User: Password:
|
|
Subscribe / Log in / New account

How not to handle a licensing violation

How not to handle a licensing violation

Posted Apr 11, 2007 21:02 UTC (Wed) by ajross (guest, #4563)
In reply to: How not to handle a licensing violation by madscientist
Parent article: How not to handle a licensing violation

Is the goal to resolve the issue as quickly and harmoniously as possible? If so then going public with the problem to a huge recipients list without any attempt to resolve the matter privately first is absolutely NOT the right way to proceed

What about the case where a third party downloaded and shipped code from OpenBSD's CVS while the infringing code was present? How does one resolve the matter "privately" when the code had already been distributed?

And I'm not even sure that your statement is correct for all values of "resolve". Note that the infringing code was pulled from CVS within hours of the flame war and the public notified (via slashdot, of course) within two days. I have a hard time believing that that speed would have been achievable via private email. One might event argue that "quickness" and "harmony" are anti-correlated here.

This whole canard just seems like a weak argument to me. I mean, even if one grants the whole "Linux developers are jerks" issue: it's still a copyright and license violation, it still needs to be corrected, and the public still needs to be notified. None of those goals are assisted by the OpenBSD team throwing counter-flames and etiquette ad-hominems in response.


(Log in to post comments)

How not to handle a licensing violation

Posted Apr 11, 2007 21:16 UTC (Wed) by drag (subscriber, #31333) [Link]

It's nice to be nice. It's a 'You catch more Flies with honey, then you do with Vinegar' type thing.

Realy the developer should be given the benifit of the doubt. All effort should be given to being cordial and respectfull of the other people involved.

Let the other person be the asshole first.

Given the attitude of OBSD users and OBSD developers torward Linux and toward the GPL there is NO WAY this would of ended nicely.

NO way. It's just not going to happen.

But it's much more adventagous to make the other guy look like the asshole first. The moral high ground and all that.

This is why Theo should just be mostly ignored. How would of this turned out if nobody responded to his attacks and challenges and just worked to make sure that the problem was resolved? What was won by debating him on weither or not your 'inhuman' or whatever?

Absolutely _nothing_.

It realy does take 2 people to flamewar. Theo purposely drove the discussion away from the copyright violations and made it a discussion about email morality.

If the BCM43xx folks ignored his bait, and ignored his flames then I doubt any of this crap would of made it to Slashdot.

Also if they handled themselves more courteous fasion in the first place PLUS ignord the attempts to divert attention away from the copyright violations then it would of been even better!

Going public was nessicary, but this was still a disaster that made both sides like like jerks.

How not to handle a licensing violation

Posted Apr 11, 2007 22:00 UTC (Wed) by cventers (guest, #31465) [Link]

I didn't really see any jerks except for Theo. All the concerns about
going public are really valid -- OpenBSD CVS cannot be an anonymizing
proxy through which GPL code can be incorporated (intentionally or
accidentally) into proprietary software.

The Linux devs started out with a peaceful message, even offering to
relicense parts of the code.

Theo responded by calling the code's inclusion a "mistake" (as if copying
code from one driver into yours, knowing full well that it violates
copyright, could ever be considered an "accident"). All of these
incidents where Linux code was being checked into the OpenBSD,
BSD-licensed CVS tree were all accidents. The accidents continued to
happen over the course of more than a month.

Theo erected a straw man: "What, you want my driver developer to stop his
work?"

Theo engaged in ad hominem attacks against the Linux driver developer.

Theo implied that copyright might not apply because the bcw driver
doesn't yet work properly. (What?)

Theo implied that the only copyrighted material was spacing and comments.

By blowing up and making outrageous claims, Theo *caused* the issue to
get Slashdotted. You regret it being public? Your tantrum made it more
public.

At the end of the day, the OpenBSD project deleted the driver and spun
off into rants about OpenSSH and how evil the GPL is. All of that because
an OpenBSD developer blatantly violated a GPL copyright and got called on
it?

For the record... I don't have it out for OpenBSD. When Theo made his
call for OpenSSH contributions, I answered with a donation out of my
personal pocket for $40.

But was it wrong for the Linux developers to go public, even before going
private? Don't think so. There was even discussion in the commentary that
implied that when Linux asked for some BSD code (which they don't have to
do, except for the fact that Linus won't merge BSD code without
permission out of respect), they were told to piss off.

I agree with some of the others in the list... I think Theo was just
trying to distract attention away from the copyright infringement by
being as loud and obnoxious as possible.

How not to handle a licensing violation

Posted Apr 11, 2007 22:58 UTC (Wed) by drag (subscriber, #31333) [Link]

It's just a matter of decorum and perception. That's all.

