Ask Your Question
1

Using GPL licensed packages in a commercial product

asked 2011-12-12 00:54:36 -0500

raahlb gravatar image

Hi, Using a GPL licensed package in a commercial product should not be a problem, right? It ought not force us to release all our own software in the product under the GPL? As long as we're not linking directly towards the package, but rather just send or receive messages from it, that is.

If I understand it correctly, if we use a secret message format that we don't explain to anyone we could get into trouble. But now it's just a Scan message. It should be fine, shouldn't it?

We will still have to distribute the source code of the GPL'ed package of course, if requested too.

Regards, Rasmus Ahlberg

edit retag flag offensive close merge delete

Comments

Note that all of this is moot for the sensor_msgs/Scan message for it is BSD licensed not GPL. All of the core of ROS is BSD licensed, and the BSD is a much more permissive license.
tfoote gravatar imagetfoote ( 2012-01-02 06:36:19 -0500 )edit
Yeah, but the laser driver we're using is GPL and LGPL licensed. It all comes down to in which situations the GPL "spreads" across socket communication. But as the interface, i.e. sensor_msgs/Scan, has a publicly available specification it ought to be fine.
raahlb gravatar imageraahlb ( 2012-01-02 21:54:04 -0500 )edit

2 Answers

Sort by ยป oldest newest most voted
6

answered 2011-12-12 12:00:38 -0500

Eric Perko gravatar image

Too long for a comment to Dimitri's answer, so separate answer.

IANAL, but I disagree with the interpretation that requiring a GPL'd node is "linking against" it. Statically or dynamically linking against a GPL component will get you one, complete binary file that contains that GPL component, hence the license applies to all of that binary. You should be careful about the manifest.xml, since you may automatically be linking against things if your ROS node has a dependency on the GPL'd package and it exports a library. That is one reason to use separate message packages.

If you are not directly linking against the GPL'd library, then your software should not need to be licensed as GPL. Just because you "require" a piece of GPL software in order to function, as long as the GPL component is standalone, I do not believe your software also needs to be GPL. Since nodes communicate via TCP and live in completely separate processes (and hence are separate binaries), I do not think the GPL can cross the process boundary and "infect" other pieces of software on the system. For example, much of ROS "depends" on the Linux kernel to function (which is GPL'd) but, because we don't link directly against the kernel and live in user-space, we don't need to worry about the kernel's licensing terms, since ROS is not a "derivative work" of the Linux kernel.

Really, my understanding is that if component FOO never includes any of the copyrighted material of BAR (either through headers or linking), then the license for BAR cannot affect FOO. Again, IANAL, so obviously you should consult an actual intellectual property lawyer (maybe the FSF has a list/could point you to one knowledgeable about the GPL) before making any business decisions.

edit flag offensive delete link more

Comments

Just a note: if you set --link-as-needed as a global cflag for all your ros compiles (we do this via ros/rosconfig.cmake - compare with rosbuild/rosconfig.cmake), then you don't need to worry about manifests exporting it unnecessarily to packages which don't actually make any api calls.
Daniel Stonier gravatar imageDaniel Stonier ( 2011-12-12 13:54:10 -0500 )edit
Well, there is the case Dimitri mentions in his updated post. If you split a program in two and use some pipe or socket to communicate, just to get rid of linking some GPL'ed code in one of the parts, you're probably kinda screwed.
raahlb gravatar imageraahlb ( 2011-12-13 01:01:28 -0500 )edit
3

answered 2011-12-12 03:24:33 -0500

DimitriProsser gravatar image

updated 2011-12-13 00:46:39 -0500

A question like this is extremely complex. Linking with GPL'd licenses is still regularly under debate. You really need to talk to a lawyer or someone that specializes in these areas.

That being said, here is my take on the issue and some concerns that you must think about. The GPL states that "Linking ABC statically or dynamically with other modules is making a combined work based on ABC. Thus, the terms and conditions of the GNU General Public License cover the whole combination." That being said, although you may not be changing the GPL'd package in any way, if your package requires that package to exist in order to function, I would say that's linking against. If the GPL'd package is included in your manifest.xml, then it's pretty clear that it's required for operation.

Even without requiring the package directly, if your program requires that the GPL'd node be running, one could argue that you're "linking against" it. The ROS node system obfuscates the linking process, and hence you would need to speak to a professional.

ROS's BSD license does not carry these concerns.

EDIT: The Free Software Foundation made the following two statements regarding programs that operate using pipes, sockets, RPC (like ROS), etc.

"By contrast, pipes, sockets and command-line arguments are communication mechanisms normally used between two separate programs. So when they are used for communication, the modules normally are separate programs. But if the semantics of the communication are intimate enough, exchanging complex internal data structures, that too could be a basis to consider the two parts as combined into a larger program."

and

"The glue script (rpc and rpc messages, sockets, pipes, etc.) would ultimately create a single work, derived from both the original scripts, and you would need to follow the terms of all those licenses to create it. Combining the first script with the second this way would violate its exception-free GPL."

The Free Software Foundation is very active in protecting the rights of GPL'd code, so it's best not to make any assumptions at all in this matter. While there are merits to both sides of the argument, the one thing we all agree on is that there's someone that knows the rules better than we do. You should find that person and talk to them, just to be safe.

edit flag offensive delete link more

Comments

I think we'd be rather safe though, as we're not dependent on "message X from GPL'd package Y". The message type, sensor_msgs/Scan, has a publicly available specification, so I don't think you could really say that we're dependent on that specific package. Thanks for the reply!
raahlb gravatar imageraahlb ( 2011-12-12 18:49:30 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2011-12-12 00:54:36 -0500

Seen: 14,527 times

Last updated: Dec 13 '11