In 1999, I worked my first GPL enforcement matter: a large storage had made proprietary modifications to GNU tar and failed to release the complete, corresponding source code to its customers. In early 2000, I did my first “CCS check” (complete, corresponding sourcecode check) — wherein one attempts to build the “CCS candidate” provided by the vendor to investigate whether the CCS candidate is actually complete, and whether it corresponds to the binaries that were distributed.
In those days, violations of copyleft licenses were rare, and once uncovered, companies eventually corrected their behavior. Yet, even then, it took years of work to convince the company to comply. And often, by the time compliance was achieved, a new generation of the product was released.
25 years later, we face the same problems with nearly every vendor.
Almost every product on the market today contains Linux, BusyBox, the GNU C Library, GNU Bash, and dozen other packages licensed under the GPL and/or LGPL. Almost none of these companies, even if an offer for source code is made, provide CCS.
This talk will look both to the past and future as we investigate software rights and freedoms of the average consumer, and how we reached this difficult situation. Attendees can learn the history of copyleft and its enforcement, and leave with an understanding of how much work remains and what individuals can do to make a real impact on the rights of users under copyleft.
