Hacker News new | ask | show | jobs
by teddyh 181 days ago
> I then decided to contact Insulet to get the kernel source code for it, being GPLv2 licensed, they're obligated to provide it.

This is technically not true. It is an oversimplification of the common case, but what actually normally should happen is that:

1. The GPL requires the company to send the user a written offer of source code.

2. The user uses this offer to request the source code from the company.

3. If the user does not receive the source code, the user can sue the company for not honoring its promises, i.e. the offer of source code. This is not a GPL violation; it is a straight contract violation; the contract in this case being the explicit offer of source code, and not the GPL.

Note that all this is completely off the rails if the user does not receive a written offer of source code in the first place. In this case, the user has no right to source code, since the user did not receive an offer for source code.

However, the copyright holders can immediately sue the company for violating the GPL, since the company did not send a written offer of source code to the user. It does not matter if the company does or does not send the source code to the user; the fact that the company did not send a written offer to the user in the first place is by itself a GPL violation.

(IANAL)
8 comments
JoshTriplett 181 days ago
This is an open legal question, which the Conservancy v Vizio case will hopefully change; in that case, Conservancy is arguing that consumers have the right to enforce the GPL in order to receive source code.
link
schmuckonwheels 181 days ago
This got buried on HN a few days ago which is a shame:

https://social.kernel.org/notice/B1aR6QFuzksLVSyBZQ

Linus rants that the SFC is wrong and argues that the GPLv2 which the kernel is licensed under does NOT force you to open your hardware. The spirit of the GPLv2 was about contributing software improvements back to the community.

Which brings us to the question: what is this guy going to do with (presumably) the kernel source? Force the Chinese to contribute back their improvements to the kernel? Of which there are likely none. Try and run custom software on his medical device which can likely kill him? More than likely.

The judge's comments on the Vizio case are such that should this guy get his hands on the code, he has no right to modify/reinstall it AND expect it will continue to operate as an insulin pump.

This is about as ridiculous as buying a ticket on an airplane and thinking you are entitled to the source code of the Linux in-seat entertainment system.

link
jacquesm 181 days ago
There are a lot of people hacking on insulin pumps and they are lightyears ahead of commerce. If you want a very interesting rabbit hole to dive into try 'artificial pancreas hacking' as google feed.

One interesting link:

https://www.drugtopics.com/view/hacking-diabetes-the-diy-bio...

I would trust the people that hack on these systems to be even more motivated than the manufacturers to make sure they don't fuck up, it's the equivalent of flying a plane you built yourself.

link
bitmasher9 181 days ago
> it's the equivalent of flying a plane you built yourself

A great analogy because people die that way. I personally would never push code to another person’s insulin pump (or advertise code as being used for an insulin pump) because I couldn’t live with the guilt if my bug got someone else killed.

link
jacquesm 180 days ago
I know people die that way (GA). But someone is working for the companies that make insulin pumps and they are not as a rule equally motivated so I would expect them to do worse, not better.

And to the best of my knowledge none of the closed-loop people have died as a result of their work and they are very good at peer reviewing each others work to make sure it stays that way. And I'd trust my life to open source in such a setting long before I'd do it to closed source. At least I'd have a chance to see what the quality of the code is, which in the embedded space ranges from 'wow' all the way to 'no way they did that'.

link
chii 180 days ago
> I would expect them to do worse, not better.

which is why lots of systems and processes (sometimes called red tape) exist to try and prevent the undesired outcome, and dont rely on the competency of a single person as the weak link!

link
f1shy 180 days ago
Anytime anybody does something himself, there is a risk. People die because of welding parts cleaned with break-cleaner, people die driving, diving, sky-diving, doing bungee jumping...

Advertising that code, IMHO would be as showing of you doing extreme sports, for example. I do not think is any bad. A good disclaimer should be enough to take away any guilt.

link
RobotToaster 180 days ago
I'm not aware of any deaths attributed to open source artificial pancreas systems. Meanwhile there have been multiple attributed to closed source glucose monitors.
link
croemer 179 days ago
Not attributed to. The FDA wording says "associated with" which is much weaker causally.
link
fsflover 180 days ago
https://news.ycombinator.com/item?id=46398414
link
horsawlarway 180 days ago
And yet someone IS pushing code to these devices. Every single one.

