coordinated compliance efforts addresses the issues of this thread

[Felipe Contreras]

On Thu, Nov 8, 2012 at 9:35 PM, Tito <farmatito at tiscali.it> wrote:
> On Wednesday 07 November 2012 20:03:52 you wrote:
>> On Sat, Oct 20, 2012 at 10:19 PM, farmatito at tiscali.it
>> <farmatito at tiscali.it> wrote:
>>
>> > I would like
>> > to bring to your attention a few articles of this law
>> > as they are in
>> > the "real" reality:
>>
>> The reality in Italy.
>
> Yes, which is part of the EU and therefore
> I guess that its copyright law must be in line
> with european directives.

It might be in line, that doesn't mean every European country has
exactly the same law, let alone the rest of the world.

>> > Collective works made by the union of other works
>>
>> Software projects are not a dictionary; it's collaborative work, not
>> collective work. CPAN is a collection, busybox is not.
>
> There is not such a thing in italian law, there are collective works
> that are characterized by having somebody that acts as coordinator
> and therefore heavily influences the collective work and therefore
> is entitled to be holder of the copyright and to enforce it.
> This is a fact.

Yes, and software projects are nothing like that.

They are not collections.

>> > This opens up interesting questions about the ownership of the
>> > copyright of collective works
>> > like for example busybox or even the
>> > linux kernel.
>>
>> Linus Torvalds has said that it's up to each developer to decide how
>> to exercise their copyright rights. Even if under *Italian* law the
>> Linux kernel was considered nothing more than a compilation of other
>
> Not a compilation, a collective work. Please don't mix up terms.

"Collective works made by the union of other works or parts thereof,
that have a  character of autonomous creations, as result of choice
and coordination for a particular literary, scientific, didactic,
religious, political or artistical purpose, as encyclopaedias,
dictionaries, antologies or newspapers"

*You* should not mix terms, we are not talking about a collection of
works that have a character of autonomous creations; the Linux kernel
is not a collection of patches each one considered an autonomous
creation.

>> works, Linus Torvalds wouldn't ask for enforcement.
>
> Today he wouldn't, tomorrow who knows......
> after tomorrow there will be another maintainer......
> Panta rei.

And the next maintainer still cannot change the nature of the Linux
kernel, which is not a collection of works that have a character of
autonomous creations.

And supposing hyopthetically that he did, he couldn't claim anything
for the work that Linus did, so it's really dubious how exactly this
article would apply, and even if it did apply, let's wait for that to
happen, this is already too many hypothetical levels.

>> > it is very naive for the part that concers the
>> > commercial entity
>> > as in most law system there are the concepts of:
>> > 1) due diligence
>> > 2) wilful misconduct
>> > 3) worngful conduct
>>
>> The burden of proof is on the plantiff to demonstrate either of those,
>> and if the defense shows proof of due diligence, and no signs of the
>> other, they can't be considered at fault.
>
> They cannot be considered at fault of having deliberately
> changed the software license themselves for profit
> but during this process it is ascertained that the software
> is not correctly licensed.

Indeed.

>> But let's assume they are, the court will force to either a) get a
>> proper license from the copyright owner (which might mean complying
>> with the GPL),
>
> Exactly.
>
>> or b) stop using that software from their products. But
>> this doesn't automatically transfer rights to the end-user.
>
> Even in this case why shouldn't the judge order them to "show the source"
> of the already distributed binaries once it is ascertained that the
> software is under the GPL?

The judge might order them to do that, because they violated the
license, but the owner of the code (e.g. me), might provide exactly
the same code under a different license, therefore they wouldn't be
violating the license.

Whether the custom license was provided before or after the product
was launched has absolutely no relevance to the end-user, because the
end-user never saw any license.

But supposing the judge orders them to do that, he cannot enforce such
a thing, they can claim the code was damaged in a server fault, or any
lame excuse like that. In the end the code might be truly gone (e.g.
they deliveratively removed it), and the only thing left is to pay
punitive damages, which _can_ be enforced.

It sounds like something illogical, but companies might opt to do that
rather than to reveal some of their IP.

> There are no law cases until now apart the french "vnc" one
> (where they in fact had to show the source, the source of the
> distributed binary, not an earlier nor a later version)
> so how could you be sure?  it is just your opinion.

The judge might have ordered them to do that, and they might have
complied, but that was their _choice_. They might have decided
otherwise; that they didn't loose too much by giving the code, so they
did it, but if the situation was different, they might have opted to
destroy the code, lie, and face the consequences. It wouldn't be the
first time a company does something inappropriate.

>> Which is what the court would ask them to do anyway, even if they are
>> not guilty of misconduct. The only difference is that they won't get
>> punitive damages.
>>
>> > I also doubt
>> > you would dare  to make the same example
>> > if the program at stake would
>> > be a proprietary software.
>>
>> Yes I would, specially in this case. If my software is proprietary, a
>> colleague of mine sells it to another company, how on Earth can the
>> company be blamed for something they didn't know (and couldn't know).
>
> Usually it is possible for people educated in some activity to  value the
> work of other people working in the same field.

I don't understand what you are trying to say here. If I wrote the
code, Federico took it and sold it as his own to Company X, how on
Earth could Company X know that if it was not public?

>> They can't use Google to search for my code, because it's not there.
>> So even if the company spends tons of resources in their due
>> diligence, they won't find anything wrong.
>
> If they don't want to of course they will not find that something is wrong.
> Sometimes asking a few simple questions helps:
> 1) who is this man?

Federico, a software engineer.

> 2) is he a reliable partner of other corporations?

Yes, he has worked in many big successful companies. (including the
one I was working for)

> 3) where are his headquarters?

His home.

> 4) how many people compose the staff?

Only himself. There's many successful one-man companies.

> 5) how many years needs his staff to write such a software?

6 man months.

> 6) was this software ever seen or heard of before?

No.

> 7) is there other software out there performing the same functions?

No.

> 8) is there maybe some GPL software out there performing the same functions?

No.

> _________________________________________________________________________
>
> Result:  No money for Federico

If Federico didn't get any money, a lot of colleagues from one-many
companies would be having very difficult times (they aren't).

>> > Now let us reduce and analyze the only
>> > important step of the example:
>> >
>> > 3)         Federico (licensor) ->
>> > Commercial entity (licensee) # Commercial entity  gets the
>> > source code
>> > by paying money to Federico, which provides it with a  __(FALSE)__
>> >
>> > propriety license
>>
>> It is a true license. Federico can sue the Commercial entity for not
>> complying with the license. The license might get invalidated if it's
>> found out that Federico had no rights to license the software, but
>> that makes it invalid, not "false" (whatever that might mean), and
>> that might not happen at all.
>
> False means fake.

Maybe, once something is determined to be fake.

> Federico deliberately changed the original license with a fake one with the purpose of making a profit.

Yes, but if nobody determines the license is a fake, the license remains.

>> > The commercial entity must follow the principle of
>> > due diligence
>> > and have to ascertain that the source code they are
>> > buying for their product
>> > is legally sound  as they have the knowhow
>> > legally and technically.
>> > If they fail to do so it is at least a wilful
>> > misconduct. In other words no
>> > commercial entity whatsover will give
>> > money to the first Federico that comes knocking
>> > at their door without
>> > being sure he is the author of the software being sold.
>>
>> Nobody can be sure of anything.
>
> Yes and the Earth is a dish.

Yes, Spherical Earth, Heliocentrism, Gravity, Evolution, they are all
_very_ strong theories. But any scientist would tell you nothing is
100% sure. 99.9e100 maybe, but not 100%.

>> After doing their due diligence they
>> might find no signs that the software comes from another entity, where
>> in fact they are wrong. Specially if the software is proprietary.
>>
>> In a trial, if they show proof of this due diligence, they are out of
>> the waters.
>>
>> > In case of a wrongful conduct/wilful misconduct
>> > there are third parties that are damaged
>> > and that are entitled to start
>> > a legal action whatever the outcome will be.
>>
>> Yes, *in that case*, which might not be.
>
> But also might be and as you said before: Nobody can be sure of anything.

Of course, but things that might happen in certain circumstances are
not *rights*.

Is it *possible* that you, as a user, will sue a company for a GPL
violation and will get the source code you seek as a result?
Definitely. Is is a *right*? No.

Cheers.

-- 
Felipe Contreras