https://www.fsf.org/licensing/enforcement-principles
> Community-oriented compliance processes should extend the benefit of GPLv3-like termination, even for GPLv2-only works.
> GPLv2 terminates all copyright permissions at the moment of violation, and that termination is permanent. GPLv3's termination provision allows first-time violators automatic restoration of distribution rights when they correct the violation promptly, and gives the violator a precise list of copyright holders whose forgiveness it needs. GPLv3's collaborative spirit regarding termination reflects a commitment to and hope for future cooperation and collaboration. It's a good idea to follow this approach in compliance situations stemming from honest mistakes, even when the violations are on works under GPLv2.
It's hard to understand the problem being solved here. While I've heard of "patent trolling" I guess I've only thought of copyright trolling in the sense of the (poorly tested) automatons who issue DMCA takedown requests for audio/video on youtube.
I've heard about GPL enforcement but only in "good" context: copyright holders acting in good faith to get their licensees to comply with the license. Are there copyright holders engaging in abusive litigation?
Do they kindly ask for apology? Do they offer, at cost, to make their licenses good? Are they a good steward when they find license mishaps? Or, why should Free Software foundations accept this against companies making decisions to cheat all of us?
Some enforcement efforts have been controversial, particularly the VmWare suit and other efforts by SFConservancy. I wouldn't call them trolls, but a lot of people think they are too heavy-handed.
On the other hand, with nobody wielding a stick, there is no real incentive not to abuse free licenses - which is exactly why the GPL exists in the first place.
Whether or not you think they are too heavy-handed, or think they are trolls: SF Conservancy-like behavior isn't the type of behavior being addressed here.
If following the license is too much to ask for, what exactly does "not heavy handed" mean?
The GPL is a tool to scare companies into doing the right thing and releasing their code. By committing to this we lose the ability to scare those companies. It becomes much more worthwhile to play chicken hoping no one will notice that you are using GPL code in your closed source binary.
If Foo Corp intentionally/accidentally violates the GPLv2 on software owned by CA/Cisco/HPE/Microsoft/SAP/SUSE, but decides to do the right thing/come clean and release the code...
without this (plain GPLv2): Their license to the GPLv2 was revoked, is still revoked, and are liable to each of the owners. Even if one owner reinstates the license, the others don't have to.
with this (GPLv2 with GPLv3-cure): Their license is provisionally reinstated upon coming in to compliance, and permanently reinstated 60 days later if none of the copyright holders object.
With the plain GPLv2 it was worth it to play chicken. Now, it no longer is.
At this point in history I don't think free software has much to fear from a more lenient enforcement of copyleft. The real risk is that copyleft (IMHO a really great tool even absent the "scare companies" analysis) will be forgotten.
So? I see this as a good thing.
It's not like there is a shortage of BSD, MIT, Apache, et al., licensed code.
GPL code should be treated like radioactive or toxic material--you need a permit, legal approval, and you had better have a REALLY good reason. There are reasons why you might need to use it, but they should be few and very far between.
Sometimes you pay them with dollars. Sometimes you pay them by open-sourcing your own code. Sometimes you pay them by acknowledging their contributions. And sometimes you pay them by fixing the bugs.
Not knowing how you are going to pay for someone else's code before you use it is ridiculous, and refusing to pay for it in the manner that they have indicated is acceptable is reprehensible.
For example, game developers will use any code that don't conflict with the model of selling copies under exclusive rights. Blizzard Entertainment which is currently one of the largest game developer studio in the world has used everything from LGPLv3 to custom permission granted by free software developers. Having a lawyer read a standard license and evaluate if it can be used is much cheaper than pushing the release date on a game a few months further, not counting the additional cost of having to write your own XML parser, html, javascript, fonts, or what have you. It also the reason why game studio are willing to pay a lot of money for third-party libraries with extensively custom written restrictive licenses. So long it fit the business model, and it save money and time, then using it is a competitive advantage in a industry that is heavily over saturated.
If more code would be shared it would be a better world, but the way s not simple. Respecting licenses of ocurse is a requirement.
anything with *GPL as its license
AGPL is obviously even stricter than the GPL, but I don't see the problem with LGPL in libraries? Worst case you end up making some improvements to the library that are applicable outside your application and have to publish the source for your changes to the library, but that seems only fair. In the vast majority of cases you don't modify library code, leaving you with no obligation.You might run the risk of somebody copy-pasting code from a LGPL library into your production system, but I don't think that risk is greater than the risk of them copy-pasting from the first google result without checking the license.
Is to follow the license for whatever you're using. Full stop.
Lots of people are not interested in this.
The "enforcement" that Torvalds wants is what you see with Android today: Everyone ships blobs of kernel builds, with the source never released.
If I want to bloody recompile the LK on my phone to install a proper linux, that or other GPL tools shouldn't be blockers.
A linux developer demanding money from GPL violators is (seemingly) what triggered this action. See http://www.zdnet.com/article/linux-beats-internal-legal-thre...
>McHardy has sued companies for Linux GPLv2 violations in over 38 cases. In one, he'd requested a contractual penalty of €1.8 million. The company also claimed McHardy had already received over €2 million from his actions.
>what exactly does "not heavy handed" mean
It means not permanently revoking their licence to use the code again, even once they have become compliant. It's a common complaint made about the GPLv2 which was clarified in GPLv3
The licenses used by the FSF are there to protect the liberty of users. So, when you are caught violating the license, they offer to make their license good, conditioned on you restoring the users' liberty.
How much is a team of developers for a month? So yeah, that's real money and time.
There's from what I see, 2 groups of GPL (and related) license violators. The first are unintentional ones. They didn't realize, for one reason or another, the ramifications of the GPL. Or, they just don't have a license but it's on Git(Hub/Lab). These people, if it is mentioned to, will fix it.
You have the second group, that sells corporate, closed source hardware, with closed source linux kernel and associated GPL'ed tools. These care not for licenses, and would violate anything and everything for a nickel. They are bad actors, willing to do anything to disadvantage any suckers. Look no further than pretty much every Android phone vendor, Orange Pi, Banana Pi, and lots others.
Intent is 90% of the law. I'm certainly willing to let the 10% drop (the action), but its clear whom is and isn't well meaning and who is a bad actor. Making a pile of money and intentionally breaking the license and copyright is usually a pretty strong indicator.
And how is it moral to be nice with immoral people ?
Now I do believe it's good to let a chance to do the right thing. But if not, it must be followed by actions.
E.G: I would add to the licence that it is illegal to give technical support or to provide a commercial service related to the product with a violated licence, for all the product with the same licence. If you can't get support for any of your linux servers, or you can't even rent a new VPS, you'll think twice about compliance.