|
|
Subscribe / Log in / New account

The Software Freedom Conservancy on Tesla's GPL compliance

[Posted May 19, 2018 by corbet]

The Software Freedom Conservancy has put out a blog posting on the history and current status of Tesla's GPL compliance issues. "We're thus glad that, this week, Tesla has acted publicly regarding its current GPL violations and has announced that they've taken their first steps toward compliance. While Tesla acknowledges that they still have more work to do, their recent actions show progress toward compliance and a commitment to getting all the way there."
to post comments

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 19, 2018 20:57 UTC (Sat) by adirat (subscriber, #86623) [Link] (27 responses)

Their Linux kernel branch has a single commit by a generic user "Tesla OpenSource", 676 changed files with 413,143 additions and 336 deletions.

In Buildroot it's also one commit per release, with the first having 643 changed files with 15,919 additions and 3,214 deletions.

Did they do these code dump just to avoid being sued? Why do it this way? Is this something frequently encountered? (it's the first time I see a company doing open source like this)

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 19, 2018 21:31 UTC (Sat) by coriordan (guest, #7544) [Link] (21 responses)

> Why do it this way? Is this something frequently encountered?

I'm probably remembering the actors wrong, so I hope someone will correct or confirm me, but I seem to remember someone (Red Hat?) used to publish their Linux patches individually but they changed to just publishing one mega patch which makes changes all over the kernel, and the reason for the change was that Oracle was doing something similar and Red Hat felt disadvantaged because Oracle could choose what to apply from the list of Red Hat changesets but Red Hat couldn't do the same with Oracle's changes.

Not the same but similar. Both situations are GPL compliant. There's no way that any company maintains such changes internally as just one patch, so it's something that's done intentionally before publication to make life difficult for developers outside the company.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 19, 2018 22:17 UTC (Sat) by coriordan (guest, #7544) [Link]

Here it is: https://lwn.net/Articles/430098/ "Red Hat's 'obfuscated' kernel source"

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 19, 2018 22:56 UTC (Sat) by nix (subscriber, #2304) [Link] (4 responses)

Oracle was doing something similar
Wha? Not for as long as I've known it. Certainly not now. (And you can definitely go back as far as the 2.6.32-based UEK2 and still get split-out commits. I don't know about UEK1 because I've never had anything to do with it.)

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 19, 2018 23:30 UTC (Sat) by coriordan (guest, #7544) [Link] (3 responses)

Ok, seems Oracle wasn't doing this. There's a more detailed article here, with no mention of anyone doing it before Red Hat:

https://www.theregister.co.uk/2011/03/04/red_hat_twarts_o...

So I guess Red Hat's justification was based on how much Linux development they do compared to Oracle, which was copying Red Hat's version and sticking their own name on it. (Of course, to take that argument further one could say that Red Hat, and all distros, are sticking their name on projects that they wrote only a minority portion of.)

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 21, 2018 17:07 UTC (Mon) by hkario (subscriber, #94864) [Link] (2 responses)

The work Red Hat does is actually part of upstream kernel:
https://lwn.net/Articles/742672/

and the changes being distributed to customers the way they are, not as just recompiled upstream branch, is because of backporting:
https://access.redhat.com/security/updates/backporting

so the comparison of Tesla to Red Hat is a red herring here, especially given that Red Hat has an explicit "upstream first" policy:
https://opensource.com/article/16/12/why-red-hat-takes-up...

full disclosure: I work at Red Hat, though not on the kernel

RedHat and Monolithic Kernel Patches

Posted May 31, 2018 5:41 UTC (Thu) by Garak (guest, #99377) [Link] (1 responses)

The work Red Hat does is actually part of upstream kernel: https://lwn.net/Articles/742672/
All of it? Since that 2011 LWN article? Even if so, what goal (whose interests) is served by not providing the non-monolithic version? It always sounded like a corner-case gaming of the system to further their bottom line ($) to me. Maybe I was wrong. The more recent controversy with pax/grs(?) I viewed as a similar tactic with a similar presumed motive (though different, perhaps significantly so in the details).
and the changes being distributed to customers the way they are, not as just recompiled upstream branch, is because of backporting: https://access.redhat.com/security/updates/backporting
Are you saying that Redhat's backporting methodology precludes their ability to behave as they did prior to 2011, i.e. providing a more granular patch series instead of a monolithic one? I don't grok that. The 2011 article/event seemed to demonstrate a financially motivated information control tactic. Yes, I am paranoid, but do please clarify if I'm mistaken. I.e. when Corbet wrote in 2011:
Distribution in this form should satisfy the GPL, but it makes life hard for anybody else wanting to see what has been done with this kernel. Hopefully it is simply a mistake which will be corrected soon.
was it a prelude to a story I didn't see/don't remember where the "mistake" was "corrected soon"?