There is no question in my mind that going public was required. To much potential for people using OpenBSD code.

The lessons learned are:

1. Talk to the developer first BEFORE (not instead of) going public in future if this problem happens again with OpenBSD folks.

2. Ingore Theo completely.

How not to handle a licensing violation

Posted Apr 12, 2007 4:30 UTC (Thu) by rickmoen (subscriber, #6943) [Link]

Initially, upon seeing this donnybrook (or at least, the portion of it that was on various mailing lists), I was mystified about what sequence of events could possibly allow the described outcome to occur through a "mistake". I was actually tempted to find some maximally diplomatic way of asking "Excuse me, but I honestly am curious about how someone else's code can be copied into one's own by accident, and hope someone wouldn't mind describing the scenario that Marcus says applied in this case, or at least one that could occur. Thanks."

I'm pretty sure I've figured it out: Marcus was temporarily using Michael et al.'s code in what was supposed to be a private development instance of bcw, while figuring out how to reimplement bcm43xx's algorithms independently. (To answer ajross's question, no, that would not necessarily cause the resulting driver to remain permanently a derivative work of bcm43xx. "Derivative work" is a legal term of art from copyright law, and can be loosely described as a work reusing a substantive amount of the copyright-eligible expressive elements of the original. Please see "Derivative Works" and related entries in my knowledgebase.) Private reuse does not infringe copyright. Marcus no doubt intended to ensure that all substantive traces of bcm43xx were expunged from his local copy, before checking it into CVS, and failed to do so.

So, the protestations of "mistake" actually are credible.

Rick Moen
rick@linuxmafia.com

How not to handle a licensing violation

Posted Apr 12, 2007 5:23 UTC (Thu) by bronson (subscriber, #4806) [Link]

But how did that private development tree get checked into a public CVS server? I'm happy to give the BSD developers the benefit of the doubt and call it an honest mistake but, wow... That's a pretty huge mistake! Have there been other mistakes that haven't been caught yet? If so, I hope the very capable OpenBSD team finds them before any greedy SCO-type companies.

How not to handle a licensing violation

Posted Apr 12, 2007 5:39 UTC (Thu) by rickmoen (subscriber, #6943) [Link]

bronson wrote:

That's a pretty huge mistake!

Yes, indeed.

I now see that, per "ncm" (Nathan Myers, whom I always heed closely), elsewhere on this thread, Marcus simply didn't realise that checking into an outside-accessible CVS server constituted "distribution". Note Nathan's shrewd point about the key misunderstanding that resulting from people having assumed different things were what Marcus referred to as his "mistake".

Either way, it's copyright violation and needed to be fixed, but avoidable unpleasantness resulted from that misunderstanding: Michael, like me, had the understandable reaction of "Huh? How can copying someone else's work to that degree possibly be a mistake?"

In how many other code locations has this sort of mishap occurred? Probably innumerably many -- in both open source and proprietary code. (Businesses, as a point of comparison, find themselves inadvertantly committing torts against each other all the time, sometimes being forced to choose between greater and lesser ones. Almost all get dealt with quietly, if noticed.)

Rick Moen
rick@linuxmafia.com

How not to handle a licensing violation

Posted Apr 12, 2007 6:23 UTC (Thu) by bronson (subscriber, #4806) [Link]

Great answer. It's too bad about the heat that both sides generated but I'm glad it eventually produced a little illumination too.

How not to handle a licensing violation

Posted Apr 12, 2007 7:01 UTC (Thu) by cventers (guest, #31465) [Link]

I must admit I never looked at the code myself to verify. But what struck
me was that the check-ins of GPL code apparently happened over a period of
time of greater than a month.

I could see the mistake scenario you describe happening, but if it was
happening over a longer term... isn't it a little harder to justify?

How not to handle a licensing violation

Posted Apr 12, 2007 7:42 UTC (Thu) by rickmoen (subscriber, #6943) [Link]

cventers wrote:

I could see the mistake scenario you describe happening, but if it was happening over a longer term... isn't it a little harder to justify?

It's so difficult that neither I, nor Marcus, nor anyone else to my knowledge has attempted to do so. (I hope you noticed my sentence "Either way, it's copyright violation, and needed to be fixed....)

Anyway, if you're asking if I think it credible for third-party borrowings to be checked into CVS multiple times without the committer quite noticing his failure to replace them, I 'd say yes.

Rick Moen
rick@linuxmafia.com

How not to handle a licensing violation

Posted Apr 12, 2007 8:52 UTC (Thu) by nim-nim (subscriber, #34454) [Link]

The thread showed the OpenBSD developper didn't take GPL code, commited it in CVS and forgot about it, but that he replaced some OpenBSD-rewritten code with new GPL code later, and then commited the result.

So the infrigement occured several times in a row and he really couldn't pretend he was working on replacing an initial GPL cut & paste

(also taking some outside code and replacing it peacemeal while having the original code under the eyes is probably not legit legal-wise, and he didn't even had the "excuse" there was no hardware docs because the Linux people had set up a separate documentation project for the hardware)

How not to handle a licensing violation

Posted Apr 12, 2007 16:13 UTC (Thu) by rickmoen (subscriber, #6943) [Link]

"nim-nim" wrote:

So the infrigement occured several times in a row and he really couldn't pretend he was working on replacing an initial GPL cut & paste

That conclusion strikes me as non-sequitur: Nothing prevents Marcus having borrowed bcm43xx code several times and intending to rewrite it each time. Failing to do so is negligent, of course.

(also taking some outside code and replacing it peacemeal while having the original code under the eyes is probably not legit legal-wise

This opinion strikes me as ill-informed about copyright law. You might wish to read some caselaw on the meaning of "derivative work" as applied by the courts to software.

Rick Moen
rick@linuxmafia.com

How not to handle a licensing violation

Posted Apr 12, 2007 17:21 UTC (Thu) by ajross (guest, #4563) [Link]

You might wish to read some caselaw on the meaning of "derivative work" as applied by the courts to software.

I think you might be overstepping here. At best, "derived work" in software is a nebulous concept. Wikipedia comes up with the following two links (by Larry Rosen and Dan Ravicher -- real lawyers, even!) which are considerably more circumspect in their pronouncements:

http://www.rosenlaw.com/lj19.htm
http://community.linux.com/article.pl?sid=02/11/13/117247

Certainly to me, a very clear common sense argument can be made that "piecewise replacement" is the software equivalent of, say, art forgery. The resulting work represents the efforts of its author, but is so tainted by the design of the original that it can't be viewed as a separate work.

At the same time, one could reasonably argue that only the final work generated from such a replacement regime should be judged on its own as a single entity -- that the "derived" property is of the work as it is, and not a function of its history. If it can be shown to be clearly distinct and different, then it should be legal. This is the theory supported by the AT&T/Berkeley lawsuit, for example (although it should be pointed out that this was a settlement, not a judgement, and one driven largely by Novell's lack of interest in pursuing the case for a comparatively minor product, not necessarily by weakness of the case itself).

The difference on both ends of the spectrum seem to be ones of degree; there is no "bright line" test here. So as a practical matter, I'd strongly argue that the kind of "copy and replace" development methodology used by OpenBSD here is inherently risky, and a generally bad idea. Its legality isn't nearly as obvious to me as it seems to be to you.

How not to handle a licensing violation

Posted Apr 12, 2007 17:49 UTC (Thu) by rickmoen (subscriber, #6943) [Link]

ajross wrote:

I think you might be overstepping here.

I think you might need to read and understand the leading caselaw (e.g., Micro Star v. Formgen, Lewis Galoob Toys, Inc. v. Nintendo of America, etc.). I have done so (for USA jurisdictions); I'm pretty sure you have not.

...tainted by the design of the original...

See, "design" would have to be a patent encumbrance, if at all. Copyrights are abstract properties concerning expressive elements of creative works (in areas of endeavour defined by statute). Patents are abstract properties concerning (useful) ideas and methods.

Designs per se are not eligible for copyright, which is why typefaces ("fonts") do not have copyright ownership (though their hinting programs do). Particular expressions of a design, if put into fixed form and judged to have sufficient creative content, do give rise to copyright ownership. See the difference?

(By the way, the legal term is "derivative work", e.g., in 17 U.S.C. 103. This alternate form "derived work" appears to have recently caught on primarily among open source free-software people, I notice.)

Rick Moen
rick@linuxmafia.com

How not to handle a licensing violation

Posted Apr 12, 2007 18:10 UTC (Thu) by ajross (guest, #4563) [Link]

See, "design" would have to be a patent encumbrance, if at all.

No, that's just wrong. Or rather, it's true only for definitions of "design" that don't match the clear context of what I wrote. You're picking on the vocabulary in my post, not the meaning: that's just bad form. Yes, there are area of patent law that treat "design" as jargon. That doesn't prevent one from using the word in contexts where it has its more traditional meaning. I'll try once more, and then leave you to your flames:

Taking a C file and changing all the symbol names constitutes infringement, agreed? Doing the same, but re-ordering them constitutes infringement, yes? Inlining one into another is still infringing, yes? Changing the calling order of two statements is still infringing, yes? Likewise, the addition of new code doesn't change the infringing status.

And yet, after enough of those changes, the work stops being derived (last I checked, that was a synonym for "derivative", by the way -- y'know, even legal arguments get to use English, too!) and starts being a unique, copyrighted work. My point is that the distinction between these states is not a bright line (ooh! a legal term!), but in fact a squishy mess. And that it is therefore best avoided by concientious developers.

So please stop with the amateur legalese. The abundantly evident truth is that real lawyers and real courts don't think this is a clear area of law, and don't have unambiguous advice for us. The world isn't as simple as you believe, and continuing to act as if it is can only lead to precicely the mistakes seen by the OpenBSD team here.

How not to handle a licensing violation

Posted Apr 12, 2007 18:59 UTC (Thu) by rickmoen (subscriber, #6943) [Link]

ajross wrote:

You're picking on the vocabulary in my post, not the meaning: that's just bad form.

I'm honestly sorry if I misunderstood what you meant by the word "design", but I really was doing my best to read in proper context. You seemed to be saying that, even after all the borrowed bcm43xx code was replaced by from-scratch replacement code, some Platonic essence of the original, the "design", inevitably would remain. And, sorry, that's just not how copyright caselaw has developed.

But let's discuss how it would be applied. I think we turn out to be in substantive agreement on that. The court (again, assuming US jurisdiction) would look for both literal and non-literal copying. For the latter, it would apply the "abstraction, filteration, comparison" test developed in CAI v. Altai, looking for expressive elements copied in a non-literal fashion. (Non-expressive, e.g., strictly functional elements are not entitled to copyright.) If there is a substantive amount of copying of expressive elements, and it wasn't explicitly permitted, and it doesn't fall into one of the allowed categories, and plaintiff has valid title, then there would be a ruling of infringement.

And indeed, there isn't a bright line. The courts had a rough time working out even those guidelines. If you'd read the caselaw, you'd have known that quite a while ago. ;-)

Also, sorry, I'm not going to try to understand software law and leave it solely to the courtroom gladiators. It's too important to remain ignorant of. You shouldn't, either.

Rick Moen
rick@linuxmafia.com

How not to handle a licensing violation

Posted Apr 12, 2007 7:51 UTC (Thu) by drag (subscriber, #31333) [Link]

Well do you suppose that the developer didn't realise that people were downloading code from that CVS server?

I don't think that he was that clueless on how CVS works. The excuse stinks.

It's similar to sticking a program (say.. modified GPL'd gimp plugin) on a public website, telling people that it's your copyright, telling people that it's BSD licensed, and then being confused about weither or not this constitutes 'distribution'.

Sounds like the guy is playing up the old OpenBSD anti-GPL arguements about the licensing being confusing and difficult to understand.

The earlier excuse was that was used was that the guy was working on a replacement for GPL'd code and he used functions and bits of logic from the GPL code to aid in the development of his own code. AS a sort of developer crutch, I guess.

As he progressed he would replace the borrowed logic from the GPL'd code with his own.

He made a mistake by forgetting about replacing this and that code snippet. So through the development proccess these bits of bcm43xx code wound up on the public CVS server.

How not to handle a licensing violation

Posted Apr 12, 2007 8:05 UTC (Thu) by rickmoen (subscriber, #6943) [Link]

"drag" wrote:

I don't think that he was that clueless on how CVS works. The excuse stinks.

I'm going to muster all powers of diplomacy at my disposal, and point out that neither I nor anyone else present is making an "excuse" for Marcus. Thus my overall comment that "Either way, it's copyright violation, and needed to be fixed...", which seems to have eluded your notice.

In addition, I'll point out, pro bono publico, that I nowhere suggested Marcus being clue- deficient about CVS. What I said was that (1) I speculated that he might have forgotten that borrowings from bcm43xx were still present when he made his comments, and (2) Nathan says he has reason to think Marcus thought CVS checkin wasn't yet "distribution" for copyright purposes. (If you think developers aren't prone to forgetting that the public can and does grab things from their public CVS repositories, you probably haven't known many developers.)

There's a certain lovely irony in a habitual Linux user (that would be me) making efforts to understand what happened, and, for his pains, being accused of making "excuses". It isn't much compared to the larger ironies noted by others, but I thank you for your contribution, anyway.

Rick Moen
rick@linuxmafia.com

How not to handle a licensing violation

Posted Apr 12, 2007 8:58 UTC (Thu) by dark (guest, #8483) [Link]

Hmm. In the flamewar archive there is a link to a commit that replaces
original bcw code with code from bcm43xx, apparently to fix a bug. That
doesn't fit with your speculation (1) at all.

