How Far Should GPL Enforcement Go?

itwbennett writes "The debate over enforcement of the GPL flared up again this week when Red Hat kernel developer Matthew Garrett wrote in a blog post that Sony is looking to rewrite BusyBox to sidestep the GPL. Which is a perfectly legal undertaking. But it raises the question: 'Is there social pressure within the Linux kernel community to not undertake GPL compliance action?' writes blogger Brian Proffitt. 'This may not be nefarious: maybe people just would rather not bother with enforcing compliance. Better, they may argue, to just let the violation go and get on with developing better code.'"

Execution

[busyqth]

By hanging

Re:Execution

[qbast]

Trampling by herd of angry gnus. That's poetic justice.

Re:Execution

[turbidostato]

"GPL isn't designed to force others to share"

Yes, it is. You can ask Richard M. Stallman if you don't believe me.

"but to facilitate sharing while letting the original authors get credited"

Yes, it is three letters too, but they are not G-P-L. The three letters you are looking for are B-S-D. Seriously: you described the BSD license, not the GPL.

Re:Execution

[grcumb]

Trampling by herd of angry gnus. That's poetic justice.

So... Gnus for Nerds, when they copy Stuff That Matters?

Re:Execution

[Githaron]

I was thought the GPL was supposed to prevent businesses from exploiting the hard work of volunteers trying to make open software. If a business wants to reimplement a whole piece of software from scratch, I see no reason why we should stop them. Nor the reverse. If the community wants to reimplement software so that there is a open version out there, I don't think businesses should be allowed to interfere. Now, if a business wants to take the GPL'ed software, reimplement part of it and then close the whole thing, now there is an issue.

Re:Execution

[serviscope_minor]

It really gets absurd in the cases where you have 100,000 lines of code that's your own but including 2 lines of GPL code means you have to give away your code as it's a derivative work.

Why do people always blame the GPL for this, not copyright law? Is it equally absurd that including any proprietary stuff that you don't have a license for means that you have to stop using that proprietary code or buy a license? Same with the GPL code: stop using it or buy a license (i.e. by giving away your code).

Re:Execution

[TheInternetGuy]

>Trampling by *herd* of angry gnus. That's poetic justice.

Well, done. But surly that's supposed to be a *Hurd*, right?

Re:Execution

[Mabhatter]

Exactly. I can't record songs off the radio and put them in my YouTube videos, right. One set of copyright advocates has set the bar very high that even background recording has to be trimmed out. They do it less now because they cut a deal with Google to just steal YOUR ad revenue if something is "infringing" rather than take down the item.

So to the established industry, taking ALL your ad revenue for "one small portion" that infringes is perfectly reasonable. Sony OWNS the companies that WROTE these deals... The GPL is far more leinant because it doesn't deal with damages... Just fix the infringement by adjusting your work and move on.

These companies all want SOPA. Fine. Let's hear up BusyBox devs to be the first in line with the new style domain seizures... For a company like Sony with hundreds of products all tied to Sony.com getting the "three strikes" on BusyBox alone should take till about noon the day after the rule hits the books. Hopefully the courts would remember WHO pushed for the law!

Re:Execution

[Nursie]

It's a matter of the (L)GPL being a shitty license for corporate use. If they wish to use the code they are under restrictions that can mean big problems if they are even accidentally violated.

This is pretty much pure FUD.

If they "accidentally" violate a commercial license then they could be on the hook for millions of dollars. With the GPL the choice is generally to distribute the source or stop distributing. Hell, even with the recent "aggressive" enforcement, the only really onerous bit is paying $5k per time to have future FOSS projects vetted. Compared to settling a lawsuit with a commercial vendor, it's peanuts.

Why *wouldn't* they put the time into rewriting it in house? It's pretty easy when you're essentially transcribing source code.

If they're transcribing source code then they've absolutely within the bounds of derivative work and will fall foul of copyright law.

The GPL is a great hobbyist license but it's a pain in the ass at the corporate level, especially when you aren't really a software firm.

It's less onerous that many commercial licenses. The problem comes from the lax attitude towards it. If people further down your supply chain were including commercial code or libraries without the proper license compliance then things would be worse.

Re:Execution

[Nursie]

Yes, I've heard of this sort of thing, seems a neat enough way to sidestep copyright.

It's considerably more complex than just "transcribing code", I'm sure it's been done as much in the pursuit of FOSS as in the pursuit of closed source software.

Out of interest, has this been tried in a court in recent years?
Just wondering if the general IP hysteria has affected whether or not this procedure is legal.

Re:Execution

[grcumb]

I don't know what the suitable punishment for such poor punsmanship would be - probably something appropriate but not poetic, like a gag and a straitjacket, just to keep you from making puns about your punishment.

