4

I currently work on a proprietary, closed-source software suite, which is distributed to customers as part of a larger package (including various hardware and services).

The software suite uses LGPL-3 libraries (as shared libraries, we haven't done any modifications to these ourselves), but also contains a large amount of proprietary, in-house developed code (also provided as shared libraries) that we want to protect. We have thus added protection to the software suite, requiring a USB dongle to be present - without it, the software doesn't run. This protection also protects against running any part of our software suite in a debugger.

The protection is added to our own shared libraries, but not to the LGPL-3 libraries. Since all parts of our software suite uses one or more of our own, protected shared libraries, no part of the software suite can be run in a debugger.

Reading through the LGPL-3 text though, section 4 on 'Combined Works' says (emphasis mine):

You may convey a Combined Work under terms of your choice that, taken together, effectively do not restrict modification of the portions of the Library contained in the Combined Work and reverse engineering for debugging such modifications, (...)

Question is - I'm a bit unsure about if section 4 should be read as:

  1. We are not allowed to restrict the user from debugging/reverse engineering with respect to the LGPL-3 licensed shared libraries in our license terms for our software suite, but we can technically make such debugging difficult by applying the protection - as in, it's only the terms that cannot restrict debugging?

or:

  1. We can neither restrict the user from debugging/reverse engineering in our license, nor technically, using the described software protection?

We provide the appropriate license notice, a written offer for providing the LGPL-3 shared library source code, and instructions for where the shared libraries are located, to allow users to manually provide another version - it's just the part about debugging that I'm hoping to get cleared up.

Improve this question
6
  • 1
    Did you apply extra protection (to restrict debugging) to the LGPL library, or only to your own code? If you modified the LGPL library in any way, you would have to at least release the source code to your modified version of the library. Commented Jan 31, 2018 at 9:25
  • 2
    The GPL and LGPL do not require that you make your source code "debugger friendly" or anything like that. Maybe that is your question? If you wrote some source code (modifying an (L)GPL product) that confuses debuggers, purposefully or otherwise, then to comply with the (L)GPL obligations you must simply release the source code of the changes you made. Note that obfuscated source code is not allowed. You must be OK with someone reading what you changed in the (L)GPL parts by releasing the "preferred form" for editing the source code. Commented Jan 31, 2018 at 9:36
  • @Brandin Thanks for the replies! The LGPL shared library is used unmodified, and is also not protected itself - only our own shared libraries are. However, since that all parts of our software suite load at least one of our own, protected libraries, it is quite difficult to debug any of these - and it would thus also be difficult to debug if the user wants to provide another version of the LGPL library. I'll try to clarify the question though. Commented Jan 31, 2018 at 10:29
  • 1
    The LGPL doesn't require you to write your proprietary code in a certain way, i.e. it doesn't need to "play nice" with debuggers. The part you quoted, as you say, is to prevent you from writing in your license terms, for example "This application comes with Foo, which is LGPL licensed. I hereby forbid you from modifying the Foo library that is shipped with this product. Also, I hereby forbid you from attaching a debugger to this Foo library." I don't see anything stopping you from forbidding a user from modifying your proprietary parts, though. Also, you don't need to help a user debug Foo. Commented Jan 31, 2018 at 10:44
  • 1
    @Brandin to be honest, that's how I read it, too. Could you bear to write up what you wrote as an answer, so that if the OP's happy (s)he can accept it, and put the question to bed? Commented Jan 31, 2018 at 11:01

1 Answer 1

Reset to default
1

Be friendly to your users... consider making your code debugger-friendly, or even giving access to source, if that is important to them. If not, and debugger-requiring research is common, see if you can ease getting the needed information into the hands of your engineers, or how to make that need disappear.

Improve this answer
1
  • Good sentiment, but it doesn't seem to answer the question - specifically, how should that particular section of the license be read? Commented Aug 12, 2019 at 21:12

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.