User: Password:
|
|
Subscribe / Log in / New account

Garrett: The ongoing fight against GPL enforcement

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 15:26 UTC (Tue) by mjg59 (subscriber, #23239)
In reply to: Garrett: The ongoing fight against GPL enforcement by dskoll
Parent article: Garrett: The ongoing fight against GPL enforcement

If you engage in a legitimate act in order to make it easier to engage in an illegitimate act, that's usually socially frowned upon. The reason to replace Busybox isn't because they don't want to hand over the source to Busybox - it's because Busybox is being used as a proxy to obtain the source code for more interesting GPLed works. People want a Busybox replacement in order to make it easier to infringe the kernel's license.


(Log in to post comments)

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 15:38 UTC (Tue) by fb (subscriber, #53265) [Link]

> because Busybox is being used as a proxy to obtain the source code for more interesting GPLed works.

I am glad you posted this clarification because I had read your blog post, and IMHO you didn't make this point explicitly enough there (I actually missed it in a 'superficial reading'). I mean this is the whole point of your complaint, but it is buried somewhere in the 5th or 6th paragraph.

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 19:22 UTC (Tue) by landley (subscriber, #6789) [Link]

As the ex-maintainer of busybox who STARTED those lawsuits in the first place and now HUGELY REGRETS ever having done so, I think I'm entitled to stop the lawsuits in whatever way I see fit.

They never resulted ina single line of code added to the busybox repository. They HAVE resulted in more than one company exiting Linux development entirely and switching to non-Linux operating systems for their embedded products, and they're a big part of the reason behind Android's "No GPL in userspace" policy. (Which is Google, not Sony.)

Toybox is my project. I've been doing it since 2006 because I believe I can write a better project than busybox from an engineering perspective. I mothballed it because BusyBox had a 10 year headstart so I didn't think it mattered how much BETTER it was, nobody would use it. Tim pointed out I was wrong about that, I _agreed_ with him once I thought about it, so I've started it up again.

Rob

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 21:16 UTC (Tue) by RiotingPacifist (guest, #68160) [Link]

>They HAVE resulted in more than one company exiting Linux development entirely and switching to non-Linux operating systems for their embedded products, and they're a big part of the reason behind Android's "No GPL in userspace" policy. (Which is Google, not Sony.)

If they were violating the GPL and not giving code back anyway, what difference does it make to either developers of the GPL products in use or end users?

If a company has to do a lot more work in order to avoid using GPL code, then I'm much happier with that than allowing them to leach off a BSD style ecosystem.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 13:59 UTC (Wed) by paulj (subscriber, #341) [Link]

It means Rob gets fewer consulting jobs. I.e. there is a conflict between the interests of those who develop the code, who may get benefits from the widest possible use - the code being free software is effectively cheap marketing; and users who would like the freedom to modify the software distributed to them.

The previous paragraph, the first sentence particularly, is not meant to be judgemental - things just are the way they are. Perhaps Rob chose the wrong licence, and should have used BSD. Perhaps his initial choice of licence was made before contracting revenue was a consideration, and user freedom and/or getting other developers on board was a higher consideration.

Again, no value judgement intended. Licence choice is a personal thing. But our motivations & interests can change over time.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 19:18 UTC (Wed) by dlang (subscriber, #313) [Link]

Rob has never said that is is Ok with people not complying with the GPL (or any other license).

He has said that he sees the 'fix' of lawsuits being worse than the problem it's trying to solve.

In particular, he's annoyed because he was hired by a company to work on Linux, including making sure that there was license compliance, and then the company was sued, in his name, while he was working there.

Frankly, I would be rather annoyed in that situation myself.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 2, 2012 11:14 UTC (Thu) by paulj (subscriber, #341) [Link]

He sees the "fix" of lawsuits as being detrimental to the use of GPL software by corporates. He makes his living from working for such corporates on such software. To my view, what Rob wants is a sort of honour system - where people release their changes to free software if they can, but where there should be no real enforcement consequences for those who don't.

In other words, what Rob really wants is to use the BSD-no-advert-clause licence.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 2, 2012 11:26 UTC (Thu) by Trelane (subscriber, #56877) [Link]

No, BSD still has requirements to be met.

If what you're saying is true, then what he is wanting is public domain.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 2, 2012 11:32 UTC (Thu) by Trelane (subscriber, #56877) [Link]

(Particularly, since we're talking about binary-only distribution,
> Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
)

Or maybe there's a minimal, only-no-warranty license out there somewhere that requires nothing except to agree to the no warranty thing.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 2, 2012 12:57 UTC (Thu) by gioele (subscriber, #61675) [Link]

Or maybe there's a minimal, only-no-warranty license out there somewhere that requires nothing except to agree to the no warranty thing.
The Unlicense license (<http://unlicense.org/>), derived from the SQLite license.
This is free and unencumbered software released into the public domain.

Anyone is free to copy, modify, publish, use, compile, sell, or
distribute this software, either in source code form or as a compiled
binary, for any purpose, commercial or non-commercial, and by any
means.

In jurisdictions that recognize copyright laws, the author or authors
of this software dedicate any and all copyright interest in the
software to the public domain. We make this dedication for the benefit
of the public at large and to the detriment of our heirs and
successors. We intend this dedication to be an overt act of
relinquishment in perpetuity of all present and future rights to this
software under copyright law.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.

For more information, please refer to <http://unlicense.org/>

Garrett: The ongoing fight against GPL enforcement

Posted Feb 3, 2012 8:22 UTC (Fri) by bronson (subscriber, #4806) [Link]

Or the MIT License, a personal favorite. It looks basically the same.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 3, 2012 1:34 UTC (Fri) by dlang (subscriber, #313) [Link]

you are forgetting that Rob is one of the people who started the busybox lawsuits.

He is not saying that there is never a case for lawsuits, but he is saying that the way the SFC is handling the lawsuits is not something he agrees with, and he has directed them to stop doing so on his behalf.

In other words, he tried doing it their way and didn't like the result. This isn't just armchair quarterbacking from him

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 21:38 UTC (Tue) by job (guest, #670) [Link]

The point argued in the article is not regarding code contributed to Busybox, of which there may indeed be none as you point out. But there has been a lot of contributed code elsewhere, mainly a lot of hardware support, that we wouldn't have seen otherwise. I fail to see how this isn't a good thing. A vendor who leaves Linux development because of copyleft wouldn't have contributed anyway.

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 21:59 UTC (Tue) by BrucePerens (guest, #2510) [Link]

It's necessary to balance having complying vendors who contribute code against having all possible vendors and a lot of them non-compliant and not contributing anything. This means that you will lose a company like Cisco, who uses you for an excuse to do something they wanted to do anyway. Surely Cisco has enough lawyers and engineers to do compliance correctly if they want to.

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 23:06 UTC (Tue) by Kluge (subscriber, #2881) [Link]

If Cisco wants to do something as you say, I suspect they're going to do it whether they have a GPL enforcement action to blame it on or not.

So why muddy the enforcement waters (by selective or lackadaisical enforcement) in order to please them?

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 18:09 UTC (Tue) by tbird20d (subscriber, #1901) [Link]

People want a Busybox replacement in order to make it easier to infringe the kernel's license.

This is conjecture on your part, and I can say with 100% certainty that it is untrue. I am the Sony engineer you referenced in your article, and this is not my intent.

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 18:12 UTC (Tue) by mjg59 (subscriber, #23239) [Link]

How many vendors are you aware of who have been sued for Busybox infringement while compliant with all the other GPLed code they were shipping?

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 19:16 UTC (Tue) by tbird20d (subscriber, #1901) [Link]

I have no idea. What's that got to do with my intent?

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 19:29 UTC (Tue) by mjg59 (subscriber, #23239) [Link]

Replacing Busybox with a BSD version only helps if Busybox is the only infringing component. So if you're not trying to protect people who have infringing non-Busybox components, the number of people who are being sued purely for Busybox violations is very relevant.

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 19:41 UTC (Tue) by landley (subscriber, #6789) [Link]

You can sue over the other stuff based on their copyright holders.

Stop trying to leverage MY code to promote YOUR political agenda. Write your own darn code.

(And complaining about ME writing NEW code because obsoleting my own previous work hurts YOUR agenda is just _sad_.)

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 20:08 UTC (Tue) by BrucePerens (guest, #2510) [Link]

Hm, it seems to me that you've leveraged my code for just such purposes.

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 20:15 UTC (Tue) by landley (subscriber, #6789) [Link]

Nope, I proved that you didn't have any code left in the project, remember?

http://busybox.net/~landley/forensics.txt

If I'd found any code in the project that was under your copyright, which you objected to shipping GPLv2 only, I would have removed it. That's why I did the search, to remove such code and thus satisfy your objections: there wasn't any.

You also didn't come up with the idea of a "swiss army knife" executable, the first busybox contained gzip/gunzip which already did that upstream (and Red Hat's nash did it too). You never posted on the busybox list once in the 10 years between when Erik Andersen created it and when you started trolling about GPLv3. As far as I can tell, you haven't written any actual code _anywhere_ in 15 years.

Go away, you're not relevant.

Can we stop this sub-thread?

Posted Jan 31, 2012 20:18 UTC (Tue) by corbet (editor, #1) [Link]

There is a lot of interesting discussion happening in the comments to this article. I would sure hate to see it get overrun by a Bruce-vs-Rob name-calling session. Your disagreements in this area are well understood, well documented, have not changed in years, and are not really relevant to the subject at hand. Could I ask, please, that they not be rehashed now?

Thanks.

Can we stop this sub-thread?

Posted Jan 31, 2012 20:32 UTC (Tue) by BrucePerens (guest, #2510) [Link]

As it happens, multiple lawyers I've discussed this with say he's wrong about my work having been removed from the program. But we can't stop him from perpetuating this.

Can we stop this sub-thread?

Posted Jan 31, 2012 23:05 UTC (Tue) by landley (subscriber, #6789) [Link]

I'll stop replying to him, but it _is_ relevant that:

A) I stopped working on busybox in the first place because he made doing so intolerable.

B) I started Toybox in part to have a clean untainted environment without any possibility of his claim over it.

C) I never would have considered doing a BSD licensed project if GPLv2 hadn't been undermined by people who made GPLv3 intolerable. (I didn't leave the GPL, it left me.)

I'm working now to fill a market vacuum (mainframe -> minicomputer -> microcomputer -> smartphone, an "android self-hosting project" if you will), but I'm in a _position_ to do so because I was driven out of my old comfort zone by a variant of SCO's old "communicable taint" IP claims making my old project Unclean. What follows is me making the best of the hand I was dealt.

Rob

Can we stop this sub-thread?

Posted Feb 1, 2012 0:22 UTC (Wed) by Trelane (subscriber, #56877) [Link]

> I never would have considered doing a BSD licensed project if GPLv2 hadn't been undermined by people who made GPLv3 intolerable. (I didn't leave the GPL, it left me.)

I'm curious what, in particular, of the GPLv3 and LGPLv3 you object to, in contrast to {L,}GPLv2.

Thanks!

Can we stop this sub-thread?

Posted Feb 1, 2012 1:13 UTC (Wed) by landley (subscriber, #6789) [Link]

Sigh. This is a "why haven't you let Jesus into your life" question. If I answer it in public, FSF zealots will jump out of the woodwork and pester me incessantly to recant and confess.

Eh, screw it. I'm taking the "no replying to bruce" thing to mean _all_ FSF zealots, and not replying to them.

Back when GPLv3 came out there was a giant linux kernel thread about this topic, and a position statement:

http://lwn.net/Articles/200422/

But long before GPLv3 shipped, Linus said he wasn't gonna, and to most of us Linux developers GPL was "the linux kernel license". Nobody cared what the FSF said, and some people collected Linus's public statements on that:

http://yarchive.net/comp/linux/gpl.html

Then when GPLv3 happened we all looked over it and went "you're crazy, you know that?" And the FSF went "you'll come around. You have no choice. Bwahahahaha."

I'm pretty sure I participated in that thread at the time, a quick Google finds the tip of an iceberg:
https://lkml.org/lkml/2007/6/14/567
http://lkml.indiana.edu/hypermail/linux/kernel/0706.1/287...

But there was more. Oh so much more. The FSF zealots WOULD NOT SHUT UP ABOUT IT, no matter how many different ways we said "no"...

I've blogged about it too, intermittently over the years:
http://landley.net/notes-2006.html#03-12-2006
http://landley.net/notes-2009.html#02-03-2009

In a nutshell it wasn't needed, is far more complicated, tries to control how the code is USED on the target and not just how it's distributed...

Ok, let's go back to the elephant in the room: the FSF had really bad advocates try to cram it down our throats until we went "death first" and stuck our fingers in our ears until they got bored and went away. (Really, the flamewar on the mailing list lasted MONTHS. If you're wondering why "sue them until they see things our way" and "just wait, they'll come around" don't seem like viable tactics to most of the Linux crowd, it's because we've been on the receiving end of them, and didn't like it.)

We do have actual technical reasons. Specifically in the embedded space, the _easy_ way to comply with GPLv3 ("If you can upgrade it, I must be able to, so give me the root password to the world of warcraft server I have an account on") is to cut the jtag traces on the board and burn your code into ROM, so the vendor can't upgrade it either. Is this really something we want to _encourage_?

GPLv2 had 17 years of analysis when GPLv3 shipped, and nobody ever found anything _wrong_ with it. The busybox suits are still enforcing GPLv2, not v3. The FSF went "I am altering the bargain, pray I don't alter it any further", and the rest of us cried "foul".

We don't trust the FSF, it keeps pulling dirty tricks to try to get its way: http://landley.net/notes-2011.html#15-08-2011

I preferred GPLv2 over GPLv3 for a number of reasons, but I don't want to CONSIDER using GPLv3 because I don't want to get any of the FSF on me. They're crazy, and far more interested in persecuting heretics than heathens.

Rob

Can we stop this sub-thread?

Posted Feb 1, 2012 1:32 UTC (Wed) by Trelane (subscriber, #56877) [Link]

Interesting, thank you for your reasoning. I don't agree with it by far, especially the evidence you've proffered (e.g. Florian Mueller is an example of FSF deception?), but thank you for providing it. At least I understand your position more.

Can we stop this sub-thread?

Posted Feb 1, 2012 18:16 UTC (Wed) by dashesy (guest, #74652) [Link]

Thanks a lot for the links, and all the useful comments. It was fun to read and very informative. I had stumbled upon your website before, just to get Aboriginal Linux, but this time I find it a valuable resource not only for software, but also for the history of computing. And the best part; it is written with the mindset of a programmer who has not turned to the dark side :)

I wish you can always make good money from your programming skills.

Can we stop this sub-thread?

Posted Feb 1, 2012 1:38 UTC (Wed) by BrucePerens (guest, #2510) [Link]

If you are OK with corporations doing whatever they want with your code and never returning anything, you will prefer BSD over GPL.

If you think Tivo-ization is OK, you will prefer GPL2 to GPL3.

If you think running Free Software inside of Google and never providing the source code (because it's never distributed) is OK, you will prefer the GPL class of licenses over the Affero GPL class.

Making free software, for me, was about empowering people, not giving welfare to the world's richest corporations. So, these days I put Affero GPL3 on my software, and I offer a commercial license for $$$ to folks who don't like that.

Some would have you believe that I am crazy or evil or trying to compel people to do something against their will, or some religious zealot.

But I see this as economics rather than politics or religion. I have chosen the economic structure that helps people who want to share most effectively, and lets people who don't want to share pay for the privilege and help to develop more software that is shared.

Can we stop this sub-thread?

Posted Feb 1, 2012 1:42 UTC (Wed) by Trelane (subscriber, #56877) [Link]

Thank you for your input.

I'd also be quite interested in finding out what this alleged veto mentioned below thing was all about. :) Preferably with links to the supporting evidence.

Can we stop this sub-thread?

Posted Feb 1, 2012 2:01 UTC (Wed) by BrucePerens (guest, #2510) [Link]

The interesting thing is that after writing that stuff, Best Buy settled with SFC. They accepted those terms they're complaining about.

The whole "veto" thing (that's Best Buy's language, not SFC's) is that if you settle with SFC, they want you to provide them with copies of new products that contain Free Software before you release them, for a period of three years after you settle. You pay them about $5000 per product to audit the product (which is really cheap). If they say it's infringing, you have to fix the infringement before you release the product. If you and SFC can't agree, you can fall back on the court. In practice, the court hasn't been needed, but I have had to help out a customer when SFC was too slow to respond.

Can we stop this sub-thread?

Posted Feb 1, 2012 2:07 UTC (Wed) by Trelane (subscriber, #56877) [Link]

Interesting; thanks for the info. Where's the settlement? If it's settled, I'd assume it's sealed, so why is the PDF of the defendant's side available?

Regarding the "veto" thing (yes, their wording): What is common for proprietary settlements, generally speaking? (Definitely open question to all)

Sealed

Posted Feb 1, 2012 2:22 UTC (Wed) by BrucePerens (guest, #2510) [Link]

If it's settled, I'd assume it's sealed, so why is the PDF of the defendant's side available?

The parties and the court had not agreed to close the case to public view at that time. They agreed to seal as part of the settlement.

What is common for proprietary settlements, generally speaking?

Very large damage payments.

Sealed

Posted Feb 1, 2012 2:31 UTC (Wed) by Trelane (subscriber, #56877) [Link]

> Very large damage payments.

IMHO, this is likely an easier thing for a company than ongoing compliance verification and potential litigation.

Sealed

Posted Feb 1, 2012 3:13 UTC (Wed) by BrucePerens (guest, #2510) [Link]

IMHO, this is likely an easier thing for a company than ongoing compliance verification and potential litigation.

I am not getting that impression from the companies I work with. They express worse sentiments about their industry partners (one company calls them "frenemies") than they do about us. And you've never seen a truly messed-up work situation for engineers until you've worked in a company that is highly intellectual-property oriented. When they bring me in, I feel more like their therapist than their consultant.

Sealed

Posted Feb 1, 2012 22:11 UTC (Wed) by jiu (guest, #57673) [Link]

And why does SFC not insist on publishing the terms of these settlements? It would make things more straightforward.

Sealed

Posted Feb 2, 2012 1:31 UTC (Thu) by Trelane (subscriber, #56877) [Link]

Because it's sealed. They're not allowed to. I would guess that it's Best Buy's request, but only the SFC knows for certain, and they probably can't say.

Sealed

Posted Feb 2, 2012 5:16 UTC (Thu) by BrucePerens (guest, #2510) [Link]

Bradley wrote today about what the terms are, in this blog posting. It is unfortunate that most defendants are more willing to settle if the terms are sealed. But you can look at the IRS filings which Bradley linked to from his blog posting, and find out what money there was, and where it went.

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 21:24 UTC (Tue) by RiotingPacifist (guest, #68160) [Link]

When did Lines of Code become a good measure of weather or not something is a derived product?

It's a shame Bruce has better things to do because I would love to see your "forensics" stand up in court.

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 19:23 UTC (Tue) by landley (subscriber, #6789) [Link]

From personal knowledge? At least three.

Rob

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 6:06 UTC (Wed) by shmget (subscriber, #58347) [Link]

"This is conjecture on your part, and I can say with 100% certainty that it is untrue. I am the Sony engineer you referenced in your article, and this is not my intent."

and yet you said in that wiki page:
"As part of their request to remedy a busybox GPL violation, the SFC does ask for source code unrelated to busybox. Personally, I believe this is improper. However, the main reason for this project is to avoid having the SFC gain review authority over unrelated products produced by a company."

The 'Linux kernel' is part of the 'unrelated products', hence by your own admission the 'main reason for this project is avoid having the SFC gain review authority over' the Linux kernel.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 6:52 UTC (Wed) by tbird20d (subscriber, #1901) [Link]

No. You misunderstand what "unrelated products" means. It means all the TV sets and digital cameras, which we properly release GPL source for. What I don't want is for some trivial mistake by GPL amateurs at some ODM supplier to some obscure product group to result in SFC having review and veto authority over our major Linux-based product lines. This is simply unacceptable.

What I'm saying is that the legal risk far outweighs the value of busybox.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 7:37 UTC (Wed) by nim-nim (subscriber, #34454) [Link]

So you write that companies like Sony think auditing their products before release to check they're in compliance with free software licences (and risk being forced to do it systematically) is intolerable?

And at the same time, the very same companies engage in mobile patent wars (sometimes ridiculous design patents) and seize or block each other's products in warehouses to force their opposition in settling. And they find this perfectly reasonable and normal cost of doing business.

Colour me unimpressed.

The only reason they find SFC and GPLvx intolerable is that they're used by little guys that dare asserting legal rights against big corps. And that they can not buy them out. Why should we help them have their ego trip?

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 17:55 UTC (Wed) by tbird20d (subscriber, #1901) [Link]

So you write that companies like Sony think auditing their products before release to check they're in compliance with free software licences (and risk being forced to do it systematically) is intolerable?

No. I never wrote that. We do audit our products before release to check that they're in compliance, and I would argue we do it as well as anyone in the industry. But Sony is a large place with a lot of different independent product groups. I can attest that, for every product my team works on (which includes set-top boxes, TV sets and cameras, among other things), we are fully compliant and we have no supplier issues or source code release issues.

What I can't be sure of is whether this is true for every Sony product. People keep asserting that it's trivial to perform compliance. It is, for a single group. Sony has standards in place that product teams are supposed to follow for GPL compliance. Unfortunately, I can't be sure that every team is following them, or won't make a mistake. In particular, I can 't be sure of this for sub-contractors. Sub-contractors may claim they have given you corresponding source, but have not. It happens.

What is intolerable is having a 3rd party hold your entire product line hostage, based on some issue with an unrelated product.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 18:34 UTC (Wed) by raven667 (subscriber, #5198) [Link]

> What is intolerable is having a 3rd party hold your entire product line hostage, based on some issue with an unrelated product.

That seems like an irrational fear, I can't imagine the copyright owner getting an injunction against or even pursuing code that you can trivially show the provenance and licensing for. The issue is that, for an organization that is ignorantly shipping code in violation of copyright, the problem is likely not just one software on one product but probably all software on all products and instituting comprehensive license compliance is the simple and efficient option.

Would it be any different if the problem was, for example, the copying of images off of websites for product art rather than properly licensing images from iStockphoto. Just because you can download something off the Internet doesn't mean you can ignore copyright, which is a common misconception for many businesses.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 19:31 UTC (Wed) by tbird20d (subscriber, #1901) [Link]

    That seems like an irrational fear, I can't imagine the copyright owner getting an injunction against or even pursuing code that you can trivially show the provenance and licensing for.

Well, since the SFC requests audit rights for all of a company's products that include GPL, I don't think the fear is irrational.

    The issue is that, for an organization that is ignorantly shipping code in violation of copyright, the problem is likely not just one software on one product but probably all software on all products and instituting comprehensive license compliance is the simple and efficient option.

I keep hearing this suggestion. Sony HAS a comprehensive license compliance policy, and a compliance committee (which includes me!), and to my knowledge all of our products are compliant. See my mayor metaphor on the other thread for why this is not enough to address the risk.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 20:01 UTC (Wed) by raven667 (subscriber, #5198) [Link]

Which is why your position is even harder to understand because your company is already doing everything that would be requested of it by the SFC as part of a voluntary settlement. If there was a new accidental copyright violation, which in a big company it is always posible for something to fall through the cracks, then fixing that one issue and moving on would seem trivial considering all the infrastructure for doing so is already in place. What do you think is actually going to happen if some random product your company makes were to be found in violation of copyright?

If you think that the SFC would start arbitrarily trying to shut down products, and that a court would enforce those actions, well I think that's nonsense. Based on the written statements by the SFC I don't see them as a bunch of moustache twirlers who are itching to screw companies over using their compliance agreements as a lever, and I don't see any reasonable court enforcing injunctions against unrelated copyright (see RightHaven for how well this would go down in court)

In fact, judging by the SFCs written statements, their whole goal is to work themselves out of existence by getting compliance programs instituted at manufacturers and pushed up the supply chain so that these kind of casual violations don't happen because everyone knows the rules. The problem is that many people think that just because you can download something off the Internet that copyright doesn't exist, convincing your supply chain that this is not the case can fix the problem.

And about your Mayor Metaphor, you can plainly see from the SFCs tax documents that they are not asking for million dollar fines. If we presume this is just a convenient round number for the sake of argument then I guess I don't understand what the complaint is, that spending a thousand dollars on compliance efforts as in your example is somehow a bad thing relative to ignorance until you are caught.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 20:30 UTC (Wed) by tbird20d (subscriber, #1901) [Link]

    What do you think is actually going to happen if some random product your company makes were to be found in violation of copyright?

In the case of a busybox violation, I don't know. The information I have seems to indicate that the SFC will want to audit all of my products, going on a fishing expedition for GPL violations. I'm willing to expend resources to avoid finding out if that's the case.

    And about your Mayor Metaphor, you can plainly see from the SFCs tax documents that they are not asking for million dollar fines.

That's not what they ask for, but if you total up all the tangible and intangible costs (product delays), that's what a big company hears. That's a simple ballpark placeholder for engaging in any litigation at this level.

    that spending a thousand dollars on compliance efforts as in your example

I should have clarified that the $1000 dollars is not spent on compliance - that's already being covered by our compliance policies. That money in the metaphor refers to the amount we'd spend on re-implementing busybox with a BSD license. It's not insurance in the traditional sense. It's more like a payment to someone else, to make the person requesting a million dollars go away permanently. And no, I don't think we can reimplement busybox for $1000. But 10 companies could implement something usable for $10,000 a-piece.

I think this really comes down to the fact that you trust the SFC to behave reasonably, and I don't.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 20:50 UTC (Wed) by raven667 (subscriber, #5198) [Link]

> I think this really comes down to the fact that you trust the SFC to behave reasonably, and I don't.

Yes, I think that is part of our disagreement, also I have the (maybe unfounded) belief that they really don't have the ability to enforce unreasonable actions. If they tried to veto software in bad faith for example then I would ignore their request and punt it to the courts to sort out. It seems likely that the SFC would lose badly if they tried anything in bad faith such as ignoring evidence of license compliance. I don't really have any reason to believe they would try something in bad faith though as it would be all cost and no upside for them.

I guess I don't think there is a need to "trust" the SFC to not turn into a copyright troll and the courts have been showing very little patience with copyright trolls recently.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 3, 2012 12:13 UTC (Fri) by dwmw2 (subscriber, #2063) [Link]

"What do you think is actually going to happen if some random product your company makes were to be found in violation of copyright?"

"In the case of a busybox violation, I don't know. The information I have seems to indicate that the SFC will want to audit all of my products, going on a fishing expedition for GPL violations. I'm willing to expend resources to avoid finding out if that's the case."

I'd be very interested in how you came about this "information", and just what lengths you've been going to already to avoid finding out whether it's accurate.

Have you avoided attending any of Bradley Kuhn's presentations in the last year, and reading his description of the things that SFC actually does request?

"I think this really comes down to the fact that you trust the SFC to behave reasonably, and I don't.
I do. But I also have the option to withdraw their authority to act on my behalf, if they violate that trust. If all the unfounded hyperbole about the SFC's behaviour did turn out true, I would do so.

As it is, though, this hand-wringing just seems like a crude manipulating tactic to discourage copyright holders in other projects from joining with SFC, so that the cynical approach of silencing busybox developers actually does achieve the overall goal of letting GPL violations go completely unpunished.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 3, 2012 19:05 UTC (Fri) by raven667 (subscriber, #5198) [Link]

> I also have the option to withdraw their authority to act on my behalf, if they violate that trust.

I think something that could make understanding this difference of opinion clearer is that they _did_ withdraw support form SFC for enforcing their copyrights on Busybox but SFC has other authors who continue to consent to SFC enforcement and so were unable to stop the enforcements after they lost trust.

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 18:54 UTC (Tue) by dskoll (subscriber, #1630) [Link]

People want a Busybox replacement in order to make it easier to infringe the kernel's license.

That's your supposition, not a fact. Even if it is the case that people are replacing Busybox to avoid copyright holders who vigorously go after GPL violations, the solution isn't to decry the replacement of Busybox. The solution is to lobby other copyright holders to defend their copyrights more vigorously or to assign them to the Software Freedom Conservancy.

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 18:55 UTC (Tue) by mjg59 (subscriber, #23239) [Link]

I'm not decrying the replacement of Busybox. I'm decrying the cynical attitude of the corporations backing it.

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 19:38 UTC (Tue) by landley (subscriber, #6789) [Link]

Why do you insist that I'm not behind my own project? Did it escape you that not only am I mentioned by NAME on the wiki page you linked to, but the other wiki page it links to http://www.elinux.org/Busybox_replacement is a page I put all the actual _content_ on?

The last time Sony gave me any money was travel expenses for speaking at CELF two years ago. I've never received a dime from ANYBODY for doing toybox.

Sony was considering sponsoring the work because they'd like to use the result and for-profit corporations only understand things they're either paying for or being paid for, but whether that would be paying _me_ for my weekends or paying another developer to contribute code to me... who knows? Unlikely to happen now, since you've made it a political hot potato. (Once again, an FSF zealot reduces the amount of code written for Linux with a license tantrum. Driving developers away since 1983!)

But I've been doing Toybox since 2006 for free, and I've been doing it as BSD-licensed project since November for free, and I intend to keep doing it. For reasons that I've blogged about rather a lot, on and off for YEARS:

http://landley.net/notes-2008.html#12-12-2008
http://landley.net/notes-2009.html#15-12-2009
http://landley.net/notes-2011.html#16-12-2011

And I was doing it because my infrastructure is BETTER:

http://lists.busybox.net/pipermail/busybox/2010-March/071...

And I mothballed and unmothballed it for years because it was fun to work on but I didn't think it could displace an existing project with a 10 year headstart no matter how much better it was:

http://landley.net/notes-2010.html#05-01-2010

Tim pointed out there was a demand for a BSD-licensed version. My decision to relicense toybox was back in November:

http://landley.net/notes-2011.html#13-11-2011

Since then I've written a number of commands, entirely hobbyist development:

http://lists.landley.net/pipermail/toybox-landley.net/201...

Sigh. I have to go do day job things now, but I'll try to write up a comprehensive blog entry on on this tonight. In the meantime, I've commented rather a lot on the original blog, pointing out that Garrett's welcome to do his own darn license enforcement if he wants to, and if he hasn't written any code anybody actually _uses_ that's NOT MY PROBLEM.

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 23:01 UTC (Tue) by HenrikH (subscriber, #31152) [Link]

>If you engage in a legitimate act in order to make it easier to engage in an illegitimate act, that's usually socially frowned upon.

Not only that, but that is exactly the courts reason for sentencing the founders of The Pirate Bay to jail, a case in where Sony took part on the accuser side.

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 23:12 UTC (Tue) by armijn (subscriber, #3653) [Link]

You know, there are actually many separate companies named Sony. They all share the same logo and parent company, but they are legally separate. Blaming a person working for one Sony for actions of another Sony, that's just completely off-topic :-)

Garrett: The ongoing fight against GPL enforcement

Posted Jan 31, 2012 23:34 UTC (Tue) by khim (subscriber, #9252) [Link]

You know, there are actually many separate companies named Sony. They all share the same logo and parent company, but they are legally separate. Blaming a person working for one Sony for actions of another Sony, that's just completely off-topic :-)

No, I don't buy this idea. Companies like to pretend they are humans. Well, Ok, but if so then they should be judged by human morals. If they use the same logo and name then that means that they want an association between them. Every large company is slightly schizophrenic (which is easy to understand: there are multiple personalities involved), but if it's to the point where you want to claim that deals of entity A should not affect deals of entity B then it's time to give them different names, logos, etc. Even if they have one parent company. Like FIC, HTC and VIA, for example.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds