
The kernel community confronts GPL enforcement - corbet
https://lwn.net/SubscriberLink/698452/f808dcfcaf34fddf/
======
saynsedit
Something that isn't transparent in this discussion is the fact that Linux is
extremely corporate now.

By that I mean, the vast majority of contributions are sponsored by
corporations.

Both Linus and Greg know that. They are keenly aware that if Linux takes a
hardline GPL approach it will gain the reputation of being unfriendly to
corporations. That perception will kill Linux in the long run.

When they say they "Care about Linux more than GPL" they are really saying
they care about corporate Linux since non-corporate Linux virtually doesn't
exist anymore.

I have nothing against that and honestly I think they have more clear opinions
due to their positions as top-level maintainers. I just think the motivations
and incentives behind their opinions should be clear to more people.

The people's Linux is virtually dead. People need to eat. An analysis of that
phenomenon would be interesting as well but is beyond the scope of this
discussion.

~~~
karma_vaccum123
By that argument, every non-copyleft licensed codebase is "dead" with respect
to the "people".

In reality, the opposite is true even though it burns up FSF folks. Linux is
alive and well. You can download, read, edit and contribute back to the kernel
for free. Maybe your patches won't be accepted, but the license doesn't
guarantee that they will be anyway.

It is true that you may periodically experience a scofflaw that sells you a
router that hides some kernel code, but this should only bother you on
philosophical grounds. The vendor has no obligation to allow you to "repair"
or modify the device. The vendor is under no obligation to accept a patch from
you if you find a flaw. Putting linux in a device does not grant the end user
any specific right to change the device's behavior. People seem to be
confusing "hackable" with "has GPL code". A shitty router with linux code will
probably remain a shitty router.

I can see why the FSF and SFC might be throwing a fit; Clang and LLVM can
replace GCC, and Linus isn't at all militant about license enforcement. The
effective power of the FSF is in rapid decline.

~~~
notalaser
> In reality, the opposite is true even though it burns up FSF folks. Linux is
> alive and well. You can download, read, edit and contribute back to the
> kernel for free. Maybe your patches won't be accepted, but the license
> doesn't guarantee that they will be anyway.

This isn't untrue, but it does not take away the main point: the community
that drives the development agenda and dictates priorities is no longer a
community of independent programmers (in the broad sense of the word; many
contributions used to come from people who were hired by commercial entities,
but they were still relatively small groups, and contributions were limited to
small pieces that were specifically interesting for their small-ish employers:
a driver for this or that network card, improvements in this routing protocol
and so on).

This is no longer the case, and the development agenda of the Linux kernel is
almost completely dictated by large players, at the expense of small ones and,
to a large degree, individual users.

~~~
epistasis
> at the expense of small ones and, to a large degree, individual users.

Is that a real expense at all though? I would argue that, empirically, it is
zero. As in zero evidence of contributions to Linux detracting from my needs
as a small player and user.

Every community is going to drive things in their "own" direction, and that
direction is largely dictated by use by those developers. If it were a
difference, an expense on the people, there would be a community with
differing views of what the kernel should be doing. They could contribute code
towards their ends, or fork. Given that there is practically zero interest in
this, I would say that it's fairly clear that a so-called "corporate Linux,"
in the form of largely corporate code contributions, has come at zero expense
to the "people."

------
samfisher83
A lot companies use Linux kernel and don't release any of the source. They are
working on the backs of millions of hours of human labor. For example DJI uses
linux on its drone and open wrt on its controller. I don't see any source code
for that. LeTv and many other Chinese cellphone makers don't release source
code for their kernels. They really have no alternate they could go to. I
think it makes sense that kernel community would be more aggressive about
making companies return the code with which their products couldn't really
exist without.

~~~
delinka
The Linux kernel codebase is pretty flexible. Are there really changes that
had to take place to put the kernel into a drone? If not, there's nothing for
DJI to release.

Isn't there already a mechanism for handling binary-only kernel
modules/drivers? Perhaps DJI's 'changes' can be expressed in such a binary-
only module.

