The rise of copyright trolls
At the 2017 Free Software Legal and Licensing Workshop (LLW), which was held April 26-28 in Barcelona, Spain, more information about the GPL enforcement efforts by Patrick McHardy emerged. The workshop is organized by the Free Software Foundation Europe (FSFE) and its legal network. A panel discussion on the final day of the workshop discussed McHardy's methodology and outlined why those efforts are actually far from the worst-case scenario of a copyright troll. While the Q&A portion of the discussion was under Chatham House Rule (which was the default for the workshop), the discussion between the three participants was not—it provided much more detail about McHardy's efforts, and copyright trolling in general, than has been previously available publicly.
![[Armijn Hemel, Mark Radcliffe, & Shane Coughlan]](https://static.lwn.net/images/2017/llw-panel-sm.jpg "Armijn Hemel, Mark Radcliffe, & Shane Coughlan")
The panel was moderated by OpenChain program manager Shane Coughlan and consisted of Armijn Hemel, of Tjaldur Software Governance Solutions, and Mark Radcliffe, chair of global open source practice at DLA Piper, who has advised a number of clients in disputes with McHardy. Coughlan and Hemel have both been active in the GPL compliance world for many years; they have written about some of that here at LWN as well as in a new freely available book on GPL compliance. Radcliffe has been working in the area of open-source licensing for quite some time as well and advises both the Open Source Initiative (OSI) and Apache Software Foundation (ASF) on licensing matters.
Coughlan started things off by noting that the idea of copyright trolls is something that the open-source legal world has been "dancing around for a long time". He and Hemel talked about trolling ten years ago as a malicious action that could arise out of copyright and open source but, for many years, nothing happened on that front—until a few years ago. McHardy began his efforts to enforce the GPL on his copyrights in the Linux kernel and, in particular, the netfilter subsystem.
When that happened, Coughlan said, the community did not address the problem head-on until the netfilter team publicly called out McHardy on his activities. He then asked Hemel to fill everyone in on how these enforcement efforts work and on whether McHardy is still actively pursuing them.
The method
It is interesting to see that McHardy is only active in Germany, Hemel said; he is exploiting some specific features of German law. McHardy first approaches a company to tell it that its product is not in compliance; he makes a modest demand (say €6,000-7,000) for his engineering time. He also asks the company to acknowledge and sign his cease-and-desist order; under German law that turns it into a contract. Once that has been done, sometime later McHardy will come back with other products that are also not in compliance and require that the company pay a penalty for each, which can total to €500,000 or more.
Radcliffe agreed that there are favorable aspects to German law that McHardy is using. He gets companies to sign a kind of cease-and-desist letter that forms a contract agreement, then "leverages the contract" to extract more money. Companies should not sign the contract, he said, but its modest demands make it quite attractive to companies' lawyers. Since the netfilter team has brought attention to McHardy and his activities, though, companies are less likely to sign.
McHardy's cease-and-desist letter warns of injunctions if the company does not comply. That kind of action is meant to be used in situations where there is a need for immediate relief; for example, if a book that was not authorized by its copyright holders was being offered at a book fair, Radcliffe said. The threat of that is enough to get some companies to sign; part of the terms are that the companies agree to abide by the GPL, which is what McHardy uses to get damages in phase two.
McHardy has a range of GPL-infringement complaints that he has made, starting with the normal lack of corresponding source code availability as well as the lack of an offer to provide the source. There are some "more exotic" complaints too, Radcliffe said, including that the GPL text distributed is not translated into German or that the source offer should not come from the parent company; there are others that are even more odd. Once the contract is signed, complaints for other products can yield a €10,000 penalty per violation; one company was hit with complaints on around 100 devices. Companies should not sign and turn it into contract, he said.
Ineffective
But, Radcliffe said, if we had to choose a copyright troll, we would choose McHardy. Coughlan agreed; McHardy is irritating, but his tactics are not as bad as they could get. For one thing, Radcliffe said, McHardy's settlements tend to be cheap. In addition, when he actually ends up going to court, it has come back to haunt him. He also does not use lawyers much, relying instead on filing his own affidavits and the like. When a judge wanted to talk with his lawyer about one of the affidavits, the case was withdrawn because the lawyer had not been much involved in creating it.
McHardy has contacted more than 50 companies, Hemel said; the most recent cases hit his desk in April. After the netfilter announcement, McHardy went quiet for a bit, then picked up again in September 2016, before another quiet period; he is now active again. He has changed his strategy, however. Instead of going back to companies he has contacted before, he is contacting new companies that have not heard about him and his activities.
Radcliffe estimated that McHardy has gained €2m in the last 18 months. That is a lot "for someone not doing a good job", he said. He is concerned that someone will emulate McHardy or that some kind of firm will start financing these kinds of lawsuits.
In a brief comedic interlude, Hemel referred to Till Jaeger, who was the lawyer for multiple GPL enforcement suits brought by Harald Welte in Germany (and is currently involved in the VMware lawsuit). The real worry, Hemel said, is "a troll with a Till"; that would be a "trill" and be "very dangerous", he said with a grin.
McHardy has proven that copyright trolling is real, Coughlan said. That activity probably needed to be addressed faster and sooner by the community; other players will likely follow. Since we know the problem is real, the second step is to address it. Can we prevent this kind of thing in the future? Are there tools to help identify what has been contributed?
Hemel pointed to the newly released cregit tool as an easier way to extract information about "who inserted code into the kernel". (LWN covered a talk on the tool back in August 2016, before its release.) Using that and other tools to look at what McHardy has contributed to the kernel shows that there is a lot less code than most people think, Hemel said.
Governance
The community needs to look at project governance in light of all of this, Radcliffe said. Lots of open-source projects have fairly informal governance, which has served us well, he said. But there is now enough money involved that there is a need to rethink things.
There are some 13,500 contributors to the kernel, which makes for a lot of people who could turn into copyright trolls. Beyond that, some of those people will die and pass their rights onto their heirs who may have little interest in the ideals under which the original contributor operated. Some kind of litigation organization could also try to gather up the rights of contributors to use them in some kind of trolling activity, for example.
There is a need to think about what we as a community mean when we talk about compliance. 13,500 people all able to say what compliance means is not a workable scenario, Radcliffe said. For example, should the source and/or offer be allowed to come from a parent company? If not, every mom and pop reseller of Android phones would need to spin up a server to provide the source. There needs to be some agreement on the type of actions that require enforcement, he continued. Each project needs to think about it, because perfect compliance is impossible. New communities should be thinking about this up front with an eye to being as big as Linux some day. If they don't, they will get outliers disrupting the community.
If enough people start doing this copyright trolling, it could mean that companies start shifting away from Linux, Radcliffe said. Coughlan noted that some have said that Linux is too big to fail, but he does not think anything is. He has started to see some products that run FreeBSD, for example. Every community has social contracts, Coughlan said, without them, things become "nasty and brutish"—"and short", Radcliffe added. Coughlan wondered if there are other things that can be done to fight this kind of activity. If people are acting outside of the social contract, perhaps their code could be rewritten and replaced.
For McHardy's code, that may be a viable option, Hemel said. Obviously, it won't help for products that have already shipped, but ripping out McHardy's code would help for the future. Companies could hire a few developers to rewrite it. If you look at the money he has made and the cost in lawyers to handle the disputes, it comes to a loss of multiple millions of euros, he said.
Radcliffe agreed, saying that ripping out the code would provide a warning to the next person that considered doing this kind of thing. We don't know exactly what contributions McHardy is claiming, but Hemel found that McHardy has made a lot of non-copyrightable contributions, Radcliffe said. There is a need to find out what his claims are, but there are plenty of targets for the basic claims (no source and no offer); in any case, over time, McHardy has moved away from the more exotic claims. Some entities that use chips from manufacturers that do not comply with the licenses, though, are stuck. They cannot comply with the license themselves. It is important to stop all of this activity with McHardy, Radcliffe said, if he continues to benefit, it will attract others.
The book that he and Hemel just released starts with words from Douglas Adams, Coughlan said: "Don't panic". The most irritating thing is the amount of panic he has seen across the industry because of McHardy's actions. €2m is "nothing", he said, simply an irritant to an industry as large as ours. But it does provide a good wakeup call. What needs to happen, he said, is to guard against those who might see copyright trolling as something that "could be bigger than patents"; the community should "ensure that they land on spikes". He gave a shout-out to the netfilter team for raising awareness of what is going on.
To combat the problem there are "all sorts of options" that can be done with copyrights, he said. For example, copyrights could be sold to some entity that guarantees not to sell them to non-practicing entities (i.e. trolls). For hostile actors who violate the social contract, their code can be ripped out and replaced. There are, Coughlan said, plenty of ways to address this problem and now is the time to do so.
The Q&A session after that (under Chatham House Rule) was lively, with some strong opinions expressed. There was talk of codifying a social contract for our communities; putting together the various factions within the open-source community to help determine what that contract might look like is planned.
[I would like to thank Intel, the Linux Foundation, and Red Hat for their
travel assistance to Barcelona for LLW.]
| Index entries for this article | |
|---|---|
| Conference | Free Software Legal & Licensing Workshop/2017 |
Posted May 2, 2017 20:08 UTC (Tue)
by smurf (subscriber, #17840)
[Link] (28 responses)
McHardy's method works because we as a community are not enforcing the GPL. Fix that problem. Bingo, no more trolls.
The solution to the "manufacturers don't have the source either" problem is to put them on notice, let them pay some token amount to the FSF or whatever, and let the fact that they're going to be hit with the full power of injunctions and whatnot if they distribute any *new* source-less devices be part of the agreement.
Posted May 2, 2017 21:39 UTC (Tue)
by tytso (subscriber, #9993)
[Link] (27 responses)
The danger here is similar to union actions where the "strikers" engage in a "Work to Rule" and try to follow every single rule, and destroys all productivity while they do it. Clearly, if the rules were sane, this wouldn't be an issue. Or a policeman who decides to only pull over people of color for speeding, when nearly everyone is driving faster than the speed limit. (Clearly you should be following the laws at all time. You criminal.) Or when all a policeman needs to do to be justified in shooting someone in the US is to claim that he felt personally threatened. It's technically legal, but it may not be morally right.
Very often, society works by allowing proprietorial (or law enforcement agent) discretion. And if they abuse that discretion, there will be an outcry to adjust the rules. The problem with Copyright Trolls is that if they abuse that discretion, then just as people are arguing that discretion should be taken away from police offers (and the standard by which they can legally use deadly force will be tightly constrained, perhaps to the point that police lives will be placed at risk), companies will argue that similar discretion should be taken away from the potential copyright trolls, again to the detriment to the community at large (while Patrick McHardy pockets millions of euros). In the case of the GPL, the name which those companies may call upon may go by the initials 'B', 'S', and 'D'. And I would be the first to argue that this is a bad thing.
Posted May 2, 2017 21:59 UTC (Tue)
by Cyberax (✭ supporter ✭, #52523)
[Link] (26 responses)
There are other steps that a company can do, like running BlackDuck (or other scanners) to check for accidental GPL source code in repositories and having an internal process to deal with the accidents. This will pretty much reduce damages to zero in the worst case.
And finally, we're not talking here about "slightly different kernel versions". We're talking about blatant wholesale GPL violations with not even a hint of source code. And "proprietorial discretion" just enables mafia protection rackets: "Nice business model you've got here, it'd be a shame if you got sued for GPL violation".
Posted May 2, 2017 22:11 UTC (Tue)
by armijn (subscriber, #3653)
[Link] (4 responses)
Posted May 2, 2017 22:14 UTC (Tue)
by Cyberax (✭ supporter ✭, #52523)
[Link] (3 responses)
If you're not in compliance then duh. Your own fault.
Posted May 2, 2017 22:41 UTC (Tue)
by armijn (subscriber, #3653)
[Link] (2 responses)
Although it might seem easy it turns out that it is extremely difficult to fix. I am trying though.
Posted May 3, 2017 9:38 UTC (Wed)
by niner (subscriber, #26151)
[Link] (1 responses)
It's actually much harder to comply with Microsoft's licenses. "Oh, we were not allowed to move that machine into a VM because somewhere in the 50 pages of EULA that's forbidden?" Microsoft is also much harder on its users with mandatory license checks which can turn out to be much work for a company. Yet it does not harm their business in the slightest. So it's hard to imagine a mass exodus off Linux just because companies need to tighten up their supply chains.
Posted May 4, 2017 12:03 UTC (Thu)
by mikemol (guest, #83507)
[Link]
Do you know what the alternative is? Whatever's quick, easy and is *pre-approved by Legal* so a dev team can get their quick-turnaround, low-margin, product out the door in time to be on the shelves this Christmas.
Which is going to mean more-permissive licenses at best, quick-hack one-off in-house software or licensed proprietary libraries and systems at worst.
That's not an improvement. Nobody expects you to feel sorry for them, but you might have some sympathy for the Internet whose quality of network peer will very likely suffer.
Posted May 2, 2017 23:13 UTC (Tue)
by corbet (editor, #1)
[Link] (14 responses)
Posted May 3, 2017 8:39 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link] (2 responses)
Posted May 3, 2017 9:03 UTC (Wed)
by armijn (subscriber, #3653)
[Link]
Posted May 3, 2017 11:53 UTC (Wed)
by rsidd (subscriber, #2582)
[Link]
Posted May 3, 2017 11:21 UTC (Wed)
by aggelos (subscriber, #41752)
[Link] (10 responses)
Posted May 3, 2017 11:46 UTC (Wed)
by armijn (subscriber, #3653)
[Link] (9 responses)
Posted May 3, 2017 11:58 UTC (Wed)
by aggelos (subscriber, #41752)
[Link] (8 responses)
How is acknowledging or mentioning a conflict of interest "low"? Regarding the non-true part, does Tjaldur's page not advertise: among other, compliance-related services? Could you explain how such a company does not have an interest in there being a high perceived threat of (a) non-compliance with the GPL for trivial, non-obvious reasons for which you'd need expert help and (b) significant monetary damages as a result of that?
Posted May 3, 2017 12:01 UTC (Wed)
by aggelos (subscriber, #41752)
[Link] (7 responses)
Actually, there would not even be a conflict of interest. Simply arguing in one's own interest. Again, how is mentioning that 'low'?
Posted May 3, 2017 12:28 UTC (Wed)
by armijn (subscriber, #3653)
[Link] (6 responses)
Posted May 3, 2017 13:20 UTC (Wed)
by aggelos (subscriber, #41752)
[Link] (5 responses)
Your intentions are unknowable and immaterial to my point, nor did I ever discuss them. My comment was to the LWN editors, to suggest that they explicitly mention facts relevant to what they are reporting on. And no, that cannot be brushed aside by "mere coverage". The FUD part is open for everyone to judge.
Posted May 5, 2017 2:41 UTC (Fri)
by Paf (subscriber, #91811)
[Link] (4 responses)
And given the strong advocacy of finding a way to deal with McHardy that would NOT put more money in the pockets of the lawyers, I think it's very clear this is not FUD. It's careful concern, backed up by independent sources. These are far from the only people complaining about the nature of the McHardy suits, for example, and the article is a report from a conference talk... Where no one in attendance (most of whom, I think it's safe to say, are better placed to judge than we readers) felt it necessary to question the premise of good intent, based on what they saw.
So, bravo, good luck, and thank you for trying to deal with this.
Posted May 5, 2017 8:55 UTC (Fri)
by aggelos (subscriber, #41752)
[Link] (3 responses)
Actually, the fact that the existence of FUD around GPL compliance is to the presenters' interest (which was my point here) is not really open to interpretation. Reasonable people could disagree on whether any (or which) statements of the presenters go out of their way to exaggerate the risks involved by speculation on unidentified and unknowable laws and regulations. I think the case is well made for both sides of that particular argument. More and better guidance for GPL compliance is a laudable goal. The goal does not set the means beyond analysis and interpretation though.
Posted May 5, 2017 17:22 UTC (Fri)
by sdalley (subscriber, #18550)
[Link] (2 responses)
You have to be careful with that sort of reasoning growing tinfoil-hatted conspiracy legs and running away with you, pardon the mixed metaphor. After impugning legal people, why not impugn the motives of, say, the medical profession, who obviously have an interest in keeping us sick, because otherwise, you know, they're going to have less work, &c, &c.
It all comes back to whose integrity you trust, and whose you don't.
My strong impression is that Armijn et al are actively trying to clean up the FUD, not make it worse. What then? Would it really be better to have armchair lawyers from the peanut gallery, or principled people who do this stuff for a day job and know what they're talking about?
Posted May 7, 2017 20:49 UTC (Sun)
by nix (subscriber, #2304)
[Link]
Unfortunately, then reality bites: the institution of the police was created because of massive scandals around the privately-funded thief-taker system that preceded it, in which not only were some of them (e.g. Stephen MacDaniel) framing innocents as criminals to get rewards (which has recurred in South America and Nigeria in the last half-decade alone), but some were maximizing crime and indeed endeavouring to monopolize it: the classic example was Jonathan Wild. You don't get this to such a degree with doctors because doctors can't extract life from sick people the way criminals can extract goods and money from the people they rob, extort, etc. Doctors' employers can only extract money, in for-profit systems.
(Similarly, lawyers' interest is often in the maximization of the length of cases, since many charge by the hour, while their client's interest is presumably in winning the case and also in not having to pay the lawyers more than they have to. There are certain notable firms in the UK with this modus operandi which any reader of Private Eye would be able to name in an instant.)
Conflicts of interest are everywhere. They sprout like mushrooms when you stop looking for them.
Posted May 8, 2017 9:05 UTC (Mon)
by paulj (subscriber, #341)
[Link]
You say that as if it is ridiculous, but this is actually true. There is indeed evidence that a medical profession that works in an environment where there is a profit motive will have a bias towards more expensive interventions.
People are prone to bias. Even the best of people. They may not even be aware of it themselves. The way these biases work is that professionals can convince themselves they are doing the right thing as part of it. You need to openly acknowledge interests that might bias things (as is best practice in the medical world, e.g.) to have a hope of countering it. And generally be systematic about counter-balancing self-interest-bias - cause humans _are_ very prone to it.
Posted May 4, 2017 20:43 UTC (Thu)
by tytso (subscriber, #9993)
[Link] (5 responses)
Can you accept that both might exist? And that the GPL doesn't distinguish between what might be considered material and non-material breaches of the GPL. Worse, we can't necessarily trust that the judge will do the right thing. The worst thing is when the troll shows up and sends a threatening legal letter and tries to get the company to sign a contract which says, "in exchange for <troll> not revoking the GPL license, we (a) agree to an NDA (so the community won't know what the troll is up to), and (b) even if we are of compliance by an teeny-weeny amount, we agree to pay $XX,XXX per violation)". And once the company signs the contract, it's now no longer a copyright issue, but a contract issue between the victim company and the troll.
Posted May 5, 2017 9:11 UTC (Fri)
by aggelos (subscriber, #41752)
[Link]
Do you have access to the primary litigation data or secondary information from companies McHardy approached? If so, are you free to share e.g. statistics on the claims made, how often, how did the claims evolve over time (perhaps accounting for the specifics of each case)? This is highly suboptimal as confirmation bias is something we're all vulnerable to, but any information would help further discussion. I know this is would be a lot of work, but thought I'd ask in case someone already has that data :-)
Posted May 6, 2017 19:40 UTC (Sat)
by bkuhn (subscriber, #58642)
[Link]
I agree with tytso that the community should know about bad behavior in the area of enforcement, which is why Conservancy was the first to publicly condemn McHardy's actions. Oddly, the Linux Foundation, Radcliffe, and many individuals in the compliance industrial complex directly refused Conservancy's requests over a period of years to come forward and join us in condemning his actions. The statements in this thread on the panel it discusses are coming almost a year after we finally gave up waiting for all those people to join us in DTRT'ing and did it just with us and the Netfilter team. As for NDAs, in my extensive experience, the usual entity that demands an NDA is a violator, not the individual doing enforcement. One of the reasons that GPL violations are so hard to resolve is that the company won't resolve it unless the party enforcing agrees to an NDA about all terms for settlement. I'd much rather just publish all GPL enforcement settlement agreements, but sadly, too often the only way to convince a company to comply is to agree to sign an NDA about the detailed terms of how they came into compliance. I've been handed many settlement agreements for McHardy's actions from those he's annoyed; it's why I was able to learn enough about what he was doing to condemn him publicly. There are plenty of bad things that McHardy is doing, but NDAs aren't one of them. If you have evidence of McHardy demanding NDAs, please provide it. It seems to me there's plenty of bad acts we can document by McHardy that we need not make things up about what he's doing.
Posted May 7, 2017 16:51 UTC (Sun)
by jra (subscriber, #55261)
[Link] (2 responses)
Posted May 7, 2017 18:35 UTC (Sun)
by bronson (subscriber, #4806)
[Link]
Posted May 16, 2017 16:15 UTC (Tue)
by flussence (guest, #85566)
[Link]
Posted May 2, 2017 20:09 UTC (Tue)
by boog (subscriber, #30882)
[Link] (1 responses)
The analogy with patent trolls only goes so far and is potentially misleading. If you infringe on a patent, you have absolutely no way around it: you have to buy a licence etc. With the GPL you have a real possibility of coming into compliance. If you plan for it, there is no risk and no real cost. If that's not practical now, things have been left to rot for too long.
I think I'm in favour of more legal compliance action. I agree that it would be somewhat unfair to pick off small final customers in the supply chain, but that would still feed back up to the suppliers real quick, and their customers might have some legal recourse against them.
Posted May 3, 2017 20:18 UTC (Wed)
by khim (subscriber, #9252)
[Link]
It's similar in a sense that if you suddenly find out that you are not in compliance you couldn't just magically wave your hands and fix that. GPLv3 fixes that nicely, but Linus explicitly refused to rely on that thus we are stuck WRT Linux
Posted May 2, 2017 20:42 UTC (Tue)
by flussence (guest, #85566)
[Link]
Posted May 2, 2017 20:45 UTC (Tue)
by Cyberax (✭ supporter ✭, #52523)
[Link]
Companies are clearly violating GPL and trolls are well within their rights to assert it. This whole mess is a result of lax enforcement of GPL and by combating the trolls the LF promotes even laxer enforcement.
Posted May 2, 2017 21:00 UTC (Tue)
by armijn (subscriber, #3653)
[Link] (41 responses)
Posted May 2, 2017 21:02 UTC (Tue)
by boog (subscriber, #30882)
[Link] (40 responses)
Posted May 2, 2017 21:19 UTC (Tue)
by armijn (subscriber, #3653)
[Link] (39 responses)
Posted May 2, 2017 21:48 UTC (Tue)
by boog (subscriber, #30882)
[Link] (38 responses)
The rest of the section describes the large attack surface that non-compliant operators expose. It is significant, but I'm tempted to say that that is their problem.
Posted May 2, 2017 22:13 UTC (Tue)
by armijn (subscriber, #3653)
[Link] (37 responses)
Fair enough, you add those license texts electronically you would say and display them. Now, this hypothetical product has no interface, so there is no way for the user to actually see those license texts and written offer.
Now there is a possible conflict between EU packaging regulations and a *strict* reading of the GPL (as pushed for by several people) and it might be impossible to satisfy both requirements (and you are simply not going to win from Brussels). And that is just one of many possibly conflicting sets of rules.
What Mr Radcliffe said is that we need to set community expectations of what acceptable in terms of compliance actually means, but at the moment we are not having that discussion.
Posted May 2, 2017 22:36 UTC (Tue)
by Cyberax (✭ supporter ✭, #52523)
[Link] (18 responses)
My lawyers assured me that printing: "Warning! Code may contain peanuts^W GPL, see the full license and source code at: http://..." is enough to comply.
Posted May 2, 2017 22:43 UTC (Tue)
by armijn (subscriber, #3653)
[Link] (11 responses)
Posted May 3, 2017 6:20 UTC (Wed)
by paulj (subscriber, #341)
[Link] (10 responses)
I seem to get volumes of paper with most electronics that I buy, even trivial bits of electronics. Yet, a copy of the GPL and a URI is a problem?
Posted May 3, 2017 7:21 UTC (Wed)
by armijn (subscriber, #3653)
[Link] (9 responses)
Posted May 3, 2017 8:30 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link]
"7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License."
So either you get a waiver for the legal requirements or stop distributing a GPL-ed product. As of now there are no laws preventing putting a tiny printed GPLv2 text with a product.
I have very few sympathies to companies that violate GPL and I absolutely welcome any attempts to bring compliance, even by trollish methods. I'd gladly contribute to a fund that will extend this trolling to all other companies that ignore GPL.
This is quite selfish - we spend time making sure our products are license-clean (either no GPL or GPL with source code offer) and I absolutely detest that many of our competitors can just wave away all the compliance issues.
Posted May 3, 2017 12:35 UTC (Wed)
by paulj (subscriber, #341)
[Link] (7 responses)
Is it the fact that he sends Cease and Desist letters?
Is it that he offers to help them become compliant, in return for a fee for his time (which this article describes as 'modest')?
Is it that he has them sign an undertaking to remain in compliance from there on in, with penalties for further non-compliance?
Is it the size of those penalties for further non-compliance?
Is it the threat of injunctions?
What exactly is it that free software developers are not allowed to do, to enforce their copyright?
Posted May 3, 2017 12:51 UTC (Wed)
by armijn (subscriber, #3653)
[Link] (6 responses)
This is one of the reasons is why Shane and I wrote this new (free of charge) guide we just published to get the companies up to speed.
Posted May 3, 2017 21:08 UTC (Wed)
by paulj (subscriber, #341)
[Link] (5 responses)
- I can not recover my costs in the time I spent to show there was infringement, unless I also provide further time consulting with them on how to come into compliance?
What if I have another job and I am not at liberty, via conditions of employment and/or time, to go and do other licence compliance consulting? I simply am not allowed to try get infringers to honour the licence to my code?
I think precision is very important here.
Posted May 3, 2017 21:17 UTC (Wed)
by paulj (subscriber, #341)
[Link]
Which makes me think the answer isn't to find a way to stop people from enforcing the licence on their code, but to provide some kind of service to these companies to help them with compliance. Possibly the only "social contract" change needed then is to have those who initiate enforcement actions be required to refer to the subject to a reputable or neutral compliance advice service
From what you say, McHardy did refer people to GPL resources in his actions. He's hardly obligated to provide further legal advice to them. Indeed, my experience of lawyers is that they strongly advise you to _not_ try give any legal-ish advice to any parties you have a complaint with - so I doubt that someone pursuing a GPL infringement would ever want to do anything more than provide a link to a neutral website.
Posted May 3, 2017 21:44 UTC (Wed)
by armijn (subscriber, #3653)
[Link] (3 responses)
Approaching companies with a fairly innocent request, tricking them into signing a contract (at which point it is no longer about the license, but about the *contract*) and then coming up with the most bizarre interpretations of the license to show that companies are breaching the contract to milk them for a lot of money under the guise of compliance while not actually helping companies despite companies actively asking for help (and simply letting them figure it out themselves), and then hitting them again over and over again crying about non-compliance is simply immoral. It has nothing to do with compliance, or helping free software. It is ordinary trolling.
Enforcement and helping free software can actually go hand in hand: when I was helping out at gpl-violations.org we tried to make sure to start a dialogue with the companies to find out where their issues were and how to help them further. There it served as a wakeup call to companies. With McHardy it is scorched earth.
Posted May 22, 2017 7:43 UTC (Mon)
by ras (subscriber, #33059)
[Link] (2 responses)
Others have commented how this is a GPL v2 problem mostly fixed by GPL v3. IMO GPL v3 is a would be a truly worthy successor on GPL v2, if it weren't "Installation Information" brain fart that renders ended up rendering it incompatible with the way most software is distributed nowadays (app stores). (I give Moglen credit for the beauty and clarity of the writing in GPL v3, but as one of the great intellects behind it he must shoulder a fair portion of the blame for this mistake. I'm sure it's the main reason for it's poor uptake to date.)
But there is a fix patch for GPL v3. You can neuter that rule. I am no lawyer so so I pinched this para from a fsf lawyers blog post, where he praised it (or maybe didn't criticise it - which I took as praise):
> The copyright holders grant you an additional permission under Section 7 of the GNU Affero General Public License, version 3, exempting you from the requirement in Section 6 of the GNU General Public License, version 3, to accompany Corresponding Source with Installation Information for the Program or any work based on the Program. You are still required to comply with all other Section 6 requirements to provide Corresponding Source.
Add that little snippet, and you have an excellent successor for GPL V2. I wish more people would do it because GPL v3 is so much better than GPL v2 in so many ways.
Posted May 22, 2017 8:16 UTC (Mon)
by Cyberax (✭ supporter ✭, #52523)
[Link] (1 responses)
Posted May 23, 2017 14:40 UTC (Tue)
by bronson (subscriber, #4806)
[Link]
Posted May 3, 2017 3:35 UTC (Wed)
by bronson (subscriber, #4806)
[Link] (5 responses)
> There are some "more exotic" complaints too, Radcliffe said, including that the GPL text distributed is not translated into German or that the source offer should not come from the parent company; there are others that are even more odd.
You probably want to find some more careful lawyers.
Posted May 3, 2017 3:41 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link] (4 responses)
These are the sorts of the complaints that are usually tucked onto a larger litigation ("murder, arson and jaywalking" style). I very much doubt that he's suing solely for GPL not being translated into German.
Also keep in mind that German law is pretty harsh towards frivolous lawsuits.
Posted May 5, 2017 6:41 UTC (Fri)
by bronson (subscriber, #4806)
[Link] (3 responses)
The point is: this stuff is complex and open to interpretation. Your comments seem to show this, even though you claim otherwise.
If you can find a reputable lawyer to agree that printing "Contains GPL, see license at http://blah" on a slip of paper is clearly sufficient, then I'm interested. Until then, I don't think anyone's going to stake their company on advice found in a LWN comment.
Besides, I bet McHardy could find compliance issues in the paper type and font size...
Posted May 5, 2017 9:27 UTC (Fri)
by farnz (subscriber, #17727)
[Link] (2 responses)
At a former employer, we had a serious lawyer say exactly that. Of course, what had to be present at http://blah/ was more than just the licence text - we also had to provide full GPL sources for all the software we shipped, and detailed build instructions to enable you to rebuild and replace any GPL software on the devices we shipped with your own build.
Indeed, our lawyer actually suggested that we could go further - we already put a sticker on the device with MAC address and serial number - we could simply put "Software licence details at http://blah/ - you have rights" on that sticker, and as long as http://blah was correctly set up to cover the licence requirements, they'd defend us pro-bono. We also ran this past the FSFE, who verified our instructions on the web site, and then were willing to write a letter telling us that in their opinion, we were compliant given the sticker or the slip of paper. Further, there was no issue with the idea that to get support from us, you had to restore our original software, or with us shipping "surplus" source (e.g. we used gdb internally for debugging - we didn't install gdb on shipped devices, but we could still choose to offer you gdb source code).
This did lead to some challenges for us (we had to come up with a process to let you rebuild things that we shipped outside our infra, to let you reinstall binaries on the product in such a way that it was tamper-evident for our support team, and to reset back to a clean state), but we made it work.
Posted May 5, 2017 15:28 UTC (Fri)
by bronson (subscriber, #4806)
[Link] (1 responses)
If you ever felt like turning this into an article or a blog post, I'd be interested to read more.
Posted May 7, 2017 15:13 UTC (Sun)
by pboddie (guest, #50784)
[Link]
Posted May 2, 2017 23:07 UTC (Tue)
by boog (subscriber, #30882)
[Link] (1 responses)
In any case: https://www.gnu.org/licenses/gpl-faq.en.html#WhatDoesWrit...
Basically, you can comply by passing on a written offer to the unmodified source code that the original supplier has made publicly available. Certainly no need to provide a CD.
Posted May 3, 2017 6:52 UTC (Wed)
by pbonzini (subscriber, #60935)
[Link]
Posted May 3, 2017 9:49 UTC (Wed)
by niner (subscriber, #26151)
[Link] (1 responses)
Posted May 3, 2017 10:22 UTC (Wed)
by armijn (subscriber, #3653)
[Link]
Truth is that the GPLv2 is showing its age: some of the requirements were clearly made for different times. There is a very big difference between *practical* compliance and *strict* compliance. Practical compliance is good, trolling because companies are not strictly complying is not good. At no time during the panel discussion was it even suggested that non-compliance is an option (far from it) and I am really puzzled where people seem to get this idea. It was not about preventing enforcement, it was not about hindering compliance, it was about dealing with excesses that are harmful.
What everyone would benefit from is having a clear understanding about what compliance means to a community of developers and to establish a social norm. This is much more helpful than pursuing it in the courts.
Posted May 3, 2017 10:07 UTC (Wed)
by pbonzini (subscriber, #60935)
[Link]
Pharmaceutical companies (at least in Italy) are very good at folding pages and pages of small print inside a small package.
Posted May 3, 2017 10:32 UTC (Wed)
by JanC_ (guest, #34940)
[Link] (7 responses)
Posted May 3, 2017 11:09 UTC (Wed)
by armijn (subscriber, #3653)
[Link]
Now, if you'll excuse me, a few more urgent and frivolous cases just landed on my desk...
Posted May 3, 2017 11:31 UTC (Wed)
by armijn (subscriber, #3653)
[Link] (5 responses)
Posted May 3, 2017 11:47 UTC (Wed)
by aggelos (subscriber, #41752)
[Link] (1 responses)
Please present your argument; not the text of the directive. If there is an issue here, it needs to be further publicized, but that's not at all obvious from the text.
Posted May 5, 2017 9:03 UTC (Fri)
by aggelos (subscriber, #41752)
[Link]
Hey Armijn. Any chance you could do this? I realize this is a long discussion and wouldn't want this part (which I think is central to some of the points) to fall through the cracks.
Posted May 3, 2017 15:30 UTC (Wed)
by ballombe (subscriber, #9523)
[Link]
Posted May 8, 2017 9:21 UTC (Mon)
by aggelos (subscriber, #41752)
[Link]
(Once more, replying to Armijn directly in case he has missed the other messages) Hey Armijn. Any chance you could explain how you think the requirements of the GPL might conflict with the EU directive you referenced, given the text of Annex II.1 and the preceding context?
Posted May 27, 2017 20:42 UTC (Sat)
by JanC_ (guest, #34940)
[Link]
Also, Article 7, 2nd point, explicitly says that protection of authenticity, technical characteristics, property rights, etc. must be taken into account.
Posted May 3, 2017 11:35 UTC (Wed)
by aggelos (subscriber, #41752)
[Link] (2 responses)
I was going to ask for some instances of commercial products running afoul of the EU packaging regulations due to text that is included because of an obligation to a third party, but I see you already shifted your claim to "a possible future clash" and then to "many laws in various jurisdiction that might be conflicting with the GPL that likely we don't know about". Would you kindly drop the unsubstantiated speculation and point to _specific_ cases that constitute problems so that there can be a meaningful discussion? Otherwise, this all sounds like fearmongering.
Posted May 3, 2017 12:47 UTC (Wed)
by armijn (subscriber, #3653)
[Link] (1 responses)
It seems that a few of you are trying to put *me* on trial here for flagging a serious issue that companies are having (trolling because there is no social norm around compliance which is a different problem than general non-compliance with the GPL). I understand the anger, but it is not very productive.
Posted May 3, 2017 13:20 UTC (Wed)
by aggelos (subscriber, #41752)
[Link]
My impression is the "anger" as you perceive it, comes from how the disproportionate the talking up of the "potential" issues is to the evidence brought forward. Personally, I'm all for hearing your reading of the EU packaging directive to justify a potential conflict with the GPL and less for how this "could be bigger than patents" (attributed to Coughlan), nebulous "uncertainty" (your comment here), "I really wish it were as simple as that.<EOM>" and other such fearmongering.
So yah, it could happen that you'll make a clear case and be faced with anger and denial. But AFAICT this hasn't happened yet.
Posted May 3, 2017 23:04 UTC (Wed)
by anselm (subscriber, #2796)
[Link] (1 responses)
All sorts of computer products here in the EU come with a CD, which usually contains drivers and/or documentation. This doesn't seem to fall foul of packaging regulations even though including the CD could easily be avoided by making the drivers and documentation downloadable on the Internet. And of course on the typical driver/documentation CD there would be ample room for source code if the manufacturer had to comply with the GPL. Therefore I call BS. Come up with a better example.
Presumably, acceptable compliance means that the complete source code for all GPL-licensed components of a product is made available to downstream users as per the stipulations of the GPL (i.e., either by direct inclusion or else by making a written offer to provide it at cost). That doesn't appear to be negotiable, because effectively waiving this obligation would make it silly for software authors to use the GPL in the first place (the BSD licence would do perfectly well).
Posted May 4, 2017 9:01 UTC (Thu)
by armijn (subscriber, #3653)
[Link]
Posted May 3, 2017 4:08 UTC (Wed)
by ewen (subscriber, #4772)
[Link] (3 responses)
We could, as a community, perhaps agree that printing "May contain GPL software. Please visit http://gplcompliance.org/VENDOR/PRODUCT for more information", along with the Appropriate Source Code (tm) being available via a link at that site corresponds to a good faith effort to comply with the GPL. Where http://gplcompliance.org/ was a centralised site run by some neutral party, perhaps the Linux Foundation, that for $N up front would host the uploaded source code until "last sale + 3 years" (Linux Foundation members might get access included for free in their membership perhaps). This is effectively "source escrow", but done in the open.
If we, as a community, agreed to something like that, then a lot of problems go away: sale of the same product under another brand name (or subsidiary name) just needs to be symlink. Checking that a OEM that is whiteboxing your product has complied becomes a simple matter of checking the uploaded source complies, and if it doesn't telling your supplier "please try again or we won't pay you". End users have a single central place with predictable URLs to go to to get the source code.
Then we, as a community, could agree that if the supplier of the device has done that -- printed the agreed text on the box, ensured the Appropriate Source Code (tm) is at http://gplcompliance.org/VENDOR/PRODUCT -- and still gets sued that the community will stand behind them, and consider someone suing because, eg, the source was not on the right bit density mag tape or some other technicality that did not practically affect access to the source code to be a "troll". (The relevant court could be encouraged to, eg, rule that it is a technical violation, and the amount recoverable is $1 -- oh and BTW you get to pay your own legal costs too. Next time don't bother us with such de minimis stuff.)
The remainder of the GPL compliance "issues" discussed seem not to be issues with "too much" GPL compliance but actually too little GPL compliance. If you resell a product manufactured by someone else without paying attention to the copyright compliance of the software in it, then you have a copyright compliance problem; if you resell the product assuming that you can because it "the software is covered by a license that allows us to do so" but do not take the steps necessary to ensure you comply with the license then you have a copyright compliance problem. Like most other compliance problems, effort up front will generally be much less than effort after the fact to try to come back into compliance (cleaning up the river you polluted typically costs a lot more than complying with environmental regulations, and not polluting it in the first place; recreating the financial records you need to pass your financial audit typically costs more than retaining those records from the beginning).
In the real world there are always situations where compliance is *accidentally* less than perfect. But thousand of years of legal history has almost always treated accidental non-compliance with some technicality as less culpable than not really even trying to comply.
Frankly a lot of the non-compliance with the GPL looks a lot more like "not really even trying to comply" than it does "technical non-compliance". So perhaps we fix that first -- at least make a genuine attempt to comply before worrying about trolls arguing about technicalities. Honestly I'd have a lot more faith in the Linux Foundation's desire to resolve GPL compliance issues if they were to eg, host something like the http://gplcompliance.org/ site, with the complying source code, as described above, and encourage all their members, and product manufacturers in general, to use the service.
Ewen
Posted May 3, 2017 7:44 UTC (Wed)
by armijn (subscriber, #3653)
[Link]
Posted May 3, 2017 11:36 UTC (Wed)
by pizza (subscriber, #46)
[Link] (1 responses)
Be that as it may, the problem isn't companies that attempt to comply and perhaps don't do it well -- it's the organizations who can't be bothered to even try -- No acknowledgment of GPL software, no source code or offer, and (if you can manage to contact them) a "screw you" attitude about the whole thing.
Posted May 3, 2017 21:33 UTC (Wed)
by ewen (subscriber, #4772)
[Link]
IMHO a centralised "source escrow in the open" service like the http://gplcompliance.org/VENDOR/PRODUCT I suggested would make it obvious pretty quickly who was trying. Eg, a pre-purchase check of http://gplcompliance.org/VENDOR/ would indicate whether was generally trying to comply with the GPL, or just releasing products without paying attention to the licenses. (For vendors that already have a good open source story, the whole of http://gplcompliance.org/VENDOR/ could just redirect to their existing "${VENDOR} Open Source" page, needing only a one time set up of the redirect. Which would make those existing pages easier to find too.)
Ewen
Posted May 3, 2017 8:48 UTC (Wed)
by xav (guest, #18536)
[Link] (7 responses)
The more companies are involved in the Linux kernel, the more we are witnessing this kind of rhetoric. The GPL is a hindrance because it companies can't use it without having to be in compliance, and being in compliance is apparently a bad thing because ... well it's a bad thing. The level of arguments deployed is sometimes terrifying, like "every mom and pop reseller of Android phones would need to spin up a server to provide the source" which is evidently false. But what's more intriguing is that these arguments do not come from Microsoft anymore but from around the Linux ecosystem itself. Having the companies onboard is a boon, but it comes with its price I guess.
Posted May 3, 2017 12:42 UTC (Wed)
by paulj (subscriber, #341)
[Link]
There are a couple of organisations in that space, that are well worth making a donation to.
Posted May 4, 2017 3:29 UTC (Thu)
by faramir (subscriber, #2327)
[Link] (4 responses)
Posted May 4, 2017 10:44 UTC (Thu)
by excors (subscriber, #95769)
[Link] (3 responses)
That sounds incredibly expensive.
> make the source archive part of the initial disk image on the phone with a simple way for the user to delete it
I think that'd be awkward to implement, given Android's usual partition design. There are read-only system partitions (whose contents are cryptographically signed by the OEM and verified at boot) and writable user data partitions. OTA updates replace the system partitions and leave the user data unchanged. Factory resets wipe the user data partitions and leave the system partitions unchanged. Before the user gets to use their new phone, it probably goes through both a factory reset (at the factory, to clean up after testing) and an OTA update (once the user first connects to the internet, since the version flashed at the factory is old). There isn't a suitable place to store the source archive.
Also typical users would get very confused if asked whether they wanted to delete the GPL source for their phone's Linux kernel, because they have no idea what any of that means, so it's a poor user experience.
If you wanted to store a non-deleteable source archive instead: It looks like the source provided for a Samsung Galaxy S8 is 185MB, and they might sell around 50 million of them, and flash storage apparently costs something on the order of $0.40/GB, so that'd essentially add up to about $4M. That sounds a lot more expensive than hiring a few lawyers and engineers to find a better solution that doesn't add many cents of cost to every single device.
(And that's just for phones; the problem is harder for IoT devices that may be sold in much larger quantities for much lower prices, with much less storage space, with no ability to transfer files to a PC, etc, and may still be running Linux or even Android.)
Posted May 5, 2017 16:01 UTC (Fri)
by raven667 (subscriber, #5198)
[Link] (2 responses)
$4M is substantially less expensive than developing a mobile OS on your own, I'm sure they have received many orders of magnitude more value from the Linux kernel and related open source technology than the costs of license compliance.
Posted May 5, 2017 16:25 UTC (Fri)
by niner (subscriber, #26151)
[Link]
Posted May 5, 2017 17:35 UTC (Fri)
by excors (subscriber, #95769)
[Link]
$4M is negligible compared to the total cost of the product, or compared to the value provided by Linux, but that doesn't mean it's not worth saving if you can. $4M here, $4M there, pretty soon you're talking real money.
Posted May 4, 2017 8:41 UTC (Thu)
by gmatht (subscriber, #58961)
[Link]
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
Um...are you familiar with the McHardy suits in particular? As I understand it (not that I have vast amounts of inside information) we're not talking about "wholesale GPL violations" here. We're talking about companies that want to comply with the license, have attempted to do so, and are still getting burned. This does not seem helpful for the long-term success of Linux or the GPL.
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
It would indeed be useful be able to take a look at the actual court cases. Failing that, I think the article is remiss not to explicitly mention that the presentation on these court cases is from people who have a business interest in there being FUD around GPL compliance.
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
We are one of the leading experts in analysing binaries for software governance and GPL license compliance. We use a combination of manual scanning and automated scanning.
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
Yes, it is open to all to judge
The rise of unreasonable paranoia
The rise of unreasonable paranoia
After impugning legal people, why not impugn the motives of, say, the medical profession, who obviously have an interest in keeping us sick, because otherwise, you know, they're going to have less work, &c, &c.
Of course, the problem with assuming that this doesn't happen is that sometimes it does. Obviously the medical profession has no interest in keeping us sick because they have more work than they can possibly deal with -- adding more sick people isn't helpful -- but they do have an interest, in for-profit systems, in maximizing the amount they charge for their work, charging wildly different fees for the same work depending on your bargaining power, doing unnecessary work, etc (all of which is utterly rife in the US right now). Similarly, the police obviously do not profit from crime because even today there is more of it than they can identify, and in the past crime levels were much higher, so obviously this was even more true back then. So the police have never had an interest in the maximization of crime, even though the more crime there is, the more necessary the police appear.
The rise of unreasonable paranoia
why not impugn the motives of, say, the medical profession, who obviously have an interest in keeping us sick, because otherwise, you know, they're going to have less work, &c, &c.
The rise of copyright trolls
The rise of copyright trolls
*You* may be talking about wholesale violations, but other people are talking about people who are really doing copyright trolling by going after companies who are trying to do the right thing, but who are technically out of compliance because of slight differences between the binaries and corresponding source.
NDAs are usually at the insistence of the violator, not the enforcer.
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
It's not just a matter of them rejecting the GPLv3. Ignoring the current state of affairs where several kernel contributors have voiced as much, it's *impossible* to track down all copyright holders, or the estates of late ones. It's no good to say 95% quorum on a license change is enough as some other projects have done either, because in one this large there's going to be more than a few McHardy types in that remaining 5%.
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
I'm sorry, but how?
The rise of copyright trolls
"...and how to deal with this threat."
By being in compliance?
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
GPLv2 is a smallish two-page text. Putting it along with your software is enough, no need for CD.
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
You're joking, right?
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
Please present your argument; not the text of the directive. If there is an issue here, it needs to be further publicized, but that's not at all obvious from the text.
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
Now there is a possible conflict between EU packaging regulations and a *strict* reading of the GPL (as pushed for by several people) and it might be impossible to satisfy both requirements (and you are simply not going to win from Brussels). And that is just one of many possibly conflicting sets of rules.
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
EU packaging regulations! These require companies to minimize packaging material for products sold in the EU to combat unnecessary waste. Say that you have a tiny component that comes with GPL software. Adding a CD, with the sources would increase the packaging dramatically, and might not be compliant with EU packaging regulations.
What Mr Radcliffe said is that we need to set community expectations of what acceptable in terms of compliance actually means, but at the moment we are not having that discussion.
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
Why don't mom and pop need to distribute source?
You may copy and distribute the Program ... c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)
Posted May 3, 2017 12:01 UTC (Wed)
by k3ninho (subscriber, #50375)
[Link]
Is there a lawyer available to provide the bar at which a derivative work of McHardy's code is more than just a translated work of moving-food-round-plate? That's to ask where it becomes substantive enough to earn its own copyright -- and GPL protection? While not a lawyer, I believe that will differ in different jurisdictions and, the existing stuff is Free/Libre so backporting still leaves several versions open to McHardy's current actions.
K3n.
Posted May 3, 2017 14:31 UTC (Wed)
by ballombe (subscriber, #9523)
[Link]
Posted May 3, 2017 15:36 UTC (Wed)
by NAR (subscriber, #1313)
[Link]
Posted May 3, 2017 16:00 UTC (Wed)
by aggelos (subscriber, #41752)
[Link] (32 responses)
Was there any talk of what the participants felt is lacking from the principles of community-oriented GPL enforcement published by SFC and the FSF in response to the McHardy situation? The summary quoted here implies that this document was either not discussed (though it defies belief that the people present were not aware of it[0]) or disliked. What were the reasons? [0] The LWN editor who attended and summarized the discussion is certainly aware of that too. It is odd not to see any mention of there being "divergent efforts" (as it would most likely be put in the familiar LWN tone) in the article either.
Posted May 3, 2017 16:46 UTC (Wed)
by smurf (subscriber, #17840)
[Link] (1 responses)
Quite frankly: that's their prerogative.
However, if the community-oriented enforcer asks for compliance first AND if the company in question can demonstrate an ongoing good-faith effort to resolve the issue, then the monetary-gain-oriented enforcer does not have much of a legal leg to stand on – at least in Germany TTBOMK, dunno about other jurisdictions; the standard IANAL disclaimer applies.
Posted May 3, 2017 17:05 UTC (Wed)
by aggelos (subscriber, #41752)
[Link]
So I think you're making a different point to the one I was.
Posted May 3, 2017 17:12 UTC (Wed)
by jake (editor, #205)
[Link] (17 responses)
not during the portion of the discussion that i could report on ...
jake
Posted May 3, 2017 19:07 UTC (Wed)
by tialaramex (subscriber, #21167)
[Link] (16 responses)
So you can say e.g. "The participants seemed generally to believe that Martians exist" and we can make of that what we will about their soundness of mind, future intents and so on, but we can't attribute a statement of Martian existence to any individual.
You can't say "Ebenezer Scrooge asserted that it was immoral for programmers to seek any control over their work and furthermore that programmers were violating man's sacred relationship with mathematics by trying to use it to perform labour".
It may take a little extra work from journalists, but almost everything of any import should be able to be phrased in a way that gets across what you learned without saying who from, much as you would with a whistleblower source you want to protect. Your notes may of course include details that should not be reported, but it is not the practice of LWN (nor alas most news outlets) to publish notes, either at the time or retrospectively, so we have to rely upon editorial prudence as to the correctness of what is reported.
Posted May 3, 2017 19:10 UTC (Wed)
by corbet (editor, #1)
[Link] (14 responses)
Posted May 3, 2017 20:15 UTC (Wed)
by tialaramex (subscriber, #21167)
[Link]
Posted May 4, 2017 7:36 UTC (Thu)
by aggelos (subscriber, #41752)
[Link] (12 responses)
Was there really need for Jake to cross the ocean? Don't get me wrong, I can see why Intel, the LF and RH would fund this. But if the sole purpose of going there was to take down and reproduce what was said, is that so much preferable, for LWN subscribers, to LWN linking to the PR coverage these companies and their trade association would then pay someone else to produce[0]? For this subscriber, it wouldn't be preferable. And would also save Jake the inconvenience of two transatlantic flights. [0] Or if they wouldn't bother if it weren't for LWN (doubtful), I'm sure the FSFE would have incentive enough to put out a summary of their own event.
Posted May 4, 2017 13:45 UTC (Thu)
by corbet (editor, #1)
[Link] (11 responses)
Posted May 4, 2017 15:54 UTC (Thu)
by tialaramex (subscriber, #21167)
[Link] (4 responses)
We only get something out of the articles that result. Sending people to conferences may be necessary to make that possible, but it is not a goal in itself (or at least, it's not a goal _for your subscribers_).
As originally presented it seemed as though the situation is that Jake goes to a conference, he hears a whole bunch of interesting stuff, but the only bit he's going to report on (and thus the only value to LWN's subscribers) is this one panel session, and only the session itself not the accompanying Q&A or other material. I am not interested in stopping you or Jake doing that, but I did want to make clear above that I don't like it.
Now, subsequently there's another article from the same conference, so evidently there are at least two (maybe three? or more?) articles from the conference, and that changes the equation a bit. And obviously you will have known that (and will know if there's more to come) which we did not. So you have a different picture of the value proposition, and of course you may value background (e.g. now Jake knows how specific people feel about some of the issues, even though he won't be reporting that) because that's useful for making future editorial judgements, but we don't get any direct benefit from that either.
Posted May 4, 2017 17:43 UTC (Thu)
by bronson (subscriber, #4806)
[Link] (2 responses)
You don't like it and you don't want to stop it? That's not consistent. Maybe you don't actually care that much?
It seems like you're trying to micromanage LWN here.... It's very odd.
Posted May 4, 2017 23:54 UTC (Thu)
by tialaramex (subscriber, #21167)
[Link] (1 responses)
I think LWN will be better if, for any similar future events, it aims to report what was learned by attending a session under the Chatham House Rule, so that's the opinion I expressed - but I'm not about to throw my toys out of the pram if, as it seems is the case, the chief editor is of the opinion that it's a waste of his time and better to only hint that things were learned that won't be shared.
Posted May 5, 2017 7:11 UTC (Fri)
by bronson (subscriber, #4806)
[Link]
Or do you often write about punk rock too?
Personally, given their record, I'm happy to give LWN editors the benefit of the doubt. For more info, maybe you could contact the FSFE? It also seems likely that someone from the FSF or SFC was in attendance.
Posted May 4, 2017 17:54 UTC (Thu)
by rahvin (guest, #16953)
[Link]
Posted May 4, 2017 21:43 UTC (Thu)
by aggelos (subscriber, #41752)
[Link]
If the coverage presented neglects to discuss speaker affiliations and relevant information (especially pertinent information that is conspicuously absent from a discussion), but limits itself to summarizing the contents of a presentation or discussion, then its value to subscribers is significantly diminished, yes. Even more so when a panel is, shall we say.. unbalanced? Needless to say, I do expect LWN editors to mention elephants (or smaller animals) in the room, even if the speakers do not discuss them. In fact, what is maximized by this style of coverage is LWN's value to travel sponsors who want to make sure a message or narrative reaches an audience (developers) that their PR departments don't have easy access to. Note, I'm not saying that LWN editors are conciously choosing to produce this kind of coverage to maximize their their chances of getting travel assistance. Rather, that there is a potential synergy that needs to be acknowledged as any conflict of interest would be. On that note, it would be useful to go on record as to who was the initiator when LWN receives travel assistance for attending an event. Did the editors request it or was it offered? Disclosing a funding relationship does not cure it, of course. I hope LWN could get to the point where subscription revenue is high enough that travel costs would not be an issue, but accept that this might never be the case. Even putting aside potential issues with the sponsoring though, this style of coverage is still way too cavalier about amplifying what might be a biased version of a particular story (e.g. see footnote 0 in this comment). FWIW, I do appreciate the summaries of (necessarily) selected conference presentations, as otherwise, even if the videos were available, some of us wouldn't have the time or motivation to take a look at each talk (or panel, as the case may be). Video or audio recordings are really bad for skimming. For events that are not recorded (and there's no reason why they should be), having an LWN editor summarize them is the next best thing to being there. That said, I would gladly trade off most conference coverage for more in-depth technical articles and comprehensive, responsible (i.e. pointing out of factual errors and gross misrepresentations) summarization of ongoing discussions in mailing lists and other forums of the communities LWN usually concerns itself with. If it saves our editors any time in cattle-class seats, that would be a great bonus.
Posted May 9, 2017 8:04 UTC (Tue)
by aggelos (subscriber, #41752)
[Link] (4 responses)
Can I bring this up again? In the interest of increased transparency, can our editors (in the future) extend their disclosure parties who provided travel assistance with the information on whether they were offered the funds or asked for them of their own accord? Also, could we have a ballpark estimation for the percentage of events LWN was invited, as well as sponsored, to attend in the last few years? If there are events that LWN was invited to cover, are there any obvious commonalities in those requests (e.g. a specific travel sponsor or event)? Thanks.
Posted May 9, 2017 8:19 UTC (Tue)
by gevaerts (subscriber, #21521)
[Link]
Posted May 9, 2017 13:16 UTC (Tue)
by corbet (editor, #1)
[Link] (2 responses)
On the other hand, we do publish nearly 20 years of history which, I believe, shows a consistent and clear picture of where LWN is coming from. That was achieved at some considerable personal cost, including far too much time spent on airplanes and away from home. Yet you're saying that we can be somehow bought by offering us yet another economy-class transoceanic experience. I could get fairly offended if I weren't so busy giggling at the prospect.
Posted May 9, 2017 14:42 UTC (Tue)
by aggelos (subscriber, #41752)
[Link] (1 responses)
For people who think you might be 'bought', you're already putting up the information on who provides travel assistance for LWN editors. So (obviously, I might add) that was not my concern or implication. My concern is that the style of reporting practiced and defended by articles such as this (i.e. only summarizing what was said, refusing to check facts as common practice (e.g. first footnote here and subsequent reply), choosing not to point out items which are clearly left off the agenda) is a disservice to LWN as a subscriber-oriented site. Given that LWN (apparently; I honestly apologize if I have gotten the wrong impression from the comments by the staff) will dutifully reproduce the presentations and discussions at an event for its (primarily developer) audience, it makes sense to want to know which organizations want to promote which events to this audience. If you do not want to provide such information that is your prerogative (though it'd be helpful if we knew why). In my eyes, the situation is analogous to the transparency you currently practice re: travel sponsoring. Admittedly, "LWN attended this event on the invitation and sponsoring of Org X" might not sound great (though if it doesn't sound good to your ears, you might stop and consider why). But, as you say, 20 years of history assures us of the good faith efforts of the LWN editors. What is also assured though, is that bias in reporting is not only a matter of personal integrity. If I may quote another comment out of context: With that in mind, I hope that you (or any other editor at LWN) no longer feel you have a reason to be offended. And perhaps that you'll reconsider the suggestion re: increased transparency.
Posted May 9, 2017 15:15 UTC (Tue)
by aggelos (subscriber, #41752)
[Link]
Posted May 3, 2017 19:18 UTC (Wed)
by jake (editor, #205)
[Link]
it's a little more complicated than that. you also cannot reveal anyone's affiliation(s).
> Your notes may of course include details that should not be reported,
fwiw, I chose not to take notes in parts under CHR -- the risk of inadvertently revealing identities/organizations seemed too high ...
jake
Posted May 3, 2017 18:23 UTC (Wed)
by ocrete (subscriber, #107180)
[Link]
Posted May 3, 2017 19:50 UTC (Wed)
by jonas (guest, #91024)
[Link] (7 responses)
The answer to this isn't to litigate more; it's to make compliance super-ultra-miraculously easy, help everyone be in compliance, and make sure people know how, and can show clearly they are in compliance if being faced by a copyright troll. There's a lot of work we still need to do on this, and the panel highlighted this and the risks if we don't.
Posted May 5, 2017 8:47 UTC (Fri)
by aggelos (subscriber, #41752)
[Link] (6 responses)
The panel (as summarized here) discussed both efforts to help compliance (e.g. by promoting the book published by the Linux Foundation and written by two of the presenters) and efforts to set community norms (the 'social contract'). The point in this subthread was about the second part (I have not had time to go through the book. I'd find a comparative reading of it and copyleft.org's A Practical Guide to GPL Compliance pretty informative, though I doubt LWN would be interested in publishing such an article). I agree with that more than you seem to realize. The two points I'm making are that (a) the interpretation of the (unavailable) data as to the frivolity and seriousness of this kind of legal activity by McHardy appears to be coming from people who stand to benefit from increased worry around GPL non-compliance for trivial issues[0] and (b) the 'social contract' they advocate comes to contend with another, earlier, social contract that has been brought forward as a response to the exact same situation, and that fact is not acknowledged in the presentation or LWN's coverage. FWIW, I also think that making compliance as streamlined and fool-proof as possible is the better way forward here (without discounting the importance of dealing with the current situation). It would be great to be able to talk specifics here, but case information is regrettably not available. It is encouraging to read that "over time, McHardy has moved away from the more exotic claims". I would be very interested in finding out why that is. Is the LF or any other organization making or funding an effort to streamline the license compliance process? [0] This is not to say that their facts are false; just that others might interpret the facts differently. For all we know Armijn et al are underestimating the damages, though their accompanying argumentation is clearly (to this reader at least) pointing in the other direction. Perhaps one day we'll be able to judge for ourselves.
Posted May 5, 2017 17:18 UTC (Fri)
by corbet (editor, #1)
[Link] (5 responses)
The LF is doing quite a bit in this area. OpenChain is there to help companies set up their compliance programs. SPDX is a long-running effort to make it easy to document the provenance of the software in any given distribution. There's a whole list of publications, including the book by Armijn and Shane mentioned elsewhere in this conversation. They also offer an online course in "compliance basics" for free.
My own wish is that the LF would do more to address the outright compliance problems in the industry, and I've told them so. If there's anything happening there it's below the radar, but they are doing quite a bit to make things easier for the companies that want to follow the rules.
Posted May 6, 2017 13:25 UTC (Sat)
by aggelos (subscriber, #41752)
[Link] (4 responses)
It's clear the LF is publishing a lot of documents on how to do compliance as a company - I skimmed the book by Armijn et al. and the thing that stood out, other than the erasure of GPLv3 (people don't ship samba in embedded devices?), is the number of LF documents mentioned in Appendix 1. Only LF documents, come to think of it. Almost as if there are no other publications on the subject. Documenting an arduous process is well and good and will remain necessary. It is however not the same thing as making said process easier (for instance, by pursuing tooling improvements). My question was about the latter aspect. It is good to hear about preventive work. What more do you think they could be doing to address the ongoing compliance problems?
Posted May 6, 2017 14:06 UTC (Sat)
by pabs (subscriber, #43278)
[Link] (1 responses)
They definitely do; I have a router that I only found out runs Linux (and is not GPL compliant) because of a mention of Samba in the web interface.
Posted May 6, 2017 20:34 UTC (Sat)
by zlynx (guest, #2285)
[Link]
Posted May 7, 2017 17:05 UTC (Sun)
by jra (subscriber, #55261)
[Link] (1 responses)
Oh that's just wrong. We have *many* OEMs who ship Samba in embedded devices. Google even ships Samba code (as an app) in ChromeOS.
https://chrome.google.com/webstore/detail/network-file-sh...
Posted May 7, 2017 18:09 UTC (Sun)
by aggelos (subscriber, #41752)
[Link]
Notice the question mark. I was simply pointing out how odd it is that a book called "Practical GPL Compliance" which
Personally, I'm also missing the tiniest bit of explanation for copyleft as a concept or
motivation to comply with it. I.e. something to the effect of "the GPL is not just
a nuisance, it is also beneficial to your organization because [...]". This is something
I expect to find in texts which describe to engineers how to take care of a non-engineering
task that is probably low in their priority list. Opinions (and intentions) might differ, of course.
Posted May 5, 2017 13:16 UTC (Fri)
by rfontana (subscriber, #52677)
[Link] (2 responses)
Posted May 6, 2017 13:26 UTC (Sat)
by aggelos (subscriber, #41752)
[Link]
Thank you for clarifying this. I do very much wonder where this new social contract will be drafted. With regard to your FOSDEM presentation, it's not clear to me from the summary (though now that it's been brought to my attention again, I intend to watch the recording) whether these are your own ideas or those of RH and therefore assumed the former. I sincerely hope an open discussion can eventually take place, though judging from what was reported from this LLW panel, that does not seem to be forthcoming.
Posted May 6, 2017 21:38 UTC (Sat)
by rfontana (subscriber, #52677)
[Link]
Posted May 6, 2017 17:36 UTC (Sat)
by bkuhn (subscriber, #58642)
[Link]
It's interesting to note how late all these people have come out to condemn McHardy's actions. Nearly a year ago, Software Freedom Conservancy was the first of anyone to publicly criticize McHardy's actions and the Netfilter team joined the same week in doing so as well. At the time, we were urging others to join us in condemning McHardy, including people like Radcliffe, but I guess at the time he was just earning too much money defending companies against McHardy to be willing to come forward. We should also consider carefully who was on this panel and what their goals are. AFAICT, all of the people on the panel sell services to those who violate the GPL. Interestingly, none of those on the panel even mentioned the Principles of Community-Oriented GPL Enforcement, which, when followed, don't allow troll-like behavior. Now that McHardy's actions are slowing down, we hear people drumming up fear mongering about the possibility of future copyright trolls. Note what the panel said, though: there aren't many venues where this is viable option anyway (the USA is one where copyright trolling is completely unviable financially, BTW), and even in Germany which seems according to the panel to be the most friendly to such behavior, even McHardy faces serious challenges and can't continue the behavior as a sustained activity in the long run. Transparent FUD, this panel seems to me. Yes, McHardy is behaving badly. We should all condemn his behavior; and I am glad to see that these folks have finally joined Conservancy in doing so. But, this is all just a minor blip of a problem in the face of lots of GPL violations that continue to harm users and developers much worse. We should continue with community-friendly enforcement efforts that prioritize compliance and good community behavior over money.
Posted May 6, 2017 18:19 UTC (Sat)
by ssmith32 (subscriber, #72404)
[Link]
After refreshing my memory with the linked articles, and browsing through the comments - my only complaint is the overly-dramatic title.
It was not an article about "the rise of copyright trolls". It was an article about lawyers who oppose the actions of McHardy, who may very well be a copyright troll. If we suppose McHardy is one ( I'm not sure - my personal opinion is that the actions are selfish, and indicative of a not-nice values, but not really equivalent to the problems posed by patent trolls), then a more accurate (though still too dramatic for my taste) title would be "Exposing a copyright troll"
Posted Mar 4, 2018 17:44 UTC (Sun)
by skwdenyer (guest, #122896)
[Link] (1 responses)
Why? Having used Linux since the mid 1990s, I didn't do so just because it was "free" (as in beer). I chose tools that were appropriate to my needs, cost being just one criterion. Source availability was a big one, just for starters.
When people write things like:
"Being in perfect compliance of the GPL is *hard*. Are you sharing a Docker image? How about a VM image? Even if you make the Docker image available, if you don't religiously include the exact version of all of the sources of any of the GPL components used in the Debian or Ubuntu distribution that you are using, you are technically out of compliance --- and thus you may be leaving yourself exposed to being attacked by a Copyright Troll. (Short version, if you are distributing a binary or a VM image, unless you are being extremely careful, the odds are very high you are doing something wrong and the corresponding source won't _exactly_ correspond to the binary that you ship.)"
then there's something wrong. Taken as a whole, Linux is not free (as in beer), in the same way no software is free. Never mind the licence cost; there is the time and effort to understand, modify, enhance, QC, maintain, etc., etc.
I can't imagine creating a shipping GPL product where I did not have the *complete* source tree available to me. Microsoft (say) might provide me with a warranty that their binary would run bug-free on my hardware; no open source project is likely to do so. So I will compile, from source. I will have that code.
Putting up code that is not the same version implies that I am putting up code in some extra-production process to enable me to be GPL compliant. Which is nonsensical for a start, and a waste of time (which = money). And in any case, it is not paying the price of the software, something which is clearly defined.
The actual version matters because the rest of the code relies upon that version to function - that is the system, that is how we learn, that is how things evolve.
All software costs money. If the world of manufacturers cannot comply with the GPL (and I'm sorry, but that is easy IMHO - see below), then they are free to spend their money on proprietary software. I will not be worried by that - because I do not believe it so important that Linux conquers all comers.
GPL code of high quality is worth money (= time) to implement. We don't have to apologise for it, we don't have to embrace fire-sale economics by forgiving the (tiny) cost of compliance. We must be hard-nosed, we must be tough.
Developers, maintainers, and so on are valuable professionals who choose to give their time for free, not people whose time is worth nothing. There is a fundamental difference.
And the issue of compliance? If you are shipping a product, you have certain legal obligations to comply with. You take out insurance, you consult lawyers, and so on. If you ask a competent lawyer to provide clear guidelines for GPL compliance, and follow them, then you have a claim against that lawyer's indemnity insurance if you run into trouble. Many lawyers offer a service that includes, in effect, litigation insurance.
If you cannot bring yourself to buy insurance against easily forseeable risks, that is your choice. It is not for the OS community to forgive you, any more than it is likely my neighbours will rally round to pay for a new house if mine burns down when I chose not to pay for buildings cover!
Nobody is forcing anyone to use GPL code, to ship products with GPL code, to profit from GPL code. If you choose to do so, you must comply. If you can't comply (for whatever reason, supply chain or otherwise) then you must not sell - choose different software, or a different product.
If however you think that the religious conversio of the world to open source is all that matters, by all means argue for an even more-relaxed GPL v4, but at least be honest about that - rather than inventing petty reasons to forgive non-compliance in the interests of your holy crusade.
Posted Mar 4, 2018 19:12 UTC (Sun)
by halla (subscriber, #14185)
[Link]
The rise of copyright trolls
> ...
>Coughlan wondered if there are other things that can be done to fight this kind of activity. If people are acting outside of the social contract, perhaps their code could be rewritten and replaced.
>For McHardy's code, that may be a viable option, Hemel said.
The rise of copyright trolls
Isn't it obvious?
The rise of copyright trolls
The Q&A session after that (under Chatham House Rule) was lively, with some strong opinions expressed. There was talk of codifying a social contract for our communities; putting together the various factions within the open-source community to help determine what that contract might look like is planned.
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
> FSF in response to the McHardy situation?
Chatham House Rule
As you say, you have to rely on editorial prudence. Please assume that such prudence has been applied here in the best way Jake knew. Talk of "extra work" for somebody who has already crossed an ocean for the sole purpose of covering this event is a bit misplaced, in my opinion...
Chatham House Rule
Chatham House Rule
Chatham House Rule
Talk of "extra work" for somebody who has already crossed an ocean for the sole purpose of covering this event is a bit misplaced, in my opinion...
OK, so I must admit to being totally confused by that comment. Are you saying it's not worthwhile for LWN to attend conferences? If only we'd known, we could have saved all of that cattle-class time all these years...
Confused
Confused
Confused
Confused
Confused
Confused
Confused
Confused
On that note, it would be useful to go on record as to who was the initiator when LWN receives travel assistance for attending an event. Did the editors request it or was it offered?
Confused
We don't track who mentions travel funding first, sorry.
Confused
Confused
People are prone to bias. Even the best of people. They may not even be aware of it themselves. The way these biases work is that professionals can convince themselves they are doing the right thing as part of it. You need to openly acknowledge interests that might bias things (as is best practice in the medical world, e.g.) to have a hope of countering it. And generally be systematic about counter-balancing self-interest-bias - cause humans _are_ very prone to it.
Confused
Chatham House Rule
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
Those principles certainly have the right idea: compliance before litigation. That doesn't seem to be what the article talks about though: if McHardy followed the SFC/FSF principles, the concern about his specific cases would be less. But the problem isn't limited to McHardy. It's a general and potentially rising problem with people or organisations who may be tempted to use their copyright holding in free software for monetary gain.
The answer to this isn't to litigate more; it's to make compliance super-ultra-miraculously easy, help everyone be in compliance, and make sure people know how, and can show clearly they are in compliance if being faced by a copyright troll. There's a lot of work we still need to do on this, and the panel highlighted this and the risks if we don't.
Streamlining the compliance process
Is the LF or any other organization making or funding an effort to streamline the license compliance process?
Streamlining the compliance process
LF is doing quite a bit in this area. OpenChain is there to help companies set up their compliance programs. SPDX is a long-running effort to make it easy to document the provenance of the software in any given distribution. There's a whole list of publications, including the book by Armijn and Shane mentioned elsewhere in this conversation. They also offer an online course in "compliance basics" for free.
My own wish is that the LF would do more to address the outright compliance problems in the industry, and I've told them so. If there's anything happening there it's below the radar, but they are doing quite a bit to make things easier for the companies that want to follow the rules.
Streamlining the compliance process
Streamlining the compliance process
Streamlining the compliance process
Streamlining the compliance process
people don't ship samba in embedded devices?
Oh that's just wrong.is designed for engineers shipping products with GPL-licensed
software included (e.g., consumer electronics, drones, IoT devices)
acts as if GPLv3 does not exist (other than a nod) or is not relevant to their target audience.
I was at this session. I did not take notes and of course I may be misremembering, but my recollection is that the Principles were mentioned explicitly only by one attendee at this session, and there was certainly no substantive discussion of the Principles.
Regarding views on what is lacking in the Principles, that was in part the subject of my talk at FOSDEM earlier this year, covered by LWN.net at https://lwn.net/Articles/715082/.
The rise of copyright trolls
The rise of copyright trolls
principles-discuss
The rise of GPL-violator-defense trolls
The rise of copyright trolls
There is a worrying undercurrent in all of this discussion, to me at least. It is this: that the Linux community fears that the rise of Linux will only continue if licence compliance is made easier and non-compliance not punished / punished only rarely.
The rise of copyright trolls
The rise of copyright trolls