Subject: Re: JBoss aquired by Red Hat
From: Thomas Lord <>
Date: Sat, 29 Apr 2006 19:06:46 -0700

On the question of what happens if Consultant distributes a
modified work to Customer under an NDA:

Richard Stallman wrote:
>       2. I will have distributed a modified work under a license
> 	 that is not necessarily valid for all third parties.
> I don't see how.

While I am not a lawyer, I will try presenting it in (roughly) legal
vocabulary so that you can ask for your council to comment
on it.

Step 1:  Consultant obtains a distribution of a program under
             the GPL and modifies it, creating  The Derived Work.

Step 2:  Consultant distributes The Derived Work to Customer
             under an NDA, promising to distribute The Derived
             Work to nobody else (treating The Derived Work as a
              trade secret of Customer).

Step 3: Consultant breaks the NDA agreement and distributes a
             copy to an innocent third party.   Quickly, several other
             other innocent third parties receive distributions from
             earlier innocent third parties.

Step 4: Customer notices this and tracks down all innocent third
             parties, noticing them that they are in possession of a trade


a) Consultant is in a hell of a lot of hot water.  Duh.
b) The innocent third parties may no longer use or further
     distribute the software unless they make a special deal
     with Customer.

All of that, as far as I know, is settled law.   Consequence (b)
has further implications:

Because of (b), the program is no longer licensed to the formerly
innocent third parties under the GPL.

Therefore, Consultant has failed to cause the The Derived Work
to be licensed to all third parties under the terms of the GPL.

Therefore, by clause 2(b) of the GPL, Consultant had no right
to distribute The Derived Work to Customer in the first place.

It may be true that Consultant had no right to distribute
to the first innocent third party.  But the consequences
of her having done so prove that she *also* had no right
to distribute to Customer.


Now one question is, did the Consultant have no right to
distribute The Derived Work to the Customer in the first
place only because the Consultant himself then broke the

Not at all.   Customer's employee X might have been the
one who passed the program on to innocent third parties.
The outcome is still the same:  innocent third parties have
received distributions under the GPL only to have their GPL
rights invalidated.  _Consultant_ has failed to satisfy 2(b) of
the GPL.


Now another question is: does this *only* apply if an actual
unauthorized disclosure takes place?   If not innocent third parties
are ever *actually* involved, isn't Consultant safe?

The wording of 2(b) is plain and simple:

    b)  You must cause any work that you distribute or
        publish, that in whole or in part contains or
        is derived from the Program or any part thereof,
        to be licensed as a whole at no charge to all
        third parties under the terms of this License.

The mere possibility of unauthorized disclosure proves that
Consultant has failed to "cause" The Derived Work "to be
licensed [...] to all third parties under the terms of this License."

The requirement to "cause" is an affirmative requirement.
The distributing party, the Consultant, must take all practical
positive steps to ensure that all third parties, including potential
third parties, are so licensed.

Distributing to Customer under an NDA does exactly the
opposite.  That action has either no effect on third parties or,
not implausibly, the effect of ensuring that some third parties
are not granted GPL rights.

Therefore, again, Consultant has no right to distribute
The Derived Work to Customer in the first place.

Distributing a modified form of a GPLed program under
an NDA violates the GPL, pure and simple.