GPL vs. NDA dilemma

Perhaps. But in general the question of what rights the customer and the hiree are going to have to code ought to be negotiated up front. If based on that discussion, it turns out to be inappropriate that GPL code can be used, then the hiree should avoid using it, even if that means that he must turn down the work.

Isaac

But wouldn't it then be that middle person's responsibility to deliver the source code, since they distributed the binary to the third person? I mean, after all, you have already given them the source code per GPL requirement, so now they are required to share the source with the binary, not you. Or is that what you said?

Well, yes, that makes sense. But if someone else is redistributing without direct access to the source code, isn't that person potentially in violation of the GPL? After all, how can he know for sure that the requested source matches the source still available on the web site.

If software producer A decides to discontinue distribution of a particular version, but some third party distributes it and then sends someone to software producer A for the source code of an old version that is no longer available, who violated what? On one hand, software producer A no longer has the source of an old piece of software. On the other hand, the redistributor is sharing the software without any direct access to the source.

No. Distributing binaries with an offer for the source is potentially a bigger burden than just distributing the source in the first place. Since you will also need to accept offers that have been 'copied' in a further binary distribution. There's no limit to the 'depth' of this copying, and no limit to the number of requests for the source you could recieve.

A written offer is for the source that produced the binary. The original written offer distributor has to keep the source around for three years, yet another burden of using that method of distribution.

If it's been less than three years since the offer was granted then A is in violation.

Once the three years is up, then (from my understanding of the GPL) it's possible to have GPLd software distributed without source. It would include a written offer, but that offer would be out of date. It can only be non-commercial distribution though.

The company is violating the GPL if it distributed GPL code whilst attempting to hide the fact that the binaries are modified. However, the wrongness of the company behaviour does not necessarily make the NDA void nor does it make it safe for the emloyee to violate the NDA.

There is a special case that the employee's responsibility as a citizen is of greater significance that their responsibility under contract law so if they know that someone else is breaking the law and getting away with it and if their actions are in the public interest and the sort of actions that any good citizen would have a duty to perform then they might get away with breaking the NDA (but plenty of "whistle-blowers" have come out wearing the rough end of the pineapple so don't think I'm offering any guarantees).

In most cases, it is easy for the recipient of the binaries to test for themselves whether they are the same as those generated from publicly available source and the employee can safely give an anonymous tip-off that someone should do a bit of testing and the message "leaks" out in the long run. However, embedded devices are tricky because it can be very difficult to test or even examine the binary so potentially embedded GPL code can be illegally distributed without any ramifications simply because of lack of proof. Then again, this isn't a fault of the GPL as such, after all, embedded devices might potentially contain all sorts of copyright violations and with the chips locked down it is still next to impossible to prove anything.

- Tel