Jumping the licensing shark
Jumping the licensing shark
Posted Mar 28, 2023 12:20 UTC (Tue) by calumapplepie (guest, #143655)In reply to: Jumping the licensing shark by bkuhn
Parent article: Jumping the licensing shark
Why take this nuclear option, of saying "if you wanna try and build a business model around this software, we'll stop being copyleft entirely", blocking business models that are broadly thought to be acceptable (eg, an "open core" model a la Gitlab would become impossible). Why can't we take a more moderate tack and use the flexibility of contract law? We don't have to write licenses that solely rely on copyright law's massive infringement penalties.
Just a clause "Excepting willful and prolonged violations of this license, the holders of rights in this program agree that if you fail to abide by the terms of this license, you will not be punished beyond the payment of all reasonable fees (including legal) incurred by others in working to bring you into compliance".
Maybe add some language requiring notification that you are in violation, so I can't say "I had to pay 4 hours of top-tier legal fees to send you an email that your site had a broken link". You can also drop the "willful and prolonged" stuff and just rely on contempt of court to prevent companies from just deciding to stay in violation and eat the legal fees. And probably tweak it in a lot of other ways once an actual lawyer gets to look at it.
If you're gonna make a new license, and you want it to be used and enforced in a certain way, then why not simply embed that in the license? Bake the "Community standards for GPL enforcement" into the text of copyleft-next; that neatly protects both against corporations and individual actors wielding violations as extortion. Those who attempt extortion no longer have the tantalizing call of "all revenue made from the product"; those who would be extorted no longer have the threat of their whole business simply being given to the original creator, that copyright infringement law has as remedies.
Those penalties are still there, as a hammer hanging over infringers who want to argue that the license isn't a contract and can't limit it's own enforcement in that way (since then it's invalid and they have no rights at all, and can now forward all profits to me, please). I suppose a copyright holder could try and advance that argument to get more money out of an infringer, but then they'd be arguing that their own license is invalid, and I don't think most courts would let them pull that more than once.
Sure, you can probably still get some companies wielding FUD, to encourage people to buy the fancy premium license. But with this clause, that becomes no different from many companies offering 'support contracts': what they're selling is the reassurance that comes from someone is being paid for the product your company is built on, that you're still living in the comforting warmth of capitalist corporate society where all goods cost money and someone else can be sued if anything breaks.
Posted Mar 28, 2023 12:38 UTC (Tue)
by Wol (subscriber, #4433)
[Link] (90 responses)
No need to say what "all reasonable fees" is, the court has their own very restricted interpretation of that.
Although jurisdictions do vary wildly - I expect the UK will give you a far larger portion of a far smaller bill back, than if you sued in the US for example.
Cheers,
Posted Mar 28, 2023 12:47 UTC (Tue)
by mathstuf (subscriber, #69389)
[Link] (89 responses)
Posted Mar 28, 2023 14:54 UTC (Tue)
by farnz (subscriber, #17727)
[Link] (88 responses)
Then you bias towards corporates with in-house counsel; I infringe, you sue me costing you $10,000 in total (court fees, 100 hours of legal fees etc), I use my in-house lawyers to do the defence, and thus pay $1,000 in court fees for it (because I have no legal fees), and you're still out $9,000.
The English system is complicated precisely because of the need to remove loopholes like the two we've seen so far in this thread, where someone with significant money can put pressure on someone without money to avoid a pyrrhic victory. The below is only an approximation of the rules, and they need constant interpretation by judges to avoid becoming unfair.
The starting position is that the loser pays the winner's court fees (all of them), plus reasonable legal fees and costs for the winning side. The definition of reasonable here is set out in the Civil Rules and Practice Directions (CRPD); these can change over time, but will cover the costs of a decent lawyer (but not the best money can buy), plus things like photocopying, postage etc.
English law allows for the concept of a "without prejudice" settlement offer. The rules for this are themselves complicated, and also in the CRPD, but the core is that you set out what you're willing to pay and do to make the case go away. As long as you've followed the rules for making such an offer, the existence of this offer cannot be brought before the court until after it's made its decision, but before a costs award has been made. If a "without prejudice" offer existed, and the offer was at least as generous as the court's decision, then costs incurred after the offer was made (itself a term of art, since it refers to a point in time somewhere between when the winning side received the offer, and when it rejected it) are out of scope for a costs order, and the winner has to pay those costs themselves.
If, on the other hand, the offer was less generous than the court's decision, the costs after the offer are in-scope; however, those costs are limited by yet another set of rules (notably that you're expected to minimise the number of things you litigate, so if something is accepted as true in a settlement offer, you shouldn't spend any chargeable legal time proving it, but instead assert it and not litigate it properly unless the losing side disputed it once you asserted it).
Finally, and in support of all this, you can ask the judge to indicate how they would rule on parts of the case if you believe that that would result in you making a settlement offer should the judge rule against you. This plays into the reasonableness tests above; if you have consistently asked the judge to prioritise particular matters, your costs are more likely to be deemed reasonable if you either made a new and more generous settlement offer after the judge indicated that they were inclined to find against you, or if you repeated a previous offer after the judge indicated that they were likely to find in your favour on that matter.
The underlying principle of these rules is that you should try to settle your disputes out of court; if the rules are being applied correctly, then you only end up paying the costs of litigating the things that you disagreed on before going to court, and not the costs of litigating things you agree on. Ultimately, the court wants to be faced with a minimal case where it's told what you disagree on, and is able to focus on just the disagreement; the costs rules exist to ensure that if you fight for the sake of fighting in court instead of accepting a settlement, then you lose out financially.
But trying to encode all of this into a licence is going to be "entertaining" for all the wrong reasons; every one of those rules summarised above exists because without it, a richer party was able to abuse the system to make a poorer party lose out due to legal costs.
Posted Mar 30, 2023 13:39 UTC (Thu)
by mathstuf (subscriber, #69389)
[Link] (1 responses)
Posted Mar 30, 2023 14:31 UTC (Thu)
by farnz (subscriber, #17727)
[Link]
You now have a measurement problem. How many hours did my in-house counsel spend on this case?
If you just count the time that's unarguable, then being rich enough to afford in-house counsel gives me a huge advantage - your external counsel bills many more hours than my in-house counsel. I will naturally fight to bring the time measurement down to this level.
If you do manage to measure my in-house counsel's time spent fairly, you still give a significant advantage to people who can afford in-house counsel; on average, the hourly cost of in-house counsel including overheads is significantly smaller than the cost of paying external counsel, because external counsel charge not only for the time they spend on your case, but also for the time they spend searching for the next case to work on - they have to do this to end up being paid comparable amounts to in-house counsel.
And if you measure all the time my in-house counsel are employed for from start of case to end, you end up with a grossly unfair setup again - my in-house counsel may be working on more than one thing at a time, and you're effectively counting them each and every time.
To protect Free Software, you also don't want to bias in favour of external counsel; the SFLC, Red Hat and others will normally use in-house counsel when defending against misbehaviour by people trying to take Free Software and make it proprietary, except when they need to buy in specialist skills they don't have on staff. If there's bias in favour of external counsel, then someone trying to do damage will use external counsel to make it hurt the SFLC and similar.
This sort of thing is why the English rules are so complex, and have so many places in them where your behaviour affects the final costs settlement - a simple rule is, unfortunately, one that's exploitable by bad actors.
Posted Apr 27, 2023 13:06 UTC (Thu)
by calumapplepie (guest, #143655)
[Link] (85 responses)
Further, while the phrasing could add detail, its worth noting that this can only be exploited against people who refuse to move into compliance by those who have the rights to enforce the license anyways. From the moment $VIOLATOR is in compliance, any legal fees you accrue to try and pry your money out of them are explicitly out-of-scope. The failure mode of under-defined 'reasonable fees' is a person who is already out-of-compliance is attacked by a bad enforcer (individual or corporate) who wants a payout. For an individual, that means there's a hard limit of being unable to get more out of the lawsuit than they put in; there's no large payout to fund your retirement. For a corporation working to suppress competition... my license could use some work, but the maximum damages are still clearly far less than 'all the money you've made with this', which is a lot less intimidating.