So the question really becomes - Are these people working on their own pumps with open source more or less invested than the random programmers hired by a company that pretty clearly can't get details right around licensing, and is operating with a profit motive?

More reckless as well? Perhaps. But at least motivated by the correct incentives.

link
dullcrisp 180 days ago
So flying in a plane you built yourself is in fact safer than flying commercial because the motivations line up. Got it.
link
socalgal2 180 days ago
> I would trust the people that hack on these systems to be even more motivated than the manufacturers to make sure they don't fuck up

I would think it's the opposite. People that hack on this only risk their own life. Companies risk many people's lives and will get sued. Of course the person doing the hacking doesn't want to die but they're also willing to take the risk.

link
tavavex 180 days ago
The absolute worst-case scenario of messing this up as a company is that you get sued and they win, or you're forced to settle. You pay out some money, post a public apology, whatever. If things get really bad, the company goes under. But you're likely still far richer than the average person, and the blame is distributed enough that no one gets a criminal sentence - not that it was a realistic option to begin with.

The baseline worst-case scenario of messing this up on yourself is that you die.

link
Dilettante_ 180 days ago
>People that hack on this only risk their own life

Yeah, only their own life, yknow, something not particularly valuable or motivating to conserve for them, as opposed to the companies financials!

link
array_key_first 180 days ago
Right, but getting sued is basically the least risky activity ever. Okay, a little dramatic but: you won't go to jail, and if you're rich and become less rich you're still better off than most people. In pure absolutionist terms, being a business owner is basically always less risky than being labor.
link
wpm 180 days ago
> People that hack on this only risk their own life.

Provided they do not risk anyone elses, that is entirely their right.

link
rkomorn 180 days ago
A lot of the other responses say something along the lines of "of course people have more incentive not to mess up, they care about their own lives more than corporations care about getting sued" and sure, that's true in general, but:

- people try to wingsuit through narrow obstacles and miss

- people try to build their own planes and helicopters and die

- people try to build submersible vehicles to go see the titanic and, uh, don't have a 100% success rate

- people try to build steam-powered rockets and die

"It's their life, they won't fuck it up" doesn't exactly cover a lot of behaviors.

I'd argue home-rolling your own medical device firmware is closer to daredevil/"hold my beer" behavior than normal.

link
jacquesm 180 days ago
None of these have anything to do with your average diabetic loop hacker. You are comparing people that live for the thrills with people that are just trying to live.
link
cxr 180 days ago
> The spirit of the GPLv2 was about contributing software improvements back to the community.

It may be the case that when all is settled, the courts determine that the letter of the license means others' obligations are limited to what the judge in the Vizio case wrote. And Linus can speak authoritatively about his intent when he agreed to license kernel under GPL.

But I think that it's pretty clear—including and especially the very wordy Preamble—not to mention the motivating circumstances that led to the establishment of GNU and the FSF, the type of advocacy they engage in that led up to the drafting/publication of the license, and everything since, that the spirit of the GPL is very much in line with exactly the sort of activism the SFC has undertaken against vendors restricting the owners of their devices from using them how they want.

link
ryandrake 181 days ago
Why is it ridiculous? If the license says you have the right to obtain the source code to software that was distributed to you, then you have the right to obtain the source code. It doesn't matter what your intended use of it is.
link
teddyh 181 days ago
Rather crucially, the license itself does not say that you have the right to the source code. It is only the separate written offer which gives you that right. If you did not receive such an offer, you don’t have any right to it. But then, the company has already, unquestionably, violated the GPL, and the company can be sued immediately. Specifically, you don’t have to first ask the company for the source code! The lack of a written offer is in itself a clear violation.
link
schmuckonwheels 181 days ago
> But then, the company has already, unquestionably, violated the GPL, and the company can be sued immediately.

You were right up to this point. Medical devices requiring a prescription must be obtained via specialized suppliers, like a pharmacy for hardware. These appliances are not sold directly to end users because they can be dangerous if misused. This includes even CPAP machines.

In theory, that written offer only needs to go to the device suppliers. Who almost universally have no interest in source code. When the device is transferred or resold to you, it need not be accompanied by the offer of source.

If that was true, anyone reselling an Android phone could open themselves up to legal liability. Imagine your average eBayer forgetting to include an Open Source Software Notice along with some fingerprint-encrusted phone.

link
teddyh 181 days ago
> If that was true, anyone reselling an Android phone could open themselves up to legal liability.

That’s only an appeal to ridicule. If those are valid, here’s an opposing one:

If this is not true, then any company can violate the GPL all it likes just by funneling all its products through a second company, like a reseller.

link
JoshTriplett 181 days ago
> When the device is transferred or resold to you, it need not be accompanied by the offer of source.

This is false. The person transferring the device must either pass along the offer they received (GPLv2 clause 3(c), and only if performing non-commercial redistribution), or pass along the source code (GPLv2 clause 3(a)).

link
Y_Y 181 days ago
My Android phone does come with an explicit written offer of source. It's in Settings>About>Legal.
link
mr_toad 180 days ago
> In theory, that written offer only needs to go to the device suppliers.

The GPL clearly specifies recipients, it doesn’t say anything about suppliers.

link
ryandrake 180 days ago
You already created an interesting top-level comment analyzing the difference between "offering" and "providing" which has a lot of discussion. I'm just saying it's not "ridiculous" to expect software licensing terms to be applied and enforced, whatever a judge decides those terms end up meaning.
link
schmuckonwheels 181 days ago
It's a medical device that requires a prescription. You can't buy it off the shelf. They're not distributing software to you either. You must go through a medical equipment supplier who transfers the device to you after insurance has paid for some or all of it.

For the same reason you can't find an airplane entertainment system in the trash and call up the company and demand source code.

link
kevin_thibedeau 181 days ago
It doesn't matter what form it takes. Compiled binaries of GPL code are being distributed. The recipients of that binary are entitled to the source of the GPL portions in a usable form:

  "The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable."
The GPL here doesn't extend beyond the kernel boundary. Userland is isolated unless they have GPL code linked in there as well. If they were careless about the linkage boundaries then that's on them.
link
abigail95 180 days ago
You've gone off the rails by narrowly focusing on a passage of a software license without understanding the contract law and copyright law environments that those licenses and transactions exist in.

If you file a statement of claim to a court that is just riffing on the theme of "Compiled binaries of GPL code are being distributed" - you won't get anywhere.

I implore you to learn how to identify the parties involved, which contracts get formed when and between whom, de minimis, exemptions to copyright, and the non-copyrightable parts of code.

link
schmuckonwheels 181 days ago
The recipient of that object code is the medical device supplier, not the end-user.

It's subsequently transferred to you after presenting a prescription, without any accompanying offer of source code.

In other words, assume you are the second owner in all cases when it comes to certified medical equipment.

AFAIK if you find an Android phone in the trash, you are not entitled to source either since you never received the offer of source during a purchase transaction. You know that little slip of paper you toss as soon as you open some new electronics that says "Open Source Software Notice".

link
isodev 181 days ago
> what is this guy going to do with (presumably) the kernel source? Force the Chinese to contribute back their improvements to the kernel?

As the original Reddit comment explains, Insulet is an American company.

link
qmr 170 days ago
> This is about as ridiculous as buying a ticket on an airplane and thinking you are entitled to the source code of the Linux in-seat entertainment system.

Broken take. You are entitled to the source code.

link
jonway 181 days ago
Big disagree, if they distribute the code they’re on the hook for the gpl source, too!

That’s about as ridiculous as buying a plane and knowing you’re entitled to the gpl sources used.

link
wizzwizz4 180 days ago
> Try and run custom software on his medical device which can likely kill him? More than likely.

It's not like the OEM software also won't kill you: https://sfconservancy.org/blog/2025/dec/23/seven-abbott-free...

link
JoshTriplett 181 days ago
> Linus rants

Linus is arguing against a strawman that Conservancy never actually argued. See https://sfconservancy.org/news/2025/dec/24/vizio-msa-irrelev... for details.

> Which brings us to the question: what is this guy going to do with (presumably) the kernel source?

https://openaps.org/

link
schmuckonwheels 181 days ago
If you have a pacemaker implanted, do you believe you have the right to modify and update the software that operates it? Separately, do you think it's remotely a good idea?
link
JoshTriplett 180 days ago
> If you have a pacemaker implanted, do you believe you have the right to modify and update the software that operates it?

Yes, of course. It is abhorrent that people have devices implanted into their bodies and are in any way prevented from obtaining every last detail about how those devices operate.

> Separately, do you think it's remotely a good idea?

In rare circumstances, yes. See, by way of example, Karen Sandler's talk on her implanted pacemaker and its bugs, for specific details on why one might want to do so.

link
iinnPP 181 days ago
Not that person, but yes. You have entirely missed the ability to simply view and understand what's inside your own body.

Where your interpretation means someone else needs to follow your whim for their own problem, despite the legalese stating otherwise.

I think that is an absurd position and I am sorry to feel the need to have to be blunt about it.

link
brendyn 181 days ago
Obviously yes to the first question. How could you possibly not have the right to operating your own heart. Naturally it would generally not be a good idea.
link
fsckboy 179 days ago
>Which brings us to the question: what is this guy going to do with (presumably) the kernel source?

it doesn't bring us to the question, but the answer to the question is, run a diff between the software that has this guys life in its hands, and the version it was derived from, to see if they inserted back doors, stray pointers, etc.

link
f1shy 180 days ago
>> Try and run custom software on his medical device which can likely kill him? More than likely

I think this sentence is very sad. Not only this is a hard accusation, it is also the primary argument of the anti right to repair movement. An argument that I think is extremely bogus and ill intentioned, and I particularly (like Mr. Rossman) viscerally dislike.

Maybe the primary motivation is a) curiosity, and b) just for kicks to know if they honor the license.

link
RobotToaster 180 days ago
> Linus rants

That happens every Tuesday, hardly newsworthy.

link
singpolyma3 181 days ago
The argument here is that, if there is an offer, they already do under standard contract law.
link
teddyh 181 days ago
If you carefully read what I wrote, you will notice that I never claimed otherwise. Whether or not third parties have standing to sue on a GPL violation is immaterial to my point, none of which is “an open question”.
link
tzs 180 days ago
> The GPL requires the company to send the user a written offer of source code

It should be noted that this is just one of three options that someone who wants to distribute binaries of GPL code can choose from. It's the most commonly chosen one, and one is only available for noncommercial distribution, so the odds are good that this is the option they are using.

The other available option is to accompany the binary with the source code.

That one leads to an interesting possibility where someone could end up with a binary and there is no one obligated to provide source to them. As far as I know this has not actually arisen, but it seems like something that is bound to happen sometime.

Suppose company X decides to make a generic hardware platform that other companies can buy to build their products on. X's platform is basically a small single board computer with WiFi, Bluetooth, dual, USB ports, a couple Ethernet ports, and some GPIO ports. X ports Linux to their hardware.

When X ships a system it comes with an SD card with a Linux distribution installed including their custom kernel. It is configured to boot from the first SD card slot, and then to run a custom login system that looks at the second SD card slot and if there is a card in there it mounts it, looks for an executable on its root name application.exe, and runs that as root. X includes in the box a small thumb drive with a copy of the source code for everything on the SD card.

The idea is that a company Y that wants to make something like a WiFi access point or an air quality monitor can buy these boards from X, put them in a case with whatever peripherals or sensors they need like air quality sensors, write the software for the application, put it on an SD card, and put that in the second SD card slot.

So lets say Y buys 1000 of these systems from X, builds 1000 of their access points or whatever from them, and sells them.

One of their customers asks Y for the source code of the GPL parts. Does Y have to provide it?

I'd say they do not. They are not making copies or derivative works. They are just receiving physical copies from X and passing those on unmodified to their customers. This should fall squarely under the First Sale Doctrine in US copyright law, and similar rules in other jurisdictions.

How about if they ask X for a copy?

X has made copies and derivative works and distributed them. But X satisfied their GPL requirements by including a thumb drive with the source with each board they shipped to Y.

link
jstanley 181 days ago
Are you saying that in the general case if you send someone a written offer for something and then don't honour it, you are in breach of contract?

That doesn't sound right to me.

A written offer is not the same thing as a contract.

link
dspillett 181 days ago
The written offer is part of the licence, as is the need to respond to that offer with the source code offered. It is all part of the same agreement.

A written offer on its own would not normally be directly enforceable in many (most?) jurisdictions, for the same sort of reason that retailers can't be held to incorrectly published prices (in the UK at least, a displayed price is an “invitation to tender”, not a contract or other promise) except where other laws/regulations (anti bait&switch rules for instance), or the desire to avoid fighting in the court of public opinion, come into effect.

