No open source license is more topical than GPL, because it is highly contagious. GPL stipulates that the distribution of derivatives must also be open source based on GPL. It sounds simple, just open source code, but many enterprises can't do it.
Therefore, many open source authors often ask the other party to stop violating the rules through legal proceedings, that is, to publish the modified source code, which is the so-called enforcement of the GPL.
In the litigation related to GPL, most of the defendants are large enterprises, and the amount of claims is huge. Especially in the early days, many enterprises generally did not have the awareness of open source compliance, so one can tell one. Previously released《 Don't violate the GPL, SFC will keep an eye on you 》This article describes in detail how SFC (Software Freedom Protection Association) became famous by enforcing the GPL.
Although most of them are out of court settlements, these lawsuits are like a warning sign, reminding many people that GPL means risk. This has more or less tainted GPL's reputation. For a long time, GPL makes people keep away from it.
In fact, it is not so terrible. For developers, communities, enterprises and non-profit organizations involved in open source, enforcing the GPL by legal means does not pay off. So after being aware of the negative effects brought by the lawsuit, all parties unexpectedly reached an agreement: refuse to abuse GPL copyright litigation.
As for the reason, we can only say that each has its own small plan, but in any case, we at least expressed our attitude - we are not a bully without discussion 。
Abandonment: Code is useless
What benefits can litigation bring? From a realistic perspective, it is not good, but will bring a lot of trouble.
In 2007, SFLC( Software Freedom Legal Center ) On behalf of BusyBox developers Rob Landley and Erik Andersen, We initiated a GPL copyright infringement lawsuit against Monsoon Multimedia because it uses BusyBox code but never publishes the source code.
For Landley, nothing is more important than feedback code in this lawsuit. But finally relevant After the code, Landley Evaluated with four words : "It's useless".
From an engineering perspective, is BusyBox worth it? no We didn't get a line of useful code from any litigation I participated in. SFLC (Software Freedom Law Center) occasionally receives large cheques, and it leaves most of them to fund the next lawsuit, but the code we get is meaningless nonsense of stupid developers.
In fact, it not only did not add any code for the BusyBox repository, but also led many companies to completely quit Linux development and use non Linux operating systems to develop their embedded products. Because BusyBox is commonly used in Linux embedded devices, most of BusyBox users are Linux users. A brick was drawn and a wall fell.
Open source lawyers and developers Luis Villa It is believed that most companies will not enforce GPL, because the code quality, time and money spent, trouble and customer risk brought by the past are not worth it.
He said that even if the code is obtained by enforcing the GPL, it does not have much effect, because they may not meet the business requirements, and if the code is poorly written, it will take time to maintain it. In addition, most of the illegal enterprises are Small companies that cannot afford GPL compliance will not make much money even if they sue them.
Landley once pinned his hopes on litigation, saying that“ I just hope people respect GPL. ”However, he finally abandoned the lawsuit and BusyBox. After that, Landley devoted himself to the development of Toybox, which was a substitute without GPL constraints and was released under the 0BSD license.
Opposition: Lawsuits Destroy Communities
The Linux kernel has always been the main battlefield of GPL enforcement. Although many lawsuits are defending Linux rights, Linus, the founder of Linux, does not buy it.
Linus once praised GPL: "I really think that the license is one of the decisive factors for Linux's success, because it forces you to give back."
However, when SFC filed a lawsuit against an enterprise that violated the GPL and asked for code feedback, Linus said it was the "typhoid Mary" that spread the disease, causing endless lawsuits and quarrels.
I think SFC is on your side anyway. How can I say that if I turn over, I will turn over. What happened?
Because Linus believes that the litigation initiated by SFC has damaged the community. He said that the enforcement of BusyBox's GPL compliance may be the highlight of SFC, but it is not for BusyBox. Although the developer won the court, what really happened was "a lot of quarrels. Individual and enterprise developers and users all fled in groups.
Litigation will destroy everything, not "protect". Lawsuits have destroyed communities. They have undermined trust. They will destroy all the goodwill we have built through friendship over the years.
Lawsuits turn friends into enemies.
FSF has tried the confrontation mode, which is why people begin to use "open source" instead. The reason why we are very successful is precisely because we have no madman confrontation.
Litigation keeps more people away from BusyBox and GPL rather than generating useful code, so litigation actually does not help.
In the Linux community, Linus is not alone in opposing litigation.
Greg Kroah Hartman, the maintainer of the Linux stable branch, said, He is not opposed to "enforcing the GPL" What he opposes is the use of legal means to enforce. Because litigation is the fastest way to irritate enterprises and make enemies with them, and enterprises are an important part of the community.