There seems to be a fairly large part of the tech community that is willfully
ignorant of how these licenses work and how the kernel copyright holders have
addressed violations in the past. These folks seem to think that because some
corporation downloaded the Linux kernel source, that the company's entire
codebase should be open source. As always, it's much more complex.

~~~
new299
My understanding is that they have to provide clear instructions on where to
get the source.

In general, bringing up Linux on a new platform does require extensive
modifications. They often use u-boot too, things like switching on the system
DDR, DDR timing etc require significant changes to u-boot (which is also gpl).

In my experience those changes rarely get released.

I've never heard anyone say a company should release everything just because
they used the Linux kernel... But that's just me.

~~~
mpol
> My understanding is that they have to provide clear instructions on where to
> get the source.

No. Only when they distributed their software to you (the Linux kernel under
the GPL) then you can request the sourcecode for that under the GPL. If you
never had any code being distributed by them to you, they have no obligation
to you.

~~~
mjg59
This is a common misunderstanding. You have two choices when distributing
GPLv2 software commercially: you can either provide the source code alongside
the binaries (section 3(a)), or you can provide a written offer to provide the
source code on request to any third party (section 3(b)). Non-commercial
distribution can forward on a 3(b) offer rather than making their own.

~~~
infinite8s
Exactly. Except that if you as third party do not receive the the Program (or
a work based on it, under Section 2) in object code or executable form, then
you have no rights under section 3.

So a company that sells GPL'd software is only required to provide the source
to any of their purchasers (however, those purchasers are not restricted in
any way and can give the source to someone else). So the only way I could get
the source code from that company is if I purchase their product.

~~~
tzs
> So a company that sells GPL'd software is only required to provide the
> source to any of their purchasers (however, those purchasers are not
> restricted in any way and can give the source to someone else). So the only
> way I could get the source code from that company is if I purchase their
> product.

That's not correct. The text of the license says:

> Accompany it with a written offer, valid for at least three years, to give
> any third party, for a charge no more than your cost of physically
> performing source distribution, a complete machine-readable copy of the
> corresponding source code, to be distributed under the terms of Sections 1
> and 2 above on a medium customarily used for software interchange; or,

It say _any_ third party. There is nothing in there that limits it to only
those who purchased it from the company. If the company elects to go with the
written offer approach and I buy a copy from them, and then I give you a copy,
they are obligated to give you source code if you ask even though you did not
purchase from them.

As explained in the GPLv2 FAQ:

> What does this “written offer valid for any third party” mean? Does that
> mean everyone in the world can get the source to any GPL'ed program no
> matter what?

> If you choose to provide source through a written offer, then anybody who
> requests the source from you is entitled to receive it.

> If you commercially distribute binaries not accompanied with source code,
> the GPL says you must provide a written offer to distribute the source code
> later. When users non-commercially redistribute the binaries they received
> from you, they must pass along a copy of this written offer. This means that
> people who did not get the binaries directly from you can still receive
> copies of the source code, along with the written offer.

> The reason we require the offer to be valid for any third party is so that
> people who receive the binaries indirectly in that way can order the source
> code from you.

Also relevant from the FAQ:

> My friend got a GPL-covered binary with an offer to supply source, and made
> a copy for me. Can I use the offer myself to obtain the source?

> Yes, you can. The offer must be open to everyone who has a copy of the
> binary that it accompanies. This is why the GPL says your friend must give
> you a copy of the offer along with a copy of the binary—so you can take
> advantage of it.

~~~
infinite8s
OK, I stand corrected. However, it sounds like technically you must possess a
copy of the binary to request source code, although the GPL doesn't require
you to furnish proof that you have such a binary. IE there must be a chain of
transferring the written offer from company to purchaser to third party. Or in
other words you must have a copy of that written offer in order to request the
source code (and the text of the FAQ seems to support that).

------
karma_vaccum123
I see this as a stealth attempt by the Software Conservancy to hijack the
direction and tone of kernel development, dragging it more to FSF-style
militancy.

Linus is right, there is no crisis in GPL violation. There will always be
violators. Any law or contract or license will be violated. Becoming more
militant about enforcement will simply cause most corporate partners to
disengage. Most users comply with the license. Users have access to
interesting and useful source code and have never been restricted from
accessing the kernel. The kernel team is on good terms with most corporate
users. Going after the 5% of violators will change how the kernel team
interacts with the 95% of good partners.

The only thing Linus seems to be disingenuous about is his claim of support
for the GPLv2. My guess is he secretly wishes he had chosen a different, non-
copyleft license.

~~~
hood_syntax
> Going after the 5% of violators will change how the kernel team interacts
> with the 95% of good partners.

Why would it? If they are not violating the terms of the license, what would
change?

