Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Developer McHardy Drops GPLv2 'Shake Down' Case (zdnet.com)

Posted by EditorDavid on from the not-making-your-case dept.

Former Linux developer Patrick McHardy dropped his Gnu General Public License version 2 (GPLv2) violation case against Geniatech in a German court this week. ZDNet explains why some consider this a big "win": People who find violations typically turn to organizations such as the Free Software Foundation, Software Freedom Conservancy (SFC), and the Software Freedom Law Center to approach violators. These organizations then try to convince violating companies to mend their ways and honor their GPLv2 legal requirements. Only as a last resort do they take companies to court to force them into compliance with the GPLv2. Patrick McHardy, however, after talking with SFC, dropped out from this diplomatic approach and has gone on his own way. Specifically, McHardy has been accused of seeking his own financial gain by approaching numerous companies in German courts. Geniatech claimed McHardy has sued companies for Linux GPLv2 violations in over 38 cases. In one, he'd requested a contractual penalty of €1.8 million. The company also claimed McHardy had already received over €2 million from his actions...

In July 2016, the Netfilter developers suspended him from the core team. They received numerous allegations that he had been shaking down companies. McHardy refused to discuss these issues with them, and he refused to sign off on the Principles of Community-Oriented GPL Enforcement. In October 2017, Greg Kroah-Hartman, Linux kernel maintainer for the stable branch, summed up the Linux kernel developers' position. Kroah-Hartman wrote: "McHardy has sought to enforce his copyright claims in secret and for large sums of money by threatening or engaging in litigation...."

Had McHardy continued on his way, companies would have been more reluctant to use Linux code in their products for fear that a single, unprincipled developer could sue them and demand payment for his copyrighted contributions... McHardy now has to bear all legal costs for both sides of the case. In other words, when McHardy was faced with serious and costly opposition for the first time, he waved a white flag rather than face near certain defeat in the courts.

53 comments

  1. FOSS troll? by Sebby · · Score: 4, Interesting

    So if some companies are patent trolls, does this make him a FOSS troll?

    Glad he's "out" because his actions definitively didn't reflect the goals of open source software.

    --

    AC comments get piped to /dev/null
    1. Re:FOSS troll? by Kjella · · Score: 3, Insightful

      So if some companies are patent trolls, does this make him a FOSS troll? Glad he's "out" because his actions definitively didn't reflect the goals of open source software.

      Well as Linus himself has pointed out with regards to the GPL, you don't have to agree to the principles behind it just the actual text of the license. Yes, he's being non-cooperative and he's prosecuting every violation to the full extent of the law, but from my reading his copyright was actually violated. He just took the injunction one step too far to include all copies of Linux and not just the violating copies of Linux containing his code, like he's not a "co-author" that all versions of Linux derives from. He made a contribution and that branch forward is "poisoned" with his code, not the whole tree.

      --
      Live today, because you never know what tomorrow brings
    2. Re:FOSS troll? by msauve · · Score: 4, Insightful

      "his actions definitively didn't reflect the goals of open source software."

      And not providing source simultaneously with a distribution is?

      To support the "goals of open source software", which by its very definition is that the source be open, some organizations should be forced to pay up the wazoo.

      I'm thinking specifically of one major manufacturer of Android phones which has a penchant for not releasing the required Linux kernel source for months after they start selling a product. But, the penalty doesn't need to be financial. If you read the GPL, a violation can prevent them from using Linux ever again. That threat should wake them into compliance. Paying a few million to a single developer to keep a multi-billion dollar revenue stream from stopping dead seems like chump change.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    3. Re:FOSS troll? by bug1 · · Score: 0

      "the goals of open source software."

      The goals of open source software being to provide free (as in beer) software for large multi-national corporations so they more cheaply enslave society.

    4. Re:FOSS troll? by Anonymous Coward · · Score: 0

      Exactly. That's the difference between Open Source Software (free as in beer) and Free Software as defined by the FSF.

      Open Source Software is created by egoistical suckers.

    5. Re:FOSS troll? by Anonymous Coward · · Score: 0

      GPLv2 doesn't stop you making money from software, and there are many companies creating free software and turning a profit

    6. Re: FOSS troll? by Anonymous Coward · · Score: 0

      Well what happens when that branch gets merged back to master?

    7. Re:FOSS troll? by Anonymous Coward · · Score: 0

      And not providing source simultaneously with a distribution is?

