[Ksummit-discuss] [CORE TOPIC] GPL defense issues
mjg59 at coreos.com
Fri Aug 26 04:48:23 UTC 2016
On Fri, Aug 26, 2016 at 12:25 AM, Linus Torvalds
<torvalds at linux-foundation.org> wrote:
> On Thu, Aug 25, 2016 at 8:07 PM, Matthew Garrett <mjg59 at coreos.com> wrote:
>> No, we're not. I mean, sure, if what you care about is corporate
>> support, we're doing fine.
> What I care about is getting code contributions back. That's kind of
> the whole *point* of the GPLv2. Not the legalese. Growing the source
> code base by having participation in the project.
That's what you care about. That's not what your users care about.
They care about code *availability*, not contribution. They don't care
whether their vendor participates upstream. They just care about being
able to fix their shitty broken piece of hardware when the vendor
won't ship updates.
> But that corporate support is exactly what you then on the other hand
> claim to be trying to _force_ with the enforcement actions.
> And the thing is, there really are lots of very good reasons to
> believe that we're getting more code willing code contributions back
> thanks to friendly terms with corporations, compared to any enforced
> action and being difficult.
But… there isn't. There just really isn't. Of the things I've bought
running Linux in the past year, maybe 25% have been able to provide
source, and in one case that involved me having to call them, tell
them I was a copyright holder, threaten to sue and then also tell them
that I'd found several security vulnerabilities in their product. And
this was a brand name vendor! They're never going to directly work
with upstream because they don't have long product cycles and they
gain nothing from it, but the users who get hold of their source are
> It turns out that corporations actually *want* to be compliant for the
> most part. At least as long as they see you as a friend, not a foe.
> And lawsuits tend to turn friends into foes.
> See what the BusyBox maintainer who actually went down the lawsuit
> path says in .
Rob's always missed the point here. Sure, the Busybox cases didn't
result in more code in upstream Busybox. But they did result in
several vendors shipping source, and other vendors in the same space
doing so out of fear of having the same thing happen to them. And
users took that code, and they fixed it and they made something
better. And they shared that better version with other people, and
they realised that code availability made their life better and some
of these people are kids who are going to be amongst the next
generation of people who are going to show up here and start sending
you patches, and others are going to be people living on the street
who don't get their phones hacked by their former partner because they
were able to obtain an updated OS without having to buy a new phone,
and others are people building projects like the Freedom Box which
exists only because AP vendors are afraid enough of lawsuits that they
released enough source to let others build new things on top of that.
Stop pretending that there have been no benefits from this. It's
clearly untrue. If you want to argue that the corporate involvement
has been worth more than the community benefit that results from
lawsuits, fine. I'll disagree, but it's a consistent position. But
right now you're on the Fox News side of the truth/lies line, and it's
not a good look. Users benefit from code availability, even if it
isn't contributed upstream.
> We have been very successful exactly because we didn't have the insane
And again, you're using a definition of "successful" that doesn't
match "we". Where's your sense of wonder? How can you look at this
amazing thing you've created and not realise that so much of its
beauty is down to people doing things you've never thought of? So much
of what Linux has achieved in the world has had nothing to do with
upstream contribution, and we should care about that as much as we
care about the number of vendor git commits.
More information about the Ksummit-discuss