GPL Compliance For Advancement of OpenWRT
Bradley M. Kuhn
OpenWRT Summit 2018
Monday 29 October 2018
Slides: ebb.org/bkuhn/talks/OpenWRT-2018/openwrt-2018.html (tinyurl.com/bkuhn-openwrt)
Previously On The OpenWRT Summit…
I spoke two years ago … about the history of copyleft & the GPL.
And, in particular, how OpenWRT is so central to that history.
Still A Daily Inspiration
More than 15 years ago, SVN check-in r1 of the OpenWrt project was the actual source code we reviewed in the Cisco/Linksys GPL compliance efforts.
Still Wondering If We Made Mistakes
Was it a mistake not to sue Broadcom for their proprietary Linux driver?
The Anti-GPL Enforcement Era
GPL violations are more prevalent than ever.
GPL enforcement became a more divisive issue upstream in the last two years.
In fact, the political firestorm erupted just months after my OpenWRT Summit 2016 talk.
Should Enforcement Ever Happen?
When asked by David Woodhouse:
If you are happy with the status quo, and do not want violators to be brought into compliance …
Greg K. H. answered:
I do, but I don't ever think that suing them is the right way to do it,
given that we have been very successful so far without having to do
that.
Greg Denies History
But, our community did often enforce the GPL.
& it's been necessary for Linux's success since the advent of the embedded system.
OpenWRT is the ready-made example of that.
After Linksys, there were a lot of lawsuits
Harald Welte from 2004–2013 brought more than 15 GPL enforcement actions (most of which were lawsuits) and mostly against wireless router makers:
After Linksys, there were a lot of lawsuits
A mere sample of Harald's many enforcement actions (most of which were lawsuits):
- 2004: Allnet
- 2004: Asus
- 2004: SecurePoint
- 2004: Sitecom
- 2004: Gigabyte
- 2004: TomTom
- 2005: ARP Datacon
- 2005: Edimax
- 2005: CeBit
- 2005: Fortinet
- 2005: MEDION
- 2005: Targa
- 2006: D-Link
- 2007: Iliad
- 2011: AVM
GPL Is Not Primarily About Upstream
[Those who enforce the GPL] NEVER found any actual useful code that should have gone upstream— Rob Landley, former BusyBox developer
GPL Is Not Primarily About Upstream
Rob and I spoke at LCA in 2017. We cleared up this misunderstanding.
Upstreamed code is only a secondary effect of copyleft's primary goal: rights to downstream users so they can someday become upstream developers.
Users Deserve The Means of Source Production
complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable.
— GPLv2§3
Garrett: It's About Downstream Users Who Become Developers
[D]o you want 4 more enterprise clustering filesystems, or another complete rewrite of the page allocator for a 3% performance improvement under a specific database workload, or do you want a bunch of teenagers who grow up hacking this stuff because it's what powers every device they own? Because honestly I think it's the latter that's helped get you [Linux developers] where you are now, and they're not going to be there if the thing that matters to you most is making sure that large companies don't feel threatened rather than making sure that the next 19 year old in a dorm room can actually hack the code on their phone and build something better as a result. It's what brought me here in the first place, and I'm hardly the only one.— Matthew Garrett, Linux Developer, 26 August 2016
Our History is Enforcement
I argue: Linux and other GPL'd software has been successful because enforcement and lawsuits have happened regularly since 2002.
We can't run a parallel experiment (absent time travel).
But, we can show it's political FUD to argue that GPL enforcement and occasional lawsuits is a new-fangled strategy that endangers Linux.
Because, if so, Linux has been “endangered” since 2002.
The Principles of Community-Oriented GPL Enforcement
- Our primary goal in GPL enforcement is to bring about GPL compliance.
- Legal action is a last resort. Compliance actions are primarily education and assistance processes to aid those who are not following the license.
- Confidentiality can increase receptiveness and responsiveness.
- Community-oriented enforcement must never prioritize financial gain.
- Community-oriented compliance work does not request nor accept payment to overlook problems.
- Community-oriented compliance work starts with carefully verifying violations and finishes only after a comprehensive analysis.
- Community-oriented compliance processes should extend the benefit of GPLv3-like termination, even for GPLv2-only works.
Full text at sfconservancy.org/linux-compliance/principles.html.
The .01% We Don't Agree On
Greg KH and I agree on 99.99% of GPL enforcement strategy.
We differ only on one minor point.
Lawsuits
Companies sue each other all time: there are hundreds of lawsuits between tech companies every year.
We can't even overcount to get 50 lawsuits filed by community actors against GPL violators in history.
Yet, we remain under constant political attack because Conservancy has funded exactly one Linux lawsuit: Christoph Hellwig's ongoing case against VMware.
Just so we're clear: This Is What We Care About
The accusation is: Conservancy cares more about copyleft than Linux.
The FUD implication: we want to “sacrifice Linux at the holy altar of the GPL.”
Just so we're clear: This Is What We Care About
Linux is a bunch of code and copyrights that happen to be GPL'd; the GPL is just a tool (by design).
Code and licenses are ephemeral. We care about is users' long-term software freedom.
New developers should hack their devices & join our community.
The Curious Case of OpenWRT
Wireless routers were the canary in the coalmine: the first product beyond servers that needed Linux.
As IoT becomes common, every product, software-wise, actually looks more like a wireless router than anything else.
Can we, and should we, establish a beachhead for users with wireless routers?
What It Would Take
We'd need OpenWRT developers to commit long-term to GPL enforcement.
We'd need some of you to volunteer some time to work with Conservancy to check source releases.
We'd need a plan on what to do when they refuse to release code (because someone will).
Enforcement's More Work Than It Should Be
We at Conservancy don't actually like GPL enforcement:
- It's boring.
- It's politically dangerous for our careers and our organization.
- Speaking for just me, I'd actually rather be a developer.
- We do it because it benefits developers and users.
So, I'm Asking, Not Telling
I've read OpenWRT forums and see users complaining about compliance problems (as recently as a few months ago).
It doesn't surprise me.
There are probably even more violations!
But, I want to know from you if you want Conservancy's help to do something about it.
More Info / Talk License
URLs / Social Networking / Email:
- Pls. support Conservancy
- The Copyleft Guide is freely available & welcomes contributions at copyleft.org
- Linux developers can join the GPL enforcement coalition of Linux developers.
- Conservancy: sfconservancy.org & @conservancy.
Presentation and slides are: Copyright © 2017, 2018 Bradley M. Kuhn, and are licensed under the Creative Commons Attribution-Share Alike 4.0 International License. Slide Source available.