Fortinet Under Fire for Allegedly Violating GPL Terms

A German Linux kernel developer has won an injunction against Fortinet (UK) Ltd., accusing it of using GPL software and then failing to provide the full corresponding source code.

A German court has issued an injunction against Fortinet (UK) Ltd., the British subsidiary of Fortinet Inc., the Sunnyvale, Calif., company that produces firewall and antivirus security software products.

The GPL-violations.org project uncovered alleged violations by Fortinet (UK) Ltd. of the GPL (GNU General Public License); specifically that Fortinet used GPL software in certain products and then used cryptographic techniques to hide that usage.

The GPL-violations.org project, whose goal is to raise public awareness about past and present infringing use of GPL-licensed software, said in a news release Thursday that a district court in Munich, Germany, has granted a preliminary injunction against Fortinet Ltd., banning it from further distributing its products until they are in compliance with the GPL.

One of the tenets of the GPL is that while it does not charge any royalties for use of the software source code, all distributors have to provide the full corresponding source code and a copy of the full license text.

Not only did Fortinet Ltd. not do so, according to Harald Welte, a Linux Kernel developer and the founder of the GPL-violations.org project, but it "actively tried to hide that violation," he said.

Asked by eWEEK if the German injunction would affect the companys ability to sell its products in the United States, Michelle Spolver, director of worldwide public relations at Fortinet, told eWEEK that it would not.

In an interview with eWEEK, Welte said he agrees with that assessment, but he added that any noncompliant distribution of GPL-licensed software is a copyright infringement in any country that has a copyright system and signed the respective international treaties.

"If Fortinet actually continued to disregard the license terms in the U.S. or some other jurisdiction, this would mean that we need to take legal action there. That is something Im not quite happy to do, but which I certainly would consider if the need arises," he said.

"Fortinet recently became aware of Mr. Weltes allegations and has, in good faith, been diligently working with him to resolve this matter outside of the German court system," the company said in a statement.

"Fortinet is actively taking steps to ensure that its products are compliant with GPL requirements. Therefore, Fortinet is surprised that Mr. Welte pursued a preliminary injunction against Fortinet in Germany and believes that this is an unnecessary action. Fortinet is continuing its efforts to expeditiously resolve this matter with Mr. Welte," the statement said.

Fortinets Spolver declined to comment further, saying the company is involved in legal discussions with Welte on the matter.

Next Page: A 30-day window for negotiations.