Punishment? Ha! You must be Gnu here...

Re:Execution

[muuh-gnu]

> It really gets absurd in the cases where you have 100,000 lines of code that's your own but including 2 lines of GPL code means you have to give away your code as it's a derivative work.

It is really absurd when you want to take code somebody else has written with the intent to make it freely redistributable, and want to change its licence to make it not freely redistributable with the intent to be able to sue users who dare to redistribute what was once free code when you took it.

Works under the GPL are not intended to become everybody's free code library. They are specifically intended as an enrichment only for "is free, stays free" code. There is a philosophy of freedom attached to it. If you do not share this philosophy of freedom, the code is not available for you.

As far as everyone else

[inode_buddha]

I think GPL enforcement sould go just as far as everyone else. It should go as far as copyright law allows and as far as the copyright lobby goes.

Slashdot double standards

Slashdot on piracy: "Abolish all copyrights! Copying isn't theft! Everyone is entitled to everything!"
Slashdot on the GPL: "Gee whiz, the GPL copyright license protects this code. Down with leeching violators! Protect against GPL theft!"

Re:Slashdot double standards

[ad454]

There is a huge difference between copyright enforcement against individuals in the context of personal use, and organizations in the context of earning signifigant revenue.

Most people including those on Slashdot, do not think it is reasonable to sell a pirated DVD movie on a street corner for profit, but consider it okay to download that same movie for media shifting for personal viewing.

Sony should be applauded for making their own BusyBox alternative, rather than violate the GPL. Hopefully it will be released as opensource with a different licence, for those that want an alternative choice. Adding more choice is a good thing!

Re:Slashdot double standards

[busyqth]

Indeed. The only thing that has stopped me from producing such a heavily commented disassembly of Microsoft Office is that it is sadly illegal.

Re:Slashdot double standards

[Dahamma]

Never understood why people thought getting money for your work was a bad idea...

Re:Slashdot double standards

[Kjella]

There's nothing honorable or applause worthy in that.

How often have you heard "If you don't like it, write it yourself" or something to that effect here on Slashdot? Assuming they do so without deriving from the Busybox code, what's not honorable about that? It is far more honorable than every company that has tried to weasel their way around the GPL, either in spirit or letter. Of course the OSS community would like them to continue contributing to open source so I wouldn't expect applause, but there's no dishonor in abstaining.

I'm not sure I understand

[PCM2]

I confess I only skimmed TFA -- this is Slashdot, after all.

But I'm not sure I understand the argument that is being made here. If Sony is really trying to "rewrite Busybox" -- which makes it sound like they're going to look at the Busybox code and write a new version that does the same thing in a different way -- then surely that's a derivative work of Busybox and it's a copyright violation.

If, on the other hand, Sony is planning to write a Busybox replacement from scratch -- what's wrong with that? Are companies not entitled to write code? How is that "violating licenses with impunity"?

If Sony is planning to do a clean-room re-engineering of Busybox -- what's wrong with that? Isn't that essentially what Linux kernel developers have done for all kinds of devices? Again, how is that "violating licenses with impunity"?

Sony wants to not use GPL-licensed code in its proprietary products. What could be more clear? Would you rather they used it without complying with the license?

Re:I'm not sure I understand

[Daniel+Phillips]

But I'm not sure I understand the argument that is being made here. If Sony is really trying to "rewrite Busybox" -- which makes it sound like they're going to look at the Busybox code and write a new version that does the same thing in a different way -- then surely that's a derivative work of Busybox and it's a copyright violation.

Is that really considered a derivative work just because they can see the source? Genuinely curious here.

It can be. That is why cloning a library under an incompatible license typically requires an expensive "clean room" engineering process. Of course, Sony holding to their well known high moral and ethical standards, would never think of playing fast and loose with this, would they? And of course we would never notice if they cut a few corners to save cost, would we?

Re:I'm not sure I understand

[dougmc]

If Sony is planning to do a clean-room re-engineering of Busybox -- what's wrong with that? Isn't that essentially what Linux kernel developers have done for all kinds of devices? Again, how is that "violating licenses with impunity"?

I'm with you.

If they really wanted to be fancy about it, they could do the same thing the BIOS cloners did -- have some people write up documentation on what Busybox does, and other people write the clone. But really, the first part is easy -- just decide which commands must be implemented and which flags, and let somebody write it. For bonus points, all people involved certify that they've never looked at the source of Busybox, or perhaps never explicitly used it at all.

If they do this (and it sounds like it's their plan) ... I don't see where there's any room to enforce the GPL at all, not with regard to this Busybox clone anyways. All they could do is try to be even more picky about other packages, perhaps trying to step up enforcement of Busybox usage (not a clone, not yet) now.

While I hate rooting for the bad guy, I think Sony has the right idea. (Though I'm sort of surprised that more embedded device makers haven't gone with one of the BSDs rather than Linux simply to avoid the GPL.)

Re:I'm not sure I understand

[c]

> Sony wants to not use GPL-licensed code in its proprietary products.

Well, no. If you RTFA, it suggests Sony wants to use GPL-licensed code except for projects the license is actually enforced. They'll use the Linux kernel because the Linux kernel community doesn't bother with GPL enforcement. They don't want to use Busybox because the Busybox developers will sue them for license violations.

Of course, it's a bit of a risky strategy. Just because someone hasn't enforced their copyrights so far doesn't mean they still can't or won't. You'd think their own lawyers would raise a stink about it...

Re:I'm not sure I understand

[Chemisor]

You can read the actual complaint in the second link. It is not about any copyright violations of busybox code. He's whining about the fact that with a non-GPL busybox replacement he won't have an excuse to sue for Linux kernel GPL violations. Kernel developers are generally not inclined to sue anybody for not releasing the source code to kernel modifications, while busybox developers sue everybody in sight. If busybox is replaced, it would be more likely that device manufacturers who do not release sources for kernel modifications would be able to get away with it.

Re:I'm not sure I understand

[Gadget_Guy]

They'll use the Linux kernel because the Linux kernel community doesn't bother with GPL enforcement.

The big difference is that their custom code that they would want to keep private would most likely be linked into Busybox and not the Linux kernel. This means that they might be quite happy to give out the source code to a mostly unmodified Linux (thus complying with GPL) while still keeping all their secrets by not having to disclose their modifications to busybox.

Making claims that writing their own replacement for busybox means that they will violate the GPL in other ways is the same kind of FUD as when Sony says that jailbreaking a device means you are a pirate, or when Microsoft says that GPL is a cancer. It would be the same as if Microsoft tried to claim that people using Wine did so to pirate Windows software.

The more childish response to anybody complaining about using GPL software in a commercial environment is "if you don't like it, write your own software". Well, that is exactly what Sony want to do. What amazes me is how long it took for anyone to do this. By making a non-GPL version, companies have a choice when creating new products. Now all they need is for someone to develop an alternative to Linux and release it under the BSD license. Now if only we could think of a name for such a project...

Re:as far as copyright law allows

[TaoPhoenix]

I second this.

"Hi there. Nice GPL copyright-backed code you got there, that you're violating the license on. It would be a shame if you had to pay $375,000 per Copyrighted Work, aka each file in the 50,000 file package. The Choice Is Yours."

Come on guys, if they're going to abuse copyright law, abuse it back, preferably with a big gun case that sets precedent. "No, you don't get to "withdraw your case. You get to pay me X BILLION dollars! Or - your choice - you can go fix it in Congress so that copyright damages are back down to $20 per work, like it should be."

Why not rewrite BusyBox starting from BSD?

[Animats]

BusyBox is just some standard UNIX utilities in one executable. BSD has all the necessary code. The BSD license doesn't require source redistribution. Putting together a BusyBox replacement shouldn't be a big deal.

Re:Non sequitur?

[larry+bagina]

short version: RTFA

long version: Most GPL copyright owners aren't aware, don't care, or don't have the time/legal training to enforce GPL violations of their code. The Busy Box guys actively enforce the GPL license on their code. If you violate the busy box GPL license, they will not re-license it to you unless you also stop violating the license on all the other GPL software that's being distributed. If they replace busy box, nobody will bother them about the other GPL violations.

Go to hell; here's a map.

[tepples]

Is that really considered a derivative work just because they can see the source?

Proving an allegation of copying requires proving two elements: first, that the alleged infringer had at one time had access to the older work; and second, that there is a level of similarity between the two. "Access" can be as simple as having heard a song on the radio a decade ago (Bright Tunes Music v. Harrisongs Music).

Compaq decided to make lack of access clear when it reverse-engineered the IBM PC BIOS using a "clean room" technique. This involved having one team turn copyrighted code into descriptions of its (unprotected) functionality and a second team turn the descriptions into code, with all communications between the two teams carefully monitored. I've been told it might not be quite necessary to go that far, but in the business world, you'd often rather spend money on engineers than trial lawyers. In such a case, it's best to draw up a plan for "being able to tell IBM to go to hell, and having the federal judge draw them a map for exactly how to go there", as sigwinch put it a decade ago. (Here's such a map.)

Stupid question

[slimjim8094]

The implication is clearly that we (as a community) shouldn't discourage people from using OSS code, or they'd start rewriting it to "get around" it.

That's the entire argument for the GPL. Basically, if some simple conditions aren't met, you don't get to take advantage of all the work that's been put into it. The idea being that you'd rather they not use your code at all if they're going to be dicks about it.

Sony, for reasons I don't quite understand but are entirely up to them, seems unhappy about putting the publicly-available-and-not-competitively-relevant source code on their website. More power to them, but the tradeoff is spending a bunch of time rewriting software that already exists and works fine. More power to them.

When I license my code under the GPL, I realize that the odds of its reuse are somewhat smaller. But that's fine, since I'd rather that somebody saving time by building off my work makes their source available (to me, and everybody else). If they don't want to do that, I don't want to save them the trouble of having to write it themselves.

The more interesting story here is that Sony's got it in its head that it'll be cheaper to rewrite Busybox than continue to have links to it. Not sure how they figured it.

It's not Sony's project!

[ahecht]

Once again, Slashdot links to a blog instead of the original source. The linked blog gets its evidence from a wiki page at http://www.elinux.org/Busybox_replacement_project

This page has a Q&A which clearly states that it is not a Sony project:

        Q. Tim Bird, the proposer of this project, works for Sony. Is this a Sony project?
        A. No. Although Tim is employed by Sony, he spends a portion of his employed time working on behalf of the embedded industry to improve Linux and encourage GPL compliance. As of February 2, 2012, Sony has not endorsed or agreed to support this project. This wiki page is for gathering information and project description information, to present to various companies to solicit support and resources for the project.

        Q. Can Tim's creation of this proposal be used to infer anything about Sony's compliance record, future compliance intent, or other business practices?
        A. Tim has only recently informed his management about this proposal, and Sony has not yet (as of 2/2/12) agreed to support it. So, "no, not really". Sony has a good compliance record, and has strong compliance policies in place. It has never been contacted by the SFC and has no expectation of being contacted by the SFC about any license violation of GPL software. Tim is doing this as part of his (paid for by Sony) role in the industry to address issues which inhibit the adoption of Linux in consumer electronics.

the argument

[chrb]

The argument that is being made in a nutshell:

Busybox copyright is enforced by the SFLC, which sues companies to get them to comply. When negotiating for compliance, they also request that the company in question comply with the GPL2 license on the Linux kernel. Now, for whatever stupid reasons, some companies don't want to release their kernel modifications for Android devices. So they think that by removing Busybox, the SFLC will no longer have a copyright claim that opens them to litigation which results in their releasing their kernel source. This reasoning is flawed, because there is another, much easier way to avoid Busybox litigation: put the source code on your web site. That's all it takes. They could keep their kernel sources, and just put up the Busybox source, and they would achieve the same thing.

The other argument being made by one developer is that enforcement action is pointless, because he hasn't seen any Busybox source opened up from this route that was worth anything. Others disagree, saying there was some useful code, and that it's not just about Busybox - the Busybox enforcement actions have also resulted in kernel drivers being opened up.

So, the "outrage" here is the allegation that Busybox is being rewritten so that companies can violate the copyright of the Linux kernel without being sued by the SFLC.

Re:as far as copyright law allows

[LateArthurDent]

Self defense by doing exactly what you criticize is moronic. It's the we need nukes because they have them mentality.

What's wrong with that mentality? MAD works and is, in fact, the only thing that does.

The golden rule works with a tit-for-tat strategy

[turing_m]

The golden rule CAN actually work, if you approach life with a tit for tat strategy (benevolent or otherwise). If you are nice until someone shits on you and are then a bastard in return, this is completely compatible with the golden rule a.k.a. "do as you would be done by". If you are nice to others and they are nice to you in return, it all works out. And if you are reasonable, then you would also understand that someone is going to attempt to shaft you if you shaft them first. However, as long as you are nice to someone using a tit for tat strategy then you will never see their vengeful side. So "employ a (benevolent) tit for tat strategy as you would hope others do towards you" is not only nice, it is a very practical way to approach life, consistent with a functioning society that will even self regulate in the absence of a justice system.

You do need to be guarded against those who would feign tit for tat for an extended period of time until they judge the time is ripe for a mortal blow.

Sigh and again with the bad summaries.

[LWATCDR]

Sony is not doing this project the summary was wrong. From the FAQ on the project.

"Q. Tim Bird, the proposer of this project, works for Sony. Is this a Sony project?
A. No. Although Tim is employed by Sony, he spends a portion of his employed time working on behalf of the embedded industry to improve Linux and encourage GPL compliance. As of February 2, 2012, Sony has not endorsed or agreed to support this project. This wiki page is for gathering information and project description information, to present to various companies to solicit support and resources for the project."

It reason is that it seems that the authors of BusyBox are very willing to go after companies and sometimes ask for remedies outside the scope of compliance with the GPL. At least that is what they are claiming.