From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 6793E258 for ; Sat, 27 Aug 2016 21:19:03 +0000 (UTC) Received: from pine.sfconservancy.org (pine.sfconservancy.org [162.242.171.33]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A271F17B for ; Sat, 27 Aug 2016 21:19:01 +0000 (UTC) From: "Bradley M. Kuhn" To: ksummit-discuss@lists.linuxfoundation.org References: <20160826193331.GA29084@jra3> <87inunxf14.fsf@ebb.org> <20160827162655.GB27132@kroah.com> Date: Sat, 27 Aug 2016 14:18:16 -0700 In-Reply-To: <20160827162655.GB27132@kroah.com> (Greg KH's message of "Sat, 27 Aug 2016 18:26:55 +0200") Message-ID: <87bn0dnc6f.fsf@ebb.org> MIME-Version: 1.0 Content-Type: text/plain Cc: Linus Torvalds Subject: Re: [Ksummit-discuss] [CORE TOPIC] GPL defense issues List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , I *thought* this list was for KS proposal meta-discussion, but this thread is now mostly substance and very little meta. :) However, AFAICT, no one has declared this thread as off-topic, and generally speaking, I believe everyone in the GPL Compliance Program for Linux Developers, including me, is glad to see GPL enforcement discussed openly. So, I'm continuing with replies: Today, Greg made references to a talk I gave, and drew broad conclusions about my beliefs. Yesterday, Linus made reference to an LWN comment I made, and made conclusions about my moral character. This is a complex topic, and the entire breadth of everyone's view cannot be summarized by out of context snippets. I do think Greg's summary of my talk is inaccurate on many fronts, but the details on that don't really matter. I believe we function well as a community by trying lots of different strategies in parallel. This works for Linux development itself, and it works for GPL enforcement too. I, Greg, and many others have done excellent work convincing companies to abide by GPL without lawsuits. Nearly all the work by the GPL Compliance Program for Linux Developers doesn't use lawyers or lawsuits. We all use the same strategy, and *almost* all the same tactics to achieve GPL compliance for Linux. Our disagreement is over a finer point of a specific tactic that is only relevant in roughly 0.57% [0] of GPL violations, which is this: "What do we do in those cases that have no resolution for years, after many try to gain compliance and failed. Should anyone sue in that case?". Greg says: "No, never." The consensus in Conservancy's GPL Compliance Program for Linux developers is: we're giving up on the GPL as a strategy if we let those 0.57% just get away with violating, because even though the number is small, that group contains the truly bad actors; they'll set example for future bad actors. One reason (among many) we should bring lawsuits in those rare cases is to show everyone the 99.43% that they are much better off working with the community. We have plenty of evidence from company representatives who say clearly: "I can't get my company to comply unless the threat of lawsuit is realistic; we agree it's totally reasonable to sue the very few bad actors". Greg, representatives of some the same companies that I know you've worked with to improve compliance have told me and Karen that directly. Greg, in your email today, you've called for us to close up our Program: > So please stop this now, it's not helpful, but instead, hurtful, and > harmful to our very survival. The GPL Compliance Program for Linux Developers only does this work because real developers who have written code upstream in Linux work actively with Conservancy. You've ask them to stop working with us. Fortunately, they can see your directive above and act. The enforcement agreements are revocable. Every one of our many coalition members could walk away tomorrow, and I assure you that we'll close up the Program if they do. > and not change to being rude and disrespectful to our users and developers > by getting lawyers involved. I do know lawyers who are rude and disrespectful by default. (I also know some Linux developers who are rude and disrespectful by default.) But you're saying above that can't be categorically true about lawyers (or Linux developers): namely, that *all* lawyers are rude and disrespectful, in every situation. In our coalition's Linux enforcement actions, we don't typically bring a lawyer into the conversation until we're close to what I called Step (3) [1]. But, even when we do, we'd only employ a respectful and friendly lawyer. I stopped working with rude and disrespectful lawyers years ago. > Let's please stick to what has gotten us this far, You ignore that we got this far by working in parallel toward the same goal. The GPL Compliance program for Linux Developers is more than four years old now. Before that, Harald was enforcing for Linux -- more litigiously than our coalition ever would, BTW -- since 2004. So, extremely rare litigation, guided by Linux developers, has been part of "what got us this far" for at least 12 years. Greg: you, and James, and me, and Karen, and Conservancy, and gpl-violations.org, and every member of the GPL Compliance Program for Linux Developers are all part of the "us" that "got us this far". Greg wrote, on 27 August 2016: > Look at the existing vendors you see today as not as "offenders" but rather > as "potential members of our community" and treat them that way. Karen and I wrote together on 19 July 2016 [2]: >>> Today's violators can then become tomorrow's contributors. I wrote on 8 November 2009 [3]: >> We therefore must ensure that enforcement action is reasonable and >> friendly. I view every GPL violator as a potential FLOSS contributor, and >> try my best to open every enforcement action with that attitude. ...and I made similar statements as far back as 2002. My position on this has never changed; I agreed with what you said today before you said it. Karen has also always held this position. Most importantly, to my knowledge, every developer in the GPL Compliance Program for Linux Developers agrees. > It's great that Samba has survived this type of enforcement effort, but as > Jeremy has pointed out, he's done that primarily by working directly with > the companies, not having legal people get involved. So thanks Jeremy for > proving my point :) You're misattributing Jeremy's statements as well. Jeremy said specifically that he works *with* Conservancy and that our methods *don't* get lawyers involved until the very tiniest fraction of situations where it's absolutely necessary. If Jeremy proved your point, then he also proved that Conservancy and our coalitions *are using the method of enforcement you want*. > that's what burned Busybox to the ground...and is what is threatening the > future of gcc as well. You're assessments of BusyBox and GCC are definitely incorrect. (BusyBox is still widely used and deployed, and the future of GCC is much more complicated than any enforcement-specific issues.) But I won't go into details on that because I worry it's just too far off topic for this list. Finally, I'll address just one more of your assumptions about my values: > You value the GPL over Linux, and I value Linux over the GPL. You are > willing to risk Linux in order to try to validate the GPL in some manner. ... which is false. Before you posted the above, I had already told you in response to your private email (which contained the same text) that it misrepresented my values. I won't bore the list with everything I said in my private reply, but here's the most relevant part: You said that you "care more about Linux than the GPL". I would probably agree with that. But, I do care about software freedom generally much more than I care about Linux *or* the GPL. I care about Linux because it's the only kernel in the world that brings software freedom to lots of users. The GPL is a tool that helps Linux do that, but I don't see the GPL as a moral pinnacle. It's a tool and a strategy to advance software freedom. Linux doesn't matter merely because it's GPL'd. It matters because it's *great software* *and* it's GPL'd. The GPL Compliance Program for Linux Developers works together to ensure all users may copy, modify, and redistribute all versions of that great software. [0] I didn't just guess at this number. I searched my email archives, which roughly show that I've been sent reports of at least 3,000 GPL violations in my life, and I count only 17 defendants who have ever been sued by Erik Andersen, Christoph Hellwig, FSF or Conservancy (i.e., I'm counting BusyBox and Linux violations in there together, which should theoretically make the numbers as high as possible). That gives me 99.43% of GPL violators -- again, only count the ones I personally have been informed of -- have never been sued. I didn't include Harald's lawsuits because I'm not really sure on the count of his cases, but someone who'd like to can go through http://gpl-violations.org/news/archive/ and count them up and update my numbers, but I think to make it a good estimate, you'd have to also update the denominator to count all violations ever reported to the gpl-violations.org mailing list too, which sadly are not online at the moment. ( links from http://gpl-violations.org/mailinglists/ are dead.) [1] https://lists.linuxfoundation.org/pipermail/ksummit-discuss/2016-August/003637.html [2] https://sfconservancy.org/blog/2016/jul/19/patrick-mchardy-gpl-enforcement/ [3] http://ebb.org/bkuhn/blog/2009/11/08/gpl-enforcement.html -- Bradley M. Kuhn President & Distinguished Technologist of Software Freedom Conservancy ======================================================================== Become a Conservancy Supporter today: https://sfconservancy.org/supporter