Amusing article about busybox
walter harms wharms at bfs.de 
Wed Feb 1 10:47:14 UTC 2012 

Am 31.01.2012 23:05, schrieb Tito:
> Hi,
> just to post a link to this article about a non-GPL busybox replacement http://lwn.net/Articles/478249/ 
> 

Thx for the hint,
i like the dump-source idea maybe someone can implement it :)
it will increase size for nothing but the designer can always
disable same parts of bb.

re,
 wh

Amusing article about busybox
Denys Vlasenko vda.linux at googlemail.com 
Wed Feb 1 11:15:33 UTC 2012 

On Tue, Jan 31, 2012 at 11:05 PM, Tito < farmatito at tiscali.it> wrote:
> Hi,
> just to post a link to this article about a non-GPL
> busybox replacement http://lwn.net/Articles/478249/

Some of the arguments from the "other side" found in that
thread make sense. We are possibly a bit too aggressive
when we try to force people to comply with GPL
on other projects too, not only on bbox.

-- 
vda

Amusing article about busybox
Laurent Bercot ska-dietlibc at skarnet.org 
Wed Feb 1 11:46:48 UTC 2012 

> Some of the arguments from the "other side" found in that
> thread make sense. We are possibly a bit too aggressive
> when we try to force people to comply with GPL
> on other projects too, not only on bbox.

 Good quality alternatives are a good thing. If Rob starts his
Toybox project again, more power to him. If users - whether they
are individuals or companies - can choose between two similar
implementations of the same stuff, everyone benefits.

 The unfortunate reality is that most companies *really don't want*
to release their source code. They will either refuse to have
anything to do with copylefted software, or infringe the copyleft
more or less blatantly. The "return something to the community"
idea just does not work with them.

 So, GPL inforcement is a good thing, but as time goes by, companies
will turn away more and more from copylefted software, and use more
and more open source, non copylefted software. I am afraid that the
uncompromising, unforgiving nature of the GPL will turn against it
in the future, and harm more than promote widespread distribution of
GPL'ed software - something that GPL zealots generally refuse to see.

-- 
 Laurent

Amusing article about busybox
Bradley M. Kuhn bkuhn at ebb.org 
Wed Feb 1 15:10:22 UTC 2012 

Denys Vlasenko wrote at 06:15 (EST):
> Some of the arguments from the "other side" found in that thread make
> sense. We are possibly a bit too aggressive when we try to force
> people to comply with GPL on other projects too, not only on bbox.

I'd like to point out that many of the "stories on the other side" are
second-hand accounts.  Obviously, as the person who directly handles
most of the GPL enforcement for BusyBox, I can confirm there is no one
with first-hand experience on the "other side" commenting on the LWN
thread, nor on Matthew's blog post.

I think the community needs other projects to stand with us to enforce
the GPL, and I'm working on coordinating that.  BusyBox has become a
"poster child" -- unfairly -- because for the last few years, BusyBox
was the only project actively enforcing the GPL.


I see that elsewhere in this thread, a debate is starting about whether
or not the GPL works effectively as a tool to advance software freedom.
I think that's an important debate, but I also think the conclusion of
that debate is orthogonal to enforcement.  Specifically, if the
conclusion is: "It's valuable for the license to place requirements that
code be liberated", then GPL enforcement is valuable, too, automatically
-- because an unenforced GPL is exactly the same as the ISC license.

Anyway, I'm happy as always to discuss further Conservancy's GPL
enforcement efforts, how they work, and what tweaks BusyBox developers
want to see in Conservancy's enforcement efforts.  OTOH, I hope we won't
led any FUD about enforcement be the sole reason we make changes to our
strategy.  While I mostly lurk on this mailing list, I'll follow this
particular thread and comment when it seems useful.
-- 
Bradley M. Kuhn, Executive Director, Software Freedom Conservancy

Amusing article about busybox
Bradley M. Kuhn bkuhn at ebb.org 
Wed Feb 1 16:30:32 UTC 2012 

Laurent Bercot wrote at 06:46 (EST):
> I am afraid that the uncompromising, unforgiving nature of the GPL
> will turn against it in the future, and harm more than promote
> widespread distribution of GPL'ed software - something that GPL
> zealots generally refuse to see.

It's entirely possible this could be the case.  I don't really believe
it is, but all we have is some second-hand, anecdotal evidence on either
side of the debate, so it's tough to know for sure.

But that's not a new debate: it's the fundamental debate
that goes back 20 years between those that prefer permissive licenses
and those that prefer copyleft.  There are reasonable arguments on both
sides, of course.

> The "return something to the community" idea just does not work with
> them.

I think you're right about this point, but only with respect to GPL
violators.  Specifically, it's certainly difficult (although not
impossible) to convince a company to become a community contributor,
when that company saw the GPL and just decided to "see if they could get
away with ignoring it".  While the job of changing their minds is tough, it
does happen sometimes.  A classic example is Broadcom, which has been a
frequent source of GPL violation problems as an upstream for more than
a decade.  Yet, some divisions of Broadcom now actively contribute to Linux
development upstream.  Their culture has changed just a little bit, and I hope
that it will continue to get better.  I firmly believe that without BusyBox's
enforcement efforts, even this little bit of change wouldn't have happened.

Nevertheless, I can agree that such change is rare.  But it's important
to also consider the many companies that virtually always do the right
thing with regard to GPL compliance -- the Red Hat's, the HP's, the
Google's, the SuSE's, the Canonical's (just to name a few).  Some of
those companies do quite a bit of proprietary software development, but
they *don't* violate the GPL (to my knowledge) when they do it.
Sometimes, those companies do favor permissively-licensed projects
because they want to make something proprietary.  It's unfortunate when
that happens, but it's of course their right to do so.

In this context, the question we should ask ourselves is: do we want the
license to require software sharing?  Again, that's the classic
"copyleft vs. permissive license" debate, and there's important points
on both sides.

My view is that, given that some projects are indeed copylefted, we in
some sense owe it to those who participate and comply to make sure the
license is respected.  In essence, companies that comply regularly put in
more effort to make sure they do so -- which they do willingly.  IMO,
it's unfair to them that other companies get away with cutting costs by
ignoring GPL.  Of course, compliance isn't *that* expensive, but it does
require that engineering teams pay attention to the fact that source
needs to go along with the binaries, etc.  Companies that go cut-rate
and ignore that are able to undercut compliant company's products.

I think for that, and are plenty of reasons, it's good to uphold a
copyleft license; I've talked about these reasons extensively for years
in talks (See http://faif.us/cast/2011/sep/13/0x18/ if you want to hear
one).  I know that some people disagree, and I respect those who prefer
to contribute to permissively-licensed projects because they disagree
with copyleft.

But, I also think it's a contradiction to say: "I prefer a
copylefted license but don't want it to be enforced."  I don't think anyone
on this thread has said that, but it has been said in some of the public
debates in other fora in the last 24 hours.
-- 
Bradley M. Kuhn, Executive Director, Software Freedom Conservancy

Amusing article about busybox
Rogelio Serrano rogelio.serrano at gmail.com 
Wed Feb 1 16:58:09 UTC 2012 

On Thu, Feb 2, 2012 at 12:30 AM, Bradley M. Kuhn <bkuhn at ebb.org> wrote:
> Laurent Bercot wrote at 06:46 (EST):
>> I am afraid that the uncompromising, unforgiving nature of the GPL
>> will turn against it in the future, and harm more than promote
>> widespread distribution of GPL'ed software - something that GPL
>> zealots generally refuse to see.
>
> It's entirely possible this could be the case.  I don't really believe
> it is, but all we have is some second-hand, anecdotal evidence on either
> side of the debate, so it's tough to know for sure.
>
> But that's not a new debate: it's the fundamental debate
> that goes back 20 years between those that prefer permissive licenses
> and those that prefer copyleft.  There are reasonable arguments on both
> sides, of course.
>

i dont agree. its just business economics at work. is it going to be
cheaper in the long run to contribute or not? when its more economical
to contribute then its better to gpl.

when you have intellectual property issues you will hate gpl. i have
worked with companies with no IP issues whatsoever and the gpl is
perfect.

-- 
quarq consulting: agile, open source

Amusing article about busybox
Denys Vlasenko vda.linux at googlemail.com 
Thu Feb 2 12:05:47 UTC 2012 

On Wed, Feb 1, 2012 at 4:10 PM, Bradley M. Kuhn <bkuhn at ebb.org> wrote:
> Denys Vlasenko wrote at 06:15 (EST):
>> Some of the arguments from the "other side" found in that thread make
>> sense. We are possibly a bit too aggressive when we try to force
>> people to comply with GPL on other projects too, not only on bbox.
>
> I'd like to point out that many of the "stories on the other side" are
> second-hand accounts.  Obviously, as the person who directly handles
> most of the GPL enforcement for BusyBox, I can confirm there is no one
> with first-hand experience on the "other side" commenting on the LWN
> thread, nor on Matthew's blog post.

Tim Bird says this:

Posted Feb 1, 2012 6:52 UTC (Wed) by tbird20d (subscriber, #1901) [Link]
No. You misunderstand what "unrelated products" means. It means all
the TV sets and digital cameras, which we properly release GPL source
for. What I don't want is for some trivial mistake by GPL amateurs at
some ODM supplier to some obscure product group to result in SFC
having review and veto authority over our major Linux-based product
lines. This is simply unacceptable.
What I'm saying is that the legal risk far outweighs the value of busybox.

Posted Feb 1, 2012 17:55 UTC (Wed) by tbird20d (subscriber, #1901) [Link]
...Sony has standards in place that product teams are supposed to
follow for GPL compliance. Unfortunately, I can't be sure that every
team is following them, or won't make a mistake. In particular, I can
't be sure of this for sub-contractors. Sub-contractors may claim they
have given you corresponding source, but have not. It happens.
What is intolerable is having a 3rd party hold your entire product
line hostage, based on some issue with an unrelated product.

Posted Feb 1, 2012 19:31 UTC (Wed) by tbird20d (subscriber, #1901) [Link]
> That seems like an irrational fear, I can't imagine the copyright owner
> getting an injunction against or even pursuing code that you can trivially
> show the provenance and licensing for.
Well, since the SFC requests audit rights for all of a company's
products that include GPL, I don't think the fear is irrational.


-- 
vda

Amusing article about busybox
Felipe Contreras felipe.contreras at gmail.com 
Fri Feb 3 13:38:54 UTC 2012 

On Wed, Feb 1, 2012 at 6:58 PM, Rogelio Serrano
<rogelio.serrano at gmail.com> wrote:
> On Thu, Feb 2, 2012 at 12:30 AM, Bradley M. Kuhn <bkuhn at ebb.org> wrote:
>> Laurent Bercot wrote at 06:46 (EST):
>>> I am afraid that the uncompromising, unforgiving nature of the GPL
>>> will turn against it in the future, and harm more than promote
>>> widespread distribution of GPL'ed software - something that GPL
>>> zealots generally refuse to see.
>>
>> It's entirely possible this could be the case.  I don't really believe
>> it is, but all we have is some second-hand, anecdotal evidence on either
>> side of the debate, so it's tough to know for sure.
>>
>> But that's not a new debate: it's the fundamental debate
>> that goes back 20 years between those that prefer permissive licenses
>> and those that prefer copyleft.  There are reasonable arguments on both
>> sides, of course.
>>
>
> i dont agree. its just business economics at work. is it going to be
> cheaper in the long run to contribute or not? when its more economical
> to contribute then its better to gpl.

In order to see that you need vision, and you need some basic
understanding of how open source works. Sadly, a lot of people don't
have those, and instead believe in FUD, and make decisions based on
that.

> when you have intellectual property issues you will hate gpl. i have
> worked with companies with no IP issues whatsoever and the gpl is
> perfect.

Agreed. Unfortunately most, if not all, big companies have IP. Sony for example.

-- 
Felipe Contreras

Amusing article about busybox
Rogelio Serrano rogelio.serrano at gmail.com 
Sat Feb 4 02:57:26 UTC 2012 

On Fri, Feb 3, 2012 at 9:38 PM, Felipe Contreras
<felipe.contreras at gmail.com> wrote:

>
> In order to see that you need vision, and you need some basic
> understanding of how open source works. Sadly, a lot of people don't
> have those, and instead believe in FUD, and make decisions based on
> that.
>

too bad they just dont get to benefit from open source economics and
that may give their competitors who do a little advantage.

>> when you have intellectual property issues you will hate gpl. i have
>> worked with companies with no IP issues whatsoever and the gpl is
>> perfect.
>
> Agreed. Unfortunately most, if not all, big companies have IP. Sony for example.
>

too bad for sony. most of you will disagree but i dont think busybox
needs the big companies to survive. small companies can keep busybox
chugging along just fine.

sometimes i think the big companies are just using their size to
persuade developers to change the license.

-- 
quarq consulting: agile, open source

Amusing article about busybox
Denys Vlasenko vda.linux at googlemail.com 
Sat Feb 4 18:47:13 UTC 2012 

On Saturday 04 February 2012 03:57, Rogelio Serrano wrote:
> On Fri, Feb 3, 2012 at 9:38 PM, Felipe Contreras
> > In order to see that you need vision, and you need some basic
> > understanding of how open source works. Sadly, a lot of people don't
> > have those, and instead believe in FUD, and make decisions based on
> > that.
> 
> too bad they just dont get to benefit from open source economics and
> that may give their competitors who do a little advantage.
> 
> >> when you have intellectual property issues you will hate gpl. i have
> >> worked with companies with no IP issues whatsoever and the gpl is
> >> perfect.
> >
> > Agreed. Unfortunately most, if not all, big companies have IP. Sony for example.
> 
> too bad for sony. most of you will disagree but i dont think busybox
> needs the big companies to survive. small companies can keep busybox
> chugging along just fine.

Well, busybox at the moment doesn't need any companies to survive.

For example, my current employer did not hire me because I'm
a busybox guy. Neither I have any consulting contracts
related to busybox.

If tomorrow busybox project magically disappears, I would still
be employed, and I would earn exactly the same amount of money.

So I have no financial stake in making sure that busybox is still
being used by the companies, big or small.


> sometimes i think the big companies are just using their size to
> persuade developers to change the license.

Busybox is not going to change the license. (This is in fact not possible -
anyone who ever contributed to GPLv2 licensed code has a right
to demand that all future changes must be under GPLv2 too).

But, we are not going to be deaf - we are listening to other peoples'
opinions and we might consider some changes to our license enforcement
process. It would be arrogant to think that we always do everything
in the best way possible.

-- 
vda

Amusing article about busybox
Bradley M. Kuhn bkuhn at ebb.org 
Tue Feb 7 18:35:29 UTC 2012 

[ Resend to make sure this message appears in public archive. ]

Denys Vlasenko forwarded a comment from Tim Bird,
which was Posted Feb 1, 2012 6:52 UTC (Wed) by tbird20d on LWN:
>> Tim Bird says this: No. You misunderstand what "unrelated products"
>> means. It means all the TV sets and digital cameras, which we
>> properly release GPL source for. What I don't want is for some
>> trivial mistake by GPL amateurs at some ODM supplier to some obscure
>> product group to result in SFC having review and veto authority over
>> our major Linux-based product lines. This is simply unacceptable.

I think Tim is pretty confused here, as I can't relate what he's saying
above with Conservancy's usual enforcement work.  Tim has never been involved
with a Conservancy enforcement action, so I believe Tim's retelling half-true
stories that he's heard elsewhere, and there's a misunderstanding about
what was required.

>> ...Sony has standards in place that product teams are supposed to
>> follow for GPL compliance. Unfortunately, I can't be sure that every
>> team is following them, or won't make a mistake. In particular, I can
>> 't be sure of this for sub-contractors. Sub-contractors may claim
>> they have given you corresponding source, but have not. It happens.

I think it's somewhat strange for a large company to say: "We can't
control what my company does".  They have resources thousands upon
thousands of times greater than Conservancy, yet we can find the time to
review their product and give them feedback.  Surely they have the
resources to fix their compliance problems?

>> What is intolerable is having a 3rd party hold your entire product
>> line hostage, based on some issue with an unrelated product.

I have no idea what he means by "hold a product line hostage".  Perhaps
it's related to the fact that elsewhere in the LWN thread, some
statements made references to "pulling products off the shelves".  This
has never happened with Conservancy's enforcement.  In fact, we usually
ask for the violator to set their own deadlines for when they can come
into compliance.  We know that it sometimes takes a few months to get a
compliant source release; we're happy to work with violators about
deadlines.

To my knowledge, Tim has no first-hand knowledge of Conservancy's
enforcement efforts.  So, how does he know what our requirements are at
all?

>> Well, since the SFC requests audit rights for all of a company's
>> products that include GPL, I don't think the fear is irrational.

Again, I don't know what Tim means here by "audit rights".  Conservancy
does ask to talk about other products, and help the company come fully
into compliance, but that's not "audit rights".  I believe that Tim is
exaggerating half-true stories he's heard second- or third-hand.

I'll add that Tim has never contacted me and asked to talk with me about
Conservancy's enforcement.  I've reached out to him in the past, and
he's ignored my emails.  I think it's pretty unfair for someone to
criticize without first-hand discussions with the relevant parties.

I'm going to the same conference as Tim for the first time in a week
(Embedded Linux Conference 2012).  I'll try to talk with him directly
about the issues.
-- 
Bradley M. Kuhn, Executive Director, Software Freedom Conservancy

Amusing article about busybox
Felipe Contreras felipe.contreras at gmail.com 
Tue Feb 7 19:43:55 UTC 2012 

On Tue, Feb 7, 2012 at 8:35 PM, Bradley M. Kuhn <bkuhn at ebb.org> wrote:
> Denys Vlasenko forwarded a comment from Tim Bird,
> which was Posted Feb 1, 2012 6:52 UTC (Wed) by tbird20d on LWN:
>>> Tim Bird says this: No. You misunderstand what "unrelated products"
>>> means. It means all the TV sets and digital cameras, which we
>>> properly release GPL source for. What I don't want is for some
>>> trivial mistake by GPL amateurs at some ODM supplier to some obscure
>>> product group to result in SFC having review and veto authority over
>>> our major Linux-based product lines. This is simply unacceptable.
>
> I think Tim is pretty confused here, as I can't relate what he's saying
> above with Conservancy's usual enforcement work.  Tim has never been involved
> with a Conservancy enforcement action, so I believe Tim's retelling half-true
> stories that he's heard elsewhere, and there's a misunderstanding about
> what was required.

Really? So Sony can violate the GPL in some small product, and it
would not affect other product lines, like TVs?

>>> ...Sony has standards in place that product teams are supposed to
>>> follow for GPL compliance. Unfortunately, I can't be sure that every
>>> team is following them, or won't make a mistake. In particular, I can
>>> 't be sure of this for sub-contractors. Sub-contractors may claim
>>> they have given you corresponding source, but have not. It happens.
>
> I think it's somewhat strange for a large company to say: "We can't
> control what my company does".  They have resources thousands upon
> thousands of times greater than Conservancy, yet we can find the time to
> review their product and give them feedback.  Surely they have the
> resources to fix their compliance problems?

You must not know how a big company works. It's not a matter of
resources; it's a matter of control and organization. The bigger a
company is, the more difficult it is to have tight control over all
areas.

I can imagine Sony TVs having a policy of complying with the GPL, and
some other product line having an entirely different opinion, and
without a company-wide stance to open source, the communication
between SFC and Sony lawyers wouldn't be fruitful, and Sony TVs would
be affected negatively, even if that division did everything right.

Cheers.

-- 
Felipe Contreras

Amusing article about busybox
Bradley M. Kuhn bkuhn at ebb.org 
Wed Feb 8 18:10:27 UTC 2012 

Felipe Contreras wrote at 14:43 (EST) on Tuesday:

> Really? So Sony can violate the GPL in some small product, and it
> would not affect other product lines, like TVs?

Technically, it *does* impact other products.  The question is whether
or not Conservancy, as BusyBox's enforcement agent, would *insist* that
a company stop distributing *compliant* products when other products are
out of compliance.

It's true that in very egregious cases, only after years of litigation,
Conservancy ended up asking the court for that.  However, that's
happened twice in the entire 12 year history of GPL enforcement I've
done, and I'd already warned the company multiple times we'd need to ask
the court for that remedy since they weren't fixing their compliance
problems.

A company would basically need to willfully ignore contact and
discussion with Conservancy for many months before they got in the
situation of being sued in the first place.  Then, they'd further have
to be incredibly non-responsive after the lawsuit was filed to ever have
the situation that Tim suggests.  And after hundreds of
enforcement actions, that situation only ever came close to happening
twice, and in fact, in one of those two situations, Conservancy settled
the lawsuit before the judge even decided whether to grant the
injunction.

> You must not know how a big company works. It's not a matter of
> resources; it's a matter of control and organization. The bigger a
> company is, the more difficult it is to have tight control over all
> areas.

I do know somewhat how big companies work: they spend resources on
things that matter to them, and ignore things that don't.  In my
experience, GPL enforcement is the only way to get GPL compliance to
matter to them.  Otherwise, many companies merely ignore the GPL.
(Others, I should note, like Red Hat, HP, Google, etc. do a good job
without any enforcement actions against them, because they have decided
it's the right thing to do and just comply.)

-- 
Bradley M. Kuhn, Executive Director, Software Freedom Conservancy





Amusing article about busybox
Bradley M. Kuhn bkuhn at ebb.org 
Wed Feb 8 21:29:53 UTC 2012 

Greetings, Tim, I'm hoping we can chat further about all this at Embedded
Linux Conference!  I think there are a lot of misconceptions going around
that maybe a face-to-face conversation between us can help clear up.

Bernhard has brought you into a thread occurring on BusyBox's mailing
list, which I understand fully if you don't want to be dragged into.  Also
the list requires one to be a subscriber to post, so I completely
understand if you don't want to go to the trouble of subscribing.

>On Feb 8, 2012 7:58 PM, "Bradley M. Kuhn" wrote:
>> Technically, it *does* impact other products.  The question is whether
>> or not Conservancy, as BusyBox's enforcement agent, would *insist* that
>> a company stop distributing *compliant* products when other products are
>> out of compliance.

Bernhard Reutner-Fischer replied today:
> How would you, ever? Can you elaborate or point to some resource,
> please?

Are you asking, "How would one stop distribution of compliant products?"
Well, copyright law is a huge stick, and a copyright holder can demand in
Court that distributions of their copyright works stop immediately, if
those distributions are made without license to do so.  BusyBox copyright
holders *could*, therefore, insist on that after just one violating
distribution.

Of course, we never do that!  We ask for the company to work with
Conservancy to come into compliance.  We ask the company to set the
deadlines that work for them, and to meet their own deadlines.  (I've only
once rejected a deadline, which was "we'll fix it in a year".)  Usually, a
month or so is proposed and Conservancy accepts.  Infringing distribution
continues during that period; Conservancy doesn't want to disrupt their
business if the company's intentions are clearly to comply with the GPL
and fix the problems.

>>> It's true that in very egregious cases, only after years of litigation,
>>> Conservancy ended up asking the court for that.  However, that's

>That as in stopping to distribute compliant products?

Actually, more specifically, by "that", I meant asking a Court to order a
company to stop distributing of any kind -- compliant *or* non-compliant.
Specifically, IIRC, Conservancy has only twice filed what's called an
"injunction motion" in Court.

> Do you, by chance, have publically visible documentation or reference
> about these, just out of curiosity ?

I'm pretty frustrated by this, but sadly, every violator I've ever worked
with has insisted that we make the settlement agreement confidential.
Conservancy would prefer to publish them, but the other side asks them to
be confidential.

That said, there are public documents of the one Court case that
Conservancy has ever filed, which was Conservancy vs. Best Buy, et al.
There were many defendants in that case, and only one is left (as of now).
I can't comment in detail, though, because the one defendant is still
pending, and it's always bad to speak about ongoing litigation.

Generally speaking, as I said in my previous email, injunction is a remedy
Conservancy only seeks as a last resort.  While we've gotten close to that
last resort a few times, we've been able to -- until now -- settle with
the party and help them into compliance before any injunction orders were
enforced.

Frankly, I think some of the comments on LWN about Conservancy's
enforcement are talking about things that "could happen", but the comments
represent them as if they are things that "have happened".

To set the record straight, unlike when Sony enforces its own copyrights,
Conservancy doesn't use anything near the maximum legal means at its
disposal to attack the other side.  Our goal is to develop a positive
relationship that helps a company come into compliance.  Sometimes, that
just doesn't work and they simply ignore us for months on end.  In only
those cases -- where the violation was egregious and requests to work
together are ignored -- does Conservancy ever seek remedy in Court.

Conservancy's lawyers will probably hate that I've admitted that publicly,
because it will inspire the worst violators to simply fail to act --
always waiting for the injunction motion to be filed before coming into
compliance.  But I'm nevertheless willing to lose a little bit on
enforcement strategy to make it abundantly clear that our goal is to get
compliance on GPL'd and LGPL'd software, and we try to use as little stick
as possible to get that done, and only increase the size of the stick when
the other side egregiously ignores our requests for compliance.

Conservancy's goal here is always to help people comply.
--
Bradley M. Kuhn, Executive Director, Software Freedom Conservancy










Amusing article about busybox
Felipe Contreras felipe.contreras at gmail.com 
Fri Feb 10 20:16:06 UTC 2012 

On Wed, Feb 8, 2012 at 8:10 PM, Bradley M. Kuhn <bkuhn at ebb.org> wrote:
> Felipe Contreras wrote at 14:43 (EST) on Tuesday:
>
>> Really? So Sony can violate the GPL in some small product, and it
>> would not affect other product lines, like TVs?
>
> Technically, it *does* impact other products.

No, it doesn't.

> The question is whether
> or not Conservancy, as BusyBox's enforcement agent, would *insist* that
> a company stop distributing *compliant* products when other products are
> out of compliance.

Yes, but s/would/could/. From what I've read, you make no distinction
on product lines. And that's worrying.

>> You must not know how a big company works. It's not a matter of
>> resources; it's a matter of control and organization. The bigger a
>> company is, the more difficult it is to have tight control over all
>> areas.
>
> I do know somewhat how big companies work: they spend resources on
> things that matter to them, and ignore things that don't.

Big companies are comprised of many units, and divisions, and groups,
and teams, and ultimately people. People do things everyday on the
name of the company that the CEO might think are not worth spending
resources on.

Where resources are spent on is not as clear-cut as you make it seem.

> In my
> experience, GPL enforcement is the only way to get GPL compliance to
> matter to them.

We don't care about compliance, compliance is almost useless. What we
need is for them to become members of the community, and that can only
happen within, by a change in culture, understanding how open source
works.

Google's Android team opens their code (eventually), but most of that
code has not been merged to the Linux kernel, therefore, it's
basically useless to developers. I hope I don't have to tell you that
many people are angry about this, and have called Android a fork. How
are you going to solve this? Suing?

Enforcement only ensures that we would get the bare minimum (legal)
from the company, and IMO that doesn't help much.

> Otherwise, many companies merely ignore the GPL.

GPL is not important; it's just a tool. What is important for
developers is to get contributions back.

In the case of Sony, this tool is doing the opposite; not only is it
taking potential contributions from Sony away, but it's encouraging
other people to do the same (since toybox is also open source).

Perhaps it's time to write a special clause that says that the scope
of busybox enforcement should be restricted to busybox (not used as a
proxy).

Cheers.

-- 
Felipe Contreras

Amusing article about busybox
Rich Felker dalias at aerifal.cx 
Fri Feb 10 23:56:09 UTC 2012 

On Fri, Feb 10, 2012 at 10:16:06PM +0200, Felipe Contreras wrote:
> We don't care about compliance, compliance is almost useless. What we
> need is for them to become members of the community, and that can only
> happen within, by a change in culture, understanding how open source
> works.

It would work just as well for them to give the competitive advantage
to companies that are complying. You have to think about global
effects on the software ecosystem, not just a single company.

> Google's Android team opens their code (eventually), but most of that
> code has not been merged to the Linux kernel, therefore, it's
> basically useless to developers. I hope I don't have to tell you that
> many people are angry about this, and have called Android a fork. How
> are you going to solve this? Suing?

If developers care about its utility to them, they can read and merge
the code. What matters a lot more is utility to users who have
received Android devices, who want to be able to use their hardware
without the encumbrance of the vendor-shipped crapware. The fact that
the source code is public and free makes a huge difference to them.

> Enforcement only ensures that we would get the bare minimum (legal)
> from the company, and IMO that doesn't help much.

Enforcement creates a cost for companies that take advantage of free
software and refuse to play by the rules. This in turn helps give
competitive advantage to the ones who do play by the rules, and
creates an incentive for the ones who are infringing to change their
behavior.

> > Otherwise, many companies merely ignore the GPL.
> 
> GPL is not important; it's just a tool. What is important for
> developers is to get contributions back.
> 
> In the case of Sony, this tool is doing the opposite; not only is it
> taking potential contributions from Sony away, but it's encouraging
> other people to do the same (since toybox is also open source).

Toybox has little to do with Sony. Rob can be abrasive, but I've
known him a long time, and his main interest in Toybox is frustration
with all the hideous hacks, obfuscation, and microoptimization all
over Busybox that make the code difficult to read, fix, and improve,
all for the sake of saving a few worthless bytes here and there. The
basic principle, which I fully agree with and also adopted as a core
design principle in musl, is that near-optimality in size and
performance stem naturally from simple, clean design, and that
complexity should be introduced only in cases where the simple
solution is pathologically slow or bloated.

> Perhaps it's time to write a special clause that says that the scope
> of busybox enforcement should be restricted to busybox (not used as a
> proxy).

Why? I would hope many developers would be against such a policy. The
most useful part of Busybox enforcement is as a proxy. Nobody actually
cares about the modifications to Busybox (if any); they care about the
kernel patches and other stuff that's essential to using the hardware
Busybox is distributed on.

Rich

Amusing article about busybox
Felipe Contreras felipe.contreras at gmail.com 
Sat Feb 11 13:00:38 UTC 2012 

On Sat, Feb 11, 2012 at 1:56 AM, Rich Felker <dalias at aerifal.cx> wrote:
> On Fri, Feb 10, 2012 at 10:16:06PM +0200, Felipe Contreras wrote:
>> We don't care about compliance, compliance is almost useless. What we
>> need is for them to become members of the community, and that can only
>> happen within, by a change in culture, understanding how open source
>> works.
>
> It would work just as well for them to give the competitive advantage
> to companies that are complying. You have to think about global
> effects on the software ecosystem, not just a single company.

The competitive advantage doesn't come from compliance, it comes from
being a good community member.

>> Google's Android team opens their code (eventually), but most of that
>> code has not been merged to the Linux kernel, therefore, it's
>> basically useless to developers. I hope I don't have to tell you that
>> many people are angry about this, and have called Android a fork. How
>> are you going to solve this? Suing?
>
> If developers care about its utility to them, they can read and merge
> the code.

Then why hasn't the Android code been merged?

That's not how development works.

> What matters a lot more is utility to users who have
> received Android devices, who want to be able to use their hardware
> without the encumbrance of the vendor-shipped crapware. The fact that
> the source code is public and free makes a huge difference to them.

If their devices are not locked.

And few people, if any, would be interested in updating busybox on
their TVs, or such.

Keep up with enforcement, and eventually you would have only a few
pieces of software with GPL to enforce on consumer devices.

Besides, if you really care about users, why not wait until some user
requests GPL enforcement? I bet many consumer devices would not have a
single user that requests that.

>> Enforcement only ensures that we would get the bare minimum (legal)
>> from the company, and IMO that doesn't help much.
>
> Enforcement creates a cost for companies that take advantage of free
> software and refuse to play by the rules. This in turn helps give
> competitive advantage to the ones who do play by the rules, and
> creates an incentive for the ones who are infringing to change their
> behavior.

They already have a competitive advantage. Enforcement is only making
companies that otherwise be good citizens (Sony) walk away,
fragmenting the community, and decreasing the competitive advantage of
compliant companies.

>> > Otherwise, many companies merely ignore the GPL.
>>
>> GPL is not important; it's just a tool. What is important for
>> developers is to get contributions back.
>>
>> In the case of Sony, this tool is doing the opposite; not only is it
>> taking potential contributions from Sony away, but it's encouraging
>> other people to do the same (since toybox is also open source).
>
> Toybox has little to do with Sony. Rob can be abrasive, but I've
> known him a long time, and his main interest in Toybox is frustration
> with all the hideous hacks, obfuscation, ...

That's not what he has been telling the people that are running the
toybox stories.

>> Perhaps it's time to write a special clause that says that the scope
>> of busybox enforcement should be restricted to busybox (not used as a
>> proxy).
>
> Why? I would hope many developers would be against such a policy. The
> most useful part of Busybox enforcement is as a proxy. Nobody actually
> cares about the modifications to Busybox (if any); they care about the
> kernel patches and other stuff that's essential to using the hardware
> Busybox is distributed on.

Exactly. And if you don't see how that's unfair, and abusive, I guess
there's nothing else to discuss.

It seems to me like you are exploiting a legal loophole to play a
political game against companies to use a bigger stick as you can,
regardless from the wishes of the copyright holders, and without users
requesting any of that.

People would walk away from the GPL tanks to this, specially on the
software you use as proxy, in order to diminish your abuse. And this
is just doing a disservice to the open source community.

Cheers.

-- 
Felipe Contreras

Amusing article about busybox
Rich Felker dalias at aerifal.cx 
Sat Feb 11 13:31:39 UTC 2012 

On Sat, Feb 11, 2012 at 03:00:38PM +0200, Felipe Contreras wrote:
> > What matters a lot more is utility to users who have
> > received Android devices, who want to be able to use their hardware
> > without the encumbrance of the vendor-shipped crapware. The fact that
> > the source code is public and free makes a huge difference to them.
> 
> If their devices are not locked.
> 
> And few people, if any, would be interested in updating busybox on
> their TVs, or such.

That's why it's so important that Busybox act as a proxy to
enforcement of other GPL infringement. The important thing to get is
the kernel and other system components. Busybox is likely unmodified
or barely-modified anyway.

> Besides, if you really care about users, why not wait until some user
> requests GPL enforcement? I bet many consumer devices would not have a
> single user that requests that.

That's what Busybox does. It seems you're completely unaware of what
you're talking about, because almost all Busybox enforcement efforts
stem from users being upset to find Busybox on a device they bought
and want to hack around with, and no sign of source code anywhere.

> They already have a competitive advantage. Enforcement is only making
> companies that otherwise be good citizens (Sony) walk away,
> fragmenting the community, and decreasing the competitive advantage of
> compliant companies.

Sony is the antithesis of "good citizen" in every possible way.

Rich

Amusing article about busybox
Felipe Contreras felipe.contreras at gmail.com 
Sat Feb 11 14:47:25 UTC 2012 

On Sat, Feb 11, 2012 at 3:31 PM, Rich Felker < dalias at aerifal.cx> wrote:
> On Sat, Feb 11, 2012 at 03:00:38PM +0200, Felipe Contreras wrote:
>> > What matters a lot more is utility to users who have
>> > received Android devices, who want to be able to use their hardware
>> > without the encumbrance of the vendor-shipped crapware. The fact that
>> > the source code is public and free makes a huge difference to them.
>>
>> If their devices are not locked.
>>
>> And few people, if any, would be interested in updating busybox on
>> their TVs, or such.
>
> That's why it's so important that Busybox act as a proxy to
> enforcement of other GPL infringement. The important thing to get is
> the kernel and other system components. Busybox is likely unmodified
> or barely-modified anyway.

But Linux people have not requested GPL enforcement. So you are most
likely acting against the wishes of the copyright holders. Probably
the only reason they don't make an amendment to the license to
prohibit this, is that they don't care enough. Toybox would solve the
problem anyway.

>> Besides, if you really care about users, why not wait until some user
>> requests GPL enforcement? I bet many consumer devices would not have a
>> single user that requests that.
>
> That's what Busybox does. It seems you're completely unaware of what
> you're talking about, because almost all Busybox enforcement efforts
> stem from users being upset to find Busybox on a device they bought
> and want to hack around with, and no sign of source code anywhere.

Fair enough.

>> They already have a competitive advantage. Enforcement is only making
>> companies that otherwise be good citizens (Sony) walk away,
>> fragmenting the community, and decreasing the competitive advantage of
>> compliant companies.
>
> Sony is the antithesis of "good citizen" in every possible way.

Then why are they making Toybox open? Is anybody suing them to do that? No.

You don't understand how big companies work. Sony might not have a
culture of open source, but there's people inside Sony that do, like
Tim Bird, and they are pushing to change the culture, and they'll do
it, with time, and success stories.

Toybox being open source is proof that parts of Sony are good
citizens, and they would probably be contributing to Busybox if it
wasn't because of the SFC.

-- 
Felipe Contreras

Amusing article about busybox
Laurent Bercot ska-dietlibc at skarnet.org 
Sat Feb 11 16:08:14 UTC 2012 

>> Sony is the antithesis of "good citizen" in every possible way.
> Then why are they making Toybox open? Is anybody suing them to do that? No.

 Your premises are wrong.

 Toybox wasn't made by Sony. Toybox was made by Rob Landley.
 Sony is merely *using* Toybox. They chose to do so because Toybox's
license is more permissive than Busybox's.


> Toybox being open source is proof that parts of Sony are good
> citizens, and they would probably be contributing to Busybox if it
> wasn't because of the SFC.

 No. Toybox being open source is proof that Rob is a good citizen;
and Sony's decision to use it instead of Busybox is proof that big
companies are afraid of the GPL and *will* choose non-copylefted
open source software if there is an alternative.

 The day Sony releases some open source software will be champagne
for everyone. But this day won't happen in the current decade, oh no.

-- 
 Laurent

Re: Amusing article about busybox
Bradley M. Kuhn <bkuhn <at> ebb.org>
2012-02-11 18:19:13 GMT

Felipe Contreras wrote at 15:16 (EST) yesterday:
>>>> Enforcement only ensures that we would get the bare minimum (legal)
>>>> from the company, and IMO that doesn't help much.

OpenWRT and SamyGo are two excellent counterexamples.  While in both
cases, BusyBox GPL enforcement yielded only a bare minimum release, that
bare minimum was enough to spawn new upstream projects.

