About the calculus for the project
Posted Feb 1, 2012 19:03 UTC (Wed) by tbird20d
Parent article: A tempest in a toybox
I understand that GPL violators make people upset. They upset me as well. Sony is not involved in this project (other than that I work for Sony), so please take my Sony examples as explanatory only. I wanted to explain something that I haven't communicated very well.
People have said that the cost of compliance is small. This is true, but it can be difficult to enforce across a large organization, especially with lots of sub-contractors and suppliers.
Imagine if you were mayor of a town of 300,000 people, and you had to pay a million dollar fine if someone was caught stealing. You have implemented a set of policies to prevent stealing, and to encourage people not to steal. Could you guarantee that no one ever stole? As mayor, would you pay $1,000 for an insurance policy against the fine? That's similar to the cost/benefit calculus for this project, for large enterprises. It's not that executives are unwilling to enforce compliance, or are actively undermining the license of the code their company ships. They just want to reduce risk.
Some people have said that what the SFC requests in remedies is not that costly, but I can assure you that large corporations see it very differently. Matthew, in particular, keeps asserting that the real reason for this project is "to make it easier to infringe the kernel's license." This is simply not true.
For a large company that is compliant with the GPL, the biggest worry is that a 3rd party (and a legally hostile one at that) would be given the right to review (and therefore delay) the shipment of its products. Bruce Perens said that the SFC requirement to audit the software for all GPL-based products was a "reasonable request". It certainly sounds like an appropriate thing to do for a repeat offender. But in terms of perceived cost, for Sony this would delay, and worse, add uncertainty to the release dates of hundreds of products each year. Time to market is an exceedingly big deal in consumer electronics. Products have lived or died by hitting or missing their launch windows. Marketing budgets are in the millions of dollars, with product releases designed to coincide with the holidays, or other specific events. The paltry figure of $5000 per audit seems small, but when multiplied by hundreds of products adds up to well over half a million a year in potential costs. But even worse is the time uncertainty that such an audit adds to the release cycle.
It is a shame that a few non-compliers have poisoned the well for those who take their GPL compliance seriously. I think that the SFC is over-reaching, and I'm sorry to say that I believe they will continue to over-reach. Given the scope of the remedies requested by the SFC, I believe eliminating the possibility of a license violation is a valid, although not ideal, solution.
to post comments)