RedHat and Monolithic Kernel Patches

Posted Jun 1, 2018 2:48 UTC (Fri) by lsl (subscriber, #86508) [Link]

> All of it? Since that 2011 LWN article?

I think so, yes. RHEL kernels contain lots of bugfix and feature backports but it's all code originally developed for later upstream kernels. In some cases, the work has been proposed for upstream inclusion but was rejected in its current form. A recent example for the latter is the Secure-Boot-related stuff.

The particular patches on top of the ancient 3.10 kernel are of no interest to the upstream Linux community. They *are* useful to other folks trying to support these ancient kernels.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 19, 2018 23:11 UTC (Sat) by epa (subscriber, #39769) [Link] (14 responses)

Doesn’t the GPL define source code as the preferred form of the program for making modifications to it? And I doubt most Red Hat developers prefer to work from the monolithic code dumps for further changes. Normally if you want to make further changes to a project it is much more comfortable to work from the full history. So there is at least an argument to be made that this is evading the spirit of the licence.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 19, 2018 23:57 UTC (Sat) by coriordan (guest, #7544) [Link]

It's a long shot, but indeed, for some specific situation it might contribute something to a larger argument.

The relevant part of GPLv2 is:

"""The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable."""

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 20, 2018 0:37 UTC (Sun) by excors (subscriber, #95769) [Link] (11 responses)

So no GPL program can get away with distributing just a tarball of source code, they'd always have to provide the full CVS/Git/etc repository? That doesn't sound compatible with how people have been commonly interpreting the GPL for decades.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 20, 2018 5:51 UTC (Sun) by fest3er (guest, #60379) [Link] (10 responses)

IMO, no. As long as a software producer presents a tarball that contains everything needed to build a particular release (or update), *and* someone can follow those instructions and build everything, then they should be in compliance.

Of course, it would likely behoove them to use a source control system. It would make it easier for them and others to obtain everything for particular release and build it.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 20, 2018 11:18 UTC (Sun) by epa (subscriber, #39769) [Link] (5 responses)

That can’t be enough in itself. You could distribute a tarball containing a binary blob. It has everything needed to reproduce the release, but it is not a useful form for further modifications. That’s why the GPL has that language defining ‘source code’.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 20, 2018 13:56 UTC (Sun) by rahulsundaram (subscriber, #21946) [Link] (4 responses)

" That can’t be enough in itself. You could distribute a tarball containing a binary blob"

That wouldn't meet the criteria you are replying to. "As long as a software producer presents a tarball that contains everything needed to build a particular release (or update)" Build - being the operative word. It implies building from source code. Not a binary release.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 21, 2018 6:32 UTC (Mon) by paulj (subscriber, #341) [Link] (1 responses)

So if a company runs the source code through an obfuscator (as NVidia used to do for the 2D X11 driver), would you say that satisfied the GPL? If it was little more than disassembled asm put through a "asm-to-C" tool, with random strings for symbols and labels, you think that'd suffice, because it would be something that'd build from "source"? :)

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 21, 2018 12:31 UTC (Mon) by rahulsundaram (subscriber, #21946) [Link]

A deliberate form of obfuscation is different from a tarball of the source code. I am unaware of any history of GPL source being distributed that way. The latter is far more common and my understanding is that SFC has considered that sufficient judging from Bradley's comment here before.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 21, 2018 7:05 UTC (Mon) by epa (subscriber, #39769) [Link] (1 responses)

My understanding of 'build' is that you take smaller parts and put them together to a larger one. So you can build a Linux distribution DVD image from some binary packages, a kernel and ramdisk image, and a bootloader. The build does not have to begin at the original source code (indeed, perhaps most builds do not, since outside the world of free software it's common to have random binary crap pulled in as part of the build).

