Collaborative GPL Compliance Through Non-Profits

Bradley M. Kuhn

Wednesday 17 April 2013

Nature of Free Software Community

• Through the eyes of a GPL enforcer …

• The Free Software Community is separated into two equally important groups:
  • The permissively licensed, who use social pressure to liberate code.
  • The copyleft licensed, whose license requires liberation.

• (Copyright infringement shouldn’t be a crime, BTW: this is just an analogy.)

Should Copyleft Exist?

• I’m not objecting to the debate: Should we have copyleft?

• But I’m somewhat sick of defending the idea of copyleft.

• Conservancy has both types of projects:
  • We help our permissively-licensed be permissive.
  • We help our copyleft projects be copyleft.
• Both are useful, and Conservancy does both.
  • But we’d do a disservice to our copylefted member projects if we ignored violations.

Upholding Copyleft

• When those projects started:
  • individual copyright holders wanted legal protection through copyleft.

• It’s part of their culture and ethos.

• Conservancy’s job:
  • Do non-software-development/documentation tasks for projects.
  • Enforcement clearly qualifies.

How Copyleft Works

• What do you do when someone violates?
  • (and social pressure for compliance fails)?
• Copyright enforcement
  • … (yes, similar stuff to what the MPAA does: EEP!)
  • … but for a good cause: the four freedoms.
  • “using the tools of the oppressor against the oppressor”

“Traditional” Compliance

• FSF asked for copyright assignment to enforce for some GNU packages.

• FSF’s roles were admittedly tough to consider separately:
  • Employer of the authors of many GNU packages.
  • copyright holder of package copyrights.
  • author of GPL & related licenses.
  • advocacy organization for software freedom.

• Confusion is really just victim of being first.

• (Full Disclosure: I’m on FSF’s Board of Directors … but also …)

Compliance: Service to Developers

• … but also … my day job is Executive Director of Software Freedom Conservancy.

• Conservancy gives a wide range of services to projects.

• Compliance is just “one of those services”.

Historical BusyBox Enforcement

• Andersen rewrote BusyBox from scratch (starting 2001).

• BusyBox standard userspace for embedded systems.

• Linux plus BusyBox:
  • PB&J of embedded systems.
  • Usually out of compliance.

Is It Really Degrading?

• The Tempest in a Toybox.

• BusyBox enforcement was de-facto Linux enforcement.
  • BusyBox copyright holders (Conservancy and Andersen) asked for comprehensive GPL compliance.
  • Some Linux developers felt this was unfair.

Busybox is arguably the most litigated piece of GPL software in the world. … Litigants have sometimes requested remedies outside the scope of busybox itself…

Denys, The Voice of Reason

• Current BusyBox maintainer has that special skill of Free Software developers …
  • … to find the sane arguments hidden among troll-ish attacks.
• I walk through Brussels on the phone with Denys …
  • … the day before FOSDEM 2012 …
  • … and he convinces me:
• To continue with enforcement, Linux developers must be involved.

Why Special Case Linux?

• Linux violations are rampant.

• Denys asked us to engage.

• Also, various Linux developers …
  • … like Matthew Garrett …
  • … had bugged Conservancy for years to help with enforcement.

• GPL Compliance Project for Linux Developers gives structure to Linux compliance activity.

Compliance As Collaboration

• Multiple Conservancy projects are GPL or LGPL.

• Nearly all agree on compliance goals:
  • Simply this: work with violators to get a source release that works.
• Conservancy does the work:
  • giving updates to copyright holders involved …
  • … using the tried-and-true, simple Free Software community tool:
  • just a mailing list (& occasionally face-to-face meeting).

Who Can Join?

• Any copyright holder on an existing Conservancy project can request enforcement:
  • approval for a compliance program required by projects’ leadership committee.
• Linux developers can join …
  • … even though Linux proper isn’t a Conservancy project.
  • They join through a “special” project …
  • GPL Compliance Project for Linux Developers.

Please Never Forget

• GPL compliance is (roughly) only about 5–10% of what Conservancy does.

• Tim Bird may think GPL compliance work is controversial:
  • Conservancy disagrees.

• Everything Conservancy does is the uncontroversial but important non-software-development tasks for Free Software projects.

More Info / Talk License

• URLs / Social Networking / Email:
  • Conservancy: sfconservancy.org & @conservancy
  • Me: faif.us, ebb.org/bkuhn & @bkuhn (identi.ca)
  • GPL violations: <compliance@sfconservancy.org>
  • Slides: ebb.org/bkuhn/talks & gitorious.org/bkuhn/talks (source)
  • DONATE: http://sfconservancy.org/donate/