[Ksummit-discuss] [CORE TOPIC] GPL defense issues

James Bottomley James.Bottomley at HansenPartnership.com
Tue Aug 30 18:25:38 UTC 2016 

On Tue, 2016-08-30 at 11:00 -0700, Luis R. Rodriguez wrote:
> On Mon, Aug 29, 2016 at 12:04 PM, James Bottomley
> <James.Bottomley at hansenpartnership.com> wrote:
> > As a side note: if you own a project you want to open source, 
> > Apache-2 ends up being practically the worst licence imaginable: 
> > not only can your competitors make proprietary modified copies of 
> > your code they don't have to show you, but they also gain rights to 
> > your patents with which to do it.
> 
> I disagree. The benefit that Apache 2 provides not that you hold
> patents per se, but rather if you want to contribute to the ecosystem
> you have to also contribute to the patent pool. In today's mobile
> market place the Apache 2 license seems like a rather *genius* move
> IMHO for the cases where otherwise you do not care for the gains of
> copyleft. What I'm trying to say is -- in my experience Android folks
> barely cared about contributing upstream, it always was an uphill
> battle. Patents however were a serious problem in every possible
> little corner in the ecosystem. If a lot of new companies are using
> permissive licenses for Linux, and you don't care over the copyleft
> gains the Apache 2 license seems to give you a better edge.

Basically, no, you've weakened your own patent shield: we keep OIN
around for defensive measures around the ecosystem.  Imagine an OIN
member wishing to defend linux gives OIN access to a set of patents
which also read on an open project it contributes to under apache-2. 
 Lets assume these patents are also practised by an evil proprietary
company that attacks Linux.  OIN defends on the basis of infringing
these patents but the evil proprietary company claims that it, in fact,
incorporated code from the open project into its proprietary one and
thus with the code came the licence to the patents.  End of defence.

OIN fortunately does have a stock of patents it owns outright as well
as cross licences, so the shield doesn't die entirely, but it may lose
a valuable weapon at the time it's most needed.

The problem here is limiting the IP leak.  GPLv2 is easy because the
patent licence is implied.  GPLv3 works because the patent licence is
explicit but bounded by the recipient's willingness to release their
code.  Apache-2 is basically unbounded and this is the problem that has
a wide range of unintended consequences.

James

More information about the Ksummit-discuss mailing list