Ok, I understand that this is trying to be decent and reasonable people here, in cases where it's truly an accident of including some GPL code. Shit happens, clean it up.
If I were to do this with commercial code or assets, would they be so flexible in working with me, or do they go straight to shakedown? I'll give ye all a hint: go look at the MPAA and RIAA's views on that.
I remembered when friends were back in the Napster times shook down for a few grand. Same with Bittorrent's earlier years. There was no amicable "Plz quit this and were good". In fact, they've lobbied multiple times for laws to permanently disconnect after X copyright claims.
So, why should the Open Source community be so damned forgiving when we're surrounded by entities who'd eat every last one of us for lunch if we so much as accidentally used a copyrighted resource?
Why do we open source software in the first place?
For most of us, I think it's because we want people to use it. And, yes, we want people to use it under certain conditions, it's not a free-for-all, but using it is an important part. If it wasn't, we'd just keep it closed.
Going straight to harsh enforcement for a violation isn't going to help with that. There are already a lot of people unwilling to consider open source for anything because they misunderstand it and think that they'll automatically open source all of their own stuff if they do. Imagine if open source copyright owners had a reputation for going immediately for a lawsuit and statutory damages upon discovering a violation!
Figure out what your goal is, then do whatever helps accomplish that goal. The behavior of organizations like the MPAA and RIAA probably doesn't enter into it.
When people work on a volunteer basis, I would actually guess that people get more emotional when the social contract is broken by a profit seeking company. Going straight to harsh enforcement in order to strengthen the social contracts might sound illogical, but I would bet that its common through out history. Just look at historical societies that operated on a honor bound system and see how harsh enforcement were, even when the punishment has a cost to that society.
There is multiple strategies to keep social contracts. Forgiveness is good, but so is enforcement. Site like HN do ban people, but also warn people. I am uncertain if any singular tactic is best.
> So, why should the Open Source community be so damned forgiving
Because the point of free software isn't to shake down anyone. Because we're better than that. We want to make sure software stays free, and punishing people doesn't often help. Almost all copyleft enforcement is done without judges and courts, and that's how it should be. We want more friends, not less.
This is not to mean we're pushovers. It just means we enforce free software as gently as possible. Once the software is free, there is no more conflict to resolve.
> So, why should the Open Source community be so damned forgiving when we're surrounded by entities who'd eat every last one of us for lunch if we so much as accidentally used a copyrighted resource?
For a few reasons.
0. Because not only profitable large companies accidentally infringe on copyright (or copyleft). If for example OpenZFS somehow violated the GPL with the CDDL, you don't want someone using that to extort money from another free software project.
1. Because people using the GPL to extort money has already happened and it makes the GPL seem toxic. I love the GPL (GPLv2 or later), but it took me quite a bit of legwork to get it approved for use at my dayjob. The objections are based on FUD, and moves like this remove some of the FUD.
2. GPLv3 already has this clause. The FSF et al understood that it was good for the community AND good for the GPL. Extending this to GPLv2 brings the same good faith to projects that can't or won't re-license.
I understand the desire to be as punitive as the bad guys, but the FOSS community is too small to get away with tactics like that. Besides, you shouldn't even if you could. Free Software is fundamentally about community, and attacking people is anti-community.
Lotta philosophical reasons as siblings to my reply here, and many of them are very fine. But let me give you a practical reason this forgiveness works out well: If you want to leap straight to aggressive compliance, you're gonna need a lawyer. That will cost you. So in a world where the choices are "ignore the infringement" or "aggressively enforce it", you've got the choice of either ponying up the dough up front, or losing your licensed rights. Now, sometimes reality hands you a bum deal and there's not much you can do about it, but that's a bum deal.
If you add a third choice of "politely ask for them to comply first", then you've got a free option, that is likely (albeit not guaranteed) to produce good results, and as an added bonus, if the company blows you off you are helping your eventual lawyer-involving case when it comes time to prove they knew and infringed anyhow.
So unless you've got bored lawyers sitting around who are going to charge you no matter what you do, there is a reason to be a bit gracious first, even for you, the programmer of the GPL'ed work.
(And yes, this RedHat effort does not create this result; this has always been an option and IIRC most historical enforcement efforts that went to lawsuit first used this. But it answers the question, in very programmer-centric terms.)
One strategic reason is that it removes a disincentive to use GPL'd software. If I believe that screwing up an image build once is enough to permanently revoke my entire company's license to use Linux, the strategic thing to do is to not use Linux for anything.
(I think people can legitimately disagree as to whether this disincentive is a thing people actually take into account)
I get where you're going with that line of argument.
But lets take the counterpoint. How many times has Legal been introduced to go over Microsoft Windows contract/EULA? How about each other piece of software in your installation?
Are you guaranteed any sort of amnesty or accident forgiveness with the BSA if they catch "incorrectly licensed software" on your network? Is the company guaranteed any sort of "fitness" if the software creators decide to remotely turn off their software?
The GPL is cleanly written. And even to a non-legal person like me, seems pretty straight forward. The Apple/Microsoft/Google/Amazon/Oracle contracts and EULAs are most certainly not.
Microsoft has an incentive to sell licenses, though. If you're violating their license, they're much happier if you pay them for sufficient licenses than if you stop using Microsoft. So a business will understand this, and say that while in theory Microsoft could demand something unreasonable, in practice you'll be able to negotiate something (possibly even paying less than sticker cost) for the right to keep using the software you were using, so there's no realistic risk that you'll lose your ability to use MS software at all.
The average GPL software has nobody who's even in a position to be negotiated with, because it has multiple authors who aren't communicating with each other. If I violate the Linux kernel's license, who do I offer to pay to get the license reinstated? How do I make sure some individual contributor I haven't paid who disagrees with me ideologically (say I'm Northrop Grumman, or Planned Parenthood, or something) won't sue me and refuse to settle for anything short of shutting down all my infrastructure and starting from scratch?
Depends. Lawyers often do send cease and desist letters and nothing more. If a company discovers an infringement because of the letter they will stop as quickly as they can going to court probably isn't worth the lawyer fees so it most likely will end there.
MPAA and RIAA are not a good example - they were willing to lose a lot of money enforcing their legal rights because they believed that would send an example and in turn stop everybody else. That is they were willing to spend $100,000 to get your to pay a $1,000 fine.
This return on investment is generally something most companies are not willing for. Most companies would rather spend $200 and get nothing in return (other than the infringement stopped), then spend $100,000 or more to win $1,000. I think the reasons are obvious.
Also, you don't want to be seen as a jerk. Many companies pay people to contribute to open source in some way. Some are full time, some are just as needed. Any large project that is seen as a jerk to companies is likely to find less contributors.
A lot of GPL violators are probably well-meaning individual hobbyists, not corporations.
I am not a lawyer, but the language as I read it does not appear to give knowing abusers a big opening. They still have to correct license violations within 1-2 months, unless they're just hoping no one does anything about the violation.
> I remembered when friends were back in the Napster times shook down for a few grand.
RIAA asked infringers for about $2 per infringed song. That seems a pretty fair price--it's only about twice what it would have cost for the people to legitimately purchase copies of the music.
Really? CNN said it was closer to $80,000 when the Napster cases were breaking.[1]
Maybe they offered $2/song for the settlement, but according to this article the settlement offer was $5000 for 24 songs. The 2009 article says the statutory penalties were between $750 and $150,000 per willful infringement. I don't know where you're getting $2 from.
$2 or so (up to maybe $4 in some cases) per song is what they asked for when they sent an initial settlement offer to infringers, before taking any legal action.
If the person would not settle and the RIAA went on to actually sue the person, the RIAA would only sue over a small fraction of the infringed songs.
In the case the article you linked is talking about, they caught her infringing over 1700 songs, and asked for $5000. $5000/1700 = ~$3/song.
When she would not settle, and they sued, they sued over 24 songs. I don't think I've ever seen an official explanation of why they only sue for a handful of songs, but a couple plausible reasons come to mind:
1. They will ask for statutory damages rather than actual damages [1]. Statutory damages are normally a minimum of $750 per infringed work, although that can be reduced to as low as $200 per infringed work if if the infringer was not aware and had not reason to be aware that they were infringing.
They only need 7 songs to win the amount they were willing to settle for when they sent their first letter, or 25 if they think there is any chance the defendant might get the reduced $200 rate.
2. For each song they include in the lawsuit, they have to make sure all the paperwork is in order with the copyright office proving ownership. Copies of that have to be introduced into evidence at the trial.
The defense is going to attack every one of these. The defense is going to ask for all the contracts with the artist and try to prove that the RIAA does not have the right to represent them.
All of this takes time and costs money for no real gain.
In the particular case you cited, the damage award went way above the minimum largely because the defendant tried to destroy evidence, tried to blame her children for the copying, and blatantly lied on the stand. The jury has wide discretion to pick the statutory damage amount from a range, and they picked from the high end of the range.
And do you know what the RIAA did after the jury awarded that large amount? They again offered to settle for a relatively small amount. (I don't remember the exact amount--I think it was around $15000, which based on 1700 songs they caught her infringing would be around $9/song).
That's been the pattern for every RIAA case that went to trial, I believe. (Only a handful went to trial, because most infringers were smart enough to realize that (1) they had no defense, and (2) minimum statutory damages were going to be way more than the RIAA was asking for, and so they settled early).
[1] Actual damages are very hard to determine in most non-commercial copyright infringement cases (and actually they are often very hard to determine in commercial infringement cases, too).
I am pretty sure RIAA do not ask for $2 per infringed song when a company is the one doing the infringement. Maybe per copy, but then that will likely count up to millions in the end, like with the pirate bay case in Sweden. The founders did get charge for infringement of specific films, games and music, and the cost where no where near $2 per work.
As far as I have heard several lawyers doing GPL enforcement, no person has ever been sued over GPL infringement. It has always been companies that sells millions of copies. The $2 figure has no relevance since it don't cover commercial infringement done for profit.
In all fairness to Netflix it took longer than it should have (for which they apologized) but they ended up compensating the guy to his satisfaction. Now perhaps that's just because of how publicly he stated his case but in the end Netflix did do the right thing.
Edit: As for the rest of your post, you make a good point!
>I remembered when friends were back in the Napster times shook down for a few grand. Same with Bittorrent's earlier years. There was no amicable "Plz quit this and were good".
The recording industry did offer an amnesty at the start of their campaign. It required you to promise to delete all existing illegally-downloaded content and promise not to engage of file sharing of copyrighted works in the future. It was called Clean Slate and very few people signed up for it, and it was criticized for various reasons, but they did offer it.
If someone was hacking on a BSD based license, and included code they mistakenly mis-identified the license, I get that. It was an accident. Mention it to them as an issue or email. It's an oversight, accidents do indeed happen.
It reminds me of the recent issue where nVidia copied some dev's code from their GH repo. The repo was unlicensed, but whomever did the copying included it as BSD license. After the dev contacted the repo owner, they fixed it (to my understanding).
These cases are accidents and oversights. And the key here is they're corrected quickly after being brought attention to.
Then you have the other class: habitual intentional infringers. Theyd lift all of Linux, and do. You like those illegal binary dumps with closed source in a release of Linux kernel? Or how about found in countless firmwares on consumer devices? Yeah, its all there, closed source badness and all. And the law allows up to $135k per violation. Ok, times 1 million devices sold. Please pay 135 billion USD.
Does this have to be codified in the license though? I don't think so. All parties just agree on the outcome. That's the way it works. A "free pass" shouldn't be in the license proper.
I found his arguments either dishonest or ignorant. He basically said "Look, I don't have an ideology to push, I chose the license because it served MY needs, FSF is pushing an ideology is GPLv3 and I don't like that.". However, he certainly has an ideology which I call "The roman conception of freedom". It is favored by laze-faire free market types. This is not an "ideology-free" argument.
He is pushing an ideology just as much as the FSF is. At least the FSF is honest and clear about what that ideology is.
He's not arguing that the FSF shouldn't push an ideology. Nor is he arguing that he doesn't have an ideology-- he states it clearly in the video regarding his understanding of the GPLv2-- "I give you the source code, you give me back your changes, and we're even."
He is making a claim that FSF tried to persuade him that the GPLv3 would satisfy Linus' ideology under the reasoning that it allows him to invalidate the tivoization clause.
Here's a quote from Linus from that video:
"Yes the GPLv3 allows you to say tivoization is not an issue for us. But it allows somebody else to take the project and say, hey, the GPLv3 without tivoization is compatible with the full GPLv3. So I will make my own fork of this and I will start doing drivers that use the full version 3. And where am I stuck then? I'm stuck saying, hey, I gave you the source code and now I can't take it back (your changes). That's completely against the whole point of the license in the first place."
Basically Linus' only requirements-- "use and give back"-- are a subset of the FSF's requirements-- "use, give back and don't lock down." Linus is accusing the FSF of claiming that the GPLv3 could do a fine job supporting Linus' requirements when in reality it doesn't protect his software from gaining additional requirements which he explicitly stated he didn't want added. And what would protect his software from that? The very license that they were persuading him to change-- GPLv2. In other words, he's accusing some unnamed representative(s) of the FSF of lying to suit their own ends.
That's rather hard to believe IMO, as I've never read or heard anything from the FSF that is purposely deceitful in this manner. Additionally, I haven't read statements from Linus that are purposely deceitful, either.
I can only surmise that a tiny amount of doctrinal difference collided with enormous egos to create a pathetic waste of time, energy, and goodwill.
> That's rather hard to believe IMO, as I've never read or heard anything from the FSF that is purposely deceitful in this manner.
The FSF has claimed that several licenses that have requirements not present in GPLv2 are compatible with GPLv2; the FSF is very aggressive in pushing the use of their license and their bias for such use definitely colors their representation of facts.
But do you have any evidence of a developer telling them, "I don't want the additional requirements GPLv3 would bring," and the FSF replying, "That's fine, you can just use GPLv3 without the such-and-such clause"?
