My /bread/ is batch coded and traceable, but the software on your WiFi router probably isn't

Posted Feb 1, 2012 1:01 UTC (Wed) by tialaramex (subscriber, #21167)
Parent article: Garrett: The ongoing fight against GPL enforcement

Most of the software industry is still acting like it's the 19th century. "So long as we don't know where the rest of that cow is, we can pretend it's not our problem if more people die". But having the tools and choosing not to use them makes you culpable. Once traceability became practicable in other industries those companies which chose not to make use of it became culpable for the consequences.

And so today when a halogen heater in Dundee catches fire, it can be traced back to see which which assembly line, in which Chinese factory made that heater. Records of every change to the manufacturing process, every change of parts supplier, and so on, must all be kept for the lifetime of the product. Because that way they can figure out which other heaters have the same fault, and recall them. If it can't be traced back, the importer may be on the hook to replace every single heater they imported, which will almost certainly mean bankruptcy.

But when a huge entertainment giant ships software to someone, they still say "Oh, we don't know where all the code in there came from. We don't keep proper records of any of that stuff, our procedure is just to slap things together until we get something that works". The product from that supplier who are known to use unlicensed material? Nobody will ever know. The software someone found on github and merged in without checking the license? Ditto.

And it seems there are even people who have sympathy for this bullshit and feel it's an imposition, a infringement of liberty, to insist that _multi-billion dollar software suppliers_ get their act together as much as my local bakery.

My /bread/ is batch coded and traceable, but the software on your WiFi router probably isn't

Posted Feb 1, 2012 1:53 UTC (Wed) by rahvin (guest, #16953) [Link]

Beautiful and succinct. I tried to relate that point above but you did better than me. It's laziness on the part of the companies and it's not excusable. Just because you use some fly by night Chinese supplier doesn't mean you as the distributer that got a product for half the cost of a proprietary one aren't on the hook.

Violations should have penalties so that companies realize GPL code has a compliance cost that needs to be accounted for, tracked, and followed up on including putting those same requirements in their supply contracts. It's simply negligence for them not to comply then claim it's not their problem. Not a single case has gone to the jury because once legal actually gets involved and runs the cost they realize that failing to settle will cost them far more than any of the costs SFC ask for. When you want to pay nothing SFC's costs might seem high, but in comparison to those proprietary solutions or a jury ruling of infringement it's pennies.

My /bread/ is batch coded and traceable, but the software on your WiFi router probably isn't

Posted Feb 1, 2012 4:42 UTC (Wed) by josh (subscriber, #17465) [Link]

Well said.

Procedures like the Linux kernel's Developer Certificate of Origin and Signed-off-by/Reviewed-by system, and more recently the use of signed tags, go a long way towards the kind of auditability you suggest. More to the point, developers need to actually understand the licenses and conventions around the software they use.

Going with the lowest bidder and not reviewing their work will cost you dearly when you find out they've screwed up. That applies whether they introduced a bug that gets you bad PR, or a license violation that gets you sued.

My /bread/ is batch coded and traceable, but the software on your WiFi router probably isn't

Posted Feb 1, 2012 11:58 UTC (Wed) by pboddie (guest, #50784) [Link]

The perverse thing is that the same large corporations want software patents, which for independent developers would mean the obligation to track and license the zillions of patents supposedly applying to their work in addition to figuring out which patents are involved in the first place.

Even the more manageable and transparent work of remembering where you got your code from is something the corporations seem unwilling to do themselves, so one might initially think that the burdens of auditing and administering monopoly grants would be a problem for the likes of Sony, but in the event of patent litigation, their defence is just to wave their own patent portfolio at the aggressor or to dip into a damages fund that represents the "cost of doing business" and is deep enough to make most opportunist litigators go away.

Patents also serve as another line of defence for these organisations when caught doing something wrong. If someone accuses them of copyright infringement, their response is to just threaten the accuser with some patent that the legal department can dig up. That's another reason why some corporations don't want you to share your work under certain licences, with the GPL being one of them. It doesn't surprise me that corporations want us to make things easier for them. People should realise that this comes at a cost to us.

Claiming that a reduction in the vendor popularity of copyleft-licensed projects is a bad thing means nothing when the corporations in question would switch to using permissively licensed works and still not share their contributions.