[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Principled free-software license enforcement

February 22, 2017

This article was contributed by Tom Yates

FOSDEM

Issues of when and how to enforce free-software licenses, and who should do it, have been on some people's minds recently, and Richard Fontana from Red Hat decided to continue the discussion at FOSDEM. This was a fairly lawyerly talk; phrases like "alleged violation" and "I think that..." were scattered throughout it to a degree not normally found in talks by developers. This is because Fontana is a lawyer at Red Hat, and he was talking about ideas which, while they are not official Red Hat positions, were developed following discussions between him and other members of the legal team at Red Hat.

To his mind, GPL enforcement has always been an important element of free-software law; not that we should all be doing it, all the time, but like it or not, litigation is part of a legal system. Awareness of its possibility, however, was making some Red Hat customers and partners worried about the prospect. There has not, in fact, been much actual litigation around free-software licenses — certainly not compared to the amount of litigation software companies are capable of generating in the normal course of business — thus Fontana felt their fears were unreasonable.

Nevertheless, customers are customers, and if they're afraid of legal issues, it falls to Red Hat's legal department to try to mitigate those fears. Worse, in recent times things have been getting more interesting on the free-software litigation front. Commercial entities such as Versata and XimpleWare have been filing suit; the Software Freedom Conservancy (SFC) has been active, including in Hellwig v. VMware; and Patrick McHardy has been bringing suits in Germany alleging GPL violations. As Fontana noted, however, the German civil litigation system is quite opaque; since no one who knows what McHardy is doing seems inclined to talk about it, the rest of us don't know much.

The SFC tried to pour oil on the waters in the form of its Principles of Community-Oriented GPL Enforcement, published in conjunction with the Free Software Foundation. The principles were good, but they still didn't calm Red Hat's nervous customers. So Fontana and colleagues decided that it was time for a big company with lots of GPL involvement, by which they meant Red Hat, to join the debate. They want to emphasize that there is a place for GPL enforcement, and that a good starting point for this is the SFC's principles.

Fontana and colleagues, however, are by no means in full agreement with those principles. The SFC's primary objective is full compliance with the GPL; Fontana and his colleagues say that maximum compliance is not the most important goal. The SFC says that confidentiality can increase receptiveness and responsiveness; but Fontana said that the value of confidentiality should not be overstated, and that more details of enforcement cases should be disclosed, including those that have not gone to litigation. The preamble to the SFC's principles says that copyleft uses copyright to defend users' freedoms; Fontana recognizes the importance of those, but for him, the primary objective of enforcement is to promote collaboration and participation in the creation and use of free software by making a level playing field for all participants.

So Fontana's preference is that enforcement should be:

  • Predictable: neither arbitrary nor capricious
  • Not for gain: enforcement for personal or financial gain causes cynicism about the GPL and compliance with it
  • Transparent: we need disclosure of non-profit organizations' donor relationships and how it is decided who and how to sue; interestingly, there was no suggestion that commercial organizations could experience similar conflicts of interest in their funding
  • Without unresolved conflicts of interest: the main concern with these is divided loyalties — consider the position of a company employee who is also personally involved with a free software project when another project developer decides to sue the company

Fontana again tried to take the focus away from litigation. He feels that noncompliance is mostly an awareness problem. Most violators would likely do the right thing if only someone would tell them what that was; he shares the SFC's position on this. Red Hat addresses this by actively trying to help organizations, one-on-one, to come into compliance. He feels that litigation really should be a last resort, and believes he's even stronger on this than the SFC. Litigation is very expensive, locality-specific, and its outcomes can be very bad; it also moves power from developers to judges, which is not really what the community wants. Furthermore, all software that uses a particular version of the GPL uses exactly the same license: it only takes one court to make a bad decision, and an entire community will be affected by it.

There are occasionally times when even Fontana would accept that litigation was justified. One is when there's no strong disagreement on license interpretation; the infringer is simply saying "yes, we know we're doing wrong, but we don't think you can stop us". Another is defensive litigation; someone sues you for something and you countersue for a GPL violation as a quick way to stop the original suit. Twin Peaks v. Red Hat is a clear example of this.

So Fontana is wondering whether the community would benefit from a move toward a community-wide, generally-acceptable and accepted set of principles on when and how the GPL is likely to be enforced. This would be done in the hope that something so widely agreed upon could be used by courts to assist them in ruling when litigation ensues. A visibly irked Bradley Kuhn then asked from the floor why Red Hat was, with no notice, trying to preempt the SFC's principles with a set of its own. Fontana noted that while he is open to engagement on the principles through the SFC's mechanisms, he is less sure whether the view is shared by his colleagues. As he had said, nothing in the talk represented Red Hat's views, but it might be thought that if there were a corporate position on this, the view would then be clearly uniform across the legal department. Fontana also noted that Kuhn had been on the panel that approved his talk, so perhaps it should not have been the surprise that Kuhn was suggesting.

Fontana's talk can now be seen in its entirety from the FOSDEM page on his talk. If I understand Fontana correctly, the core issue is that a set of widely-acceptable and widely-subscribed principles for GPL enforcement would be useful both to Red Hat's commercial clients and to courts that have to rule on the GPL. The SFC's principles are an excellent starting point for creating such a set, but they might not be completely acceptable to Red Hat as they stand. If the SFC wishes to maximize the number of subscribing organizations, it may need to be open to some significant changes. That by no means requires the SFC to allow any such changes, but many sets of slightly-different principles may prove less useful to the community in the long run than one less-perfect but more-widely-accepted set.

[Thanks to the Linux Foundation, LWN's travel sponsor, for making this article possible.]

Index entries for this article
GuestArticlesYates, Tom
ConferenceFOSDEM/2017

to post comments

My question was slightly different from what is written above

Posted Feb 22, 2017 17:27 UTC (Wed) by bkuhn (subscriber, #58642) [Link] (2 responses)

I think the article incorrectly restates my question. However, I do admit that I was slightly irked at the time, so perhaps I failed to ask the question with perfect clarity. (The article seems in fact to be conflating my question and the question from Tom Marble just before mine. There's a video on FOSDEM's site if people want to verify all this. :)

I asked two questions; only the second one is iscussed in the article above. What I was asking in that second question was why Fontana, or Red Hat generally (depending on who he represented — he started with a “not my employer's views” disclaimer, but also said “we” a lot in the talk so it was unclear whose views were being presented) had not engaged in the existing public mechanisms created for feedback on the Principles, but instead surprised everyone with his criticisms in the talk.

To be clear, I'm glad for his criticisms: Fontana is a personal friend of mine and a great copyleft thinker so if he thinks something is missing, I want to know about it and discuss. But even Fontana admitted to me later that some of his criticisms were a bit half-baked thus far. Before this article even came out, I had already encouraged him to post his feedback on list for full discussion, and I hope he does!

As for the fact that I was on the committee for the DevRoom in question, as I said during Q&A; the proposal didn't say that Fontana would be bringing forward detailed criticisms of the Principles in the talk. If it had, I would have suggested at the time to Fontana that he post them and discuss them publicly on-list before the talk so the talk could be a full discussion with many viewpoints presented.

My question was slightly different from what is written above

Posted Feb 22, 2017 19:30 UTC (Wed) by madhatter (subscriber, #4665) [Link] (1 responses)

Thank you for that. I'm the author of this article, and I value your clarification. That said, I'm fairly sure I didn't confuse you with the previous questioner; your question starts at 2580s in the video (which I link to in my article), and Fontana addresses you by name, if I'm not mishearing. I do acknowledge that you asked two questions, but the first seemed to me to be based on a misunderstanding, and not particularly noteworthy as a result. Your second (starting at 2675s) was, to me, more interesting, and if I'm hearing correctly, went "You just answered Tom's question saying yes, you want to engage in the process of discussing [in] the Principles in a way. There's been multiple forms available since the Principles were published to do that. I haven't seen you or Red Hat do that. Instead we have a surprise talk where you criticise everything about our Principles and didn't even tell us you were going to do that. So I'm a little confused [like] why you're saying you want to have discussion, but you aren't engaging in the forms that exist, they're public and transparent, to discuss the Principles.". I'm sorry if you thought my summary of that was incorrect; it was a summary, and it's certainly possible that it wasn't a very good one. Your clarification of the nature of Fontana's original proposal is helpful, to me.

I do agree that Fontana used we a lot during his talk, which I felt blurred the line between his views, his colleagues' views, and Red Hat's official position (if, indeed, any was that). I would like to have had a clearer indication of which was which. I'm also happy to hear that you're still minded to engage with Fontana about the Principles, and I look forward to what might emerge from such discussions.

My question was slightly different from what is written above

Posted Feb 26, 2017 1:07 UTC (Sun) by bkuhn (subscriber, #58642) [Link]

madhatter wrote:
but the first seemed to me to be based on a misunderstanding, and not particularly noteworthy as a result.

I disagree; as I said, I perhaps didn't ask the questions as clearly as I could have, but my point in the first question remains: this idea that using GPL enforcement as counterattack during GPL-unrelated lawsuits (such as Red Hat did with TwinPeaks), IMO deserves even more scrutiny than Principled GPL enforcement. Red Hat allowed TwinPeaks to get away indefinitely with a GPL violation just so Red Hat could get a secret (and perhaps GPL-violating in itself) patent license from TwinPeaks to settle the lawsuit. None of this is transparent; we must intuit what likely happened based on the public record.

But, as you say, it is completely unclear whether Fontana was giving his own opinions or Red Hat's. Regardless, I look forward to Fontana actually raising his concerns in the public fora designed for the purpose. I hope that he eventually does! In those comments, he can clarify why we should not question the transparency of Red Hat's actions in GPL counter-suits, but should at the same time mandate even more transparency (and we operate quite transparently already) of Conservancy's enforcement work.

Transparency of non-profits

Posted Feb 22, 2017 22:50 UTC (Wed) by paulj (subscriber, #341) [Link] (2 responses)

This is something I've gotten "religion" on recently, so I thought this interesting:

"Transparent: we need disclosure of non-profit organizations' donor relationships"

It comes up in this discussion with respect to law suits, and the importance of transparency to ensure the financial motivation is clear. Transparency also came up in the article on "Consider the maintainer" ( https://lwn.net/Articles/712215/ ) with respect to avoiding community tensions in funding developers.

Basically, I just want to point out that the importance of transparency comes up regularly in a number of contexts, and bump its visibility.

There are some non-profits in free software / open-source that do a great job on this. However, this is unfortunately not universally the case.

Transparency of non-profits

Posted Feb 26, 2017 1:12 UTC (Sun) by bkuhn (subscriber, #58642) [Link] (1 responses)

paulj wrote:
I just want to point out that the importance of transparency comes up regularly in a number of contexts, and bump its visibility. There are some non-profits in free software / open-source that do a great job on this. However, this is unfortunately not universally the case.

I hope you consider Conservancy to already be one of those doing a great job on this, as we publish a tremendous amount about any litigation we get involved with (see our materials about Hellwig's VMware case we're providing funding for) and we put almost-excessive efforts to make our public financial filings understandable. (Fontana's talk, BTW, failed to mention any of this detailed transparency available, and I continue to await his comments on what transparency is missing.)

Anyway, I hope any place where people think Conservancy's enforcement work is inadequately transparent, they'll raise the issue on the principles-discuss mailing list. I'm obviously following this particular comment thread, but I can't assure that I'll notice and be able to respond on every LWN thread about GPL enforcement.

Transparency of non-profits

Posted Feb 27, 2017 7:49 UTC (Mon) by paulj (subscriber, #341) [Link]

Hi Bradley,

SF Conservancy was one I had in mind with regard to "do a great job on [transparency]"! ;)

Principled free-software license enforcement

Posted Mar 2, 2017 14:55 UTC (Thu) by CycoJ (guest, #70454) [Link] (1 responses)

It's quite ironic that the example of Twin Peaks vs Red Hat seems to violate at least 2 (and arguably even 3 or 4) of the Fontana's principles of when enforcement is justified.

Clearly using a countersuit for GPL violation in as a quick way to stop an original suit is for financial gain. The process is also completely opaque, so contradicts the demand for transparency.

I would also argue that this could contradicts the predictable and no conflict of interest points. It's easy to imagine a situation where knowledge of GPL violations becomes somewhat strategic and is kept secret to use as ammunition for possible countersuits.

Principled free-software license enforcement

Posted Mar 2, 2017 16:13 UTC (Thu) by rfontana (subscriber, #52677) [Link]

It's not ironic - see my response to bkuhn's question at the talk. My point is that defensive GPL claims should not be held to the same standard as nondefensive ones because they don't raise the same kinds of policy concerns.

Principled free-software license enforcement

Posted Mar 2, 2017 16:14 UTC (Thu) by rfontana (subscriber, #52677) [Link]

The talk is also available at https://www.youtube.com/watch?v=_cTuS74Rc2U .


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds