coordinated compliance efforts addresses the issues of this thread (was Re: Amusing article about busybox)

Felipe Contreras felipe.contreras at gmail.com
Mon Sep 24 14:37:11 UTC 2012


On Fri, Aug 24, 2012 at 10:24 PM, Tito <farmatito at tiscali.it> wrote:
> On Friday 24 August 2012 18:20:12 Felipe Contreras wrote:
>> On Wed, Aug 15, 2012 at 9:45 PM, Bradley M. Kuhn <bkuhn at ebb.org> wrote:
>> > Felipe Contreras wrote at 11:31 (EDT) on Monday:
>> >> if you are a big company an a unit used my code by mistake I'm not
>> >> going to sue you and screw the rest of your units.
>> >
>> > I don't think anyone, including those of us in the BusyBox community who
>> > enforce the GPL, want to "screw" companies or any of their units!  No
>> > company who makes good efforts to fix compliance problems has ever been
>> > sued by any BusyBox copyright holder.  Do you know of a specific case
>> > where that's not true?
>>
>> So if part of the company makes good efforts, and another part of the
>> company does not, the company as a whole wouldn't be sued? I think it
>> would.
>
> There is not something like a part of company.

Yes there is.

> Ther is a company that produces a product and then sells
> it to make some money. If for example your product
> is defective you don't ask wich unit has engineered or produced
> it or sold it or delivered it as the company is liable for the warranty.

True, the law doesn't make any distinction, which is part of the problem.

>> >> No, I'm explaining why the Linux kernel developers don't want that. I
>> >> do hope the Busybox developers see the light as well, but I'm not
>> >> holding my breath.
>> >
>> > BusyBox and Linux developers are now working together on GPL
>> > enforcement, coordinated via Conservancy, as I mentioned in this email
>> > that I sent on 29 May 2012, which was posted as follow-up to this thread:
>> >       http://lists.busybox.net/pipermail/busybox/2012-May/077908.html
>>
>> *Some* Linux developers. Probably the copyrights owned by these don't
>> even amount to 1% of the Linux code.
>
> Nonetheless this developers having contributed to the project under a  precise
> license have some rights, particularly the right to have this license enforced
> even if the project maintainers or other entities do not enforce it.

I have a single file in Linux with my copyright, that's the only code
I can ask for enforcement. I have absolutely no say in the rest of the
99.99% of the code.

> I want my rights enforced!!! for a simple reason because if you don't
> fight for your rights you end with no rights at all.

That's _your_ opinion.

>> > Clearly, some Linux copyright holders and some BusyBox copyright holders
>> > are in agreement to work on compliance together in the same way.
>> >
>> > Indeed, Conservancy as a whole and I personally listened carefully to
>> > the feedback from this thread and other places that had a discussion
>> > about this.  I heard the message that the community wanted to see a
>> > broad coalition of copyright holders of different projects who all agree
>> > on enforcement strategy.  Denys even personally asked me to make sure
>> > that Conservancy's compliance efforts were as inclusive as possible.
>> > And, that's what we now have.
>>
>> I hope this means the proxy strategy doesn't get used: if a company
>> violated the busybox GPL, that doesn't mean it cannot ship products
>> with other GPL projects (e.g. Linux).
>
> If a driver does something bad with his car he sometimes ends up
> with no driving license.
> This of course is not the fault of who enforces the law
> but his fault as he did something he knew is forbiddden.
> The same way i suppose you don't go in shops take
> some goods and go out without paying as you know
> that you have to pay.
> It is the same with gpl software, you don't use it
> if you don't want to make the sources available.
> You know this before you use it as the license is
> contained in the very same source code that you intend to
> use and can not be overlooked unless you want to do it.

You are minimizing the issue. If you want a more homologous analogy,
it would be more like you pay your goods, but somebody with your same
surname doesn't, and because of him you are forced to stay until he
pays, because the law doesn't make a distinction between different
individuals of the same family. It's much easier to just buy goods
with other licenses than risk this ordeal.

>> >> If you have a bad unit that screwed up, and this affects the products
>> >> of good units; that's not good.
>> >
>> > Even after all this time since this discussion started, no one has shown
>> > one example where this outcome *actually* occurred.  This was a
>> > speculation of what a copyright holder *could* ask for under copyright
>> > law in the USA if infringement occurs.
>>
>> Lawyers don't care about things actually occurring, but what could
>> potentially happen. And potentially if say one unit of Sony is
>> negligent and has a GPL violation shipping busybox, Conservancy could
>> ask for an injunction to stop all products shipping GPL code,
>> including products from another unit who did it's job properly. Simply
>> having this threat would make lawyers worry, and recommend busybox not
>> to be used.
>>
>> If Conservancy explicitly states that only projects that want GPL
>> enforcement will be targeted, and not use the proxy method to target
>> *all* GPL code, then perhaps in practice people won't have problems
>> using busybox. But I haven't seen any public statement of this sort,
>> so the fear is still probably out there.
>>
>
> People will have problems using busybox only if they violate
> the license busybox is under, it is as simple as that.

No, it's not that simple.

I might be complying with it to the letter, but somebody in another
team might not be, and I might suffer.

>> > As I said elsewhere in this thread months ago, Conservancy works very
>> > very hard to make sure compliance issues don't disrupt a violators'
>> > business.  The only way it could possible disrupt their business is if
>> > they spend months and months ignoring Conservancy's requests to work
>> > with us to come into compliance.  Even then, Conservancy, in our
>> > enforcement efforts, we continue to look for ways to keep the business
>> > going while we help them come into compliance.
>>
>> Again, if these efforts only target project that explicitly request
>> GPL enforcement, then I think that's OK.
>>
>> >>> That is not true. SFC can't force anybody to comply with the kernel
>> >>> license unless they act on behalf of the copyright holders of the
>> >>> kernel.  They can just convince the companies that it is cheaper for
>> >>> them to comply with the kernel license.
>> >
>> >> They can do it as a proxy.
>> >
>> > IMO, this whole discussion is moot: Conservancy now does indeed enforce
>> > directly on behalf of a growing list of Linux copyright holders who
>> > stand alongside BusyBox copyright holders in our enforcement actions.
>> > (And, Samba developers are involved too, for those cases where Samba is
>> > also present.)
>>
>> No, it's not moot. You can only enforce the code that is copyrighted
>> by these Linux developers, which is probably less than 1%.
>>
>
> Even this 1% percent is worth to be protected and if you have
> to rewrite 1% of a few million lines of code taking it for "free"
> without complying with the license maybe will not be economically
> appealing anymore.

If this 1% wants to be protected, that's their choice, but I wouldn't
say "Linux wants enforcement"; that is an exaggeration, in fact it's
only a very small fraction of it.

-- 
Felipe Contreras


More information about the busybox mailing list