      You confuse open source with FOSS. Linux is an open source project, code sharing is encouraged, however the kernel devs. always prefered to use a carrot instead of a stick - giving usefull changes back makes maintenance easier. Linux is also locked on GPLv2 instead of GPLv3 as FOSS enforcement has never been a goal.

      FOSS fanatics should work on GNU projects inlcuding gcc, emacs and hurd instead. These projects use and enforce the GPLv3 in both source code and legal matters.

    8. Re:FOSS troll? by Anonymous Coward · · Score: 0

      > If you read the GPL, a violation can prevent them from using Linux ever again.

      One lower court in the USA and one lower court in germany ruled otherwise, thus by the brilliance of the white man (bear with me) this means that all courts and appellate divisions will rule the same way as said lower courts!

    9. Re:FOSS troll? by Anonymous Coward · · Score: 0

      "his actions definitively didn't reflect the goals of open source software."

      And not providing source simultaneously with a distribution is?
       

      The carrot before the stick.

    10. Re:FOSS troll? by tomxor · · Score: 3, Insightful

      Paying a few million to a single developer to keep a multi-billion dollar revenue stream from stopping dead seems like chump change.

      People don't have issue with the companies being forced to pay up, the issue is with the individual collecting for substantial personal gain - it's akin to a corrupt tax man, the tax is for the people, but he's just taking it all for himself rather than slicing his pay out of it. This is why non profit organisations like the FSF or FSC should always be in charge of this method, any entity that is legally bound to appropriate the funds for the benefit of the project.

      You are absolutely correct about the penalty not having to be financial, the whole purpose of GPL is to help the code grow and make sure everyone can always use it... but in the case where it must be settled financially it can also be used for the same goals by funding developer(s) to support the code - however funding a single developer millions of euros does not do that.

    11. Re:FOSS troll? by Anonymous Coward · · Score: 0

      Prick parasite is better. If you refuse to talk to the people you worked with (and note, I'm talking about the netfilter team), you're a self serving parasite asshole, and you should leave foss and be what you are: a phb. Fuck Patrick.

      The Netfilter team is far too forgiving.

    12. Re: FOSS troll? by Anonymous Coward · · Score: 0

      "Open source" has never meant "free as in beer." That comparison has only been used as a counter definition when describing FOSS. A copyright holder has every right to seek a remedy irrespective of how others define their movements.

    13. Re:FOSS troll? by EETech1 · · Score: 1

      You talk smart, just wait until Lennart Poettering drags your ass to court for using systemd!

    14. Re:FOSS troll? by sad_ · · Score: 1

      Tin foil hat on, but i think this guy may have been on the payrol of some company to harm either linux, the gpl or both.

      --
      On a long enough timeline, the survival rate for everyone drops to zero.
    15. Re:FOSS troll? by Anonymous Coward · · Score: 0

      Copyright infringement is verbatim copy of material, hence in my mind anyway, it is ripping off the creator.

      Patent infringement is usually using a different implementation, hence in my mind anyway, is not necessarily ripping off the creator.

      He should go after them.

  2. FOSS troll? by Sebby · · Score: 0

    So if some companies are patent trolls, does that make him a FOSS troll?

    Glad he's "out" because his actions didn't reflect the goals of open-source software.

    --

    AC comments get piped to /dev/null
  3. d'oh! by Sebby · · Score: 1

    ./ refresh is slow

    --

    AC comments get piped to /dev/null
  4. Wrong approach by DeplorableCodeMonkey · · Score: 1

    "We can go to court for $2M in damages or you can hire me for a fixed sum of $500k to get your code in compliance." That would likely have gotten a lot more bites.

    1. Re:Wrong approach by MrL0G1C · · Score: 1

      He's made over â2 million already, he's won, that's a nice retirement sum for anyone who's not majorly greedy.

      --
      Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
  5. Don't some FOSS authors sell closed source by rsilvergun · · Score: 1

    licenses? If he was doing that and somebody flaunted his model I'd be on his side. Still, if he dropped the suit that's probably not the case. I would have expected him to stand his ground in that case.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
    1. Re:Don't some FOSS authors sell closed source by jrumney · · Score: 1

      He can sell closed licenses to his own code, but I'd be very surprised if he had been granted rights to sell closed licenses for the rest of the Linux kernel, and without that the closed licenses to his own code would be worthless.

      But why do you think he needs to offer closed licenses for the case to have any merit?