> On Sat, Feb 11, 2012 at 03:00:38PM +0200, Felipe Contreras wrote:
>> And few people, if any, would be interested in updating busybox on
>> their TVs, or such.

With regard to TV's, in particular, SamyGo is a clear counter-example on
that point as well.

Felipe Contreras wrote at 15:16 (EST) yesterday:
>>>> Google's Android team opens their code (eventually), but most of
>>>> that code has not been merged to the Linux kernel, therefore, it's
>>>> basically useless to developers.

I think the Cyanogenmod community -- both users and developers -- would
disagree with you on that.  As a Cyangoenmod user, I certainly do.  And,
as Rich Felker pointed out elsewhere in the thread:
>> > What matters a lot more is utility to users who have received
>> > Android devices, who want to be able to use their hardware without
>> > the encumbrance of the vendor-shipped crapware. The fact that the
>> > source code is public and free makes a huge difference to them.
...
>>> If developers care about its utility to them, they can read and
>>> merge the code. What matters a lot more is utility to users who have
>>> received Android devices, who want to be able to use their hardware
>>> without the encumbrance of the vendor-shipped crapware. The fact
>>> that the source code is public and free makes a huge difference to
>>> them.

Felipe Contreras also wrote at 15:16 (EST) yesterday:
>>>> many people are angry about [Android kernel code not being
>>>> upstream], and have called Android a fork. How are you going to
>>>> solve this?  Suing?

AFAICT, the Google release of Android's Linux fork is in compliance with
GPL, which means the community has access to the improvements.  I think
it's a mistake to conflate issues raised by forking (which GPL permits)
with issues raised by complete failure to comply with GPLv23.

Rich Felker wrote at 08:31 (EST):
> That's why it's so important that Busybox act as a proxy to
> enforcement of other GPL infringement. The important thing to get is
> the kernel and other system components. Busybox is likely unmodified
> or barely-modified anyway.

While I agree with Rich's statement above, I want to reiterate that
getting "scripts to control compilation and installation of the
executable" for BusyBox is an essential issue under GPLv2 and those
scripts are likely very different from firmware to firmware.  At least,
I've seen them to be quite different in various source releases I've
helped liberate through GPL enforcement for BusyBox.

>> Besides, if you really care about users, why not wait until some user
>> requests GPL enforcement? I bet many consumer devices would not have a
>> single user that requests that.

> That's what Busybox does. It seems you're completely unaware of what
> you're talking about, because almost all Busybox enforcement efforts
> stem from users being upset to find Busybox on a device they bought
> and want to hack around with, and no sign of source code anywhere.

I can confirm this.  Indeed, IIRC, every BusyBox enforcement I've been
involved with has started with a report from a curious user who found
BusyBox in a device or firmware that (s)he bought/downloaded.

>> They already have a competitive advantage. Enforcement is only making
>> companies that otherwise be good citizens (Sony) walk away,
>> fragmenting the community, and decreasing the competitive advantage
>> of compliant companies.

> Sony is the antithesis of "good citizen" in every possible way.

Well, to be fair to Sony, I'm not aware of any Sony GPL violation.
< gpl < at> busybox.net> has gotten a few vague reports, but I've never seen a
confirmed violation by Sony, so I presume they're abiding by GPL
currently.  While this might not make them a "good citizen", I think the
fact of Sony's apparent GPL compliance means the statement quoted above
is an exaggeration.

Laurent Bercot wrote at 11:08 (EST) today:
>>>>> Toybox wasn't made by Sony. Toybox was made by Rob Landley.  Sony
>>>>>is merely *using* Toybox.

Indeed.  I encourage everyone to be fair to Tim Bird on this: Tim claims
that Sony *doesn't* support the ToyBox initiative, but that it's his
personal support that he's given to Rob and ToyBox.  I've pointed out to
Tim that it is confusing that he's giving that support using his
sony.com email address, which is what led me to believe it was a Sony
initiative.  But Tim has clarified this point publicly, so I am going to
take Tim at his word on that (but I'll continue to encourage Tim to
cease using his sony.com email address to endorse things that Sony
doesn't endorse).

FWIW, I'm trying to schedule a meeting with Tim Bird at Embedded Linux
Conference next week.  I still maintain that a lot of what Tim posted on
the LWN thread is based on second-hand confusions and misrepresentations
of Conservancy's and Erik Andersen's positions in BusyBox GPL
enforcement actions.  My hope is that I can convince Tim that there's no
reason to have such great fear of GPL (and, after all, Sony will still
be using Linux, which is also GPL'd).  I don't think any of the outcomes
Tim fears are likely to happen -- at least due to Conservancy
enforcement, anyway.  I hope I can convince Tim of this fact when I see
him.

As for Rob Landley, I have told Rob on IRC this: I support his right to
write any Free Software he likes under any license -- copyleft or
permissive.  More Free Software is always good for the world, regardless
of the motivations that led to its authorship.  I also think healthy
competition for BusyBox, with a very different approach to the same
problem set, is a good thing, no matter what reason it comes.

> On Wed, Feb 8, 2012 at 8:10 PM, Bradley M. Kuhn < bkuhn < at> ebb.org> wrote:
>> The question is whether or not Conservancy, as BusyBox's enforcement
>> agent, would *insist* that a company stop distributing *compliant*
>> products when other products are out of compliance.

Felipe Contreras wrote at 15:16 (EST) yesterday:
>>>> Yes, but s/would/could/. From what I've read, you make no
>>>> distinction on product lines. And that's worrying.

I'm curious to know what you've read that makes you believe that.  I
said pretty clearly in my previous emails that Conservancy's goal in
BusyBox enforcement is to avoid doing many things that copyright law
would allow us to do, in the interest of friendly discussions with the
violator.  I think what you might have read might have been FUD, or
perhaps a misconstruing of something I wrote.

>>>> We don't care about compliance, compliance is almost useless.

Who is the "we" you are speaking for there?

I care about compliance, because I care about users who got a product
without an source nor offer therefor.  I know Erik cares about that,
too.  I think others do as well....

>>>> What we need is for them to become members of the community, and that
>>>> can only happen within, by a change in culture, understanding how open
>>>> source works.

... Nevertheless, I fully agree with you on that.  A lot of the process
of enforcement is an education effort to help companies join our
community.  Some do, and some have.  There are many past violators who
are now participants in Free Software development.

>>>> GPL is not important; it's just a tool. What is important for
>>>> developers is to get contributions back.

That's one important issue.  Another important issue is that users get
the ability to take advantage of new versions of the software, or make
modified distributions for their devices using the source that the
developers licensed to them under GPL.

Felipe Contreras wrote 09:51 (EST) today:
>>>> But Linux people have not requested GPL enforcement.

First of all, for years, Linux developers have come up to me at
conferences and told me confidentially that they thank me and BusyBox
for Conservancy's enforcement work, but for political reasons they
couldn't get involved with enforcement.

That said, Denys and I have had some discussion about getting more
projects involved with Conservancy's enforcement, and I think that's
worth doing.  I'm working on that issue this month, and hopefully I will
have an announcement about it in March.

Re: Amusing article about busybox
Felipe Contreras <felipe.contreras <at> gmail.com>
2012-02-11 22:49:47 GMT

On Sat, Feb 11, 2012 at 8:19 PM, Bradley M. Kuhn <bkuhn <at> ebb.org> wrote:
> Felipe Contreras wrote at 15:16 (EST) yesterday:
>>>>> Enforcement only ensures that we would get the bare minimum (legal)
>>>>> from the company, and IMO that doesn't help much.
>
> OpenWRT and SamyGo are two excellent counterexamples.  While in both
> cases, BusyBox GPL enforcement yielded only a bare minimum release, that
> bare minimum was enough to spawn new upstream projects.

True, there are exceptions.

>> On Sat, Feb 11, 2012 at 03:00:38PM +0200, Felipe Contreras wrote:
>>> And few people, if any, would be interested in updating busybox on
>>> their TVs, or such.
>
> With regard to TV's, in particular, SamyGo is a clear counter-example on
> that point as well.

SamyGo includes much more than just busybox.

> Felipe Contreras wrote at 15:16 (EST) yesterday:
>>>>> Google's Android team opens their code (eventually), but most of
>>>>> that code has not been merged to the Linux kernel, therefore, it's
>>>>> basically useless to developers.
>
> I think the Cyanogenmod community -- both users and developers -- would
> disagree with you on that.  As a Cyangoenmod user, I certainly do.  And,
> as Rich Felker pointed out elsewhere in the thread:

Cyanogenmod is not Linux. I am talking about the original
_developers_, the ones that wrote Linux, since that's what Android
uses, and has not contributed back.

>>> > What matters a lot more is utility to users who have received
>>> > Android devices, who want to be able to use their hardware without
>>> > the encumbrance of the vendor-shipped crapware. The fact that the
>>> > source code is public and free makes a huge difference to them.
> ...
>>>> If developers care about its utility to them, they can read and
>>>> merge the code. What matters a lot more is utility to users who have
>>>> received Android devices, who want to be able to use their hardware
>>>> without the encumbrance of the vendor-shipped crapware. The fact
>>>> that the source code is public and free makes a huge difference to
>>>> them.
>
> Felipe Contreras also wrote at 15:16 (EST) yesterday:
>>>>> many people are angry about [Android kernel code not being
>>>>> upstream], and have called Android a fork. How are you going to
>>>>> solve this?  Suing?
>
> AFAICT, the Google release of Android's Linux fork is in compliance with
> GPL, which means the community has access to the improvements.  I think
> it's a mistake to conflate issues raised by forking (which GPL permits)
> with issues raised by complete failure to comply with GPLv23.

The end result for developers (who originally chose the license) is
the same; no code contributed back. If they don't release anything
(violating the GPL), or if they put their thousands of changes on a
single patch in an FTP server (complying with the GPL) doesn't make
much difference to the _developers_.

> Laurent Bercot wrote at 11:08 (EST) today:
>>>>>> Toybox wasn't made by Sony. Toybox was made by Rob Landley.  Sony
>>>>>>is merely *using* Toybox.
>
> Indeed.  I encourage everyone to be fair to Tim Bird on this: Tim claims
> that Sony *doesn't* support the ToyBox initiative, but that it's his
> personal support that he's given to Rob and ToyBox.  I've pointed out to
> Tim that it is confusing that he's giving that support using his
> sony.com email address, which is what led me to believe it was a Sony
> initiative.  But Tim has clarified this point publicly, so I am going to
> take Tim at his word on that (but I'll continue to encourage Tim to
> cease using his sony.com email address to endorse things that Sony
> doesn't endorse).

Even if Sony was supporting ToyBox internally, it would not issue any
statement publicly, and would encourage employees to refrain from
making any statements that the company has not approved. And they
don't have a reason to make any statement.

Tim Bird is probably being too outspoken, and might get some call of
attention to refrain doing so.

> FWIW, I'm trying to schedule a meeting with Tim Bird at Embedded Linux
> Conference next week.  I still maintain that a lot of what Tim posted on
> the LWN thread is based on second-hand confusions and misrepresentations
> of Conservancy's and Erik Andersen's positions in BusyBox GPL
> enforcement actions.  My hope is that I can convince Tim that there's no
> reason to have such great fear of GPL (and, after all, Sony will still
> be using Linux, which is also GPL'd).

But Linux's developers have expressed no interest in the GPL being
enforced for their project.

> I don't think any of the outcomes
> Tim fears are likely to happen -- at least due to Conservancy
> enforcement, anyway.  I hope I can convince Tim of this fact when I see
> him.

It doesn't matter what outcomes Tim fears, it only matters what Sony
lawyers fear, and "the SFC said they wouldn't do it" is not any legal
assurance. Somebody else might.

> Felipe Contreras wrote at 15:16 (EST) yesterday:
>>>>> Yes, but s/would/could/. From what I've read, you make no
>>>>> distinction on product lines. And that's worrying.
>
> I'm curious to know what you've read that makes you believe that.  I
> said pretty clearly in my previous emails that Conservancy's goal in
> BusyBox enforcement is to avoid doing many things that copyright law
> would allow us to do, in the interest of friendly discussions with the
> violator.  I think what you might have read might have been FUD, or
> perhaps a misconstruing of something I wrote.

You and I have already a huge difference in opinion in what is
desirable and fair regarding how to advance the open source movement.
I don't even want to imagine what Sony lawyers are thinking.

SFC _can_ shutdown unrelated product lines that are compliant, and SFC
_can_ request compliance for things other than busybox. Lawyers are
probably not interested in your "goals", but what can be done.

>>>>> We don't care about compliance, compliance is almost useless.
>
> Who is the "we" you are speaking for there?

We, the open source community, weather many of us realize it, or not.

> I care about compliance, because I care about users who got a product
> without an source nor offer therefor.  I know Erik cares about that,
> too.  I think others do as well....

The license is picked by the *developer*, and while it might be
desirable to give something to users (I disagree this is the right
way), the fact of the matter is that the owner of the code is the
*developer*. And if you go against the wishes of the *developer*
(which you seem to be doing), that's wrong, even if it's in the name
of users.

>>>>> What we need is for them to become members of the community, and that
>>>>> can only happen within, by a change in culture, understanding how open
>>>>> source works.
>
> ... Nevertheless, I fully agree with you on that.  A lot of the process
> of enforcement is an education effort to help companies join our
> community.  Some do, and some have.  There are many past violators who
> are now participants in Free Software development.

Probably not tanks to enforcement.

>>>>> GPL is not important; it's just a tool. What is important for
>>>>> developers is to get contributions back.
>
> That's one important issue.  Another important issue is that users get
> the ability to take advantage of new versions of the software, or make
> modified distributions for their devices using the source that the
> developers licensed to them under GPL.

If that was the case, developers would pick GPLv3. If they stay with
GPLv2, they probably are only interested in getting the modifications
back.

> Felipe Contreras wrote 09:51 (EST) today:
>>>>> But Linux people have not requested GPL enforcement.
>
> First of all, for years, Linux developers have come up to me at
> conferences and told me confidentially that they thank me and BusyBox
> for Conservancy's enforcement work, but for political reasons they
> couldn't get involved with enforcement.

Some of them. Certainly not all, nor a significant majority, or you
would be enforcing it directly.

> That said, Denys and I have had some discussion about getting more
> projects involved with Conservancy's enforcement, and I think that's
> worth doing.  I'm working on that issue this month, and hopefully I will
> have an announcement about it in March.

Indeed, that's good. Ideally though, you should not be using any
project as proxy, and only enforce the projects that have explicitly
requested enforcement. Anything else is abusing a loophole.

Cheers.

Re: Amusing article about busybox
Ralf Friedl <Ralf.Friedl <at> online.de>
2012-02-12 02:47:43 GMT

Felipe Contreras wrote:
> On Sat, Feb 11, 2012 at 8:19 PM, Bradley M. Kuhn <bkuhn <at> ebb.org> wrote:
>   
>> Felipe Contreras wrote at 15:16 (EST) yesterday:
>>     
>>>>>> Enforcement only ensures that we would get the bare minimum (legal)
>>>>>> from the company, and IMO that doesn't help much.
>>>>>>             
>> OpenWRT and SamyGo are two excellent counterexamples.  While in both
>> cases, BusyBox GPL enforcement yielded only a bare minimum release, that
>> bare minimum was enough to spawn new upstream projects.
>>     
> True, there are exceptions.
>   
There are more exceptions.
You seem to imply that without enforcement of the GPL, there would 
magically appear more companies who want to contribute to open source, 
but you provide no argument why that would happen. In fact, the opposite 
is true. The companies that comply with the GPL do that anyway. Most of 
that other companies do the bare minimum to comply with the GPL. They 
also do the bare minimum to comply with BSD code, which means they do 
nothing, although it would be trivially easy for them to share their 
modifications.

If you say the the code is licensed under the GPL, but you promise to 
never enforce the license, you might as well call it public domain. And 
if you are not prepared to sue as a last resort, all other attempts of 
enforcement are futile in most cases. Companies don't ignore the GPL 
because it is so hard to understand, they deal with much more 
complicated contracts. They ignore the GPL because they can, and you 
seem to imply that they should be free to do so.

>>> On Sat, Feb 11, 2012 at 03:00:38PM +0200, Felipe Contreras wrote:
>>>       
>>>> And few people, if any, would be interested in updating busybox on
>>>> their TVs, or such.
>>>>         
>> With regard to TV's, in particular, SamyGo is a clear counter-example on
>> that point as well.
>>     
> SamyGo includes much more than just busybox.
>   
You seem to want to dismiss the fact your claim was wrong that users 
aren't interested in the source for busybox and other programs on their 
devices.

>> Felipe Contreras wrote at 15:16 (EST) yesterday:
>>     
>>>>>> Google's Android team opens their code (eventually), but most of
>>>>>> that code has not been merged to the Linux kernel, therefore, it's
>>>>>> basically useless to developers.
>>>>>>             
>> I think the Cyanogenmod community -- both users and developers -- would
>> disagree with you on that.  As a Cyangoenmod user, I certainly do.  And,
>> as Rich Felker pointed out elsewhere in the thread:
>>     
> Cyanogenmod is not Linux. I am talking about the original
> _developers_, the ones that wrote Linux, since that's what Android
> uses, and has not contributed back.
>   
The sources are available, that does not mean that anybody is forced to 
use these modification.
As you specifically mention the Linux kernel, a lot of companies have 
contributed code that is in the main kernel, so there has been benefit 
for the original developers. Other code is considered not good enough 
for inclusion in the main kernel, but the code it there, and it is 
possible to use and improve this code.

>> I don't think any of the outcomes
>> Tim fears are likely to happen -- at least due to Conservancy
>> enforcement, anyway.  I hope I can convince Tim of this fact when I see
>> him.
>>     
> It doesn't matter what outcomes Tim fears, it only matters what Sony
> lawyers fear, and "the SFC said they wouldn't do it" is not any legal
> assurance. Somebody else might.
>   
Sony's fears seem very important for you.
Maybe it hasn't occurred to you or to Sony's lawyers, but from a legal 
point of view they could get exactly the same result if they say "Here 
on this server is the source for busybox x.y.z, it includes the 
configuration we used to build the binary". (Of course, they should not 
just say that, but also do it.) That shouldn't be too complicated, they 
would be in full compliance, and it would be much easier than to replace 
busybox and test a replacement.

>> Felipe Contreras wrote at 15:16 (EST) yesterday:
>>     
>>>>>> Yes, but s/would/could/. From what I've read, you make no
>>>>>> distinction on product lines. And that's worrying.
>>>>>>             
>> I'm curious to know what you've read that makes you believe that.  I
>> said pretty clearly in my previous emails that Conservancy's goal in
>> BusyBox enforcement is to avoid doing many things that copyright law
>> would allow us to do, in the interest of friendly discussions with the
>> violator.  I think what you might have read might have been FUD, or
>> perhaps a misconstruing of something I wrote.
>>     
>
> You and I have already a huge difference in opinion in what is
> desirable and fair regarding how to advance the open source movement.
> I don't even want to imagine what Sony lawyers are thinking.
>
> SFC _can_ shutdown unrelated product lines that are compliant, and SFC
> _can_ request compliance for things other than busybox. Lawyers are
> probably not interested in your "goals", but what can be done.
>   
Microsoft could send an update that breaks an important application, 
they reserved the right to do that in the EULA, and it has happened in 
the past. They could come and audit Sony's use of OEM licenses, or force 
them to buy a license even for machines that don't use Windows. All of 
this is more likely to happen.
And as I mentioned, complying with the GPL is really easy, and that 
removes even the last shadow of any risk of becoming the target of GPL 
enforcement.

