LWN: Comments on "On the boundaries of GPL enforcement"

proprietary relicensing & software freedom morality in revenue-generation

flussence — Fri, 29 Jul 2016 19:32:54 +0000

The way I read 6(d), it sounds like it's okay to distribute unmodified binaries and point people to corresponding source at the upstream project, as long as you take responsibility for preventing dead links.

proprietary relicensing & software freedom morality in revenue-generation

farnz — Fri, 29 Jul 2016 18:49:51 +0000

I can't find that option in the GPLv3 - there's section 4 referring to verbatim copies of source code, but section 6, which discusses non-source forms, does not appear to have an exception for "as-received".

proprietary relicensing & software freedom morality in revenue-generation

pizza — Fri, 29 Jul 2016 16:52:08 +0000

>The only exception I would accept - and actually it's an exception I would like to see - is that you can distribute the binary "as received" provided you point the recipient to where they can get the source.

IIRC, the GPLv3 explicitly added this as an option.

proprietary relicensing & software freedom morality in revenue-generation

Wol — Fri, 29 Jul 2016 15:16:18 +0000

The only exception I would accept - and actually it's an exception I would like to see - is that you can distribute the binary "as received" provided you point the recipient to where they can get the source.

Okay, if the source disappears then your recipients are up a gum tree, but so are you if you didn't download it ... :-)

Cheers,
Wol

Are there any "GPL enforcement trolls"?

Wol — Fri, 29 Jul 2016 15:12:24 +0000

> accepted evidence that SecureW2 themselves failed to provide the
source code along with the binary files

Can't you argue that, if you distribute the program AS RECEIVED FROM THE COPYRIGHT HOLDER, then this is pretty much automatic GPL compliance?

Either that, or it's entrapment. The copyright holder is distributing an allegedly GPL'd program that cannot be further distributed at all ...

Cheers,
Wol

proprietary relicensing & software freedom morality in revenue-generation

josh — Thu, 28 Jul 2016 21:19:00 +0000

Does anyone have a standardized set of terms for the "selling exceptions" approach (as a preferable alternative to selling a proprietary license)?

I'd love to see some templated terms that effectively say "anyone who meets these conditions may ignore the copyleft terms of the license", with "these conditions" being anything from a one-time fee to a royalty model.

proprietary relicensing & software freedom morality in revenue-generation

bkuhn — Thu, 28 Jul 2016 19:27:34 +0000

Even tough it is possible to generate revenue a particular way does not mean that method of revenue generation has a positive impact. Often, it has a negative impact. There are plenty of examples outside of software (fracking comes to mind).

As long as proprietary software is legally permissible, which it admittedly is, there will be proprietary business models, and people who use them. The danger in proprietary relicensing is it is designed as a trick to convince people to rely on copylefted software, and actually hope that they fail to follow copyleft terms and gouge them.

I deeply dislike Gitlab's business model, but it nevertheless honest and fair, and gives no special powers to Gitlab. Gitlab is not copylefted, and anyone who wants to can take their community edition and make the same business model Gitlab does. It's fair.

Using copyleft for proprietary relicensing takes a tool designed to advance software freedom, and warps it in a nefarious way to turn it into a scare tactic and nearly a shareware-like system. The usage is by default unequal, because it has one of the same flaws that proprietary licensing: certain entities have more rights and powers that other entities do not. This is why I criticize proprietary relicensing almost as harshly as I criticize “mundane”proprietary licensing.

As to your point about how much extra copylefted code is generated as part of the process, I'm not sure that's inherently good, if the tool of copyleft is actually being used to promote proprietary software adoption and creation instead. I don't believe copyleft is a moral good unto itself; it's a tool that can often be utilized to advance software freedom, but any tool can be used for a purpose not within its original intent. I believe the usage of copyleft for proprietary relicensing usually does just that.

Finally, we're past the business model discussion: it's clear that one can earn a living doing only Free Software, but because proprietary software is still permitted, it's really difficult to do so — proprietary software has an unfair advantage over Free Software. Copyleft is a tool to help mitigate that problem, but it's not a perfect tool (as we're discussing). As such, making a living with only Free Software means you probably will be paid less for your work, but I know plenty of people who make a true living wage doing so. It's a question of commitment and values.

On the boundaries of GPL enforcement

pizza — Thu, 28 Jul 2016 12:16:20 +0000

> [ And I think it is all a little weird anyway - there is no "community" you have to join to make your software available with a GPL - the license is between you and whoever agrees to it by making use of your software. There is no third party to answer to, or who's GPL enforcement rules you have agreed to. ]

s/you/everyone who's contributed code/.

One can't unilaterally allow dual-licensing (after the fact) unless one also completely owns everything outright. That's pretty rare unless some sort of contribution agreement is utilized.

On the boundaries of GPL enforcement

gwg — Thu, 28 Jul 2016 05:16:07 +0000

What isn't addressed by such "community" views on GPL enforcement, is the reality that many individuals and companies making GPL software available also need to be able to make a living. The dual licensing model is a semi-viable way attempting that. Companies have a simple and clear choice - comply with the GPL, or take up a commercial license. Allowing them to prevaricate by "negotiating" compliance with a party that is bending over backwards to get them just to release source code, doesn't compensate for the financial advantage they have enjoyed by not taking up a commercial license in the first place. Not all who make GPL software available are employed to do so, or are able to create substantial software purely in their spare time - and it's hard to write software when you don't have somewhere to live, can't pay for power, or don't have a computer because you are busy giving all your work away and getting little in return financially. Without support for dual licensing, there will be less GPL software available, and part of that support is an effort to enforce the GPL in a way that compensates financially.

[ And I think it is all a little weird anyway - there is no "community" you have to join to make your software available with a GPL - the license is between you and whoever agrees to it by making use of your software. There is no third party to answer to, or who's GPL enforcement rules you have agreed to. ]

Are there any "GPL enforcement trolls"?

pauly — Tue, 26 Jul 2016 16:58:24 +0000

This story continues. Quite number of German universities had got that sort of cease and desist letter.
At least two cases went to court, and the universities both lost in first instance (before different local courts).
Currently, I only have this German article as a reference:
https://www.dfn.de/fileadmin/3Beratung/Recht/1infobriefea...
It basically states that SecureW2's claims were fully acknowledged by the first instance courts --
despite the fact that there is accepted evidence that SecureW2 themselves failed to provide the
source code along with the binary files for the last couple of sub-versions of their software.
I have no information on the payments that the rulings would enforce.

At least the more recent case of the two will see an appeal trial.

Martin

Are there any "GPL enforcement trolls"?

bkuhn — Tue, 26 Jul 2016 04:08:02 +0000

If you're ever in that situation again, just ask them if they are willing to follow the Principles or not. If not, please do in touch with me, or my colleagues at Conservancy or the FSF, about it.

Are there any "GPL enforcement trolls"?

pauly — Mon, 25 Jul 2016 17:25:30 +0000

Yes, there are. The university I am working with (and several others) got a cease and desist letter last year.
A German lawfirm who has also been working for Harald Welte
had got themselves the Dutch company SecureW2 BV as a client.
Their claim was about SecureW2, an 802.1X supplicant for use with windows (and later, Android).
Originally started around 2000 as an open source project by the Dutch startup Alfa & Ariss,
it enabled the supplicant shipping with Windows XP to do EAP-TTLS-PAP instead of PEAP for 802.1X authentication.
The software was available for some year, as was the source code. To the best of my knowledge,
the last versions of this software (then called EAPsuite) were distributed binary only although they
were still _supposed_ to be GPL.
In 2007, we dropped it altogether and found a way to support PEAP directly, thus making life easier for
Windows users. But we continued to offer that software for download (binary, of course).
Little surprising, download numbers were tiny after that.

In the mean time, SecureW2 BV had taken over the copyright of that software from Alfa & Ariss.
Their claim was that we distributed their GPL'd software without supplying the source code. Given
the historic lack of source availability on their own part, that claim was weak, of course.
What's more, educational use in Germany almost precludes any commercial use, a German
university is much more similar to a state-run authority than to any commercial entity.

After our legal department had made clear that we would not easily give way, the whole thing fizzled out.
It looks like the unclear state of that software had opened up a niche for dubious (or resourceful, as you like)
lawyers where they could at least try to "enforce" and monetize a Pseudo GPL copyright, contradicting
everything that GPL had been created for. To me, this is dangerous grounds.

Cheers, Martin

On the efficacy of coyright trolls & testing copyleft in the Courts

bkuhn — Thu, 21 Jul 2016 03:44:11 +0000

I think this article quite fairly explains the various sides of the issue. I obviously disagree with some parts of it, but I'm a known partisan on this issue, so that's no surprise. :)

The only part I'm inclined to comment on in detail is that I don't think there is any ongoing risk of successful “GPL copyright trolls”. One of the reasons Karen and I wrote Conservancy's blog post is to create an easily net-findable article for newcomer violators, who perpetrated (easily resolvable) infractions of the GPL and have been approached by a “would-be GPL copyright troll”. In my experience, which I've verified by talking to a lot of company representatives, the trolling behavior only works when the violators targeted can't easily find accurate information about the GPL and how to repair violations quickly.

Furthermore, so-called “GPL copyright trolling” only works against companies that fail to come into compliance. Even under GPLv2, German lawyers don't consider termination permanent. In the USA, where consensus is that termination is permanent, judges are unlikely to award huge damages for past violations that only exist due to termination (i.e., if compliance is almost achieved such that only GPLv2§4 remains violated due to past violations). GPL enforcement experts like myself generally believe that you can expect to get your costs back of enforcing the GPL, but huge monetary awards beyond that are really unlikely. (Conservancy's litigation experience has also confirmed that hypothesis.) Any early successes of troll-like behavior is thus short-lived and evaporates as soon as new Linux adopters learn to adapt quickly with compliant behaviors.

Meanwhile, I think the big idea that Jake hints is absolutely correct: GPL as a strategy is at a complicated crossroads. We have a lot of work to do to adjudicate copyleft and verify that the strategy works. Linux has become GPL's ultimate test case. That's because — and even as an old-school GNU fan, I will admit this — Linux is the most important, useful and interesting GPL'd codebase ever created. Thus, it's no surprise that Linux became GPL's true testing ground.

Finally, while discussions about GPL and its derivative/combined works requirements are basically “old hat” to our community, the discussion is completely new to the Courts. We'll have to bring the question to a lot of Courts in a lot of different ways to get clarity. But, once we do that, then we'll know, and everyone can proceed with more certainty.