Worked my first GPL enforcement case in 1999 (as FSF volunteer).
FSF Executive Director, 2000–2005. Now an FSF Director.
President, Software Freedom Conservancy, 2006-present.
Conservancy & FSF are responsible for nearly all GPL enforcement in USA.
FUD says: compliance is difficult.
FUD says: you should fear enforcement.
I’m disturbed Harald Welte & I’ve inspired creation of the “compliance” industry.
Ironically, this industry wants enforcement to seem worse than it is.
FUD aids their mission.
Salespeople sell things you don’t need.
Most talking of “compliance” wanna sell you proprietary junk.
Coca-Cola’s by far the world’s number one soft drink, and they spend more money than anybody on advertising.
— Tracy Flick, character in the 1999 film, Election
Routinely 10 over limit?
Routinely 20 over limit?
Routinely 30 over limit?
Routinely 40 over limit?
Nearly all GPL violations are by for-profit companies.
Both undercut those who comply.
And Schibler with others, maketh the difference of extension to be this, that Angels can contract their whole substance into one part of space, and therefore have not partes extra partes. Whereupon it is that the Schoolmen have questioned how many Angels may fit upon the point of a Needle?
— Richard Baxter, The Reasons of the Christian Religion, 1667.
It’s fun to debate esoteric licensing situations & details …
… but it doesn’t address the fundamental problem:
Believe it or not, I’m a pragmatist.
“It is possible for a mistake made by an ODM (like providing the wrong busybox source version) could result in the recall of millions of unrelated products.”
Sure, this is possible in theory …
… but who doing enforce asks for this in practice?
I’ve accepted disgusting settlement terms just to avoid disrupting a violator’s business.
“[I’ve] heard … worries about … “copyright trolls” It’s not too hard to imagine that somebody with a trollish inclination might come into possession of … © on some kernel code … shak[e] down former violators with threats of lawsuits”
You need to read the statutes.
Copyleft compliance isn’t a legal problem …
… or even a “knowledge” problem …
… it’s an engineering problem.
Everything else is trivially fixed!
Fixing copyright notices.
Clarifying contradictory license texts.
Other informational requirements.
C&CS: complete and corresponding source code.
Bulk of all enforcement time is spent on this.
It’s hard b/c violators won’t let me talk to engineers …
… or they don’t know who they are.
… and the engineering problems aren’t even interesting!
All GPL enforcers ask for this (including Harald).
Indeed, most violators ask for this.
As an engineering question, this is easier!
Build scripts are usually for the whole system, not just one program.
Notification to past recipients.
Appoint GPL Compliance Officer.
Periodic compliance reports.
Yes, we do ask for some money.
No one in non-profits is getting rich from this.
There must be a deterrent.
Non-profit enforcement == accountability.
Confidentiality is something violators ask for.
Samba should stand with its co-projects in the embedded space.
I talk about enforcement because (sadly) it’s the most interesting thing Conservancy does.
Enforcement is just a small part of Conservancy’s work.
Presentation and slides are: Copyright © 2008, 2009, 2010, 2011, 2012 Bradley M. Kuhn, and are licensed under the Creative Commons Attribution-Share Alike (CC-By-SA) 3.0 United States License.
Some images included herein are ©’ed by others. I believe my use of those images is fair use under USA © law. However, I suggest you remove such images if you redistribute these slides under CC-By-SA-USA 3.0.