On the 'death penalty' thing [LWN.net]

On the 'death penalty' thing

Posted Feb 1, 2012 20:07 UTC (Wed) by kripkenstein (subscriber, #43281)
In reply to: On the 'death penalty' thing by pizza
Parent article: A tempest in a toybox

> Keep in mind that while the 'death penalty' and/or SFC's demands may seem extreme, they're pretty darn reasonable when viewed from the perspective of copyright law, which (at least in the US) allows for $150K *per copy* penalties, on top of an injunction preventing further distribution.

This is a valid point.

However, that copyright law is insane doesn't excuse us in the FOSS community doing anything insane as well (even if it is much less insane).

It is *very* hard to convince corporations to use FOSS if the risk is that a single mistake by one of their teams means that the entire company can no longer use that specific FOSS until the copyright owner agrees for them to. The main problem is uncertainty: The corporation does not know ahead of time exactly what the copyright owner will demand. At least with a proprietary license, you know ahead of times the costs involved in a clear (well, clear-er) manner.

If I had believed the GPL did actually assume such a "death penalty" event - I prefer to call it a "hostage situation" - I would never have released the GPL code I did (I would have used another FOSS license). It strikes me as counter to the intent of the GPL, and very dangerous to the FOSS community as I said above.

It is more than sufficient to protect GPL code to interpret it in the more reasonable way, which is that distributing GPL code grants a new license each time. So that you have a license if you comply with the GPL. If you don't comply, you lose that license until you download a new copy, and are in compliance with that license. In this situation, violating the GPL is still very bad - you cannot use the code any more - but at least you know ahead of time exactly what you need to do to be able to use it again - come into compliance.

That the SFC does basically that - but for all FOSS projects the company uses, not the one whose license they violated - is not as bad as things *could* be, because in theory the license enforcer could ask for anything at all (hence I prefer the term "hostage situation"). But again, the problem is that corporations don't know for sure in advance what the SFC will require, if one of their teams makes a mistake and doesn't fully comply with the license of one of the FOSS projects they use. This is one of the biggest problems for FOSS adoption today.

(Log in to post comments)

On the 'death penalty' thing

Posted Feb 1, 2012 20:23 UTC (Wed) by raven667 (subscriber, #5198) [Link]

> distributing GPL code grants a new license each time

I'm not sure that it's been tested in court but that seems like a reasonable interpretation, you don't have the right to distribute at all if you are not compliant and every compliant distribution doesn't require individual authorization by the copyright owner.

> corporations don't know for sure in advance what the SFC will require

That doesn't really seem to be true, the SFC has stated many times that all they require is that general compliance efforts be undertaken and that their expenses be paid.

> The main problem is uncertainty

If that were the main problem then no one would every go into business, businesses deal with uncertainty and risk all day long. Unless you think there should be some government-mandated certainty of risk, certainty of profits, etc. there is going to be some amount of risk and uncertainty in business.

On the 'death penalty' thing

Posted Feb 2, 2012 4:18 UTC (Thu) by kripkenstein (subscriber, #43281) [Link]

Actually the GPL3 wording, with the FSF's reasons for the wording, support the opposite: The GPL3 wording is there in order to clarify in a precise way what was always intended in the GPL2. There was a lack of clarity in the GPL2 which led to additional explanations in the GPL3.

On the 'death penalty' thing

Posted Feb 2, 2012 14:05 UTC (Thu) by mjg59 (subscriber, #23239) [Link]

From the rationale for the first draft of GPLv3 (http://gplv3.fsf.org/gpl-rationale-2006-01-16.html#SECTIO...)

"GPLv2 provided for automatic termination of the rights of a person who copied, modified, sublicensed, or distributed a work in violation of the license. Automatic termination can be too harsh for those who have committed an inadvertent violation, particularly in cases involving distribution of large collections of software having numerous copyright holders. A violator who resumes compliance with GPLv2 would need to obtain forgiveness from all copyright holders, but even to contact them all might be impossible"

GPLv3 doesn't clarify the termination clause. It materially changes it.

On the 'death penalty' thing

Posted Feb 2, 2012 4:19 UTC (Thu) by rahvin (subscriber, #16953) [Link]

From what I know of Contract law it's not the intent of the author of contract that matters, it's the intent of the parties of the contract that does. It's that "meeting of the minds" that defines the contract, but only when the language is ambiguous.

In theory the author could mean something completely different than both the parties to the contract meant and it wouldn't be the authors interpretation that mattered. The caveat here is that if the two parties to the contract had different intentions, then the Judge is tasked with finding a middle ground and could in theory use the contract authors intentions to reach that point even if it was diametrically opposed to the intentions of both parties. But I don't think it's very common that a contract exists where the two parties to the contract have opposite interpretations to what the contact meant AND the author had a third interpretation that was different to both parties intentions. That would be some brutally awful contract language to reach that point.

a license is not a contract

Posted Feb 2, 2012 4:46 UTC (Thu) by ncm (subscriber, #165) [Link]

Copyright licenses are not contracts, and copyright law is not contract law. In a copyright license there is no "agreement" to be mediated; aside from "fair use", the only intentions that matter are those of the copyright holder. A judge who holds that the violator reasonably misunderstood the license terms can reduce the award accordingly -- after the violator has lost the case.

On the 'death penalty' thing

Posted Feb 2, 2012 2:30 UTC (Thu) by faramir (subscriber, #2327) [Link]

I don't see there is any more risk with the GPL then with a proprietary license. If you violate the license then you have no right to distribute.
The owner of the copyright (whether licensed under GPL or proprietary) may or may not elect to give you a new license to distribute under whatever terms they decide. The violator either accepts those new terms, stops distributing it, or gets sued for copyright violation.

Now it may be the case that companies violate the GPL license more often then they do proprietary licenses. Or maybe they just get caught more often. I really couldn't say, but I don't see how that matters.

On the 'death penalty' thing

Posted Feb 4, 2012 19:43 UTC (Sat) by krake (subscriber, #55996) [Link]

"I don't see there is any more risk with the GPL then with a proprietary license."

It seems kripkenstein has reason to believe that proprietary licenses come with details on how one would get a new license if one loses the current one due to violating its terms.

Sounds weird to me as well but that's what their posting says.

On the 'death penalty' thing

Posted Feb 9, 2012 20:03 UTC (Thu) by landley (guest, #6789) [Link]

> I don't see there is any more risk with the GPL then with a proprietary
> license.

Well, it's a _touch_ harder to invoke First Sale Doctrine. :)

Rob