Friday, 16 March 2012 11:58

How the FSF approaches licence compliance

By

The Free Software Foundation wants people to distribute its software. It wants people to install it on their devices and sell those devices and make money. And it wants to encourage them to do this.

That's the message that Brett Smith, a licence compliance engineer at the FSF, would like others to understand. At a time when a lot of misinformation is being spread about the FSF, the GPL and the like, a message like this cannot be repeated too often.

Smith (below) told iTWire that while the FSF was looking for compliance with the GPL when it came to people using its copyrighted software, it was definitely not walking around with a loaded gun, looking to sue companies or individuals.

The FSF's attitude was basically that something wrong had been done and it needed to be corrected.

Brett Smith

"We want people to distribute (our) software. We want people to install it on their devices and sell devices and make money. All that's great," Smith said.

"And we want to encourage them to continue that. The way to do that is a co-operative approach which says 'please work with us. We don't want to sue you. We don't want to get tons of damages for copyright infringement. We just need you to come into compliance and to respect the terms of the licence. And when you do that, we'll go ahead and restore your rights. And everything will be settled'."

Smith said most violations came to the notice of the FSF via developers.

"Generally we get to hear of violations when some enterprising hacker buys some device and it has some feature than annoys them and they would like to do something about it. So they start poking around and after a while they realise it is running free software, and then they say, 'hey that's funny, I didn't get a copy of the source, I didn't get a copy of the licence'. They realise it is a GPL violation and report it to us. This alone provides enough reports for us to work on for quite a while."

Smith said that once a GPL violation was confirmed, the first step was to write a letter to the company, "explaining that we have learnt that they are in violation, that we would like to work with them to help bring them into compliance. And if they choose not to do that then they need to stop distributing the software because they no longer have a licence to do so."

He said the reaction of companies to such letters varied.

"It really depends on a lot of factors. It even depends on who reads the email that i send. If a lawyer gets it, the reaction is very different from what it would be if a developer gets it or if some support staff members gets it.

"The lawyers will play friendly with you, they say they want to co-operate, but at the same time they are very defensive, they don't want to reveal too much information. The process works best when it's fully co-operative.

"We can work with the developers to address specific technical deficiencies like the source is not complete here, there needs to be a copy of the licence there, that kind of thing."


He said in the case of the Linux kernel the FSF could not take action directly; a copyright holder had to complain.

"Typically we see violations in software like glibc, binutils, gdb-server, tools like this which are considered core components of the GNU/Linux system.
If some of that software is involved, then the next step is, I'll go and check. Typically, people who report these things will send me links like to the firmware that contains our software, I confirm that our software is in it, check if there is a violation and that's pretty much all that there is to it."

Smith said that, generally, the response to these letters indicated a willingness to work with the FSF. "And from there we start a technical process of saying here are the specific technical problems that you need to resolve to be in compliance with a licence like yours where your source code is insufficient. Then they get back, saying here's the new source code.

"Generally it's not right the first time, so we go back and forth until the problems are resolved. When they get to the point where they're ready to be in compliance, when they have all the materials, as far as source code and proper documentation goes, we ask them to reimburse us for the time spent on the case. And we provide them with a restoration of their rights."

The conditions for restoration of rights differ under the GPLv2 and the GPLv3.

Smith said the FSF co-operated with other licence enforcing bodies like gpl-violations.org. "In cases where we know there's active enforcement going on, we pass that on to whoever does enforcement. For Linux it's gpl-violations.org. In other cases certainly we encourage the reporter to pass the report along to the copyright owner of the software, whoever that is. In cases where the copyright holders seem to want to pursue compliance but aren't sure how to go about it, we're willing to offer them advice and suggestions. We want to do what we can to help them."

He said the question of who could pursue a copyright violation depended on the jurisdiction. "There was a case in France where a party who was a recipient of the software, rather than the copyright holder, was able to enforce some of the terms of the licence. The copyright holder has it easiest because they have legal rights over the software. When they wrote it the software was immediately copyrighted. And that means the party has exclusive rights to determine how it's distributed and modified.

"When the copyright holder releases free software they provide a licence that gives other people permission to do those same things under certain conditions. When somebody violates the licence, they're not following those conditions, they don't have permission, they're doing something that the law says only the copyright holder can do, and therefore the copyright holder has the power to stop them from doing it by pursuing the case in court."


Smith is 28 but has been handling licence compliance for the last five years. "I learned about free software when I was in high school hanging out with a number of friends. I was a geek in high school doing all sorts of computer stuff," he said.

"I had a number of friends who were active in free software and using it on their computers. And it was during that involvement that I got a link to one of Richard Stallman's old speeches - a speech he gave in 1986 in Sweden. In it he talks about the culture of the AI lab in the 70s where it was just assumed that people would share software with each other and work to improve it. Then he describes how he encountered proprietary software and wanted to retain the culture of the AI lab and wanted to start a new project to do that. That really struck a chord with me.

"I was always interested in software and it was really compelling to me to listen to him talking about how the way that we distribute software can have real lasting impact on other people's lives. And so, to do right by each other we need to have free software so that we can make sure that we all have the power to decide what our computers do, rather than have one person or one party decide for us."

Asked about the recent spate of reports claiming that use of the GPL was falling, Smith said in a lot of cases where people talked about the take-up rates with the GPL they might be, unintentionally or otherwise, picking data that was skewed to help illustrate that point.

"We've long seen - even before this subject became popular, about the decline of the GPL as they call it - we saw pretty noticeably different numbers about how popular the GPL was. There was no question it was the most popular free software licence. You would see numbers between 50 per cent and 80 per cent, which is a pretty serious difference, just based on whether you were counting lines of code or projects, what pool of projects you were counting, whether you were counting the main licence of the project, or whether you were trying to drill down and say 'these projects are under this licence and these are under this other licence'.

"In a lot of cases where people talk about the different take-up rates with the GPL they might be picking data that is intentionally or not skewed to help illustrate that point. There's one example - one of these companies which has been producing this data, they were producing month by month reports of the popularity of each free software package... In one month they noticed a huge uptick in the number of projects using the Microsoft Public Licence, the MSPL. I don't know if you've encountered any projects in the wild that have used MSPL.

"The reason they noticed it is because in that month they started counting all the projects hosted on CodePlex, (Microsoft's own hosting site). Suffice to say that the MSPL is quite popular there and that's how they got this uptick. I don't think you can look at that and say that it represents any kind of difference from the GPL. There might be something interesting in the numbers. I'd like to look at them more and get a better understanding of them."

Smith said it was difficult to comment on the figures. A lot of the claims about the fall in use of the GPL is based on figures from Black Duck Software and the company does not say how its figures have been computed. "And so it's difficult to know for sure what's happening with their methodology and what they're counting," he said.

Read 6177 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

SONICWALL 2022 CYBER THREAT REPORT

The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Ransomware
Cryptojacking
Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.

GET REPORT!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

VENDOR NEWS