A referendum on GPL enforcement
When software is distributed in ways that violate the GPL, the first order of business is always to open a discussion with the person or company doing the distribution in the hope of effecting a change. Should that discussion fail, though, the only alternative may well be the court system. One has to look long and hard to find examples of the GPL being enforced through legal action, though. The Germany-based gpl-violations.org project has posted some notable successes over the years, but the project has been dormant for some time (it's worth noting, though, that the news page says that enforcement activity should restart in 2016). One hears murmurings about a specific kernel developer launching quiet suits as a revenue-generation activity, but there is no public record of — and little public support for — that work. About the only other group doing GPL enforcement is the Software Freedom Conservancy (SFC), which is based in the US.
The SFC is, of course, supporting the ongoing suit against VMware. Beyond that, the group does a fair amount of quiet enforcement activity that does not end up in court. The SFC has found itself in a tight financial position, though, as the result of a loss of corporate funding. In response, it has launched a fundraising campaign aimed at building a new financial base consisting of individual supporters. Some 750 supporters ($90,000/year) are needed to keep "basic community services" running, and 2,500 ($300,000/year) to support the GPL enforcement operation (beyond the VMware suit, which has separate funding). These are daunting amounts of money to raise, but, as anybody who has run an organization of any size knows, the SFC is not asking for a lot.
Your editor has heard people claim that the SFC's problems are self-made. The aggressive BusyBox enforcement actions of a few years back are seen by many as having scared many companies away while having brought about the release of little, if any, interesting source. The use of BusyBox as a lever to force compliance for other projects (such as the kernel) that were not a party to the action was also disturbing to some. SFC president Bradley Kuhn is not as diplomatic an interface to the organization as some might like; even others working in the GPL enforcement area have had significant disagreements with him.
Whatever the reasons may be, the simple fact is that the SFC is in a bit of a lonely position. To an extent, that loneliness may be an inherent part of a GPL enforcer's role. Without a willingness to litigate, GPL enforcement lacks teeth, but a willingness to litigate may necessarily bring with it a reputation for litigiousness.
None of that changes the fact that, for now, only the SFC seems willing to take on this lonely role. Companies have made it clear that that they do not wish to take an active role in GPL enforcement; even the companies that are the most enthusiastic code contributors and the most meticulous about observing the GPL in their own activities seem unwilling to work to ensure that others do the same. Perhaps the only significant case of a company asserting the GPL was when IBM raised GPL-violation charges against the SCO Group more than ten years ago; even then, IBM had to come under significant attack itself before employing the GPL in its own defense.
For those who care about the GPL, enforcement is important. It seems safe to say that, if the GPL is not enforced, its provisions will eventually come to have no meaning. Companies that expend the (often considerable) resources to stay in compliance will be at a disadvantage relative to those that don't bother; eventually the list of companies that don't bother will surely grow. A world in which the GPL is not enforced is a world where the GPL loses its force and becomes much like the BSD license in actual effect. If ignoring the provisions of the GPL becomes the norm, we may find ourselves without an effective copyleft license for software.
Some might welcome that development; to them, the GPL is an overly complex holdover from the past that is not necessary in today's world. But it can be argued that the GPL deserves a lot of credit for the success of Linux relative to other free operating systems. Its source-release requirements helped to prevent forks and made it safe for companies to contribute in the knowledge that their competitors could not take undue advantage of their work. A world without the GPL could be a world with more fragmentation — and more proprietary software.
It seems clear that the GPL must be respected if it is to remain a viable license. That said, there may be room for people to differ on how that respect should be ensured. Those who think that the SFC is not going about things in the right way would do well to propose alternatives. There must certainly be some good ideas circulating for other ways to increase GPL compliance.
For those who do appreciate the role the SFC plays in the GPL-enforcement area, this would probably be a good time to think about how that work is funded. It seems safe to say that corporations cannot be counted on to ensure that GPL enforcement happens. The SFC has chosen not to pursue GPL-enforcement lawsuits as a revenue-generation technique, saying, probably rightly, that it would compromise the real goal: bringing companies into compliance. So it is up to the individuals who care enough about this activity to support it going forward.
As Bradley put it in this
posting, the current fundraising campaign is a sort of referendum on
whether the community likes the work the SFC is doing and wants it to
continue. It is possible that the answer is "no," but, regardless of the
outcome, this
seems like a question that deserves serious consideration; the consequences
of the answer, either way, could be felt for years into the future.