summaryrefslogtreecommitdiff
path: root/2016/llw/llw-gplvorg.adoc
blob: a9638190244f58a9f61d079ada6561872645a49f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
The past and the future of Free Software License Violations
===========================================================
:author:	Harald Welte <laforge@gpl-violations.org>
#:copyright:	sysmocom - s.f.m.c. GmbH (License: CC-BY-SA)
:backend:	slidy
:max-width:	45em



== About the speaker

* A _deeply_ technical person, IANAL.
* Started as FOSS sysadmin in the mid-1990ies
* Network security expert, electronics engineer, software developer.
* Former Linux Kernel developer from 1999 on
* Former head of netfilter core team
* Founder of gpl-violations.org
* Recipient of FSF Award for the Advancement of Free Software
* Recipient of Google/O'Reilly Open Source Award
* Now fully immersed in implementing cellular (GSM/3G) protocol stacks
  under the Osmocom.org project (mostly AGPLv3)

== The past of FS license enforcement

For those not around to witness it:

* early work by the FSF (until 2004?)
** entirely out of court
* gpl-violations.org (2003-2011)
** started by a Linux Kernel developer (yours truly)
* Software Freedom Conservancy (2006-current)
** doing excellent work on behalf of many projects since


== gpl-violations.org early history

* device makers stared to use embedded Linux in WiFi routers
* vendors did not get into compliance
* some frustration existed with FSFs back then very tolerant approach
  of pushing for compliance at Linksys
* further companies were infringing, triggering me as one of the many
  copyright holders to pursue independent legal action against product
  vendors in Germany


== gpl-violations.org later history

Fast-Forward 8 years. Results:

* more than two hundred enforcements in total
** some of them didn't even reach any legal claims
** most of them were settled out of court
** some very few actually had to go to court
* created some of the first precedent in terms of GPL enforcement in
  court, both in Germany and world-wide
* not a single case lost

== gpl-violations.org dormancy

* While doing netfilter work as dayjob, there still was time to do
  compliance work in spare time
* Increasingly difficult when I got involved with OpenMoko in Taiwan
  (2007-2009)
* Impossible to find time while I started + bootstrapped my new
  company sysmocom from 2011 onwards
* Big loss to the project when Armijn left in 2012

Result: No gpl-violations.org activity in years. Project became
dormant.

== gpl-violations.org dormancy

* I've never been particularly sad about the dormancy
* We did some pioneering and hugely successful work in GPL
  enforcement, creating ripples throughout the technology industry.
* The legal network got started as a forum for related topics
* Other people (e.g. SFC) started to do enforcement
* So I didn't think it's a loss if I focus on other areas for an
  undefined amount of time

Still, it is a pity that it was too much tied to me personally,
and there was no structure and no team that could continue the work.

Let's learn from that...

== Resurrection, Step 1 (Q4/2015)

* brought historic content of gpl-violations.org back online
* occasional blog post about GPL related topics again
* getting more exposure in FOSS legal community again
* reporting about VMware case (in which I'm not legally involved, but
  which I very much support)


== Resurrection, Step 2 (2016)

* establishing a legal body for new gpl-violations.org activities
** put project on more shoulders
** less dependency on me personally
** taking legal action as natural person didn't allow others to get
   involved to larger extent due to associated personal risk
* I wanted to have it established before LLW, but schedule slipped.
  Plan is to definitely complete this within Q2/2016.


== gpl-violations.org e.V.

* structure of a German "eingetragener Verein" (e.V.)
* membership-based entity, where FOSS developers can become members
* members can (but do not have to) sign fiduciary license agreement to
  enable gpl-violations.org e.V. to enforce license on their behalf
* any enforcement will be done in compliance with the principles of
  community-oriented enforcement as published by SFC+FSF
* is not going to be charitable due to increased tax/legal risk
** financial structure and usage of funds will be published to avoid
   any claims regarding misappropriation of funds


== How is this different to SFC?

* Jurisdiction / Geographic Scope
** SFC is primarily active in the US (so far?)
** gpl-violations.org would be primarily active in Germany, maybe EU
* There's no shortage of violations to enforce, i.e. room for many
  more people or entities doing active enforcement
* Very narrow focus on copyleft license enforcement, no other services

Apart from that, in terms of goals and actual enforcement work, not
all that different.  At last not that it is planned.


== Isn't more enforcement harmful?

* there is some feeling that more enforcement scares people away from
  FOSS
* I think it matters a lot about the _style_ of enforcement. We need
  more evidence of people caring about licenses and doing enforcement
  in a proper and respected way; compliance-centric and within a
  generally accepted common sense.
* I also think license enforcement is required to make new (corporate)
  players in the FOSS world comply, and to continuously encourage and
  increase motivations for companies to be compliant
* Last, but not least: License enforcement is also happening in
  proprietary software, so it's not a specific issue of FOSS, so let's
  not over-dramatize it.


== Actual enforcement process

* will probably not look any different from the past
* reports of GPL violations by the community at large
* technical investigation + establishing legal evidence
* sending warning notice to company, requesting cease + desist
* resolving the issue hopefully out of court
* going to court whenever it is really necessary

== Outlook

* get over with formalities of establishment
* get initial group of members to sign up
* establish and tune the related processes
* get started with some actual enforcement

Let's meet again next year at LLW and talk about the progress by then.

== Thanks

* to Armijn for helping me all those years in the past at
  gpl-violations.org
* to Till Jaeger and his team at JBB for all their legal help
* to FSFE for their great work far beyond the Legal Network

You now have a license to ask questions (SCNR).
personal git repositories of Harald Welte. Your mileage may vary