at it again
Edward Naughton is
is now claiming that most or all Android vendors have lost their right to
distribute the kernel as the result of GPL violations. Naturally Florian
and amplified it; he is amusingly surprised to learn that there
are GPL compliance problems in the Android world. As it happens, there is
no immediate prospect of Android vendors being unable to ship their
products - at least, not as a result of GPL issues - but there is a point
here which is worth keeping in mind.
First: please bear in mind while reading the following that your editor is
not a lawyer and couldn't
even plausibly play one on television.
Earlier this year, Jeremy Allison gave a talk on why the Samba project
moved to version 3 of the GNU General Public License. There were a
number of reasons for the change, but near the top of his list was the
"GPLv2 death penalty." Version 2 is an unforgiving license: any
violation leads to an automatic termination of all rights to the software.
A literal reading of this language leads to the conclusion that anybody who
has violated the license must explicitly obtain a new license from the
copyright holder(s) before they can exercise any of the rights given by the
GPL. For a project that does not require copyright assignment, there could
be a large number of copyright owners to placate before recovery from a
violation would be possible.
The Samba developers have dealt with their share of GPL violations over the
years. As has almost universally been the case in our community, the
Samba folks have never been
interested in vengeance or "punitive damages" from violators; they simply
want the offending parties to respect the license and come back into
compliance. When the GPL was written to become GPLv3, that approach was
encoded into the license; violators who fix their problems in a timely
manner automatically have their rights reinstated. There is no "death
penalty" which could possibly shut violators down forever; leaving this
provision behind was something that the Samba team was happy to do.
Android phones are capable devices, but they still tend not to be shipped
with Samba servers installed. They do, however, contain the Linux kernel,
which happens to be a GPLv2-licensed body of code with thousands of
owners. Those who find it in their interest to create fear, uncertainty,
and doubt around Android have been happy to seize on the idea that a GPL
violation will force a vendor to locate and kowtow before all of those
owners before they can ship the kernel again. There can be no doubt that
this is a scary prospect.
One should look, though, at the history of how GPL violations have been
resolved in the past. There is a fair amount of case history - and a much
larger volume of "quietly resolved" cases - where coming into compliance
has been enough. Those who have pursued GPL violations in the courts have
asked for organizational changes (the appointment of a GPL compliance
officer, perhaps), payment of immediate expenses, and, perhaps, a small
donation to a worthy project. But the point has been license compliance,
not personal gain or disruption of anybody's business; that is especially
true of the kernel in particular.
Harald Welte and company won their first GPL court case in 2004; the practice of
quietly bringing violators into compliance had been going on for quite some
time previously. Never, in any of these cases, has a copyright-holding
third party come forward and claimed that a former infringer lacks
a license and is, thus, still in violation. The community as a whole has
not promised that licenses for violators will be automatically restored
when the guilty parties come back into compliance, but it has acted that
way with great consistency for many years. Whether a former violator could
use that fact to build a defense based on estoppel is a matter for lawyers
and judges, but the possibility cannot be dismissed out of hand. Automatic
reinstatement is not written into the license, but it's how things have
There is an interesting related question: how extensive is the termination
of rights? Each kernel release is a different work; the chances that any
given piece of code has been modified in a new release are pretty high.
One could argue that each kernel release comes with its own license; the
termination of one does not necessarily affect rights to other releases.
Switching to a different release would obviously not affect any ongoing
violations, but it might suffice to leave holdovers from previous
violations behind. Should this naive, non-lawyerly speculation actually
hold water, the death penalty becomes a minor issue at worst.
So Android vendors probably have bigger worries than post-compliance
hassles from kernel copyright owners. Until they get around to that little
detail of becoming a former violator, the question isn't even
relevant, of course. Afterward, software patents still look like a much
That said, your editor has, in the past, heard occasional worries about the
prospect of "copyright trolls." It's not too hard to imagine that somebody
with a trollish inclination might come into possession of the copyright on
some kernel code; that somebody could then go shaking down former violators
with threats of lawsuits for ongoing infringement. This is not an outcome
which would be beneficial to our community, to say the least.
One would guess that a copyright troll with a small ownership would succeed
mostly in getting his or her code removed from the kernel in record time.
Big holders could pose a bigger threat. Imagine a company like IBM, for
example; IBM owns the copyright on a great deal of kernel code. IBM also
has the look of one of those
short-lived companies that doesn't hang around for long. As this
flash-in-the-pan fades, its copyright portfolio could be picked up by a
troll which would then proceed to attack prior infringers. Writing IBM's
code out of the kernel would not be an easy task, so some other sort of
solution would have to be found. It is not a pretty scenario.
It is also a relatively unlikely scenario. Companies that have built up
ownership of large parts of the kernel have done so because they are
committed to its success. It is hard to imagine them turning evil in such
a legally uncertain way. But it's not a possibility which can be ignored
entirely. The "death penalty" is written into the license; someday,
somebody may well try to take advantage of that to our detriment.
What would happen then? Assuming that the malefactor is not simply
lawyered out of existence, other things would have to come into play.
Remember that the development community is currently adding more than one
million lines of code to the kernel every year. Even a massive rewrite job
could be done relatively quickly if the need were to arise. If things got
really bad, the kernel could conceivably follow Samba's example and move to
GPLv3 - though that move, clearly, would not affect the need to remove
problematic code. One way or another, the problem would be dealt with.
Copyright trolls probably do not belong at the top of the list of things we
lose sleep over at the moment.
to post comments)