GPL - possible violation - what should I do?

Jan Wildeboer jan.wildeboer at
Mon Mar 18 14:55:14 UTC 2002

> Right.  So, they are not "linked" as such and are distributed seperately
> extensions to your distribution?

Yes. Though these files are of no use outside our application. They can't
work standalone, they rely on being included.

>  (If they are distributing a combined
> ready-to-run package, this is moot and they must obey GPL.) I don't know
> what previous thoughts are on PHP'd software.  In the FAQ, Perl is
> and using GPL'd modules means that you must be GPL'd.  Java is mentioned
> subclassing is a derivative work.  I guess that *because* they use your
> functions and data structures, they are derived works to all intents and
> purposes.  So they should be GPL'd.

That's our understanding. Good to know we're not alone :-)

> But they don't call your scripts, do they?

They do. For example a payment module is included in the checkout process,
processes the data it gets from the main application (cart/customer info,
module parameteres stored in the database), initiates a redirect to either
the success or non-sucess page etc.

>  They just expect you to
> include() them and your functions to be available.  Consider this: Would
> #include'ing a GPL'd file require your work to be GPL'd?  Probably.  But
> you are #include'd by a GPL'd program, what happens there?  I don't know,
> but I think it makes your software Free Software using non-free

That's the other way round. This comes in effect when we utilite libraries
that were written not specifically for this purpose (e.g. calling curl in
some checkout modules as they require SSL-connections, something PHP lacks).
These modules are clearly programmed as modules for osCommerce without any
functionality beyond osCommerce, so I guess they are plug-ins and no

> Do they have to modify your files to run their software??

I don't know. They won't allow us to see their sources or an installed

> Can't you analyse their binaries?  Maybe not, if their licence is nasty.

They probably don't use binaries, as PHP normally is interpreted and not
compiled. I asked several times if they are willing to send us their sources
but they ignore these questions.

> If they are abusing your mailing lists, you should set their messages to
> held for moderation.  If they evade the moderation, you should file an
> report with their provider.

The funny thing is that after I showed them relevant GPL-FAQ entries they
suddenly posted a message stating that after an internal meeting they had
decided to not offer the modules but only the installation service. Yet they
never did that. The license question was never answered nor did they change
anything on their webserver.

Jan Wildeboer

More information about the Discussion mailing list