~~~
dragonwriter
> If they are not violating the terms of the license, what would change?

Increased vigilance in enforcement of _anything_ almost invariably means
greater incidence of prosecuting non-violators, causing them to incur costs to
establish that they are not in violation.

In the case of Linux, this increases the expected costs of using the kernel
even in accord with the license.

~~~
ashitlerferad
Conservancy are only interested in compliance, not in increasing costs:

[https://sfconservancy.org/copyleft-
compliance/principles.htm...](https://sfconservancy.org/copyleft-
compliance/principles.html)

~~~
dragonwriter
What the Conservancy is "interested in" is a different thing than what
interaction with them causes.

Enforcers _often_ are (or claim to be) interested only in compliance. Their
efforts to secure compliance where they believe compliance is lacking incur
costs that would not otherwise exist, even where compliance already exists.

------
notacoward
The Linus/GregKH attitude might work _because it 's the Linux kernel_. It's
almost irreplaceable for those who are using it, it has a huge developer
community, it has many corporate sponsors to back up those developers, etc.
It's not at all clear that the same approach would work for another project
without those things. The way Linux kernel developers make such assumptions
and pronouncements reminds me a lot of the way some people talk about social
issues from a highly privileged position - utterly blind to the reality for
those in different circumstances.

As I immediately reacted on Twitter, I think lawsuits are a lot like nukes.
Using them might always be terrible, but their absence negates all leverage in
any other kind of negotiation. That includes the kind of negotiation that Greg
K-H talks about. In those negotiations, he still benefits from the kind of
enforcement he himself eschews. Those who live under an umbrella shouldn't
dump on the people holding it up IMO, as the LF stalwarts are doing in their
attempts to defend their turf.

Disclosure: I work for Red Hat, which as a company and a community has
probably held just about every possible position on this issue - often
simultaneously.

~~~
ashitlerferad
Has RH ever assigned its lawyers to enforce the GPL?

~~~
notacoward
I know of one case where Red Hat _countersued_ a patent troll over a GPL
violation. It was a pretty good illustration of the "nuclear deterrent" effect
that such litigation can have. I'm not aware of any cases where Red Hat has
brought any _original_ suits of this nature, but then again I probably
wouldn't be even if they did exist.

------
belorn
The whole discussion has been one of the best example of people violently
agreeing with each other. Sadly, the article only mention the first few
statements and not one of the later done by Greg, which makes it look like a
bigger disagreement than it is.

 _Ok, I 'm not saying "never should legal action be taken", but what I am
saying is the same thing that Linus said, "only under the most dire
circumstances", the nuclear option._ \-
([https://lists.linuxfoundation.org/pipermail/ksummit-
discuss/...](https://lists.linuxfoundation.org/pipermail/ksummit-
discuss/2016-August/003678.html))

 _" Lawsuits are always a last resort after nothing else works."_ \-
([https://lists.linuxfoundation.org/pipermail/ksummit-
discuss/...](https://lists.linuxfoundation.org/pipermail/ksummit-
discuss/2016-August/003620.html))

That is a far cry from implied disagreement from the earlier quoted "I do
[want companies to comply], but I don't ever think that suing them is the
right way to do it". Maybe the Gregs comment is more colorful and has some
slight implied differences, but so far I have see little in the discussion to
specific when exactly those differences has an practical impact. Both sides
seems to be in an agreement (or atleast, not in explicit disagreement) about
the status of VMware, as none in the mailinglist (from what I can see) has
said that the lawsuit should not exist.

What left is the last paragraph of the article, where at least there is direct
conflict. Linus don't trust/like FSF and by extension, SFC. For that, one of
the other developers described the situation perfectly. If developers went to
SFC instead of the lawyers of LF, maybe Linus should ask why that happened in
the first place.

~~~
notacoward
> If developers went to SFC instead of the lawyers of LF, maybe Linus should
> ask why that happened in the first place.

I think the answer to that is another question: why would LF bother, when they
can reap all of the benefits while SFC bears the cost and takes the flak? They
get to play godfather in this situation, pretending their hands are clean. The
analogy only falls down because godfathers don't typically rat out their own
triggermen.

------
pjc50
As mentioned in the article, forswearing lawsuits is a bad idea: then
companies have no downside to not cooperating.

~~~
yxhuvud
Yes they do. They have to maintain their own branch, which may be very costly
when new versions of linux would arrive. Successful upstreaming mitigates
that.

~~~
pjc50
Maintain? These are hardware vendors. Once it's shipped they rarely care.

------
ksk
Interesting to note the tone of the comments when it comes to enforcing
copyright law - Piracy vs GPL.

------
wyldfire
> ... Bradley isn't the one making the decisions here. It's the developers

Gee, this debate seems to have given some large amount of power to the
individual contributors to the kernel. Any _individual_ developer could defect
from Linus' stance and work with the SFC on an infringement case. I'm curious
to see if any of them are more dogmatic with respect to copyleft.

I _suppose_ it makes sense that features CONFIG_'d off shouldn't be considered
for infringement, but for many binary distributions of the kernel it probably
still catches a lot of developers.

I always thought it was baloney red tape to do copyright assignments but if it
had taken place here it would be a very different debate. The developers would
have effectively ceded all control over this discussion to the assignee (who
probably would've been The Linux Foundation, if anywhere).

~~~
mordocai
> Any individual developer could defect from Linus' stance and work with the
> SFC on an infringement case.

I was looking for a source and was unable to find it quickly, but I'm pretty
sure a significant number of kernel developers have joined some kind of SFC
organization that allows the SFC to use their copyright in order to sue for
compliance.

Edit: Thanks ashitlerferad, I missed the section on linux here:
[https://sfconservancy.org/copyleft-
compliance/](https://sfconservancy.org/copyleft-compliance/). That's the
source.

Edit2: Please read JoshTriplett's comment below for some clarifications on
this subject.

~~~
JoshTriplett
As mentioned in the linked email thread, the kernel developers working with
Conservancy do not typically assign their copyright to Conservancy, and do not
cede their decision-making authority over legal matters to Conservancy.

(Also, they go by "Conservancy" or "Software Freedom Conservancy", not "SFC",
to avoid acronym confusion.)

Some developers on various projects (including the kernel) have voluntarily
signed over copyrights to Conservancy for various reasons, but their GPL
compliance project does not require that.

------
smitherfield
One thing that wasn't brought up (edit: ok, quickly glossed over) in the
article — if you go to court, you can lose!

There are various legal arguments I can think of, that would essentially trash
the GPL, and a company with 8 figures to spend on lawyers could make very
convincing (I don't agree with these, but a judge and jury could easily):

1\. It's unclear whom the actual copyright holder or holders of Linux are, and
who has standing to sue on their behalf.

2\. Since Linux is open-source, free-as-in-beer, etc, it's public-domain.

3\. Linux is a derivative work not entitled to copyright protection.

And so on. Again, when one side might have orders of magnitude more budget for
lawyers, this kind of stuff will be very convincing. (Many corps will pony up
money to protect _Linux_ , but they'll generally be on the opposite side when
it comes to the GPL).

~~~
databus
Going to court and losing, while not fun, should be instructive to the GPL
community. A loss will either point out areas that need to be changed in the
next GPL license version, or that a GPL-style license is not viable.

~~~
desdiv
Yes, it could prove helpful to the GPL community, but it might prove harmful
to the kernel community. For all intents and purposes, the Linux kernel is
permanently stuck in GPLv2. If a disastrous court case somehow weakens GPLv2
and a new and improved GPLv4 which fixes that weakness comes out, the kernel
will be stuck with the now weakened GPLv2.

------
ausjke
I agree on the analysis. You don't need enforce Linux in court, Linux will
then keep getting more popular, to the point that those GPL-violation will
gradually find that upstreaming/releasing their code is actually more
beneficial than making the code closed. In the long run everybody wins.

Even Microsoft is embracing Linux as it pretty much has no other choices due
to the ever increasing popularity of Linux.

------
lamarkia
It looks like a simple issue that transformed into drama due to the attitudes
on the lkml.

It is obvious that there will be cases that the GPL will have to be enforced.
Was accepted by the other side in the end.

The SFLC will only undertake a case if they have the support of copyright
owners, not on their own volition.

~~~
JoshTriplett
Note that there exists a different organization known as "SFLC", but the
linked discussion occurred with the Software Freedom Conservancy (or just
"Conservancy"), which specifically avoids using the acronym "SFC" to avoid
confusion with SFLC.

~~~
lamarkia
Thanks for the clarification.

