coordinated compliance efforts addresses the issues of this thread (was Re: Amusing article about busybox)

Bradley M. Kuhn bkuhn at
Wed Aug 15 19:45:16 UTC 2012

Felipe Contreras wrote at 11:31 (EDT) on Monday:
> if you are a big company an a unit used my code by mistake I'm not
> going to sue you and screw the rest of your units.

I don't think anyone, including those of us in the BusyBox community who
enforce the GPL, want to "screw" companies or any of their units!  No
company who makes good efforts to fix compliance problems has ever been
sued by any BusyBox copyright holder.  Do you know of a specific case
where that's not true?

> No, I'm explaining why the Linux kernel developers don't want that. I
> do hope the Busybox developers see the light as well, but I'm not
> holding my breath.

BusyBox and Linux developers are now working together on GPL
enforcement, coordinated via Conservancy, as I mentioned in this email
that I sent on 29 May 2012, which was posted as follow-up to this thread:

Clearly, some Linux copyright holders and some BusyBox copyright holders
are in agreement to work on compliance together in the same way.

Indeed, Conservancy as a whole and I personally listened carefully to
the feedback from this thread and other places that had a discussion
about this.  I heard the message that the community wanted to see a
broad coalition of copyright holders of different projects who all agree
on enforcement strategy.  Denys even personally asked me to make sure
that Conservancy's compliance efforts were as inclusive as possible.
And, that's what we now have.

> People make mistakes. Companies have bad units. Bad units are
> negligent sometimes. I already explained that complying with the
> license is not that easy, specially after a produce is launched.

I've worked helping companies get into compliance with GPL for more than
a decade.  I'm quite sure that it possible to reasonably redress past
violations to the satisfaction of the copyright holders involved.
Conservancy works with companies to help them do that.

> If you have a bad unit that screwed up, and this affects the products
> of good units; that's not good.

Even after all this time since this discussion started, no one has shown
one example where this outcome *actually* occurred.  This was a
speculation of what a copyright holder *could* ask for under copyright
law in the USA if infringement occurs.

As I said elsewhere in this thread months ago, Conservancy works very
very hard to make sure compliance issues don't disrupt a violators'
business.  The only way it could possible disrupt their business is if
they spend months and months ignoring Conservancy's requests to work
with us to come into compliance.  Even then, Conservancy, in our
enforcement efforts, we continue to look for ways to keep the business
going while we help them come into compliance.

>> That is not true. SFC can't force anybody to comply with the kernel
>> license unless they act on behalf of the copyright holders of the
>> kernel.  They can just convince the companies that it is cheaper for
>> them to comply with the kernel license.

> They can do it as a proxy.

IMO, this whole discussion is moot: Conservancy now does indeed enforce
directly on behalf of a growing list of Linux copyright holders who
stand alongside BusyBox copyright holders in our enforcement actions.
(And, Samba developers are involved too, for those cases where Samba is
also present.)

> There's no need to ignore the license. Companies follow the GPLv2
> license, yet they avoid busybox for obvious reasons, that apparently
> you are never going to understand. The real world is beyond your
> grasp.

If they avoid BusyBox, they have to avoid Linux and Samba, too, and any
other GPL'd project where enforcement occurs, which is many others as
well that aren't involved with Conservancy.  These companies will have
to make their choice: either they want to follow the requirements of
GPL, or they'll switch to a FreeBSD-based system.

Of course, it's easier to comply with the BSD-like licenses than GPL;
BSD-like licenses aren't copylefts.  But just because it's more work to
comply with GPL doesn't mean that complying with GPL is too arduous to
be worthwhile.  Many companies see the value in GPL, because it defends
them as well when they contribute code back.

> it's not surprising that more permissive licenses are on the rise,
> presumably because of the kind of thinking that you show:

Note that the methodology of the analysis done in that article has been
called into question with competing analysis that shows substantially
different results.  See: (a recording of which
is available here ).  The 451
Group even covered it here:

I obviously disagree with 451's Group latest conclusion, since if what
John did in his analysis isn't science, then neither is the work that
451 Group did.  The whole point here is that no one has a proved,
statically valid methodology designed yet to study the rise or decline
of any specific license.  We'd need someone who is actually trained in
statistical methods research to really do a study, and I'm not sure it
matters, anyway.

The FLOSSMole data is helpful since it's an open data source (most of
these studies have been done with private data sources), but even if the
FLOSSMole data is used, it's not automatically statically valid.
There's still the disagreement of whether it makes more sense to count
"number of projects that use a license" vs. "number of lines of code
licensed under that license".  I don't think we can settle that dispute
and it's probably off-topic for this list, anyway.
   -- bkuhn

More information about the busybox mailing list