Also, how is this a victory by Linux? I see no mention of activity by the rest of the Linux community while Geniatech fought the legal battle.
The companies can make him go away simply by complying with the GPL, no?
While what McHardy is doing may not be the most diplomatic stunt, it's kind of hard for me to sympathize when the companies wouldn't have to pay anything if they would just comply with the GPL license.
If you don't want to comply with the GPL, use BSD or something.
Am I missing something or could these companies sidestep all the legal BS with a minimal amount of effort.
That's not clear. If you copy someone's work and don't have a license to use it then you've violated the copyright holder's rights. Just because you come into compliance with a license to copy the work doesn't absolve the violating party of the original liability.
Additionally, there is some disagreement specifically around the GPLv2 and license re-instatement; specifically, it's not clear that license re-instatement is possible in the face of unwilling copyright holders.
I don't see anybody citing theft. And, quite often, license compliance IS legally resolved by coming into compliance.
However, I still find it hard to sympathize. Don't want this problem--comply with the GPL or don't use GPL software. The GPL is functioning as written and intended.
There is a reason so many companies consider GPL-licensed software to be radioactive.
That's because it is a concept that doesn't exist. Creating a copy in violation of copyright is not theft.
Copyright is the right to limit others ability to create copies. That limitation doesn't involve things that can be stolen.
The Linux community suspended McHardy from being a core developer. The stable branch maintainer said the lawsuits "have threatened the confidence in our ecosystem". And the technical advisory board is asking developers to sign a statement that they are not seeking financial gain.
"sworn affidavits of senior kernel developer Greg Kroah-Hartman and current netfilter maintainer Pablo Neira were presented in support of some of [Geniatech's] claims. The contents of those are unfortunately not public, neither is the contents of the sworn affidavists presented by the plaintiff."
Follow his activities(news about law suits are followed by FSF and GNU anyway) and contact litigators to inform them that he does not represent any open source contributions for these groups.
Then he has no leg to stand (and sue) on.
Even if you could remove all the code that he has claim too, that would only be for a future release, and most commercial users of Linux tend to use older, battle tested releases (especially for embedded products.
"[...] as Netfilter substantially existed since 1999, three years before Patrick's first contribution to Netfilter, and five years before joining the core team in 2004."
The FSF, and the SF Conservancy (which does the bulk of GPL enforcement) espouse Community-Oriented GPL Enforcement. The goal of Community-Oriented Enforcement is compliance, not punishment.
McHardy wasn't seeking compliance. He was saying "Your license to my portions of the kernel was automatically revoked when you did X. Pay me damages." This could arguably work as a deterrent, but it does nothing to fix the current violation.
Additionally, a problem with the GPLv2 is that it is automatically revoked upon violation, and has no reinstatement clauses. If a company violates the GPLv2, and then the SF Conservancy enforces the GPL against them, after it's all worked out, the SF Conservancy can reinstate the license to the portion of the code that the SF Conservancy owns or represents the owners of, but there's still quite a bit of code for which the infringer technically hasn't had its license reinstated for. Even after working everything out with the SF Conservancy, McHardy could say "Ok, but they didn't reinstate your license to the portion of the code that I own. You're infringing on my copyright, pay me damages."
> The goal of Community-Oriented Enforcement is compliance, not punishment.
Is there some record of the debate, if any, that led to this policy? Clearly, financial costs are a deterrent that leads to compliance. Many laws, regulations, and contracts achieve compliance in this manner. That doesn't make the FSF's position wrong, but I wonder how they reached it.
The FSF agrees, to an extent: https://www.fsf.org/licensing/enforcement-principles
Community-oriented enforcement must never prioritize financial gain. Financial penalties are a legitimate tool to achieve compliance when used judiciously. Logically, if the only penalty for violation is simply compliance with the original rules, bad actors will just wait for an enforcement action before even reading the GPL. That social model for copyleft and its enforcement is untenable and unsustainable. An enforcement system without a financial penalty favors bad actors over good ones, since the latter bear the minimal (but non-trivial) staffing cost of compliant distribution while the former avoid it ...
Note about general principles: a deterrent needs more than pain to ensure compliance.
