|
|
Log in / Subscribe / Register

Garrett: The ongoing fight against GPL enforcement

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 19:31 UTC (Wed) by tbird20d (subscriber, #1901)
In reply to: Garrett: The ongoing fight against GPL enforcement by raven667
Parent article: Garrett: The ongoing fight against GPL enforcement

    That seems like an irrational fear, I can't imagine the copyright owner getting an injunction against or even pursuing code that you can trivially show the provenance and licensing for.

Well, since the SFC requests audit rights for all of a company's products that include GPL, I don't think the fear is irrational.

    The issue is that, for an organization that is ignorantly shipping code in violation of copyright, the problem is likely not just one software on one product but probably all software on all products and instituting comprehensive license compliance is the simple and efficient option.

I keep hearing this suggestion. Sony HAS a comprehensive license compliance policy, and a compliance committee (which includes me!), and to my knowledge all of our products are compliant. See my mayor metaphor on the other thread for why this is not enough to address the risk.

to post comments

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 20:01 UTC (Wed) by raven667 (subscriber, #5198) [Link] (4 responses)

Which is why your position is even harder to understand because your company is already doing everything that would be requested of it by the SFC as part of a voluntary settlement. If there was a new accidental copyright violation, which in a big company it is always posible for something to fall through the cracks, then fixing that one issue and moving on would seem trivial considering all the infrastructure for doing so is already in place. What do you think is actually going to happen if some random product your company makes were to be found in violation of copyright?

If you think that the SFC would start arbitrarily trying to shut down products, and that a court would enforce those actions, well I think that's nonsense. Based on the written statements by the SFC I don't see them as a bunch of moustache twirlers who are itching to screw companies over using their compliance agreements as a lever, and I don't see any reasonable court enforcing injunctions against unrelated copyright (see RightHaven for how well this would go down in court)

In fact, judging by the SFCs written statements, their whole goal is to work themselves out of existence by getting compliance programs instituted at manufacturers and pushed up the supply chain so that these kind of casual violations don't happen because everyone knows the rules. The problem is that many people think that just because you can download something off the Internet that copyright doesn't exist, convincing your supply chain that this is not the case can fix the problem.

And about your Mayor Metaphor, you can plainly see from the SFCs tax documents that they are not asking for million dollar fines. If we presume this is just a convenient round number for the sake of argument then I guess I don't understand what the complaint is, that spending a thousand dollars on compliance efforts as in your example is somehow a bad thing relative to ignorance until you are caught.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 20:30 UTC (Wed) by tbird20d (subscriber, #1901) [Link] (3 responses)

    What do you think is actually going to happen if some random product your company makes were to be found in violation of copyright?

In the case of a busybox violation, I don't know. The information I have seems to indicate that the SFC will want to audit all of my products, going on a fishing expedition for GPL violations. I'm willing to expend resources to avoid finding out if that's the case.

    And about your Mayor Metaphor, you can plainly see from the SFCs tax documents that they are not asking for million dollar fines.

That's not what they ask for, but if you total up all the tangible and intangible costs (product delays), that's what a big company hears. That's a simple ballpark placeholder for engaging in any litigation at this level.

    that spending a thousand dollars on compliance efforts as in your example

I should have clarified that the $1000 dollars is not spent on compliance - that's already being covered by our compliance policies. That money in the metaphor refers to the amount we'd spend on re-implementing busybox with a BSD license. It's not insurance in the traditional sense. It's more like a payment to someone else, to make the person requesting a million dollars go away permanently. And no, I don't think we can reimplement busybox for $1000. But 10 companies could implement something usable for $10,000 a-piece.

I think this really comes down to the fact that you trust the SFC to behave reasonably, and I don't.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 1, 2012 20:50 UTC (Wed) by raven667 (subscriber, #5198) [Link]

> I think this really comes down to the fact that you trust the SFC to behave reasonably, and I don't.

Yes, I think that is part of our disagreement, also I have the (maybe unfounded) belief that they really don't have the ability to enforce unreasonable actions. If they tried to veto software in bad faith for example then I would ignore their request and punt it to the courts to sort out. It seems likely that the SFC would lose badly if they tried anything in bad faith such as ignoring evidence of license compliance. I don't really have any reason to believe they would try something in bad faith though as it would be all cost and no upside for them.

I guess I don't think there is a need to "trust" the SFC to not turn into a copyright troll and the courts have been showing very little patience with copyright trolls recently.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 3, 2012 12:13 UTC (Fri) by dwmw2 (subscriber, #2063) [Link] (1 responses)

"What do you think is actually going to happen if some random product your company makes were to be found in violation of copyright?"

"In the case of a busybox violation, I don't know. The information I have seems to indicate that the SFC will want to audit all of my products, going on a fishing expedition for GPL violations. I'm willing to expend resources to avoid finding out if that's the case."

I'd be very interested in how you came about this "information", and just what lengths you've been going to already to avoid finding out whether it's accurate.

Have you avoided attending any of Bradley Kuhn's presentations in the last year, and reading his description of the things that SFC actually does request?

"I think this really comes down to the fact that you trust the SFC to behave reasonably, and I don't.
I do. But I also have the option to withdraw their authority to act on my behalf, if they violate that trust. If all the unfounded hyperbole about the SFC's behaviour did turn out true, I would do so.

As it is, though, this hand-wringing just seems like a crude manipulating tactic to discourage copyright holders in other projects from joining with SFC, so that the cynical approach of silencing busybox developers actually does achieve the overall goal of letting GPL violations go completely unpunished.

Garrett: The ongoing fight against GPL enforcement

Posted Feb 3, 2012 19:05 UTC (Fri) by raven667 (subscriber, #5198) [Link]

> I also have the option to withdraw their authority to act on my behalf, if they violate that trust.

I think something that could make understanding this difference of opinion clearer is that they _did_ withdraw support form SFC for enforcing their copyrights on Busybox but SFC has other authors who continue to consent to SFC enforcement and so were unable to stop the enforcements after they lost trust.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds