GPG Suite might now be in violation of the GPL License

Mike Robinson's Avatar

Mike Robinson

23 Sep, 2018 05:57 PM

Although the GPL licenses which govern GPG "shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources," it does state that "The program must include source code, and must allow distribution in source code as well as compiled form. Where some form of a product is not distributed with source code, there must be a well-publicized means of obtaining the source code for no more than a reasonable reproduction cost, preferably downloading via the Internet without charge." And, with regard to derivative works such as GPGSuite might be considered to be, "they "must be distributed under the same terms as the license of the original software."

For a number of years, GPGSuite was truly "open source software,' but the GitHub repository has not been updated in a number of years and e.g. the mail plug-in "does not support Sierra." However, the most recent version does obviously support Sierra. Therefore, it is obvious that the product continues to be maintained by you, but that it is no longer "free and open-souce software."

However, GPGSuite, Inc. as the vendor of a now-proprietary and closed-source software product continues the deceptive trade practice of falsely claiming on its web-site that it remains open-source, and points to a GitHub repository that no longer contains the actual source code to the product. The most-recent version now demands payment for "support," but offers a "30-day trial," after which presumably the software will cease to run. (And if in fact it does not, GPGSuite is engaging in the deceptive trade practice of offering the false pretense that it will do so.

Your installation does not state that the software is now proprietary, giving no indication until such point that you engage in the deceptive trade practice of demanding payment for what you falsely represent to be free and open source software.

Having broken the copyright license terms of the GNU Public License, GPGSuite. Inc. no longer has the intellectual property rights to continue to use the "GPG" software, nor to use "GPG" in its product name. You cannot have it both ways.

You would do well to engage legal counsel, because your present stance is unlawful and is bound to very quickly attract the attention of the crypto community. To cure the situation, you must return to compliance with the GPL Licenses. You must furnish and maintain the actual source code to the product on GitHub or another public server of your choice, and you must not attempt to impose any sort of "time limit" nor to require payment under any pretense whatsoever. If you are unable to financially continue to support the product based on the donations you have so far received, you can relinquish it to the custodianship of another interested party.

Showing page 3 out of 3. View the first page

  1. 61 Posted by paul on 03 Nov, 2018 03:00 AM

    paul's Avatar

    Where is the open source version of GPG Tools which will run on mojave or high sierra?

    Since I was not warned about the paid upgrade to gpgtools 2018.5 why not bite the bullet make everyone happy offer a free update version gpgtools 2018.6?

    Then when you figure out all your legal issues providing an open source product that works under Apple's current operating system consider producing free software with the option for your user base to purchase an optional support package !

  2. 62 Posted by paul on 03 Nov, 2018 04:54 AM

    paul's Avatar

    sorry guys I installed a free Comodo signing key which actually has no bearing on this thread. and have no way to delete this entry.

    I have to use the Services dropdown to use GPG Suite 2018.5 (6f26711) in Apple Mail app

  3. 63 Posted by Tanmoy Bhattach... on 15 Nov, 2018 03:51 PM

    Tanmoy Bhattacharya's Avatar

    I am writing on this thread just to confirm that the ope source code does actually run on Mail 12 on Mojave. But, I had a lot of problems and thought my experience would help others, and put to rest worries about the actual code is somehow hidden or the provided code is spiked.

    There were three independent problems: first, Mail was not recognizing the presence of any mailbundles in ~/Library/Mail/Bundles, so no option to manage them appeared in the menu. I spent a lot of time on this, and it got fixed when I installed the distributed binary (without actually activating the GPGMailLoader plugin). I haven't investigated this issue; it probably has something to do with the systemwide /Library/Mail/Bundles needing to exist, or some caching problem or something like that. Someone who knows better may be able to comment. For the rest of the experiments, I started putting the mailbundle in /Library rather than ~/Library, but I think both work.

    Next, if obtaining the code from github, it is important to move to the mojave branch. As opposed to expectations, the different branches for different major OS versions are not yet merged.

    Third, even after all this, Mail complained about the plugin not being for the current Mail version. This is due to a corruption in signature as mentioned by someone else above. I fixed this by creating a self-signed code-signing key, and force signing the included Framework in the source tree: codesign -s --deep --force Frameworks/RegexKit.framework (This gives a security error if the keychain where the codesigning key for is located can't be unlocked, typically when it cannot open a window to ask for the password). If it gives the error that it can't figure out whether it is an app or a framework, it is due to a corruption of the tree where a symbolic link called 'Current' a few folders down has been copied rather than being left as a link.

    And fourth, Copy the final mailbundle to the right place maintaining symbolic links as symbolic links. For example cp -a works, but cp -pr corrupts.

    Hope this description helps others like me who came to this thread believing the authors were deliberately trying to fool the internet :-)

  4. 64 Posted by Tanmoy Bhattach... on 15 Nov, 2018 03:58 PM

    Tanmoy Bhattacharya's Avatar

    Sorry it does not let me edit my message. Two things: first the codesign command needs the signing identity after the -s. I put in <identity> while posting, but the formatter took that for an html tag ...

    Second, I forgot to mention that the signing has to be done before the make. If you have already done a make, a make clean is needed before you make afresh.

  5. Steve closed this discussion on 18 Sep, 2019 03:55 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac