Patrick McHardy and copyright profiteering (Opensource.com)

[Posted August 25, 2017 by jake]

Over at Opensource.com, Heather Meeker, a lawyer who specializes in open-source licensing, published a lengthy FAQ on the GPL enforcement efforts of netfilter developer Patrick McHardy. In it, Meeker looks at how much code McHardy has contributed, specifics of the German legal system that may make it attractive to copyright trolling (or profiteering), and steps that companies and others can take to oppose these kinds of efforts. "Copyright ownership in large projects such as the Linux kernel is complicated. It’s like a patchwork quilt. When developers contribute to the kernel, they don’t sign any contribution agreement or assignment of copyright. The GPL covers their contributions, and the recipient of a copy of the software gets a license, under GPL, directly from all the authors. (The kernel project uses a document called a Developer Certificate of Origin, which does not grant any copyright license.) The contributors’ individual rights exist side-by-side with rights in the project as a whole. So, an author like McHardy would generally own the copyright in the contributions he created, but not in the whole kernel."

to post comments

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 25, 2017 3:18 UTC (Fri) by fratti (subscriber, #105722) [Link] (29 responses)

>Why hasn’t the community stopped McHardy?
>What can we do to stop McHardy and other copyright profiteers?

Why should the community stop him? The real profiteers here are the people breaking the GPL that couldn't give two shits about compliance, like all the IoT garbage.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 25, 2017 6:33 UTC (Fri) by pabs (subscriber, #43278) [Link] (28 responses)

Some links that may help understand the concerns:

https://marc.info/?l=netfilter&m=146887465012705&w=2
http://www.netfilter.org/files/statement.pdf
http://www.netfilter.org/licensing.html#faq
https://lwn.net/Articles/721458/

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 25, 2017 7:48 UTC (Fri) by fratti (subscriber, #105722) [Link] (27 responses)

I see, so the main issue appears to be the way he goes about the actual lawsuits and his motive behind them. I've heard of cases where the German copyright system has been abused before (notably there was one website which tried its best to have their images listed high in Google Image search so it could sue anyone who used them in a court in Hamburg), and this seems to play the same kind of tune; he's actively looking for ways to profit off the violation through legal peculiarities. One could argue that the GPL's long-winded and complex license gives a lot of opportunity for him to accuse companies of GPL violations after the initial settlement.

Thanks for providing me to these links. I definitely see why what he's doing is not the intent of the GPL.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 25, 2017 15:30 UTC (Fri) by ewan (guest, #5533) [Link] (21 responses)

I'm not sure I completely understand. Clearly his behaviour has its unpleasant aspects, but this seems to amount to a discussion of the ethics of kicking GPL violators in the balls rather than squaring up to them for a fist fight.

Surely the underlying point remains that if they complied with the licence in the first place, neither would happen.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 25, 2017 17:00 UTC (Fri) by dunlapg (guest, #57764) [Link]

Surely the underlying point remains that if they complied with the licence in the first place, neither would happen.

It's nearly impossible to always follow every rule to the letter. Most people like rules because they just want to get along and play fairly. People who are purposely trying to violate the rules may deserve a "kick in the balls", as you say; but people who are genuinely trying to comply should be given more grace.

This is the approach of the SFC: privately approach violators to try to get them into compliance, sue when private negotiation has failed.

On the other hand, there are some people who like rules because it gives them an opportunity to kick lots of people in the balls and get away with it -- catching people out on small violations that are unintentional.

From what I've read, a large number of people that Patrick has sued are unintentional violators -- people who are trying to comply and mostly succeeding, but failing only here and there. These are not the kind of people we want sued; and suing these kinds of people to extort money will only harm the Linux community.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 25, 2017 18:02 UTC (Fri) by seyman (subscriber, #1172) [Link]

> Surely the underlying point remains that if they complied with the licence in the first place, neither would happen.

IMHO, the goal of people releasing GPL software is to get people to contribute code (with the license being "merely" a means toward that end). Going straight to lawsuits without giving GPL violators the chance to correct their mistakes and start contributing back (which seems to be McHardy's M.O.) misses the forest for the trees.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 25, 2017 18:15 UTC (Fri) by rsidd (subscriber, #2582) [Link] (18 responses)

If the Linux kernel were entirely his work you'd have a point. But only a minuscule portion is. Rather than fix the problem (GPL violation) he is trying to personally make money off a violation in which he personally is an extremely minor victim. I would say that's much more unethical than (usually unknowing) GPL violation.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 29, 2017 4:35 UTC (Tue) by paulj (subscriber, #341) [Link] (17 responses)

If his contributions are so minor, why havn't they been rewritten by others if others feel his behaviour is so unethical?

The GPL is _not_ hard to follow.

The truth is there are a lot of corporates out there deliberately pushing the boundaries.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 29, 2017 5:45 UTC (Tue) by Wol (subscriber, #4433) [Link] (15 responses)

> The truth is there are a lot of corporates out there deliberately pushing the boundaries.

And unfortunately there are also a lot of corporates out there who would happily follow the rules, except they didn't even realise the products they RE-sell came with such rules.

Cheers,
Wol

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 29, 2017 6:14 UTC (Tue) by paulj (subscriber, #341) [Link] (14 responses)

There are compliance risks in lots of other areas of business, around trademarks and product standards and safety regulations.

Business _must_ educate themselves about these matters, if they wish to minimise those risks. You can buy goods from a foreign manufacturer, sell them in your own country, and find yourself hit with trademark suits, or find product standards agencies confiscate your goods with no come-back. No Linux or copyrights involved.

Businesses protect themselves against those risks by doing research about trademarks, about safety regulations, waste disposal regulations, etc., and then by doing their research on the products they intend to re-sell and acquiring all the necessary assurances (inc. compliance certifications, legal documents, etc.). That _should_ be a function of businesses who are re-selling products. They _should_ do their due diligence. They _should_ - if they are selling Linux based products - demand the supplier has their GPL compliance in order. Importers _are_ held to account in many other areas, and this is the impetus for them to hold their suppliers to account (who are out of jurisdiction, so the importer's $$ is the only way they can be held to account). So why not in this area? How else can a global supply chain be held to account in today's world?

That many businesses today are not aware is an education issue - not a McHardy issue per se. MBA courses need to get with the modern era and start teaching free software licensing compliance issues in courses. Product managers need to learn about this.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 29, 2017 8:05 UTC (Tue) by rsidd (subscriber, #2582) [Link] (13 responses)

Business _must_ educate themselves about these matters, if they wish to minimise those risks. You can buy goods from a foreign manufacturer, sell them in your own country, and find yourself hit with trademark suits, or find product standards agencies confiscate your goods with no come-back. No Linux or copyrights involved.

Linus and other kernel developers have said rather explicitly, many times, that they are not interested in going down the lawyer route unless all else fails. Their goal is to ensure usage and compliance. Hitting hard with lawyers will kill usage -- as Linus pointed out in this fine rant, that's what happened with busybox.

What's happening in this case is extortion by a very, very minor stakeholder in Linux, not at all sanctioned by the project leaders. In the commercial world this would be impossible. A minor Apple employee cannot sue Google (or anyone) for violating an Apple product's trademark/copyright/patent against the wishes of the bosses. Even if he, himself, did legally own a minor piece of IP in the case. Well, I guess he could but he'd be fired.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 29, 2017 13:27 UTC (Tue) by pboddie (guest, #50784) [Link] (10 responses)

Hitting hard with lawyers will kill usage -- as Linus pointed out in this fine rant, that's what happened with busybox.

Ah, the rant where he blatantly insults people trying to do responsible compliance and mixes up the Software Freedom Conservancy with the Software Freedom Law Center. I guess one shouldn't let the facts get in the way of a good rant, particularly when there are interests that do very nicely out of keeping the licensing situation ambiguous and letting corporations off the hook, "old boy network" style.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 29, 2017 14:14 UTC (Tue) by rsidd (subscriber, #2582) [Link] (9 responses)

So he wrote SFC where he clearly meant SFLC. And I agree the name-calling was excessive but that's what Linus does. Forget his mail then, consider GregKH's mail which is quoted in full there. Do you actually disagree with any of it? This passage for instance?

I've spent the last decade of my life working to support, grow, and enhance our community. And corporations are a _huge_ part of our community, and frankly, the only reason we are where we are today. We _have_ to work to bring more companies and their developers into our group, never working to purposefully alienate anyone.

Here's what happens when you threaten legal action against a company:

they instantly stop talking to any "external" developer that might have been working with them to figure this community and license thing out. So much for our "back channel" to them that was slowing starting to pay off.
they bring in more lawyers, and react defensively to protect themselves, as that's what they have to do to preserve the company.
Anyone in the company that pushed to use Linux is now seen as "wrong" and instantly is pissed off that external people just messed up their employment future.
Anyone in the company that resisted the use of Linux (possibly in ways that caused the code not to be released over the objection of the previously mentioned people) are vindicated in their opinion of those "hippy"[2] programmers who develop Linux.
The lawyers know that now that you are willing to accept that loosing is an option, and will do everything in their capability to ensure that it happens (drag it out, annoy the hell out of developers by disposing them, burn your money in whatever way they can, etc.)
Now, even if, after many years of work on your part, you do get that code, what is the end result? You have made an enemy for life from the people who brought Linux into the company, you have pissed off the people who didn't like Linux in the first place as they were right and yet you "defeated" them. Both of those groups of people will now work together to never use Linux again as they don't want to go through that hell again, no matter what. And look, we have a case study of this, BusyBox. That's exactly what happened numerous times. Some of those people/companies you upset had enough resources to create a competing project to replace it and ensure that they never have to deal with that mess again.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 29, 2017 16:03 UTC (Tue) by pboddie (guest, #50784) [Link] (6 responses)

And I agree the name-calling was excessive but that's what Linus does.

So you think it is acceptable for people in positions of power and responsibility to be abusive because "that's what they do"?

Forget his mail then, consider GregKH's mail which is quoted in full there. Do you actually disagree with any of it?

I have already written what I thought about the argument that people shouldn't uphold Free Software licences, referencing this previous discussion in particular.

But although the quoted text may accurately describe how certain companies respond to the threat (or possibility) of legal action, it seems to advocate that licences should have no legal power because some people think it might upset their corporate friends. I cannot agree with that position at all. The text, particularly as originally quoted, also serves to cultivate a false equivalence between eager litigation and "principled" enforcement, the latter employing litigation as the tool of very last resort.

The author seems to think that those contributing code should allow well-resourced organisations to deliver products that ignore the needs of the users and the contributors' demands that the users be empowered. That contributors and users should all wait for some far-off day when various people in the right "scene" have oiled the right cogs, greased the right palms, or whatever, so that the machine will start spitting out half-relevant source code for the newer products of whichever company it is that cannot follow the licensing terms (and yet have such a formidable legal department).

Apparently, should that day arrive, this will somehow be a victory even though the original infringing products will have long since been rendered obsolete and consigned to the waste pile, forcing their owners to buy new, shiny, and also probably infringing stuff. But some people will have had some lucrative fun along the way, so I guess it will all have been worth it for them. The users, meanwhile? "Let them eat cake!"

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 29, 2017 16:25 UTC (Tue) by rsidd (subscriber, #2582) [Link] (5 responses)

Apparently, should that day arrive, this will somehow be a victory even though the original infringing products will have long since been rendered obsolete and consigned to the waste pile, forcing their owners to buy new, shiny, and also probably infringing stuff.

Actually, it will be (and is, in a huge number of cases) a victory because the drivers (or whatever code it is) have finally been upstreamed and new users of those products have proper support. In other words, Linux runs on a couple of billion devices now, which it wouldn't have if Linus et al had the FSF's ideological purity. But it wasn't by lying back and accepting proprietary drivers as you seem to portray it. It's an ongoing and successful process to get manufacturers to open up their drivers.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 29, 2017 17:41 UTC (Tue) by pboddie (guest, #50784) [Link] (4 responses)

Well, it is only a victory if the day arrives and if the code remains maintained. Meanwhile, licence-violating products get sold, no remedies are ever offered, and the perpetrators act as if they're doing everyone a favour if they agree to cooperate and do eventually manage to get some source code out there.