Aggressively pushing the GPLv3 and misrepresenting its efficacy to GPLv2 fans are two completely different things.
Torvalds has always been very upfront that he doesn't care about software freedom. Note that choice of words very carefully: not "opposes" but "doesn't care about", one way or the other.
He has said from the beginning that the choice of GPL for Linux was a technical one that he thinks produces the best code, and that the GPLv3 offered no technical gains and thus wasn't worth switching to. Presumably if he thought switching to a different license altogether produced better code, he'd do that.
Is not having an opinion on software freedom an ideology? I don't have an opinion on most political questions in, say, Mongolia. Does that give me a particular ideology on whatever political spectrum Mongolia has?
True, but Linux originally used the GPLv2, but IIRC never said anywhere whether it was GPLv2-only or GPLv2 or any later version, or just "GPL". According to the GPL, that means:
> If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.
So Linux could've theoretically upgraded to the GPLv3 (or GPLv2+). However, Linus didn't like that idea, and in 2006 edited the COPYING file to say that it was GPLv2-only. If you really wanted to, you could take the 2006 source code and make a GPLv3 fork of Linux.
> If you really wanted to, you could take the 2006 source code and make a GPLv3 fork of Linux.
You certainly theoretically could, but maintaining, updating, and modernizing such a beast would be out of the reach of most people and organizations. 11 years of progress can't be replicated so quickly, especially when you consider you'd need to do it in a clean-room sort of fashion to be entirely aboveboard, which means many people who are already well familiar with the Linux kernel couldn't even work on it.
At any rate, I think your estimate of the timing is off: I found references to the "GPLv2-only" language in the kernel's COPYING file as far back as linux-2.4.0-test8, which was released sometime in 2000, and I didn't really try to go farther back.
The copyright for Linux (the kernel) is not held by a small number of people or organizations. There are many contributors with copyright notices all over the tree. I don't think he could relicense if he wanted.
Doesn't this clause seems not backwards compatible with GPLv2?
At face value GPLv3 seems more constrained - so it's easy to relicense an existing v2 project. You just tell everyone working on it, okay, now every addition we make has extra requirements (if you want the looser version, you can grab an older copy of our project from when we switched licenses)
Loosening the license on pre-existing code is sorta like if you wanted to make the project (like the Linux kernel) BSD. You'd have to have everyone who has already contributed to agree to loosen the license on their work. If one person thinks "Hell no! I want people to be severely punished" then you're in for a headache.
So then GPLv3 isn't a "superset" and compatible GPLv2? Or did am I misunderstanding something?
No, GPLv3 and v2 have always been incompatible. v2 forbids placing additional restrictions on distribution, whereas v3 adds more requirements (e.g. patent grants). So if you receive code under v2, you can't distribute it under v3, nor can you distribute v3 under v2, nor can you combine them.
The GPL ship has sailed. It used to be every free license could be converted to GPL, so it became the "universal recipient" license. Then Stallman forked it and created two incompatible GPL's, effectively killing his own dream of a copyleft ecosystem. So the only sane thing now is "universal donor" licenses like MIT - or straight public domain. I'm stealing all of this from Rob Landley.
The funny thing is that gpl is mostly used by per profit companies creating a two licensing system. Gpl is great to test drive before buying a commercial license, but other than it’s pretty much ignored except maybe in academia.
well, safari, chrome, osx, iphone, iPad, amazon, android, appletv, and a large number of routers and car systems all use gpl under that license singly. the fact that it's mostly due to linux and khtml seem unimportant when you say so much gpl is dual licensed ( all of those contain software that is gpl only) but, yes, dual licensing is popular too, ie the immense popularity of qt
Eh, what? Safari and Chrome are not GPL - they're Apple / Google freeware built on BSD and LGPL. OSX is proprietary based on BSD. Android is notable for refusing to include GPL components other than Linux. Not sure what you're trying to say here.
If I were to do this with commercial code or assets, would they be so flexible in working with me, or do they go straight to shakedown? I'll give ye all a hint: go look at the MPAA and RIAA's views on that.
I remembered when friends were back in the Napster times shook down for a few grand. Same with Bittorrent's earlier years. There was no amicable "Plz quit this and were good". In fact, they've lobbied multiple times for laws to permanently disconnect after X copyright claims.
So, why should the Open Source community be so damned forgiving when we're surrounded by entities who'd eat every last one of us for lunch if we so much as accidentally used a copyrighted resource?
(I'm thinking no further than Netflix ripping off a photographer https://petapixel.com/2017/11/27/netflix-stole-vhs-cassette-... . Good luck for an Australian citizen to navigate international copyright law to become whole in this regard. )