Where the real Android GPL violations are

Google isn't violating the GPL, but other vendors may be

Recent comments about Android's alleged violations of the GPL have been proven to be little more than smoke and mirrors, according to Free Software advocate Bradley M. Kuhn, but there are instances of Android GPL violations out there, Kuhn writes.

This all started on May 11, when I posted an article that dove into the meaning of the Android operating system's Apache Software License (ASL). That's operating system, not the Android kernel. This was promoted by a May 9 statement from Google that the source code for the current version of Android, Honeycomb, will not be released until the next version of Android, Ice Cream Sandwich, is released.

In my article I walked through how the ASL not only doesn't specify when source code must be released but also how the ASL, which is a permissive, non-copyleft license, doesn't even require source code to be released at all.

I also challenged the assertions of attorney Edward J. Naughton, who posted an entry on Huffington Post on May 5 that attacked Google for violating the GPL by not releasing the Android source code.

I asserted Naughton's analysis was incorrect because only the Android kernel is under the GPL and much of the work Google is doing in Honeycomb is not happening in kernel space. What changes there are in the Android kernel are being ported upstream to the Linux kernel (at least, so far as the technical differences allow).

In his own blog last week, Kuhn jumped into the discussion, taking a whack at Naughton's original article and Naughton's subsequent comments on my May 11 blog entry.

"I noted that Naughton even commented on Proffitt's article; the comments spreads even more confusion about the GPL. In particular, Naughton claims that most BusyBox GPL violations are on unmodified versions of BusyBox. That's just absolutely false, if for no other reason that a binary is a modified version of the source code in the first place, and nearly all BusyBox GPL violations involve a binary-only version distributed without any source (nor an offer therefore)," Kuhn wrote.

Yeah! What he said!

While it was nice to be vindicated, Kuhn's article also highlights what he states is a genuine problem regarding the GPL.

Here's the problem, according to Kuhn. While Google is following the letter of the GPL and LGPL licenses for code it is using in Android, other vendors that are using Android and are presumably modifying that kernel code are not compliant with these licenses.

"I don't, however, expect to see a message in my inbox from Naughton any time soon, nor do I expect him to actually write about the wide-spread GPL violations related to Android/Linux that Matthew Garrett has been finding. Garrett's findings are the real story about Android/Linux compliance, but it's presumably not headline-getting enough for Naughton to even care," Kuhn stated.

We'll see about that. "Garrett's findings" is essentially a list of hardware vendors who are are using Android kernel code in their tablet devices and their GPL-compliance status for the kernel code. Note, this is only tablet devices (not phones). Nor does the list try to track source code for GPL userspace code.

It's a big list, and there are a lot of device makers that are currently out of compliance. If accurate, this is a big problem, because this many vendors violating the GPL is only going to weaken the license and ultimately the Android ecosystem.

These GPL compliance issues are not something that anyone can pin on Google, mind you. The fault lies with the vendors. Google may be stretching the spirit of open source to it's absolute limit, but thus far they are GPL compliant.

However, it would go a long way to repairing this damage if Google could impress upon their downstream vendors to abide by the rules of GPL. Is that too much to ask?

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon