[Ksummit-discuss] [CORE TOPIC] GPL defense issues

Fri Aug 26 15:23:40 UTC 2016

Firstly, to all as another reminder on this: please remember that this
is a public list, and already a variety of industry lawyers representing
a variety of interests are reading it.

Linus,

I'll take some inspiration from your tone: You are completely
inconsistent and you exaggerate our activities.

We have been committed to approaching companies in a friendly fashion
and avoiding law suits at all costs. You'll note that in the years I've
been Executive Director of Conservancy that there has been a single law
suit that we have been connected to - Christoph's suit that we are
funding. Initiating the Principles of Community-Oriented GPL Enforcement
[1] and our blogpost about Patrick [2], which we also discussed, has
been an important part of our work.

I never said what you quote me as saying.  What I did say, as you'll
recall, is that allowing violations can create precedent as to norms and
expectations in the field. I also said that if we don't have
community-driven enforcement, we'll likely see more individual
developers trying to enforce on their own, and not in a coordinated
fashion. I also believe that unless we have community-driven
enforcement, important issues about the GPL will be decided in cases
brought by companies suing each other over their business squabbles
(which we've also seen already), which really may not yield the results
we want as community. When Conservancy acts either publicly or with any
legal action, we do so on behalf of and in coordination with the kernel
developers that are part of our coalition.  We talk extensively with
those developers before taking any action. Anyone who joins our
coalition is part of those conversations.

I think we see different parts of the compliance process. We get reports
from folks that are frustrated because they can't get the code that they
should be able to in order to do a particular thing that interests them.
We follow those Principles, which have been endorsed by four other
charities, the Netfilter team, and Harlad Welte, whose enforcement Greg
lauds.

I did appreciate your comments on stage at Linux and your commitment to
copyleft. From where we're sitting, we see that this doesn't mean a
whole lot if there's no one following up with those companies that
*don't* ever hire or collaborate with upstream developers and refuse to
comply.  There have been in-house attorneys, developers and device users
that have thanked me for our work.  Those who work for software
companies have told me that it gives them traction within their own
companies in pushing for them doing the right thing. This is why we aim
to treat today's violators as tomorrow's contributors, we keep their
identities private and we insist on compliance above all else.

As someone else said, "the GPL isn't magic pixie dust."

James,

As I told you in person, you're exaggerating what the dismissal said,
and what its impact may be. As I believe you're aware, a German lawyer
unconnected to Christoph's case published a memo in German about the
case:

http://junit.de/spezialisierung-mainmenu-12/open-source-im-unternehmen-2/662-sind-bearbeiter-von-software-zukuenftig-urheberrechtlich-schutzlos-unser-statement-zur-vmware-entscheidung-des-landgerichts-hamburg

There is currently no English version, but as I understand it, this says
two main points:

* that the court applied standards in their analysis that have been
outdated for more than 20 years.

* that the court didn't process information on infringing code even
though all necessary information was on the table. The author even
suggests that this could violate a constitutional right.

I originally started this thread when encouraged by a few kernel
developers  because I wanted to carefully provide information to anyone
who wanted it,  and hear opinions from anyone who cared to and was able
to give them, in a form that what *not* publicly archived and allowed
for real-time communication.  I think we've gone considerably off
topic :)

Finally, James, Greg, you both talked about your approaches working with
companies internally to keep them upstreaming and to not violate GPL.
With larger, older software companies that act more rationally -- like
IBM and Intel which Greg mentioned -- this work is invaluable.  GPL
compliance needs both types of people working on it.  I agree there are
some violations you can resolve that we can't using your methods, but
there are also clearly many violations where your methods don't work.
We want to be well-coordinated, which is why I proposed this session.

karen

[1] https://sfconservancy.org/copyleft-compliance/principles.html

[2]
https://sfconservancy.org/blog/2016/jul/19/patrick-mchardy-gpl-enforcement/