Harald Welte, the current netfilter maintainer, ran a session on dealing
with GPL violations. Harald has made a name for himself over the last year
by reaching settlements with several manufacturers who were shipping
products containing the netfilter code without complying with its licensing
requirements. In most cases, these settlements have been relatively easy
to reach, with the offending companies releasing their code and, in many
cases, making a donation to the FSF or a related worthy cause. Harald is
also the force behind the injunction in the Sitecom case, which just
received another court ruling that the GPL is valid and enforceable in
Harald's approach differs from that of the Free Software Foundation. The
FSF tries to resolve GPL violations in the most quiet, friendly way
possible; in most cases, the wider world never even hears that there is a
problem. Harald found himself frustrated with this way of doing things; it
takes far too long (perhaps longer than the lifetime of the offending
product) and gives no real disincentive for companies considering ignoring
the GPL. So he took matters into his own hands; by bringing in lawyers
early, making violations public,
and threatening immediate damage to the offenders' bottom line, he
has gotten some real results.
Some interesting features of the German legal system have worked in
Harald's favor in this campaign. By (his lawyers' interpretation of)
German law, simple use of the netfilter/iptables internal API is a strong
indication of a derivative work. Since it is not a "standard" API, there
is no copyright boundary there; by this same reasoning, any binary-only
kernel module is a GPL violation. This interpretation of the GPL also
rules out putting GPL-licensed code onto hardware which only runs signed
binaries - unless the key is distributed with the source.
German law requires that any request for injunctive relief be filed within
four weeks of the discovery of the infringement. This is an inflexible,
externally-imposed deadline which forces companies to move quickly to
resolve the issue. When a company has received a cease-and-desist notice,
it knows that it cannot drag it issue out over time; it will, instead, find itself
in court in short order.
Harald was asked about the completeness of the code releases he has won so
far; apparently not all vendors have released kernels which actually can be
rebuilt into a working image - or which even compile. His response is that
his ability to compel code releases really only extends as far as his
copyrights in the netfilter code. If a vendor does not release a full
kernel, copyright holders in other parts of the system will have to get
The last part of the talk covered things developers can do to help make
copyright enforcement easier. They include:
- Don't fix spelling errors and typos, and leave strange messages
(example: "Rusty needs more caffeine") in place. The presence of this
sort of text in a binary image is an obvious sign of copying. The
removal of this text, instead, would be a clear sign of a willful
violation, which raises the stakes considerably.
- The copyright message needs to be in the binary as well.
- It is important to track the names of all contributors to the code, so
they can be found for enforcement actions or the distribution of any
sort of damages.
- When a violation is found, it should not be made public at the time,
as that can make getting injunctive relief harder. Instead, a lawyer
should be brought in to prepare and send the "cease and desist" note.
Expect to hear about more resolved violations in the near future. Harald
indicated that a couple of settlements have been reached, but the companies
involved have been given a grace period to prepare for the fallout once the
situation has been made public. Once that period has passed, the press
releases will go out.
to post comments)