
Understanding the “GPL is a Contract” court case - sohkamyung
https://perens.com/blog/2017/05/28/understanding-the-gpl-is-a-contract-court-case/
======
tzs
> There’s been a lot of confusion about the recent Artifex v. Hancom case, in
> which the court found that the GPL was an enforceable contract.

The author is reading too much into this. This was just a ruling on a motion
by the defendant, Hancom, to dismiss under Rule 12(b)(6) of the Federal Rules
of Civil Procedure, the "failure to state a claim upon which relief can be
granted" rule.

A 12(b)(6) motion essentially says "Let's assume for the sake of argument that
every allegation of fact that the plaintiff made in their complaint is true.
Under that set of facts, there is no way that a court could find that we are
liable under whatever law plaintiff claims we have violated".

When a court rules against such a motion, it is not saying that the alleged
facts ARE true, or that when those facts are applied to the laws in question
the plaintiff will win. All it is saying is that they plaintiff has alleged
everything that is necessary in order for it to be _possible_ for the
plaintiff to win.

So in this case all the court really found was that it is possible that GPL is
an enforceable contract in the circumstances alleged by plaintiff, Artifex.

~~~
stult
Well, that's not exactly a fair representation. The court found as a matter of
law (not fact) that the GPL is an enforceable contract. 12b6 standards require
the court to interpret the facts in the most favorable possible light for the
plaintiff. The facts, but not the law. No factual evidence is required for the
court to determine whether the GPL can be a legally enforceable contract, so
the plaintiff-favorable burden of proof has no bearing on the legal conclusion
which is the subject of all this news coverage. The decision being made as a
matter of law in a 12b6 motion indicates that the outcome of this particular
case still remains uncertain, but that the court would interpret any other GPL
in any other case as a legally enforceable contract.

~~~
emmab
Is this distinction equivalent to satisfiability of the contract wrt any case
vs satisfiability of the contract wrt this case?

How do you constrain "any case" to something reasonable, or does it need no
constraining?

------
Nokinside
I hope single-vendor commercial open source business model would be more
common. [http://dirkriehle.com/publications/2009-2/the-commercial-
ope...](http://dirkriehle.com/publications/2009-2/the-commercial-open-source-
business-model/)

GPL + Commercial dual licensing seems to be really good option for small and
midsize business where ake the code and take the business is real possibility.
GPL is widely known and quite clear. GPL establishes open source genealogy,
not just one point in time event like BSD licenses do.

Ghostscript, MySql, Qt etc. followed this path successfully. Qt is now a
public company with open source product.

~~~
vog
Why not AGPL + Commercial? To me this sounds like an even better option, as it
closes some GPL loopholes such as "hiding" modified GPL code behind a service.

~~~
k__
I thought they closed the loopholes with v3?

~~~
belorn
Different loopholes. V3 closes the idea of pretending to give someone
permission to modify and share software, but then using encryption or patents
to make it impossible in practice. Like selling a car but then withholding the
ignition key.

AGPL closes the idea that someone just ship a thin client and have everything
running on a server, which is an experience that can be almost
indistinguishable from receiving a copy. Since GPL explicitly do not treat the
transmission of a copy and using a service as identical, AGPL go as far as
copyright allows and tries to fix that.

~~~
k__
Ah, okay.

I knew about the AGPL and I thought it was merged into the GPL with v3.

~~~
quadrangle
It was included in GPLv3 drafts and then _removed_ and split into a different
license. Insider politics, but story as I take it basically that Google and
similar threatened nuclear war on FSF and GPL if it had the Affero clause. FSF
decided it was more important to get buy-in on _other_ loophole-closings
(tivoization, software patents) than to risk getting no buy-in for the update.
Some people involved are still very frustrated about the compromise.

~~~
richardfontana
I was directly involved in the decision to split AGPL into a different license
(as a lawyer for the FSF at the time). Your story attributing this development
to pressure from Google is completely false (though I have heard something
like it as well).

Early public drafts of GPLv3 did not exactly have an Affero condition - rather
they provided for compatibility with a then-nonexistent class of licenses with
Affero conditions satisfying certain criteria (AGPLv1 was not one of them).

This approach was disliked by two different constituencies. One was a group of
intellectuals who were associated closely with Debian, who largely would have
preferred a full-fledged Affero condition in GPLv3. The other was a corporate
constituency, but it wasn't Google (or other web 2.0-type companies); rather I
would say it was essentially FinSec end users. This group seemed to be worried
about the possibility of normalization of Affero-type conditions which it was
thought the compatibility provision in early GPLv3 drafts would cause.