And, by the way, lots of code ends up on billions of devices, much of it probably governed by more restrictive licensing policies and policed by much more severe enforcement regimes than the relatively benign practices of the FSF, Conservancy and other reputable organisations.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 30, 2017 0:56 UTC (Wed) by rsidd (subscriber, #2582) [Link] (3 responses)

Bottom line: FSF had limited desktop/server penetration with the GNU tools but never even got a working kernel (largely because of closed-door development practices in early years, despite the free-software licence). BSDs got on to devices thanks to Apple, but saw very limited contribution in return -- the almost unusable "Darwin" code dump, which too ceased to get updates. (On the other hand, Apple maintains LLVM and keeps it free, so there's that. Also CUPS and some other stuff.) The Linux way, of having a copyleft licence and enforcement by persuasion rather than by lawyer, is what has made a real impact on the world. The reason Google and many others use the Linux kernel is the hardware support, and the reason for the hardware support is doing things the GregKH way not the SFLC way. But if the FSF types still haven't realised this, a quarter century after Linux was first released, they never will.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 30, 2017 3:57 UTC (Wed) by paulj (subscriber, #341) [Link] (1 responses)

I think the "truth" lies somewhere in the middle. You need to be tolerant and nice and educate, with those who ultimately are persuadable, but you need also to be willing to apply the stick to those who are just taking the piss (who often will do their best to /appear/ to seem reasonable).

OpenWRT exists because of the stick.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 30, 2017 11:44 UTC (Wed) by pizza (subscriber, #46) [Link]

I've personally dealt with folks who take a "bugger off" attitude, most notably Senao/Engenius.

Their products are built on OpenWRT, but they *refuse* to release their kernel sources for at least some of their products. They do however occasionally release "GPL sources" tarballs of everything but the kernel -- Albeit after some cajoling.

They are an example of a company that has absolutely no excuse for continuing to violate the GPL, and IMO utterly deserve the stick to be waved at them.

It's funny. The Senao products I have contain the proprietary Atheros wifi driver. Back when I was still in that line of work, Atheros required some truly onerous licensing requirements to ensure their driver (and the developers working on it) in no way co-mingled with other source code, and had per-unit royalties which required proper production accounting, and massive penalties if any term of the (long) agreement was violated.

Yet somehow the requirement to release their complete corresponding source code to the kernel is too much of a burden for a publicly-traded company who posted a US$3.4M profit (on revenues of about $57M) during Q1 2017?

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 30, 2017 12:14 UTC (Wed) by pboddie (guest, #50784) [Link]

The Linux way, of having a copyleft licence and enforcement by persuasion rather than by lawyer, is what has made a real impact on the world.

When you take away the legal standing of a licence, all that remains for "persuasion" in the face of a party violating that licence is to indicate that they will suffer unspecified consequences to their reputation or to their economic activities, but these will be empty threats in many cases. You could, of course, not use a licence at all or use a permissive licence instead and see if this "persuasion" is still a successful tactic.

I suspect that the "persuasion" only works precisely because the licence brings legal obligations and consequences that, indeed, involve lawyers in the case of the most stubborn violators. But, of course, various people are happy to portray responsible compliance efforts in a bad way, while letting licence compliance slide because it either doesn't affect them or they may even benefit in that it sends more paid work their way.

Maybe those people might acknowledge their role in creating the environment for the situation described in the article instead of whining about lawyers, while getting lawyers to write guides about how not to be taken down in the German legal system, and instead of being generally offensive.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 30, 2017 17:25 UTC (Wed) by BrucePerens (guest, #2510) [Link] (1 responses)

Linus and his inner circle should learn more about it before they talk about law. They tend to further fog up the issue rather than make anything clearer.

In general, companies that have been enforced against recognize that they have had a lapse of due diligence and do not become enemies. There are, however, a few exceptions where the companies "start out arrogant" and dig in. Cisco was one, and VMWare is being one now. VMWare has literally spent 4 or 5 Millions to fight something they could have gotten out of for at most a quarter Million counting any necessary re-engineering for compliance, and only tens of thousands to the plaintiff.

Having people know that rules are rules and must be followed is more important than losing a few companies who simply refuse to play well with others.

Imagine what would happen to us if we infringed their copyrights. Enforcement upon them under SFC guidelines is a lot kinder and gentler than the way they operate.

BrucePerens and VMWare GPL Legal Issues

Posted Sep 10, 2017 6:48 UTC (Sun) by Garak (guest, #99377) [Link]

Speaking of fog, I wonder what you consider the worst U.S. legal offense VMWare is guilty of? I worked there for about a year in 2008 and early 2009. My recollection is, that given my general following of lwn/slashdot, for the entire duration of my employment there, the GPL case/s were considered closed, legally, and as far as the mainstream press (including lwn/slashdot) were concerned. You use some foggy words there- like 'arrogant'. Obviously arrogance is not criminal. And I'll admit, there was at least an average level of silicon valley arrogance present at VMWare. But there are different types of arrogance. Specifically I never had direct knowledge of any colleagues that didn't "know rules are rules", though I imagine that kind of arrogance is indeed common enough unfortunately. The arrogance that might sound plausible to me is "thinking one has found a way to exploit profit within the rules" but not actually being correct. I'm curious if you have an opinion that such happened with VMWare in a way that involved violation of U.S. law. (I focus on U.S. because it's where I live, and I have a remarkably low opinion of many other countries laws, even at the same time I have a low opinion of the U.S.'s). Once a year or two ago after reading an LWN article and giving the issue more thought that I probably should, I managed to plausibly grok the issue in some way that boiled down to the core nuance being whether or not it made a difference that two bits of code ran on the same, or different processors in an SMP system. It seems radically unlikely I understood the issue, but that was the point that I remember. Just now, giving a go at grokking the 'worst U.S. legal offence BrucePerens might consider VMWare guilty of', I went to wikipedia and then a reference, and saw something about no busybox source code provided despite binary redistribution. That sounded cut and dry enough to me, but doesn't seem to mesh with the lack of accusation against them in the 2008 timeframe. My vague recollection following the story is maybe that was something they fixed, apologized, and nobody held much of a grudge about. Which gets back to my curiosity as to which is the clearest cut guilt you accuse them of. Or 'foggily' accuse them of to be more precise. Certainly if there is something clearcut, I'd like to know about it and factor into my personal mental assessment of the previous employer. I don't think I've actually used their software since I left, nor plan on it, because I go with FOSS options when available personally. But it's not because I currently have an impression that they did anything wrong WRT GPL. In general I just consider a fact of life people trying to exploit cornercases of nuanced legality to try and provide financially for their families, even if 'the community' doesn't like the extent to which they hoarde their exploitive profits.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 29, 2017 20:40 UTC (Tue) by paulj (subscriber, #341) [Link]

That in the commercial world he'd have signed his copyrights away, and there'd be an executive is irrelevant. In the commercial world the code would also (far more likely than not) have been kept proprietary, and never have turned into a mass+distributed developed kernel.

If everything from the commercial world is good and the final word, then just give up on copyleft altogether. Yet, despite the dislike of copyleft of many of the exec types, they're nearly all using Linux.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 30, 2017 17:14 UTC (Wed) by BrucePerens (guest, #2510) [Link]

Actually, there is still a ton of Busybox usage in embedded products that are produced today. I have been quietly enforcing the license of late, in compliance with SFC's guidelines.

You can not kill either Busybox usage nor (obviously) Linux usage through enforcement of the license. The programs are too desirable for other reasons, and the alternatives available fall short. All you can do through enforcement is get people to perform due diligence, or if you are a bad actor, you can collect some money until people wise up.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 29, 2017 6:02 UTC (Tue) by rsidd (subscriber, #2582) [Link]

All addressed in several other comments on this article.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 25, 2017 19:13 UTC (Fri) by coriordan (guest, #7544) [Link] (4 responses)

> One could argue that the GPL's long-winded and complex license ...

We've been using GPL for 36 years. If there was a concise way to put copyleft in a licence, someone would have done it by now.

This was a major theme in drafting GPL3. There were people bemoaning the number of words, but when they were asked which sentences to delete, they wandered off. Some continued moaning.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 26, 2017 10:33 UTC (Sat) by Wol (subscriber, #4433) [Link]

The problem is lawyers will take advantage of any loophole.

Imho patenting software is an abuse of patent law. The GPL is supposed to be a copyright licence (patents shouldn't even enter into it!). Yet it's got a load of patent language in there, simply to fix a legal problem that shouldn't exist!

So yes, there is a lot of stuff in the GPL that shouldn't be there. But it's there because it's needed :-(

Cheers,
Wol

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 26, 2017 14:11 UTC (Sat) by flussence (guest, #85566) [Link] (2 responses)

>We've been using GPL for 36 years. If there was a concise way to put copyleft in a licence, someone would have done it by now.
And they did: https://github.com/copyleft-next/copyleft-next

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 26, 2017 15:33 UTC (Sat) by coriordan (guest, #7544) [Link] (1 responses)

Well, they certainly tried, and are still trying.

But since no projects are using the licence, and consequently it has never been tested in court or even been looked at by an "enemy" in the software field, we can't currently say they've succeeded in making a simpler GPL replacement.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 26, 2017 22:30 UTC (Sat) by anselm (subscriber, #2796) [Link]

There's bound to be an equivalent of Schneier's Law for software licenses.

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 25, 2017 6:34 UTC (Fri) by pabs (subscriber, #43278) [Link] (1 responses)

Hmm, I wonder why they didn't link to the FSF/Conservancy GPL Compliance Guide:

https://compliance.guide/

Patrick McHardy and copyright profiteering (Opensource.com)

Posted Aug 25, 2017 10:00 UTC (Fri) by glikely (subscriber, #39601) [Link]

What is your concern here? The article does link to the SFC's principles of community enforcement document, so it is not a slight on the SFC.

One-sided reporting

Posted Aug 25, 2017 10:29 UTC (Fri) by zdzichu (subscriber, #17118) [Link] (28 responses)

We have quite a few articles on netfilter GPL enforcement recently, but not a single one included a comment from Mr McHardy. He is not some astral entity “out there”. He is a real person, member of our community. Can we have a proper interview with him?

One-sided reporting

Posted Aug 25, 2017 11:09 UTC (Fri) by armijn (subscriber, #3653) [Link]

People have actually been trying to get in touch with him for years to discuss this, but he has not been willing to respond.

Talking to McHardy & misplaced blame for his actions

Posted Aug 25, 2017 16:42 UTC (Fri) by bkuhn (subscriber, #58642) [Link] (26 responses)

[McHardy] is a real person, member of our community. Can we have a proper interview with him?

As you can see on Conservancy's site, we were the first people, in coordination with the Netfilter team who did so simultaneously, to publicly criticize McHardy's behavior. We didn't take that action lightly. I talked with McHardy on the phone on almost exactly three years ago, on 29 August 2014. At the time, he expressed interest in joining Conservancy's coalition of Linux copyright holders who enforce GPL together, and it seemed to me at the time that his intention was to engage in the type of enforcement that is designed to increase the freedom of users by ensuring they get source code.

I sent email follow-ups to Patrick after that phone call throughout the rest of 2014 and regularly through 2015. I had his mobile number so I also texted him many times with no reply. Throughout early 2015, it became clear that his lawsuits were not in the spirit of community-oriented GPL enforcement. He sent just one reply, in April 2015, where he accused me of contacting him on behalf of one of the violators he sued (which of course wasn't true), and made many strange arguments about why he was justified in demanding large sums of money. I wrote back to continue the discussion, including many emails and text messages over many months following that, and he again went silent.

Conservancy launched the drafting Principles of Community-Oriented GPL enforcement in part because it became clear during mid-2015 that Patrick McHardy's enforcement didn't follow the unwritten principles that Conservancy's, the FSF's, and Harald Welte's enforcement had always followed. We were able to gain consensus and/or endorsement from most organizations in Open Source and Free Software (including the Netfilter Team) for the Principles, but sadly Patrick still doesn't answer my emails or text messages. I last tried to contact him in July 2016. I eventually just gave up, but I welcome him to contact me at any time to talk through what's happened and how to fix it.

Speaking for my experience, the most difficult part of what McHardy is doing is as follows: Conservancy (perhaps because we are willing to engage in public dialogue when Patrick is not) , has had to bear constant attacks from organizations like the Linux Foundation who are legitimately upset about the McHardy enforcement, but misplace their anger toward Conservancy. (This includes public name-calling and personal attacks on me and Karen Sandler by Linux Foundation employees.) The powerful forces who are nervous about GPL enforcement actually seem to blame us for McHardy's behavior. While it's a bizarre position on their part, it is at least understandable: Linux Foundation folks really seem to believe that GPL enforcement will “kill Linux”. As I pointed out in my FOSDEM 2017 keynote, if Linux was going to be killed specifically by GPL enforcement, Harald's enforcement in the early 2000s would have been what did it.

Talking to McHardy & misplaced blame for his actions

Posted Aug 25, 2017 20:06 UTC (Fri) by linuxrocks123 (subscriber, #34648) [Link] (16 responses)

It would be an extreme action, but ... how big a contributor to Linux is/was Patrick? Would it be practical to just rip out and reimplement his code, to get rid of his legal ability to do this?

Talking to McHardy & misplaced blame for his actions

Posted Aug 25, 2017 21:31 UTC (Fri) by ms-tg (subscriber, #89231) [Link] (15 responses)

I was also wondering this?

Talking to McHardy & misplaced blame for his actions

Posted Aug 25, 2017 21:32 UTC (Fri) by pboddie (guest, #50784) [Link] (14 responses)

You'd think that if the Linux Foundation were so upset about it, they'd even pay for it.

Talking to McHardy & misplaced blame for his actions

Posted Aug 25, 2017 22:04 UTC (Fri) by corbet (editor, #1) [Link] (13 responses)

I have been in various settings where such ideas have been discussed. Ripping and replacing is definitely on people's radar. I don't know of any effort to actually do it at this point, though.

Removing code doesn't really solve the problem

Posted Aug 25, 2017 22:48 UTC (Fri) by bkuhn (subscriber, #58642) [Link] (12 responses)

corbet's right that people have talked about replacing code a lot, and not just regarding McHardy. Some have even proposed there should be a "litmus test" about enforcement views before accepting any contribution to Linux and refusing to permit code in canonical versions unless each contributor agrees not to enforce. It's a scary prospect to think about some sort of purity test on enforcement before merging contributions. That's just a form of CLA, so I do hope such a proposal will be DOA, but in the current political climate, that proposal is gaining fans in the for-profit companies that use Linux.

But, removing code is actually not as useful as it looks, particularly given the business model that McHardy is chasing. The main strategy that McHardy appears to be using is to focus on companies who are small system integrators who don't do their own engineering of the actual operating system in their products. I've done plenty of GPL enforcement in that kind of situation, and these companies are usually just confused and need education to get into compliance (usually by picking a reputable, instead of a fly-by-night, upstream vendor). Conservancy does that education work in those scenarios, and helps the violator comply.

McHardy, by contrast, just asks for a cash settlement plus an agreement to pay more money if they can't figure out how to come into compliance in a few months on their own. Then, he cashes in on that clause when the confused company, having received no education, can't get into compliance in the time allotted. (I've been leaked a few of McHardy's settlement agreements, and they've been structured as I describe.)

So, how does this relate to writing his code out of Linux? Well, most of these types of companies use very old versions of Linux. I still see Linux 2.6 active, in the wild, in products, on the shelves today. Yes, they're low-end products from companies we've all never heard of (or that we all avoid because they are known to have sub-par products). But there are hundreds, perhaps thousands, of these kinds of embedded Linux manufacturers. It'll be at least a decade before they're all using versions of Linux being released today, so writing people's copyrights out with the goal of preventing GPL enforcement is just not very effective. (And with a ten year lag, it's not even a long-term solution. After all, no one had any thought that Patrick would decide to do this when he started contributing.)

The obvious solution to me is that we need lots of no-cost, freely licensed educational materials out there to help people understand how to comply with copyleft. That's why I work on The Copyleft Guide, and I have an open door policy that anyone who asks me about compliance questions, I try my best to answer them and/or improve the Guide to answer their questions. I wish more people would help me with this, but a lot of people with the expertise to help in this way have built a business around it, so they charge huge fees for training courses and/or consulting. That's why we see so many compliance tutorial products that are non-Free (in both senses of the word).

Removing code doesn't really solve the problem

Posted Aug 26, 2017 0:57 UTC (Sat) by perlwolf (guest, #46060) [Link] (1 responses)

While the ten year gap is a serious problem, writing McHardy out of the kernel would still be a useful step. It would be useful in court (with a well-researched lawyer) to limit damages by showing that the code that gives him standing is extremely low value (in fact, part of writing that code out of the kernel could be to document how little effort was required to remove it), and that the owners of the vast majority of the code have diagnosed McHardy as a far more serious issue that the defendants. "Defendant is found guilty, damages are determined to be one Euro, no award of legal costs!" would be wonderful verdict and a strong disincentive to McHardy to continue.

Removing code doesn't really solve the problem

Posted Aug 26, 2017 1:22 UTC (Sat) by bkuhn (subscriber, #58642) [Link]

The additional issue is that some execs and lawyers are overreacting to McHardy. Raising awareness about his inappropriate activities have already slowed him down. At this point, multiple people are out there ready to help anyone who is approached by McHardy to come into compliance. Conservancy, for example, would be glad to help anyone who comes to us and wants to comply with GPL.

What I've observed is the McHardy fear being blown out of proportion to disparage all GPL enforcement in general. There is no need to marshal extensive resources for the minor problem McHardy creates. That's why I support instead marshaling resources for freely available Copyleft compliance education materials, which will help not only the McHardy situation, but generally help everyone improve compliance so anyone who imitates McHardy will fail at the start. And, people who want to do enforcement the right way can and should do so; we published the Principles to guide such enforcement. More enforcement done properly will drown out the rare outlier.

Removing code doesn't really solve the problem

Posted Aug 28, 2017 9:21 UTC (Mon) by bangert (subscriber, #28342) [Link] (9 responses)

corbet's right that people have talked about replacing code a lot, and not just regarding McHardy. Some have even proposed there should be a "litmus test" about enforcement views before accepting any contribution to Linux and refusing to permit code in canonical versions unless each contributor agrees not to enforce. It's a scary prospect to think about some sort of purity test on enforcement before merging contributions. That's just a form of CLA, so I do hope such a proposal will be DOA, but in the current political climate, that proposal is gaining fans in the for-profit companies that use Linux.

or you could require all small and/or new contributions to be more permissive than GPL. the possibility to include GPL licensed stuff into the kernel is only awarded after a substantial contribution - say 1000 patches and at least 10000 lines changed.

Removing code doesn't really solve the problem

Posted Aug 28, 2017 13:23 UTC (Mon) by bkuhn (subscriber, #58642) [Link]

> you could require all small and/or new contributions to be more permissive than GPL. the
> possibility to include GPL licensed stuff into the kernel is only awarded after a substantial
> contribution

There are people who are proposing not permitting upstream code to be GPL'd, and some companies refuse to contribute under GPL, but I think refusing contributions of any size that aren't GPL'd is effectively disenfranchising contributors from their rights to chose the license of their contributions, as historically Linux contributors have been permitted to pick any GPLv2-compatible license.

Also, your system has logistical problems. If one contributor 10000 line changes, but at one line at a time, they would be required under your plan to contribute under non-copyleft virtually forever.

Removing code doesn't really solve the problem

Posted Aug 28, 2017 19:34 UTC (Mon) by mjg59 (subscriber, #23239) [Link] (7 responses)

> or you could require all small and/or new contributions to be more permissive than GPL.

If something's a derivative work of the kernel (which most code contributed to the kernel is), releasing it under a more permissive license isn't an option.

Removing code doesn't really solve the problem

Posted Aug 29, 2017 6:00 UTC (Tue) by Wol (subscriber, #4433) [Link] (6 responses)

But releasing your changes *is* (not that I agree with that - the kernel is GPL2, and to insist that contributors can't use that same licence on their changes seems incredibly unFree to me).

At the end of the day, the licence the contributor wishes to use MUST be the contributor's choice, if it's to have any real meaning. If I contribute to a project, I accept that I'm expected to use the same licence, and to tell me I can't is weird. If I wish to use a compatible licence, that should be MY choice, not someone else's (that's why I think this move to force a large number of kernel interfaces "gpl only" is wrong - if the *author* and copyright owner has no desire or intention of enforcing gpl on their code, it devalues the gpl to force them to use it!).

Oh the joys of arguing about copyright and licencing ... :-(

Cheers,
Wol

Removing code doesn't really solve the problem

Posted Aug 29, 2017 21:23 UTC (Tue) by bangert (subscriber, #28342) [Link] (5 responses)

a single player could probably not pull this off, but if a group of big users/contributors of linux (ie. google, facebook, red hat et. al) collectively said, they will not accept changes to the linux kernel which are not more permissive than GPLv2 (say MIT, BSD 2 clause or Apache) this could effectively lead to a fork of the kernel.

Removing code doesn't really solve the problem

Posted Aug 29, 2017 21:54 UTC (Tue) by mjg59 (subscriber, #23239) [Link] (4 responses)

Producing a patch that's derived from Linux but released under a more liberal license would be a violation of the GPL, so this isn't a meaningful option.

Removing code doesn't really solve the problem

Posted Aug 29, 2017 22:27 UTC (Tue) by Cyberax (✭ supporter ✭, #52523) [Link] (3 responses)

GPL requires for the whole derived work to be distributed under the terms no more restrictive than GPL.

But it's perfectly fine to have patch _themselves_ to be under BSD/MIT. They'll be useless without the GPL-ed code, of course.

Removing code doesn't really solve the problem

Posted Aug 29, 2017 22:36 UTC (Tue) by mjg59 (subscriber, #23239) [Link]

> GPL requires for the whole derived work to be distributed under the terms no more restrictive than GPL.

No, specifically under the terms of the GPL - you can't be more restrictive *or* more liberal.

> But it's perfectly fine to have patch _themselves_ to be under BSD/MIT.

I think that's only the case if there's an argument that the patch itself isn't a derived work of the kernel.

Removing code doesn't really solve the problem

Posted Aug 29, 2017 22:54 UTC (Tue) by ewan (guest, #5533) [Link] (1 responses)

The licence requires derived works to be GPLed - you're assuming that only the combination of patch + kernel is a derived work, and that the patch is not. Matthew's point is that it's virtually impossible to generate a patch that is not itself already a derived work of the kernel, so that's not the case.

This is akin to the arguments around the nVidia binary, and the ZFS and OpenAFS filesystems - they've all been able to show core code that had a pre-Linux history, and so was demonstrably not a derivative of Linux, but while that might be possible for leaf drivers, it's going to be rather harder to generate any patch to (say) the scheduler, or memory management or indeed the networking core code, that's not based on the current state of that code.

Removing code doesn't really solve the problem

Posted Sep 10, 2017 8:19 UTC (Sun) by Garak (guest, #99377) [Link]

The licence requires derived works to be GPLed - you're assuming that only the combination of patch + kernel is a derived work, and that the patch is not. Matthew's point is that it's virtually impossible to generate a patch that is not itself already a derived work of the kernel, so that's not the case.

I'm skeptical of that. I wonder if I wanted to try and sell 'patches' to Stephen King novels whether or not I could find a way to do it legally where Stephen King would have no legal ability from his copyright to stop me. Suppose in my contextless patches I had a convention of reversing, pig-latinizing or rot13ing character and place names and whatever else. I kind of feel like I could or should be able to legally do that regardless of what King would prefer. Obviously King doesn't have exclusive copyright over the word 'the', though perhaps for character names. The point I'd highlight is that for any customer to be able to read the modified story, would require that they first do business with King on his terms, then choose to do so with me, and then apply the patch themselves. In such a situation I struggle to see the ethical or legal harm I would be doing to anyone.

Talking to McHardy & misplaced blame for his actions

Posted Aug 29, 2017 4:53 UTC (Tue) by paulj (subscriber, #341) [Link] (8 responses)

Bradley,

There is a sustained campaign by large tech corporate industry to undermine copyleft. You are well aware of it, as you have been campaigning on this. As you say, the reaction to McHardy is almost /engineered/ by those corporate interests to further that campaign.

It's worth pausing and asking whether reacting to McHardy in a way to placate those interests is worthwhile. Will that help copyleft? Or will it help further legitimise that campaign? Does putting measures in place to stop McHardy(-like)? agreements (and he hasn't sued anyone has he, he has just reached private settlements, right?) do anything that will make those anti-copyleft corporates stop their campaign? I don't think it will personally.

There's a large segment of the tech industry that wants to get rid of the GPL, and wants permissive licensing, so that they'll be able to make proprietary products out of open-source. A lot of executives in the valley really dislike copyleft, cause they can't make money from it by taking the code, closing it off and selling it directly, as they'd like. Also, they have to spend money on educating engineers about open-source. They have to audit their software. What a drag!

Sacrificing McHardy to them will not change them, in my opinion. They'll take strength from it. Be careful not to undermine copyleft in doing so.

Talking to McHardy & misplaced blame for his actions

Posted Aug 29, 2017 5:52 UTC (Tue) by Wol (subscriber, #4433) [Link] (6 responses)

> Sacrificing McHardy to them will not change them, in my opinion. They'll take strength from it. Be careful not to undermine copyleft in doing so.

That's a risk you take. Shooting fifth-columnists risks making them martyrs. Not shooting them leaves poison in your midst. Damned if you do and damned if you don't. I'm not particularly principled in principle, I just think standing by your principles, in practice, pays off.

Throw McHardy to the wolves and take the consequences. At the end of the day, he clearly is profiteering (or do I mean privateering, same thing ...) off of Free Software and damaging "The Cause". He clearly is not part of "us", and does not *want* to be part of "us". So let's return the compliment ...

Cheers,
Wol

Talking to McHardy & misplaced blame for his actions

Posted Aug 29, 2017 6:30 UTC (Tue) by paulj (subscriber, #341) [Link] (5 responses)

What is "The Cause" exactly?

The guy wrote code that's widely used in Linux across the world. Clearly non-trivial, given how long it has lasted despite corporate disquiet with his enforcement activities. People are distributing that code in egregious breach of the licence, so clearly *utterly unlicensed* - a copyright violation.

He apparently (from what Bradley has written) has given re-sellers and integrators a chance to come into compliance, and obtained agreements from them to do so. Those re-sellers and integrators have then apparently ignored the issue, and continued to sell products in a manner outwith the licence. Though, the exact details are hard to come by.

The world is a complex place. It shouldn't be McHardy's place to have to further educate repeat copyright violators. Indeed, as the injured party, he _should not_ offer advice to the parties he has a complaint against (your lawyer will never let you do this, in a similar situation).

Talking to McHardy & misplaced blame for his actions

Posted Aug 29, 2017 13:31 UTC (Tue) by Wol (subscriber, #4433) [Link] (4 responses)

> What is "The Cause" exactly?

In quotes because I was - deliberately - being vague. I guess it's probably World Domination ... :-)

> The guy wrote code that's widely used in Linux across the world. Clearly non-trivial, given how long it has lasted despite corporate disquiet with his enforcement activities.

Complete non-sequitur. Have you ever worked on a software project? Have you any idea how much old and obsolete code there is lying around? EVEN IN THE LINUX KERNEL?!

If no-one is either (a) paid, or (b) has a serious itch to scratch, they're not going to do the work. And if McHardy's code is trivial - as it apparently is - then neither (a) or (b) is likely to happen.

> People are distributing that code in egregious breach of the licence, so clearly *utterly unlicensed* - a copyright violation.

And what do you mean by egregious? If they bought a complete product from someone else and are merely reselling it (which appears on several occasions to have been the case) then in those circumstances people do NOT expect to get bitten by Intellectual Property issues!

> He apparently (from what Bradley has written) has given re-sellers and integrators a chance to come into compliance, and obtained agreements from them to do so. Those re-sellers and integrators have then apparently ignored the issue, and continued to sell products in a manner outwith the licence. Though, the exact details are hard to come by.

That's the whole point. Details are hard to come by. Although it appears pretty clear that McHardy's settlements are intended to make subsequent compliance "tricky", shall we say. There's a legal name for that - "entrapment".

> The world is a complex place. It shouldn't be McHardy's place to have to further educate repeat copyright violators. Indeed, as the injured party, he _should not_ offer advice to the parties he has a complaint against (your lawyer will never let you do this, in a similar situation).

So your lawyer will actively frustrate your attempts to get your preferred resolution to the case? The job of a lawyer is to DO AS THEY'RE TOLD, and to GET THE BEST RESOLUTION POSSIBLE.

If, *in the client's eyes*, the best resolution is to get compliance with the licence, then it is the lawyer's DUTY to seek to achieve that, and if that means giving advice to the other party, then so be it.

Cheers,
Wol

Talking to McHardy & misplaced blame for his actions

Posted Aug 29, 2017 14:12 UTC (Tue) by anselm (subscriber, #2796) [Link] (2 responses)

From what we've been told, McHardy's game is to find someone who violates the GPL on “his” copyrighted code in the Linux kernel, say, for product A, and get them to agree to stop doing that. He gets to recover “attorney's fees” for that (a couple of thousand Euros or so) and part of the agreement is that further GPL violations on their part will attract an automatic much larger fine. He then goes away and comes back a few months later to see whether there are more violations, e.g., in product B. In that case the contractual fine kicks in.

If you're the company that is shaken down, paying a few thousand Euros to make the guy go away for the time being may not look that bad at first. The correct approach, however, is to say “thank you”, fix the GPL violation, and let the guy sue you in court for actual damages, which he may either not bother with in the end or else lose (it may be a more lucrative and less risky use of his time to go shake down somebody else instead). Whatever you do, you certainly do not want to commit to the future-automatic-penalty agreement.

Talking to McHardy & misplaced blame for his actions

Posted Aug 29, 2017 20:49 UTC (Tue) by paulj (subscriber, #341) [Link] (1 responses)

"his" - why the quotes? Is there any doubt about him having copyright in code in the kernel?

Also, is it possible the reason no one has contested his demands so far potentially because they havn't a leg to stand on?

Talking to McHardy & misplaced blame for his actions

Posted Aug 29, 2017 22:39 UTC (Tue) by anselm (subscriber, #2796) [Link]

Whether “they haven't a leg to stand on” would be up in the air. Remember that Christoph Hellwig got his case against VMware dismissed because the court thought his individual contributions to the Linux kernel weren't sufficient to give him standing to sue. If that happened to McHardy he would have a real problem right there, so this may be a strong disincentive for him to actually sue somebody (and, in effect, roll the dice about the ongoing viability of his “business model”).

The other problem is that German civil law only deals in actual damages, not punitive damages, so McHardy would have to prove in court to what extent he was personally defrauded by company XYZ's GPL violations, which again might be difficult to do in actual practice.

Finally, the future-contractual-penalty-for-copyright-and-trademark-violations racket here in Germany is the hallmark of sleazy lawyers. People who have been around the home computer scene in the 1980s and 1990s may remember the late Günter Freiherr von Gravenreuth, who basically turned this into a cottage industry, but the practice has been alive and kicking in various guises ever since.

Talking to McHardy & misplaced blame for his actions

Posted Aug 29, 2017 20:47 UTC (Tue) by paulj (subscriber, #341) [Link]

Old code can still be valuable code.

As for egregious, perhaps in the first instance it was not the reseller. However, his copyright was still being infringed upon egregiously by someone, somewhere upstream of the reseller. If I understand Bradley correctly, at that point McHardy does *not* get any significant money from them, and the reseller /is/ told about their GPL obligations, and they do sign up to becoming compliant.

The second instance, the reseller clearly can not claim to be unaware. That's the entire reason McHardy can at that point get more significant damages. I find it hard, on the face of those facts, to have much sympathy for these resellers - it seems to me they *chose* to keep infringing.

We've heard a lot about McHardy and his actions, though still very filtered paraphrasings (it would be really good if Bradley and/or others could make the copies of the agreements public, mod redactions of clearly identifying details).

We've heard very little detail though about these repeat GPL violators, who are supposedly so innocent. I'm a little sceptical on that.

Talking to McHardy & misplaced blame for his actions

Posted Aug 29, 2017 15:53 UTC (Tue) by bkuhn (subscriber, #58642) [Link]

McHardy is a guy making a mistake. There's no reason not to point it out. What I'm seeking to do is point out this mistake is not such a big deal. Perhaps I'm bad at politics because I refuse to lie about things, but I'm not going to lie and say what McHardy is doing is a good thing. It's not; it's a bad thing that's relatively minor as bad things go. Our political opponents, by contrast, are telling us the sky is falling because McHardy has made some small mistakes.

Normal Behavior vs. Our Higher Standards

Posted Aug 28, 2017 16:43 UTC (Mon) by BrucePerens (guest, #2510) [Link] (7 responses)

This matter might be confusing to a lot of people.

Mr. McHardy is behaving as the law allows and exactly as most proprietary software companies would operate if faced with infringement. While we don't like it, he has a right to do what he's doing.

Our community's standards are higher than the norm. We forego damages for past infringement, settling for nothing more than present compliance. This is a voluntary practice and nothing in our licenses, even the FSF-created ones, compels us to behave this way. In general it is to our strategic advantage to work this way, since our goal is not money but a well-functioning Free Software ecology.

We should also be aware that FSF itself has departed from the community standards for enforcement, once with Cisco Systems. The offense was sufficiently egregious, Cisco conducted themselves offensively when people (including me) reached out to help them, and FSF's use of the collected damages (if the amount and purpose was reported to me accurately) was laudable.

Normal Behavior vs. Our Higher Standards

Posted Aug 29, 2017 6:09 UTC (Tue) by Wol (subscriber, #4433) [Link] (1 responses)

> We should also be aware that FSF itself has departed from the community standards for enforcement, once with Cisco Systems. The offense was sufficiently egregious, Cisco conducted themselves offensively when people (including me) reached out to help them, and FSF's use of the collected damages (if the amount and purpose was reported to me accurately) was laudable.

Not that I have a clue what happens, but your simple statement "Cisco conducted themselves offensively" is enough to say to me that what the FSF presumably did was both justified and acceptable. Even under community standards!

Bringing Christianity into it, if you actually read the Bible (which many people quote without understanding), Christianity is both harsh and forgiving. Community members are expected to live up to the community standards. Punishment can be severe. Cisco were pretending to be a member of the community.

Read up and *understand* excommunication and its (ab)use in the middle ages.

(Going back to McHardy, he is applying the rules, in all their brutal force, to people who are not traditionally part of the community and understand neither the rules nor their impact. Even worse, they are the sort of people who would gladly comply (and thereby fall under the forgiveness umbrella) but he is not giving them the opportunity).

Cheers,
Wol

Normal Behavior vs. Our Higher Standards

Posted Aug 29, 2017 21:07 UTC (Tue) by paulj (subscriber, #341) [Link]

Having learned from bitter experience in another community.... There is only so much tolerance one should show to those members of a community who have disdain for its norms, and who keep pushing at its boundaries.

Also, with regard to Cisco, it is notorious for fostering a cut-throat, aggressive, internal corporate culture (through banded stack-and-yank that pits colleagues against each other). They're notorious for competing aggressively. They're notorious for aggressive politics at standards bodies. I've observed ex-Cisco employees being much more aggressively political when participating in open-source communities than was otherwise the norm.

Aggression is a feature of that company, and those who come out of it, it seems to me.

Normal Behavior vs. Our Higher Standards

Posted Aug 29, 2017 17:03 UTC (Tue) by bkuhn (subscriber, #58642) [Link] (4 responses)

Bruce Perens wrote:

We should also be aware that FSF itself has departed from the community standards for enforcement

Bruce, please don't make such accusations without citing any actual facts. Indeed, your comments are attacking a cartoon version of the Principles of Community-Oriented GPL Enforcement (which, BTW, the FSF co-drafted and co-published with Conservancy). The Principles do not say the things your post above says. The relevant point about receiving funds about putting compliance ahead of any monetary damages. Also, when charities like Conservancy and FSF do enforcement, you can see the full details of the funds on their 990s, which adds transparency.

Normal Behavior vs. Our Higher Standards

Posted Aug 30, 2017 17:43 UTC (Wed) by BrucePerens (guest, #2510) [Link] (3 responses)

Bruce, please don't make such accusations without citing any actual facts.

How can I cite facts, Bradley? You have them and the community doesn't. I only have what official people have previously explained to me. Obviously, Bradley, you do have access to those facts, although you may be bound by court order not to release them. I believe the acceptance of seals on enforcement case documents as part of a settlement, preventing visibility to the community, is itself a departure from community standards. When enforcement is over, we should be able to see what was done. Note that Jacobsen accepted a smaller financial settlement in favor of allowing sunshine upon his case.

Also, look again before you accuse me of attacking anything, please. I am not at all attacking the community standards by saying they are higher than the norm and I don't undertstand how you came to that conclusion.

If you are saying that McHardy does not have a right to enforce as he has been, I would like to hear your rationale.

Normal Behavior vs. Our Higher Standards

Posted Aug 30, 2017 18:23 UTC (Wed) by bkuhn (subscriber, #58642) [Link]

Bruce and I just talked about on the phone about this, but the facts are public on Conservancy's and FSF's website and I told Bruce where to find them.

Normal Behavior vs. Our Higher Standards

Posted Aug 30, 2017 18:34 UTC (Wed) by BrucePerens (guest, #2510) [Link] (1 responses)

I did the old-fashioned thing and called Bradley on the phone.

I overstated that FSF foregoes monetary settlement in favor of present compliance. They prioritize compliance over money.

As an aside, I am operating under an "I don't want your money" rule in my own enforcement, at least with companies that are willing to comply rather than go to court (which has been everyone so far).

There has been essentially no case law, their completed enforcement, with the exception of a defendant who went bankrupt and stopped responding, has been settlement rather than court ruling. Settlements are often sealed because the defendant will accept nothing else. Bradley agreed with my bemoaning the absence of case law. I remain uncomfortable that settlements are sealed and believe the community has a right to know. In some cases, this is regarding works in which I have authorship.

Bradley thinks I am off base on FSF v. Cisco but doesn't have the figures and claims that some people in responsible positions at the time might have misstated.. I will have to go through FSF's form 990 for that year.

Normal Behavior vs. Our Higher Standards

Posted Sep 4, 2017 20:58 UTC (Mon) by jospoortvliet (guest, #33164) [Link]

Thanks for sharing guys! Your conversation was interesting ;-)