[Tutor] Copyleft

Steven D'Aprano steve at pearwood.info
Wed Dec 5 09:08:45 EST 2018 

Avi,

Why do you keep changing the subject line? You started a new thread 
about "borrowing" (copying) code, people responded to that thread, and 
you've immediately changed the subject to "Copyleft" even though you 
talk about much more than copyleft licences.

(You barely mention copyleft at all -- and what you say about it is 
very inaccurate.)


On Tue, Dec 04, 2018 at 07:50:21PM -0500, Avi Gross wrote:
> Alan,
> 
> Just a reminder. I am NOT suggesting the first way to solve a problem 
> is what I described. I am saying that sometimes a roadblock (real or 
> imagined) can be gotten around using methods like that.

In my experience, the sorts of organisations which make it difficult to 
install third-party software (whether FOSS or proprietary) are also the 
sorts of organisations which will fire you immediately for copying 
someone else's code.

YMMV.


> Agreed. There are copyrights that have to be considered, albeit often 
> SMALL amounts are considered OK. Attribution is a good idea in 
> general.

There's another factor to consider: software patents. If you're going to 
copy a small amount of code, you may still violate their patent. 
(Disclaimer: I am not a patent lawyer.) In that case, giving credit to 
them will be tantamount to admitting to willful infringement, which in 
most jurisdictions that I know of receives triple damages.

That's how broken the patent system is: the penalties for infringement 
encourage people to avoid doing a patent search. Its better to say "We 
couldn't be bothered doing a patent search" than to say "We tried to do 
due diligence but failed to spot this patent", because when it comes to 
patents, if you make the effort but fail, you are deemed to have 
willfully infringed, whereas if you intentionally make no attempt to 
avoid infringing, your infringement is deemed to have been an innocent 
mistake.

Crazy but true.



> The problem that began this is when someone puts roadblocks in the way of what works.

There may be very good reasons for this policy that you call a 
roadblock.

And we only have the Original Poster's word that he is not allowed 
to install pexpect. That could be his misunderstanding, or perhaps he 
can't be bothered going through the process to get approval.

In fairness, some places do make that process rather gruelling... in a 
previous position, I worked with a client whose change request process 
for installing new software on a production server could easily take 
three or four months for approval to come through, if it was given at 
all. Now, you might be tempted to roll your eyes and call that 
bureaucracy gone mad, but they had very good reasons for that level of 
caution and conservativeness.

A colleague got a figurative spanking after he accidentally brought 
their production server down (fortunately only for ten minutes, although 
that was ten minutes too long) by rolling out a buggy "bug fix" directly 
onto the production server without testing it on a staging server first, 
or getting approval for the change.

https://i.chzbgr.com/full/7756111616/hED5FBCC9/


 
> If someone for example wants to be able to use something as trivial as 
> math.pi but for some reason won't load the math module, you could 
> suggest they look up the value of pi to umpteen decimal places and 
> create an object called math Perhaps a class) containing nothing but a 
> value called pi ....

[...]
> Or, I suggest you can copy the real math module into the same place. 
> You may want to edit it with a comment.

So rather than adding a single constant, you're going to risk infringing 
the copyright and moral rights of other programmers by copying a 75 
kilobyte C library that you don't need, just to get the value of pi 
which you could legally and easily copy from your calculator or Google 
in about five seconds.

Are you being paid by the hour? *wink*


> But, yes, bad example as pretty much any implementation of python will 
> include the math module as it is standard.

Indeed. Let's take a better example: the pexpect library.

The OP is not able (not permitted? not physically able? can't be 
bothered?) to install the pexpect library. So your advice for him is 
to... install the pexpect library, potentially ignoring its licence 
terms, making a copy of the source (hoping that its all Python and not C 
that needs compiling) and edit the source to "add a comment" (saying 
what?).

I think you haven't really considered that if the OP is not able to 
install the pexpect library, he probably won't be able to copy it into 
his application either. To say nothing of the ethical issues of copying 
software without obeying the licence terms.

Fortunately pexpect itself is licenced under a very permissive licence 
that allows copying with (almost) no restriction:

https://github.com/pexpect/pexpect/blob/master/LICENSE

but as a general matter of principle, suggesting people just copy the 
source code they want and stick it in their application is rather risky 
and potentially dubious advice.

Not risky for you, of course, its no skin off your nose if somebody 
takes your advice and gets sued or fired from their job.



> Your post does remind me that there are many versions of copyright 
> including some with the silly naming of "copyleft" that allow rather 
> free use but with limits.

That's incorrect: there's only one "copyright" (although of course each 
nation has its own laws enforcing it, and may grant its own slightly 
different monopoly rights under the copyright banner).

"Copyleft" is, of course, a pun on copyright. But it isn't "a version of 
copyright". Only governments can create copyrights. It is a software 
licence.

Copyright is a government-granted, and enforced, monopoly on the legal 
right to make copies of a work (among other privileges).

A licence, on the other hand, is an agreement between two private 
parties where the copyright owner agrees to permit the other party to do 
certain things which they otherwise would not be allowed to do. Such as 
making copies or modifications to the software.



> They may charge large businesses or 
> government agencies. They may demand you leave in some text as in 
> comments or not make changes or notify them to get permission so they 
> can keep track or ...

This is a completely inaccurate description of what copyleft licences 
do. Any licence which required such conditions would not be copyleft. It 
is pretty much as far from the copyleft ethos as it is possible to get.

(Aside from "some text" if that is a copy of the licence itself.)



> I brought up some questions a while ago that boiled down to how a 
> program can know what is already available on the machine the code is 
> being run on. Clearly if you use an unfamiliar package, one solution 
> would be to bring the needed files with you in the distribution of the 
> program. Yes, it may not be the latest or greatest, but you can 
> imagine many ways where it can conditionally fall back on the copies 
> included if a regular import fails.

How could a "regular import" (as opposed to what?) succeed *except* by 
means of having a copy of the library available somewhere accessible to 
the application?

The only distinction here is whether the library is installed within the 
application itself, using whatever mechanism is used to bundle libraries 
within an application, or installed externally to the application. 
Either way, there must be a copy.

In my experience, it is usual that bundling a library bundled in an 
application will shadow the system library, rather than being used as a 
fallback if and only if the system library is missing. Things might be 
different in the C world, or other languages, but that's how the Python 
import system typically works.


For example, try running this at the shell:

touch math.py
python -c "import math; print(math.pi)"


Believe it or not, that's a feature, not a bug :-)



-- 
Steve

More information about the Tutor mailing list