The kernel community confronts GPL enforcement
| Benefits for LWN subscribers The primary benefit from subscribing to LWN is helping to keep us publishing, but, beyond that, subscribers get immediate access to all site content and access to a number of extra site features. Please sign up today! |
Some of the most important discussions associated with the annual Kernel Summit do not happen at the event itself; instead, they unfold prior to the summit on the planning mailing list. There is value in learning what developers feel needs to be talked about and, often, important issues can be resolved before the summit itself takes place. That list has just hosted (indeed, is still hosting as of this writing) a voluminous discussion on license enforcement that was described by some participants as being "pointless" or worse. But that discussion has served a valuable purpose: it has brought to the light a debate that has long festered under the surface, and it has clarified where some of the real disagreements lie.
It all started when Karen Sandler, the executive director of the Software Freedom Conservancy (SFC), proposed a session on "GPL defense issues." Interest in these issues is growing, she said, and it would be a good time to get the kernel community together for the purposes of information sharing and determining what community consensus exists, if any, on enforcement issues. It quickly became clear that some real differences of opinion exist though, in truth, the differences of opinion within the community may not be as large as they seem. Rather than attempt to cover the entire thread, this article will try to extract some of the most significant points from it.
When to sue
Many emails were expended on the question of when — if ever — the GPL
should be enforced in the courts. To many, this is the core point, and
many think that lawsuits are almost never in the community's interest;
instead, compliance issues should be resolved via constructive engagement with
the companies involved.
Greg Kroah-Hartman made
that point clearly when he said "I do [want companies to comply],
but I don't ever think that suing them is the right way to do it, given
that we have been _very_ successful so far without having to do
that.
" Linus Torvalds stated
his agreement with this position (in classic Linus style) as well.
There are, these developers said, plenty of reasons to avoid taking companies to court, starting with the fact that the legal system is nondeterministic at best and one never knows what the end result will be. The recent outcome in the VMware case was given as an example here; some see it as having made it harder to pursue enforcement actions in the future — though others disagree strongly and expect the forthcoming appeal to change the situation. But nobody was willing to argue that one can go to court and be certain of the outcome, and some fear the consequences of a severely adverse ruling.
The stronger objection to legal action, though, it that it forces the targeted company into a defensive mode, isolates developers who support Linux internally, and, likely as not, estranges the company from the development community for a long time. Many developers said, over the course of the discussion, that it is far better to get companies to change their ways through engagement with their developers; the process may take years but, when it ends well, those companies join the community and become enthusiastic contributors. This process is said to have worked many times over the years; some of the kernel's largest contributors were once on the list of GPL infringers.
The BusyBox lawsuits were cited as an example of how legal action can go
wrong. The prevailing (though not universal) opinion seems to be that
those suits led to the release of
little, if any useful code while driving many companies out of our
community and killing the BusyBox project itself. That is the sort of
experience that lawsuit-averse kernel developers hope to avoid; as Linus
put it: "Lawsuits destroy community. They destroy trust. They would
destroy all the goodwill we've built up over the years by being
nice.
"
Implicit in that argument is the claim that license compliance is not a big
problem; the current approach is working well and should not be changed.
But it is clear that not all developers think that all is well, and there
is certainly a contingent that is unwilling to forswear legal action — an
action that strikes many as simply giving in to the infringers. As David
Woodhouse said:
"Without the option of a lawsuit, there *is* no negotiation. The GPL
has certain requirements and they are backed up by law. If you don't have
that, you might as well have a BSD licence.
" Many participants in
the discussion echoed the thought that reticence to enforce the GPL will
lead to its demise in favor of de facto permissive licensing.
Jeremy Allison (an SFC board member), speaking from his experience at the Samba project, argued that lawsuits should remain an option, saying that, despite the fact that the project has never sued an infringing company, the threat of enforcement is the only thing that makes companies listen to him sometimes. He also said that a lawsuit need not necessarily drive a company out of the community; he gave Microsoft, which lost a $1 billion judgment in a suit involving Samba, as an example; despite having been sued successfully, Microsoft is now a significant contributor to Samba.
Supporters of legal action pointed out that, contrary to claims that "we have never had to do that", there have been lawsuits in the past, and the results have not been as bad as some seem to fear. Harald Welte, who has probably done more GPL enforcement in the courts than anybody else, wrote about his experience. He still strongly believes that using the courts can be the right thing to do, and that it need not necessarily push companies out of the community:
Companies, he said, appreciate clarity on what compliance with the license
actually means, and the only way to get that clarity is through opinions
from the courts.
He described using the GPL without enforcement as "
In truth, nobody is willing to forswear legal action entirely; even Linus
said
that there are times when it makes sense. But the example he gave — IBM's
use of GPL-infringement charges in the SCO suit — demonstrates that he
sees legal action as a move to be made only in extreme situations. In
general, one might say that there is a
consensus in the community that lawsuits should only be used as the
last resort. But there are significant disagreements over when the last
resort has been reached.
Another interesting divide that came to light concerned what the purpose of
the GPL and the goal of compliance is. Linus let
it be known that he is primarily concerned with maintaining the flow of
code contributions:
If the goal is to increase contributions, then anything that might alienate
contributors is to be avoided. But bringing in the largest amount of code
is not the primary concern for everybody involved; some are more focused on
gaining access to code that vendors have distributed. Matthew Garrett responded
to Linus, saying:
A non-confrontational approach can work, he said,
when the objective is "
Linus feels,
though, that OpenWrt has been helped far more by the success of the relaxed
"open source" approach, which has focused on producing more and better
code, over the GPL "hardliners" who are focused on software freedom. The
latter approach, he
claimed, has had the effect of driving developers and companies away from the
GPL and has been counterproductive overall.
A fair amount of energy went into the question of whether the SFC can be
trusted as an agent of enforcement for the kernel. Some developers
(notably but not exclusively Linus) worry that the SFC is pursuing its own
goals and that the kernel is not at the top of its list of priorities.
SFC members, and Bradley Kuhn in particular, have made enough comments
about needing to litigate the GPL in many courts to obtain precedents,
defending the GPL as a moral necessity, and seeing the kernel as the final
GPL battleground to make a number of people nervous. So, for example, Ted
Ts'o said:
"
For his part, Bradley did
not deny that assertion, but qualified it somewhat:
Bradley and the SFC had many defenders in the discussion, who said that the SFC
should be judged by its actions rather than by what Bradley has said. They
point out that,
rather than being a litigious group, the SFC has only been involved in two
lawsuits ever. They said that the SFC is willing to take on the unpleasant
task of talking to management and legal departments about compliance issues
— something that developers are generally unwilling to do. And, as Jeremy
emphasized,
the SFC is not pursuing its own agenda, but that of the developers it
represents:
Such testimonials notwithstanding, it is clear that a number of developers
feel that the SFC's objectives do not necessarily line up with their own.
