From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id B696A89E for ; Tue, 30 Aug 2016 17:13:47 +0000 (UTC) Received: from mx2.suse.de (mx2.suse.de [195.135.220.15]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3448C236 for ; Tue, 30 Aug 2016 17:13:46 +0000 (UTC) Date: Tue, 30 Aug 2016 19:13:43 +0200 From: "Luis R. Rodriguez" To: Linus Torvalds Message-ID: <20160830171343.GO3296@wotan.suse.de> References: <87inunxf14.fsf@ebb.org> <20160827162655.GB27132@kroah.com> <87bn0dnc6f.fsf@ebb.org> <1472348609.2440.37.camel@HansenPartnership.com> <20160828042454.GA8742@jeremy-acer> <20160828125542.7oejzcbpeozkrq3k@thunk.org> <20160828154356.GA16414@jeremy-acer> <20160828193656.cbd64qqenmpsbiwp@thunk.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Cc: James Bottomley , Christian Lamparter , "Bradley M. Kuhn" , ksummit-discuss@lists.linuxfoundation.org Subject: Re: [Ksummit-discuss] [CORE TOPIC] GPL defense issues List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , On Sun, Aug 28, 2016 at 01:36:38PM -0700, Linus Torvalds wrote: > On Sun, Aug 28, 2016 at 12:36 PM, Theodore Ts'o wrote: > > > > I didn't say that. I said consensus driven and taking into account > > all of the stakeholders. If it makes you feel better, how about > > "Linus as the benevolent dictator"? He makes a point of gathering > > input from multiple stakeholders, and delegating authority to others > > for day to day decisions. That's how we do our development, after > > all. > > So quite honestly, I think everybody would be much happier if we were > not even ever in the situation where that would be required. Absolutely. Proactive measures are best, always. If we don't have good proactive measures in place then I think we have only ourselves to blame. > Personally, I really think that legal action by the "community" is not > at all what we should hope for, or even _aim_ for. The problem is some folks are taking stupid action and it seems for profit. At least SFC's approach is transparent, has a published Principles guideline *and* has an open invitation to anyone to participate in the discussion. The goal is to prevent stupid things, but to obviously address the high level or violations being reported, somehow. > As mentioned, I don't think it has worked wonderfully well. So let us learn from that. > But we do have examples of Linux GPL-related legal action that I think > we *all* can agree has worked absolutely stunningly well. > > I don't think anybody disagrees that IBM's legal actions against SCO > were a really good thing. Sure. > No, that was not mainly about some "GPL test > case" or "license clarification", and it wasn't even _mainly_ about > the GPL. I agree with not using suits for test cases. That is just plain stupid. > But the GPL _was_ part of it, and both the license and the community > came out really well in it. > > What I'm happy about it is also that it was a defensive suit, and > quite frankly, when we talk about "going to war" and "nuclear > options", I have to say that "defensive" is also a big big positive. > Because offensive use of nuclear options is just a f*cking bad idea. > Seriously. Absolutely. > And to further take that example: it was also a very good example of > how companies really can help us. Any legal enforcement discussion > absolutely should *not* be about "how does the open source community > enforce the GPL against companies". That's just stupid talk, and makes > it be about "individuals vs companies", which IS NOT TRUE. That's > simply not how the community has worked in Linux, and it isn't how it > *should* work. Absolutely. > Seriously. I think we should see the IBM/SCO thing as an example of > how we should all wish the GPL is to be used. > > Do I want some "community effort" to try to create a "GPL test case" Emphasis, "test case". > against some random badly behaving company that isnt' even all that > *meaningful* from a development standpoint? Hell no. Quite frankly, > anybody who sees that as a good end goal should haev their head > examined. Yet that seems to be what the SFC sees as their goal in > life. Agreed. > We should put our goal posts in a totally different direction. We > don't have a ":community effort" to do marketing. We all realize how > completely idiotic and stupid that would be. A "Software Freedom > Marketing Center" would be laughed at. Laughable as it may be such campaigns do exist, such as the FSF's "Respect your freedom" hardware product certification thing [0]. Having been involved in making freedom available on one of these devices, an 802.11 device with open firmware, I can tell you that its been a success with those that care. Sure, the group of interested folks in this sort of stuff might be small -- so to me more important is the breed of better developers, better software, potential new hires, and eventually showing how only a group of a few open developers can end up replacing an entire fucking team doing a completely sub-par quality firmware. Fortunately, as code was opened one can inspect what the quality was during initial release against the latest development in collaboration with the community. I left Atheros leaving behind *two* test cases of open firmware on the 802.11 world, and any security researcher should be able to have a good field day in showing what the quality of changes that opening brought about. For open firmware though, the market simply is too late to take advantage of if one is to do this as a test case, which is what we were doing. Silicon cycles are fast and based on experiences you'd need to be releasing and engaging *with the community* even during hardware ramp up, while you are working on the first pieces of software being stitched together, not as a *port work*. Port work is just dumb and too late. >>From a practical point of view, resource point of view -- so, corporate -- tons of lessons to be learned form these efforts. Those were the good 'ol days. [0] https://www.fsf.org/resources/hw/endorsement/respects-your-freedom > Why the hell do people not laugh at it when it comes to legal issues? > > The fact is, Linux is in a very different position than the one that > Jeremy Allison describes for samba. Or the one we were in 20 years > ago. We have very consciously tried to make various companies be > *part* of our community, and they have been an incredibly powerful > resource. They employ a lot of the engineers, but they do so much more > too. > > So I seriously believe that we should not see companies as the "enemy" > and as a target of lawsuits. We should see the Linux companies as a > big part of the community, and as the natural *defender* of the GPL. Ah. If those companies use the GPL. Sadly a new breed of companies do not use the GPL for upstream contributions when they can now and as such the GPL is not even part of their language other than danger, and if you need to use the GPL you can end up feeling like a caged monkey. The good 'ol days are over, for some companies and if I were you I'd be a bit concerned over what that might mean long term. There surely are companies still using the GPL, and that's great, but its not like the way it was before. I'll admit I am partly to blame for the proliferation of a new age of permissive license proliferation in the kernel, this all started with a joint effort to help the BSDs when we took the openhal for ath5k, then ath9k.. etc... My days of the whole BSD camp - kumbaya are over, as I've seen the danger with that. > And we already have a really good example of that that people seem to > be ignoring. The good 'ol days are over. Not for all, but some. > I would really want people to completely change their thinking about > this "GPL enforcement" thing. > > The great thing about the GPLv2 was how it turned copyright law > "against itself" (really just against traditional use of copyrigth) > and it has been described as a legal "judo move" - using copyright to > *open* software instead of using it as a way to *restrict* software. > It's why people call it "copyleft", after all. > > THAT is the beauty of the GPLv2. :D > But the people who then see proprietary software as "evil", and see > companies as being amoral, and as the enemy (and this very much is how > rms and the FSF was acting), those people were doing exactly the wrong > thing, and I have been fighting that idiocy for as long as I've been > using the GPLv2. > > The fact that we didnt' see proprietary software as evil, and that we > opened our arms to companies made all the difference. People have the right to feel proprietary software is amoral, its on them, this may be subjective in certain situations. But, from a market perspective proprietary software is also plain stupid. > Now those same small-minded people are making the SAME MISTAKE, all > over again. I do *not* want anybody who talks about "evil" proprietary > software to be the seen as the "protector" of the GPL. No, people who > talk about how proprietary software is "evil" should be seen as > *stupid* people. Because they are. We showed them wrong. I say proprietary software is just stupid. There are advantages of copyleft, however not many companies tend to see similar gains towards the GPL as perhaps some used to. I'm not saying these companies do not exist, they still do, I'm just saying -- the market has change and some just use Linux permissively. > And similarly, we should *not* see this as some crazy "community is > protecting itself against companies" crap. Again, that's the stupid > and wrong-headed FSF thinking. It's bad. Of course. > We have a ton of companies that are part of the community, and the > same way we're bad at marketing and rely on companies to do that, we > should at least _strive_ to work towards companies doing legal > enforcement too. Sure, but many companies don't care about that aspect of the GPL, to a large camp they are fine with Linux being a permissive license dump ground. That's fine for them too, so long as they contribute, we should be happy right? But I'm pointing out the same logic has slightly changed about approach. > That's the true "judo" move. > > Because quite frankly, I think just by going by existing history, > companies are better at lawsuits than the community is anyway. Just > look at IBM. Sure, but there is a new era of companies that do not care. In lack of there being any new need for companies to use the GPL, why would they? That might leave a gap for the community, and then again, should the community have a GPL representation as companies do? What if it was only used as a last resort measure ? That's what is being asked. What due process to follow. Etc. Luis