>>>>>> We don't care about compliance, compliance is almost useless.
>>>>>>             
>> Who is the "we" you are speaking for there?
>>     
> We, the open source community, weather many of us realize it, or not.
>   
Please speak just for yourself and don't pretend to speak for anybody else.
By the way, a grep for your name in the busybox source finds nothing.

>> I care about compliance, because I care about users who got a product
>> without an source nor offer therefor.  I know Erik cares about that,
>> too.  I think others do as well....
>>     
> The license is picked by the *developer*, and while it might be
> desirable to give something to users (I disagree this is the right
> way), the fact of the matter is that the owner of the code is the
> *developer*. And if you go against the wishes of the *developer*
> (which you seem to be doing), that's wrong, even if it's in the name
> of users.
>   
Two hints on this:
- If the developer picked the GPL, he probably wanted it respected. If 
not, he should have been honest and called it public domain.
- SFC is not the developer, they can't do anything themselves. They just 
act on behalf of the developer, so they can't go against the wishes of 
the developer, which you imply not just as a possibility but as a fact.

>>>>>> What we need is for them to become members of the community, and that
>>>>>> can only happen within, by a change in culture, understanding how open
>>>>>> source works.
>>>>>>             
>> ... Nevertheless, I fully agree with you on that.  A lot of the process
>> of enforcement is an education effort to help companies join our
>> community.  Some do, and some have.  There are many past violators who
>> are now participants in Free Software development.
>>     
> Probably not tanks to enforcement.
>   
Actually mist likely due to enforcement.

>>>>>> GPL is not important; it's just a tool. What is important for
>>>>>> developers is to get contributions back.
>>>>>>             
>> That's one important issue.  Another important issue is that users get
>> the ability to take advantage of new versions of the software, or make
>> modified distributions for their devices using the source that the
>> developers licensed to them under GPL.
>>     
> If that was the case, developers would pick GPLv3. If they stay with
> GPLv2, they probably are only interested in getting the modifications
> back.
>   
The main point of the GPL since v1 to give the uses of the software the 
rights and the possibility to modify the software and to use this 
modified software. From GPLv1: "The license agreements of most software 
companies try to keep *users* at the mercy of those companies.  By 
contrast, our ...".
It seems (once more) you don't know what you are talking about. The 
start of the GPL was that RMS was, as a user of a printer driver, unable 
to adapt it because he didn't get the source.
The GPLv3 is mainly a clarification because when GPLv2 was written, they 
didn't foresee that it would be possible for a user to have the source 
and not be able to use it on the intended device.

After all that you wrote, your concern for the fears of Sony's lawyers, 
after you call Sony "good citizens", I just wonder, do you happen to 
work for Sony?
Ralf

Re: Amusing article about busybox
Felipe Contreras <felipe.contreras <at> gmail.com>
2012-02-15 01:39:00 GMT

On Sun, Feb 12, 2012 at 4:47 AM, Ralf Friedl <Ralf.Friedl <at> online.de> wrote:
> Felipe Contreras wrote:
>>
>> On Sat, Feb 11, 2012 at 8:19 PM, Bradley M. Kuhn <bkuhn < at> ebb.org> wrote:
>>
>>>
>>> Felipe Contreras wrote at 15:16 (EST) yesterday:
>>>
>>>>>>>
>>>>>>> Enforcement only ensures that we would get the bare minimum (legal)
>>>>>>> from the company, and IMO that doesn't help much.
>>>>>>>
>>>
>>> OpenWRT and SamyGo are two excellent counterexamples.  While in both
>>> cases, BusyBox GPL enforcement yielded only a bare minimum release, that
>>> bare minimum was enough to spawn new upstream projects.
>>>
>>
>> True, there are exceptions.
>>
>
> There are more exceptions.
> You seem to imply that without enforcement of the GPL, there would magically
> appear more companies who want to contribute to open source, but you provide
> no argument why that would happen.

It depends on what kinds of enforcement; abusive
company-wide-without-regards-to-specific-units, that is also started
as a proxy without consent from the original copy-right holders; no, I
don't think companies would be too happy to use such code, much less
contribute to it.

> In fact, the opposite is true.

Right... there is absolutely no company that avoids the GPL because of
this abusive enforcement. Wait a second, what about Sony? Sure, maybe
Sony is not a good community member _today_, but it might be at some
point, and it would certainly not be contributing to busybox.

I am pretty sure there's plenty of companies that they only lesson
they learned from being targets of GPL enforcement is to avoid GPL
code.

> The
> companies that comply with the GPL do that anyway. Most of that other
> companies do the bare minimum to comply with the GPL. They also do the bare
> minimum to comply with BSD code, which means they do nothing, although it
> would be trivially easy for them to share their modifications.

Some do the minimum, not all.

I already explained that for *developers* the bare minimum is almost
worthless, what is needed is community involvement, and walking around
with a stick does not help a single bit.

> If you say the the code is licensed under the GPL, but you promise to never
> enforce the license, you might as well call it public domain.

Do not tell me what I expect from the licensees, that's up to me to decide.

I expect contributions back. If you are a good member of society, you
most likely will at least publish your modifications, that's good, but
I strongly prefer if you contribute back. If you are a bad member of
society, expect bad publicity, as you are not doing what you are
supposed to do.

> And if you are
> not prepared to sue as a last resort, all other attempts of enforcement are
> futile in most cases.

I don't care. No amount of enforcement is going to make them send
clean patches to the mailing list, so why should I care?

> Companies don't ignore the GPL because it is so hard
> to understand, they deal with much more complicated contracts. They ignore
> the GPL because they can, and you seem to imply that they should be free to
> do so.

Companies are not single entities, like people, but it seems that
concept just doesn't sink in with many people.

>>>> On Sat, Feb 11, 2012 at 03:00:38PM +0200, Felipe Contreras wrote:
>>>>
>>>>>
>>>>> And few people, if any, would be interested in updating busybox on
>>>>> their TVs, or such.
>>>>>
>>>
>>> With regard to TV's, in particular, SamyGo is a clear counter-example on
>>> that point as well.
>>>
>>
>> SamyGo includes much more than just busybox.
>>
>
> You seem to want to dismiss the fact your claim was wrong that users aren't
> interested in the source for busybox and other programs on their devices.

So you are saying that there's people out there that want to update
*only* busybox on their TV's? I find that hard to believe.

>>> Felipe Contreras wrote at 15:16 (EST) yesterday:
>>>
>>>>>>>
>>>>>>> Google's Android team opens their code (eventually), but most of
>>>>>>> that code has not been merged to the Linux kernel, therefore, it's
>>>>>>> basically useless to developers.
>>>>>>>
>>>
>>> I think the Cyanogenmod community -- both users and developers -- would
>>> disagree with you on that.  As a Cyangoenmod user, I certainly do.  And,
>>> as Rich Felker pointed out elsewhere in the thread:
>>>
>>
>> Cyanogenmod is not Linux. I am talking about the original
>> _developers_, the ones that wrote Linux, since that's what Android
>> uses, and has not contributed back.
>>
>
> The sources are available, that does not mean that anybody is forced to use
> these modification.
> As you specifically mention the Linux kernel, a lot of companies have
> contributed code that is in the main kernel, so there has been benefit for
> the original developers.

Not thanks to enforcement. There's no stick you can use to achieve that.

> Other code is considered not good enough for
> inclusion in the main kernel, but the code it there, and it is possible to
> use and improve this code.

It's _possible_ but nobody is going to do it. The only *efficient* way
to achieve this without loosing one's sanity is to actively invite
companies to become part of the community, and educate them about the
benefits, and only then, they might go through all the processes
needed to write clean patches, so one, as a maintainer of a project,
can just apply them, and only _then_ does everybody wins. Sticks don't
help that.

>>> I don't think any of the outcomes
>>> Tim fears are likely to happen -- at least due to Conservancy
>>> enforcement, anyway.  I hope I can convince Tim of this fact when I see
>>> him.
>>>
>>
>> It doesn't matter what outcomes Tim fears, it only matters what Sony
>> lawyers fear, and "the SFC said they wouldn't do it" is not any legal
>> assurance. Somebody else might.
>>
>
> Sony's fears seem very important for you.
> Maybe it hasn't occurred to you or to Sony's lawyers, but from a legal point
> of view they could get exactly the same result if they say "Here on this
> server is the source for busybox x.y.z, it includes the configuration we
> used to build the binary". (Of course, they should not just say that, but
> also do it.) That shouldn't be too complicated, they would be in full
> compliance, and it would be much easier than to replace busybox and test a
> replacement.

Sony != Sony lawyers. Being involved with Nokia lawyers I can tell you
that Nokia engineers didn't agree with many things, and it's oh so
frustrating. A lot of the issues can't even be mentioned publicly.

So when you say Sony should do this, I can't help but roll my eyes.
You can blame Sony all you want, but that just tells me you don't know
how big companies work.

>>> Felipe Contreras wrote at 15:16 (EST) yesterday:
>>>
>>>>>>>
>>>>>>> Yes, but s/would/could/. From what I've read, you make no
>>>>>>> distinction on product lines. And that's worrying.
>>>>>>>
>>>
>>> I'm curious to know what you've read that makes you believe that.  I
>>> said pretty clearly in my previous emails that Conservancy's goal in
>>> BusyBox enforcement is to avoid doing many things that copyright law
>>> would allow us to do, in the interest of friendly discussions with the
>>> violator.  I think what you might have read might have been FUD, or
>>> perhaps a misconstruing of something I wrote.
>>>
>>
>>
>> You and I have already a huge difference in opinion in what is
>> desirable and fair regarding how to advance the open source movement.
>> I don't even want to imagine what Sony lawyers are thinking.
>>
>> SFC _can_ shutdown unrelated product lines that are compliant, and SFC
>> _can_ request compliance for things other than busybox. Lawyers are
>> probably not interested in your "goals", but what can be done.
>>
>
> Microsoft could send an update that breaks an important application, they
> reserved the right to do that in the EULA, and it has happened in the past.
> They could come and audit Sony's use of OEM licenses, or force them to buy a
> license even for machines that don't use Windows. All of this is more likely
> to happen.

No, it's not, because Sony (or rather some people inside Sony) knows
_exactly_ how to retaliate, and Microsoft knows that.

They can't do absolutely anything if the SFC pursues these courses of actions.

> And as I mentioned, complying with the GPL is really easy, and that removes
> even the last shadow of any risk of becoming the target of GPL enforcement.

Not for a big company.

>>>>>>> We don't care about compliance, compliance is almost useless.
>>>>>>>
>>>
>>> Who is the "we" you are speaking for there?
>>>
>>
>> We, the open source community, weather many of us realize it, or not.
>>
>
> Please speak just for yourself and don't pretend to speak for anybody else.
> By the way, a grep for your name in the busybox source finds nothing.
>
>
>>> I care about compliance, because I care about users who got a product
>>> without an source nor offer therefor.  I know Erik cares about that,
>>> too.  I think others do as well....
>>>
>>
>> The license is picked by the *developer*, and while it might be
>> desirable to give something to users (I disagree this is the right
>> way), the fact of the matter is that the owner of the code is the
>> *developer*. And if you go against the wishes of the *developer*
>> (which you seem to be doing), that's wrong, even if it's in the name
>> of users.
>>
>
> Two hints on this:
> - If the developer picked the GPL, he probably wanted it respected.

And assumption, and not true. Look at the public call from Mathew
Garret for Linux kernel developers to request kernel enforcement... He
got squat.

> If not, he should have been honest and called it public domain.

Interesting theory. Then it should be easy to get enforcement request
for copyright holders all over. Why is that not happening?

You can assume all you want, facts don't check.

> - SFC is not the developer, they can't do anything themselves. They just act
> on behalf of the developer, so they can't go against the wishes of the
> developer, which you imply not just as a possibility but as a fact.

Unless the developer is not aware of what you are doing, or doesn't
care enough to contact you. Since you have not *explicitly* requested
permission, that's a very valid (and quite likely) possibility.

>>>>>>> What we need is for them to become members of the community, and that
>>>>>>> can only happen within, by a change in culture, understanding how
>>>>>>> open
>>>>>>> source works.
>>>>>>>
>>>
>>> ... Nevertheless, I fully agree with you on that.  A lot of the process
>>> of enforcement is an education effort to help companies join our
>>> community.  Some do, and some have.  There are many past violators who
>>> are now participants in Free Software development.
>>>
>>
>> Probably not tanks to enforcement.
>>
>
> Actually mist likely due to enforcement.

Sure, now you rely on Stockholm syndrome. You stay with your sticks, I
prefer carrots.

>>>>>>> GPL is not important; it's just a tool. What is important for
>>>>>>> developers is to get contributions back.
>>>>>>>
>>>
>>> That's one important issue.  Another important issue is that users get
>>> the ability to take advantage of new versions of the software, or make
>>> modified distributions for their devices using the source that the
>>> developers licensed to them under GPL.
>>>
>>
>> If that was the case, developers would pick GPLv3. If they stay with
>> GPLv2, they probably are only interested in getting the modifications
>> back.
>>
>
> The main point of the GPL since v1 to give the uses of the software the
> rights and the possibility to modify the software and to use this modified
> software.

That's the main point *for you*. For open source people it's to get
contributions back. The license is *for developers*.

As tivoization exemplifies, you can't do squat for users with a
*software* license, and that's fine.

> From GPLv1: "The license agreements of most software companies try
> to keep *users* at the mercy of those companies.  By contrast, our ...".
> It seems (once more) you don't know what you are talking about. The start of
> the GPL was that RMS was, as a user of a printer driver, unable to adapt it
> because he didn't get the source.

What RMS intended and what the copyright holders intended can be
diametrically opposed. See Linus Torvalds.

> The GPLv3 is mainly a clarification because when GPLv2 was written, they
> didn't foresee that it would be possible for a user to have the source and
> not be able to use it on the intended device.

I hope I don't have to tell you that there's plenty of people that
don't like GPLv3 and prefer to stay with GPLv2 *precisely* for this
reason. How do you explain that?

If people care enough about SFC activities, they might migrate away
from GPLv2 as well, or at least add come clauses.

> After all that you wrote, your concern for the fears of Sony's lawyers,
> after you call Sony "good citizens", I just wonder, do you happen to work
> for Sony?

I thought Sony was pushing for toybox, so I supposed they would
contribute back. If they are not going to do that _today_, that's
fine, I'm sure they will eventually understand the benefits of open
source, not thanks to the SFC.

Cheers.

Re: Amusing article about busybox
Ralf Friedl <Ralf.Friedl <at> online.de>
2012-02-15 19:56:03 GMT

Felipe Contreras wrote:
> On Sun, Feb 12, 2012 at 4:47 AM, Ralf Friedl <Ralf.Friedl <at> online.de> 
> wrote:
>  
>> Felipe Contreras wrote:
>>    
>>> True, there are exceptions.
>>>       
>> There are more exceptions.
>> You seem to imply that without enforcement of the GPL, there would 
>> magically
>> appear more companies who want to contribute to open source, but you 
>> provide
>> no argument why that would happen.
>>     
>
> It depends on what kinds of enforcement; abusive
> company-wide-without-regards-to-specific-units, that is also started
> as a proxy without consent from the original copy-right holders; no, I
> don't think companies would be too happy to use such code, much less
> contribute to it.
>   
Let's get some facts straight.
Sony wants to avoid the GPL busybox not because of busybox itself, but 
because they fear that they can be forced to comply with the GPL on 
Linux, and they want to avoid that. They know that they break the 
license, and they want to replace busybox so that they can continue to 
break the kernel license. There are different opinions about this 
behavior. You want to defend Sony's god given right to violate the 
kernel license, I think it's a shame that the kernel license isn't 
enforced by the developers themselves, but the fact is that Sony intends 
to continue to violate the kernel license and replacing busybox is just 
a means to the end.

Companies that are happy to contribute are not affected by enforcement. 
Companies that are not so happy but play by the rules anyway are also 
not affected, although they might wonder why they should continue to 
follow the rules if there is no incentive to do so. Affected are only 
the companies that violate the license, and continue to violate the 
license. I already asked why you think that these companies would change 
their view if there is no enforcement, and instead of an answer, you 
provided a diversion. So I conclude that we agree that non-enforcement 
is not the way to get companies to contribute.

I already mentioned that it is not possible to enforce copyright without 
consent from the copyright holders, and you repeat it here anyway, so it 
seems that inconvenient facts don't influence your opinion.

>> In fact, the opposite is true.
>>     
> Right... there is absolutely no company that avoids the GPL because of
> this abusive enforcement. Wait a second, what about Sony? Sure, maybe
> Sony is not a good community member _today_, but it might be at some
> point, and it would certainly not be contributing to busybox.
>
> I am pretty sure there's plenty of companies that they only lesson
> they learned from being targets of GPL enforcement is to avoid GPL
> code.
>   
That remark was in the context of providing existing source code, as 
required by the GPL, in case you didn't notice. More source code was 
provided by enforcement then by waiting and doing nothing.

Again you imply that Sony might contribute something at some point, so I 
ask you: why would Sony suddenly start to contribute to busybox or 
toybox on a voluntary base, when they don't want to contribute to the 
kernel despite their obligation to do so?

Well, maybe some companies learned that they should avoid the GPL, 
others, even those that were the targets of enforcement probably learned 
that it is a license they have to comply with (gasp!), just like all 
their other licenses and contracts.

>> The
>> companies that comply with the GPL do that anyway. Most of that other
>> companies do the bare minimum to comply with the GPL. They also do 
>> the bare
>> minimum to comply with BSD code, which means they do nothing, 
>> although it
>> would be trivially easy for them to share their modifications.
>>     
> Some do the minimum, not all.
>
> I already explained that for *developers* the bare minimum is almost
> worthless, what is needed is community involvement, and walking around
> with a stick does not help a single bit.
>   
You might consider the bare minimum to be be almost worthless, but 
without enforcement the bare minimum is zero and therefor completely 
worthless.
I consider a working source to be far from worthless, but I see that 
such a view would impact your argument.

>> If you say the the code is licensed under the GPL, but you promise to 
>> never
>> enforce the license, you might as well call it public domain.
>>     
>
> Do not tell me what I expect from the licensees, that's up to me to 
> decide.
>
> I expect contributions back. If you are a good member of society, you
> most likely will at least publish your modifications, that's good, but
> I strongly prefer if you contribute back. If you are a bad member of
> society, expect bad publicity, as you are not doing what you are
> supposed to do.
>   
I didn't tell you what to expect from a license, so please leave your 
straw men at home.
I said that there is in effect no difference between "public domain, 
please please share your modification" and "GPL, but I won't do anything 
if you violate it".
By your own definition, Sony is not a good member of society. And please 
provide examples where the bad publicity has resulted in code 
contributions.
I know of enough examples where vendors provide source for GPL programs 
because they have to, and don't provide source for BSD programs because 
they don't have to.