How not to handle a licensing violation

Posted Apr 12, 2007 16:04 UTC (Thu) by rickmoen (subscriber, #6943) [Link]

"dark" wrote:

In the flamewar archive there is a link to a commit that replaces original bcw code with code from bcm43xx, apparently to fix a bug. That doesn't fit with your speculation (1) at all.

Actually, I can see that, too: It would require only that use borrowed code for that purpose and intend to fully rewrite it before commit, but then by commit time have forgotten that necessity. Negligent? Of course. So is the scenario Nathan Myers described. Figuring out what did happen with Marcus is an interesting exercise, and the smart money might bet on Nathan's scenario rather than mine -- but I'd argue that it's at least equally useful to visualise all the various plausible ways such things could happen. As "ajross" says, if you anticipate the potential for screwups, there are meaures you can take to make them less likely.

Rick Moen
rick@linuxmafia.com

How not to handle a licensing violation

Posted Apr 12, 2007 18:11 UTC (Thu) by cventers (guest, #31465) [Link]

You know... the truth is that I don't really know what Marcus was
thinking (if at all) when checking GPL code into the OpenBSD repository.
But this is a great time to point out that it is human nature to give
more 'rope' in allowances for what /might/ have happened if you look
favorably on the party in question. It is here that I think Theo did the
biggest disservice -- to his own developer Marcus. By reacting as he did,
he put everyone on edge and made it that much more difficult to accept
that it was a simple 'mistake'.

How not to handle a licensing violation

Posted Apr 12, 2007 9:31 UTC (Thu) by drag (subscriber, #31333) [Link]

"There's a certain lovely irony in a habitual Linux user (that would be me) making efforts to understand what happened, and, for his pains, being accused of making "excuses". It isn't much compared to the larger ironies noted by others, but I thank you for your contribution, anyway."

You misunderstood what I ment.

I didn't think _you_ were making excuses for him.

What you stated was realy very close to what Theo stated for Marcus's excuses. So I thought you were talking about _their_ excuses.

Plus I don't think that it's impossible or stupid to think that could happen. I think it's unlikely.

I am still willing to beleive it one way or the other. The guy deserves the benifit of the doubt.

It's just fishy excuses, that's all. I think that they could come up with something better.

How not to handle a licensing violation

Posted Apr 12, 2007 9:33 UTC (Thu) by drag (subscriber, #31333) [Link]

PS. But if that is what happenned then that's possible.

I agree that realy it doesn't matter. The problem is resolved one way or the other.

I just wish the OpenBSD developers would choose to work _with_ the bcm43xx folks to help get broadcom driver support for OpenBSD rather then spend their time fighting them.

The whole thing is pretty stupid.

How not to handle a licensing violation

Posted Apr 12, 2007 14:21 UTC (Thu) by ajross (guest, #4563) [Link]

Note that there are processes that can help with this sort of misunderstanding. Every commit to the kernel, for example, includes a chain of "signed-off" tags indicating the developers who have reviewed the patch.

The related agreement in Documentation/SubmittingPatches includes a section detailing exactly what "signed-off" entails in the context of license and copyright law. So at least in principle, every change includes an affirmative promise that there are no hidden license violations. It's not possible for such a change to reach a relaese without the whole chain of developers from the original author to Linus failing to follow the rules.

What seems interesting is that OpenBSD appears to have no equivalent. They just delegate commit privileges without training and assume everyone is clean and competent.

How not to handle a licensing violation

Posted Apr 12, 2007 17:14 UTC (Thu) by JoeF (subscriber, #4486) [Link]

I now see that, per "ncm" (Nathan Myers, whom I always heed closely), elsewhere on this thread, Marcus simply didn't realise that checking into an outside-accessible CVS server constituted "distribution".

I am sorry, but I don't quite believe that an experienced developer, as Marcus has been described, would not know that having code in a publicly accessible archive is distribution.
I can see that for a newbie, but not for a seasoned developer.
If it really was the case that an experienced developer didn't know what checking code into a public CVS server means, there would be something seriously lacking in the OBSD projects.

How not to handle a licensing violation

Posted Apr 12, 2007 10:37 UTC (Thu) by gypsumfantastic (guest, #31134) [Link]

Oh, what a brilliant, brilliant flamewar.

Hypocrisy, righteous indignation, genocide? All the makings of a truly world-class immolation-fest.

See, Tim O'Reilly? You can shove your civility up your vegemite causeway. The white-hot heat of angry confrontation. That's how truths get revealed, dialectics synthesised, decisions taken and the world moved on.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds