LWN: Comments on "The rise of copyright trolls"

The rise of copyright trolls

halla — Sun, 04 Mar 2018 19:12:58 +0000

Thank you -- this was really a big relief to read. I'm glad I'm not the only one who thinks along these lines, though this was better expressed than I could've done.

The rise of copyright trolls

skwdenyer — Sun, 04 Mar 2018 17:44:25 +0000

There is a worrying undercurrent in all of this discussion, to me at least. It is this: that the Linux community fears that the rise of Linux will only continue if licence compliance is made easier and non-compliance not punished / punished only rarely.

Why? Having used Linux since the mid 1990s, I didn't do so just because it was "free" (as in beer). I chose tools that were appropriate to my needs, cost being just one criterion. Source availability was a big one, just for starters.

When people write things like:

"Being in perfect compliance of the GPL is *hard*. Are you sharing a Docker image? How about a VM image? Even if you make the Docker image available, if you don't religiously include the exact version of all of the sources of any of the GPL components used in the Debian or Ubuntu distribution that you are using, you are technically out of compliance --- and thus you may be leaving yourself exposed to being attacked by a Copyright Troll. (Short version, if you are distributing a binary or a VM image, unless you are being extremely careful, the odds are very high you are doing something wrong and the corresponding source won't _exactly_ correspond to the binary that you ship.)"

then there's something wrong. Taken as a whole, Linux is not free (as in beer), in the same way no software is free. Never mind the licence cost; there is the time and effort to understand, modify, enhance, QC, maintain, etc., etc.

I can't imagine creating a shipping GPL product where I did not have the *complete* source tree available to me. Microsoft (say) might provide me with a warranty that their binary would run bug-free on my hardware; no open source project is likely to do so. So I will compile, from source. I will have that code.

Putting up code that is not the same version implies that I am putting up code in some extra-production process to enable me to be GPL compliant. Which is nonsensical for a start, and a waste of time (which = money). And in any case, it is not paying the price of the software, something which is clearly defined.

The actual version matters because the rest of the code relies upon that version to function - that is the system, that is how we learn, that is how things evolve.

All software costs money. If the world of manufacturers cannot comply with the GPL (and I'm sorry, but that is easy IMHO - see below), then they are free to spend their money on proprietary software. I will not be worried by that - because I do not believe it so important that Linux conquers all comers.

GPL code of high quality is worth money (= time) to implement. We don't have to apologise for it, we don't have to embrace fire-sale economics by forgiving the (tiny) cost of compliance. We must be hard-nosed, we must be tough.

Developers, maintainers, and so on are valuable professionals who choose to give their time for free, not people whose time is worth nothing. There is a fundamental difference.

And the issue of compliance? If you are shipping a product, you have certain legal obligations to comply with. You take out insurance, you consult lawyers, and so on. If you ask a competent lawyer to provide clear guidelines for GPL compliance, and follow them, then you have a claim against that lawyer's indemnity insurance if you run into trouble. Many lawyers offer a service that includes, in effect, litigation insurance.

If you cannot bring yourself to buy insurance against easily forseeable risks, that is your choice. It is not for the OS community to forgive you, any more than it is likely my neighbours will rally round to pay for a new house if mine burns down when I chose not to pay for buildings cover!

Nobody is forcing anyone to use GPL code, to ship products with GPL code, to profit from GPL code. If you choose to do so, you must comply. If you can't comply (for whatever reason, supply chain or otherwise) then you must not sell - choose different software, or a different product.

If however you think that the religious conversio of the world to open source is all that matters, by all means argue for an even more-relaxed GPL v4, but at least be honest about that - rather than inventing petty reasons to forgive non-compliance in the interests of your holy crusade.

The rise of copyright trolls

JanC_ — Sat, 27 May 2017 20:42:17 +0000

That says you should limit packaging to what is necessary, and that whenever possible packaging should be reusable or recyclable. Including the GPL is legally necessary when you distribute software that is released under the GPL, so there is no problem.

Also, Article 7, 2nd point, explicitly says that protection of authenticity, technical characteristics, property rights, etc. must be taken into account.

The rise of copyright trolls

bronson — Tue, 23 May 2017 14:40:59 +0000

Just massively oversimplifying I think. There are a few more issues to address before the GPLv2/v3 schism can be fixed.

The rise of copyright trolls

Cyberax — Mon, 22 May 2017 08:16:35 +0000

> Add that little snippet, and you have an excellent successor for GPL V2. I wish more people would do it because GPL v3 is so much better than GPL v2 in so many ways.
You're joking, right?

The rise of copyright trolls

ras — Mon, 22 May 2017 07:43:22 +0000

Thanks for participating here. I've found you comments very helpful in understanding what the actual issues are.

Others have commented how this is a GPL v2 problem mostly fixed by GPL v3. IMO GPL v3 is a would be a truly worthy successor on GPL v2, if it weren't "Installation Information" brain fart that renders ended up rendering it incompatible with the way most software is distributed nowadays (app stores). (I give Moglen credit for the beauty and clarity of the writing in GPL v3, but as one of the great intellects behind it he must shoulder a fair portion of the blame for this mistake. I'm sure it's the main reason for it's poor uptake to date.)

But there is a fix patch for GPL v3. You can neuter that rule. I am no lawyer so so I pinched this para from a fsf lawyers blog post, where he praised it (or maybe didn't criticise it - which I took as praise):

> The copyright holders grant you an additional permission under Section 7 of the GNU Affero General Public License, version 3, exempting you from the requirement in Section 6 of the GNU General Public License, version 3, to accompany Corresponding Source with Installation Information for the Program or any work based on the Program. You are still required to comply with all other Section 6 requirements to provide Corresponding Source.

Add that little snippet, and you have an excellent successor for GPL V2. I wish more people would do it because GPL v3 is so much better than GPL v2 in so many ways.

The rise of copyright trolls

flussence — Tue, 16 May 2017 16:15:55 +0000

> Shame the kernel community decided not to move to a license that doesn't have these problems.
It's not just a matter of them rejecting the GPLv3. Ignoring the current state of affairs where several kernel contributors have voiced as much, it's *impossible* to track down all copyright holders, or the estates of late ones. It's no good to say 95% quorum on a license change is enough as some other projects have done either, because in one this large there's going to be more than a few McHardy types in that remaining 5%.

Confused

aggelos — Tue, 09 May 2017 15:15:10 +0000

Oh, I should add that I also hope you'll reconsider the aforementioned aspects of your reporting practices. If anything, that seems (to me) even more valuable to the subscriber base.

Confused

aggelos — Tue, 09 May 2017 14:42:39 +0000

For people who think you might be 'bought', you're already putting up the information on who provides travel assistance for LWN editors. So (obviously, I might add) that was not my concern or implication.

My concern is that the style of reporting practiced and defended by articles such as this (i.e. only summarizing what was said, refusing to check facts as common practice (e.g. first footnote here and subsequent reply), choosing not to point out items which are clearly left off the agenda) is a disservice to LWN as a subscriber-oriented site.

Given that LWN (apparently; I honestly apologize if I have gotten the wrong impression from the comments by the staff) will dutifully reproduce the presentations and discussions at an event for its (primarily developer) audience, it makes sense to want to know which organizations want to promote which events to this audience.

If you do not want to provide such information that is your prerogative (though it'd be helpful if we knew why). In my eyes, the situation is analogous to the transparency you currently practice re: travel sponsoring. Admittedly, "LWN attended this event on the invitation and sponsoring of Org X" might not sound great (though if it doesn't sound good to your ears, you might stop and consider why). But, as you say, 20 years of history assures us of the good faith efforts of the LWN editors.

What is also assured though, is that bias in reporting is not only a matter of personal integrity. If I may quote another comment out of context:

People are prone to bias. Even the best of people. They may not even be aware of it themselves. The way these biases work is that professionals can convince themselves they are doing the right thing as part of it. You need to openly acknowledge interests that might bias things (as is best practice in the medical world, e.g.) to have a hope of countering it. And generally be systematic about counter-balancing self-interest-bias - cause humans _are_ very prone to it.

With that in mind, I hope that you (or any other editor at LWN) no longer feel you have a reason to be offended. And perhaps that you'll reconsider the suggestion re: increased transparency.

Confused

corbet — Tue, 09 May 2017 13:16:42 +0000

We don't track who mentions travel funding first, sorry.

On the other hand, we do publish nearly 20 years of history which, I believe, shows a consistent and clear picture of where LWN is coming from. That was achieved at some considerable personal cost, including far too much time spent on airplanes and away from home. Yet you're saying that we can be somehow bought by offering us yet another economy-class transoceanic experience. I could get fairly offended if I weren't so busy giggling at the prospect.

Confused

gevaerts — Tue, 09 May 2017 08:19:36 +0000

"I disagree with this article, so let's try to discredit its author's motives"

Confused

aggelos — Tue, 09 May 2017 08:04:15 +0000

On that note, it would be useful to go on record as to who was the initiator when LWN receives travel assistance for attending an event. Did the editors request it or was it offered?

Can I bring this up again?

In the interest of increased transparency, can our editors (in the future) extend their disclosure parties who provided travel assistance with the information on whether they were offered the funds or asked for them of their own accord?

Also, could we have a ballpark estimation for the percentage of events LWN was invited, as well as sponsored, to attend in the last few years? If there are events that LWN was invited to cover, are there any obvious commonalities in those requests (e.g. a specific travel sponsor or event)?

Thanks.

The rise of copyright trolls

aggelos — Mon, 08 May 2017 09:21:20 +0000

(Once more, replying to Armijn directly in case he has missed the other messages)

Hey Armijn. Any chance you could explain how you think the requirements of the GPL might conflict with the EU directive you referenced, given the text of Annex II.1 and the preceding context?

The rise of unreasonable paranoia

paulj — Mon, 08 May 2017 09:05:06 +0000

why not impugn the motives of, say, the medical profession, who obviously have an interest in keeping us sick, because otherwise, you know, they're going to have less work, &c, &c.

You say that as if it is ridiculous, but this is actually true. There is indeed evidence that a medical profession that works in an environment where there is a profit motive will have a bias towards more expensive interventions.

People are prone to bias. Even the best of people. They may not even be aware of it themselves. The way these biases work is that professionals can convince themselves they are doing the right thing as part of it. You need to openly acknowledge interests that might bias things (as is best practice in the medical world, e.g.) to have a hope of countering it. And generally be systematic about counter-balancing self-interest-bias - cause humans _are_ very prone to it.

The rise of unreasonable paranoia

nix — Sun, 07 May 2017 20:49:59 +0000

After impugning legal people, why not impugn the motives of, say, the medical profession, who obviously have an interest in keeping us sick, because otherwise, you know, they're going to have less work, &c, &c.

Of course, the problem with assuming that this doesn't happen is that sometimes it does. Obviously the medical profession has no interest in keeping us sick because they have more work than they can possibly deal with -- adding more sick people isn't helpful -- but they do have an interest, in for-profit systems, in maximizing the amount they charge for their work, charging wildly different fees for the same work depending on your bargaining power, doing unnecessary work, etc (all of which is utterly rife in the US right now). Similarly, the police obviously do not profit from crime because even today there is more of it than they can identify, and in the past crime levels were much higher, so obviously this was even more true back then. So the police have never had an interest in the maximization of crime, even though the more crime there is, the more necessary the police appear.

Unfortunately, then reality bites: the institution of the police was created because of massive scandals around the privately-funded thief-taker system that preceded it, in which not only were some of them (e.g. Stephen MacDaniel) framing innocents as criminals to get rewards (which has recurred in South America and Nigeria in the last half-decade alone), but some were maximizing crime and indeed endeavouring to monopolize it: the classic example was Jonathan Wild. You don't get this to such a degree with doctors because doctors can't extract life from sick people the way criminals can extract goods and money from the people they rob, extort, etc. Doctors' employers can only extract money, in for-profit systems.

(Similarly, lawyers' interest is often in the maximization of the length of cases, since many charge by the hour, while their client's interest is presumably in winning the case and also in not having to pay the lawyers more than they have to. There are certain notable firms in the UK with this modus operandi which any reader of Private Eye would be able to name in an instant.)

Conflicts of interest are everywhere. They sprout like mushrooms when you stop looking for them.

The rise of copyright trolls

bronson — Sun, 07 May 2017 18:35:45 +0000

If only there were a license that solved those problems without opening up a bunch of other ones.... .. . . . .

Streamlining the compliance process

aggelos — Sun, 07 May 2017 18:09:30 +0000

people don't ship samba in embedded devices?
Oh that's just wrong.

Notice the question mark. I was simply pointing out how odd it is that a book called "Practical GPL Compliance" which

is designed for engineers shipping products with GPL-licensed software included (e.g., consumer electronics, drones, IoT devices)

acts as if GPLv3 does not exist (other than a nod) or is not relevant to their target audience.

Personally, I'm also missing the tiniest bit of explanation for copyleft as a concept or motivation to comply with it. I.e. something to the effect of "the GPL is not just a nuisance, it is also beneficial to your organization because [...]". This is something I expect to find in texts which describe to engineers how to take care of a non-engineering task that is probably low in their priority list. Opinions (and intentions) might differ, of course.

Streamlining the compliance process

jra — Sun, 07 May 2017 17:05:55 +0000

> people don't ship samba in embedded devices?

Oh that's just wrong. We have *many* OEMs who ship Samba in embedded devices. Google even ships Samba code (as an app) in ChromeOS.

https://chrome.google.com/webstore/detail/network-file-sh...

The rise of copyright trolls

jra — Sun, 07 May 2017 16:51:16 +0000

Yes, that's why GPLv3 has an easy way to get back into compliance after making a mistake. Shame the kernel community decided not to move to a license that doesn't have these problems.

The rise of copyright trolls

pboddie — Sun, 07 May 2017 15:13:24 +0000

Agreed with this! Also, given that the intent behind a licence must surely have something to do with what is acceptable practice in the context of fulfilling the terms of such a licence, would it not be a good idea to get the FSF to verify that certain practices are, indeed, sufficient?

principles-discuss

rfontana — Sat, 06 May 2017 21:38:44 +0000

By the way, Conservancy has created a forum (https://lists.sfconservancy.org/mailman/listinfo/principl...) for discussion about the Principles. bkuhn has pointed out that to the extent I or other people or entities have suggestions for improvements to the Principles, that is the best place for voicing them.

Streamlining the compliance process

zlynx — Sat, 06 May 2017 20:34:27 +0000

Just wanted to point out that Samba does not imply a Linux OS. Samba also runs on BSD, OS X, and could have been ported to almost any POSIX supporting OS. Haiku and QNX for example.

NDAs are usually at the insistence of the violator, not the enforcer.

bkuhn — Sat, 06 May 2017 19:40:49 +0000

I agree with tytso that the community should know about bad behavior in the area of enforcement, which is why Conservancy was the first to publicly condemn McHardy's actions. Oddly, the Linux Foundation, Radcliffe, and many individuals in the compliance industrial complex directly refused Conservancy's requests over a period of years to come forward and join us in condemning his actions. The statements in this thread on the panel it discusses are coming almost a year after we finally gave up waiting for all those people to join us in DTRT'ing and did it just with us and the Netfilter team.

As for NDAs, in my extensive experience, the usual entity that demands an NDA is a violator, not the individual doing enforcement. One of the reasons that GPL violations are so hard to resolve is that the company won't resolve it unless the party enforcing agrees to an NDA about all terms for settlement. I'd much rather just publish all GPL enforcement settlement agreements, but sadly, too often the only way to convince a company to comply is to agree to sign an NDA about the detailed terms of how they came into compliance.

I've been handed many settlement agreements for McHardy's actions from those he's annoyed; it's why I was able to learn enough about what he was doing to condemn him publicly. There are plenty of bad things that McHardy is doing, but NDAs aren't one of them. If you have evidence of McHardy demanding NDAs, please provide it. It seems to me there's plenty of bad acts we can document by McHardy that we need not make things up about what he's doing.

The rise of copyright trolls

ssmith32 — Sat, 06 May 2017 18:19:07 +0000

Since there are a few other subscribers throwing their opinion into the ring on the coverage, I'll throw mine.. the article did make me feel a little uneasy - even before finishing, I started wondering how much the Linux Foundation had to do with the panel (but not the reporting). Prolly not much, really, in the end.

After refreshing my memory with the linked articles, and browsing through the comments - my only complaint is the overly-dramatic title.

It was not an article about "the rise of copyright trolls". It was an article about lawyers who oppose the actions of McHardy, who may very well be a copyright troll. If we suppose McHardy is one ( I'm not sure - my personal opinion is that the actions are selfish, and indicative of a not-nice values, but not really equivalent to the problems posed by patent trolls), then a more accurate (though still too dramatic for my taste) title would be "Exposing a copyright troll"

The rise of GPL-violator-defense trolls

bkuhn — Sat, 06 May 2017 17:36:12 +0000

It's interesting to note how late all these people have come out to condemn McHardy's actions. Nearly a year ago, Software Freedom Conservancy was the first of anyone to publicly criticize McHardy's actions and the Netfilter team joined the same week in doing so as well. At the time, we were urging others to join us in condemning McHardy, including people like Radcliffe, but I guess at the time he was just earning too much money defending companies against McHardy to be willing to come forward.

We should also consider carefully who was on this panel and what their goals are. AFAICT, all of the people on the panel sell services to those who violate the GPL. Interestingly, none of those on the panel even mentioned the Principles of Community-Oriented GPL Enforcement, which, when followed, don't allow troll-like behavior.

Now that McHardy's actions are slowing down, we hear people drumming up fear mongering about the possibility of future copyright trolls. Note what the panel said, though: there aren't many venues where this is viable option anyway (the USA is one where copyright trolling is completely unviable financially, BTW), and even in Germany which seems according to the panel to be the most friendly to such behavior, even McHardy faces serious challenges and can't continue the behavior as a sustained activity in the long run.

Transparent FUD, this panel seems to me. Yes, McHardy is behaving badly. We should all condemn his behavior; and I am glad to see that these folks have finally joined Conservancy in doing so. But, this is all just a minor blip of a problem in the face of lots of GPL violations that continue to harm users and developers much worse. We should continue with community-friendly enforcement efforts that prioritize compliance and good community behavior over money.

Streamlining the compliance process

pabs — Sat, 06 May 2017 14:06:05 +0000

> (people don't ship samba in embedded devices?)

They definitely do; I have a router that I only found out runs Linux (and is not GPL compliant) because of a mention of Samba in the web interface.

The rise of copyright trolls

aggelos — Sat, 06 May 2017 13:26:39 +0000

Thank you for clarifying this. I do very much wonder where this new social contract will be drafted.

With regard to your FOSDEM presentation, it's not clear to me from the summary (though now that it's been brought to my attention again, I intend to watch the recording) whether these are your own ideas or those of RH and therefore assumed the former.

I sincerely hope an open discussion can eventually take place, though judging from what was reported from this LLW panel, that does not seem to be forthcoming.

Streamlining the compliance process

aggelos — Sat, 06 May 2017 13:25:14 +0000

LF is doing quite a bit in this area. OpenChain is there to help companies set up their compliance programs. SPDX is a long-running effort to make it easy to document the provenance of the software in any given distribution. There's a whole list of publications, including the book by Armijn and Shane mentioned elsewhere in this conversation. They also offer an online course in "compliance basics" for free.

It's clear the LF is publishing a lot of documents on how to do compliance as a company - I skimmed the book by Armijn et al. and the thing that stood out, other than the erasure of GPLv3 (people don't ship samba in embedded devices?), is the number of LF documents mentioned in Appendix 1. Only LF documents, come to think of it. Almost as if there are no other publications on the subject.

Documenting an arduous process is well and good and will remain necessary. It is however not the same thing as making said process easier (for instance, by pursuing tooling improvements). My question was about the latter aspect.

My own wish is that the LF would do more to address the outright compliance problems in the industry, and I've told them so. If there's anything happening there it's below the radar, but they are doing quite a bit to make things easier for the companies that want to follow the rules.

It is good to hear about preventive work. What more do you think they could be doing to address the ongoing compliance problems?

The rise of copyright trolls

excors — Fri, 05 May 2017 17:35:04 +0000

By "a better solution" I didn't mean replacing Linux, I meant things like (as a poor example) adding a URL with the source code onto the piece of paper that already has the warranty information, or offering free legal support to resellers of their phones, or whatever they decide is an effective way to comply with the license and avoid copyright trolls. There's surely a solution that scales better than one that increases the manufacturing cost of each device, which is important when working at the tens-of-millions-of-devices scale.

$4M is negligible compared to the total cost of the product, or compared to the value provided by Linux, but that doesn't mean it's not worth saving if you can. $4M here, $4M there, pretty soon you're talking real money.

The rise of unreasonable paranoia

sdalley — Fri, 05 May 2017 17:22:28 +0000

> Actually, the fact that the existence of FUD around GPL compliance is to the presenters' interest (which was my point here) is not really open to interpretation.

You have to be careful with that sort of reasoning growing tinfoil-hatted conspiracy legs and running away with you, pardon the mixed metaphor. After impugning legal people, why not impugn the motives of, say, the medical profession, who obviously have an interest in keeping us sick, because otherwise, you know, they're going to have less work, &c, &c.

It all comes back to whose integrity you trust, and whose you don't.

My strong impression is that Armijn et al are actively trying to clean up the FUD, not make it worse. What then? Would it really be better to have armchair lawyers from the peanut gallery, or principled people who do this stuff for a day job and know what they're talking about?

Streamlining the compliance process

corbet — Fri, 05 May 2017 17:18:39 +0000

Is the LF or any other organization making or funding an effort to streamline the license compliance process?

The LF is doing quite a bit in this area. OpenChain is there to help companies set up their compliance programs. SPDX is a long-running effort to make it easy to document the provenance of the software in any given distribution. There's a whole list of publications, including the book by Armijn and Shane mentioned elsewhere in this conversation. They also offer an online course in "compliance basics" for free.

My own wish is that the LF would do more to address the outright compliance problems in the industry, and I've told them so. If there's anything happening there it's below the radar, but they are doing quite a bit to make things easier for the companies that want to follow the rules.

The rise of copyright trolls

niner — Fri, 05 May 2017 16:25:10 +0000

Quite ironically $4M is probably orders of magnitude less than what Samsung pays for Microsoft's patent licenses.

The rise of copyright trolls

raven667 — Fri, 05 May 2017 16:01:32 +0000

> If you wanted to store a non-deleteable source archive instead: It looks like the source provided for a Samsung Galaxy S8 is 185MB, and they might sell around 50 million of them, and flash storage apparently costs something on the order of $0.40/GB, so that'd essentially add up to about $4M. That sounds a lot more expensive than hiring a few lawyers and engineers to find a better solution that doesn't add many cents of cost to every single device.

$4M is substantially less expensive than developing a mobile OS on your own, I'm sure they have received many orders of magnitude more value from the Linux kernel and related open source technology than the costs of license compliance.

The rise of copyright trolls

bronson — Fri, 05 May 2017 15:28:21 +0000

You found a great lawyer! And thanks for the details -- it sounds like the slip of paper was one of the easier parts.

If you ever felt like turning this into an article or a blog post, I'd be interested to read more.

The rise of copyright trolls

rfontana — Fri, 05 May 2017 13:16:13 +0000

I was at this session. I did not take notes and of course I may be misremembering, but my recollection is that the Principles were mentioned explicitly only by one attendee at this session, and there was certainly no substantive discussion of the Principles. Regarding views on what is lacking in the Principles, that was in part the subject of my talk at FOSDEM earlier this year, covered by LWN.net at https://lwn.net/Articles/715082/.

The rise of copyright trolls

farnz — Fri, 05 May 2017 09:27:23 +0000

At a former employer, we had a serious lawyer say exactly that. Of course, what had to be present at http://blah/ was more than just the licence text - we also had to provide full GPL sources for all the software we shipped, and detailed build instructions to enable you to rebuild and replace any GPL software on the devices we shipped with your own build.

Indeed, our lawyer actually suggested that we could go further - we already put a sticker on the device with MAC address and serial number - we could simply put "Software licence details at http://blah/ - you have rights" on that sticker, and as long as http://blah was correctly set up to cover the licence requirements, they'd defend us pro-bono. We also ran this past the FSFE, who verified our instructions on the web site, and then were willing to write a letter telling us that in their opinion, we were compliant given the sticker or the slip of paper. Further, there was no issue with the idea that to get support from us, you had to restore our original software, or with us shipping "surplus" source (e.g. we used gdb internally for debugging - we didn't install gdb on shipped devices, but we could still choose to offer you gdb source code).

This did lead to some challenges for us (we had to come up with a process to let you rebuild things that we shipped outside our infra, to let you reinstall binaries on the product in such a way that it was tamper-evident for our support team, and to reset back to a clean state), but we made it work.

The rise of copyright trolls

aggelos — Fri, 05 May 2017 09:11:03 +0000

*You* may be talking about wholesale violations, but other people are talking about people who are really doing copyright trolling by going after companies who are trying to do the right thing, but who are technically out of compliance because of slight differences between the binaries and corresponding source.

Do you have access to the primary litigation data or secondary information from companies McHardy approached?

If so, are you free to share e.g. statistics on the claims made, how often, how did the claims evolve over time (perhaps accounting for the specifics of each case)? This is highly suboptimal as confirmation bias is something we're all vulnerable to, but any information would help further discussion. I know this is would be a lot of work, but thought I'd ask in case someone already has that data :-)

The rise of copyright trolls

aggelos — Fri, 05 May 2017 09:03:28 +0000

Please present your argument; not the text of the directive. If there is an issue here, it needs to be further publicized, but that's not at all obvious from the text.

Hey Armijn. Any chance you could do this? I realize this is a long discussion and wouldn't want this part (which I think is central to some of the points) to fall through the cracks.

The rise of copyright trolls

aggelos — Fri, 05 May 2017 08:55:39 +0000

Yes, it is open to all to judge

Actually, the fact that the existence of FUD around GPL compliance is to the presenters' interest (which was my point here) is not really open to interpretation. Reasonable people could disagree on whether any (or which) statements of the presenters go out of their way to exaggerate the risks involved by speculation on unidentified and unknowable laws and regulations. I think the case is well made for both sides of that particular argument.

More and better guidance for GPL compliance is a laudable goal. The goal does not set the means beyond analysis and interpretation though.

The rise of copyright trolls

aggelos — Fri, 05 May 2017 08:47:56 +0000

Those principles certainly have the right idea: compliance before litigation. That doesn't seem to be what the article talks about though: if McHardy followed the SFC/FSF principles, the concern about his specific cases would be less. But the problem isn't limited to McHardy. It's a general and potentially rising problem with people or organisations who may be tempted to use their copyright holding in free software for monetary gain.

The panel (as summarized here) discussed both efforts to help compliance (e.g. by promoting the book published by the Linux Foundation and written by two of the presenters) and efforts to set community norms (the 'social contract'). The point in this subthread was about the second part (I have not had time to go through the book. I'd find a comparative reading of it and copyleft.org's A Practical Guide to GPL Compliance pretty informative, though I doubt LWN would be interested in publishing such an article).

The answer to this isn't to litigate more; it's to make compliance super-ultra-miraculously easy, help everyone be in compliance, and make sure people know how, and can show clearly they are in compliance if being faced by a copyright troll. There's a lot of work we still need to do on this, and the panel highlighted this and the risks if we don't.

I agree with that more than you seem to realize. The two points I'm making are that (a) the interpretation of the (unavailable) data as to the frivolity and seriousness of this kind of legal activity by McHardy appears to be coming from people who stand to benefit from increased worry around GPL non-compliance for trivial issues[0] and (b) the 'social contract' they advocate comes to contend with another, earlier, social contract that has been brought forward as a response to the exact same situation, and that fact is not acknowledged in the presentation or LWN's coverage.

FWIW, I also think that making compliance as streamlined and fool-proof as possible is the better way forward here (without discounting the importance of dealing with the current situation). It would be great to be able to talk specifics here, but case information is regrettably not available. It is encouraging to read that "over time, McHardy has moved away from the more exotic claims". I would be very interested in finding out why that is.

Is the LF or any other organization making or funding an effort to streamline the license compliance process?

[0] This is not to say that their facts are false; just that others might interpret the facts differently. For all we know Armijn et al are underestimating the damages, though their accompanying argumentation is clearly (to this reader at least) pointing in the other direction. Perhaps one day we'll be able to judge for ourselves.