Ultimately, the 'reasonable fees' thing could be just dropped.. Just leaving it at:
And then maybe add:
That means enforcers can't make a profit enforcing (disencentivizing individual enforcement), and can't make you pay for any non-compliance before they told you they thought you were violating.
It also (based on what I think "wilful" means) lets any potential violator who can convince a lawyer to advise them 'no you're good' is off the hook. This is a single-use get-out-of-jail-free for a large violator against a small enforcer, since once they lose the lawsuit and get to the damages stage, the expenses start accruing.
Ultimately, if it works as I intend, enforcers aren't entirely reliant on pro-bono lawyers against massive corporations (like they would be if it was a blanket ban on all damages), and small violators can't be pushed into bankruptcy for innocent-ish violations (since they can't lose more than they gained, even if they gained every cent exclusively due to intentional violations). Even if it fails, bad enforcers are still far weakened, and bad violators still eventually have to come into compliance (which is the only thing the SFC seeks when they enter lawsuits).
Posted Apr 27, 2023 14:07 UTC (Thu)
by farnz (subscriber, #17727)
[Link] (84 responses)
There's a huge hidden assumption in a lot of what you've written: that the violator and the enforcer agree on what "in compliance" actually means. A case I've dealt with in the past had us shipping the source code for software on DVD upon request, with build instructions; we had someone try and argue that this wasn't sufficient under GPLv2 section 3b, since our build instructions assumed that you were running a Linux OS on your desktop, and thus in the eyes of the person attempting enforcement against us, we had not shipped "the scripts used to control compilation and installation of the executable", since as far as they could tell on their Windows system, the scripts we used did not work to control compilation, and thus we were hiding the "real" scripts used to control compilation.
And I see an easy way to abuse your setup - I am not in compliance; you contact me, I immediately come into compliance, and thus, per your definition, any costs you incur are out-of-scope. The moment you lose interest in trying to enforce, I stop complying, because compliance is expensive compared to not complying; you get in touch again, and I come into compliance.
In this setup, the enforcer has to keep spending their own money trying to get me to come into compliance; I'm never wilfully non-compliant, since my non-compliance is a consequence of neglecting things that I don't want to do, so the wilful term doesn't come into it, and thus the wilful violation clauses don't apply. You've declared that you will not hold me responsible for damages unless it's wilful, so there's nothing to gain from enforcing, and thus there's no loss to me if I keep giving up on compliance when not pursued directly by an enforcer with standing.
Underlying all of this is that the problem you're facing is not a global issue - it's a consequence of the way the US court system specifically works. In England and Wales, for example, the default position is that your damages payout is there to "make good" the affected parties, and no more; the cap is not "the total amount you made with this", but "what it would have cost you to comply had you been in compliance from the beginning, plus interest on that money". The only way to move from this position to a more punitive payout is for the enforcer to prove that you were deliberately non-compliant, and gambling on lack of enforcement, and even then, the bound on the payout is the amount it would have cost you to build an equivalent piece of software from scratch.
Posted Apr 29, 2023 13:55 UTC (Sat)
by calumapplepie (guest, #143655)
[Link] (83 responses)
Actually, I didn't assume that, though clearly my writing failed to convey that. If there is an actual disagreement about what compliance means, then it goes to the courts, like the existing process. If the courts then find that there was no compliance and there is no way the violator didn't know that, then the damages can apply for the full duration.
> And I see an easy way to abuse your setup
I don't think your way is any worse than what is currently the status quo, which the SFC believes to be acceptable. That is, right now, the SFC seeks $0 in monetary damages in all their cases, paying for all enforcement actions themselves. They only ask the court to issue orders that compliance be observed properly; which the courts then enforce with contempt-of-court charges as needed.
> I am not in compliance; you contact me, I immediately come into compliance, and thus, per your definition, any costs you incur are out-of-scope. The moment you lose interest in trying to enforce, I stop complying, because compliance is expensive compared to not complying; you get in touch again, and I come into compliance
Compliance is only expensive when you have not achieved it. Serving up some source code files for 10 years is far cheaper than even a 20 minute consultation with a lawyer to see what this letter from the SFC is on about. The reasons companies remain noncompliant is they either lack the rights to release the source code for some component they linked into the code, or they worry that if they do release the code their competition will steal their secret sauce. But in order to be compliant, you need to release that source code (even if only briefly), and that requires you to both get those rights and show their secret sauce. Once you've done that, there's almost no incentive to return to being non-compliant; compliance only requires you to occasionally update the server with your latest code, and let two or three curious people download it a month.
Further, my language doesn't actually mention any notification or 'grace period'. It just says "willful". Your cycle of enforcement/noncompliance would require that a new form of noncompliance be found each time, since otherwise the previous notification would still apply. Ultimately, though, the cycle would be acceptable: enforcers just need to routinely send emails saying "hey, you forgot to include the code for your latest update in your code posting". Then the violator would need to release the latest code, allowing folks to download it and mirror it. The open source community is happy, they have the code they need even if the company went back to trying to hide it.
> Underlying all of this is that the problem you're facing is not a global issue - it's a consequence of the way the US court system specifically works
That's certainly true. However, just because some clauses of a license are useless in some jurisdictions doesn't mean they're useless in all. In today's globalized world, especially when it comes to matters like copyright, enforcers get to decide what jurisdiction to pursue damages under. As long as the US court system allows for titanic damages, bad enforcers will continue to seek massive damages there; so our licenses must protect against that.
Posted Apr 29, 2023 14:15 UTC (Sat)
by pizza (subscriber, #46)
[Link]
No, falling back out of compliance is common because $vendor sees "coming into compliance" as a one-off act (ie "manually scramble around to find the source code and upload it somewhere"), instead of something that needs to be incorporated into their release process. Without that process change (eg "add a source tarball to your build script and post both up at the same time"), every time you release something new you're automatically out of compliance and have to do that time-consuming manual scramble all over again when you're inevitably called out for it.
Relatedly, when "compliance" is a manual act, it means that "source code access" isn't considered to be a requirement that needs to be met whenever you revamp/rebrand/etc your web site (or shuffle old product support/download pages to an EOL section) meaning the source code links get routinely broken or dropped, etc even for the old/existing stuff that you've already gone through all that trouble for.
I know McHardy's GPL enforcement is generally considered to be done in bad faith, but his approach did have a valid point -- if organizations treated source code access as a process/requirement change instead of as a one-off act, they would have completely avoided falling back out of compliance.
Posted May 2, 2023 10:40 UTC (Tue)
by farnz (subscriber, #17727)
[Link] (81 responses)
But I came into compliance, so the previous notification has been dealt with in full. I've now not bothered keeping in compliance (didn't keep source code up when the web site was rearranged, removed the source code when I made a patch release because it was tied to the withdrawn release, whatever), and I'm not being wilful - I'm being negligent (I'm simply not caring about compliance).
You now have to make a new notification that I've gone back out of compliance, having previously agreed that by providing full source for the product, I was in compliance. You don't get to say "I'm taking back my previous acceptance that you are in compliance"; instead, you have a new non-compliance (probably the same issue as last time) to address, and need to notify me all over again.
Ultimately, the problem is that by tying your hands with the licence, you've ensured that I have no incentive to put together a process for perma-compliance. That process isn't free to create and is a constant drain on resources as I ensure that every time I do a new software release, I have the matching sources put up on offer with the release. By saying "no compensation required as long as you come into compliance on demand", you've said that the maximum cost of not complying is the same as complying, but the minimum cost of non-compliance is zero, since it's possible that people won't make the demand. The thing that makes it worth being in permanent compliance, and not coming into compliance on-demand, is the risk that a court will order significant compensation for a given period of non-compliance, such that it would have been cheaper to be in compliance from day one than to come into compliance and pay the compensation, but that's the very thing that you want to get rid of!
And it's worth noting that in a less unbalanced system, like England and Wales, absent the clauses you're describing, the courts would normally set the compensatory payment for the period of non-compliance at a level a bit above the cost of compliance; your clause would cause them to set it to 0, making it not worth complying in a jurisdiction that doesn't have crazy payouts as a norm.
Posted May 2, 2023 11:59 UTC (Tue)
by kleptog (subscriber, #1183)
[Link] (80 responses)
I guess that depends on what compliance means. Is it that you met the terms of the licence for a fraction of a second, or does it mean you changed your processes you ensure future compliance as well.
Now, I imagine its a question of writing it down properly, but if judge tells a business to comply to cutting pollution in half, the business cannot comply with that order by simply running at half power for a week (box ticked) and then switching everything back on. Compliance has to talk about the future otherwise its meaningless.
Posted May 2, 2023 12:07 UTC (Tue)
by farnz (subscriber, #17727)
[Link] (79 responses)
If I don't change my processes to ensure future compliance, I'm negligent, but not wilful - wilful is that I've acted to be non-compliant, negligent is a failure to act. The licence language proposed bans you from claiming compensation from me if I'm negligent, and requires me to be wilful.
In your pollution analogy, if I simply run at half power, but I don't put a process in place to stop the power going back to full until I've found a solution, I'm negligent in permitting a new non-compliant situation to exist. Normally, that negligence opens up compensation to exactly the level I'd have had to pay if I wilfully breached the court's order (so the distinction doesn't matter), but in this case, we've said that negligence doesn't open up room for compensation, only wilfulness, which closes off the court's options.
It's why this is a tricky thing to address in the terms of the licence language; you're deliberately setting out to stop the court from making certain decisions, but a consequence of that is that you block the court from making those decisions when they're in your favour. Unless you can put down "fair" in a very detailed way, it's impossible to ensure that a court's decisions always meet your standards of "fair"; and anything that blocks McHardy's style of enforcement operation also blocks off court decisions that might be needed to deal with a routinely negligent party.
Posted May 2, 2023 12:56 UTC (Tue)
by pizza (subscriber, #46)
[Link]
At some point, "negligence" becomes "willful negligence", because you're presumed to have an [orgainzational] memory greater than that of a goldfish.
The way this sort of thing is _usually_ handled is that as part of a settlement, you agree to remain in compliance in the future, lest $much_bigger penalties apply.
Posted May 2, 2023 16:31 UTC (Tue)
by paulj (subscriber, #341)
[Link] (77 responses)
We've had articles on this on LWN in the past, but never got any real detail on exactly what was so objectionable in the contracts he got the GPL violaters to sign (because those few in the community who know think the rest of us shouldn't know those details IIUC).
Posted May 2, 2023 16:43 UTC (Tue)
by paulj (subscriber, #341)
[Link]
See here (and background via links): https://lwn.net/Articles/882397/
I note the "community principles" are ones that are unilaterally touted as such by SFConservancy. However, while I appreciate 90%+ of what SFConservancy do, I thoroughly disagree with a few aspects of their approach. In particular, the softly-softly attitude, and the idea in those principles that Free Software developers may not seek full damages from violators - especially repeat ones - but only their costs in remediating violations, I thoroughly disagree with.
That idea seems to have evolved now into this new licensing model, which seeks to remove the ability for Free Software developers to make profit by co-licensing - including in cases where all the software remains available under Free Software licences. Which I, and others commenting here, disagree with - see other threads.
Posted May 2, 2023 18:43 UTC (Tue)
by Wol (subscriber, #4433)
[Link] (2 responses)
Basically he was out to make money. He approached nicely, got them to sign a contract (important, that meant he could sue them for violating OTHER PEOPLES copyrights), and then - because he worded the contract deliberately so - he gouged them for pretty much everything.
Yes you should be in compliance. But compliance is hard. And he was targetting people for profit, who were actually "trying to do the right thing". And I don't think he was interesting in helping people comply.
If he'd got them to sign a consultancy contract for him to bring them into compliance, fine. He would have worked for the money and earned it. But basically, once he'd got them to sign this contract, all he did was collect rent on other peoples' property.
Cheers,
Posted May 2, 2023 18:50 UTC (Tue)
by paulj (subscriber, #341)
[Link]
That is my understanding of the concrete objection too.
> he was targetting people for profit, who were actually "trying to do the right thing"
Is that a fact? I've read it phrased it way - by people and statements reported on here on LWN - but I've not seen any detail on this. We have to take it as received fact - from people who are known to be in the softly-softly camp on enforcement AFAIU (which is, to my thinking, effectively a pro-corporate violators and anti-individual-developers camp - not the intent, but that's my view). I respect those people, but I think it's possible there some is subjectivity here that may be coloured by the positions people hold.
Posted May 2, 2023 22:50 UTC (Tue)
by paulj (subscriber, #341)
[Link]
The details are very murky.
The characterisations of McHardy's nefarious ways come from those who a) have a well described position that Free Software developers should not "profit" from GPL violators - even /serial/ ones and/or b) represented GPL violators, and have an obvious interest in describing their client's violations as minor, minimising the serial nature of those violations, and characterising McHardy as the bad guy.
The details are murky... Even SFConservancy can be quoted as stating that.
Posted May 2, 2023 21:01 UTC (Tue)
by malmedal (subscriber, #56172)
[Link] (72 responses)
The main allegation is that he knew of multiple infringements at the start but would only mention a small issue that could be resolved for a small amount of money, and in the next multiple lawsuits he would collect larger amounts than if the victims had not signed an agreement.
This is considered to be a deceptive practice and disliked by a number of people.
Further allegations are that he would also run these lawsuits against companies which did not in fact use any code he had written.
Posted May 2, 2023 21:39 UTC (Tue)
by farnz (subscriber, #17727)
[Link] (70 responses)
I'd be interested in seeing if the further allegation can be proven - in theory, at least, the only way for that to happen is if the company agrees that he can do so, and that implies that companies know they're infringing, agree to such a contract out of generalised guilt, and then get sued.
Note, though, that what I'd want to see in order to condemn McHardy is proof that someone was in compliance in principle, but making technical errors (e.g. firmware download on a server with higher uptime than the source server), rather than someone non-compliant who perhaps would have won a copyright infringement lawsuit against McHardy, but not against someone with standing.
Posted May 3, 2023 9:01 UTC (Wed)
by malmedal (subscriber, #56172)
[Link] (69 responses)
My point is that McHardy was accused of something far more serious than "he got money in a lawsuit from open-source work."
Whether the accusations are true I don't know, I doubt we will get any more first-hand information about this since he has agreed to a legal
Posted May 3, 2023 9:33 UTC (Wed)
by farnz (subscriber, #17727)
[Link] (68 responses)
Sure, but I've seen accusations of all sorts of things thrown around - and SCO accused Linux developers of some quite serious copyright infringement without good evidence, so I'm not going to react to a claim of wrongdoing without seeing the evidence first.
And I don't actually agree that he was accused of something "far more serious"; stripped of the emotive language, the claim is that the companies he pursued was engaged in copyright infringement, knew their processes were inadequate to prevent infringement, but promised McHardy that they wouldn't infringe in future. He then proved that they were still infringing, and got money from them, and they're hurt that just a pinky promise to not infringe wasn't enough to protect them from a contract they entered into.