    2. Re:Don't some FOSS authors sell closed source by Anonymous Coward · · Score: 0

      Hmm, for M$2 I'll find every line of code he wrote and replace it.

  6. What a jerk by Anonymous Coward · · Score: 0

    That's alright, he'll find a well paying job with like-minded people in the RIAA or MPAA.

  7. In the right by Anonymous Coward · · Score: 1

    There is nothing wrong with suing to enforce license terms to get back some of the money that his software is earning corporations for nothing, had he been the sole proprietor of the source code and intellectual property involved. "companies would have been more reluctant to use Linux code in their products for fear that a ... developer could sue them..." Oh boo-hoo, if you don't like it go write your own operating system or, better yet, read the damn license.

    1. Re:In the right by Anonymous Coward · · Score: 0

      Meanwhile, DJI is encrypting their devices to hide their GPL violations. Why isn't anyone suing them? It's been over 6 months of this discovery, DJI has done absolutely nothing to remedy this situation nor has the Free Software Foundation done anything.

  8. So by Anonymous Coward · · Score: 0


    iptables -A FORWARD -m conntrack --ctstate NEW -j REMIT-ROYALTY-TO-KERNEL-DEVS

  9. Richard Stallman by countach · · Score: 5, Informative

    This is why Richard Stallman insists on signing over copyright to the FSF before taking your code. It always seemed legally very messy that Linux was in the legal hands of thousands of separate developers. This is why that is a bad idea.

    1. Re:Richard Stallman by Anonymous Coward · · Score: 0, Insightful

      Except that the FSF could then do anything with the code, including change the license to a proprietary license if they wished. Yes, all already released versions would stay GPL, but future versions could be any license they wished.

      One example is moving the code to GPLv3 while lots of developers still prefer GPLv2.

    2. Re:Richard Stallman by Nicopa · · Score: 2

      That is not a problem at all. If the FSF did something the community didn't approve, the community would then be able to go elsewhere and stop assigning copyright to the FSF for new additions. The FSF would "own" an ancient version of the software.

    3. Re:Richard Stallman by Anonymous Coward · · Score: 5, Insightful

      Except that the FSF could then do anything with the code, including change the license to a proprietary license if they wished. Yes, all already released versions would stay GPL, but future versions could be any license they wished.

      One example is moving the code to GPLv3 while lots of developers still prefer GPLv2.

      Except that Stallman foresaw that and the assignment agreement that the FSF provides ensures that they have to continue to release the software under similar terms to the ones it's currently released under. It's always amazing how much thought the Free Software Foundation have put into things and how often they turn out to be right with exactly the things they are criticised for. I'd guess many of us will end up wishing we had adopted the AGPLv3 in a few years time.

    4. Re:Richard Stallman by Anonymous Coward · · Score: 0

      It only gets messy when you ignore the GPL.
      No matter the intentions of the FSF, "a single, unprincipled developer could sue them and demand payment for his copyrighted contributions" remains the case unless the GPL v2 is changed.

  10. German court by Mostly+a+lurker · · Score: 2

    The action was found to be unprofitable in German courts, largely because it is less time consuming and costly to oppose these kinds of legal shakedown attempts there. Also, if you win in the German courts, you will typically have your legal costs paid. There is still a very real danger that someone could successfully do something like this in the US. There, someone resisting the legal blackmail, is never going to get reimbursement of their costs in winning the case (which in the US, unlike in Germany, can be a fortune) after years of litigation.

  11. What about standing? by Anonymous Coward · · Score: 0

    If this guy is not currently a Linux Developer, and he is not suing over code he helped write, how does he have standing? Or, is standing not an issue in German law?

    1. Re:What about standing? by gweihir · · Score: 1

      The judge indicated he thinks the Linux Kernel copyright for the whole Kernel is with Linus only. This guy then withdraw his suit. Yes, you need standing, but whether you have it or not is determined during the legal proceedings by the court. Of course, if they find you did not have standing, you pay the legal costs of the other side. There is an exception: if you obviously have no standing, then the court does refuse to hear your case.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re: What about standing? by bill_mcgonigle · · Score: 2

      He could have beaten that finding on appeal - Linus clearly doesn't require or accept copyright assignment.
      I doubt this guy is done. I like the goal of the GPL but the means are nasty statist shakedowns. The only reason GPL works (differentially to MIT/BSD) is because of threats of assholes like McHardy, so if you like the GPL you pretty much need to accept his actions. If you don't think such actions are acceptable then that leaves you with weaker licenses to choose from. I've been putting my code under WTFPL 2.0 for a few years because I don't think the ends justify the means.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    3. Re: What about standing? by gweihir · · Score: 1

      In the German legal system you do not get an automatic appeal. I am not sure what the conditions are on a case like this for the judge to allow an appeal.

      So far the only larger thing I needed a license for was an FAQ, and I put that under a CC variant that allows derived works but requires attribution. For code I usually use what the surrounding system does, or the modified BSD license (i.e. requires attribution, but do with it what you like otherwise). I am not too sure the GPL actually achieves its purpose either. Time will tell. In some sense, requiring attribution solves a part of the problem, namely the availability of the original sources. Modifications are a problem in any commercial setting though, especially as people use copyright to nail down (sometimes extremely obvious) engineering ideas as "theirs". That is extremely bad as it hampers progress.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  12. This guy did nothing wrong by Anonymous Coward · · Score: 0

    Seeking compensation for his work is not wrong.

  13. Making companiies think twice... by WorBlux · · Score: 4, Insightful

    before violating the GPL? Good, it's not like the GPL is some archiac EULA wrapped up in impenetrable legalese. I'm Fucking sick and tired of companies ignoring the GPL and launching crap products that are, or will soon be out of date, full of security holes, and a threat to the rest of us online. Linux is now the go-to OS in every 32 or 64 bit architecture outside of the desktop space, I'm much more worried about un-servicable crap being released than I'm worried about market-share.

    1. Re:Making companiies think twice... by tlhIngan · · Score: 1

      before violating the GPL? Good, it's not like the GPL is some archiac EULA wrapped up in impenetrable legalese. I'm Fucking sick and tired of companies ignoring the GPL and launching crap products that are, or will soon be out of date, full of security holes, and a threat to the rest of us online. Linux is now the go-to OS in every 32 or 64 bit architecture outside of the desktop space, I'm much more worried about un-servicable crap being released than I'm worried about market-share.

      I'd like to see where in the GPL it says that. All the GPL(v2) requires is a company release the source code. That's it.

      And with GPLv3, what's happened is companies ARE thinking twice. It's made using open-source a PITA in a lot of companies - with every bit of open-source code now having to go through the same scrutiny commercially licensed code must go through. Hell, other than a few "pre-approved" projects some companies simply reject all GPL code, period. BSD? Fine. Apache? Great. GPL? Find an alternative, commercially licensed if need be.

      And let's not forget that a lot of the "security problems" you mention are not in any of the GPL code used, but in otherly-licensed code bundled in the same product.

    2. Re:Making companiies think twice... by Anonymous Coward · · Score: 0

      the "security problems" you mention are not in any of the GPL code used, but in otherly-licensed code bundled in the same product.

      That is close to the point. The otherly-licensed bundled code are kernel modules provided by Qualcomm or some random lightbulb manufacturer. They prevent upgrading the open-source part of the kernel, effectively TiVo-izing it. Every security patch has to be backported to some crazy kernel version instead of forward-porting (or more likely simply upstreaming, in the case of Qualcomm CPUs) the bundled modules. Furthermore, the old kernel is infectious and prevents rolling forward the userland.

      This is the root cause of poor Android security generally. It's why the Intel and non-Qualcomm ARM platforms (like Chromebooks) have five years of software support from Google instead of two for Nexus phones.

      It's why Apple, who has sufficient control of their entire source tree and CPU, can support their phones much longer. True non-cucked open source is mostly-sufficient, but not necessary, to solve the perpetually-unpatched-abandonware security problem.

    3. Re:Making companiies think twice... by WorBlux · · Score: 1

      If the "bundle" constitutes a derrivative work ,as is quite likely the case when you distribute binary modules pre-installed (linked to the rest of the kernel), then the GPL requires you to release source for the whole work (under a GPL licence) or refrain from distributing the modified work.

      And I don't want this to be a license war, the software project should pick the license that is right for thier own goals. However, so long as copyright is enforceable we should expect commercial project to follow them scrupulously.

  14. You mean the source in these GitHub repos? by raymorris · · Score: 1

    Is this the source code you're complaining about them not releasing?

    https://www.dji.com/mobile/ope...

    https://github.com/MAVProxyUse...

  15. The GPL by Anonymous Coward · · Score: 0

    The GOL is like the GOP. Worthless.

  16. GRSecurity proves the GPL is toothless. by Anonymous Coward · · Score: 0

    And yet GRSecurity can get away with enforcing additional restrictive terms (no re-distribution OR ELSE!) in blatant direct violation of Article 6 of version 2 of the GPL, and no one does anything about it.

    The GPL might aswell be the BSD license.
    Legal rights are often like muscle: use it or lose it (statute of limitations, laches, etc)

    "6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. "

    (Penguinistas will claim that because the additional restrictive term is on a SEPARATE piece of paper all is well)

    1. Re:GRSecurity proves the GPL is toothless. by gweihir · · Score: 2

      Since GRSecurity is a snake-oil vendor these days, probably nobody cares enough.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re:GRSecurity proves the GPL is toothless. by Anonymous Coward · · Score: 0

      What's so oil'ly about it?

  17. This is a shakedown, but there are other problems by mpol · · Score: 1

    This case seems to be quite clear a shakedown case.

    I do feel though that Linux developers are quite on the other extreme with almost no litigation.
    For years, even untill now, the grey area of NVidia drivers could exist. If the GPL is enforcable, those drivers should be disallowed, or be made GPL.
    The case is even worse in the ARM ecosystem, where GPL drivers get copied into closed source drivers. That is really bad for users. That situation just continues on for years, with no end in sight.
    I am siding more and more with the somewhat more idealistic stance of the FSF, instead of the lax 'pragmatism' of Linux, which is just a free for all.

    --

    Well, don't worry about that. We can get you back before you leave. (Dr. Who)
  18. Re:This is a shakedown, but there are other proble by Anonymous Coward · · Score: 0

    So you going to sue the grsecurity company?

  19. hey, companies: have you tried not violating GPL? by Anonymous Coward · · Score: 2

    You don't have to worry about getting sued by a "rogue developer" for violating the GPL if you don't violate the GPL. He removed all those companies in the targeting phase. I doubt it's a frivolous lawsuit. FSF, SPLC, etc., enforcement is basically corrupt, because it's driven by an inner cadre of developers that wants to maximize their personal profit by working as mercenaries for corporations that prefer to retain some wiggle-room to scoff at the GPL and not get "snitched" on.

    Maybe the tradeoff is good. We want developers to get paid, especially really smart ones.

    But it is corrupt, not principled.

    Look at the incredible costs of Linus's "interpretation" of the GPL, that binary modules do not need to follow it. This interpretation is not reasonable because it's only LGPL that draws a line at linking. Across execution, between Linux kernel and a userland process, there is an extremely stable ABI. Across loading a module, there's no ABI, not even to the extent there is between a program and libc.so, but even if there were, it would only count for an exemption under LGPL.

    The consequence of the unreasonable interpretation is de-facto TiVo-ization of everything. Every embedded vendor always makes some binary module and does not release source for it. For some CPUs, the entire CPU is TiVo-ized: Qualcomm releases forked kernels with mandatory blobs for their phone CPUs and doesn't update them. No one else can update them, either. Attempting to leads to revision control hell, or is simply impossible. It's responsible for the miserable state of Android security. It's a huge loss in software freedom that companies like Jolla are running up against: they can install on Sony Xperia X, but they can never change the Android kernel that shipped with it.

    We need to start cracking down on these guys. Get rid of Linus's "interpretation" and the module exemption. Just announce, "as of kernel 4.x.y, GPL applies to modules, and we will enforce." And set "community standards" that focus more on high compliance than adoption because Linux no longer has an adoption problem but has a huge compliance problem.

    I agree with the general framing that it's a positive thing Linux is bargaining collectively and that Linus can have "interpretations" that have some weight. It provides agility and reasonableness. And it is SPLC's recommendation that large projects form a nonprofit and get copyright assignment from contributors, a recommendation Linux itself didn't follow because it's too old to have thought things through, which permits these "rogue" litigants. However in this case I think the "rogue" litigant has the correct view and that the collective bargaining has been massively misused by a corrupt, ossified inner circle, for whose technical contributions I am grateful but whose legal/political skill I consider overconfident and naive.

  20. Re:hey, companies: have you tried not violating GP by Anonymous Coward · · Score: 0

    "Linus can have "interpretations" that have some weight."

    They don't, except in, say, Jordan. (The originator of a work is more important under their copyright law)

    Under US (C) law the contributors can still sue w/o linus, pertaining to their works.
    You might say, they're, in a way..., coequal.