Comment by terinjokes 15 hours ago
Why should the test process be sending physical letters (edit: in 2025)? Nothing in the GPLv2 requires a physical letter.
The address the OP sent a letter too has already been removed from the canonical version of the license (and was itself an unversioned change from the original address), and section 3 doesn't require a physical offer if the machine-readable source code is provided.
If the goal is to be annoying, sure make sure folks can jump through hoops. I just don't think in 2025 a company legitimately intending to satisfy the GPL requirements needs anything to do with physical mail, since they'll provide it online.
I stopped putting in requests for source code offers because I've had a 0% success rate.
Please let the Software Freedom Conservancy know about any companies that are still in violation of the GPL by not satisfying requests for source code.
Companies don't legitimately intend to satisfy the GPL requirements.
If you put in a source code request and get no reply you should try to contact the copyright holder or someone like the Software Freedom Conservancy or the EFF, because they are breaking the law. There was a case recently in Germany where a court forced a maker of home routers to give up not just their source code, but also the scripts to install modified software - as required by the license. (As I understand it there is no precedent in a civil law system, but it does mean at least one judge believes Tivoization of GPLv2 software is illegal)
I am keeping an eye on SFC's lawsuit against Vizio[0].
[0]: https://sfconservancy.org/copyleft-compliance/vizio.html
Most of the time the GPL request is a waste of time with no purpose other than annoy a company. You can download linux source code from many places, why do you want to get it from us?
There is a slight possibility we have a driver that you could get access to, but without the hardware it won't do you any good. Once in a while we have hacked the source to fix a bug, but if it isn't upstream it is because the fix would be accepted (often it causes other bugs that don't matter to use), and in any case if it isn't upstream, the kernel moves so fast you wouldn't be able to use it anyway.
You only have to serve those requests if you distribute your changes yourself.
So presumably as a hardware company you'd be offering your hardware with your custom linux installed, and then people wanting to audit or hack the product they bought would request the code from you.
That is incorrect, the GPLv2 requires that you be able to modify the code, build it, reinstall the binary and run the modified binary.
https://sfconservancy.org/blog/2021/mar/25/install-gplv2/ https://sfconservancy.org/blog/2021/jul/23/tivoization-and-t... https://events19.linuxfoundation.org/wp-content/uploads/2017...
Again I see no purpose in doing things this way besides trying to minimize the amount of people who look at your GPL code for some reason. Isn't it more annoying for the company to make someone in customer support read paper letters, burn the GPL package onto a CD-R, and mail it than it is to simply host the GPL package for each product on a support site or Github or something and include a link in the product documentation?
There's definitely a purpose, it's to obfuscate usage of GPL software and dodgy linkage. There's no other reason for situations like hosting a binary download as a plain download on a website while getting the source requires mailing a check or money order to a UK address.
There's actually a near-100% chance that the kernel on my device is not the upstream kernel. There's a near-100% chance that you have added some custom drivers or got them from your upstream. There's also a near-100% chance that you have written some scripts to install the kernel on the device, which you are required (at least one German judge thinks so) to share with me so that I can install a modified kernel on my device.
Some companies still do this mainly to make the GPL request process more annoying so fewer people do it. If you have to mail a letter with a check to cover shipping/handling and wait for the company to send you a CD-R with the code on it, fewer people will look at the code compared to if the company just put it on Github or something.