* There also needs to be a clear path to compliance. If the subject of a rule isn’t capable of complying, they won’t comply.
* Knowledge about the possibility of violation & penalty needs to be available to the subject.
* There needs to be consistency in what will ensure compliance. Otherwise, the subject is better off taking out insurance, raising their prices, and accepting fines as a cost of business. Or getting out of the situation entirely.
There is a story from somewhere (possibly the warring states period of pre-Han China?) of a general who was late returning from an engagement.
General: “what is the punishment for lateness?”
General: “and and what is the penalty for mutiny?”
Aide: “also death.”
General: “Well, I suppose mutiny gives us a chance of survival. Summon the captains.”
Otherwise how else will compliance for Linux be enforced?
The theory is that a violating Linux-based device where you can try to get the manufacturer to fix this in the future is better than a device with a closed system and no chance of getting it opened because the manufacturer was scared of legal consequences of using Linux.
FSF and the SF Conservancy is attempting to try to bring a consensus to that issue, but that too is a contentious discussion. Some vocal developers has some views, the Linus Torvald has his, the Linux Foundation has theirs, and not counting everyone else which has a stake in the issue. In general it seems that the overall ecosystem seek compliance but I suspect even the effort to try establishing that as a consensus and have it written down as an official policy of the project would be an uphill battle.
An interesting aspect that this judge brought on is the statement that the 15000 developers should not be considered co-authors of the linux kernel as a whole but rather defined in the German law as "editing authors" with limited rights compared to co-authors. It might mean that Linus, if any, is the only one that can make enforcement for the project as a whole.
The whole point of the GPL is that it's an enforceable license.
(This "contribute back" aspect is, IMO, the core difference between MIT/BSD and the GPL.)
It strikes me such companies never intended to comply with their legal obligations - make that position financially untenable and use the money to support development/developers who are compliant.
Most companies will see a lawsuit as an attack, and blacklist interacting with you in the future if they can. It reflects badly on the FOSS community, and makes future interactions even more difficult. There are a lot of businesses that will fight relying on any FOSS product, but leap at precisely the same thing with a paid license.
However, more polite requests usually get canned without reading.
This is a tough problem, with hypersensitive businesses thrown in the mix. Wielding the GPL like a hammer won't help, but ignoring it won't either.
The companies that will strip out FOSS from all of their products will have to cripple their product, increase their lead times and increase their costs - possibly all three.
If FOSS is competing with their closed source product, that makes FOSS more competitive. If companies that respect FOSS compete with their product, that makes them more competitive. These are good things.
I don't think it pays to accommodate companies with laywers that behave irrationally in response to enforcement of the GPL and it certainly doesn't pay to respond to bully tactics by relenting.
But how about a public case?
Verizon got caught breaching the GPL with Busybox.[!] At the end of the day, they agreed to become compliant... And Busybox is no longer a product they use or distribute. 
It also makes no sense to sue the companies violating the licenses. They would be more inclined to move to a closed-source option with a known fee, since the very product you are using has an ambiguous cost attached to it.
For example, I have deep disdain for people who build up WordPress or Drupal sites for clients and flat out refuse to let the customer have their code, but that still doesn't mean they should get sued to oblivion, no matter how much I disagree with this practice.
If you are for open source, you want to actively encourage the use of these platforms (regardless if you think they are trash) instead of having these people move over to some equally bad system. This is worse for the OSS community. It's also worse for the customer, since hidden fees for MS or Oracle will be tacked onto the product price. If word got out, even those who follow GPLv2 to a T would have reason to be nervous, so they'd just migrate off the platform as well.
Apparently they already can. If there is no enforcement, what prevents anybody from doing it ? Good will.
> but that still doesn't mean they should get sued to oblivion, no matter how much I disagree with this practice.
Remove "should" and "to oblivion", and the result seems reasonable. After all, we can't give tickets like for speeding for those infraction. The only problem with sueing here is the cost of it.
But it's perfectly alright from a moral point of view. People worked hard, sometimes for free, for free software to exist, out of idealism. The only thing they demand is to accept the licence.
Now that everybody knows the true political aim of the GPLv3 and that we know the pragmatism of BSD and others, I wonder under what license would the kernel have been published today...
Code tied to your own hardware can lead to reverse engineering and creating other software to be used with said hardware. This is a good thing (for the user) though.
Well, the problem here is that they're actually demanding a few million euros.
It makes perfect sense to sue a company that fails to comply with the license. What doesn't make sense is for anyone with a two line contribution to the kernel to sue anyone for not complying with the license. I like the way free software enforcement organizations approach this currently. Represent the community as a whole, ask nicely first, sue if that doesn't lead to compliance.
> For example, I have deep disdain for people who build up WordPress or Drupal sites for clients and flat out refuse to let the customer have their code, but that still doesn't mean they should get sued to oblivion, no matter how much I disagree with this practice.
It means that they should comply with the license or possibly face legal consequences. If that means that they'll get sued to oblivion, that's their responsibility. If the customer can't see the code, however, there's a chance that the customer doesn't have a copy of the software (e.g. if it's running on a server that the contractor is maintaining) in which case GPLv2 doesn't give the customer the right to see the code making the example completely irrelevant.
> If you are for open source, you want to actively encourage the use of these platforms (regardless if you think they are trash) instead of having these people move over to some equally bad system. This is worse for the OSS community.
Why would I want to encourage anyone to build a platform using my GPLv2 software if they don't honor the license? Their use of my software gives no value to me if their changes aren't public. If a system is built on a Linux kernel that we never get to see the source of, its value compared to "some equally bad system" is exactly that, equal. It's proprietary software, and the only difference from some other proprietary system is that it's also illegal.
So as the proprietor of a piece of GPL software that gets used illegally, you're given the choice of a) having the non-compliant user continue violating your rights, the free software community having absolutely nothing to gain from it, or b) having the non-compliant user forced by a court to comply with the license, release the contribution and pay damages to you. The choice seems simple.
> It's also worse for the customer, since hidden fees for MS or Oracle will be tacked onto the product price.
In which case the company will have a hard time competing with the many others that are able to honor free software licenses and both benefit from and contribute to the free software community. How bad is that?
> If word got out, even those who follow GPLv2 to a T would have reason to be nervous, so they'd just migrate off the platform as well.
It's a very simple license to honor. If you don't want to honor it it means that you are either too lazy to care about licenses or that you've made changes of a proprietary nature that you don't want to share. Either way, malevolent.
Even though I do my best to follow licenses, I may be making a mistake somewhere. If I heard a case where was sued for $1M to a GPLv2 software, I'd strongly consider moving over to a propriety product and pay $10 a month to mitigate my risk.
Remember that every uninstall is one less user, which is one less incentive to maintain the product, and once that gets close to zero, it's game over.
Are these non-compliant companies using cracked versions of other closed-source software? I'll bet they pay for their MS licenses, because they know MS will sue them if they don't.
We also know kids use all sorts of cracked software as well. The reason they don't get sued is because the companies know that it is bad blood to sue. They know that, in the future, these kids will be running offices and they will buy that software they loved.
Granted, the goodwill ends up with money coming in, but it's the same theory with open source. Most large projects are backed by companies that earn millions. The idea of a single dude doing free work is often times a myth.
There are plenty of resources available on how to comply and how to setup a process to minimize this risk. Simply dump all the versions and licenses of third party software you use to a file and accompany your distribution with a written offer to share the source code or links to their official repositories if they are unmodified.
> If I heard a case where was sued for $1M to a GPLv2 software, I'd strongly consider moving over to a propriety product and pay $10 a month to mitigate my risk.
You're considering this from the perspective of an end user? Let me clarify that the limitations of GPLv2 kick into effect once you distribute software. As far as respecting copyright goes, you can use GPL software and modify it freely without any legal forethought. It's when you distribute such software that you'd get in trouble by not also sharing the source code.
In fact, this is better for the consumer, who will be able to use the bundled GPLv2 licensed software without buying the product.
> Remember that every uninstall is one less user, which is one less incentive to maintain the product, and once that gets close to zero, it's game over.
This implies that the amount of users is the only incentive when it really is not, For one, some users are more important than other users. Companies like Intel, Google, IBM, SUSE, Red Hat and AMD are important users in that they also make significant contributions to the kernel for their own benefit. There is a huge incentive for these to contribute back even if they don't need to distribute their changes because getting it into the mainline kernel simplifies maintenance. Whether some Shenzhen set top box that violates the GPL uses Linux doesn't make a difference. If anything, their continued illicit use detracts from the credibility of the license and discourages contributors that give a hoot about people respecting their individual property and the overall philosophy of free software. Then, particularly for smaller projects than the kernel, there are the individual contributors who are usually users of the software they contribute to.
I think you've maybe made the connection "users == customers" where there is none. In those terms, companies that ignore free software licenses are simply pirates.
That's not enforcement.
The community choose not to enforce. "gently" has nothing to do with it.
I get that this is a preference, and they make the software and choose the licence so this is their choice.
But that's not enforcement.
It basically means you can do whatever you want with it.
And hence people do.
The system works because a few are giving away a lot while most benefit from it with taking without giving back anything.
This is why everything is behind an API paywall now. This is why XMPP is getting shut down. This is why IMAP is being replaced by proprietary front ends. Why we have DRM in HTML5. Why TiVo did what it did.
Because, well, we let them.
In what way would a vigorous enforcement of the GPL prevent any of that?
The only even remotely related to the GPL is TiVo, and even then it wasn't lack of enforcement, the version of the license simply didn't prevent it, hence GPLv3.
Come on, we are in the same boat here, we agree Linux (and Wikipedia and ...) are amazing things. And we all admire and cheer the contributors and so on. Don't be mad when we point a small incoherence. It's like opening an issue, close it if you have a large support of the community, but please, spend 5 minutes thinking about it from a new point a view.
The way things are right now, the bounty hunter could argue that the very idea of the statement above is absurd - and that demonstrates how broken things are.
I can't help but agree more and more as time goes by that maybe Linux is getting too big for its own good. I do wonder how it'll topple.
If someone does a hit-and-run and hits several people with their car, one of those people suing and getting damages from the malfeasant isn't a bad thing, nor is it something we should frown on IMO.
However, the basis of this post was that one person's actions were exploitative from the perspective of the community.
I'm just saying it's sad that there wasn't sufficient precedent of some kind to dissuade what happened from occurring.
"If anyone needed another reason to avoid GPL software here you go. I thought the whole idea of open source was to avoid litigious assholes."
The FSF would be disinterested in the spread of this sort of thinking. That's a good reason against letting bounty hunters loose.
In Firefox, navigate to about:config, and change media.autoplay.enabled to false.
Turns out I had and ZDNet is somehow getting around it.
Another site for the blacklist, then.
Maybe this makes more sense if the vast majority of kernel developers are commercially funded and not volunteers.
This particular company fixed their compliance issues, and Patrick McHardy still went after them once they had. He did so while hiding it from other kernel developers, and kept all of the money for himself.
This would have never happed with any GNU project, or OpenLayers, etc.
So this is "another reason" not to violate the GPL. It doesn't affect compliant GPL users.
> I thought the whole idea of open source was to avoid litigious assholes.
It sounds as though you're anti-GPL, so perhaps in this case the distinction between "open source" and GPL-style "free software" is relevant.
The GPL imposes a significant requirement on users, which is that if you make changes to GPL software and distribute that software, you must make the source code to those changes available. This has nothing to do with "avoiding litigious assholes", so your assessment of the "whole idea" is not accurate when it comes to GPL software.
How is that? Not sure what you mean.
Writing everything from scratch in-house is how you usually avoid litigious assholes.
When using someone else's stuff it is a good idea to comply with the licensing terms. That's also a valid strategy to avoid litigation.
Nah, that just gets you a patent suit.
It's barely worth the effort of downvoting, let alone a considered reply.
If you prefer to give the work for free, without strings attached, then don't complain companies are evil and such.
People bash GPL, but had Linux and GNU did not exist, and most likely everyone would still be using Solaris, Aix, HP-UX, DG/UX, Irix, Tru64,....
I have my doubts the BSDs would have had the same industry adoption.