Subject: Re: JBoss aquired by Red Hat
From: simo <s@ssimo.org>
Date: Sun, 30 Apr 2006 17:22:42 -0400

On Sun, 2006-04-30 at 13:51 -0700, Thomas Lord wrote:
> Stephen J. Turnbull wrote:
> > My claim is that protecting parties that receive the code is not the
> > NDA signer's problem.  He only needs to protect those parties who
> > receive *legal* copies of the code.  
> We disagree about some things there but for the sake of
> discussion let's momentarily stipulate that you are right.
> 
> There is a second argument that applies even
> from your narrower point of view and that has nothing to do with
> thievery or accidental disclosure:
> 
> Customer, in this scenario, has an obligation: to release Consultant
> from the NDA upon the first distribution by Customer.  This is
> not a passive obligation, it is an active obligation.   Customer must
> take steps to internally audit and maintain certainty about whether
> or not legal distribution has taken place.   Customer must, at the
> very least, maintain the ability to honestly and accurately answer
> Consultant's question "Am I released from the NDA yet?"
> Customer must not only maintain that ability but is obligated
> to actually answer the question when asked.
> 
> Now, Customer may find this restriction palatable but that makes
> for no nevermind: It is nevertheless a legal requirement, beyond
> the requirements of the GPL, imposed on Customer's right to
> further distribute the program.
> 
> Contrary to myth, Consultant has not even managed to give Customer
> full GPL rights to the modified work and, therefore, again, Consultant
> had no right to distribute The Derived Work to Customer in the first
> place.

Tom,
you are again off road IMO.

This obligation does not change the licensing terms, nor impose any
restriction on Customer when he decides to release the code.

Under such NDA can Customer at any time distribute the code?
Yes.

Can the Customer distribute the code under the GPL?
Yes.

Can the Customer answer the Consultant question at any time?
Yes,
it is supposed that Customer knows whether or not he distributes a
program to third parties.

But even in the case Customer does not know, does that change the way
the program is licensed to third parties?
No.

So again the obligation you are talking about has nothing to do with how
the GPL works, unless that NDA states that Customer cannot distribute
the program to third parties without prior notice to Consultant.
Only in this specific case the NDA may be seen as an additional
restriction to the GPL, and as you can see that in this case the NDA
obligation goes from Consultant to Customer, not the other way as
previously stated.

So yes, there are ways to construct contracts so that they can add
additional obligations incompatible with the GPL, but this is a scenario
that is different from the previous one.

I think that to make any further meaningful comment on this hypothetical
situation, without changing the cards on the table at each iteration,
you should really post a specific example text of the NDA you have in
mind and we can comment on the specific parts of it to see if there's
anything that violate the GPL.

A a general rule any contract that impose obligation form the receiver
upon to the distributor shouldn't cause any problem under the GPL POV,
and conversely any obligation from distributor to receiver is probably
going to be a violation of the GPL.

But you can't go besides generic statements on the matter unless you
refer to a specific contract.

Simo.