By the way, which code is it where it is up to you to decide which 
license you want to use? You remember, you as in "we, the developers"?

>> And if you are
>> not prepared to sue as a last resort, all other attempts of 
>> enforcement are
>> futile in most cases.
>>     
> I don't care. No amount of enforcement is going to make them send
> clean patches to the mailing list, so why should I care?
>   
Of course it's up to you whether you care or not. But you are strongly 
advocating that others shouldn't care.

As someone else has written, the code quality from most companies is 
just bad. But you can't know that if you don't get to see the code. I'm 
sure the reason why the Android changes are not in the kernel is not 
that nobody has figured out how to run diff.

>> Companies don't ignore the GPL because it is so hard
>> to understand, they deal with much more complicated contracts. They 
>> ignore
>> the GPL because they can, and you seem to imply that they should be 
>> free to
>> do so.
>>     
> Companies are not single entities, like people, but it seems that
> concept just doesn't sink in with many people.
>   
Another nice straw man.
Yes, companies typically consist of many people. Yet, most of the time 
they can do what has to be done. It may not be as efficient as you would 
like, but that is another point.
Suppose, Sony (or Nokia) had to license a patent where they have to pay 
a certain amount for each device produced. At regular times they must 
report "we produced X devices, at Y$/device this means Z$, here is your 
check". Now suppose, instead of this report, they write "Companies are 
not single entities, it is so difficult to count all these devices, 
let's just ignore this license agreement". What do you think would happen?
So, somehow companies are able to write such reports and send the checks 
at the right time. I'll also give you a hint why this is so: they 
dedicated people to this task (whether full time or not). Yes, doing so 
costs money. But it would cost them more to not comply with the license.

So to repeat, companies ignore the GPL because they can, and you seem to 
imply that they should be free to do so.

>> You seem to want to dismiss the fact your claim was wrong that users 
>> aren't
>> interested in the source for busybox and other programs on their 
>> devices.
>>     
> So you are saying that there's people out there that want to update
> *only* busybox on their TV's? I find that hard to believe.
>   
Another straw man.
Nobody said that they wanted to replace *only* busybox, although there 
might be a benefit to replace only the original busybox with a busybox 
with more applets.

>> The sources are available, that does not mean that anybody is forced 
>> to use
>> these modification.
>> As you specifically mention the Linux kernel, a lot of companies have
>> contributed code that is in the main kernel, so there has been 
>> benefit for
>> the original developers.
>>     
> Not thanks to enforcement. There's no stick you can use to achieve that.
>   
In some cases, the code came as a result of enforcement.

>> Other code is considered not good enough for
>> inclusion in the main kernel, but the code it there, and it is 
>> possible to
>> use and improve this code.
>>     
> It's _possible_ but nobody is going to do it. The only *efficient* way
> to achieve this without loosing one's sanity is to actively invite
> companies to become part of the community, and educate them about the
> benefits, and only then, they might go through all the processes
> needed to write clean patches, so one, as a maintainer of a project,
> can just apply them, and only _then_ does everybody wins. Sticks don't
> help that.
>   
Do you have facts to support the claim that nobody ever used the code?
And how do you educate the companies? Remember, "companies are not 
single entities".

>> Sony's fears seem very important for you.
>> Maybe it hasn't occurred to you or to Sony's lawyers, but from a 
>> legal point
>> of view they could get exactly the same result if they say "Here on this
>> server is the source for busybox x.y.z, it includes the configuration we
>> used to build the binary". (Of course, they should not just say that, 
>> but
>> also do it.) That shouldn't be too complicated, they would be in full
>> compliance, and it would be much easier than to replace busybox and 
>> test a
>> replacement.
>>     
> Sony != Sony lawyers. Being involved with Nokia lawyers I can tell you
> that Nokia engineers didn't agree with many things, and it's oh so
> frustrating. A lot of the issues can't even be mentioned publicly.
>
> So when you say Sony should do this, I can't help but roll my eyes.
> You can blame Sony all you want, but that just tells me you don't know
> how big companies work.
>   
I never said Sony should do this. I said they *could*. If Sony's lawyers 
(or Nokia's) aren't aware of this, maybe I should tell them and charge a 
consulting fee.
But it doesn't change the fact that they violate the kernel license. And 
there is a reason why they use Linux, or they would switch to BSD or 
something else.

>> Microsoft could send an update that breaks an important application, 
>> they
>> reserved the right to do that in the EULA, and it has happened in the 
>> past.
>> They could come and audit Sony's use of OEM licenses, or force them 
>> to buy a
>> license even for machines that don't use Windows. All of this is more 
>> likely
>> to happen.
>>     
> No, it's not, because Sony (or rather some people inside Sony) knows
> _exactly_ how to retaliate, and Microsoft knows that.
>   
Now this is funny, even more so then "Sony the good corporate citizen". 
Actually, it was (is?) common that OEMs must buy a Windows license for 
every machine, whether they use it or not. And you want to tell me that 
people inside Sony knew _exactly_ how to retaliate, but for some reasons 
didn't?

> They can't do absolutely anything if the SFC pursues these courses of 
> actions.
>   
They could simply comply with the GPL, and the SFC would have neither 
motivation nor standing for any of these actions.

>> And as I mentioned, complying with the GPL is really easy, and that 
>> removes
>> even the last shadow of any risk of becoming the target of GPL 
>> enforcement.
>>     
> Not for a big company.
>   
Ok, I'll qualify that statement. It is easy to comply for a company of 
any size, if it is seen as important enough. That means, as long as the 
cost for complying is lower then the cost of not complying. Note that 
this implies to any license or contract. Any the cost to comply with the 
GPL is less then most other licenses. If their lawyers don't realize 
that, there is also a cost associated with bad legal advice.

>> - SFC is not the developer, they can't do anything themselves. They 
>> just act
>> on behalf of the developer, so they can't go against the wishes of the
>> developer, which you imply not just as a possibility but as a fact.
>>     
> Unless the developer is not aware of what you are doing, or doesn't
> care enough to contact you. Since you have not *explicitly* requested
> permission, that's a very valid (and quite likely) possibility.
>   
What am *I* doing? Why should any developer contact me? Do you confuse 
me with SFC? Remember, organizations are not people.

Did it occur to you that if SFC could enforce busybox compliance without 
consent from the busybox develpers, they could also enforce Linux 
compliance without consent from the Linux develpers?

>>> Probably not thanks to enforcement.
>> Actually most likely due to enforcement.
>>     
> Sure, now you rely on Stockholm syndrome. You stay with your sticks, I
> prefer carrots.
>   
Let's say you prefer to be on the receiving side of the carrot rather 
then the stick. Actually you didn't even say what your carrot is, other 
then hoping for the best.
Can you name a single instance where a company that was reluctant to 
provide sources changed its opinion due to this carrot, and what the 
carrot was in that case?

Nobody relies on Stockholm syndrome. It's just that the companies 
realize that it is cheaper to use Linux, even if they have to comply 
with the license, then to use any of the BSD alternatives or develop 
something themselves. And Linux is cheaper, even if they are not allowed 
to ignore the license completely.

>> The main point of the GPL since v1 to give the uses of the software the
>> rights and the possibility to modify the software and to use this 
>> modified
>> software.
>>     
> That's the main point *for you*. For open source people it's to get
> contributions back. The license is *for developers*.
>
> As tivoization exemplifies, you can't do squat for users with a
> *software* license, and that's fine.
>   
The main point of the license is clearly stated in the license. There is 
nothing subjective about that. And tivoization just demonstrates that 
nobody considered that possible when GPLv1 and GPLv2 were written. GPLv3 
addresses this, and it's also a software license.

>> From GPLv1: "The license agreements of most software companies try
>> to keep *users* at the mercy of those companies.  By contrast, our ...".
>> It seems (once more) you don't know what you are talking about. The 
>> start of
>> the GPL was that RMS was, as a user of a printer driver, unable to 
>> adapt it
>> because he didn't get the source.
>>     
> What RMS intended and what the copyright holders intended can be
> diametrically opposed. See Linus Torvalds.
>   
If what the license clearly states and what the copyright holders 
intended is opposed, then maybe the copyright holders picked the wrong 
license.
I personally think that Linux would not be what it is today it had a BSD 
license.

> I hope I don't have to tell you that there's plenty of people that
> don't like GPLv3 and prefer to stay with GPLv2 *precisely* for this
> reason. How do you explain that?
>   
Everybody is entitled to their opinion.

> I thought Sony was pushing for toybox, so I supposed they would
> contribute back. If they are not going to do that _today_, that's
> fine, I'm sure they will eventually understand the benefits of open
> source, not thanks to the SFC.
>   
Many of your points reply on speculation.
This "eventually" can be a very long time, up to "infinity".
Actually enforcement has brought many contributions back.
What would you suggest instead,and in what time frame would that work?

Ralf

Amusing article about busybox
Felipe Contreras felipe.contreras at gmail.com 
Mon Feb 20 18:07:31 UTC 2012 

On Wed, Feb 15, 2012 at 5:46 PM, Ralf Friedl  wrote:
> Felipe Contreras wrote:
>>
>> On Sun, Feb 12, 2012 at 4:47 AM, Ralf Friedl 
>> wrote:
>>
>>>
>>> Felipe Contreras wrote:
>>>
>>>>
>>>> True, there are exceptions.
>>>>
>>>
>>> There are more exceptions.
>>> You seem to imply that without enforcement of the GPL, there would
>>> magically
>>> appear more companies who want to contribute to open source, but you
>>> provide
>>> no argument why that would happen.
>>>
>>
>>
>> It depends on what kinds of enforcement; abusive
>> company-wide-without-regards-to-specific-units, that is also started
>> as a proxy without consent from the original copy-right holders; no, I
>> don't think companies would be too happy to use such code, much less
>> contribute to it.
>>
>
> Let's get some facts straight.
> Sony wants to avoid the GPL busybox not because of busybox itself, but
> because they fear that they can be forced to comply with the GPL on Linux,
> and they want to avoid that. They know that they break the license, and they
> want to replace busybox so that they can continue to break the kernel
> license. There are different opinions about this behavior. You want to
> defend Sony's god given right to violate the kernel license, I think it's a
> shame that the kernel license isn't enforced by the developers themselves,
> but the fact is that Sony intends to continue to violate the kernel license
> and replacing busybox is just a means to the end.

I already explained why this view is wrong. I am not going to repeat it.

> I already mentioned that it is not possible to enforce copyright without
> consent from the copyright holders, and you repeat it here anyway, so it
> seems that inconvenient facts don't influence your opinion.

Do you have explicit consent from Linux developers? No. Is enforcement
for their pursued despite this? Yes.

> Again you imply that Sony might contribute something at some point, so I ask
> you: why would Sony suddenly start to contribute to busybox or toybox on a
> voluntary base, when they don't want to contribute to the kernel despite
> their obligation to do so?

Why did any company did? Because new developers pushes for a culture change.

> Well, maybe some companies learned that they should avoid the GPL, others,
> even those that were the targets of enforcement probably learned that it is
> a license they have to comply with (gasp!), just like all their other
> licenses and contracts.

Companies are not people.

> You might consider the bare minimum to be be almost worthless, but without
> enforcement the bare minimum is zero and therefor completely worthless.

I prefer my code being used by millions of users even if I get no
contributions, rather than few users, and a few lines contributed, or
a totally unusable patch dumped somewhere.

>>> If you say the the code is licensed under the GPL, but you promise to
>>> never
>>> enforce the license, you might as well call it public domain.

> I didn't tell you what to expect from a license, so please leave your straw
> men at home.

You just said that if I don't expect the same as you do, I shouldn't
be using the license.

> I said that there is in effect no difference between "public domain, please
> please share your modification" and "GPL, but I won't do anything if you
> violate it".

I just explained that there is.

> By your own definition, Sony is not a good member of society. And please
> provide examples where the bad publicity has resulted in code contributions.

Android.

> I know of enough examples where vendors provide source for GPL programs
> because they have to, and don't provide source for BSD programs because they
> don't have to.

So? Who cares.

> By the way, which code is it where it is up to you to decide which license
> you want to use? You remember, you as in "we, the developers"?

My own.

> Of course it's up to you whether you care or not. But you are strongly
> advocating that others shouldn't care.

I am not advocating anything, that is already the case, that's why you
don't have hordes of people saying "please, please, enforce my code!".
I am merely explaining why.

> As someone else has written, the code quality from most companies is just
> bad. But you can't know that if you don't get to see the code. I'm sure the
> reason why the Android changes are not in the kernel is not that nobody has
> figured out how to run diff.

Again, you don't seem to have an idea of what a company is. It's a
*collection* of people. And there's *plenty* of people that can write
good patches, and they are in many companies. You must not follow
Linux development, where *tons* of clean patches come from all kinds
of companies.

The reason Android changes are not in the kernel is that they are not
part of the community. They don't communicate what they are doing,
they don't communicate what they plan to do, they don't try to send
patches first, they don't know the culture, etc. Plenty of other
companies do. BTW Android is not a company, it's main a team within
Google, but there are many other companies involved, some which
contribute directly to the kernel. And and other teams within Google
also contribute.

Again, a company as a single entity is a myth.

>>> Companies don't ignore the GPL because it is so hard
>>> to understand, they deal with much more complicated contracts. They
>>> ignore
>>> the GPL because they can, and you seem to imply that they should be free
>>> to
>>> do so.
>>>
>>
>> Companies are not single entities, like people, but it seems that
>> concept just doesn't sink in with many people.
>>
>
> Another nice straw man.
> Yes, companies typically consist of many people. Yet, most of the time they
> can do what has to be done. It may not be as efficient as you would like,
> but that is another point.
> Suppose, Sony (or Nokia) had to license a patent where they have to pay a
> certain amount for each device produced. At regular times they must report
> "we produced X devices, at Y$/device this means Z$, here is your check". Now
> suppose, instead of this report, they write "Companies are not single
> entities, it is so difficult to count all these devices, let's just ignore
> this license agreement". What do you think would happen?
> So, somehow companies are able to write such reports and send the checks at
> the right time. I'll also give you a hint why this is so: they dedicated
> people to this task (whether full time or not). Yes, doing so costs money.
> But it would cost them more to not comply with the license.

And again you show how you don't understand how big companies work.
The software on big companies is no different as the open source
software in how easily it can step unto a patent mine. They most
definitely don't pay *all* the patent royalties, and sometimes it's
even deliberate: we know there's patent X, but we would rather risk a
lawsuit than pay it; it's a simple game of chances and gain. Sometimes
they don't agree with the patents and are willing to fight in court.
There's many different scenarios.

Plus, open sourcing stuff is not that easy. The company would have to
check first that there's no IP been leaked by the released code, and
if they think there might be, there would need to be some effort to
rewrite some code. All this takes a lot of resources.

You are supposing they *never* miss any patents, which is clearly not
true. Having so many moving parts is not an excuse, but it's one
reason for these mistakes, but missed patents are not difficult to
resolve; here's X amount of money. Done.

> So to repeat, companies ignore the GPL because they can, and you seem to
> imply that they should be free to do so.

The GPL is irrelevant. What is relevant is what the copyright holders want.

>>> The sources are available, that does not mean that anybody is forced to
>>> use
>>> these modification.
>>> As you specifically mention the Linux kernel, a lot of companies have
>>> contributed code that is in the main kernel, so there has been benefit
>>> for
>>> the original developers.
>>>
>>
>> Not thanks to enforcement. There's no stick you can use to achieve that.
>
> In some cases, the code came as a result of enforcement.

Really? Code *contributed* directly to the Linux kernel? Following the
development procedures, addressing all the comments, all the way until
the patch was merged? I find that hard to believe.

>>> Other code is considered not good enough for
>>> inclusion in the main kernel, but the code it there, and it is possible
>>> to
>>> use and improve this code.
>>>
>>
>> It's _possible_ but nobody is going to do it. The only *efficient* way
>> to achieve this without loosing one's sanity is to actively invite
>> companies to become part of the community, and educate them about the
>> benefits, and only then, they might go through all the processes
>> needed to write clean patches, so one, as a maintainer of a project,
>> can just apply them, and only _then_ does everybody wins. Sticks don't
>> help that.
>>
>
> Do you have facts to support the claim that nobody ever used the code?
> And how do you educate the companies? Remember, "companies are not single
> entities".

Projects usually have enough in their to-do list to also port mostly
undecipherable, and probably dubious changes. I have rarely seen
people pick other people's patches and try to clean them up, and apply
them, much less the patches of a whole product program. Again, see
Android.

You don't educate companies, you educate people working on companies,
and more specifically, developers. Slowly but steadily, the more
developers in the industry that "get it" the more companies eventually
would be forced to change from *within*. You can see this with
embedded, and for example ELC, which is basically a big educating
conference (plus other stuff).

> I never said Sony should do this. I said they *could*. If Sony's lawyers (or
> Nokia's) aren't aware of this, maybe I should tell them and charge a
> consulting fee.

What you think they can do, and what they lawyers think are different
things. Of course, you think you are perfect and they don't know
squat, but the fact of the matter is that they probably understand a
lot of business constraints that you don't.

> But it doesn't change the fact that they violate the kernel license. And
> there is a reason why they use Linux, or they would switch to BSD or
> something else.

And that's irrelevant. What is relevant is what copyright holders are
going to do about it. So far they don't seem worried _at all_.

You are inserting your own agendas and assumptions. The intent of the
GPL (according to you) is X, so if they picked the GPL the must want
Y, and since Y leads to Z, and I'm all about Z, I'm going to do Y.

>>> Microsoft could send an update that breaks an important application, they
>>> reserved the right to do that in the EULA, and it has happened in the
>>> past.
>>> They could come and audit Sony's use of OEM licenses, or force them to
>>> buy a
>>> license even for machines that don't use Windows. All of this is more
>>> likely
>>> to happen.
>>>
>>
>> No, it's not, because Sony (or rather some people inside Sony) knows
>> _exactly_ how to retaliate, and Microsoft knows that.
>>
>
> Now this is funny, even more so then "Sony the good corporate citizen".
> Actually, it was (is?) common that OEMs must buy a Windows license for every
> machine, whether they use it or not. And you want to tell me that people
> inside Sony knew _exactly_ how to retaliate, but for some reasons didn't?

Ah, you mean for end-user software. I don't see what laws could
possibly allow Microsoft to force this, but most likely would only
apply in the U.S. which has crazy laws, and even there I don't think
that's possible.

If you seriously think that's more likely, I don't think you have a
good grip on reality.

If Microsoft could seriously do that, why don't they? More money is more money.

>> They can't do absolutely anything if the SFC pursues these courses of
>> actions.
>
> They could simply comply with the GPL, and the SFC would have neither
> motivation nor standing for any of these actions.

That might not be as easy as you think. It's much easier to avoid
busybox in the first place.

>>> And as I mentioned, complying with the GPL is really easy, and that
>>> removes
>>> even the last shadow of any risk of becoming the target of GPL
>>> enforcement.
>>>
>>
>> Not for a big company.
>>
>
> Ok, I'll qualify that statement. It is easy to comply for a company of any
> size, if it is seen as important enough. That means, as long as the cost for
> complying is lower then the cost of not complying. Note that this implies to
> any license or contract. Any the cost to comply with the GPL is less then
> most other licenses. If their lawyers don't realize that, there is also a
> cost associated with bad legal advice.