This is largely a tale of the company's lawyers being incompetent. Either McHardy had a copyright infringement case on his own copyrights to start from, and the contract was a way for them to play "double or nothing" where either McHardy gets nothing for their infringement of his copyright, or they continue to infringe on someone's copyright, and McHardy gets damages, or they knew they were infringing loads of copyrights, didn't realise that they weren't infringing McHardy's specifically (but were infringing lots of others), and chose to pay off McHardy rather than stop infringing.
Neither of those involve particularly serious accusations against McHardy - unless your claim is that it should be cheaper to infringe copyright than to comply with OSS licences.
Posted May 3, 2023 11:15 UTC (Wed)
by malmedal (subscriber, #56172)
[Link] (67 responses)
Deception, which you dismiss as emotive, is widely considered a bad thing and is a serious accusation.
It can also have legal repercussions, depending on details deception might invalidate his contracts.
Unlike the Linux community in the SCO case McHardy has been publicly silent. Why isn't he giving us his version of the story?
Posted May 3, 2023 12:15 UTC (Wed)
by paulj (subscriber, #341)
[Link] (20 responses)
If I were dealing with a company violating my copyright, and I told them, and they agreed to stop. And they continued to do so anyway, does it really make a difference if the continued violation was one I knew of before but didn't tell them about? The company concerned clearly is incompetent at a minimum in its processes for incorporating other people's code into their product - if not wilfully malicious.
These companies are profiting from other people's software - while a subset of the Free Software developers who wrote that code struggle to make ends meet. And these "softly softly" attitudes mean there is little incentive for any of these companies to change their ways.
Posted May 3, 2023 12:40 UTC (Wed)
by Wol (subscriber, #4433)
[Link] (4 responses)
If SOMEONE ELSE knew of a company violating YOUR copyrights, and then (through whatever means) got them to sign a contract which allowed THEM to claim damages for violation of YOUR copyrights, would you be happy?
Hardy is that "someone else", and he made a pretty tidy penny out of it. Especially as (iirc) his code had been removed from the kernel several years prior.
If Hardy had been collecting damages on HIS OWN code, a lot of people would have been happy, a lot of people would have been miffed, most people would not have complained. The problem is he was collecting damages on OTHER PEOPLES' code.
Cheers,
Posted May 3, 2023 12:50 UTC (Wed)
by paulj (subscriber, #341)
[Link] (3 responses)
And indeed, I think I'd be a bit of a dick if I then launched a campaign to smear that other author within my community because he enforced his copyright against *serial* and _commercial_ violators, and only /after/ first asking the violator to stop, and the violator not doing so. (Least, I think I would be, on /those/ facts).
Now, whether McHardy has enough code in Linux, in the form Genietech (or whoever) were using it, to give him legal or moral standing to take copyright enforcement actions, those are other questions. Assuming he does, refer to above. If not - that's a *different* matter.
Posted May 3, 2023 15:52 UTC (Wed)
by Wol (subscriber, #4433)
[Link] (2 responses)
Except McHardy is NOT a joint copyright holder. If my co-holder chooses to enforce copyright and I don't, that's our mutual separate decisions, and we both have to put up with the consequences of our decisions. But if some random joe decides to enforce MY copyright to HIS benefit in a work to which he has made no contribution whatsoever ... ???
Cheers,
Posted May 3, 2023 16:02 UTC (Wed)
by paulj (subscriber, #341)
[Link] (1 responses)
There-after, if the company signs an agreement to stop violating anyone's code, in return for a "let off" on the original violation, then that is an agreement that McHardy and the company are allowed to enter into between themselves. That agreement is predicated on *McHardy's copyright in the code* and the *original violation of McHardy's copyright* (and above, we are taking that as given - if not, that's a different issue).
Posted May 3, 2023 16:09 UTC (Wed)
by paulj (subscriber, #341)
[Link]
The precise details still elude the wider community - these seem only deemed suitable for discussion behind closed doors at the Chatham House LLW type events. :(
Posted May 3, 2023 13:15 UTC (Wed)
by malmedal (subscriber, #56172)
[Link] (14 responses)
The allegation I heard is that companies were asked to pay a small fee and sign a contract and then they could continue to use technology A and the matter of technology A would be resolved forever.
Then later they would get a claim demanding money for technology B. This sum was much larger and had more legal teeth because of the first contract for technology A.
Note that when the lawyer for one party comments on a case while the other side is silent that is usually a sign that anything they could possibly say would only make the situation worse.
Posted May 3, 2023 13:44 UTC (Wed)
by paulj (subscriber, #341)
[Link] (13 responses)
Farnz's comment about this being about - at best - incompetence at the companies concerned. Remember, the clearest and most detailed description we have of McHardy's actions are this, from the lawyer who represented geniatech:
"The tactics used by McHardy are to first notify the company of the GPL violation and ask for a cease-and-desist declaration that would subject the company to a flexible contractual fine. If that is signed, it is followed up with another letter, pointing to a different GPL violation, that asks for a second cease-and-desist declaration with a fixed contractual fine. After that is signed, further violations are alleged, each of which comes with a request for the fines (which can be a five-figure value per infraction), along with further cease-and-desist declarations with even higher fines."
From LWNs reporting, https://lwn.net/Articles/752485/, of the presentation given at the FSFE Legal and Licensing Workshop: https://fsfe.org/activities/ln/llw-past.en.html - under Chatham House rules, so we have very little to go on. We don't have the presentation, but presumably Wensler agreed for LWN to report on it, and presumably LWN has given a fair characterisation (complete?).
So, to be clear,
1 Company is violating the GPL on Linux
"You're violating my copyright on the netfilter Flobble module in the Linux kernel. Sign this agreement, promise to stop, and we're good. If you do it again, you'll owe me X".
3 Company removes the Flobble module from their product, and ships updated Linux, without the Flobble module
5 McHardy comes back and says (explicitly or implicitly):
"You're still violating the GPL on Linux, and I also have the Wibble module in it, even if you removed the Flobble module. You owe me X. Sign this new agreement and stop violating. Violate again and you owe me X*Y"
And so on.
If anything, if McHardy repeated his copyright claims over a series of distinct modules, then this is _worse_ for the company than I thought. The only way this story adds up is if these companies did _work_ to address the violation /only/ of McHardy's components - that he'd told them about. Which implies they updated their product, and continued to wilfully violate the copyright vested in the remaining code!
And the "deception" is that McHardy hadn't told them he happened to still have copyright in that remaining code, which they continued to wilfully violate?
I have even _less_ sympathy for these companies than before. And I am increasingly sceptical of the criticism of McHardy. McHardy is the "troll"?
Posted May 3, 2023 13:53 UTC (Wed)
by paulj (subscriber, #341)
[Link]
An earlier LLW, LWN report: https://lwn.net/Articles/721458/
"The panel was moderated by OpenChain program manager Shane Coughlan and consisted of Armijn Hemel, of Tjaldur Software Governance Solutions, and Mark Radcliffe, chair of global open source practice at DLA Piper, who has advised a number of clients in disputes with McHardy. Coughlan and Hemel have both been active in the GPL compliance world for many years; they have written about some of that here at LWN as well as in a new freely available book on GPL compliance."
"who has advised a number of clients in disputes with McHardy."
So basically, serial GPL violators dislike Free Software developers enforcing their copyright and the GPL. And the lawyers they pay who are active in Free Software licensing are now trying to defang copyleft completely, while smearing said Free Software dev for taking enforcement action against GPL violators who signed a contract with McHardy to stop violating, and who then _actively did work_ to remove McHardy's code so they could *continue* to violate the GPL - not realising McHardy had more code? (If we assume McHardy did indeed have copyright on multiple modules, as McHardy appears to have claimed, going by the violators accounts - different issue).
Posted May 3, 2023 14:18 UTC (Wed)
by paulj (subscriber, #341)
[Link]
- McHardy got them to sign to agree to stop violating.
"Our agreement bound you to stop violating /any/ of Linux, not just my code in it that you removed".
Which still means the company _did work_ so they could keep wilfully violating the licence on the code, thinking they could workaround McHardy!
It appears these companies must have been active, wilful GPL violators?
Posted May 3, 2023 15:45 UTC (Wed)
by Wol (subscriber, #4433)
[Link] (1 responses)
No. What he apparently said was "You're still violating the GPL on Linux with regard to the Wibble module. You owe me X". After removing the Flobble module, ALL MCHARDY'S CODE HAD BEEN REMOVED. So McHardy is now collecting damages on a version of Linux in which he has no copyright interest whatsoever.
HOW HARD IS THIS FOR PEOPLE TO UNDERSTAND. The outrage from the community is not because McHardy is enforcing his own copyrights. It is because he is collecting damages for a version of Linux in which he has no copyright interest whatsoever !!!
Cheers,
Posted May 3, 2023 15:56 UTC (Wed)
by paulj (subscriber, #341)
[Link]
So they removed his code - a deliberate and knowing act - and then kept on violating!
The penalty is basically on the strength of the *original copyright violation* of /his/ module, and then failing to stick to the "let off" agreement to be good to the community.
So, on the story as you present it we have:
A: A company which is a deliberate and repeated GPL violator.
B: McHardy, who tried to get this company to respect both his own copyright and the entire community's. And gave Company A a let-off on the original violation if they did so in future.
And company A are the poor victim here, and McHardy is the bad guy?
Posted May 3, 2023 16:45 UTC (Wed)
by malmedal (subscriber, #56172)
[Link] (8 responses)
Such a strategy would be very foolish on McHardy's side.
Posted May 3, 2023 17:07 UTC (Wed)
by paulj (subscriber, #341)
[Link] (7 responses)
Note, in the scenario I gave - which I'm trying to make consistent with what you wrote as your understanding of what happened (at a high-level) - it is NOT that McHardy asked them to remove anything, but that the company removed the code (a "technology" in your words, I take it meaning a netfilter module of some kind) that McHardy had told them he had copyright in and they had violated the licence of.
I.e., the company removed McHardy's code, as he had communicated to them; and then continued to violate the licence of the kernel - and hence violating the "let off" agreement they had with McHardy (whether or not there was still code of McHardy's remaining - I am assuming McHardy did have code and standing in the first instance, on the back of which the company made the agreement).
Is that consistent with your understanding too?
Posted May 3, 2023 17:09 UTC (Wed)
by paulj (subscriber, #341)
[Link] (4 responses)
(As is farnz I think).
Posted May 3, 2023 18:40 UTC (Wed)
by malmedal (subscriber, #56172)
[Link] (3 responses)
Posted May 3, 2023 20:55 UTC (Wed)
by farnz (subscriber, #17727)
[Link] (2 responses)
I am posting based on the facts that have been given by the copyright infringer's lawyer in relation to the case, ignoring their framing of the issue.
I understand that the infringer might want to make it look like McHardy is the bad guy here, but if there's genuinely more to it than they've revealed so far, I'd like to see the facts, not just their claims - letters from McHardy, perhaps?
Posted May 3, 2023 21:22 UTC (Wed)
by malmedal (subscriber, #56172)
[Link] (1 responses)
Posted May 3, 2023 21:44 UTC (Wed)
by farnz (subscriber, #17727)
[Link]
I've sent him an enquiry by e-mail, but had no response. If you have his contact details, why not try yourself?
Posted May 3, 2023 17:40 UTC (Wed)
by malmedal (subscriber, #56172)
[Link] (1 responses)
Posted May 3, 2023 18:36 UTC (Wed)
by paulj (subscriber, #341)
[Link]
The claim made by others is that on the /subsequent/ violations, that McHardy did not have code in whatever software it was that was at issue. Whether that was because the company concerned removed it, or whether it was because the kernel community had rewritten the code to remove anything associated with McHardy, I do not know.
The claim by some here seems to be that the deceptiveness was that McHardy claimed to be a copyright holder when he was not. I have not seen evidence that this is true.
As far as I can tell it is accepted that McHardy had a copyright interest in the earlier violations. Or at least, that there was a good chance.
Posted May 3, 2023 14:09 UTC (Wed)
by farnz (subscriber, #17727)
[Link] (45 responses)
You've explained why I consider the accusation of deception (without matching evidence) emotive - deception is a serious accusation, and widely considered to be a bad thing. As a result, accusing someone of engaging in deception is an appeal to emotion to get you to condemn the alleged deceptive person, without thinking through what they've actually done.
Given that you're saying this is a serious accusation, where's the evidence of actual deception?
All I can find is that McHardy offered a settlement saying that he'd expect to be paid for the infringement of his rights each time he could show that the company accepting the settlement was failing to comply with the GPL on any code. Someone at the settling company read "any code" as "any code I have copyright in", and has been surprised that their reading wasn't right - and is calling it deceptive because they misunderstood.
And as for why McHardy is publicly silent - as far as I can tell, there's still ongoing and related legal action; in many jurisdictions, talking about things that are being litigated can only ever go against you in court, and McHardy may well be staying quiet because his lawyer has advised him that he should stay quiet until the judge is done ruling.
Posted May 3, 2023 15:48 UTC (Wed)
by Wol (subscriber, #4433)
[Link] (1 responses)
And plenty of people who DO have copyright in Linux are - quite rightly imho - seriously upset that McHardy is rent-collecting on code that he has no rights to! If he still had code in Linux, fair dos. But he doesn't!
Cheers,
Posted May 3, 2023 15:57 UTC (Wed)
by paulj (subscriber, #341)
[Link]
Posted May 3, 2023 15:59 UTC (Wed)
by malmedal (subscriber, #56172)
[Link] (42 responses)
Based on your statements I got the impression that you did not understand why McHardy was disliked.
It seems like you don't understand/agree that being seen as a deceptive person is something that can make you widely disliked?
Far from being emotive, shunning deceptive people is a pragmatic self-defence strategy.
Posted May 3, 2023 16:31 UTC (Wed)
by farnz (subscriber, #17727)
[Link] (41 responses)
I still don't know why he's disliked - you've told me that he's disliked because he's done something that some people think is a reason to dislike him, but you've not told me what he's actually done - it's been words like "practices" hiding it.
If he's been deceptive, then you should be able to tell me what he's done that's deceptive, without using the emotive words - you should be able to say what he did, not just how it made people feel.
Posted May 3, 2023 17:00 UTC (Wed)
by Wol (subscriber, #4433)
[Link] (3 responses)
We HAVE told you - he is rent collecting on other peoples' work.
(And he is widely seen as tricking his victims into signing these contracts.)
It's not the deceptive practices that really annoy a lot of people, it is the fact that he is driving people AWAY from linux. And he's collecting monies that are NOT his by rights. The fact that he's used deceptive tactics to achieve that is a side show.
Cheers,
Posted May 3, 2023 17:13 UTC (Wed)
by paulj (subscriber, #341)
[Link]
Posted May 3, 2023 17:14 UTC (Wed)
by paulj (subscriber, #341)
[Link]
Posted May 3, 2023 20:52 UTC (Wed)
by farnz (subscriber, #17727)
[Link]
No, you haven't. You've shown that he's rent collecting on his own work, and is offering a discount on that rent if people decide to bother with licence compliance in future, then withdrawing that discount when they demonstrate that they lied when they said they were going to comply in future.
Posted May 3, 2023 17:02 UTC (Wed)
by malmedal (subscriber, #56172)
[Link] (36 responses)
https://lwn.net/Articles/930693/
Please note that "deceptive" is not an emotive word, it is used to describe a situation where you deliberately make someone believe something which is not true. The word can be used for outright lying, misleading statements, deliberately withholding information and other tactics.
The allegation implies that the victim companies were led to believe that signing the contract and paying money would make the problem go away, while in reality it made the problem worse.
Posted May 3, 2023 17:33 UTC (Wed)
by farnz (subscriber, #17727)
[Link] (35 responses)
No, you did not. You described a whole bunch of practices that are completely normal in copyright infringement cases generally, and called them deceptive in order to get me to feel that McHardy had done something wrong. You've not even told me who claimed they're deceptive - as far as I can find, everyone calling them deceptive is on the side of infringers in copyright cases a lot of the time, and is basically arguing that it's unfair to expect infringers to comply with copyright law.
It's completely and utterly standard (I've been involved indirectly in a number of copyright-related software lawsuits, gathering up evidence requested in discovery) to not notify all infringement at first, but instead to offer a sample of known infringement; the idea is that the infringing company, now that they know that they're doing something wrong, will not only fix the notified problem, but also go away and check that they're generally getting things right. Part of the reason copyright holders do this is that they want to see whether you're going to fix your process issues that result in infringement, and confirm that you've found all the infringements you're engaging in, or whether you're going to simply address the one issue you've been told about and continue otherwise infringing.
The idea is that if your idea of "fixing" your infringement is to remove my copyrighted code, rather than licence it, you need to do the work to actually find all of my code and remove it. I keep my knowledge of further infringement to myself, so that if you simply remove the things I've told you about, I can come back round with the things I didn't mention the first time - and I can demonstrate to the court that you are not only infringing on the latest matter, but also that it's part of a pattern of behaviour, and not a one-off error.
So, I ask again - what's he doing that's not normal practice for copyright lawsuits outside the oepn source space, and therefore might qualify as deceptive?
Posted May 3, 2023 17:52 UTC (Wed)
by Wol (subscriber, #4433)
[Link] (15 responses)
Claiming damages on OTHER PEOPLES' code. If that's standard practice, I'm horrified ... to be frank I'd call that either *fraud*, or *theft*.
Cheers,
Posted May 3, 2023 18:32 UTC (Wed)
by paulj (subscriber, #341)
[Link] (14 responses)
Posted May 3, 2023 19:40 UTC (Wed)
by Wol (subscriber, #4433)
[Link] (13 responses)
In other words, he was mostly claiming damages for code he had no copyright interest in whatsoever.
Cheers,
Posted May 3, 2023 20:48 UTC (Wed)
by farnz (subscriber, #17727)
[Link] (12 responses)
But he wasn't claiming damages for the newer kernels - the damages were for the kernels he had code in, but he'd offered to discount the amount he claimed if you promised to not infringe the kernel's licences in future.
That some companies wish to characterise "we took a discount on damages that we were offered in return for a promise of future good conduct, then had that discount withdrawn because we couldn't be bothered to keep to the contract we signed" as "McHardy is claiming damages on code he didn't write" is a stretch.
Posted May 4, 2023 14:58 UTC (Thu)
by Wol (subscriber, #4433)
[Link] (11 responses)
Given that - when McHardy came back for more money - the companies were no longer infringing ON MCHARDY'S CODE I fail to to see any difference.
Yes, legally, he was dinging them for breaking a contract, but that was why he got them to sign the contract (rather unusual in the Free Software world) in the first place. Without that contract, they would have said "On yer bike mate", and there would have been ABSOLUTELY NOTHING he could do about it.
In other words, the quickest, cheapest and easiest way to come into compliance with respect to McHardy, would have been to upgrade the kernel. He took advantage of their ignorance to put himself in a position where he could claim rent on other peoples' code.
Cheers,
Posted May 4, 2023 15:10 UTC (Thu)
by farnz (subscriber, #17727)
[Link] (10 responses)
They didn't have to sign the contract - they could have said "no, we are not willing to agree that we will not violate the kernel licence in future in order to get a settlement from you". If they'd done that, they'd be taking the risk that McHardy would pursue them through the courts for more damages than they were willing to pay, and that the fact of McHardy suing and winning over past infringements would cause other people whose copyrights were infringed to do the same thing as McHardy.
That's where all of this comes from, after all - they knew they were violating McHardy's copyrights, and believed that McHardy's settlement offer was a better deal than they'd get offered in court. So they agreed to it, and then, because their legal advisors were incompetent, discovered that the agreement they'd signed wasn't as good a deal as they thought it was.
They always had the option of saying "we don't like your settlement offer - this is our counter-offer, take it or see us in court", and they chose not to do that. Why? And why should we feel sorry for a serial GPL violator whose lawyer made a huge mistake when advising them to take the settlement agreement McHardy offered instead of either counter-offering, or insisting on going to court?
Posted May 4, 2023 16:11 UTC (Thu)
by Wol (subscriber, #4433)
[Link] (9 responses)
Which McHardy was banking on. Isn't that the DEFINITION of deception? Offering some sucker a deal which you *know* is too good to be true?
Cheers,
Posted May 4, 2023 17:49 UTC (Thu)
by farnz (subscriber, #17727)
[Link] (8 responses)
See, this is where I disagree - I don't think McHardy was banking on them continuing to violate, I think he'd have been just as happy if they'd done as they agreed and stopped violating the licence.
The only person who's actually claimed that McHardy was banking on that is the lawyer for a company that took the settlement, and then chose to continue violating the kernel licence, ignoring the settlement language. And he's not a trustworthy source, because it's entirely possible that he's saying that because he was banking on McHardy not enforcing the settlement after McHardy's code was removed from future versions.
Posted May 4, 2023 19:42 UTC (Thu)
by Wol (subscriber, #4433)
[Link] (7 responses)
I don't think he CARED if they continued to violate or not, he had a plentiful source of suckers. How can you claim repeatedly offering a deceptive agreement isn't intentional deception?
Cheers,
Posted May 4, 2023 20:00 UTC (Thu)
by farnz (subscriber, #17727)
[Link]
How can you claim the agreement is deceptive without seeing it, purely on the basis of a claim by a copyright infringer's lawyer?
Posted May 4, 2023 21:48 UTC (Thu)
by rschroev (subscriber, #4164)
[Link] (3 responses)
Posted May 5, 2023 9:57 UTC (Fri)
by malmedal (subscriber, #56172)
[Link] (2 responses)
Imagine you are a company making something traditionally non-computer related, say a CNC-machine or something. At some point you hire a contractor who designs a box to control your machine.
Later you get hit with a lawsuit because something called Linux in this box which you weren't aware of.
And then the same guy comes back with another lawsuit for what you thought was already resolved.
This is the alleged tactic.
The tactic is deceptive because it exploits the victim's ignorance, The fact that the victim was indeed doing something illegal is not relevant for whether something is deceptive or not.
Posted May 5, 2023 10:04 UTC (Fri)
by farnz (subscriber, #17727)
[Link] (1 responses)
Except you're missing a key part - the contract is alleged to have included a requirement that you ship the source code for Linux with the CNC machine (or whatever) in future.
And it's this requirement that companies thought they'd work around - instead of shipping the source code, like you agreed to, you instead remove McHardy's code from future versions of the CNC machine, and say "well, I know we signed an agreement, but your code isn't in our machine any more, so we can ignore the agreement now". And then get surprised that the agreement is enforceable against your past violation.
Posted May 5, 2023 10:49 UTC (Fri)
by rschroev (subscriber, #4164)
[Link]
That's not how agreements work?!. Once you signed the contract, you have to comply, unless the contract states otherwise. You can't simply ignore the agreement.
Posted May 5, 2023 9:20 UTC (Fri)
by paulj (subscriber, #341)
[Link] (1 responses)
Might it not be an idea to just have a /smidgen/ of caution about taking that as gospel?
Posted May 5, 2023 9:26 UTC (Fri)
by paulj (subscriber, #341)
[Link]
I just see greed and incompetence by said serial GPL violators.
Posted May 3, 2023 18:16 UTC (Wed)
by malmedal (subscriber, #56172)
[Link] (18 responses)
To quote myself:
> The main allegation is that he knew of multiple infringements at the start but would only mention a small issue that could be resolved for a small amount of money, and in the next multiple lawsuits he would collect larger amounts than if the victims had not signed an agreement.
Note the allegation used the word "resolved". This would mean the victim company would think they needed to take no further action after paying.
If the allegation is accurate this would be very different from a standard enforcement action.
Posted May 3, 2023 18:40 UTC (Wed)
by paulj (subscriber, #341)
[Link] (17 responses)
The onus is not on the copyright holder to fix all the violators issues. Indeed - and I have mentioned this in other articles on this in the past - the copyright holder taking the enforcement action may be legally ill-advised to indemnify the violator for any and all other issues that may or may not be known to the copyright holder, for a variety of reasons. Why would the copyright holder want to risk that they are blocked from tackling further wilful violations, because of a dumb "I won't ever take any further action against you once you sign this" clause? That would be incredibly stupid.
Farnz has just made similar points.
Posted May 3, 2023 19:11 UTC (Wed)
by malmedal (subscriber, #56172)
[Link] (16 responses)
However, if he does this every single time with every company and multiple times with each, as was alleged, you will find that quite a few people will consider it deceptive.
Anyway, I have no interest in convincing you of this point, I was just trying to explain why so many people were unhappy with him.
Posted May 3, 2023 20:50 UTC (Wed)
by farnz (subscriber, #17727)
[Link] (15 responses)
Why is it "deceptive" to expect that a company that has agreed that they have at least one issue with their licence compliance, and has further agreed that they will put processes in place to ensure that they are compliant in future to actually put those processes in place?
Posted May 3, 2023 21:15 UTC (Wed)
by malmedal (subscriber, #56172)
[Link] (14 responses)
Posted May 3, 2023 21:18 UTC (Wed)
by farnz (subscriber, #17727)
[Link] (13 responses)
That is exactly the situation the infringer's lawyer has alleged has happened, and where they're calling McHardy deceptive, since he did not tell them about all the infringements, and hence they were still out of compliance when they addressed just the reported infringement.
Unless, of course, you have more facts to link - court filings, letters from McHardy, or other evidence beyond what the infringer's lawyer has said?
Posted May 3, 2023 21:53 UTC (Wed)
by malmedal (subscriber, #56172)
[Link] (12 responses)
You seem to just want to invent excuses that would make his alleged behaviour reasonable, if you want to help him I would instead suggest you talk to him directly and then come back and present his version of the events.
I'll just stop here, except since you asked for more information, the rumours have been going on for years, it's not just that one lawyer, an old LWN article:
https://lwn.net/Articles/694890/
Posted May 3, 2023 21:58 UTC (Wed)
by farnz (subscriber, #17727)
[Link] (11 responses)
I have read that LWN article, and looked at the sources. I've also read the stuff from the lawyer whose client was caught up in this, and who kicked it all off. What I said is a literal restatement of what the lawyer said, which you're calling "not a reasonable interpretation" - but it's literally what the lawyer said happened, and they're saying that he was deceptive because, while he said that they would have to pay more if they continued to be non-compliant with the kernel licence, McHardy only told them about some of the non-compliance, and not others.
This is not an interpretation - it's a restatement of the facts of the case that led rise to people calling McHardy deceptive - apparently, it was deceptive of McHardy to offer a settlement that included a "you will ensure that you comply with the kernel licence in future" clause while knowing that the client had more non-compliance than McHardy pointed out.
Posted May 4, 2023 9:26 UTC (Thu)
by paulj (subscriber, #341)
[Link] (10 responses)
And now they are helping to shape a vision for future of copyleft licensing. A "softly softly" vision which of course suits their clients and sponsors.
Posted May 4, 2023 10:52 UTC (Thu)
by farnz (subscriber, #17727)
[Link] (2 responses)
And further, they've managed to conflate the SFLC's position with their own.
The SFLC's position is that copyright enforcement is inherently unfair and arbitrary, because you can only ever enforce against a subset of violators - there is no way to enforce your rights against all violators at a time (not least because you can only enforce against violators you've discovered, and not ones you don't yet know about). Free Software lays claim to being a morally better way to do software, and thus enforcement should be "softly softly", since we know that enforcement is unfair. They would still agree that violating Free Software rights is wrong, and worse than any form of enforcement - their claim is just that gentle enforcement is better than harsh enforcement.
The serial violators are trying to reorder the bottom of that pile - they know that they can't get away with "violating Free Software rights is morally superior to any form of enforcement", but they're trying to shift the perception from "gentle enforcers have the moral high ground, harsh enforcers are somewhere less moral than gentle enforcers, violators are less moral than harsh enforcers" to "gentle enforcers have the moral high ground, violators are less moral than gentle enforcers, harsh enforcers are less moral than violators", thus justifying their clients' positions.
Posted May 4, 2023 11:08 UTC (Thu)
by paulj (subscriber, #341)
[Link] (1 responses)
If BadCorp only has to pay /costs/ of some poor Free Software dev or para-legal every now and then, while reaping the benefits of in lower R&D and licensing of exploiting Free Software (which could easily be many millions - licensing a proprietary embedded OS need not be cheap say) and ignoring the licensing obligations, then BadCorp's economic incentives are obvious.
Are we for the BadCorps?
Posted May 4, 2023 11:28 UTC (Thu)
by pizza (subscriber, #46)
[Link]
Yep, exactly. And the penalties need to be _very_ large in order for it to make a dent in BadCorp's bottom line.
Unfortunately, with said very large penalties on the line, it's going to take years of very expensive lawyering to get to the point where you might eventually collect.
Posted May 4, 2023 11:17 UTC (Thu)
by pizza (subscriber, #46)
[Link] (6 responses)
That's not really fair.
What's the point of Free Software? Empowering users by ensuring they have the complete source code and the rights necessary to utilize it. The approach "traditionally" taken is intended to maximize compliance, ie bring about process changes so that organizations would be compliant in the future, thus maximizing the overall "user empowerment" in the future.
The McHardy approach encouraged "compliance by payoff" rather than something more, um, sustainable. Of course that small payoff did nothing to make the underlying problem go away as it was much lower than the internal cost of changing processes. If anything the payoff made it _worse_ as the settlement contract expanded the scope of what could trigger a new breach beyond the stuff that McHardy directly "owned", with those proceeds going to McHardy rather than that stuff's nominal "owner".
TBH I think that was ultimately due to incompetent corporate counsel (and I don't have any sympathy for "serial GPL violators" as you put it) but it does reek of deliberately-setting-them-up-to-fail bad faith. Furthermore, because corporate lawyer-types talk to each other, this meant that those trying softer approaches aimed at maximizing compliance through process change (eg the SFC) found themselves facing "you're operating in bad faith so we're just better off not engaging at all" doors suddenly slammed in their faces, undoing many months (if not years) of effort.
So the net results of McHardy's efforts seems to hurt, rather than helped, overall compliance, and it has been also been cited as one of the primary reasons why so many organizations are actively trying to avoid copyleft anything. So if you consider the "empower users" to be the end goal of this Free Software thing, everyone but McHardy ends up worse off.
Posted May 4, 2023 11:38 UTC (Thu)
by farnz (subscriber, #17727)
[Link] (4 responses)
Ultimately, the core of the conflict is that on the Free Software side, which includes the SFLC, the goal is to get everyone to Free their software, so that there's no non-Free software out there. On the Open Source side, which includes McHardy, the goal is to get companies to either respect the licence or not use Open Source code at all.
This is an unresolvable situation - the Free Software side would prefer you to use only Free software, and will accept you using it in violation of the licence as the first step towards full Freedom. The Open Source side doesn't care what software you use, but wants you to respect their decisions as set out in their licence.
McHardy's approach fits the Open Source side - if more people did that, then many entities would stop using FOSS because they do not intend to ever comply with the licence. The SFLC, meanwhile, is on the side that says that it's better that you're using FOSS, because once you depend on enough of it, enforcement can bring you into the Free Software community.
Posted May 4, 2023 15:13 UTC (Thu)
by pizza (subscriber, #46)
[Link] (3 responses)
I don't know if that generalization is accurate. I'd think that all sides want their chosen licenses to be respected; after all that's why those particular licenses were chosen, and it is quite common to waive or ignore violations for strategic purposes (eg to encourage wider adoption, or perhaps more commonly, a lack of resources to put into enforcement [1])
Where things differ is that the "Open Source" side has deliberately chosen weaker licenses that are nearly impossible to violate unintentionally. For example, about the only way to run afoul of the (1) BSD license family is to strip off copyright notices in what you redistribute, and (2) Apache license adds retaliation if you launch legal attacks against other authors or users of the software.
[1] Granted, most of us completely lack the means to effectively enforce these licenses -- taking a single lawsuit to trial would probably cost more than my lifetime earnings, and that is something the more cynical players are absolutely counting on.
Posted May 4, 2023 16:19 UTC (Thu)
by farnz (subscriber, #17727)
[Link] (2 responses)
I don't think you're actually disagreeing with me.
Both sides want the licence to be respected - the one I'm characterising as Open Source, and the one I'm characterising as Free Software. Indeed, the Free Software side ideally wants all software to be Free. Both sides also agree that the best result if you find a violation is for the violator to come into compliance.
But, when faced with a violator who does not intend to comply, the two sides take different views; the Free Software side sees enforcement as a tool towards the bigger moral imperative of getting all software to be Free Software, and will ignore or waive the violation if that's a better route to the final goal.
The side I called the Open Source side doesn't see a bigger moral imperative - they choose licences like the GPL because, in their view, they want something back if you use their code. If you don't intend to give back as required by the licence, then they'd prefer you to not use their code at all, or indeed any code under that licence.
And this is a fundamental divide, not easy to cross.
Posted May 5, 2023 9:25 UTC (Fri)
by paulj (subscriber, #341)
[Link] (1 responses)
Though, for whatever reason, in my mind it would be the "open source" side who are the "just use the code, don't really enforce" types, and the Free Software ones would be "Either you follow the licence to the letter, or you don't use it at all". E.g., Look at the FSF position on firmware.
But the exact labels matter less. That divide is certainly there. In my mind, the strong-enforcement view was more dominant earlier on, and the "softly softly" developed later, as the economic-goodness (for everyone and for developers) argument was developed ("The Cathedral and the Bazaar" being an example of the development of that argument for Free Software).
Posted May 5, 2023 18:29 UTC (Fri)
by pizza (subscriber, #46)
[Link]
FWIW, I'd agree with this sentiment.
(Because licenses typically chosen by "open source" folks are tend to not have many (if any) terms that can actually be enforced, whereas "free software" folks chose licenses that have a bit more teeth to them, presumably because they care!)
> But the exact labels matter less. That divide is certainly there. In my mind, the strong-enforcement view was more dominant earlier on, and the "softly softly" developed later, as the economic-goodness (for everyone and for developers) argument was developed ("The Cathedral and the Bazaar" being an example of the development of that argument for Free Software).
Yeah, CatB was a major inflection point that led to the "softly softly" folks breaking away from the "strong enforcement" types, and created the "open source" movement in the process.
Posted May 4, 2023 13:00 UTC (Thu)
by farnz (subscriber, #17727)
[Link]
I would note, though, that if Mentor Graphics get in touch saying "you're infringing our rights in Nucleus, let's talk", or Blackberry get in touch to ask you to bring your use of QNX into compliance with the licence, corporate lawyers don't close the door. They talk instead, because they know that their choice is to deal with this while it's being done on the "softly, softly" basis, or face enforcement action that'll cost them far more than dealing while everyone's playing nice.
This leads to the SFLC's problem with doors being closed being a self-fulfilling prophecy; as long as the chances of harsh enforcement are close to zero, there's no consequences for refusing to talk to the SFLC. If, however, enforcement was common, then violators would talk the moment the SFLC knock on their door - better to talk to the SFLC when they're playing nice and get things fixed at low cost, rather than wait for enforcement action that's likely to happen soon and cost a lot (be it a McHardy, or the SFLC losing patience).
Posted May 3, 2023 9:00 UTC (Wed)
by paulj (subscriber, #341)
[Link]
I get it that there is a separate question about whether McHardy even has a legal or moral right to claim to be an author of the code, to the extent he can profit off it. And many feel he has no right. Set that aside. This question also should not affect the other questions ("I can't get him on X, so I'll get him by denying him and everyone Y" - but Y may be a good tool in hands of others).
I also get that a number of other Linux authors dislike the idea that other Linux authors profit from enforcement action. But really, just cause one Linux author is happy to treat their Linux code as efffectively being permissively licensed, that should not (and does not) mean they have any right to deny other authors their right to claim penalties from violators under the GPL, and other agreements following on from compliance action.
But hey...
Jumping the licensing shark
Wol
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
> Excepting if they can prove you committed willful and prolonged
> violations of this license, the holders of rights in this program agree
> that if you fail to abide by the terms of this license, you will not be
> held responsible for any damages.
> In no case may the damages claimed against you be greater than the lessor of
> - the reasonable costs incurred by others to bring you into compliance while you were
> willfully violating this license
> - the total profit made by you as a result of willful violations of this license
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Further, my language doesn't actually mention any notification or 'grace period'. It just says "willful". Your cycle of enforcement/noncompliance would require that a new form of noncompliance be found each time, since otherwise the previous notification would still apply.
Jumping the licensing shark
Jumping the licensing shark
I guess that depends on what compliance means. Is it that you met the terms of the licence for a fraction of a second, or does it mean you changed your processes you ensure future compliance as well.
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Wol
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
If it was only that, it wouldn't have been a problem, even if it was several million euros.
settlement to stop.
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Wol
Jumping the licensing shark
Jumping the licensing shark
Wol
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
2 McHardy (let's assume he has copyright in bits of netfilter, that were in the Linux that the alleged violator was distributing) notices and contacts them and says something like (based on others' characterisations of his deceptive practices, note):
4 Company keeps violating the GPL on Linux
Jumping the licensing shark
Jumping the licensing shark
- Company agrees and signs
- Company does work to remove McHardy's Flobble module from their product, updates the product, and wilfully keeps on violating the remaining code.
- McHardy comes back:
Jumping the licensing shark
Wol
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Whether the allegations are true or not is a different matter.
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Wol
Jumping the licensing shark
Jumping the licensing shark
So I explained that it was because he was accused of deceptive practices.
Is that the case?
Jumping the licensing shark
Jumping the licensing shark
Wol
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Wol
Jumping the licensing shark
Jumping the licensing shark
Wol
Jumping the licensing shark
Jumping the licensing shark
Wol
Jumping the licensing shark
Jumping the licensing shark
Wol
Jumping the licensing shark
Jumping the licensing shark
Wol
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
So you pay and sign the contract as requested.
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Jumping the licensing shark
Furthermore, because corporate lawyer-types talk to each other, this meant that those trying softer approaches aimed at maximizing compliance through process change (eg the SFC) found themselves facing "you're operating in bad faith so we're just better off not engaging at all" doors suddenly slammed in their faces, undoing many months (if not years) of effort.
Jumping the licensing shark