That must be why the GPL does not use the word 'build' but talks about the preferred form of the program for making modifications to it.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 21, 2018 19:29 UTC (Mon) by rahulsundaram (subscriber, #21946) [Link]

> That must be why the GPL does not use the word 'build' but talks about the preferred form of the program for making modifications to it.

Perfectly fine to use build in the same context as long as you define it clearly within the license. We do use the term colloquially often to build from source to get binary artifacts.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 21, 2018 6:17 UTC (Mon) by paulj (subscriber, #341) [Link] (3 responses)

There's your opinion, and there's what the licence says:

“The "source code" for a work means the preferred form of the work for making modifications to it.”

I know these days, where an upstream project uses git, that for me the preferred form for making modifications is via a clone of the git repo - and I suspect that would be true for most developers. If some downstream party has themselves used such a git clone as part of developing further modifications that is surely prima facie evidence that the git clone is the preferred form of making modifications. If that downstream party /deliberately/ strips out the change-set information (which most people prefer - as they do) in order to inconvenience any further development of those modifications.. well....

That often in the past people preferred tarballs, patch, diff, even shell based shar patches, has no bearing on what is preferred today. Preferences may and do change with time and better tools.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 21, 2018 6:37 UTC (Mon) by paulj (subscriber, #341) [Link]

Oh, note what the /infringer/ preferred to use could well (and should?) control what the "preferred form" should be, for the infringer to come into compliance.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 21, 2018 18:20 UTC (Mon) by khim (subscriber, #9252) [Link] (1 responses)

Yes even today some people prefer to used tarball is they have slow internet. Some use shallow clone --depth 1 to save space. and so on. So it's not so simple.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 21, 2018 23:40 UTC (Mon) by paulj (subscriber, #341) [Link]

As per my sibling comment to yours, determining "preferred" in a general way is difficult. Much easier is to determine what the infringer preferred - then use that as the minimum bar, for their case.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 20, 2018 18:36 UTC (Sun) by dirtyepic (guest, #30178) [Link]

The preferred format for source code for modification is text in a computer file, as opposed to several truckloads of hardcopy or runes carved into the side of a mountain.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 20, 2018 18:25 UTC (Sun) by glenn (subscriber, #102223) [Link]

The copyright notices in file headers suggest that the bulk of the kernel code is from NVIDIA.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 21, 2018 6:53 UTC (Mon) by olof (subscriber, #11729) [Link] (3 responses)

Apple does it for various published source such as their Darwin kernel, for example see https://github.com/apple/darwin-xnu/commits/master

Many companies publishes sources as tarballs instead, you don't get commit history and commit messages then either. It's very common for embedded products.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 24, 2018 16:12 UTC (Thu) by mgedmin (subscriber, #34497) [Link] (2 responses)

Not only companies do this -- have you seen the commits in the GNU bash repository?

http://git.savannah.gnu.org/cgit/bash.git/log/?h=devel

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 25, 2018 13:02 UTC (Fri) by cortana (subscriber, #24596) [Link]

Well... at least the changelog is kept up to date! :)

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 31, 2018 9:48 UTC (Thu) by jezuch (subscriber, #52988) [Link]

Last I looked, the commit messages in GCC repo are also not very helpful. They are of the form "this file: changed; that file: added function; that other file: moved there". In other words: it repeats *what* changed but does not tell *why*. I tend to write really long commit messages even for fairly trivial changes and my coworkers jokingly call them "essays" (but I think deep in their hearts they thank me! ;) ) and when I educate others about good git hygiene, I always tell them that what I want to know is not the "what", but the "why". And "fix bug" is not the answer ;)

Just my 3 grosze.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 20, 2018 15:39 UTC (Sun) by jebba (guest, #4439) [Link] (17 responses)

They should go to jail, like the people that violate Microsoft's license:

"Recycling innovator Eric Lundgren loses appeal on computer restore discs, must serve 15-month prison term"

* http://archive.is/7bOlk

* https://www.washingtonpost.com/news/true-crime/wp/2018/04...

Instead, they'll get 6 more months. Then 6 more...