But in this instance, the written offer and the response to that offer are part of the wider licence that has been agreed to.

link
teddyh 181 days ago
I don’t think so; I can’t recall any support for such a connection between the written offer and the GPL itself written into the GPL license text.
link
abdullahkhalids 181 days ago
From section 4 [1]

> If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.

Similar clauses in Sec 6.

[1] https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html

link
teddyh 181 days ago
That section (and similar in section 6d) is not about the written offer of source code. The written offer of source code is instead covered in section 6c.
link
abdullahkhalids 181 days ago
Ah.. Thanks

> c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.

link
Joker_vD 181 days ago
> the same sort of reason that retailers can't be held to incorrectly published prices (in the UK at least, a displayed price is an “invitation to tender”, not a contract or other promise)

The hell? Over here, the price tags are a sort of public contract, to which the seller pre-commits. The seller forgot to change the tags? That's not the buyer's problem.

link
ivell 180 days ago
Since money has not exchanged hands, you could always decide not to buy at the counter. So atleast in the countries I have been, it is not legally binding.
link
sznio 180 days ago
it's still bait-and-switch
link
dspillett 180 days ago
Only if deliberate. If the incorrect price is corrected as soon as the problem is noticed then that is (legally) fine. If the incorrect price is left displayed, or was put up deliberately to draw people in, then it is bait & switch.

The other solid bait & switch is advertising a product that they don't have any of to sell, in the hope that you'll come in and buy something more expensive (or lower value) instead.

link
abigail95 180 days ago
Offer and acceptance are part of how contracts are formed. There is no contract without there first being an offer.

If you accept someones offer, provided it meets the rest of the criteria for a valid contract - congratulations you now have a contract. If the any party violates it, yes this is a breach of contract.

> A written offer is not the same thing as a contract.

An offer is a precondition and component of a contract

link
ww520 181 days ago
The customer spends money to buy the product along with the source code offered. It's part of the transaction. Not honoring part of the transaction is a breach of contract.
link
kgwxd 181 days ago
I think they're just saying the GPL doesn't really cover consumer/distributor (dis)agreements, it only covers copyright. While the spirit of the GPL is user-first, it still has to be realized within the confines of copyright law. Even though many people might conflate the spiritual goal and the legal agreement, it doesn't grant "users" any extraordinary legal powers.

It's not illegal to not honor written offers, it's illegal to distribute copyrighted material in violation of it's license.

link
TZubiri 181 days ago
So gpl is a licensor-licensee contract, if code and license is not shared to the user, then there is no contract to which the user is a party, rather the user is a beneficiary.

The offer of source code seems to be a way to facilitate the conveyance of source code through opt-in means separately from the object code rather than some legal trickery to create a user-licensee contract.

While the offer may indeed convey a licensee-user obligation, a compliant distribution would attach a license anyway, converting the user into a licensee and licensor to licensee in a recursive fashion

I wonder if lawyers specialize in this, it sounds very cool and not at all standard law, but somehow compatible with contract law

IANAL

link
cxr 181 days ago
That's not what they're saying.

On the shelves are three insulin pumps: one with a 5-year warranty, one at a bargain barrel price that comes with no warranty, and one accompanied by a written offer allowing you to obtain the source code (and, subject to the terms of the GPL, prepare your own derivative works) at no additional charge any time within the next three years.

Weighing your options, you go with pump #3. You write to the company asking for the GPL source. They say "nix". They're in breach.

link
schmuckonwheels 181 days ago
The GPLv2 under which Linux is licensed does not prohibit that insulin pump from bricking itself if you tried to install "your own derivative work" that wasn't signed by the manufacturer.

This is not only possible but also prudent for a device which can also kill you.

link
fn-mote 181 days ago
Possibly true, but irrelevant to the post to which you are replying.

The argument is over providing you the source code.

link
teddyh 181 days ago
Maybe it’s not technically “breach of contract”, and an offer might or might not be a contract. But if you don’t honor an offer you made, you must surely be guilty of something. Otherwise, all offers would be meaningless and worth nothing.
link
phlummox 180 days ago
> you must surely be guilty of something. Otherwise, all offers would be meaningless and worth nothing.

You don't have to be "guilty" of anything to be liable in civil law (which contract law is a part of). "Guilt" is a concept from criminal law. It isn't required for contracts to be enforceable.

