1. 38
  1.  

  2. 28

    5 years. Nobody would dare to be that careless when it comes to e.g. oracle’s license agreements, but with the GPL, hardly anyone seems to care.

    (This isn’t just meant in re: to tesla, but many, many other players as well)

    1. 5

      It’s why Im in favor of suing the crap out of them if they dont respond to nice letters and gradual escalation. Very important to have the gradual escalation with clear process and solutions so companies dont worry GPL = massive loss of money. The few hit would be a solid example of what happens to worst offenders. Most of that money donated to FOSS infrastructure, legal defenses, or businesses.

      1. 4

        … if they dont respond to nice letters and gradual escalation.

        This put a huge burden on GPL developers and communities.

        I think that suing them the crap if they don’t start to comply the day after the first email would be a much more effective approach.

        For one company that try to comply after 5 years, how many other don’t care?
        This lenient approach give them nothing to lose!

        Do these company comply to free software license only if they are totally busted?
        Fine, so most of them don’t comply at all. So there’s nothing communities can lose by suing them.

        So sadly, free software communities can only obtain respect for their work by suing violators.

        IMHO, Software Freedom Conservancy is not protecting free software, but corporate’s investments.

        1. 3

          We’re trying to keep the moral high ground here. Plus, reduce the risk of companies avoiding GPL code. They’re already a little afraid of it. It helps to let them know a mistake won’t be an automatic, massive loss. The people doing GPL compliance usually just give them a notice asking them to fix it. I don’t know how often compliance happens but write-ups I’ve seen indicate they had a lot of success just talking to companies.

          Note that commercial, copyright holders usually give a takedown notice before legal action as well. Right now, those doing it for content are even doing six strikes with ISP’s. I’d say similarly let them ignore a few emails or contacts that we document to show a pattern of not caring. Then, hit them with a law suit.

        2. 3

          As I understand, for US, you can sue for either actual damage or statutory damage of $30,000. For example, The Qt Company can sue and recover the price of Qt commercial license, and attorney’s fees. I think for Linux and BusyBox it is entirely possible that the enforcement wins and the court awards small damage, resulting in worse compliance in the future.

          1. 2

            So, in that case, the default commercial license should be something like Oracle’s with actual licenses always being reduced based on traits of the business. In court, you’d cite the non-discounted, Oracle-style licensing of the product with pricing per developer seat, per CPU, per organization, per deployed instance, and per mention of the trademarked name in court documents. Should add up pretty quickly if it’s a big company or a startup. ;)

            Nah, in seriousness, I’d be suing under copyright law if possible since a violation is up to $250,000 per count. That’s what the proprietary companies use in combination with patent law. If there’s patents, maybe use that as well. Damages could be pretty high.

            “I think for Linux and BusyBox it is entirely possible that the enforcement wins and the court awards small damage, resulting in worse compliance in the future.”

            I didn’t think about that. I’d have to make sure the solution addresses it. Alternatively, the response can vary per project.

            1. 4

              the default commercial license should be…

              This remind me of Bruce Perens recommending developers of GPL software to always offer dual license.

              1. 2

                I didn’t know about that legal angle. Thanks for the link!

            2. 1

              The “actual demage” is the whole development effort donated by developers of Linux and BusyBox.

              Make an estimate, and ask for it.
              Indeed, if you don’t want to comply with the GPL you have to buy the copyright from each of the developers or create your own Unix and BusyBox alternative from scratch with comparable effort.

              1. 2

                While I want this to be true, this strategy is completely untested in the court and if that is the alternative, I fully understand why FSF and SFC are reluctant to pursue such strategy.

                1. 2

                  I fully understand why FSF and SFC are reluctant to pursue such strategy.

                  Why?

                  I mean: the gift of developers’ hours under GPL is conditioned to the reciprocity it requires.

                  Without the reciprocity, that work is not a gift anymore: you either pay for it or comply to the requirements. Still, after license termination, you can just pay.

                  1. 2

                    Why? Because it is untested in the court! Or do you have a case number where your strategy worked?

                    1. 3

                      Oh… good point!

                      So it remains untested because… it’s untested!

                      I guess an exit condition is missing in this loop…

        3. 7

          SFC has the sort of diplomacy I would never be capable of in face of something so infuriating

          1. 4

            Guess Tesla should have based their stack on one of the *BSD’s, MINIX3, or maybe VxWorks instead? ;)

            1. 5

              Like Intel did for the ME. The backdoor is highly reliable, too.

              1. 3

                At least it would make upgrades a breeze! ha!

            2. 4

              I want to write on Artifex v. Hancom, which is tangentially related.

              Artifex is the copyright owner of Ghostscript, dual licensed under AGPLv3 and commercial. Commercial license term is not public, but allegedly includes percentage of revenue, like Qualcomm. Artifex sued for injunction. (So we don’t know what the damage would be.)

              Hancom tried an interesting bit of lawyering: copyright infringement, if it happened, happened in South Korea. US copyright law only has US jurisdiction. This was not actually said, but Artifex is claiming loss of licensing fee as percentage of worldwide revenue based on alternative to comply in US jurisdiction… I feel Hancom’s legal strategy is, as a legal matter, not completely without merit. They settled out of court with confidential condition, so we will never know, but I fear Artifex may have felt they could possibly lose.

