The policy of GPL Open Source will hurt the related commercial values?

The policy of GPL Open Source will hurt the related commercial values?

No open source license is more topical than the GPL, because it’s so contagious.

The GPL stipulates that the distribution of its derivatives must also be open source under the GPL. It sounds simple, just open source, but many companies can’t do it.

Therefore, many open source authors often pass legal proceedings to ask the other party to stop the violation, that is, to disclose the modified source code, which is the so-called GPL enforcement.

In GPL-related lawsuits, most of the defendants are large enterprises, and the amount of claims is huge. Especially in the early days, many enterprises generally did not have the awareness of open source compliance.

The previously published article ” Don’t violate the GPL, the SFC will stare at you ” describes in detail how the SFC (Software Freedom Protection Association) became famous by enforcing the GPL.

While most settled out of court, these lawsuits serve as a warning sign to many: GPL means risk. This somewhat stained the GPL’s reputation. After a long time, the GPL has been avoided.

Actually, it’s not that scary. For developers, communities, enterprises, and non-profit organizations in open source, the legal means to enforce the GPL is not worth the gain. So after realizing the various negative effects of the lawsuit, the parties surprisingly reached an agreement: reject the abuse of the GPL copyright lawsuit.

The reason can only be said that each has its own small abacus, but in any case, at least the attitude is expressed – we are not bullies that cannot be negotiated .

The supporters of Open Source: Code is useless

What are the benefits of litigation? From a realistic perspective, not only is there no benefit, but it will bring a lot of trouble.

In 2007, SFLC ( Software Freedom Law Center ), on behalf of BusyBox developers, Rob Landley and Erik Andersen, filed a GPL copyright infringement lawsuit against Monsoon Multimedia for using BusyBox code without ever releasing the source code.

To Landley, nothing in this lawsuit is more important than giving back code. However, after finally getting the relevant code, Landley used a four-word evaluation : “useless”.

Is BusyBox worth it from an engineering standpoint? Do not. We haven’t gotten a single useful line of code from any of the lawsuits I’ve been involved in. SFLC (Software Freedom Law Center) occasionally gets big checks, and it leaves most of it to fund the next lawsuit, but we get code that is pointless nonsense by stupid developers.

In fact, not only did it not add any code to the BusyBox repository, it caused several companies to pull out of Linux development altogether and instead use non-Linux operating systems for their embedded products.

Because BusyBox is commonly used in Linux embedded devices, the users of BusyBox are mostly Linux users. Really smoked a brick and knocked down a wall.

Open source lawyer and open source developer Luis Villa believes that most companies won’t enforce the GPL because it’s not worth it in terms of the quality of the code you get, the time and money you spend, the hassle and customer risk.

Even if the code is obtained by enforcing the GPL, it doesn’t help much because it may not meet the business requirements, and if the code is poorly written, it will take time to maintain, he said. In addition, the offending businesses are mostly small companies that cannot afford GPL compliance, and even if they sue them, they won’t make much money.

Landley had pinned his hopes on the lawsuit, saying, ” I just want people to respect the GPL. ” He eventually dropped the lawsuit, though, and BusyBox. After that, Landley threw himself into the development of Toybox, a non-GPL-bound alternative released under the 0BSD license.

Opposition: Lawsuits destroy communities

The Linux kernel has long been the main battleground for GPL enforcement. Although many lawsuits are defending Linux rights, Linux founder Linus does not buy it.

Linus once raved about the GPL: “I really think the license is one of the determining factors in Linux’s success, because it mandates that you have to give back.”

However, when the SFC filed a lawsuit against companies that violated the GPL, demanding code back, Linus called it a “Typhoid Mary” that spreads the disease, triggering endless lawsuits and quarrels.

The SFC is on your side anyway, so what happened?

Because, Linus believes, the lawsuits sparked by the SFC are ruining the community. He said that BusyBox’s GPL compliance enforcement may be the SFC’s brightest moment, but not for BusyBox. While the developers won in court, all that really happened was “a lot of bickering, with individual and enterprise developers and users fleeing in droves.

Litigation destroys everything, not “protects.” Lawsuits destroy communities. They destroy trust. They will destroy all the goodwill we have built over the years through friendship.

Lawsuits can turn friends into enemies.

FSF has experimented with adversarial models, which is why people started using “open source” instead. We were so successful precisely because we didn’t have a lunatic confrontation.
Lawsuits are driving more people away from BusyBox and the GPL than producing useful code, so lawsuits don’t really help.

In the Linux community, Linus is not alone in opposing the lawsuit.

Greg Kroah-Hartman, maintainer of the Linux stable branch, said he’s not against “enforcing the GPL” , he’s against using legal means to enforce it. Because lawsuits are the quickest way to anger and make enemies of businesses, and businesses are an important part of the community.

For the past 25 years, developers in the Linux community have quietly worked with companies to show them the benefits of the GPL and convince them from the inside that the GPL is worth complying with, he said. Although it was “slow, tiring, frustrating, and thankless,” it worked. It’s not just Linux followers who have won over, but also opponents, not only growing the community, but also winning their trust in the GPL license.

Greg said that Intel has abused the GPL in the past, but today it is not only a leading contributor, but one of Linux’s closest friends. So is Microsoft. None of them have ever had any lawsuits related to Linux.

Reservationists: Litigation is a last resort

For the FSF (Free Software Foundation) and SFC, violating the GPL means undermining software freedom, the user’s right to use the software. So, in a lawsuit, they’re more concerned about defending software freedom than what they actually get.

There are no grey areas here, only black and white. “We either give up the GPL or enforce it in court.” Open code is the primary demand, and this matter is not negotiable; compensation is also required, and a lawsuit must be saved. No one is more genuine than them.

You know, whether it is FSF or SFC, they have all killed the Quartet and showed their sharpness. FSF once initiated a lawsuit against Cisco, and finally reached a settlement on the condition that Cisco provided donations (the amount was not disclosed) and code compliance; and SFC once sued 14 companies in one go, all of which were electronic manufacturers, which is a precise blow to that Yes.

It’s just that these two organizations are now in a solid position, and the companies that violate the rules will come to be friends. Moreover, more and more enterprises have increased their awareness of open source compliance, and violations are becoming less common.

In 2015, the FSF and SFC jointly developed the Community-Oriented GPL Enforcement Principles . It mentions:

Legal action is a last resort. Compliance actions are primarily an education and assistance process to help those who do not comply with the license. Most violations of the GPL occur by mistake and without malice. There are sometimes intentional violations or violations that result from gross negligence, and in these cases we are under no obligation to be sympathetic. Even so, litigation is a last resort.
Community-oriented enforcement must never prioritize financial interests. When used properly, fines are a legitimate tool to achieve compliance. However, seeking damages to the fullest extent permitted by copyright law is usually unnecessary.

The words are forbearance and restraint, and people can’t help but wonder if they have “washed their hands with gold”. But the FSF and SFC still retain litigation as a means of enforcing the GPL, but are more cautious in initiating litigation.

Don’t be too nervous, even if there is a lawsuit, the goal of legal action is to gain compliance, not to prevent the defendant from re-publishing the software, or to get huge damages.

Bradley Kuhn, a policy researcher at the SFC, has also stated that violating the GPL means infringing copyright, which may be “terrible” for violating companies, but the fact is that the SFC enforces the GPL, and the goal is to teach them how to continue to abide by the terms of the GPL, and Continue to use the software.

Other opinion: Give 30 days to remedy

The “Community-Oriented GPL Enforcement Principles” is enough to represent attitudes, but there are still commercial companies who will be nervous and fearful of GPL enforcement because it is unpredictable, not stable enough, and has no clear enforcement process.

Blame the GPLv2’s termination clause, which immediately terminates the license once a user violates the GPLv2 – making the non-compliant user a copyright infringer with no time for any “remedy”.

So, after the revelation that Patrick McHardy was privately conducting GPL enforcement for millions of euros, the Linux community has gone a step further to rebuild user confidence and help steer enforcement activities back to the original purpose the Linux community has been seeking for years. – Actual compliance.

In October 2017, the Linux Foundation published a Kernel Mandatory Statement as an add-on license to GPLv2, requiring kernel developers to sign off on a commitment to kernel users.

The promise comes from the “Remedy Clause” in GPLv3, which is actually to provide the licensee (which can be simply understood as the person who distributes software derivatives) 30 days to remedy any violation of the GPL. The license will not be terminated if the violation is corrected within 30 days of notification of the violation.

A month later, Red Hat, IBM, Google, and Facebook made a “GPL Cooperative Commitment” to GPLv2 and LGPLv2.x licensees to reduce abusive enforcement and allow more people to use and develop open source software.

The content of this commitment also comes from the “remedial clause” in GPLv3. More than 60 companies have joined , including domestic Internet companies such as Alibaba and Tencent.

GPL commitments are very similar to Linux kernel mandates, but broader in scope. Linux kernel mandates are limited to Linux kernel contributions, but the GPL cooperative commitment applies to all code licensed by the company under GPLv2 and LGPLv2.x.

It’s not that these companies have given much benefit, at least the attitude is there, it is telling users: my GPLv2 code is safe and will not maliciously sue violators.

All in all, no matter which faction, no one wants developers to stay away from the GPL, which is the open source license that best represents the claim of software freedom. While there has been a lot of goodwill from all sides, and historically, GPL lawsuits only really happen when one party refuses to comply, the GPL is still seen as a threat.

A frustrating fact is that the GPL is inevitably declining. A recent WhiteSource survey showed that GPL usage has been declining. In contrast, permissive licenses such as Apache 2.0, MIT, BSD, etc. are on the rise.