Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Friday, 16 March 2012 11:58

How the FSF approaches licence compliance


The Free Software Foundation wants people to distribute its software. It wants people to install it on their devices and sell those devices and make money. And it wants to encourage them to do this.

That's the message that Brett Smith, a licence compliance engineer at the FSF, would like others to understand. At a time when a lot of misinformation is being spread about the FSF, the GPL and the like, a message like this cannot be repeated too often.

Smith (below) told iTWire that while the FSF was looking for compliance with the GPL when it came to people using its copyrighted software, it was definitely not walking around with a loaded gun, looking to sue companies or individuals.

The FSF's attitude was basically that something wrong had been done and it needed to be corrected.

Brett Smith

"We want people to distribute (our) software. We want people to install it on their devices and sell devices and make money. All that's great," Smith said.

"And we want to encourage them to continue that. The way to do that is a co-operative approach which says 'please work with us. We don't want to sue you. We don't want to get tons of damages for copyright infringement. We just need you to come into compliance and to respect the terms of the licence. And when you do that, we'll go ahead and restore your rights. And everything will be settled'."

Smith said most violations came to the notice of the FSF via developers.

"Generally we get to hear of violations when some enterprising hacker buys some device and it has some feature than annoys them and they would like to do something about it. So they start poking around and after a while they realise it is running free software, and then they say, 'hey that's funny, I didn't get a copy of the source, I didn't get a copy of the licence'. They realise it is a GPL violation and report it to us. This alone provides enough reports for us to work on for quite a while."

Smith said that once a GPL violation was confirmed, the first step was to write a letter to the company, "explaining that we have learnt that they are in violation, that we would like to work with them to help bring them into compliance. And if they choose not to do that then they need to stop distributing the software because they no longer have a licence to do so."

He said the reaction of companies to such letters varied.

"It really depends on a lot of factors. It even depends on who reads the email that i send. If a lawyer gets it, the reaction is very different from what it would be if a developer gets it or if some support staff members gets it.

"The lawyers will play friendly with you, they say they want to co-operate, but at the same time they are very defensive, they don't want to reveal too much information. The process works best when it's fully co-operative.

"We can work with the developers to address specific technical deficiencies like the source is not complete here, there needs to be a copy of the licence there, that kind of thing."

He said in the case of the Linux kernel the FSF could not take action directly; a copyright holder had to complain.

"Typically we see violations in software like glibc, binutils, gdb-server, tools like this which are considered core components of the GNU/Linux system.
If some of that software is involved, then the next step is, I'll go and check. Typically, people who report these things will send me links like to the firmware that contains our software, I confirm that our software is in it, check if there is a violation and that's pretty much all that there is to it."

Smith said that, generally, the response to these letters indicated a willingness to work with the FSF. "And from there we start a technical process of saying here are the specific technical problems that you need to resolve to be in compliance with a licence like yours where your source code is insufficient. Then they get back, saying here's the new source code.

"Generally it's not right the first time, so we go back and forth until the problems are resolved. When they get to the point where they're ready to be in compliance, when they have all the materials, as far as source code and proper documentation goes, we ask them to reimburse us for the time spent on the case. And we provide them with a restoration of their rights."

The conditions for restoration of rights differ under the GPLv2 and the GPLv3.

Smith said the FSF co-operated with other licence enforcing bodies like "In cases where we know there's active enforcement going on, we pass that on to whoever does enforcement. For Linux it's In other cases certainly we encourage the reporter to pass the report along to the copyright owner of the software, whoever that is. In cases where the copyright holders seem to want to pursue compliance but aren't sure how to go about it, we're willing to offer them advice and suggestions. We want to do what we can to help them."

He said the question of who could pursue a copyright violation depended on the jurisdiction. "There was a case in France where a party who was a recipient of the software, rather than the copyright holder, was able to enforce some of the terms of the licence. The copyright holder has it easiest because they have legal rights over the software. When they wrote it the software was immediately copyrighted. And that means the party has exclusive rights to determine how it's distributed and modified.

"When the copyright holder releases free software they provide a licence that gives other people permission to do those same things under certain conditions. When somebody violates the licence, they're not following those conditions, they don't have permission, they're doing something that the law says only the copyright holder can do, and therefore the copyright holder has the power to stop them from doing it by pursuing the case in court."

Smith is 28 but has been handling licence compliance for the last five years. "I learned about free software when I was in high school hanging out with a number of friends. I was a geek in high school doing all sorts of computer stuff," he said.

"I had a number of friends who were active in free software and using it on their computers. And it was during that involvement that I got a link to one of Richard Stallman's old speeches - a speech he gave in 1986 in Sweden. In it he talks about the culture of the AI lab in the 70s where it was just assumed that people would share software with each other and work to improve it. Then he describes how he encountered proprietary software and wanted to retain the culture of the AI lab and wanted to start a new project to do that. That really struck a chord with me.

"I was always interested in software and it was really compelling to me to listen to him talking about how the way that we distribute software can have real lasting impact on other people's lives. And so, to do right by each other we need to have free software so that we can make sure that we all have the power to decide what our computers do, rather than have one person or one party decide for us."

Asked about the recent spate of reports claiming that use of the GPL was falling, Smith said in a lot of cases where people talked about the take-up rates with the GPL they might be, unintentionally or otherwise, picking data that was skewed to help illustrate that point.

"We've long seen - even before this subject became popular, about the decline of the GPL as they call it - we saw pretty noticeably different numbers about how popular the GPL was. There was no question it was the most popular free software licence. You would see numbers between 50 per cent and 80 per cent, which is a pretty serious difference, just based on whether you were counting lines of code or projects, what pool of projects you were counting, whether you were counting the main licence of the project, or whether you were trying to drill down and say 'these projects are under this licence and these are under this other licence'.

"In a lot of cases where people talk about the different take-up rates with the GPL they might be picking data that is intentionally or not skewed to help illustrate that point. There's one example - one of these companies which has been producing this data, they were producing month by month reports of the popularity of each free software package... In one month they noticed a huge uptick in the number of projects using the Microsoft Public Licence, the MSPL. I don't know if you've encountered any projects in the wild that have used MSPL.

"The reason they noticed it is because in that month they started counting all the projects hosted on CodePlex, (Microsoft's own hosting site). Suffice to say that the MSPL is quite popular there and that's how they got this uptick. I don't think you can look at that and say that it represents any kind of difference from the GPL. There might be something interesting in the numbers. I'd like to look at them more and get a better understanding of them."

Smith said it was difficult to comment on the figures. A lot of the claims about the fall in use of the GPL is based on figures from Black Duck Software and the company does not say how its figures have been computed. "And so it's difficult to know for sure what's happening with their methodology and what they're counting," he said.

Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.


WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News