
The ability to correct errors in GPLv2 compliance: the right thing to do - swonderl
https://www.redhat.com/en/blog/ability-correct-errors-gplv2-compliance-right-thing-do
======
LukeShu
Note that the FSF and the SF Conservancy have already been doing this, and
recommending you do this, as part of their Principles of Community-Oriented
GPL Enforcement.

[https://www.fsf.org/licensing/enforcement-
principles](https://www.fsf.org/licensing/enforcement-principles)

> _Community-oriented compliance processes should extend the benefit of
> GPLv3-like termination, even for GPLv2-only works._

> _GPLv2 terminates all copyright permissions at the moment of violation, and
> that termination is permanent. GPLv3 's termination provision allows first-
> time violators automatic restoration of distribution rights when they
> correct the violation promptly, and gives the violator a precise list of
> copyright holders whose forgiveness it needs. GPLv3's collaborative spirit
> regarding termination reflects a commitment to and hope for future
> cooperation and collaboration. It's a good idea to follow this approach in
> compliance situations stemming from honest mistakes, even when the
> violations are on works under GPLv2._

------
wyldfire
> The cure rights offer additional comfort that users of GPLv2 code have
> reasonable assurances of quiet use of that code, even if there is a
> temporary license noncompliance due to ambiguity, misunderstanding or
> otherwise. We also believe that community adoption of these rights will
> reduce the opportunity for copyright trolling.

It's hard to understand the problem being solved here. While I've heard of
"patent trolling" I guess I've only thought of copyright trolling in the sense
of the (poorly tested) automatons who issue DMCA takedown requests for
audio/video on youtube.

I've heard about GPL enforcement but only in "good" context: copyright holders
acting in good faith to get their licensees to comply with the license. Are
there copyright holders engaging in abusive litigation?

~~~
toyg
_> Are there copyright holders engaging in abusive litigation?_

Some enforcement efforts have been controversial, particularly the VmWare suit
and other efforts by SFConservancy. I wouldn't call them trolls, but a lot of
people think they are too heavy-handed.

On the other hand, with nobody wielding a stick, there is no real incentive
not to abuse free licenses - which is exactly why the GPL exists in the first
place.

~~~
throwaway2048
How are they too heavily handed? the only thing they ask for in negotiation
and lawsuits is GPL compliance, they dont demand money, or anything else.

If following the license is too much to ask for, what exactly does "not heavy
handed" mean?

~~~
kuschku
> If following the license is too much to ask for, what exactly does "not
> heavy handed" mean?

The "enforcement" that Torvalds wants is what you see with Android today:
Everyone ships blobs of kernel builds, with the source never released.

~~~
crankylinuxuser
And that shit needs to stop now.

If I want to bloody recompile the LK on my phone to install a proper linux,
that or other GPL tools shouldn't be blockers.

------
jlgaddis
I would love to see the kernel community go after Mikrotik for license
violations -- up to and including monetary damages, if they continue to refuse
to comply.

------
yarrel
...is to move to GPLv3.

------
gpm
I don't think this is a good thing.

The GPL is a tool to scare companies into doing the right thing and releasing
their code. By committing to this we lose the ability to scare those
companies. It becomes much more worthwhile to play chicken hoping no one will
notice that you are using GPL code in your closed source binary.

~~~
ajross
In practice, though, the GPL has mostly just managed to scare companies into
using the Apache license for stuff they want to release. GPL violations are
typically done by smaller actors without malice: little companies rushing
products out the door, or integrators shipping stuff without a clear picture
of the software license.

At this point in history I don't think free software has much to fear from a
more lenient enforcement of copyleft. The real risk is that copyleft (IMHO a
really great tool even absent the "scare companies" analysis) will be
forgotten.

~~~
bsder
> In practice, though, the GPL has mostly just managed to scare companies into
> using the Apache license for stuff they want to release.

So? I see this as a good thing.

It's not like there is a shortage of BSD, MIT, Apache, et al., licensed code.

GPL code should be treated like radioactive or toxic material--you need a
permit, legal approval, and you had better have a _REALLY_ good reason. There
are reasons why you might need to use it, but they should be few and very far
between.

------
sgift
"The right thing to do" from a programmers perspective is to never use any
dependency which uses anything with *GPL as its license if they can use
something else instead. Sometimes, the only viable option is licensed under
one of these licenses and then you have to look very carefully and probably
involve legal support, but for all the other cases life gets far easier if you
just don't use such dependencies and take something with a less restrictive
license.

~~~
adrianN
The right thing to do is to just make the source available when the license
requires you to do so. It's not that hard. If in doubt, just make it
available.

~~~
johannes1234321
It's hard if you licensed some of the code elsewhere and boundaries are
unclear (and then ignore all the fallout from publishing - others can't use it
and will call support, security researchers might find bugs, ...)

If more code would be shared it would be a better world, but the way s not
simple. Respecting licenses of ocurse is a requirement.