Getting over that trust barrier could be hard for the organization to do.
Karen has said
that the SFC will be having meetings with developers over the coming six
months in order to answer questions and get feedback on its enforcement
activities. It will be interesting to see what sort of changes happen —
both within and outside of the SFC — as
the result of these meetings.
The current discussion on the list has slowed, which is undoubtedly a relief to
everybody involved. There may not have been much that was resolved, but
there should, at a minimum, be a better mutual understanding of the issues
and concerns involved with GPL enforcement. The area is complex and full
of risks — risks that are associated with both action and inaction.
Figuring out what the community wants to do about GPL infringement will, if it
is possible at all, require more discussions like this one. The
prospect may be painful, but the possibility of frustrated developers
acting rashly on their own could be even more so.
useless
",
saying that the BSD license would be a better choice if there is no wish to
enforce the terms of the GPL.
What is the objective?
4 more enterprise clustering
filesystems
". But if, instead, one wants the next generation of
developers to be able to hack on their devices, then manufacturers have to
be convinced to ship source for those devices. Projects like OpenWrt exist
as the result of previous enforcement actions, he said; if we want to see
similar projects coalesce around
today's devices, we need to be prepared to enforce the license and get
vendors to provide the source.
Who is trusted to make the decision?
I've asked Bradley point blank whether the GPL or the long-term
health of Linux development was more important to him, and he very candidly
said 'the GPL'.
" Greg put
it this way:
Index entries for this article Kernel Copyright issues
(Log in to post comments)
Yeah, OpenWRT is a great example of ongoing corporate malfesance..
Posted Aug 31, 2016 20:21 UTC (Wed) by pizza (subscriber, #46) [Link]
I personally own two devices "based on OpenWRT". When I say "based", I mean that if you utilize a fixed backdoor in their telnet interface, you can get a root shell that displays an OpenWRT login banner. Great, I'll just pop over to OpenWRT and grab a updated build and... no, this entire product family is unsupported. Lovely.
Okay, I'll get the sources from the manufacturer. It's all GPL, after all. Nope, no source code available for download. Not even the source code offer. So, time to contact them directly and ask.
After politely harassing the manufacturer off and on for about two months, they released a "gpl code release" dump, nearly a full year after the hardware was first released. Better late than never, right?
Except that the code dump left out the actual Linux sources. You know, the stuff that actually matters when trying to deal with a long-since-fixed kernel bug, or, are trying to recompile a userspace component with the correct kernel headers, or perhaps so you can just replace the entire firmware image with current upstream OpenWRT, which is vastly superior in every way, including the web UI.
In their final response to me, they claimed they'd met their GPL obligations and that they considered the matter closed, and proceeded to lock my account out of their support forum. That was four years ago. To their credit, they've released GPL source tarballs in a timely manner for subsequent products -- but they have yet to release a single line of their kernel (or bootloader) code.
As Matthew Garrett put it so elequently:
> That's not what your users care about. They care about code *availability*, not contribution. They don't care whether their vendor participates upstream. They just care about being able to fix their shitty broken piece of hardware when the vendor won't ship updates.
Contribution is not possible without there first being code availability -- Interested parties will at least have the option of massaging everything so that upstream (be it OpenWRT or Linux itself) will accept it.
Yeah, OpenWRT is a great example of ongoing corporate malfesance..
Posted Sep 2, 2016 8:23 UTC (Fri) by Tov (subscriber, #61080) [Link]
Yeah, OpenWRT is a great example of ongoing corporate malfesance..
Posted Sep 2, 2016 12:07 UTC (Fri) by pizza (subscriber, #46) [Link]
I'm specifically referring to their EAP350 and EAP600 devices. They don't seem to have GPL sources posted at all for their newer EAP family members, though several other current models do.
Here's the thread I started on the gpl-violations list: http://legal.gpl-violations.narkive.com/tnqhGjxS/probable...
When I bought this stuff, it was because Engenius was the only game in town for high-powered devices. Ubiquiti may be an option today, but I think they're just as bad as Engenius when it comes to GPL code releases.
Going back to the EAP600, some sort of bug in the (proprietary madwifi) wifi stack has rendered 5GHz operation nearly unusable in my environment, and their ebtables binary is simply broken due to a mismatch between their running kernel and the headers used to compile it. To add insult to injury, I can't even build a toolchain to recompile this stuff for myself because uclibc needs the correct headers too.
Yeah, OpenWRT is a great example of ongoing corporate malfesance..
Posted Sep 4, 2016 11:38 UTC (Sun) by Darkmere (subscriber, #53695) [Link]
Yeah, OpenWRT is a great example of ongoing corporate malfesance..
Posted Sep 17, 2020 15:22 UTC (Thu) by mpratt14 (guest, #141688) [Link]
I have done a few PRs for Engenius boards now, we have figured out the 1.5 MB kernel size limit which was a major issue in adding support to the new kernel codebase for a lot of their products (may or may not apply to the EAP600, their newer software is different).
I am working on the EAP350 right now, but I don't have an EAP600, would you be interested in helping?
Yeah, OpenWRT is a great example of ongoing corporate malfesance..
Posted Sep 17, 2020 17:06 UTC (Thu) by pizza (subscriber, #46) [Link]
I'll be happy to send one of them your way if that will help, but it will take a >2h round trip to retrieve it. (I'll add it to my list for the next time I drive out that way)
I also have an EAP1200H, based on a similar architecture.
I'd prefer to not post my contact info for scrapers to find, but I'm listed as the maintainer of Linux's CW1200 driver, so drop me a direct email and we'll work out the details.
The kernel community confronts GPL enforcement
Posted Aug 31, 2016 21:11 UTC (Wed) by spender (guest, #23067) [Link]
-Brad
The kernel community confronts GPL enforcement
Posted Aug 31, 2016 21:51 UTC (Wed) by xav (guest, #18536) [Link]
The kernel community confronts GPL enforcement
Posted Aug 31, 2016 22:32 UTC (Wed) by DOT (guest, #58786) [Link]
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 0:48 UTC (Thu) by neilbrown (subscriber, #359) [Link]
Two guys who openly and overtly work towards having good quality, well maintained, code in the upstream kernel choose to apply the GPL in a way which encourages companies to submit their code upstream and to let their engineers work with the community.
There are lots of different things that people want from the GPL including, I suspect, ponies. Some people want to get control of hardware they (maybe ill-advisably) purchased. Some want to inconvenience competitors. Some want to win a moral battle.
Linus has always stated that he sees it as a quid-pro-quo. You get code, you give back code. I don't think you need to look beyond his own personal technical agenda to explain that. Of course, you don't have to agree with it.
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 1:59 UTC (Thu) by drag (guest, #31333) [Link]
The reason, I expect, that it really isn't for the developer's benefit is because the code that is shipped 'closed source' is invariably complete shit. The developers are not going to be interested, unless they own the devices themselves, because they would probably have to go through a painful process of figuring out the badly formatted and poorly designed code dump with no documentation and rewrite most of it.
From Linus and friend's perspective they are only going to be interested in dealing with people that are interested in behaving like good community citizens. People who are assholes and want to make life difficult and are only forced to behave because of threat of lawsuit are no fun to deal with and provide little benefit. There are plenty of ways to make life miserable for the copyright holder and still be legal if you are a bad company pissed off about a threatening letter from a lawyer.
Meanwhile the users that are interested in the closed source code for hacked-together embedded devices (and etc) are not going to be interested in 'correctness'. They just want to hack together in bug fixes or deal with potential security issues. Ugly and bad code is annoying, but it's still useful.
There are exceptions to this, of course. Some developer's business models depend on good reputation and support/feedback from customers. When third parties ship f-ed up versions of their software in closed source form and use the good name of a product as a 'security circus' fluff to sucker in customers into buying bad products then it can impact them very negatively.
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 4:48 UTC (Thu) by alison (subscriber, #63752) [Link]
I am working on a project for a device that includes a component whose producer has provided a kernel module from 2013. You'll be amazed to hear that we're working with a later kernel. Upon inquiry, the component provider says that the source for the module, for which we are the customer, is proprietary. Golly, I thought all kernel modules must be GPLv2, and that we, as customers, must be provided with an Offer of Source.
So call me crazy, but I am a developer, and it would help me a lot if our vendor could be made to understand license compliance. I wish we could pick another vendor, but as other developers will know, that's not always possible.
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 5:25 UTC (Thu) by HIGHGuY (subscriber, #62277) [Link]
If so, walk over and make it a business decision on their management. Here's the risk and the cost associated with it and here's the low cost alternative of giving us the source code.
Your mileage may vary depending on there being company IP in the driver, but convincing management should be your best bet.
If you don't have such a contract clause, you're in trouble. All you can do is run a 2013 kernel, and you still get to be liable if any of your customers asks for sources. Good luck if it's a consumer product, you'll need it. And get your legal team of their asses writing such contract terms...
The kernel community confronts GPL enforcement
Posted Sep 14, 2016 17:06 UTC (Wed) by Wol (subscriber, #4433) [Link]
At least, in the UK, I'm pretty certain you can conjoin your supplier as defendant. "They didn't give us the source, so we can't pass it on. Please Judge will you put them in the dock with us ...". Then the jury or whatever can acquit or convict the defendants separately ...
Cheers,
Wol
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 5:26 UTC (Thu) by HIGHGuY (subscriber, #62277) [Link]
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 21:58 UTC (Thu) by DOT (guest, #58786) [Link]
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 22:30 UTC (Thu) by ajb (guest, #9694) [Link]
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 23:17 UTC (Thu) by rahvin (guest, #16953) [Link]
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 6:04 UTC (Thu) by koenkooi (subscriber, #71861) [Link]
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 17:01 UTC (Thu) by ronnyadsetts (subscriber, #47268) [Link]
http://www.tbsdtv.com/forum/viewtopic.php?f=86&t=9960
https://github.com/tbsdtv/linux_media
Ronny
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 8:28 UTC (Thu) by mfuzzey (subscriber, #57966) [Link]
Most vendor BSP code used to crap (and some of it still is today).
Sure the code will most likely be totally rewritten for upstream but it is still useful as "exectutable documentation" to see how the hardware really works (ah - the vendor driver sets this undocumented bit which somehow makes it work...)
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 15:41 UTC (Thu) by drag (guest, #31333) [Link]
Imagine you have vendor A that is a total douchebag. Meanwhile you have vendor B that are dedicated free software types.
Vendor A gets their product out at a lower price point and faster because they couldn't give a damn about their customers and are willing to ship the first thing that compiles and doesn't crash immediately. They have no interest in supporting or improving the product once it is in the hands of customers.
Vendor B takes a lot longer, has larger flash, and produces a superior product that is now much more open 'firmware'.
As a third party kernel developer you threaten a lawsuit and get access to A's code.
Are you going to want to devote the next 3 months of your life to improving vendor's A code and making their product more useful and friendlier to end users all the while A is using your free assistance to drive B out of business?
Especially all the while knowing that A will just become a even bigger douche once B is out of the picture?
that's the sort of stuff that I am talking about.
I can imagine that Linus and friends are only interested in working with people and rewarding those people with their time that are willing to be one of the 'good guys'. Why would you want to have a relationship with somebody when the only way you can get them to even talk to you is by threatening lawsuits? They will just make your life miserable and will have their lawyers working on ways to work around copyright restrictions and screw you over in the long run.
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 16:07 UTC (Thu) by pizza (subscriber, #46) [Link]
You just described how a substantial (if not an overwhelming majority) of Linux's long tail of hardware support came to exist.
> Why would you want to have a relationship with somebody when the only way you can get them to even talk to you is by threatening lawsuits?
You forget that there's already a relationship -- I already own their hardware, they already have my money.
I merely seek to have the same freedoms to utilize and modify Linux as the vendor; ie the freedoms supposedly guaranteed by the GPL.
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 16:34 UTC (Thu) by johannbg (guest, #65743) [Link]
What is the linux driver project doing if not exactly that?
I mean...
We need this driver written
Here is some funding doing so ( 3months pay or whatever ).
Here are some devices this is expected to work on ( shipped to the kernel driver writer(s) )
Thank you goodbye
If companies are not driven by complete fucking morons what they should do is precisely contact that community and take the use of the service they are providing as opposed to half assing some shit together internally and ship that to end users in it's miserable state.
Now ofcourse the LDP community needs a) have sufficient manpower to back that sweet deal up they are offering and b) not only be able to deliver but deliver within a certain product deadline time frame.
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 19:13 UTC (Thu) by flussence (subscriber, #85566) [Link]
Summing up personal experience from all the ARM, MIPS and... IA32 devices I've ever run Linux on, that's a pretty big "if".
Most vendor-supplied Linux drivers I've seen tend to be about as reliable as the other thing they inflict on everyone: their BIOS/firmware.
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 20:37 UTC (Thu) by excors (subscriber, #95769) [Link]
Then they'll need to do the same thing for each new hardware revision (which probably has a lot of new components that have terrible software support but are a couple of cents cheaper, and some exciting new undiscovered hardware bugs), going through cycles of frantic hacking and half-hearted cleaning up. As the product gets closer to release, there's a greater reluctance to make software changes because of the risk of regressions, so they won't want to replace a whole driver with an untested one.
There isn't enough time in that process for them to get a third-party developer to write nice drivers and include them in the shipping product, and there's little incentive to improve the software after it's been successfully shipped.
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 21:20 UTC (Thu) by pizza (subscriber, #46) [Link]
There are really two separate classes of "Vendor" code here; the first are peripheral drivers which tend to have long[er] lifecycles and require ongoing support and updates, be it a wifi chipset or a licenseable SDIO controller baked into an SoC. Those are the folks that benefit from working with upstream and the likes of the LDP.
The second class are the end-product devices assembled from a pile of mashed-together bits (lots of SoCs qualify on this front too) where any coding is largely an integration effort -- once it's "working" then it never needs to be touched again as long as you're cranking out more identical devices. These vendors won't really benefit from upstream as each device is effectively a one-off effort.
Everything other than x86 (and "big iron" ppc/sparc/etc stuff) is an utter crapfest is because there's no way for these "pile of parts" to self-describe themselves. x86 devices have probeable busses and BIOS/UEFI/ACPI, PPC/Sparc had openfirmware, And so on. ARM is attempting to do lock this down by requiring the v8 server stuff to use ACPI and whatnot, but all of the mass market consumer trash relies on custom code to tie everything together instead. (Then toss in an unhealthy dose of proprietary or other non-devicetree-aware drivers, each directly and incompatibly mangled to suit a particular system..)
Every special one-off snowflake device is of little value to Linux mainline, but by that same token, the poor saps who owns one of those crapware "embedded" boxes sees little value to the Linux mainline too.
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 23:27 UTC (Thu) by rahvin (guest, #16953) [Link]
I respect the kernel communities developers but they are flat out wrong, this is about honoring the license not for the developers but for the bloody end users stuck with devices with huge security holes that can never be patched.
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 23:59 UTC (Thu) by neilbrown (subscriber, #359) [Link]
Unfortunately those "bloody end users" have no legal standing with respect to the copyright on the code which may be being violated. An end user may have standing with regard to fitness-for-purpose or behaving-as-advertised, but not for some copyright claim between the vendor and their supplier.
Some upstream developers might choose to approach vendors with concerns that their copyrights have been violated, and may extract source code as part of resolving that dispute. They may even choose to make that source code available to other end users. If they do, that is awesome and wonderful. But it is entirely their choice based on their perceived cost/benefits. The end users (those who don't hold copyright in the supplied code) have no right to that source code.
I would encourage end users to purchase devices that come with full source code, not expect to get it later.
The kernel community confronts GPL enforcement
Posted Sep 2, 2016 5:17 UTC (Fri) by spaetz (guest, #32870) [Link]
I agree that there should be more focus (and wallets voting) on rewarding complying companies. However, sometimes there is simply no choice. Fairphone 1 fell into the Mediatek trap and was despize their best intentions not able to upgrade the OS. They specifically chose Qualcomm for the 2nd iteration as the more open choice only to learn now that Android Nougat will be oit of their bounds as Qualcomm will not upgrade their graphics driver blob.
So what am I to do as a customer? I do own an Openmoko, but I also want to have a phone that is actually able to make calls ;-).
The kernel community confronts GPL enforcement
Posted Sep 2, 2016 6:16 UTC (Fri) by neilbrown (subscriber, #359) [Link]
1/ assess the market and make decisions to maximize benefit/cost. There are numerous things I'd like to be able to buy for a reasonable price, but they aren't available. A free(libre) phone is just one of them. I don't think it is credible to expect the GPL to be able to magically provide that. Sometimes it works, but the promise of libre hardware is not built in to GPLv2.
2/ petition policy makers to require buildable source code, just like they require country-of-origin labels and best-before dates.
3/ support people/organizations which are trying to build the things you want to buy.
4/ Fund the SFC if you believe it will provide the value that you want.
i.e. nothing new here. Just a reminder that while the GPL is a very valuable tool, it is not a silver bullet
> I do own an Openmoko, but I also want to have a phone that is actually able to make calls ;-).
Did you upgrade to the GTA04? I could reliably make calls on that ... until the battery went flat :-(
The kernel community confronts GPL enforcement
Posted Sep 12, 2016 15:04 UTC (Mon) by Wol (subscriber, #4433) [Link]
The US typically asks for damages for past transgressions. The EU typically seeks to enforce future compliance. Which jurisdiction is most likely to get the source for you?
Cheers,
Wol
The kernel community confronts GPL enforcement
Posted Sep 12, 2016 17:17 UTC (Mon) by johannbg (guest, #65743) [Link]
EU would probably have to wield a bigger hammer and end up having to do a complete product line ban from manufactures that are discovered doing so for *any* of it's products, from iot,mobile devices to tv's, dishwashers, refrigerators etc they all get banned until they comply with the one(s) that did not and arguably the same thing should apply for all devices that do not receive software updates ( open as well as closed ) in timely manner be it iot devices and or mobile devices that can be used for doing payments in one form or another etc.
And then there is that evolution that the consumer no longer actually owns any devices he purchases, which btw he is completely unaware of since no sales person is mentioning that fact or he might have relinquished his ownership through a simple gesture on that devices you know the classic "If you continue to use <insert product or application web sites, changes to terms in your bank, on loans, insurance etc> you acknowledge an apply our new means of fubar-ing you" which may include an hidden fine print in which the consumer relinquishes all rights in claiming any code or make the manufacturer liable in any shape or form...
The kernel community confronts GPL enforcement
Posted Sep 12, 2016 18:28 UTC (Mon) by tialaramex (subscriber, #21167) [Link]
The kernel community confronts GPL enforcement
Posted Sep 12, 2016 19:18 UTC (Mon) by johannbg (guest, #65743) [Link]
If you need an recent simpler sample the non availability of LG V20 in EU at an time they could overtake Samsung in that same region since Samsung is in serious damage control with note 7.
In anycase we live in a world driven by greed and as such the solution is something that either increases or decreases the profit margin of the individual or corporate in question so if license B is more profitable than license A they will use that instead. It's as simple as that. In the end of the day what is effectively being discussed is how much enforcement can be put on the gpl before it becomes a negative value for companies in which the answer to that is none. . .
The kernel community confronts GPL enforcement
Posted Sep 12, 2016 19:01 UTC (Mon) by farnz (subscriber, #17727) [Link]
Three things come into play:
- The EU is a huge market, covering several of the world's largest economies. Refusing to deal with the EU is like refusing to deal with the USA; you can't do it and stay big.
- EU laws on liability tend to block the sort of "if you continue..." game that you're describing; if I'm not aware of the hidden fine print, you run foul of our "unfair contract terms" laws. In general, it takes active and clear intent by the end user to disclaim their statutory rights; I'm aware of one case where a consumer was willing to take this to court (Microsoft Windows NT 3.51 retail edition), and Microsoft chose to settle at the point where the consumer had the case moved to a precedent-setting court.
- Other countries in geographic proximity to the EU (Turkey, UAE) tend to prefer European models of goods, as they're more convenient to buy than US models. If you're doing an EU model anyway, several non-EU countries will buy the EU model in preference to your "rest-of-world" model.
These three between them mean that if you can get the EU to take action, business will listen.
The kernel community confronts GPL enforcement
Posted Sep 12, 2016 21:13 UTC (Mon) by mathstuf (subscriber, #69389) [Link]
Or lobby for a trade agreement where they can sue for lost profits based on laws passed in countries (cf. cigarette manufacturers suing Australia over the generic packaging laws).
The kernel community confronts GPL enforcement
Posted Sep 12, 2016 21:17 UTC (Mon) by mathstuf (subscriber, #69389) [Link]
Seems to have ended OK though (not the best outcome: tossed on procedural grounds rather than actual arguments, but better than the reverse) http://www.mccabecentre.org/focus-areas/tobacco/philip-mo...
The kernel community confronts GPL enforcement
Posted Sep 14, 2016 7:56 UTC (Wed) by farnz (subscriber, #17727) [Link]
I think that's the best outcome possible - the "procedural grounds" were that Philip Morris had no standing to bring such a case, and that it was an abuse of the process for Philip Morris to attempt to rearrange its affairs specifically to allow one component of the firm to bring such a case.
The point of ISDS arbitration (which this was) is to provide a venue for companies to deal with capricious behaviour by states they've invested in (e.g. sell you permits to drill for oil, the moment you find oil, confiscate the oil wells), not to prevent states from doing anything that might reduce profits. In this case, PM was told that they were abusing the process by filing for compensation, because they had plenty of warning that such behaviour by Australia was expected, and they indeed restructured before plain packaging came in with a view to meeting the requirements the treaty sets out for ISDS - thus proving that this wasn't unexpected or unpredictable, but was in fact a normal business risk.
The kernel community confronts GPL enforcement
Posted Sep 13, 2016 15:13 UTC (Tue) by Wol (subscriber, #4433) [Link]
Even if you make me aware of them, if they're that sort of clause then they're probably illegal. Many rights CAN'T be signed away, and especially if I'm a consumer the law assumes that the supplier has complete knowledge (fit for purpose rules), and disproportionate power (they aren't allowed to do arm-twisting).
A judge is likely to say "are you having a giraffe?", and declare the clauses (and quite possibly the contract) void without giving it much thought at all.
Cheers,
Wol
The kernel community confronts GPL enforcement
Posted Sep 14, 2016 8:33 UTC (Wed) by farnz (subscriber, #17727) [Link]
Depends in great detail on the right in question; most rights of a purchaser can be signed away, as long as you the consumer are giving informed agreement to the signing away of the right in question. The hard part is getting that informed agreement - to successfully get a consumer to sign away some of the stickier rights, you must spend quite a lot of effort telling the consumer that they're not getting what they want. For example, to sign away the right to a functioning product, you must ensure that the consumer knows that the product is not useful for the purposes they have in mind, and that you don't believe it's possible for the consumer to make it useful (but, on the other hand, this is how you can sell a faulty car to a consumer who just wants it for scrap value - as long as you're honest about what parts you've removed, you can sell a car saying "engine's bust and I don't know why - it started giving out black smoke and not making power. I've not taken any parts off the car, but I don't believe it's economically repairable; at the very least, it needs a new engine").
The kernel community confronts GPL enforcement
Posted Sep 13, 2016 15:05 UTC (Tue) by Wol (subscriber, #4433) [Link]
This is EXACTLY the sort of thing the EU would do! If a manufacturer is shown to be flouting copyright they will be told "don't do it again!". And if they do, the flouting devices will be banned (which probably the manufacturer has discontinued, so they'll laugh at that). Except that next time, they will be told "You want an import licence? *Prove* you've complied, and then we'll get round to doing the paperwork!". OOOPPPSSS. Their competitor has just nicked the market from them ...
And it's stupid! All they've got to do is a "toss the code over the wall" dump and they've complied! And as for shipping compliant devices only to the EU, it's probably more hassle than it's worth to not comply for elsewhere, especially the States, because they'll suddenly find the Americans saying "if you can do it for Europe, why can't you do it for the US?".
And as for "we keep changing the code in the devices we ship", then just make your code change procedure including dumping the build environment every time you make a release. If that means a load of code ends up over the wall that never actually makes it into a device, so what.
Cheers,
Wol
The kernel community confronts GPL enforcement
Posted Sep 2, 2016 9:39 UTC (Fri) by paulj (subscriber, #341) [Link]
The kernel community confronts GPL enforcement
Posted Sep 5, 2016 10:13 UTC (Mon) by pabs (subscriber, #43278) [Link]
The kernel community confronts GPL enforcement
Posted Sep 5, 2016 12:39 UTC (Mon) by paulj (subscriber, #341) [Link]
The kernel community confronts GPL enforcement
Posted Sep 6, 2016 7:32 UTC (Tue) by pabs (subscriber, #43278) [Link]
The kernel community confronts GPL enforcement
Posted Sep 6, 2016 7:44 UTC (Tue) by paulj (subscriber, #341) [Link]
I would never put my code under a licence with such a clause. Either permissive is the correct choice or copyleft is, and I'd pick that from the start.
The kernel community confronts GPL enforcement
Posted Sep 6, 2016 8:06 UTC (Tue) by Cyberax (✭ supporter ✭, #52523) [Link]
I kinda like that idea, and 15 years is a good enough interval.
The kernel community confronts GPL enforcement
Posted Sep 6, 2016 17:28 UTC (Tue) by flussence (subscriber, #85566) [Link]
Well, assuming my ISP-supplied DSL router isn't replaced with a differently awful piece of hardware within the next 5 years...
The kernel community confronts GPL enforcement
Posted Sep 6, 2016 8:35 UTC (Tue) by seyman (subscriber, #1172) [Link]
I'm not sure what "the rest" refers to in the above sentence but I've always viewed copyleft as giving rights to people that copyright normally denies them. Putting software in the public domain early just goes one step further.
> Imagine if Linux code became permissive after 15 years?
The Linux code becoming permissive today would be early 2.4.x (2.4.0 was released in january 2001). It doesn't do much compared to a modern kernel, it would probably not compile with modern C compilers and would contain security holes whose fix are not under a permissive license. I don't see much of a problem.
The kernel community confronts GPL enforcement
Posted Sep 6, 2016 9:46 UTC (Tue) by paulj (subscriber, #341) [Link]
As "the rest" I mean non-copyleft, permissive open-source software and proprietary particularly. Until such time as there's a *general* sunset clause that makes _all_ X-years-old software permissively licensed, if I choose copyleft for some software instead of permissive then I did so for a reason, and that reason would not be invalidated by a relatively short amount of time if the copyright system still gives others 90+ years (and even then, doesn't require source release).
It doesn't seem a universally useful clause anyway.
The kernel community confronts GPL enforcement
Posted Sep 6, 2016 13:52 UTC (Tue) by patrick_g (subscriber, #44470) [Link]
More than in a current and modern version of FreeBSD/OpenBSD/NetBSD ?
I doubt it.
The kernel community confronts GPL enforcement
Posted Sep 7, 2016 15:19 UTC (Wed) by rfontana (subscriber, #52677) [Link]
https://lists.fedorahosted.org/pipermail/copyleft-next/20...
The kernel community confronts GPL enforcement
Posted Sep 4, 2016 11:52 UTC (Sun) by cas (guest, #52554) [Link]
> copyright on the code which may be being violated. An end user may have standing
> with regard to fitness-for-purpose or behaving-as-advertised, but not for some
> copyright claim between the vendor and their supplier.
one possible solution is for a GPL update, e.g. to e.g. GPLv2.1 and GPLv3.1 which adds a clause explicitly granting end-users of the code such standing, so that they *have* a court-enforcable right to get the source code for the hardware they've purchased.
I am not a lawyer so I have no idea how such a clause could or should be worded, but AFAICS there's no reason why it couldn't work (for the same reason that the GPL itself works: copyright law - if you don't agree to the license, then nothing else grants you permission to distribute source or binary derivatives)
OTH, such a clause may have unintended consequences...probably does, I've spent a grand total of two minutes thinking about it since I read your post.
The kernel community confronts GPL enforcement
Posted Sep 5, 2016 10:12 UTC (Mon) by pabs (subscriber, #43278) [Link]
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 21:32 UTC (Thu) by pizza (subscriber, #46) [Link]
> There isn't enough time in that process for them to get a third-party developer to write nice drivers and include them in the shipping product, and there's little incentive to improve the software after it's been successfully shipped.
We're not asking them to improve, change, or otherwise improve their software after it's been shipped. We just want them to actually release the "complete corresponding source code" to meet their obligations under the GPL.
The kernel community confronts GPL enforcement
Posted Sep 2, 2016 8:57 UTC (Fri) by farnz (subscriber, #17727) [Link]
The difficulty there is that the chip makers often require silly NDAs to even get access to the datasheets for a device. Back in a previous job, we had to decline to even consider a device, because while we could get full programming documentation (complete with example driver source), we'd have to agree with the manufacturer that we would never reveal the source code of any driver we wrote for any device from the manufacturer, and that we would not contribute to any open source drivers.
Given the complete lack of kernel GPL enforcement that we've seen since we made that decision, it's clear that we made the wrong choice - we should have accepted the proprietary, GPL-violating driver, and relied on the "so sue us then" defence if we were ever chased for source code for the driver. We'd have had a better product, and we'd have been fine treating Linux as BSD-licenced, and ending our contributions to upstream.
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 22:52 UTC (Thu) by johannbg (guest, #65743) [Link]
The kernel community confronts GPL enforcement
Posted Sep 13, 2016 15:24 UTC (Tue) by Wol (subscriber, #4433) [Link]
> Vendor A gets their product out at a lower price point and faster because they couldn't give a damn about their customers and are willing to ship the first thing that compiles and doesn't crash immediately. They have no interest in supporting or improving the product once it is in the hands of customers.
> Vendor B takes a lot longer, has larger flash, and produces a superior product that is now much more open 'firmware'.
Except that is easily dealt with. Vendor A gets the hell sued out of them, and the geeks all moan blue murder about the crappy products.
Vendor B puts out that they have superior hardware and, while they very much don't make a song-and-dance about it (of course :-) they put out the same sort of crappy drivers as A, but they give pre-release hardware AND SOURCE to any kernel guys who want them.
And yes, B's engineers are under pressure to "just get the code out", but they also have personal pride, and a kernel dev or two to mentor them, and they will produce code that is half-way fit for upstreaming. NEVER play the "all or nothing" game - if there's a bear around, you don't need to outrun the bear, you just need to outrun your companion. B's advertising says "our hardware is better, and we work with the kernel guys". B's code may be just as much rubbish but the end user's experience is better.
Cheers,
Wol
The kernel community confronts GPL enforcement
Posted Sep 13, 2016 17:03 UTC (Tue) by paulj (subscriber, #341) [Link]
I.e., Vendor A types are _not_ getting the hell sued of them, and the ratio of geeks:products and geeks:rest-of-population are both too low to make any difference, it would seem.
Note: Vendor B means they supply the full source for the actual product. Not just a dump of the stock upstream code /before/ they modified it. Oh, and they provide a build system that actually produces an image that could run on the product (mod DRM issues - Linus sadly is quite happy to not require that vendors give end-users the ability to install the software, least wrt to the kernel).
The kernel community confronts GPL enforcement
Posted Sep 14, 2016 17:21 UTC (Wed) by Wol (subscriber, #4433) [Link]
In other words, they do what they should be doing for their internal systems anyway, and one of the steps in "release to manufacturing" is "tag the release and push to the public server".
Once they've fixed their build system (not necessarily a popular job, I will admit ...) it's then just 5 minutes in the release process, which they've probably saved several times over by having a proper build system. But it's the usual PHB syndrome - "you've not got time to fix the problem properly, I need you firefighting!"
Cheers,
Wol
The kernel community confronts GPL enforcement
Posted Sep 16, 2016 6:56 UTC (Fri) by paulj (subscriber, #341) [Link]
The kernel community confronts GPL enforcement
Posted Sep 16, 2016 9:00 UTC (Fri) by gioele (subscriber, #61675) [Link]
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 2:26 UTC (Thu) by johannbg (guest, #65743) [Link]
As we all have experience and realized sometime during our lifetime that the quid pro quo does not seem to apply to certain family members or friends in which they never return the favour you gave them and in the end of the day it does not matter since you cannot coerce contribution back to a community be it from individual or companies and you will only end up driving them further away from you if you try however showing them their benefit/profit of contribute back to the community and they eventually will and qoute the thirty seventh rule of acquisition "The early investor reaps the most interest." ;)
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 1:20 UTC (Thu) by kiko (guest, #69905) [Link]
Over time, though, it becomes increasingly clear that it's not a small endeavour. We explain repeatedly that we don't maintain a stable kernel ABI, that we unpredictably have to update the kernel (due to embargoed security issues), and that DKMS is at best a half-solution to the problem.
The message gradually gets across. Most companies take years to realize it; they start by trying to minimize code out of tree, then they try chunking it up and submitting it in, and then they realize that the hardware and system software design needs to take into account the cost of upstreaming and the long-term cost of maintaining code out of tree. Then they either die, or get a real kernel team, and find a sustainable medium.
I know there's the tinkerer argument that Matthew likes to make: if I have a device, I should have the source code; it's useful to me. But in practice, is it actually that useful? That device is going to have a pretty short lifespan, because the manufacturer is unlikely to make enough margin on the product to maintain the hairball of code out of tree indefinitely. It's likely based on a 3 year old kernel version anyway, and good luck trying to get the patches forward-ported and then merged. The vendor won't live long enough to have made it worth the effort. Do you really care about a device that much?
As long as the rate of kernel development remains high, the economics of maintaining out of tree code, in the medium term, force companies to either contribute or die.
It's worth calling out that a lot of out of tree code has historical origins. A lot of device code which is out of tree begins its life SoC vendor BSP trees which are then distributed and mutated through the device ecosystem. The right way to address that is at the SoC vendor level, which we did pretty successfully at Linaro.
Enforcement is really only as useful as having nuclear weapons. It's certainly powerful to have the ability to wave them around. It's just that when you actually use them, you realize -- sadly a bit too late -- that you lost too.
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 1:39 UTC (Thu) by pabs (subscriber, #43278) [Link]
There are some examples in the thread, I'd suggest reading it in full
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 3:48 UTC (Thu) by spender (guest, #23067) [Link]
It's a nice luxury to have to not have to care about what goes on in the real world when a person is funded by the Linux Foundation. It's a completely different thing being a small company that abides by the GPL having to compete with much larger companies who do not.
-Brad
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 9:31 UTC (Thu) by spaetz (guest, #32870) [Link]
> It's a nice luxury to have to not have to care about what goes on in the real world when a person is funded by the Linux Foundation. It's a completely different thing being a small company that abides by the GPL having to compete with much larger companies who do not.
For once, I wholeheartedly agree with you in both content and tone of your message.
- Both Fairphones (FP1 and FP2) will not be getting major OS updates due to the hidden blobs and drivers that they are unwilling to release despite being part of the Linux kernel. This actually HURTS users. And no, speaking nicely to Mediateks developers will not fix this.
- Qualcomm gets away with making Nougat impossible as they hide away their Linux graphics driver and do not bother to update it, while the effort to abide by the GPL for smaller ventures is quite substantial. This makes nonenforced GPL worse than a BSD license, it puts those who comply at a disadvantage.
The kernel community confronts GPL enforcement
Posted Sep 4, 2016 13:04 UTC (Sun) by cas (guest, #52554) [Link]
> have a device, I should have the source code; it's useful to me. But
> in practice, is it actually that useful? That device is going to have
> a pretty short lifespan,
a device's lifespan is a lot longer than just the (possibly short) period of time that the manufacturer happens to sell it.
manufacturers may want you to throw away last year's model and buy a new one at least every year, but being a mindless consumer is not a legal obligation.
> because the manufacturer is unlikely to make enough margin on the
> product to maintain the hairball of code out of tree indefinitely.
> It's likely based on a 3 year old kernel version anyway, and good luck
> trying to get the patches forward-ported and then merged. The vendor
> won't live long enough to have made it worth the effort.
that's precisely why they should release the code, so that interested persons (users, tinkerers) can maintain it for themselves. fix broken shit, add features, disable anti-features, even patch it to work with newer kernels.
also....the manufacturer wants to make a profit. that's fine, i have no problem with that. however, it's not my problem - I don't owe them that, I'm not obliged to keep buying stuff from them just to contribute to their profit. in fact, once burnt, forever boycott - i might get caught out once by a manufacturer, but i won't ever buy anything again from manufacturers who screw me over on their GPL obligations. GPL code is not just a shortcut to profit where you don't have to pay the developers of the majority of your code...it comes with an obligation to provide complete source code with the binaries (or, failing that, the obligation to provide that source code on request to **ANY** third-party).
I strongly recommend my harsh and unforgiving boycott policy to all consumers of products with embedded GPL code. Manufacturers would be less likely to infringe if more people did that and resisted any temptation to sell out to the shiny.
> Do you really care about a device that much?
yes, I do. I don't want to have to buy a new phone or tablet or wifi router or whatever every year (or even every two or three or four years) just because there's a new model out and the vendor has abandoned their previous models (i.e. the one that I bought).
I buy new devices either when my current device has broken or when there has been sufficient increase in functionality that it's worth spending the money on a new one. e.g. my phone is an HTC Desire HD (2010?), and my tablet is an original 2012 Nexus 7. The phone's running CyanogenMod 7, and the tablet's running whatever google's latest release was (they stopped releasing updates for it a year or so back - my primary use for it is to run fbreader, so that doesn't bother me much...if/when it does, I'll eventually get around to installing CM or some AOSP-based "ROM" on it).
My ADSL modem is a Billion 7401VP that I've had for at least 10 years, running in bridged mode with pppoe (my linux gateway handles the firewall and routing)...i see no reason to replace it since nothing better than ADSL2 is available to me at the moment (and when NBN Fibre is available, I'll only need an ethernet port to plug into). If I used an openWRT style device then I'd want the complete source code for it, including all drivers for unusual components.
My wifi "access point" is a $15 ath9k-based TP-Link USB dongle plugged into the gateway box running hostapd, with a longish USB cable so it can hang off a plastic coat-hanger hooked over the picture-rail (fancy, glamorous, and ever-so-stylish) - it used to be an original eeepc 701 but that eventually died, so I had to quickly replace it.
I've only just started thinking that it's maybe time to start seriously researching options for replacing the phone - it still works for voice and SMS and the very small number of apps installed work OK. and a faster, newer tablet might be nice...but it's hard to see that upgrading either of them is worth the price (at least $300 for a significantly better tablet, and $400+ for a significantly better phone. or $600+ for a 5.5" or larger phablet to combine the two devices into one).
yes, i know...for a geek I don't have much of an "ooh shiny" gadget fetish. I'm keeping my geek card, though - gadget fetishism isn't a requirement. nor is wasteful consumerism.
money isn't worthless, and neither is the time I worked to earn the money to buy these things. I'm not going to throw them out and buy new ones just because some manufacturers want to sell me new shit. nor do i want to contribute to the ecological disaster of disposable consumption and e-waste any more than I absolutely have to.
which is, of course, part of the reason why the scumbag manufacturers don't want to release source. they want their products to die when they say they do, they don't want their customers keeping them alive and not buying new shit all the time. planned obsolescence isn't necessary if you can sucker people to keep on buying the same shit (maybe slightly better...or maybe slightly worse) in shiny new packaging.
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 1:59 UTC (Thu) by pabs (subscriber, #43278) [Link]
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 9:45 UTC (Thu) by paulj (subscriber, #341) [Link]
The exchange between Matthew/mjg59 and Linus is highly insightful. And kudos to mjg59 for responding to Linus.
Linus cares about Linux from a development POV. That the benefit to the ongoing development of upstream Linux is maximised - and by extension, that benefits the developers who work on Linux. Corporate appreciation of Linux and hence their sponsorship (e.g. via employment) is a critical benefit taking that view, of course. And it's a perfectly valid one - people who like working on Linux are generally a strict subset of the people in the world who like to eat, have a roof over their head, and be able to provide for their nearest and dearest. Everyone has those needs.
Matthew points out that many other people, who need be Linux developers, or even developers at all, also have an interest here. In that they would like to get code for devices they have bought, so they (or others) can update portions of that code (which may just be user-space that depends on the Linux kernel shipped). They have an interest in the GPL licence being honoured, and avail of the rights the Linux developers supposedly thought important for 3rd parties to pass on to end-users. The corporates concerned here may never be the type to sponsor upstreaming work - they just want to ship products, with whatever crappy code, and have little interest in longer-term upstreaming concerns. The end-users aren't interested in that upstreaming immediately either, they might just want to be able to update bits of a firmware image to fix serious security or usability issues (not per se in the kernel).
The GPL of course came into being precisely because RMS couldn't fix code in a device. Its motivation, its raison d'etre, was give end-users the right to *modify* the software they *receive*, as in the case Matthew described. The GPLv2 preamble is explicit about this motivation in its 2nd paragraph.
Linus doesn't really care much about that right though - he's been clear on that before wrt "Tivoization", which he thinks is fine. The issue seems to be that Linus disagrees somewhat with the licence he chose for Linux. Unfortunately for him, many other people have contributed to Linux under that licence and at least some of them *do* feel that end-user right to modify is important.
Linus also was against copyright assignment, preferring a more distributed, collective ownership of the code. Which doesn't seem wrong. However, he (or perhaps more Ted T'So) also then seem to dislike the fact that this then probably allows members of that collective to decide what enforcement to take - Ted wanted some more centralised, majority, or executive decision making on that. As someone pointed out though, you can't have it both ways on that.
What's also interesting from that thread is Linus, Ted and/or Greg KH complaining (somewhat wishy-washily) that Brad is using Linux as a tool in an agenda that revolves around the GPL. One of them specifically mentions a conversation with Brad where he was asked which was more important Linux or the GPL, and Brad chose the GPL (I forget the exact wording, and the thread's too long to find it back quickly). This is the other source of difference of interest:
- One side cares about Linux, the other about the GPL
Interesting times...
There's a lot of truth to what Linus and GregKH say, that the carrot and education is the best approach. However, allowing blatant, wilful, repeated and prolonged abuse of the GPL to go on surely *damages* the case for the "good" guys to do the right thing. Why spend resources doing the right thing, when those who do not see no risk. Leaving the lawsuits to the corporates is also not a bad point, but they're not going to look out for the end-users whose rights to the code *on their device* are being ignored by the "bad" guys - so who will?
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 10:54 UTC (Thu) by nhippi (guest, #34640) [Link]
Oh and that bit of "goodwill we've built up over the years by being nice." The irony of claiming in the very middle of a heated discussion where you are shouting at others to be known as "nice"... To be fair I totally understand why maintainers grow frustrated. Free as free puppies.
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 16:08 UTC (Thu) by deater (subscriber, #11746) [Link]
> sulk and never talk to you again if you threaten to sue
> them is quite hilarious. Companies don't have memory or
> feelings, the day the threat is over, they will look at what
> is the best way to make profit of the new situation.
I don't know, I was at a major University which decided to sue a famous CPU company over an almost expired out-of-order execution patent. The famous CPU company was very angry and more or less refused any dealings with the University for many many years because of this, to the extent that all of the computing labs were powered by harder-to-source systems with competing-CPU company's chips in them instead.
Yes, anecdote and all, but companies are run by people and people can hold grudges even if companies cannot.
The kernel community confronts GPL enforcement
Posted Sep 1, 2016 16:37 UTC (Thu) by raven667 (subscriber, #5198) [Link]
I don't think that is true at all, the people who make decisions collectively on behalf of the corporation absolutely do so in an emotional way, the individuals don't behave logically and neither does the collective, and they very often put short term emotional gratification over profits. You can find many cases of corporations behaving in an incredibly antagonistic way against their customers, employees or competitors that clearly cause them to make less money, or lose money, based on collective attitude of the decision-makers at the company.
The kernel community confronts GPL enforcement
Posted Sep 2, 2016 13:38 UTC (Fri) by nhippi (guest, #34640) [Link]
The kernel community confronts GPL enforcement
Posted Sep 2, 2016 15:11 UTC (Fri) by raven667 (subscriber, #5198) [Link]
That's only the case for very small companies where they are providing a commodity in a competitive market where the customer has sufficient information to make a rational decision, the first rule of business is to get leverage over the market so that it is not competitive and the consumer does not have information to make a rational decision so that mistakes do not have the same penalties. In addition the timeline between a grievous error and a market correction can be so long that there effectively is no feedback loop, no learning or adjustment happens.
The kernel community confronts GPL enforcement
Posted Sep 3, 2016 8:40 UTC (Sat) by karath (subscriber, #19025) [Link]
The kernel community confronts GPL enforcement
Posted Sep 6, 2016 17:27 UTC (Tue) by ballombe (subscriber, #9523) [Link]
So Linus claim that people are over-eager to sue falls a bit flat.
The kernel community confronts GPL enforcement
Posted Sep 9, 2016 21:41 UTC (Fri) by CycoJ (guest, #70454) [Link]