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 20, 2018 16:33 UTC (Sun) by smurf (subscriber, #17840) [Link] (15 responses)

Seriously??
Lundgren shouldn't go to jail in the first place …

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 20, 2018 17:17 UTC (Sun) by jebba (guest, #4439) [Link] (14 responses)

Those who violate Microsoft's licenses go to jail. Those people are "pirates":

https://www.microsoft.com/en-us/piracy/reporting/faq.aspx

"Every lead is processed with the legal department and Microsoft's actions can take many forms, from a warning letter to criminal prosecution."

There's many cases of this. One that popped top the top on a search, as an example, is someone getting SEVEN years in prison for $4 million dollars of "piracy":

https://archives.fbi.gov/archives/baltimore/press-release...

But when it comes to "Open Source" licensing, they certainly don't want penalties! No, give them more time to "comply" (e.g. years/never)!

"Specifically, the commitment offers licensees of GPLv2 code a reasonable period of time to correct license compliance issues, building on emerging community norms already in place in the Linux kernel community."

https://open.microsoft.com/2018/03/19/microsoft-open-sour...

How many millions of dollars has Tesla pirated? Nvidia? VMware? How many times has BSA.org shook down small businesses for hundreds of thousands?

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 20, 2018 19:11 UTC (Sun) by rahulsundaram (subscriber, #21946) [Link] (13 responses)

"Those who violate Microsoft's licenses go to jail"

Some of them, very rarely do. The vast majority of copyright infringement goes on, sometimes with the tactic acknowledgment of the commercial entities involved because it helps them again market share. In the case of license enforcement for free and open source licenses, following the Microsoft example you are citing is hardly prudent.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 20, 2018 20:44 UTC (Sun) by jebba (guest, #4439) [Link] (10 responses)

This "prudence" has let companies screw us over for years. SFC says Tesla has been violating the GPL for five years now. Others have been doing it for longer. Being "prudent" has just empowered companies like VMWare and Tesla to continue on, with no repercussions. They should be bankrupted.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 21, 2018 1:50 UTC (Mon) by rahulsundaram (subscriber, #21946) [Link] (6 responses)

> They should be bankrupted.

That's just not realistic at all. Even if SFC were to be considerably more aggressive, all they can do is win some monetary damages.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 21, 2018 18:22 UTC (Mon) by khim (subscriber, #9252) [Link] (5 responses)

Monetary damages may not be enough to bankrupt VMWare, but very well may work in case of Tesla. It's financial situation is not very stable...

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 21, 2018 19:27 UTC (Mon) by rahulsundaram (subscriber, #21946) [Link]

> Monetary damages may not be enough to bankrupt VMWare, but very well may work in case of Tesla. It's financial situation is not very stable...

If the financial situation of any company is that tenuous, it may not be worth going after them anyway. Going after a company purely to get some monetary damages might not befitting the charter of a non-profit like SFC either.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 24, 2018 0:09 UTC (Thu) by rahvin (guest, #16953) [Link] (3 responses)

Tesla's financial position isn't tenuous in the short term or very likely isn't in the long term either. The noise you hear in the news is wall streets concern with the current cash burn rate while they build up factory capacity and that they may need to seek additional capital from investors while diluting current ownership.

The CapEx in automotive is massive and makes silicon fabs look cheap, although the most recent Fabs have begun to approach the spending that automotive makers expend on new factories and models. There are predictions that Tesla having already spent around $2.5 billion on their freemont factory could need as much as $5 billion more to hit 50K per week production. That doesn't include their CapEx on batteries, solar and power which is also several billion. Automotive ramp is really expensive, which is one of the reasons cars are so expensive.

Again, wall streets concern isn't bankruptcy, that IMO isn't even a viable concern, it's dilution of existing ownership with additional stock sales.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 24, 2018 23:15 UTC (Thu) by smurf (subscriber, #17840) [Link] (2 responses)

Well, that and the fact that a lot of money has been spent shorting Tesla stock, i.e. betting on it to lose value.