He said that in the past 25 years, once it was found that a company violated the GPL, developers in the Linux community would quietly cooperate with the company, show them the benefits of the GPL, and persuade them from within that the GPL was worthy of compliance. Although this method is "slow, tired, frustrating and thankless", it works. It is not only Linux followers but also opponents that are attracted. They not only develop the community, but also win their trust in the GPL license.
Greg said that Intel used to abuse GPL, but today, it is not only a leading contributor, but also one of Linux's closest friends. So does Microsoft. None of them has ever had any litigation related to Linux.
Reservists: Litigation is the last resort
For FSF (Free Software Foundation) and SFC, violating GPL means weakening software freedom, that is, the right of users to use software. Therefore, in litigation, they value whether to defend software freedom more than what they can obtain.
There is no grey zone here, only black or white. "We can either give up the GPL or enforce it in court." Open code is the primary demand, which has not been discussed; Compensation is also necessary, so we have to save it for the next lawsuit. No one is more serious than them.
You know, both the FSF and the SFC have ever killed the four sides, showing their sharp edges. FSF once initiated a lawsuit against Cisco, and the two parties finally reached a settlement on the condition that Cisco provided donations (the amount was not disclosed) and the code was compliant; SFC once sued 14 enterprises, all of which are electronic manufacturers, which is a precise attack.
But now these two organizations have a solid position. If they hook up with each other, illegal enterprises will come to be good friends. Moreover, more and more enterprises have improved their awareness of open source compliance, and violations are increasingly rare.
In 2015, FSF and SFC jointly formulated Community oriented GPL Implementation Principles 。 It mentioned:
Legal proceedings are the last resort. Compliance action is primarily an education and assistance process to help those who do not comply with the permit. Most GPL violations occur by mistake and are not malicious. Sometimes, we have no obligation to sympathize with intentional violations or violations caused by gross negligence. Even so, litigation is the last resort.
Community oriented law enforcement must not give priority to economic interests. If used properly, fines are a legitimate tool to achieve compliance. However, it is usually unnecessary to seek damages within the maximum scope permitted by copyright law.
Their words were restrained and restrained, which made people wonder whether they had already "washed their hands". However, FSF and SFC still retain litigation as a means of enforcing GPL, but will be more cautious when initiating litigation.
Don't be too nervous. Even if a lawsuit is initiated, the goal of legal action is to obtain compliance, not to prevent the defendant from releasing software again, or to obtain huge compensation.
Bradley Kuhn, a policy researcher at SFC, also said that violating the GPL means infringing copyright, which may be "terrible" for enterprises violating the GPL. But the fact is that SFC implements the GPL with the goal of teaching them how to continue to comply with the GPL terms and continue to use the software.
Kindness Sect: give 30 days to remedy
The Community oriented GPL Implementation Principles are representative enough, but there are still commercial companies who are nervous and afraid of GPL enforcement because it is unpredictable, unstable and has no clear implementation process.
This is due to GPLv2's termination terms. Once a user violates GPLv2, the license will be terminated immediately - making the non compliant user a copyright infringer without any "remedy" time.
Therefore, after it was revealed that Patrick McHardy privately carried out GPL law enforcement for millions of euros, the Linux community took further actions to rebuild user confidence and help guide law enforcement activities back to the original purpose that the Linux community has been seeking for years - practical compliance.
In October 2017, the Linux Foundation released a Kernel mandatory declaration , as an additional license of GPLv2, the kernel developer is required to sign and make a commitment to the kernel user.
The commitment comes from the "remedy clause" in GPLv3. In fact, it is to provide the licensee (which can be simply understood as the person who distributes software derivatives) with 30 days to remedy any violation of GPL. After receiving the notice of violation, if the violation is corrected within 30 days, the license will not be terminated.
One month later, Red Hat, IBM, Google and Facebook made "GPL Cooperation Commitment" To reduce the abuse of law enforcement and let more people use and develop open source software.
This commitment is also from the "remedy clause" in GPLv3, which has been More than 60 enterprises joined Domestic Internet enterprises such as Alibaba and Tencent are also among them.
The GPL cooperation commitment is very similar to the mandatory declaration of the Linux kernel, but the scope is broader. The mandatory declaration of Linux kernel is limited to Linux kernel contribution, but the GPL cooperation commitment applies to all codes licensed by the company according to GPLv2 and LGPLv2. x.
It doesn't mean that these enterprises have given a lot of benefits. At least their attitude is to tell users that my GPLv2 code is safe and will not maliciously prosecute violators.
In a word, no matter which faction, no one wants developers to stay away from GPL. It is the most representative open source license for software freedom. Although all parties have released great goodwill, and historically, GPL litigation can only really happen when one party refuses to comply with the requirements, GPL is still regarded as a threat.
A sad fact is that GPL is inevitably declining. A recent WhiteSource item Survey shows The utilization rate of GPL is getting lower and lower. On the contrary, wide and loose licenses such as Apache 2.0, MIT and BSD are rising.