You are wrong. It's not easy. It takes resources,

>>> - SFC is not the developer, they can't do anything themselves. They just
>>> act
>>> on behalf of the developer, so they can't go against the wishes of the
>>> developer, which you imply not just as a possibility but as a fact.
>>>
>>
>> Unless the developer is not aware of what you are doing, or doesn't
>> care enough to contact you. Since you have not *explicitly* requested
>> permission, that's a very valid (and quite likely) possibility.
>>
>
> What am *I* doing? Why should any developer contact me? Do you confuse me
> with SFC? Remember, organizations are not people.

You are clearly advocating what the SFC is doing.

> Did it occur to you that if SFC could enforce busybox compliance without
> consent from the busybox develpers, they could also enforce Linux compliance
> without consent from the Linux develpers?

You only need explicit request of *one* GPL component to use it as a
proxy for all the others without explicit request.

>>>> Probably not thanks to enforcement.
>>>
>>> Actually most likely due to enforcement.
>>>
>>
>> Sure, now you rely on Stockholm syndrome. You stay with your sticks, I
>> prefer carrots.
>>
>
> Let's say you prefer to be on the receiving side of the carrot rather then
> the stick. Actually you didn't even say what your carrot is, other then
> hoping for the best.
> Can you name a single instance where a company that was reluctant to provide
> sources changed its opinion due to this carrot, and what the carrot was in
> that case?

I already mentioned one example: TI, and for that matter Nokia as
well, and the carrot is all the advantages that being a community
member brings; free top-notch code-review, easier maintenance, better
talent is attracted by the development model. I mean, this is obvious.
There's tons of people trying to convey these messages to people
working on companies, in conferences, documents, etc.

> Nobody relies on Stockholm syndrome. It's just that the companies realize
> that it is cheaper to use Linux, even if they have to comply with the
> license, then to use any of the BSD alternatives or develop something
> themselves. And Linux is cheaper, even if they are not allowed to ignore the
> license completely.

Bullshit. You have been explained the situation *over and over*, it
seems you are just not willing to listen; *nobody* is trying to ignore
the license completely. I'm not going to explain it again.

What big companies will end up doing is _publish_ as much as it's
legally required, contribute as much as the internal culture has
managed to convey it's useful, and avoid legally troublesome
components (busybox) just to be safe.

>>> The main point of the GPL since v1 to give the uses of the software the
>>> rights and the possibility to modify the software and to use this
>>> modified
>>> software.
>>>
>>
>> That's the main point *for you*. For open source people it's to get
>> contributions back. The license is *for developers*.
>>
>> As tivoization exemplifies, you can't do squat for users with a
>> *software* license, and that's fine.
>>
>
> The main point of the license is clearly stated in the license. There is
> nothing subjective about that. And tivoization just demonstrates that nobody
> considered that possible when GPLv1 and GPLv2 were written. GPLv3 addresses
> this, and it's also a software license.

Bullshit. You are again avoiding the fact that there's GPLv2 users
that don't like the GPLv3. _You_ think _your_ interpretation of the
license is what everybody else intended, when that's *clearly* not the
case. People use GPLv2 *only* because of what the GPLv2 says, and
nothing else.

How convenient for your own agenda.

>>> From GPLv1: "The license agreements of most software companies try
>>> to keep *users* at the mercy of those companies. By contrast, our ...".
>>> It seems (once more) you don't know what you are talking about. The start
>>> of
>>> the GPL was that RMS was, as a user of a printer driver, unable to adapt
>>> it
>>> because he didn't get the source.
>>>
>>
>> What RMS intended and what the copyright holders intended can be
>> diametrically opposed. See Linus Torvalds.
>>
>
> If what the license clearly states and what the copyright holders intended
> is opposed, then maybe the copyright holders picked the wrong license.
> I personally think that Linux would not be what it is today it had a BSD
> license.

Clearly. Fortunately, there's no need to create yet another license,
for practical purposes, avoiding busybox does the trick just fine.

>> I hope I don't have to tell you that there's plenty of people that
>> don't like GPLv3 and prefer to stay with GPLv2 *precisely* for this
>> reason. How do you explain that?
>>
>
> Everybody is entitled to their opinion.

Yeah, avoid the question. You know the answer would undermine your
idea that "everyone choose the GPL because they interpret it _exactly_
the same way I do".

>> I thought Sony was pushing for toybox, so I supposed they would
>> contribute back. If they are not going to do that _today_, that's
>> fine, I'm sure they will eventually understand the benefits of open
>> source, not thanks to the SFC.
>>
>
> Many of your points reply on speculation.

It's the other way around. My points point out gaps in your theories
and leave possibilities *open*.

You are the one speculating that companies would do the opposite. Even
if your data was strong, which it isn't, correlation != causation.

> This "eventually" can be a very long time, up to "infinity".

Speculation.

> Actually enforcement has brought many contributions back.

Code dumps != contributions.

> What would you suggest instead,and in what time frame would that work?

See what Linux people do, like Greg Kroah-Hartman; educate people.

Cheers.

-- 
Felipe Contreras

Amusing article about busybox
Ralf Friedl Ralf.Friedl at online.de 
Tue Feb 28 12:06:38 UTC 2012 

Felipe Contreras wrote:
> On Wed, Feb 15, 2012 at 5:46 PM, Ralf Friedl < Ralf.Friedl at online.de> wrote:
>   
>> Let's get some facts straight.
>> Sony wants to avoid the GPL busybox not because of busybox itself, but
>> because they fear that they can be forced to comply with the GPL on Linux,
>> and they want to avoid that. They know that they break the license, and they
>> want to replace busybox so that they can continue to break the kernel
>> license. There are different opinions about this behavior. You want to
>> defend Sony's god given right to violate the kernel license, I think it's a
>> shame that the kernel license isn't enforced by the developers themselves,
>> but the fact is that Sony intends to continue to violate the kernel license
>> and replacing busybox is just a means to the end.    
> I already explained why this view is wrong. I am not going to repeat it.
>   
A view is not wrong because it is not yours.
And my point here was to check whether we agree on the fact that Sony 
wants to violate the kernel license, which seems to be true, otherwise 
you would have mentioned it. In fact, in another email you wrote very 
clearly th

>> I already mentioned that it is not possible to enforce copyright without
>> consent from the copyright holders, and you repeat it here anyway, so it
>> seems that inconvenient facts don't influence your opinion.    
> Do you have explicit consent from Linux developers? No. Is enforcement
> for their pursued despite this? Yes.  
I already mentioned that I'm not from SFC.
And no, nobody except the copyright holder can enforce the license, or 
we wouldn't have this discussion.

>> Again you imply that Sony might contribute something at some point, so I ask
>> you: why would Sony suddenly start to contribute to busybox or toybox on a
>> voluntary base, when they don't want to contribute to the kernel despite
>> their obligation to do so?    
> Why did any company did? Because new developers pushes for a culture change
>> Well, maybe some companies learned that they should avoid the GPL, others,
>> even those that were the targets of enforcement probably learned that it is
>> a license they have to comply with (gasp!), just like all their other
>> licenses and contracts.    
> Companies are not people.  
Yes, you wrote that again and again. Companies consist of people. Some 
of these people are in a position to make decisions for the company. 
Those new developers pushing for the change are not in this position 
most of the time.

>> You might consider the bare minimum to be be almost worthless, but without
>> enforcement the bare minimum is zero and therefor completely worthless.    
> I prefer my code being used by millions of users even if I get no
> contributions, rather than few users, and a few lines contributed, or
> a totally unusable patch dumped somewhere. 
Your preferences are up to you. It just seems BSD would fit your 
preferences better. Encouraging contributions under the pretense of 
using the GPL is just dishonest.

>>>> If you say the the code is licensed under the GPL, but you promise to never
>>>> enforce the license, you might as well call it public domain.
>>>>         
>> I didn't tell you what to expect from a license, so please leave your straw
>> men at home.
>>     
> You just said that if I don't expect the same as you do, I shouldn't
> be using the license.
>   
No, I didn't say that here. What I said was:
>> I said that there is in effect no difference between "public domain, please
>> please share your modification" and "GPL, but I won't do anything if you
>> violate it".    
> I just explained that there is.  
No, you didn't.
What is the practical difference between public domain with a plea to 
share and GPL with a promise to ignore violations?

>> By your own definition, Sony is not a good member of society. And please
>> provide examples where the bad publicity has resulted in code contributions.    
> Android.  
By your own definition Android is not a contribution at all, so how is 
it now an example for code contributions as a result of bad publicity?

>> I know of enough examples where vendors provide source for GPL programs
>> because they have to, and don't provide source for BSD programs because they
>> don't have to.    
> So? Who cares.
>   
I care, obviously. More important, it shows that your theory that 
companies will contribute code if left alone long enough is not 
supported by the facts.

>> By the way, which code is it where it is up to you to decide which license
>> you want to use? You remember, you as in "we, the developers"?    
> My own.
>   
I guessed so. The question was what your codes happens to be. As I 
mentioned, I didn't find your name in the Busybox sources, and we are on 
the Busybox list here,
Am I free to use any code you wrote for Nokia as I wish?

>> Of course it's up to you whether you care or not. But you are strongly
>> advocating that others shouldn't care.
> I am not advocating anything, that is already the case, that's why you
> don't have hordes of people saying "please, please, enforce my code!".
> I am merely explaining why.
>   
Strange. I had the impression that you don't want the Busybox developers 
to enforce the license for their code.

> Again, you don't seem to have an idea of what a company is. It's a
> *collection* of people. And there's *plenty* of people that can write
> good patches, and they are in many companies. You must not follow
> Linux development, where *tons* of clean patches come from all kinds
> of companies.
>
> The reason Android changes are not in the kernel is that they are not
> part of the community. They don't communicate what they are doing,
> they don't communicate what they plan to do, they don't try to send
> patches first, they don't know the culture, etc. Plenty of other
> companies do. BTW Android is not a company, it's main a team within
> Google, but there are many other companies involved, some which
> contribute directly to the kernel. And and other teams within Google
> also contribute.
>
> Again, a company as a single entity is a myth.
>   
Yes, by now we know that most companies consist of many people. In fact 
I never claimed otherwise. I also never called Android a company.
I'm even sure that there are many good developers in many companies. 
They just aren't in the position to define the culture of the company, 
and most of the time their managers prefer the bare minimum over the 
extra effort to do things right.

>> Another nice straw man.
>> Yes, companies typically consist of many people. Yet, most of the time they
>> can do what has to be done. It may not be as efficient as you would like,
>> but that is another point.
>> Suppose, Sony (or Nokia) had to license a patent where they have to pay a
>> certain amount for each device produced. At regular times they must report
>> "we produced X devices, at Y$/device this means Z$, here is your check". Now
>> suppose, instead of this report, they write "Companies are not single
>> entities, it is so difficult to count all these devices, let's just ignore
>> this license agreement". What do you think would happen?
>> So, somehow companies are able to write such reports and send the checks at
>> the right time. I'll also give you a hint why this is so: they dedicated
>> people to this task (whether full time or not). Yes, doing so costs money.
>> But it would cost them more to not comply with the license.    
> And again you show how you don't understand how big companies work.
> The software on big companies is no different as the open source
> software in how easily it can step unto a patent mine. They most
> definitely don't pay *all* the patent royalties, and sometimes it's
> even deliberate: we know there's patent X, but we would rather risk a
> lawsuit than pay it; it's a simple game of chances and gain. Sometimes
> they don't agree with the patents and are willing to fight in court.
> There's many different scenarios.
>   
And again you imply that everybody who doesn't share your view is just 
too stupid or ignorant.
My point here was not about patents, but about contracts. But while you 
once again sidestep my question, you prove my underlying point: 
Companies deliberately ignore the GPL, because they know it's cheaper 
for them.
> Plus, open sourcing stuff is not that easy. The company would have to
> check first that there's no IP been leaked by the released code, and
> if they think there might be, there would need to be some effort to
> rewrite some code. All this takes a lot of resources.
>   
I never claimed that it doesn't take resources. Complying with other 
contracts also takes resources. Does that mean that everybody should be 
free to ignore contracts? I assume you expect to by paid by Nokia. Think 
of all the resources they need to do the payroll processing. Not to 
mention the money they spend on their employees. It's really unfair that 
they have to do that.
> You are supposing they *never* miss any patents, which is clearly not
> true. Having so many moving parts is not an excuse, but it's one
> reason for these mistakes, but missed patents are not difficult to
> resolve; here's X amount of money. Done.
>   
I'm not talking about mistakes here, and you know that. I'm talking 
about deliberate contract violations.
Besides, GPL violations are also easy to resolve. Just comply the the 
license.

> The intent of the GPL (according to you) is X
>   
It's the intent of the GPL according to the GPL itself.

>>> No, it's not, because Sony (or rather some people inside Sony) knows
>>> _exactly_ how to retaliate, and Microsoft knows that.      
>> Now this is funny, even more so then "Sony the good corporate citizen".
>> Actually, it was (is?) common that OEMs must buy a Windows license for every
>> machine, whether they use it or not. And you want to tell me that people
>> inside Sony knew _exactly_ how to retaliate, but for some reasons didn't?    
> Ah, you mean for end-user software. I don't see what laws could
> possibly allow Microsoft to force this, but most likely would only
> apply in the U.S. which has crazy laws, and even there I don't think
> that's possible.
>
> If you seriously think that's more likely, I don't think you have a
> good grip on reality.
>
> If Microsoft could seriously do that, why don't they? More money is more money.
>   
Are you serious with what you write? It is well known that Microsoft had 
such contracts, it's not a hypothetical "if they could seriously do that".
There is no law that allows Microsoft to to that, it is probably against 
the law. What allows them to do it is that they can get away with it, 
and that is what makes your "Sony knows _exactly_ how to retaliate" so 
funny.
By now, they probably have it no longer in the contracts because of the 
anti trust cases, but Sony know what Microsoft wants, and if they don't 
comply, maybe they don't get as good prices as their competitors, there 
are unfortunate delays when they get updates so they are later to the 
market and so on.

>> Ok, I'll qualify that statement. It is easy to comply for a company of any
>> size, if it is seen as important enough. That means, as long as the cost for
>> complying is lower then the cost of not complying. Note that this implies to
>> any license or contract. And the cost to comply with the GPL is less then
>> most other licenses. If their lawyers don't realize that, there is also a
>> cost associated with bad legal advice.    
> You are wrong. It's not easy. It takes resources,
>   
Yes, I know that it takes resources. I think that it should be clear 
from my statement "the cost to comply with the GPL" that there is a 
cost. As you wrote yourself, they just deliberately ignore the license, 
and the at is not because it is "too difficult" to comply, but because 
you propose that the cost for not complying should be zero.

You do realize that you contradict yourself?
On the one hand you say that it takes resources or is a net loss to the 
company to comply with the GPL.
On the other hand you say that they will eventually contribute because 
it is a net win to comply with the GPL.

>> Did it occur to you that if SFC could enforce busybox compliance without
>> consent from the busybox develpers, they could also enforce Linux compliance
>> without consent from the Linux develpers?
> You only need explicit request of *one* GPL component to use it as a
> proxy for all the others without explicit request.
>   
That is not true. SFC can't force anybody to comply with the kernel 
license unless they act on behalf of the copyright holders of the kernel.
They can just convince the companies that it is cheaper for them to 
comply with the kernel license.

> I already mentioned one example: TI, and for that matter Nokia as
> well, and the carrot is all the advantages that being a community
> member brings; free top-notch code-review, easier maintenance, better
> talent is attracted by the development model. I mean, this is obvious.
> There's tons of people trying to convey these messages to people
> working on companies, in conferences, documents, etc.
>   
If the benefit of complying with the GPL is so obvious, you should be 
glad that someone helps them to move in that direction.
Actually I know of TI kernel modules for which they don't provide 
source, which crash when unloaded and so on. They could really use some 
top-notch review.

>> Nobody relies on Stockholm syndrome. It's just that the companies realize
>> that it is cheaper to use Linux, even if they have to comply with the
>> license, then to use any of the BSD alternatives or develop something
>> themselves. And Linux is cheaper, even if they are not allowed to ignore the
>> license completely.
> Bullshit. You have been explained the situation *over and over*, it
> seems you are just not willing to listen; *nobody* is trying to ignore
> the license completely. I'm not going to explain it again.
>   
You have repeated your view, yes, it's a pity that others dare to disagree.

In fact, you have explained *over and over* that your view is that 
everybody should be free to ignore the license completely. The strange 
thing is that you now deny it.

On 22 Feb 2012 00:33:37 +0200, Felipe Contreras wrote:
>> thats very interesting... so i can use linux in my product and not
>> tell anyone about it?
> Huh? It doesn't matter if people know that you are using Linux or not.
> In order for a lawsuit to get started, I'd assume it has to be started
> or blessed by the damaged parties; the copyright owners. Since the
> copyright owners, Linux developers, have no interest in any of this,
> you can't sue a company for not distributing Linux's sources, unless
> you do it by proxy through some other component that is GPL, and that
> the copyright owners explicitly blessed this legal proceeding; busybox
> developers.
>
> Just tell your ex-boss not to use busybox.
You just advise him that his ex-boss is free to do with Linux whatever 
he wants, ignoring the license completely. And as you don't know who his 
ex-boss is, this advice applies to everybody. He just should stay away 
from developers who dare to wish that their license is respected.
You are of course entitled to your opinion, but it would be nice if you 
didn't deny this opinion after you have expressed it so clearly.

The Busybox developers are also entitled to their opinion, and I'm glad 
that their opinion is different from yours.

And as already mentioned, nobody can sue a company for not distributing 
Linux's sources except for the Linux copyright owners, whether they use 
Busybox or not.

> What big companies will end up doing is _publish_ as much as it's
> legally required, contribute as much as the internal culture has
> managed to convey it's useful, and avoid legally troublesome
> components (busybox) just to be safe.
>   
If they do what is legally required, they are safe, whether they use 
Busybox or not.

Amusing article about busybox
Felipe Contreras felipe.contreras at gmail.com 
Mon Aug 13 15:31:41 UTC 2012 

Hi,

I neglected this mail and only now realized I hadn't replied.

Anyway, it's not surprising that more permissive licenses are on the
rise, presumably because of the kind of thinking that you show:
http://blogs.the451group.com/opensource/2011/12/15/on-the-continuing-decline-of-the-gpl/

On Tue, Feb 28, 2012 at 1:06 PM, Ralf Friedl  wrote:
> Felipe Contreras wrote:
>>
>> On Wed, Feb 15, 2012 at 5:46 PM, Ralf Friedl 
>> wrote:
>>
>>>
>>> Let's get some facts straight.
>>> Sony wants to avoid the GPL busybox not because of busybox itself, but
>>> because they fear that they can be forced to comply with the GPL on
>>> Linux,
>>> and they want to avoid that. They know that they break the license, and
>>> they
>>> want to replace busybox so that they can continue to break the kernel
>>> license. There are different opinions about this behavior. You want to
>>> defend Sony's god given right to violate the kernel license, I think it's
>>> a
>>> shame that the kernel license isn't enforced by the developers
>>> themselves,
>>> but the fact is that Sony intends to continue to violate the kernel
>>> license
>>> and replacing busybox is just a means to the end.
>>
>> I already explained why this view is wrong. I am not going to repeat it.
>>
>
> A view is not wrong because it is not yours.

No, it's not because it's not mine, it's because it's wrong.

> And my point here was to check whether we agree on the fact that Sony wants
> to violate the kernel license, which seems to be true, otherwise you would
> have mentioned it. In fact, in another email you wrote very clearly th

You keep talking about "Sony" as a single entity, so it's pointless to reply.

>>> I already mentioned that it is not possible to enforce copyright without
>>> consent from the copyright holders, and you repeat it here anyway, so it
>>> seems that inconvenient facts don't influence your opinion.
>>
>> Do you have explicit consent from Linux developers? No. Is enforcement
>> for their pursued despite this? Yes.
>
> I already mentioned that I'm not from SFC.
> And no, nobody except the copyright holder can enforce the license, or we
> wouldn't have this discussion.

Yes you can; by proxy.

>>> Again you imply that Sony might contribute something at some point, so I
>>> ask
>>> you: why would Sony suddenly start to contribute to busybox or toybox on
>>> a
>>> voluntary base, when they don't want to contribute to the kernel despite
>>> their obligation to do so?
>>
>> Why did any company did? Because new developers pushes for a culture
>> change
>>>
>>> Well, maybe some companies learned that they should avoid the GPL,
>>> others,
>>>
>>> even those that were the targets of enforcement probably learned that it
>>> is
>>> a license they have to comply with (gasp!), just like all their other
>>> licenses and contracts.
>>
>> Companies are not people.
>
> Yes, you wrote that again and again. Companies consist of people. Some of
> these people are in a position to make decisions for the company. Those new
> developers pushing for the change are not in this position most of the time.

Companies are more complex that a bunch of people; they have laws and
by-laws, and policies, and culture, and different units.

>>> You might consider the bare minimum to be be almost worthless, but
>>> without
>>> enforcement the bare minimum is zero and therefor completely worthless.
>>
>> I prefer my code being used by millions of users even if I get no
>> contributions, rather than few users, and a few lines contributed, or
>> a totally unusable patch dumped somewhere.
>
> Your preferences are up to you. It just seems BSD would fit your preferences
> better. Encouraging contributions under the pretense of using the GPL is
> just dishonest.

No, it wouldn't, and you can't decide my preferences for me. Nor the
ones of the Linux kernel contributors.

>>>>> If you say the the code is licensed under the GPL, but you promise to
>>>>> never
>>>>> enforce the license, you might as well call it public domain.
>>>>>
>>>
>>> I didn't tell you what to expect from a license, so please leave your
>>> straw
>>> men at home.
>>>
>>
>> You just said that if I don't expect the same as you do, I shouldn't
>> be using the license.
>>
>
> No, I didn't say that here. What I said was:
>
>>> I said that there is in effect no difference between "public domain,
>>> please
>>> please share your modification" and "GPL, but I won't do anything if you
>>> violate it".
>>
>> I just explained that there is.
>
> No, you didn't.
> What is the practical difference between public domain with a plea to share
> and GPL with a promise to ignore violations?

A stronger incentive; abide by the law.

>>> By your own definition, Sony is not a good member of society. And please
>>> provide examples where the bad publicity has resulted in code
>>> contributions.
>>
>> Android.
>
> By your own definition Android is not a contribution at all, so how is it
> now an example for code contributions as a result of bad publicity?

Android got bad publicity because it's not Linux, and Android
developers tried to push their stuff upstream. To this day they are
still trying, and from the time you wrote that mail, we are closer
now, as a lot of code is in staging.

>>> I know of enough examples where vendors provide source for GPL programs
>>> because they have to, and don't provide source for BSD programs because
>>> they
>>> don't have to.
>>
>> So? Who cares.
>>
>
> I care, obviously. More important, it shows that your theory that companies
> will contribute code if left alone long enough is not supported by the
> facts.

No, it doesn't. Even if what you said is true, that could be explained
by other reasons.

>>> By the way, which code is it where it is up to you to decide which
>>> license
>>> you want to use? You remember, you as in "we, the developers"?
>>
>> My own.
>>
>
> I guessed so. The question was what your codes happens to be. As I
> mentioned, I didn't find your name in the Busybox sources, and we are on the
> Busybox list here,
> Am I free to use any code you wrote for Nokia as I wish?

Under the GPL license, yeah. And no, if you are a big company an a
unit used my code by mistake I'm not going to sue you and screw the
rest of your units.

>>> Of course it's up to you whether you care or not. But you are strongly
>>> advocating that others shouldn't care.
>>
>> I am not advocating anything, that is already the case, that's why you
>> don't have hordes of people saying "please, please, enforce my code!".
>> I am merely explaining why.
>>
>
> Strange. I had the impression that you don't want the Busybox developers to
> enforce the license for their code.

No, I'm explaining why the Linux kernel developers don't want that. I
do hope the Busybox developers see the light as well, but I'm not
holding my breath.

>> Again, you don't seem to have an idea of what a company is. It's a
>> *collection* of people. And there's *plenty* of people that can write
>> good patches, and they are in many companies. You must not follow
>> Linux development, where *tons* of clean patches come from all kinds
>> of companies.
>>
>> The reason Android changes are not in the kernel is that they are not
>> part of the community. They don't communicate what they are doing,
>> they don't communicate what they plan to do, they don't try to send
>> patches first, they don't know the culture, etc. Plenty of other
>> companies do. BTW Android is not a company, it's main a team within
>> Google, but there are many other companies involved, some which
>> contribute directly to the kernel. And and other teams within Google
>> also contribute.
>>
>> Again, a company as a single entity is a myth.
>>
>
> Yes, by now we know that most companies consist of many people. In fact I
> never claimed otherwise. I also never called Android a company.
> I'm even sure that there are many good developers in many companies. They
> just aren't in the position to define the culture of the company, and most
> of the time their managers prefer the bare minimum over the extra effort to
> do things right.

This is still an over-simplification. Different units have different
managers and different culture.

>>> Another nice straw man.
>>> Yes, companies typically consist of many people. Yet, most of the time
>>> they
>>> can do what has to be done. It may not be as efficient as you would like,
>>> but that is another point.
>>> Suppose, Sony (or Nokia) had to license a patent where they have to pay a
>>> certain amount for each device produced. At regular times they must
>>> report
>>> "we produced X devices, at Y$/device this means Z$, here is your check".
>>> Now
>>> suppose, instead of this report, they write "Companies are not single
>>> entities, it is so difficult to count all these devices, let's just
>>> ignore
>>> this license agreement". What do you think would happen?
>>> So, somehow companies are able to write such reports and send the checks
>>> at
>>> the right time. I'll also give you a hint why this is so: they dedicated
>>> people to this task (whether full time or not). Yes, doing so costs
>>> money.
>>> But it would cost them more to not comply with the license.
>>
>> And again you show how you don't understand how big companies work.
>> The software on big companies is no different as the open source
>> software in how easily it can step unto a patent mine. They most
>> definitely don't pay *all* the patent royalties, and sometimes it's
>> even deliberate: we know there's patent X, but we would rather risk a
>> lawsuit than pay it; it's a simple game of chances and gain. Sometimes
>> they don't agree with the patents and are willing to fight in court.
>> There's many different scenarios.
>>
>
> And again you imply that everybody who doesn't share your view is just too
> stupid or ignorant.
> My point here was not about patents, but about contracts. But while you once
> again sidestep my question, you prove my underlying point: Companies
> deliberately ignore the GPL, because they know it's cheaper for them.

Wrong. I'm not going to bother explaining again why "Companies" is an
over-simplification.

>> Plus, open sourcing stuff is not that easy. The company would have to
>> check first that there's no IP been leaked by the released code, and
>> if they think there might be, there would need to be some effort to
>> rewrite some code. All this takes a lot of resources.
>>
>
> I never claimed that it doesn't take resources. Complying with other
> contracts also takes resources. Does that mean that everybody should be free
> to ignore contracts? I assume you expect to by paid by Nokia. Think of all
> the resources they need to do the payroll processing. Not to mention the
> money they spend on their employees. It's really unfair that they have to do
> that.

This has nothing to do with the point at all.

>> You are supposing they *never* miss any patents, which is clearly not
>> true. Having so many moving parts is not an excuse, but it's one
>> reason for these mistakes, but missed patents are not difficult to
>> resolve; here's X amount of money. Done.
>>
>
> I'm not talking about mistakes here, and you know that. I'm talking about
> deliberate contract violations.
> Besides, GPL violations are also easy to resolve. Just comply the the
> license.

This is nonsense. People make mistakes. Companies have bad units. Bad
units are negligent sometimes. I already explained that complying with
the license is not that easy, specially after a produce is launched.
If you have a bad unit that screwed up, and this affects the products
of good units; that's not good. But you don't seem to get the point at
all.

>> The intent of the GPL (according to you) is X
>>
>
> It's the intent of the GPL according to the GPL itself.

The GPL is a legal document, it's not a sentient being. Different
sentient beings would interpret this document differently, and
different courts of law will interpret it differently.

What *you* think the GPL intent according the GPL itself is, is irrelevant.

>>>> No, it's not, because Sony (or rather some people inside Sony) knows
>>>> _exactly_ how to retaliate, and Microsoft knows that.
>>>
>>> Now this is funny, even more so then "Sony the good corporate citizen".
>>> Actually, it was (is?) common that OEMs must buy a Windows license for
>>> every
>>> machine, whether they use it or not. And you want to tell me that people
>>> inside Sony knew _exactly_ how to retaliate, but for some reasons didn't?
>>
>> Ah, you mean for end-user software. I don't see what laws could
>> possibly allow Microsoft to force this, but most likely would only
>> apply in the U.S. which has crazy laws, and even there I don't think
>> that's possible.
>>
>> If you seriously think that's more likely, I don't think you have a
>> good grip on reality.
>>
>> If Microsoft could seriously do that, why don't they? More money is more
>> money.
>>
>
> Are you serious with what you write? It is well known that Microsoft had
> such contracts, it's not a hypothetical "if they could seriously do that".
> There is no law that allows Microsoft to to that, it is probably against the
> law. What allows them to do it is that they can get away with it, and that
> is what makes your "Sony knows _exactly_ how to retaliate" so funny.
> By now, they probably have it no longer in the contracts because of the anti
> trust cases, but Sony know what Microsoft wants, and if they don't comply,
> maybe they don't get as good prices as their competitors, there are
> unfortunate delays when they get updates so they are later to the market and
> so on.

As usual you over-simplify. Politics is not a straight-forward game.

>>> Ok, I'll qualify that statement. It is easy to comply for a company of
>>> any
>>> size, if it is seen as important enough. That means, as long as the cost
>>> for
>>> complying is lower then the cost of not complying. Note that this implies
>>> to
>>> any license or contract. And the cost to comply with the GPL is less then
>>>
>>> most other licenses. If their lawyers don't realize that, there is also a
>>> cost associated with bad legal advice.
>>
>> You are wrong. It's not easy. It takes resources,
>>
>
> Yes, I know that it takes resources. I think that it should be clear from my
> statement "the cost to comply with the GPL" that there is a cost. As you
> wrote yourself, they just deliberately ignore the license, and the at is not
> because it is "too difficult" to comply, but because you propose that the
> cost for not complying should be zero.
>
> You do realize that you contradict yourself?
> On the one hand you say that it takes resources or is a net loss to the
> company to comply with the GPL.
> On the other hand you say that they will eventually contribute because it is
> a net win to comply with the GPL.

It's only contradictory if you insist in an over-simplified view of a
"company" as a single entity.

>>> Did it occur to you that if SFC could enforce busybox compliance without
>>> consent from the busybox develpers, they could also enforce Linux
>>> compliance
>>> without consent from the Linux develpers?
>>
>> You only need explicit request of *one* GPL component to use it as a
>> proxy for all the others without explicit request.
>>
>
> That is not true. SFC can't force anybody to comply with the kernel license
> unless they act on behalf of the copyright holders of the kernel.
> They can just convince the companies that it is cheaper for them to comply
> with the kernel license.

They can do it as a proxy.

>> I already mentioned one example: TI, and for that matter Nokia as
>> well, and the carrot is all the advantages that being a community
>> member brings; free top-notch code-review, easier maintenance, better
>> talent is attracted by the development model. I mean, this is obvious.
>> There's tons of people trying to convey these messages to people
>> working on companies, in conferences, documents, etc.
>>
>
> If the benefit of complying with the GPL is so obvious, you should be glad
> that someone helps them to move in that direction.
> Actually I know of TI kernel modules for which they don't provide source,
> which crash when unloaded and so on. They could really use some top-notch
> review.

I don't know of such modules. Most of the TI modules that I'm aware of
are open source, many are in upstream kernel. TI is one of the top
contributors nowadays.

>>> Nobody relies on Stockholm syndrome. It's just that the companies realize
>>> that it is cheaper to use Linux, even if they have to comply with the
>>> license, then to use any of the BSD alternatives or develop something
>>> themselves. And Linux is cheaper, even if they are not allowed to ignore
>>> the
>>> license completely.
>>
>> Bullshit. You have been explained the situation *over and over*, it
>> seems you are just not willing to listen; *nobody* is trying to ignore
>> the license completely. I'm not going to explain it again.
>>
>
> You have repeated your view, yes, it's a pity that others dare to disagree.

It's not my view it's a fact. And even if it wasn't you are assuming
in the sentence below (and everywhere), that *your* view is the fact.

> In fact, you have explained *over and over* that your view is that everybody
> should be free to ignore the license completely. The strange thing is that
> you now deny it.

No. Either you are deliberately ignoring what I'm saying, or you are
being intellectually dishonest, or you are simply trolling. But I
never said anything like that.

> On 22 Feb 2012 00:33:37 +0200, Felipe Contreras wrote:
>>>
>>> thats very interesting... so i can use linux in my product and not
>>> tell anyone about it?
>>
>> Huh? It doesn't matter if people know that you are using Linux or not.
>> In order for a lawsuit to get started, I'd assume it has to be started
>> or blessed by the damaged parties; the copyright owners. Since the
>> copyright owners, Linux developers, have no interest in any of this,
>> you can't sue a company for not distributing Linux's sources, unless
>> you do it by proxy through some other component that is GPL, and that
>> the copyright owners explicitly blessed this legal proceeding; busybox
>> developers.
>>
>> Just tell your ex-boss not to use busybox.
>
> You just advise him that his ex-boss is free to do with Linux whatever he
> wants, ignoring the license completely. And as you don't know who his
> ex-boss is, this advice applies to everybody. He just should stay away from
> developers who dare to wish that their license is respected.
> You are of course entitled to your opinion, but it would be nice if you
> didn't deny this opinion after you have expressed it so clearly.
>
> The Busybox developers are also entitled to their opinion, and I'm glad that
> their opinion is different from yours.
>
> And as already mentioned, nobody can sue a company for not distributing
> Linux's sources except for the Linux copyright owners, whether they use
> Busybox or not.

There's no need to ignore the license. Companies follow the GPLv2
license, yet they avoid busybox for obvious reasons, that apparently
you are never going to understand. The real world is beyond your
grasp.

>> What big companies will end up doing is _publish_ as much as it's
>> legally required, contribute as much as the internal culture has
>> managed to convey it's useful, and avoid legally troublesome
>> components (busybox) just to be safe.
>>
>
> If they do what is legally required, they are safe, whether they use Busybox
> or not.

"They" is not what you think it is. So no, they are not safe, even if
they do what is legally required. But you can't understand what "they"
means.

Cheers.

-- 
Felipe Contreras

coordinated compliance efforts addresses the issues of this thread (was Re: Amusing article about busybox)
Bradley M. Kuhn bkuhn at ebb.org 
Wed Aug 15 19:45:16 UTC 2012 

Felipe Contreras wrote at 11:31 (EDT) on Monday:
> if you are a big company an a unit used my code by mistake I'm not
> going to sue you and screw the rest of your units.

I don't think anyone, including those of us in the BusyBox community who
enforce the GPL, want to "screw" companies or any of their units!  No
company who makes good efforts to fix compliance problems has ever been
sued by any BusyBox copyright holder.  Do you know of a specific case
where that's not true?

> No, I'm explaining why the Linux kernel developers don't want that. I
> do hope the Busybox developers see the light as well, but I'm not
> holding my breath.

BusyBox and Linux developers are now working together on GPL
enforcement, coordinated via Conservancy, as I mentioned in this email
that I sent on 29 May 2012, which was posted as follow-up to this thread:
      http://lists.busybox.net/pipermail/busybox/2012-May/077908.html

Clearly, some Linux copyright holders and some BusyBox copyright holders
are in agreement to work on compliance together in the same way.

Indeed, Conservancy as a whole and I personally listened carefully to
the feedback from this thread and other places that had a discussion
about this.  I heard the message that the community wanted to see a
broad coalition of copyright holders of different projects who all agree
on enforcement strategy.  Denys even personally asked me to make sure
that Conservancy's compliance efforts were as inclusive as possible.
And, that's what we now have.

> People make mistakes. Companies have bad units. Bad units are
> negligent sometimes. I already explained that complying with the
> license is not that easy, specially after a produce is launched.

I've worked helping companies get into compliance with GPL for more than
a decade.  I'm quite sure that it possible to reasonably redress past
violations to the satisfaction of the copyright holders involved.
Conservancy works with companies to help them do that.

> If you have a bad unit that screwed up, and this affects the products
> of good units; that's not good.

Even after all this time since this discussion started, no one has shown
one example where this outcome *actually* occurred.  This was a
speculation of what a copyright holder *could* ask for under copyright
law in the USA if infringement occurs.

As I said elsewhere in this thread months ago, Conservancy works very
very hard to make sure compliance issues don't disrupt a violators'
business.  The only way it could possible disrupt their business is if
they spend months and months ignoring Conservancy's requests to work
with us to come into compliance.  Even then, Conservancy, in our
enforcement efforts, we continue to look for ways to keep the business
going while we help them come into compliance.

>> That is not true. SFC can't force anybody to comply with the kernel
>> license unless they act on behalf of the copyright holders of the
>> kernel.  They can just convince the companies that it is cheaper for
>> them to comply with the kernel license.

> They can do it as a proxy.

IMO, this whole discussion is moot: Conservancy now does indeed enforce
directly on behalf of a growing list of Linux copyright holders who
stand alongside BusyBox copyright holders in our enforcement actions.
(And, Samba developers are involved too, for those cases where Samba is
also present.)

> There's no need to ignore the license. Companies follow the GPLv2
> license, yet they avoid busybox for obvious reasons, that apparently
> you are never going to understand. The real world is beyond your
> grasp.

If they avoid BusyBox, they have to avoid Linux and Samba, too, and any
other GPL'd project where enforcement occurs, which is many others as
well that aren't involved with Conservancy.  These companies will have
to make their choice: either they want to follow the requirements of
GPL, or they'll switch to a FreeBSD-based system.

Of course, it's easier to comply with the BSD-like licenses than GPL;
BSD-like licenses aren't copylefts.  But just because it's more work to
comply with GPL doesn't mean that complying with GPL is too arduous to
be worthwhile.  Many companies see the value in GPL, because it defends
them as well when they contribute code back.

> it's not surprising that more permissive licenses are on the rise,
> presumably because of the kind of thinking that you show:
> http://blogs.the451group.com/opensource/2011/12/15/on-the-continuing-decline-of-the-gpl/

Note that the methodology of the analysis done in that article has been
called into question with competing analysis that shows substantially
different results.  See:
http://www.fsf.org/events/is-copyleft-being-framed (a recording of which
is available here http://faif.us/cast/2012/feb/28/0x23/ ).  The 451
Group even covered it here:
http://blogs.the451group.com/opensource/2012/03/05/thats-not-science/

I obviously disagree with 451's Group latest conclusion, since if what
John did in his analysis isn't science, then neither is the work that
451 Group did.  The whole point here is that no one has a proved,
statically valid methodology designed yet to study the rise or decline
of any specific license.  We'd need someone who is actually trained in
statistical methods research to really do a study, and I'm not sure it
matters, anyway.

The FLOSSMole data is helpful since it's an open data source (most of
these studies have been done with private data sources), but even if the
FLOSSMole data is used, it's not automatically statically valid.
There's still the disagreement of whether it makes more sense to count
"number of projects that use a license" vs. "number of lines of code
licensed under that license".  I don't think we can settle that dispute
and it's probably off-topic for this list, anyway.
-- 
   -- bkuhn


coordinated compliance efforts addresses the issues of this thread (was Re: Amusing article about busybox)
Felipe Contreras felipe.contreras at gmail.com 
Fri Aug 24 16:20:12 UTC 2012 

On Wed, Aug 15, 2012 at 9:45 PM, Bradley M. Kuhn <bkuhn at ebb.org> wrote:
> Felipe Contreras wrote at 11:31 (EDT) on Monday:
>> if you are a big company an a unit used my code by mistake I'm not
>> going to sue you and screw the rest of your units.
>
> I don't think anyone, including those of us in the BusyBox community who
> enforce the GPL, want to "screw" companies or any of their units!  No
> company who makes good efforts to fix compliance problems has ever been
> sued by any BusyBox copyright holder.  Do you know of a specific case
> where that's not true?

So if part of the company makes good efforts, and another part of the
company does not, the company as a whole wouldn't be sued? I think it
would.

>> No, I'm explaining why the Linux kernel developers don't want that. I
>> do hope the Busybox developers see the light as well, but I'm not
>> holding my breath.
>
> BusyBox and Linux developers are now working together on GPL
> enforcement, coordinated via Conservancy, as I mentioned in this email
> that I sent on 29 May 2012, which was posted as follow-up to this thread:
>       http://lists.busybox.net/pipermail/busybox/2012-May/077908.html

*Some* Linux developers. Probably the copyrights owned by these don't
even amount to 1% of the Linux code.

> Clearly, some Linux copyright holders and some BusyBox copyright holders
> are in agreement to work on compliance together in the same way.
>
> Indeed, Conservancy as a whole and I personally listened carefully to
> the feedback from this thread and other places that had a discussion
> about this.  I heard the message that the community wanted to see a
> broad coalition of copyright holders of different projects who all agree
> on enforcement strategy.  Denys even personally asked me to make sure
> that Conservancy's compliance efforts were as inclusive as possible.
> And, that's what we now have.

I hope this means the proxy strategy doesn't get used: if a company
violated the busybox GPL, that doesn't mean it cannot ship products
with other GPL projects (e.g. Linux).

>> If you have a bad unit that screwed up, and this affects the products
>> of good units; that's not good.
>
> Even after all this time since this discussion started, no one has shown
> one example where this outcome *actually* occurred.  This was a
> speculation of what a copyright holder *could* ask for under copyright
> law in the USA if infringement occurs.

Lawyers don't care about things actually occurring, but what could
potentially happen. And potentially if say one unit of Sony is
negligent and has a GPL violation shipping busybox, Conservancy could
ask for an injunction to stop all products shipping GPL code,
including products from another unit who did it's job properly. Simply
having this threat would make lawyers worry, and recommend busybox not
to be used.

If Conservancy explicitly states that only projects that want GPL
enforcement will be targeted, and not use the proxy method to target
*all* GPL code, then perhaps in practice people won't have problems
using busybox. But I haven't seen any public statement of this sort,
so the fear is still probably out there.

> As I said elsewhere in this thread months ago, Conservancy works very
> very hard to make sure compliance issues don't disrupt a violators'
> business.  The only way it could possible disrupt their business is if
> they spend months and months ignoring Conservancy's requests to work
> with us to come into compliance.  Even then, Conservancy, in our
> enforcement efforts, we continue to look for ways to keep the business
> going while we help them come into compliance.

Again, if these efforts only target project that explicitly request
GPL enforcement, then I think that's OK.

>>> That is not true. SFC can't force anybody to comply with the kernel
>>> license unless they act on behalf of the copyright holders of the
>>> kernel.  They can just convince the companies that it is cheaper for
>>> them to comply with the kernel license.
>
>> They can do it as a proxy.
>
> IMO, this whole discussion is moot: Conservancy now does indeed enforce
> directly on behalf of a growing list of Linux copyright holders who
> stand alongside BusyBox copyright holders in our enforcement actions.
> (And, Samba developers are involved too, for those cases where Samba is
> also present.)

No, it's not moot. You can only enforce the code that is copyrighted
by these Linux developers, which is probably less than 1%.

>> There's no need to ignore the license. Companies follow the GPLv2
>> license, yet they avoid busybox for obvious reasons, that apparently
>> you are never going to understand. The real world is beyond your
>> grasp.
>
> If they avoid BusyBox, they have to avoid Linux and Samba, too,

No, see above.

>> it's not surprising that more permissive licenses are on the rise,
>> presumably because of the kind of thinking that you show:
>> http://blogs.the451group.com/opensource/2011/12/15/on-the-continuing-decline-of-the-gpl/
>
> Note that the methodology of the analysis done in that article has been
> called into question with competing analysis that shows substantially
> different results.  See:
> http://www.fsf.org/events/is-copyleft-being-framed (a recording of which
> is available here http://faif.us/cast/2012/feb/28/0x23/ ).  The 451
> Group even covered it here:
> http://blogs.the451group.com/opensource/2012/03/05/thats-not-science/
>
> I obviously disagree with 451's Group latest conclusion, since if what
> John did in his analysis isn't science, then neither is the work that
> 451 Group did.  The whole point here is that no one has a proved,
> statically valid methodology designed yet to study the rise or decline
> of any specific license.  We'd need someone who is actually trained in
> statistical methods research to really do a study, and I'm not sure it
> matters, anyway.

Fair enough, but at least some people think it's declining.

Cheers.

-- 
Felipe Contreras

coordinated compliance efforts addresses the issues of this thread (was Re: Amusing article about busybox)
Tito farmatito at tiscali.it 
Fri Aug 24 20:24:48 UTC 2012 

On Friday 24 August 2012 18:20:12 Felipe Contreras wrote:
> On Wed, Aug 15, 2012 at 9:45 PM, Bradley M. Kuhn <bkuhn at ebb.org> wrote:
> > Felipe Contreras wrote at 11:31 (EDT) on Monday:
> >> if you are a big company an a unit used my code by mistake I'm not
> >> going to sue you and screw the rest of your units.
> >
> > I don't think anyone, including those of us in the BusyBox community who
> > enforce the GPL, want to "screw" companies or any of their units!  No
> > company who makes good efforts to fix compliance problems has ever been
> > sued by any BusyBox copyright holder.  Do you know of a specific case
> > where that's not true?
> 
> So if part of the company makes good efforts, and another part of the
> company does not, the company as a whole wouldn't be sued? I think it
> would.

There is not something like a part of company.
Ther is a company that produces a product and then sells
it to make some money. If for example your product
is defective you don't ask wich unit has engineered or produced
it or sold it or delivered it as the company is liable for the warranty.

> >> No, I'm explaining why the Linux kernel developers don't want that. I
> >> do hope the Busybox developers see the light as well, but I'm not
> >> holding my breath.
> >
> > BusyBox and Linux developers are now working together on GPL
> > enforcement, coordinated via Conservancy, as I mentioned in this email
> > that I sent on 29 May 2012, which was posted as follow-up to this thread:
> >       http://lists.busybox.net/pipermail/busybox/2012-May/077908.html
> 
> *Some* Linux developers. Probably the copyrights owned by these don't
> even amount to 1% of the Linux code.

Nonetheless this developers having contributed to the project under a  precise
license have some rights, particularly the right to have this license enforced
even if the project maintainers or other entities do not enforce it.
I want my rights enforced!!! for a simple reason because if you don't
fight for your rights you end with no rights at all.

If you contribute 1 dollar to a charity foundation, do you have the 
right to sue them if you know that there is a funds misappropriation?
  
> > Clearly, some Linux copyright holders and some BusyBox copyright holders
> > are in agreement to work on compliance together in the same way.
> >
> > Indeed, Conservancy as a whole and I personally listened carefully to
> > the feedback from this thread and other places that had a discussion
> > about this.  I heard the message that the community wanted to see a
> > broad coalition of copyright holders of different projects who all agree
> > on enforcement strategy.  Denys even personally asked me to make sure
> > that Conservancy's compliance efforts were as inclusive as possible.
> > And, that's what we now have.
> 
> I hope this means the proxy strategy doesn't get used: if a company
> violated the busybox GPL, that doesn't mean it cannot ship products
> with other GPL projects (e.g. Linux).

If a driver does something bad with his car he sometimes ends up
with no driving license. 
This of course is not the fault of who enforces the law
but his fault as he did something he knew is forbiddden.
The same way i suppose you don't go in shops take
some goods and go out without paying as you know
that you have to pay.
It is the same with gpl software, you don't use it
if you don't want to make the sources available.
You know this before you use it as the license is
contained in the very same source code that you intend to
use and can not be overlooked unless you want to do it.
 
> >> If you have a bad unit that screwed up, and this affects the products
> >> of good units; that's not good.
> >
> > Even after all this time since this discussion started, no one has shown
> > one example where this outcome *actually* occurred.  This was a
> > speculation of what a copyright holder *could* ask for under copyright
> > law in the USA if infringement occurs.
> 
> Lawyers don't care about things actually occurring, but what could
> potentially happen. And potentially if say one unit of Sony is
> negligent and has a GPL violation shipping busybox, Conservancy could
> ask for an injunction to stop all products shipping GPL code,
> including products from another unit who did it's job properly. Simply
> having this threat would make lawyers worry, and recommend busybox not
> to be used.
> 
> If Conservancy explicitly states that only projects that want GPL
> enforcement will be targeted, and not use the proxy method to target
> *all* GPL code, then perhaps in practice people won't have problems
> using busybox. But I haven't seen any public statement of this sort,
> so the fear is still probably out there.
> 

People will have problems using busybox only if they violate
the license busybox is under, it is as simple as that.

> > As I said elsewhere in this thread months ago, Conservancy works very
> > very hard to make sure compliance issues don't disrupt a violators'
> > business.  The only way it could possible disrupt their business is if
> > they spend months and months ignoring Conservancy's requests to work
> > with us to come into compliance.  Even then, Conservancy, in our
> > enforcement efforts, we continue to look for ways to keep the business
> > going while we help them come into compliance.
> 
> Again, if these efforts only target project that explicitly request
> GPL enforcement, then I think that's OK.
> 
> >>> That is not true. SFC can't force anybody to comply with the kernel
> >>> license unless they act on behalf of the copyright holders of the
> >>> kernel.  They can just convince the companies that it is cheaper for
> >>> them to comply with the kernel license.
> >
> >> They can do it as a proxy.
> >
> > IMO, this whole discussion is moot: Conservancy now does indeed enforce
> > directly on behalf of a growing list of Linux copyright holders who
> > stand alongside BusyBox copyright holders in our enforcement actions.
> > (And, Samba developers are involved too, for those cases where Samba is
> > also present.)
> 
> No, it's not moot. You can only enforce the code that is copyrighted
> by these Linux developers, which is probably less than 1%.
> 

Even this 1% percent is worth to be protected and if you have
to rewrite 1% of a few million lines of code taking it for "free"
without complying with the license maybe will not be economically
appealing anymore.

> >> There's no need to ignore the license. Companies follow the GPLv2
> >> license, yet they avoid busybox for obvious reasons, that apparently
> >> you are never going to understand. The real world is beyond your
> >> grasp.
> >
> > If they avoid BusyBox, they have to avoid Linux and Samba, too,
> 
> No, see above.
> 
> >> it's not surprising that more permissive licenses are on the rise,
> >> presumably because of the kind of thinking that you show:
> >> http://blogs.the451group.com/opensource/2011/12/15/on-the-continuing-decline-of-the-gpl/
> >
> > Note that the methodology of the analysis done in that article has been
> > called into question with competing analysis that shows substantially
> > different results.  See:
> > http://www.fsf.org/events/is-copyleft-being-framed (a recording of which
> > is available here http://faif.us/cast/2012/feb/28/0x23/ ).  The 451
> > Group even covered it here:
> > http://blogs.the451group.com/opensource/2012/03/05/thats-not-science/
> >
> > I obviously disagree with 451's Group latest conclusion, since if what
> > John did in his analysis isn't science, then neither is the work that
> > 451 Group did.  The whole point here is that no one has a proved,
> > statically valid methodology designed yet to study the rise or decline
> > of any specific license.  We'd need someone who is actually trained in
> > statistical methods research to really do a study, and I'm not sure it
> > matters, anyway.
> 
> Fair enough, but at least some people think it's declining.
> 
> Cheers.
> 
> 
Ciao,
Tito

coordinated compliance efforts addresses the issues of this thread
Bradley M. Kuhn bkuhn at ebb.org 
Sun Aug 26 14:09:35 UTC 2012 

> On Friday 24 August 2012, Felipe Contreras wrote:
>> So if part of the company makes good efforts, and another part of the
>> company does not, the company as a whole wouldn't be sued?

Tito  replied at 16:24 (EDT) on Friday:
> There is not something like a part of company.

AFAIK, Tito is correct, but I'm only familiar with USA corporate law.
In the USA, Tito is indeed correct and there is no such thing as a "part
of a company", to my knowledge.

>> I hope this means the proxy strategy doesn't get used: if a company
>> violated the busybox GPL, that doesn't mean it cannot ship products
>> with other GPL projects (e.g. Linux).

It will be up to what the individual copyright holders want to do.
Conservancy now coordinates enforcement for dozens of copyright holders.
Each has a say, and can give input in what we do.  Notwithstanding the
copyrights in BusyBox that Conservancy holds itself, Conservancy is
primarily an "aggregator" that works on behalf of a coalition.  Everyone
in the coalition has a say.

>> Lawyers don't care about things actually occurring, but what could
>> potentially happen.

I believe you've got a subtle misunderstanding here that's leading to an
erroneous conclusion.  Corporate lawyers, primarily, assess risk for
businesses.  Risk is based on percentages and likelihoods of outcome.

If the mere *potential* of something happening (e.g., a 2% chance), then
*no* lawyer would accept the GPL, nor indeed *any* third-party code of
any kind to be used in any product.  Accepting third-party code always
generates small risks of horrible outcomes.  Indeed, I've known
hyper-conservative lawyers who advise against doing anything if there is
even a 2% chance of bad outcome.  These lawyers are, fundamentally, bad
lawyers.

But a lawyer's job isn't to decide what a business does.  A lawyer's job
is to give their client the chances various outcomes might happen, let
the client decide what the right course of action is, then advocate
zealously for the client and the client's choice.

>> And potentially if say one unit of Sony is negligent and has a GPL
>> violation shipping busybox, Conservancy could ask for an injunction
>> to stop all products shipping GPL code,

Perhaps Sony has bad lawyers who have been too conservative, but I don't
think so.  Note that Sony is still shipping BusyBox, even today.  I've
had plenty of conversations with the *one* person at Sony who has raised
any concerns, and I have an open thread of communication with him.  Are
you talking to Sony employees on a regular basis about their concerns
regarding compliance and working with them to mitigate that risk?  I am,
and based on that experience, I think the issues that were originally
raised are solved.

If you have direct, personal experience with Sony that shows something
different, I'd love to hear about it and let's start a four-way
conversation with my contacts and your contacts at Sony to sort it out.

>> If Conservancy explicitly states that only projects that want GPL
>> enforcement will be targeted, and not use the proxy method to target
>> *all* GPL code, then perhaps in practice people won't have problems
>> using busybox. But I haven't seen any public statement of this sort,
>> so the fear is still probably out there.

As I said, these kinds of decisions are made on a case-by-case basis,
and Conservancy consults the dozens of copyright holders who are part of
the coalition before making any fundamental decision in what to do in
any case.

Conservancy still has an open invitation to any copyright holders in
BusyBox, Samba, and/or Linux to be involved with our efforts and have a
voice in how these decisions are made.  Felipe, I'd invite you into this
coalition, but unfortunately I can only find one line of code that
you've changed in BusyBox, so I don't think your copyright claim on that
one line of code would be enough to enforce the GPL.

>> *Some* Linux developers. Probably the copyrights owned by these don't
>> even amount to 1% of the Linux code.

> Nonetheless this developers having contributed to the project under a
> precise license have some rights, particularly the right to have this
> license enforced even if the project maintainers or other entities do
> not enforce it.

IMO, Tito's response is quite correct.  However, I'd add that various
maintainers (and former maintainers) of projects have supported
enforcement: Denys has agreed to continue enforcement on BusyBox, and
Erik agrees -- and in fact, is very supportive -- as a former
maintainer.  Rob, as a former maintainer, used to agree and now
disagrees, and I respect his opinion and Conservancy doesn't enforce on
his behalf anymore.  Many other BusyBox copyright holders agree and have
either assigned copyright to Conservancy or are coordinating with
Conservancy in enforcement efforts.

Regarding Linux, obviously Linus Torvalds isn't enforcing his own
copyrights through Conservancy, but I recently asked Linus at a party:
"Are you mad at me for doing GPL enforcement for Linux?"  Linus
answered: "No.  In fact, part of the reason I didn't require copyright
assignment for Linux was because I want individuals to decide what they
want to do with their copyrights."  Many Linux copyright holders work
with Conservancy on enforcement, following Linus' directive that they
should make their own decisions about their copyrights.

In the Samba community, there's widespread support for Conservancy's
enforcement efforts.  I haven't yet found a major copyright holder of
Samba who *doesn't* support Conservancy's enforcement efforts. :)

> If you contribute 1 dollar to a charity foundation, do you have the 
> right to sue them if you know that there is a funds misappropriation?

Probably you do, but I suspect you'd just get a refund rather quickly.
If you donated $5,000, then I think the situation might be different
and it might be a complicated legal battle. :)

By analogy, I wouldn't enforce GPL unless there are sufficient copyrights
involved such that the copyrights in question can't be trivially written
out of the codebase.  This adds an additional check-and-balance that
there's sufficient contributors supporting the efforts.
-- 
Bradley M. Kuhn, Executive Director, Software Freedom Conservancy

Copyright 2012 http://lists.busybox.net/