              1. 3

                I’m disappointed that companies who own significant copyright in Linux (like RedHat or Intel) and industry groups like the BSA don’t go after intellectual property thieves like Tesla. There are plenty of non-Linux choices if companies don’t want to comply with the GPL’s license terms. Other car companies seem to be happy with VxWorks and similar.

                What’s the point of asking China to comply with American IP if the US won’t even police its own companies?

                1. 10

                  I’m pretty unsurprised that a company like Intel or Red Hat wouldn’t sue. Lawsuits are expensive, and it’s not clear a GPL suit would produce any significant damages (can they show they’ve been damaged in any material way?), just injunctive relief to release the source code to users. So it’d be a pure community-oriented gesture, probably a net loss in monetary terms. And could end up a bigger loss, because with the modern IP regime as de-facto a kind of armed standoff where everyone accumulates defensive portfolios, suing someone is basically firing a first shot that invites them to dig through their own IP to see if they have anything they can countersue you over. So you only do that if you feel you can gain something significant.

                  SFC is in a pretty different position, as a nonprofit explicitly dedicated to free software. So these kinds of lawsuits advance their mission, and since they aren’t a tech company themselves, there’s not much you can counter-sue them over. Seems like a better fit for GPL enforcement really.

                  1. 8

                    a GPL suit would produce any significant damages (can they show they’ve been damaged in any material way?

                    This is generally why the FSF’s original purpose in enforcing the GPL was always to ensure that the code got published, not to try to shakedown anyone for money. rms told Eben in the beginning, make sure you make compliance the ultimate goal, not monetary damages. The FSF and the Conservancy both follow these principles. Other copyleft holders might not.

                    1. 3

                      Intel owned VxWorks until very recently. Tesla’s copyright violations competed directly with their business.

                      1. 2

                        I’m not a lawyer but the GPL includes the term (emphasis added)

                        1. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

                        Even if monetary damages are not available (not sure if they are), it should be possibile to get injunctive relief revoking the right to use the software at all. Not just injunctive relief requiring them to release the source.

                        1. 3

                          This is from GPLv2.

                          GPLv3 is a bit more lenient:

                          However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation.

                          Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice.

                          Now, I think people should move to GPLv3 if they want this termination clausole.

                          And in any case, 5 years are completely unrespectful of the various developers that contributed to Tesla through their contribution to the free software they adopted.

                          To that end, we ask that everyone join us and our coalition in extending Tesla’s time to reach full GPL compliance for Linux and BusyBox, not just for the 30 days provided by following GPLv3’s termination provisions, but for at least another six months.

                          As a developer, this sounds a lot like changing the license text for the benefit of big corporates without contributors agreement.

                          When I read these kind of news I feel betrayed by FSF.
                          I seriously wonder if we need a more serious strong copyleft.

                          1. 2

                            It is not without contributor agreement. Any contributor who does not agree is free to engage in their own compliance or enforcement activity. Conservancy can only take action on behalf of contributors who have explicitly asked them to.

                            The biggest problem is that most contributors do not participate in compliance or enforcement activities at all.

                            1. 1

                              Conservancy can only take action on behalf of contributors who have explicitly asked them to.

                              Trust me, it’s not that simple.

                              The biggest problem is that most contributors do not participate in compliance or enforcement activities at all.

                              Maybe contributors already agreed to contribute under the license terms and just want it to be enforced as is?

                              I’m sincerely puzzled by Software Freedom Conservancy.

                              Philosophycally I like this gentle touch, I’d like to believe that companies will be inspired by their work.

                              But in practice, to my untrained eye, they weaken the GPL. Because, the message to companies is that Conservancy is afraid to test the GPL in court to defend the developers’ will expressed in the license. As if it was not that safe.

                              I’m not a lawyer, but as a developer, this scares me a bit.

                              1. 3

                                If contributors want they license enforced they have to do something about that. No one can legally enforce it for them (unless they enter an explicit agreement). There is no magical enforcement body, only us.

                                Conservancy’s particular strategy wouldn’t be the only one in use if anyone else did enforcement work ;)

                                1. 1

                                  You are right. :-)

                      2. 2

                        They’re asking China to comply with the kind of American IP that makes high margins, not the FOSS. They’re doing it since American companies are paying politicians to act in the companies’ interests, too.

                      3. 2

                        This seems to be a massive failure of the GPL as it has not been enforced and it has been some years since the violation was identified. I struggle to believe that the GPL ensures the freedoms promised within when enforcement is such a joke.

                        1. 3

                          Not sure it can be a “failure of the GPL”. The GPL is just a license, it sets the rules for good actors.

                          The rampant, long-lived violations in every single electronic product most people own is a failure of enforcement, which is mostly due to lack of resources and/or lack of contributor action.

                        2. 1

                          If failure to build indicates a GPL violation …

                          1. 4

                            It very much does. And with GPLv3, so does failure to install

                            1. 1

                              I apologize for my bad joke.