Garrett: The ongoing fight against GPL enforcement

Do you think a Cisco or a Sony would stop shipping product just because of baseless threats from the little SFC when they can demonstrate license compliance.

> What comeback does the victim have?

Aside from the silly tactic of characterizing the company as being a victim I would say the comeback for a bogus infringement suit would be to take it to court and smack the crap out them for wasting everyones time. If the SFC tried this they would probably go out of business instantly.

> Now, if Microsoft purchases an asset from a third party, do you see Microsoft getting sued for something the third party did illegally?

Actually, yes. That's what has the smartphone market in such chaos ATM. The penalty is banning the product from being sold in whatever market where the laws were violated.

And in that regard, yes, the FLOSS world tend to be softies when it comes to license violations. I'm glad a few folks are standing up for their rights.

Meanwhile, a couple other points made well by others are worth repeating:

1) Whose copyright would /you/ choose to be found guilty of infringing, if it came to the choice, Sony's or SFC's? Sony doesn't exactly have a reputation of being soft on copyright infringement when it's there's, so why are folks trying to get them some slack for infringing that of others? (And the separate subsidiaries argument doesn't cut it either; if they wanted to be identified separately they'd not be using the same Sony brand name. Obviously they want the reputation that goes with the name, so they got it! Sony, the rootkit people! Sony, the people who sell a product with a set of services, then rip one of them away, after purchase! Sony, the folks known for making the lives of various customers a living hell, due to copyright infringement suits. THAT Sony!)

2) Never-the-less, if someone wants to create a BSD styled Busybox replacement to be free of the GPL obligations or for fun or for any other reason, as long as it's not using the same code, great! Let them do it! But, others in the community can note it and ask people with rights interest in other projects to step upto the plate, which is exactly what's happening. And if those people decide to or not, well, they're the ones with the copyright interest in the other projects, it's their decision to make.

So IOW, everything seems to be moving along pretty much as one might expect. An obstacle to the proprietary interests of some company becomes too much a thorn in the flesh for them and they move to avoid it. Normal and expected. Someone else doesn't like the way enforcement on a project they were involved in went and decides to create a new one with a licence that avoids the problem as they see it. Normal and expected. (Actually, that applies both to Landley and toybox, and the FSF and GPLv3.) This new project happens to fill the need created by that proprietary interests company looking for another alternative. What's unexpected about that? Other people in the community calling attention to all this and asking people who hadn't yet stepped up to the plate enforcement-wise with their copyright interest in other projects to do so. Well, that would be normal and expected as well.

What remains to be seen is if some of these other people /do/ decide to step up to that plate. If they weren't doing so before, perhaps they still won't, and violations will get more egregious. OTOH, perhaps it was just easier to let someone else take the heat, and now that they're not as effective any more, various other people with interests will fill the need.

Either way, it's their decision. And if they do enforce, then we'll see the cycle start again. And if they don't, well, perhaps at some point almost everything will be Tivoized and there won't be enough open products at a low enough cost to continue development, at which point the tragedy of the commons will prevail and all those proprietary companies will end up paying more for proprietary solutions. After all, they wouldn't have been using the FLOSS solutions if the FLOSS solutions weren't a good cost/benefit to them, so if they cause them to disappear thru locking everything up, they'll only have themselves to blame when their own costs go thru the roof due to FLOSS dying out because everything /is/ locked up.

But in practice, there does seem to be a dynamic balance that has seemed to tilt toward FLOSS. There's always the danger of reversals in various areas, but they haven't stopped the FLOSS train yet, and with vigilance, I don't believe they'll stop it now. IOW, I expect others to step up, now that they're needed, and continue the fight.

Duncan

>If company B sells a library for 0.01$ per unit and company A incorporates that in their next product that sells by the million they don't have to worry about people suing them for whatever B did. They have a contract, a library and some header files.

Of course they do, Company A infringes on the copyright regardless of the license deal they have with Company B. The only "thing" that they have is that they can sue Company B for the damages that Company A suffered due to Bs infringement.

What is different than a upfront cost of $x or $x per unit versus some record keeping (which you have to do with the proprietary license anyway to pay that per unit cost) and making available source?

You're saying one cost (proprietary) is acceptable and expected, but the cost of GPL compliance is this big unexpected completely unreasonable thing.

It's the cost of compliance, if you can't comply don't use GPL code. And again, although the steps might be different this is no different than all the expense and tracking that commercial software requires. Sure you might find a company out there willing to cut you a pile of commercial source of a fixed one time fee but the contract WILL include auditing, tracking and other requirements. Maybe there is a single software vendor out there that doesn't but I'd wager that the chances of compliance with commercial being easier and less work than the GPL being near zero.

Just because companies are lazy and don't track, document and perform due diligence on their requirements for compliance with GPL does not excuse that behavior. It's incompetence on their part, even GPL software has a cost to use.

Oh man, you talk like these tarballs are coming out of the blue! These is the stuff you are supposed to use when you develop your prototypes. If you can't deal with them in the first place, your product will not work. You just need a website where people can download them, which, sure would cost too much, because, you know, websites can cost up to few bucks per month these days..

I'm sure you won't use these tarballs to create the production stuff you ship, but that stuff doesn't come out of the blue either. You must have a prototype first, which at a given time you freeze.

Your excuses sound pathetic.

The principle of first sale applies equally to copies of proprietary software and copies of GPL software. If you don't need a distribution license in the proprietary case, you don't need to accept the GPL either. On the other hand, if you *do* need a distribution license, then compliance with its terms is entirely your responsibility either way. For the GPL, all you really need to do is package up the source you used to build your own binaries and distribute it along with them. Making sure you can rebuild the binaries you're redistributing from the source you received isn't a particularly high hurdle.

If course, if you still think proprietary licenses are easier, you're welcome to avoid GPL software. It's your loss.

Because the entities that do not want to care about free software licenses worry about the patent vs licence distinction?

They don't. It's all of a big 'IP rights' soup for them (the latest Oracle vs Google complaint is a good example; we make the distinction because we want to be clean and tidy, proprietary houses stuff all in the same bag).

For the practical use case presented here (assemble bits sourced elsewhere in an hardware appliance, without checking legalities) there is *no* distinction between patents (for hardware components) and free software licenses (for software). They behave the same way. If you put unclean parts in your products you can be sued directly.

The "advantage of building a product out of proprietary bits" is that you can put magic binaries on a device where the few people who are likely to be disassembling them are unlikely to be doing so in order to determine copyright infringement, and even if that were their motivation, the result would be to pass the buck to the proprietary vendor if any infringement were claimed. In short, it allows sloppy management of software licences under the blanket of existing business relationships.

I agree with all those people who find astonishment in the apparent inability of large corporations to properly account for the origins of their code, especially given those complicated supply chains those companies have for everything else. But then large corporations also seem to only have a pretty vague idea of where their raw materials come from, especially when those materials come from places where the extraction or production of such materials is damaging to the environment and harmful to the people involved in the actual extraction or production.

I guess it's a case of "could try harder but won't".

Like I said, presumably the companies violating the GPL considered a settlement less onerous to deal with. Precisely what makes it so effective to require compliance with other GPL licenses at the same time.

Also, SCO had a vested interest in dragging the lawsuits out as long as possible, because they had no hope of winning but they could keep FUDding and extorting as long as the lawsuit continued. By contrast, those enforcing the GPL just want companies to come into compliance, and they don't seem to have any problem with that occurring quickly and quietly. Also, unlike SCO, the companies enforcing the GPL actually have a case, and a fairly open-and-shut one at that.