In a sane world, dilution shouldn't be a concern either – after all, Tesla doesn't "burn" the money, it buys hardware to make cars, i.e. the company's value increases accordingly. Obviously Wall Street, with its focus on quarterly reports and earnings, is far from sane.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 29, 2018 22:17 UTC (Tue) by rahvin (guest, #16953) [Link] (1 responses)

Dilution should always be a concern. If there are a million shares and Tesla prints another million shares, then everyone that already owned a share saw a 50% decline in it's value as a percentage of the company. Dilution is a big deal to investors and always should be.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 29, 2018 22:59 UTC (Tue) by mgb (guest, #3226) [Link]

Dilution should always be a concern. If there are a million shares and Tesla prints another million shares, then everyone that already owned a share saw a 50% decline in it's value as a percentage of the company.
Investors also gain a 50% share in the proceeds of the stock sale so dilution is a wash for real shareholders. However dilution and stock buybacks can afford spectacular gains and losses to derivatives holders, particularly those with prior knowledge.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 21, 2018 6:58 UTC (Mon) by mpr22 (subscriber, #60784) [Link] (2 responses)

Whether it makes sense to seek to bankrupt and/or imprison people over GPL violations depends on what your actual objective is.

It's not at all clear that "though the heavens fall, let justice be done" actually secures the best outcome for Free Software and the wider community.

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 24, 2018 20:14 UTC (Thu) by faramir (subscriber, #2327) [Link] (1 responses)

Personally, I have several objectives for products that I purchase that are covered by the GPL.
For example:

1. Be able to read the source code as a supplement to the non-existent manuals.

2. Be able to modify the source code, create new binaries, and make use of those binaries in the same way (on same hardware) as the original product that I purchased.

If every company that uses GPLed software that doesn't meet those requirements was bankrupted by lawsuits then I could use the GPL as the signifier for being able to engage in the above activities. If I wanted to purchase products that didn't allow me to engage in those activities, I might as well buy products covered by the BSD or even proprietary licenses. If it turns out that the result is that no company using GPL survives, I won't be any worse off then I am now in meeting my objectives. Admittedly, a bunch of people whose livelihood is connected to the fact that they are experts in particular software products covered by the GPL would suffer. Whether or not this is relevant to the "best outcome for Free Software and the wider community" depends on how you define the "community".

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 24, 2018 23:25 UTC (Thu) by smurf (subscriber, #17840) [Link]

If all companies that use the GPL improperly failed, I for one would be worse off than I am now. No updates for my TV, my phone, or my car, for instance.

In many cases, however, the problem isn't the company that makes my phone anyway. The problem is the company that makes some key components for my phone. Or rather, the problem is that the way the GPL is written you can't sue them for infringement because they don't convey the binaries in question to you.

Go to jail, prudency

Posted May 21, 2018 8:59 UTC (Mon) by oldtomas (guest, #72579) [Link]

> [...] following the Microsoft example you are citing is hardly prudent.

While I do agree with you, and commend Conservancy's careful approach (and the more general attitude in most of the community), it seems important to remind people that the "proprietary" world is far more aggressive.

Especially considering the massive anti-GPL FUD we are witnessing these days: having spent myself a couple of years in the corporate world, I had my boss tell me to not touch GPL software ("every other 'open source' is OK"). When I asked, he hand-waved something about "liabilities", while at the same time having no qualms with Microsoft, Oracle, Adobe, Apple and all the other usual suspects. And every time the BSA announced itself... it was party time!

The Software Freedom Conservancy on Tesla's GPL compliance

Posted Jun 1, 2018 16:37 UTC (Fri) by Wol (subscriber, #4433) [Link]

> Some of them, very rarely do. The vast majority of copyright infringement goes on, sometimes with the tactic acknowledgment of the commercial entities involved because it helps them again market share.

Or because, like Reuters, they can simply threaten to destroy any copyright holder who complains ...

Okay it was a good few years ago, but a photographer ran a story in his local paper "copyright - just acknowledge me as the photographer", and Reuters stripped all attribution and ran it on the national news-wire. And apparently, a complaint really was met with "shut up if you want to work in the industry again".

Cheers,
Wol

The Software Freedom Conservancy on Tesla's GPL compliance

Posted May 21, 2018 6:09 UTC (Mon) by paulj (subscriber, #341) [Link]

And don't forget, $DEITY forbid if a contributor to open-source/free-software has the _cheek_ to take action against *repeat* infringers of free software licensing and demand damages from any of these repeat infringing corporates! Such a person must be castigated.

One set of rules for the corporate infringers...


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds