Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
a new strategy toward improving compliance and the freedom of users of devices that contain Linux-based systems". That includes GPL enforcement, an effort to create alternative firmware for embedded Linux devices, and collaboration with other organizations "
to promote copyleft compliance as a feature for consumers to protect their privacy and get more out of their devices". The work is being sponsored by an initial $150,000 grant from Amateur Radio Digital Communications (ARDC). "
We take this holistic approach because compliance is not an end in itself, but rather a lever to help people advance technology for themselves and the world. Bradley Kuhn, Conservancy’s Policy Fellow and Hacker-in-Residence remarked: 'GPL enforcement began as merely an education process more than twenty years ago. We all had hoped that industry-wide awareness of copyleft’s essential role in spreading software freedom would yield widespread, spontaneous compliance. We were simply wrong about that. Today, we observe almost universal failure in compliance throughout the (so-called) Internet of Things (IoT) market. Only unrelenting enforcement that holds companies accountable can change this abysmal reality. ARDC, a visionary grant-maker, recognizes the value of systemic enforcement that utilizes the legal system to regain software freedom. That process also catalyzes community-led projects to build liberated firmware for many devices.'"
Posted Oct 2, 2020 16:31 UTC (Fri)
by scientes (guest, #83068)
[Link] (3 responses)
Posted Oct 2, 2020 17:17 UTC (Fri)
by pizza (subscriber, #46)
[Link] (2 responses)
Granted there's not a lot of detail, but this isn't the place for detail -- there are plenty of other existing pages, both on the SFC's site and elsewhere, for that.
Posted Oct 2, 2020 17:24 UTC (Fri)
by bkuhn (subscriber, #58642)
[Link] (1 responses)
pizza, indeed, the detail is in the large documents that pare prominently
linked to from the press release. Those documents indeed include a clear
argument as to why this is an issue of justice for hobbyists and
professionals alike. For convenience, these larger documents give full details on Conservancy's enforcement strategy and its motivations, and the companion firmware liberation project.
Posted Oct 3, 2020 1:49 UTC (Sat)
by pabs (subscriber, #43278)
[Link]
Posted Oct 2, 2020 22:24 UTC (Fri)
by boog (subscriber, #30882)
[Link] (1 responses)
Posted Oct 3, 2020 6:16 UTC (Sat)
by faramir (subscriber, #2327)
[Link]
Posted Oct 3, 2020 1:52 UTC (Sat)
by pabs (subscriber, #43278)
[Link]
Posted Oct 3, 2020 4:55 UTC (Sat)
by landley (guest, #6789)
[Link] (29 responses)
That's about all I've had time/energy to do on this front so far, but if the copyright trolling is starting up again... (Sigh. It's 2020. Of course it is.)
Posted Oct 3, 2020 5:23 UTC (Sat)
by jra (subscriber, #55261)
[Link]
When Microsoft ot Oracle sue another company for unauthorized use of Windows or Oracle database patches would you call that "Copyright trolling" ? If not, why not ?
Posted Oct 3, 2020 8:47 UTC (Sat)
by oldtomas (guest, #72579)
[Link] (25 responses)
If yes, it's so underhanded that it nearly passes unnoticed.
If no: thanks for promoting (yet) another free software license. I think diversity is important in this field.
Posted Oct 3, 2020 9:56 UTC (Sat)
by scientes (guest, #83068)
[Link] (4 responses)
I don't. It is important that license be machine-readable, and not everyone should have the burden of putting on a lawyer hat just to write code. This is the biggest reason those that just want to hack end up using permissive licenses over copyleft licenses.
Posted Oct 3, 2020 11:23 UTC (Sat)
by rahulsundaram (subscriber, #21946)
[Link]
Posted Oct 3, 2020 13:15 UTC (Sat)
by joib (subscriber, #8541)
[Link] (1 responses)
> I don't
Maybe it was an underhanded attempt at an indirect slur against license proliferation.
That being said, maybe 0BSD can fill a role for the shortest and simplest possible license, without being public domain? Also, lack of requirement to include the copyright text might make sense for stuff like code snippets in documentation etc.
Posted Oct 3, 2020 14:39 UTC (Sat)
by rahulsundaram (subscriber, #21946)
[Link]
Posted Oct 3, 2020 19:45 UTC (Sat)
by NYKevin (subscriber, #129325)
[Link]
- Not counting the warranty disclaimer, it's one sentence long, and it's not a difficult sentence for a human to read and understand.
I do have one minor objection, though: It appears that OSI has approved 0BSD twice, because they list it twice on https://opensource.org/licenses/category (under "Other/Miscellaneous licenses"). They should probably fix that.
Posted Oct 4, 2020 4:40 UTC (Sun)
by landley (guest, #6789)
[Link] (19 responses)
A couple years after the SCO debacle (for which I wrote http://www.catb.org/~esr/halloween/halloween9.html) I started the first GPL enforcement suits (when I became busybox maintainer in 2006) and was a plaintiff in something like a dozen GPL enforcement actions in the US and Europe. That's why I know from firsthand experience that the lawsuits did not add one line of code to the busybox repository. What it _did_ do is make busybox toxic to a large part of its userbase. Admittedly not as badly as GPLv3 did to other projects (ala http://meta.ath0.com/2012/02/05/apples-great-gpl-purge/ and since then they've written a samba replacement, switched bash for zfs, android wrote an Apache licensed bluetooth demon...)
When the FSF initiated a second round of Mepis-style lawsuits in 2008, I saw the fallout from that directly (https://landley.net/notes-2009.html#15-12-2009). If you don't remember the original mepis lawsuit, here's coverage from the time: https://www.linux.com/news/gpl-requirement-could-have-chi... and it failed so badly when I met the FSF's _new_ head of license enforcement a couple years later he claimed to be unaware it had ever happened (https://landley.net/notes-2008.html#13-12-2008).
I have written thousands of words on the why and how I did 0BSD over the years, much of it explanations to spdx, osi, github, and wikipedia[citation needed] representatives. My primary motivation was countering the post-GPLv3 rise of "no license specified" (ala https://speakerdeck.com/benbalter/open-source-licensing-b... ).
Here's a few links off the top of my head, in chronological order:
https://www.openwall.com/lists/musl/2016/03/23/11
I proposed doing a talk on it at more than one linux conference, but I always submit multiple topics and it was never the one they chose. I included ~3 minutes of licensing material in my 2013 ELC talk starting 15 minutes in (http://www.youtube.com/watch?v=SGmtP5Lg_t0#t=15m09s) and included a lot more licensing material in my 2019 ELC talk (https://www.youtube.com/watch?v=MkJkyMuBm3g) since it _is_ one of the primary differences between busybox and toybox. I also gave a talk specifically about the history of copyleft at OLF in 2013 but didn't know only the audio would be recorded (https://archive.org/download/OhioLinuxfest2013/24-Rob_Lan...) and it doesn't make as much sense as I'd like without the video. Oh well.
I'm aware I need to collate all this stuff (and at least 3x more I DIDN'T just link to) into a proper explanation with citations, but my todo list runneth over. Hence the "oh goddess, this again?" at the announcement of a fresh legal crusade against the world.
Given that the first line of your reply included the words "underhanded" and "slur" I'm sure you're an unbiased seeker of knowledge open to evaluating new information without preconceptions, but I've got other stuff to do so there's links to voluminous backstory instead of a conversation. Have fun.
P.S. I definitely recommend Jeremy Allison (the Samba maintainer)'s recent talk on how moving Samba to GPLv3 was a mistake, https://archive.org/details/copyleftconf2020-allison
Posted Oct 4, 2020 9:23 UTC (Sun)
by joib (subscriber, #8541)
[Link] (16 responses)
And yes, having contributed to GPLv2/v3 as well as permissively licensed projects, I guess that makes me both a bearded idealist hippy as well as a useful idiot.
Posted Oct 4, 2020 9:58 UTC (Sun)
by Cyberax (✭ supporter ✭, #52523)
[Link] (15 responses)
And what's wrong with permissive software? It still adds to the overall body of available code. And it grows fast. And moreover, it's sustainable as long as there's a viable business model for it.
What we instead should worry about are the usual anti-competitive shenanigans. And we know ways around it: mandate open standards for interoperability, force companies to release details of proprietary protocols, etc. That's where the real fight for the future of computing should be concentrated.
Posted Oct 4, 2020 12:44 UTC (Sun)
by pizza (subscriber, #46)
[Link] (1 responses)
Permissive software is only sustainable when the software itself is not the product.
Posted Oct 4, 2020 20:24 UTC (Sun)
by Cyberax (✭ supporter ✭, #52523)
[Link]
Posted Oct 4, 2020 15:54 UTC (Sun)
by joib (subscriber, #8541)
[Link] (11 responses)
No. But we shouldn't be so naive as to believe the interests of (large) companies are always aligned with the interests of society as a whole.
> Commercial companies brought us pretty much all of the current technology, including computers themselves.
Well, sort of. Much of the underlying innovation has been government funded. But yeah, companies have played an important role in getting these innovations into a usable form and into the hands of people. Just like we shouldn't say "government bad, companies good", we shouldn't say "government good, companies bad" either. Both play an important role.
> And what's wrong with permissive software? It still adds to the overall body of available code.
All else being equal, more permissive software is certainly better than more proprietary software. But in reality, "all else being equal" never is.
Perhaps what I'm getting at is the death of idealism. "I'll release this software under a permissive license so that FAANG might use it and save a buck" seems to me a poor motivator for someone spending their free time. Copyleft, in the sense of tit-for-tat, is a way to ensure the little guy gets something in return for his efforts (in code if not in terms of $$$). But yeah, maybe that ship has sailed already, if everybody except a small band of grey-bearded hippies either doesn't give a shit or is even openly hostile towards the idea of copyleft.
> What we instead should worry about are the usual anti-competitive shenanigans. And we know ways around it: mandate open standards for interoperability, force companies to release details of proprietary protocols, etc. That's where the real fight for the future of computing should be concentrated.
Yeah, that was jra's claim in his talk referenced above. Might be a good strategy for something like samba, though I'm not sure how well it applies to other software.
Posted Oct 4, 2020 20:35 UTC (Sun)
by Cyberax (✭ supporter ✭, #52523)
[Link] (10 responses)
For a software package to be successful, it needs to have full support infrastructure around it, with at least several people working on its maintenance. And maintenance is usually a boring and uninteresting job.
There aren't that many ways to make that happen and corporate sponsorship is by far the largest contributor.
Posted Oct 5, 2020 10:48 UTC (Mon)
by nim-nim (subscriber, #34454)
[Link] (9 responses)
The core of the problem is that people wanted a free lunch and being able to use commons without any maintenance obligation (because free software licensing is effectively an obligation to share maintenance, if only by making it possible to centralize fixes).
The end result is you *can* *not* rely on commons without the kind of out of band internal maintenance organization the FAANG set up for themselves. Thus they are the only ones able to productivize and monetize stuff, and hobbyist projects don’t survive deployment “it needs to continue working” reality checks.
Unlike other companies the FAANG do not need a copyleft-style framework to organize maintenance cooperation. First, they are big enough to reach critical mass just by themselves. Second, they are big enough to control the behavior of their partners without the need of a software licensing stick.
Posted Oct 5, 2020 16:37 UTC (Mon)
by Cyberax (✭ supporter ✭, #52523)
[Link] (8 responses)
Posted Oct 6, 2020 13:13 UTC (Tue)
by nim-nim (subscriber, #34454)
[Link] (7 responses)
Just copy things, you don’t owe anything to anyone, project bring-up costs is zero.
However, all the maintenance bits that are not shared accumulate over time and over dependency links, exactly like poison in the foodchain. What kills most of those projects maintenance-wise is the shore of keeping all the third party code they build upon secure and up to date.
That’s why “open source” works for a Google (where every employee has to commit fixes to their internal giant mono-repo regardless of what the license says) and not for smaller entities (that only have software licensing to organize maintenance sharing).
Posted Oct 6, 2020 13:35 UTC (Tue)
by pizza (subscriber, #46)
[Link]
Not quite.
The whole point of "open source" ideology is that "we get to use software someone else wrote without paying anyone anything for it"
Maintaining or fixing it internally? Or even periodically updating it? Please. That would require actual work.
Posted Oct 6, 2020 17:38 UTC (Tue)
by Cyberax (✭ supporter ✭, #52523)
[Link] (5 responses)
> However, all the maintenance bits that are not shared accumulate over time and over dependency links, exactly like poison in the foodchain. What kills most of those projects maintenance-wise is the shore of keeping all the third party code they build upon secure and up to date.
Posted Oct 7, 2020 9:37 UTC (Wed)
by nim-nim (subscriber, #34454)
[Link] (1 responses)
For everyone smaller it does not work because there is a lack of incentive to share and merge back fixes. Projects are set up without caring about maintenance and fix flows and hit the resulting stack maintenance wall after a short while.
Posted Oct 7, 2020 17:14 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link]
In general, large successful open source projects work kinda like trade associations, so it's in the participants' best interests to chip in with maintenance and improvements. And by nature, small companies rarely have time or money to participate in trade associations.
Posted Oct 13, 2020 9:01 UTC (Tue)
by dvdeug (guest, #10998)
[Link] (2 responses)
That doesn't accord with any definition I've heard of "open source". But anyone who thinks it unfair that they have to disclose their IP if they use one GPL library is a jerk. If you don't like the terms of a work, you can ask for it to be changed and I think most small developers have their price. But you don't get to take from someone else because they're small and you can dismiss the value of their work. If it's really so small, then rewrite it.
Posted Oct 13, 2020 9:28 UTC (Tue)
by Wol (subscriber, #4433)
[Link]
The resulting work is not Open Source, so from the end user's point of view it isn't Open Source, but that isn't the point of Open Source. (It *is* the point of Free Software, and that's the difference between the two!)
Cheers,
Posted Oct 13, 2020 16:24 UTC (Tue)
by Cyberax (✭ supporter ✭, #52523)
[Link]
Moreover, my position is that the landscape should be littered with corpses of companies that violated the GPL.
Posted Oct 6, 2020 8:24 UTC (Tue)
by marcH (subscriber, #57642)
[Link]
Don't forget the "Right to Repair".
(Feel free to forget about the very nebulous and unenforceable "planned obsolescence")
Posted Oct 4, 2020 13:12 UTC (Sun)
by pizza (subscriber, #46)
[Link] (1 responses)
I'm not going to say that you are wrong, on either count. But there is an interesting point here.
It seems that, for you, the goal is to have busybox as widely used/deployed as possible. That's fine, and laudable. But then why release your code under the GPLv2 to begin with? Why not a permissive license instead?
You see, that's not what _I_ am after. I want my code to be Libre; I want my my users and my users' users to have the same rights to use and modify my code. Sure, that means I'll have fewer users. But you know what? I'm okay with that. Those folks can pay to get what they want instead, and that's going to cost them a lot more than including a source code tarball on their web site.
Meanwhile, I've nearly been sued twice by companies; one was actively distributing my code to their customers and the other was directly using it in their products. And yes, the latter one dropped things quite quickly when it became apparent that _I_ was the one who had them by their metaphorical balls. Copyleft is what gave me that leverage.
Also, let's be honest, nobody acually cares about busybox in of itself as hardly anyone actually _modifies_ it. (Side note -- over a decade ago, my employer actually did make some nontrivial busybox changes, and we unsuccessfully attempted to contribute our code back upstream. C'est la vie. But we also distributed complete corresponding source code to all GPL'd stuff we shipped.) Meanwhile, folks actually _do_ care about Linux (and U-Boot) because those are nearly always required to be modified in order for new hardware to function properly.
Posted Oct 4, 2020 19:35 UTC (Sun)
by pizza (subscriber, #46)
[Link]
I want to add this something that Matthew Garrett said, on this very topic, responding to Torvalds, but talking about Landley's position towards enforcement:
"That's not what your users care about. They care about code *availability*, not contribution. They don't care whether their vendor participates upstream. They just care about being able to fix their shitty broken piece of hardware when the vendor won't ship updates."
[ https://lwn.net/Articles/698452/ ]
And the vendor not shipping updates to fix shitty broken hardware is the *norm* these days, even before one takes into account the looming IoT security dumpster fire.
Posted Oct 6, 2020 18:55 UTC (Tue)
by atai (subscriber, #10977)
[Link] (1 responses)
Posted Oct 7, 2020 1:25 UTC (Wed)
by pabs (subscriber, #43278)
[Link]
https://sfconservancy.org/copyleft-compliance/principles....
I assume they will get some money of some kind though, either fees for the time spent helping companies come into compliance, or possibly some court-granted damages of some kind, although the principles above do say "pursuing damages to the full extent allowed by copyright law is usually unnecessary, and can in some cases work against the purpose of copyleft".
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Copyleft enforcement is indeed about justice for hobbyists and professionals alike
Copyleft enforcement is indeed about justice for hobbyists and professionals alike
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
- While there are other licenses with similar functions (e.g. the Unlicense, CC0, WTFPL, etc.), most of them are longer, not OSI-approved, or both.
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
https://landley.net/notes-2017.html#26-03-2017
https://landley.net/notes-2017.html#27-03-2017
https://landley.net/notes-2018.html#28-09-2018
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Is that bad in itself? Commercial companies brought us pretty much all of the current technology, including computers themselves.
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Forget about "free time". Personal vanity projects are more-or-less dead. Look at Github, it's littered with repositories (all licenses) that have their last commit 5 years ago. That is the main issue, not some nebulous "FAANG will take my pwecious source code".
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Not following. These projects were killed because nobody is interested in maintaining them.
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Nope. The whole point of open source is to not be forced to disclose your whole IP if you use one small GPL library.
And that's exactly why FAANG actually do push out fixes into open source projects.
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Wol
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
[ https://lists.linuxfoundation.org/pipermail/ksummit-discu... ]
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC
Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC