I'm just curious how anyone figures this example is a GPL violation? The GPL states (and Stallman has discussed and stated) that if an organization uses GPL code internally and never redistributes the code outside the organization, it's perfectly fine. Which seems to be this case. So why does anyone think it's a violation and what's the point of this article?
Edit - also, the GPL is clearly a contract. Stallman has touched on copyright issues too, saying (for example) that a game can be open source but the assets still copyrighted. They're different concepts altogether.
Hi, current maintainer of Lasso here; Orange bundled Lasso (a GPL library) with their internal authentication system at the time (called IDMP, itself made as an Apache module) to give it support for SAML then sold a license of the bundled software to the French state; they never distributed the source of the whole package, and they did not distribute the whole package under a GPL compatible license. Clear violation.
Using it for a service still isn't 'redistribution' as per the GPL. It still wouldn't be considered to have left the organization. It's perfectly fine use as per the GPL.
And if it's the French government who contracted the whole thing, they're the original owner, not Orange, but either way it's fine (an owner giving access to a contractor to work on a program containing GPL code isn't considered redistribution either, nor is a contractor using open-source code in a project for a client).
Edit - also even if Orange used it internally, then made the French government a service which uses it, as long as Orange simply re-sourced the code for the government it's fine. It's like Amazon selling hosted Linux images.
think: Orange makes software for the government, that the government pays for, that actually turns out to be existing software owned by someone else and under GPL license (which extends to the whole project and has other implications).
That's very much the definition of counterfeiting.
There's also workarounds and it isn't necessarily 'counterfeiting'. Think Amazon selling hosted Linux OS images. Think commercial software that needs GPL software to run so the user downloads the GPL software themselves instead of it being bundled.
Did they sell the software to the French gov, or
deploy a managed service that only used this software under the hood (thus avoiding even the "public performance" part of copyright, that might otherwise apply to a SaaS deployment)? The distinction is quite critical to this case, if they did the latter it's no different than Amazon doing the same thing.
Edit - also, the GPL is clearly a contract. Stallman has touched on copyright issues too, saying (for example) that a game can be open source but the assets still copyrighted. They're different concepts altogether.