FSF certainly wanted to get buyin for the provisions dealing with software
patents and 'TiVoization', but the companies preoccupied with those provisions
were mostly unconcerned about the Affero issue.

Edit: There was some concern from corporate interests, at least, about the
whole prospect of a proliferation of future Affero-like GPLv3-compatible non-
GPLv3 licenses, which the early drafts of GPLv3 specifically contemplated.
This was one of the motivations for redesigning the policy to have a single,
FSF-authorized Affero license that would be, in all likelihood, the only
(partially) GPLv3-compatible license with an Affero condition. The other
motivation was to address the concerns of the 'Debian intellectuals' I refer
to above.

~~~
k__
lol, buy-in sounds a bit like the FSF sold out.

~~~
quadrangle
It's like people think that FSF is a completely dogmatic and uncompromising
organization. In fact, they're interested in whatever serves their mission,
including compromising when they feel it's worthwhile. This is nothing new.
It's just that most of the compromises that other people wish they would make
they feel do not serve their free software mission.

------
daurnimator
> Another interesting point in the case is that the court found Artifex’s
> claim of damages to be admissible because of their use of dual-licensing. An
> economic structure for remuneration of the developer by users who did not
> wish to comply with the GPL terms, and thus acquired a commercial license,
> was clearly present.

Interesting development. This makes me want to dual-license my software so
that violations have more teeth to them.

~~~
likelynew
Well, why? If someone uses GPL only, it means they are not looking for money,
but is more of a choice to not use more permissive licences. Dual licensing
does not solves anything for them.

~~~
daurnimator
Because when I choose a GPL license, I do it because I want anyone that uses
that code to share their changes back with me.

If all I get out of a long court case is _finally_ seeing their code, then
it's not worth it for me to sue, and it's not worth it for them to comply with
the license.

Instead: if I dual license it: when they don't comply with the GPL license, I
can sue them for _damages_ : which makes things a hell of a lot more appealing
for a lawyer to take my case, and not as much as a waste of my time.

~~~
eeZah7Ux
"dual-licensed" is normally used to describe 2 Open Source licenses that user
can choose from.

[Edited for clarity]

~~~
rmccue
I believe here that the use of "dual license" here is about open source + paid
proprietary, not two open source licenses. The idea being that you can claim
damages.

------
notzorbo3
What Perens doesn't explain, and what I'm curious about is if the GPL is
considered a contract in _just this specific case_ , or in general. As far as
I understand, a contract requires agreement from the contractor (is that the
right term? Contractee?).

The finding says:

> Defendant used Ghostscript, did not obtain a commercial license, and
> represented publicly that its use of Ghostscript was licensed under the GNL
> GPU. These allegations sufficiently plead the existence of a contract.

I read that as: Since the defendent publically aknowledged their use of the
software under the GPL, they indirectly "agreed" to it, hence it's considered
a contract.

If a company doesn't publically state that, is it then not considered a
contract, and only a license?

~~~
vertex-four
The issue, of course, is that if they didn't agree to it, then they're
(probably) redistributing a copyrighted work without a license to do so. So
it's likely expedient for a court to assume that redistribution of a GPLed
work constitutes acceptance of the GPL, as the alternative makes no sense.

~~~
notzorbo3
The issue here is not about acceptance of the license, but whether it is just
copyright infringement or also breach of contract.

~~~
delinka
IANAL, but it makes sense to me that A) you've agreed to the GPL and thus have
willingly entered a contract, or B) not agreed to the GPL and are committing
copyright infringement.

You can then only be in breach of contract if you're operating under A.

~~~
notzorbo3
I'm also not a lawyer. I assumed that since they're making such a big deal
about the GPL being considered a contract in this case, that in other cases it
wasn't considered a contract. It feels like they're saying a breach of
contract is somehow different than just violating a license / copyright law,
but I'm not sure.

------
inian
How is Linux immune to wannacry like attacks?

~~~
kelnos
It's not, but Linux is immune to Wannacry and a lot of the other _actual_
garbage that's out there because they don't target Linux desktop users. It
would probably be pretty trivial to come up with a Wannacry-like bit of
malware that was equally (or more?) effective on a Linux desktop, but the
market for doing so isn't very lucrative.

~~~
inian
So the argument is Linux is more secure now because hackers aren't paying
enough attention to it. That is no reason to gloat about how Microsoft is bad
in terms of security.

