ill throw my two cents in on this…
For internet only distributions (aka majority of the software out there, sans
anything included with distros) it should always be okay to just point to the
website of the library you use.On 28-Jun-2002, Matthew Miller wrote:

On Fri, Jun 28, 2002 at 11:35:02AM -0700, Andrew Ford wrote:

That depends on whether you think useless pedantry is "jackass"ish or not
And it’s not so much that he pointed it out. It’s more of the “do
something about it” tone. In any case, this is a waste of time and I’m

I didn’t get that impression from the original message at all. It was very
polite. Some people in the open source / free software are very concerned
with correctness, and for good reason: we don’t have a lot of money or
lawyers. It’s important that was follow our own licenses correctly, because
we don’t want their force to be weakened by widespread misuse. That’s fair
enough. To that end, it’d be very nice if the SDL authors explicitly made
the “it’s okay to just point to the web site” thing an addition to the
license.

–
Matthew Miller mattdm at mattdm.org http://www.mattdm.org/
Boston University Linux ------> http://linux.bu.edu/

---

SDL mailing list
SDL at libsdl.org
http://www.libsdl.org/mailman/listinfo/sdl

–
Patrick “Diablo-D3” McFarland || unknown at panax.com
"Computer games don’t affect kids; I mean if Pac-Man affected us as kids, we’d
all be running around in darkened rooms, munching magic pills and listening to
repetitive electronic music." --Kristian Wilson, Nintendo, Inc, 1989

Check out section 6©. If it’s more lenient on
distribution of alledgedly mixed works than for the
binary library, then that’s a craptacular oversight in
my opinion.

— David Olofson <david.olofson at reologica.se> wrote:> From “Copying” in the SDL 1.2.4 source package:

" If distribution of object code is made by
offering access to copy
from a designated place, then offering equivalent
access to copy the
source code from the same place satisfies the
requirement to
distribute the source code, even though third
parties are not
compelled to copy the source along with the object
code."

To me, this sounds very much like it’s time to buy a
few MB of extra web space. (Running low…)

//David

.---------------------------------------
| David Olofson
| Programmer

david.olofson at reologica.se
Address:
REOLOGICA Instruments AB
Scheelev?gen 30
223 63 LUND
Sweden
---------------------------------------
Phone: 046-12 77 60
Fax: 046-12 50 57
Mobil:
E-mail: david.olofson at reologica.se
WWW: http://www.reologica.se

`-----> We Make Rheology Real

---

SDL mailing list
SDL at libsdl.org
http://www.libsdl.org/mailman/listinfo/sdl

Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup

Hold on, hold on. I think maybe we’re overlooking the
fact that providing a link to the SDL libraries from
the download page (or project page) could in fact be
said to make the source code available from the same
place that distributes the binaries, wouldn’t you say?
I think part of the problem here is that the terms of
the licence are not quite adequate to properly define
electronic distribution over the internet. Perhaps it
might be stretching it, I don’t know…

— Patrick McFarland wrote:> Heres more of my two cents…

And isnt that saying that the compiled code and the
source code should both
be avalible side by side? That has nothing to do
with third party required
libraries, especially ones that arnt/do not have to
be statically linked.

On 28-Jun-2002, David Olofson wrote:

From “Copying” in the SDL 1.2.4 source package:

" If distribution of object code is made by
offering access to copy
from a designated place, then offering equivalent
access to copy the
source code from the same place satisfies the
requirement to
distribute the source code, even though third
parties are not
compelled to copy the source along with the object
code."

To me, this sounds very much like it’s time to buy
a few MB of extra web space. (Running low…)

//David

.---------------------------------------
| David Olofson
| Programmer

david.olofson at reologica.se
Address:
REOLOGICA Instruments AB
Scheelev?gen 30
223 63 LUND
Sweden
---------------------------------------
Phone: 046-12 77 60
Fax: 046-12 50 57
Mobil:
E-mail: david.olofson at reologica.se
WWW: http://www.reologica.se

`-----> We Make Rheology Real

---

SDL mailing list
SDL at libsdl.org
http://www.libsdl.org/mailman/listinfo/sdl

–
Patrick “Diablo-D3” McFarland || unknown at panax.com
“Computer games don’t affect kids; I mean if Pac-Man
affected us as kids, we’d
all be running around in darkened rooms, munching
magic pills and listening to
repetitive electronic music.” --Kristian Wilson,
Nintendo, Inc, 1989

---

SDL mailing list
SDL at libsdl.org
http://www.libsdl.org/mailman/listinfo/sdl

Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup

Right - but I want to include SDL binaries with my binary distros to avoid every other Win32 user either giving up or sending me “Why won’t it start up?” mail.

//David

.---------------------------------------
| David Olofson
| Programmer

`-----> We Make Rheology RealOn Fri, 28/06/2002 15:00:31 , Patrick McFarland wrote:

Heres more of my two cents…
And isnt that saying that the compiled code and the source code should both
be avalible side by side? That has nothing to do with third party required
libraries, especially ones that arnt/do not have to be statically linked.