That's not it. The LGPL doesn't require dynamic linking, just that any distributed artifacts be able to be used with derived versions of the LGPL code. Distributing buildable source under Apache 2.0 would surely qualify too.
The problem here isn't a technical violation of the LGPL, it's that Rockchip doesn't own the copyright to FFMPEG and simply doesn't have the legal authority to release it under any license other than the LGPL. What they should have done is put their modified FFMPEG code into a forked project, clearly label it with an LGPL LICENSE file, and link against that.
"In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License."
They should be covered as an aggregation, provided the LGPL was intact.
The contention is that the ffmpeg code was "cut and pasted" without attribution and without preserving the license (e.g. the LGPLv2 LICENSE file). Obviously I can't check this because I don't have a clone and the repository is now blocked behind the DMCA enforcement. But at least Github/Microsoft seem to agree that there was a violation.
Wrong. A DMCA notice is not a court order and Microsoft/Github are not legally required to follow it. They do take on liability for the purported violation if they do so but if it's a nonsense allegation that doesn't matter.
Not sure what you're trying to say here. DMCA takedown enforcement is 100% the responsibility of the Online Service Providers per statute. It's the mechanism by which they receive safe harbor from liability for hosting infringing content.
Yes, but Microsoft/Github do not make any determination about the validity of the claim.
Once a valid (from a process perspective) claim is submitted, the provider is required to take the claimed content down for 10 days. From there the counter claim and court processes can go back and forth.
I think you may be astonished to realize a (the?) majority of DMCA takedowns are neither checked nor legitimate...
You can post your thoughts, feelings, and opinions on google blog, and I can submit a DMCA and google is required to take down your thoughts feelings and opinions immediately without verification.
Could there have been other / better moves with sending a reminder.
I think the devs of that Chinese company seemed to immediately acknowledge the attribution.
Now the OSS community loses the OSS code of IloveRockchip, and FFmpeg wins practically nothing, except recognition on a single file (that devs from Rockchip actually publicly acknowledged, though in a clumsy way) but loses in reputation and loses a commercial fork (and potential partner).
> ... the offending repository maintainers were informed of the problem almost 2 years ago ([private]), and did nothing to resolve it. Worse, their last comment ([private]) suggests they do not intend to resolve it at all.
Seems like the reporter gave them a lot of time to fix the problem, then when it because obvious (to them) that it was never going to be fixed they took an appropriate next step.
That's bullshit. The FFmpeg devs were well within their rights to even send a DMCA takedown notice, immediately, without asking nicely first.
This is what big corporations do to the little guys, so we owe big corporations absolutely nothing more.
They gave Rockchip a year and a half to fix it. It is the responsibility of Rockchip to take care of it once they were originally notified, and the FFmpeg dvelopers have no responsibility to babysit the Rockchip folks while they fulfill their legal obligations.
Yeah. This is like waiting 90 days before releasing a full disclosure on a vulnerability, and then complaining you could have contacted us and given us time, we only had 90 days now. Gaslighting 101. Those 90 days gives all those with a lot if resources and sitting on zero days (such as Cellebrite) time to play for free.
Deadline and reminders? They aren't teachers and Rockchip isn't a student, they are the victims here and Rockchip is the one at fault. Let's stop literally victim blaming them for how they responded.
To be clear: Rockchip is at fault, 100%. I would sue (and obv DMCA) any company who takes my code and refuses to attribute it.
If you immediately escalate to [DMCA / court] because they refuse to fix, then that's very fair, but suddenly like 2 years after silence (if, and only if that was the case, because maybe they spoke outside of Twitter/X), then it's odd.
Maybe spend less time policing how other people are allowed to act, especially when you’re speculating wildly about the presence or content of communications
It's a call to push the devs to freely say what happened in the background, there are many hints at that "I wonder if...?" "What could have happened that it escalated?" "Why there were no public reminders, what happened in the back", etc, etc, nothing much, these questions are deliberately open.
Oh. Being rude and suggesting the devs made (in your opinion) a mistake based on your guess at their actions is not going to be an effective way to get them to elaborate on their legal strategy.
Also it’s rude, which is reason enough not to do it.
> - Rockchip's code is gone
> - FFmpeg gets nothing back
> - Community loses whatever improvements existed
> - Rockchip becomes an adversary, not a partner
This is all conjecture which is probably why you deleted it.
Their code isn't gone (unless they're managing their code in all the wrong ways), FFmpeg sends a message to a for-profit violation of their code, the community gets to see the ignorance Rockchip puts into the open source partnership landscape and finally... If Rockchip becomes an adversary of one of the most popular and notable OSS that they take advantage of, again, for profit then fuck Rockchip. They're not anything here other than a violator of a license and they've had plenty of warning and time to fix.
The OP deleted that sentence and I don't think it should have be flagged and unseen by others so I have vouched for it. I understand a lot of people disagree with it, and may downvote it but that is different to flagging. ( I have upvoted in just in case )
He offer perspective from a Chinese POV, so I think it is worth people reading it. ( Not that I agree with it in any shape or form )
You are right, and the FFmpeg devs are also 100% right and I perfectly understand that.
In fact I like the idea to push the big corps and strongly enforce devs' rights.
I think earlier enforcement would have been beneficial here, just that dropping a bomb after 1 year of silence and no reminder (and we still don't know if that was the case), is a bit unpredictable, so I wanted to raise that question
There hasn't been a year of silence. Multiple people from the community have continued bugging Rockchip to address the matter in a public issue on the now-gone Github repo. The idea of a potential DMCA claim was also brought.
All they could say was "we are too busy with the other 1000s chips we have, we will delay this indefinitely".
If you have to hound them to stop breaking the law they were already an adversary and the easiest way to comply would be to simply follow the license in which case everyone wins
The problem here isn't a technical violation of the LGPL, it's that Rockchip doesn't own the copyright to FFMPEG and simply doesn't have the legal authority to release it under any license other than the LGPL. What they should have done is put their modified FFMPEG code into a forked project, clearly label it with an LGPL LICENSE file, and link against that.