[Ksummit-discuss] [CORE TOPIC] GPL defense issues

Thu Aug 25 07:03:38 UTC 2016

On Thu, Aug 25, 2016 at 02:37:07AM -0400, Theodore Ts'o wrote:
> On Wed, Aug 24, 2016 at 09:06:19PM -0700, Bradley M. Kuhn wrote:
> > I work for an organization that holds copyrights in Linux, and Conservancy
> > furthermore coordinates a coalition of developers who signed agreements
> > asking us to enforce their copyrights.  We also have embedded device users
> > writing us weekly asking us to please get the Linux sources for their
> > devices.  We have a huge mandate, and we're going to enforce (always adhering
> > to the Principles of Community-Oriented Enforcement, of course).
> 
> Bradley,
> 
> If the Conservancy is going to do what it's going to do, it's not
> clear what's the purpose of having a discussion.
> 
> Having a debate implies that there is a question on the floor, and to
> date it's not clear what the question or questions would be.  Yes,
> it's clear what you and Karen have proposed as the *topic*, and the
> Conservancy's positions aren't really a secret --- but that's not a
> debatable question; it's not a specific proposal that could be
> examined.

A few possibilities:

- What's the right way to handle enforcement?  (The most general version
  of this question has no hope of consensus, but I suspect we could
  fairly easily reach consensus about what we don't want to see people
  doing, for instance.)

- What (if anything) do we do in response to the "wrong" way to handle
  enforcement?  Would we ever have a response at the kernel level,
  rather than just within a maintainer team (as happened with
  netfilter)?  Is there a line where we'd stop taking patches from
  someone because they've created problems in the legal arena?  Where is
  that line?

- Do any of our current development procedures make enforcement easier
  or harder?

- Could we incorporate anything into our development procedures that
  improves the situation, analogous to the DCO?  (Not suggesting a live
  brainstorming session, but rather suggesting that if a concrete
  proposal exists for such a change, Kernel Summit seems like the place
  to discuss it.)

- EXPORT_SYMBOL_GPL and MODULE_LICENSE.  I know that some history exists
  suggesting that they've helped with some cases.  Do they potentially
  make enforcement more difficult, though?  (This also includes informal
  or internal enforcement/compliance efforts; for instance,
  EXPORT_SYMBOL_GPL may provide a supporting argument for such efforts,
  but conversely EXPORT_SYMBOL may then hinder such efforts.)

- A recent proposal (with patch) suggested adding an additional
  (GPL-compatible) license to the table of licenses in MODULE_LICENSE.
  Should that happen?  Would it make sense to use a different approach
  in MODULE_LICENSE, such as just "GPL-compatible" or "GPL and
  additional rights"?  Would any of the possible approaches there cause
  problems?

Some of these questions may potentially work better on a mailing list;
some of them seem like good topics for in-person discussion, especially
if there's research or answers that friendly legal experts could
provide.