In general (there are exceptions) offers alone aren't enforceable and don't result in a contract. You need other elements (agreement by the parties, plus something done in return for what's offered) for a contract to be formed - and then it's enforceable.

link
jstanley 181 days ago
I don't think you're guilty of anything for failing to honour an offer in most cases.
link
Retric 181 days ago
An offer is legally binding in that when someone acts based on that offer you can be liable for damages.

This does not force you to honor the original offer though.

link
kkjjjjw 181 days ago
Such offer is as legally binding as any tender. Of course a contract dispute could go either way.
link
woah 181 days ago
And what are the damages?
link
kevin_thibedeau 181 days ago
The written offer with a limited term of three years is just one permitted method of distribution. If an offer was never made then they're not covered by that clause and are bound to comply by other means without the protection of the three year window.
link
teddyh 181 days ago
Yes. I did not cover these cases because approximately nobody does that.

I mean, the absolutely simplest, and cheapest, way for companies to comply with the GPL is to ship the source code together with the software. Stick it in a zip file in a directory somewhere. The company can then forget the whole thing and not worry about anyone contacting them and ranting about source code and the GPL. But no company does that.

The other simple way for companies to comply with the GPL is for companies to provide a link to download the source code at the same place that users download the program itself. If the user did not download the source code when they had the chance, that’s the user’s problem. This will also let the company ignore any GPL worries. No company does this, either.

(The GPL provides a third way for individuals and non-profits, which is not relevant here.)

link
faidit 180 days ago
Doesn't seem incorrect if, extra steps aside, the company is ultimately obligated to provide the source code by the terms of the GPL.
link
mkehrt 180 days ago
IANAL, but this is my understanding.

What's the consideration in the written offer? Promises aren't enforceable in court. For a contract to be enforceable, it has to be an exchange of something, not a one sided offer.

https://www.law.cornell.edu/wex/consideration

link
tzs 180 days ago
There are substitutes for consideration. Search for "detrimental reliance" and "promissory estoppel" if you want to go down that rabbit hole.
link
immibis 181 days ago
In America, maybe this is the case. In Germany, it seems an end user can sue them directly for source code.
link
teddyh 180 days ago
Maybe. Who can and cannot sue is irrelevant to my point. But I seriously doubt that anyone can sue for source code. Someone might sue for damages, and the company might offer to settle by offering source code. But IIUC, no company can be sued and forced to give up any source code, unless the company itself chooses to do this instead of paying damages.
link
immibis 180 days ago
To repeat: Maybe that's how it works in America. In Germany, it seems you can sue for anything you're entitled to, not just money.
link
AdelaideSimone 180 days ago
I don't know how easy it is in Germany compared to the U S., but this is false. In the U.S., you absolute can sue (and it is extremely common) to force certain actions. See: constructive trust, mandatory injunction, prohibitive injunction, specific performance, recission, writ.

In all likelihood, you would not receive the source code in the U.S., though. If deadset against release, the outcome would likely be that the offender would be fined and injoined from any further distribution.

link
TZubiri 181 days ago
> This is not a GPL violation; it is a straight contract violation

But GPL is a contract

I think the distinction you are pointing would be between a gpl licensor-licensee contract, rather than a licensee-user contract.

(IANAL)

link
teddyh 181 days ago
> But GPL is a contract

Not according to the original reasoning by its creators, but opinions differ wildly. However, this is irrelevant to the point; the written offer, which is separate from the GPL, is what is failing to be honored, not the GPL. If you did not receive such a written offer, the GPL, in itself, makes no guarantee that you have the right to the source code.

link
indymike 180 days ago
> If you did not receive such a written offer, the GPL, in itself, makes no guarantee that you have the right to the source code

Wrong. The requirement to provide source code under the GPL is primarily governed by Section 3 of the GNU General Public License v2 and Section 1 of the GNU General Public License v3. The whole point of the the GPL is to make it so users of software could get source code to the software.

link
teddyh 180 days ago
Section 3 of GPL 2 states that the company must either give the source to the user alongside the product (in which case the user has the source already), or the company must give to the user a written offer of source code. Note that if the second option is taken, the company is not obligated by the GPL itself to give the source code to the user. It is then only the written offer which obligates the company to give the source code to the user; only the written offer gives the user the right to the source code. Not the GPL itself.
link
indymike 178 days ago
The GPL forces the offer and provides the remedy if you don't provide source, so I'm not sure why this is so important to you?
link