In association with heise online

The enforcers

At the same time, the holders of copyright don't always see the direct benefit of upholding the GPL. A self-contained project like BusyBox seldom sees any upstream changes resulting from release of the code. Coders don't want to lose their time in bureaucracy and legalese, and many coders are paid for their work by companies who often own the copyrights and are not in favour of advocating free software through the courts. Corporate antipathy to the GPL is a very real impediment to free software. The GPL needs advocates and defenders, to perpetuate the idea that software should be free. Open source companies and organisations such as Red Hat and the Linux Foundation have been conspicuous by their silence.

So defence of the GPL has become the preserve of voluntary self-financing outfits such as gpl-violations.org, led by Harald Welte, and the Software Freedom Conservancy (SFC), run by Kuhn. GPL enforcement is quite far down the list of activities that SFC undertakes on behalf of free software projects. In the area of GPL enforcement, most of SFC's activities have focused on BusyBox, "the Swiss Army Knife of Embedded Linux", which is a toolbox of utilities for embedded systems, originally written by Bruce Perens and currently maintained by Denys Vlasenko.

GPL enforcement isn't a job that scratches many itches, as Kuhn explains: "I was always the type of person who would show up to a project and look for what needed to be done rather than what I was most interested in. We do the work for projects that nobody else wants to do. We take care of the stuff that is boring and mundane and basic and is needed for all projects... Anybody that has done GPL enforcement will know that it is a boring and tedious process, and most developers would rather be coding."

BusyBox became involved because Erik Andersen, the maintainer of BusyBox between 1999 and 2006, is a keen proponent of GPL enforcement. "Denys Vlasenko, the current maintainer, and other BusyBox copyright holders have also been involved at various times," says Kuhn. "And some copyright holders have even assigned their copyright to Conservancy..."

Because of BusyBox's ubiquity in embedded Linux systems and the enthusiasm of the developers to see their licence enforced, BusyBox has been at the heart of litigation to enforce GPL compliance and pass on the right of access to the source code to the end user. In some respects BusyBox has become an instrument for ensuring awareness among chip manufacturers of the fairly minimal obligations of the GPL, and that raises other issues, as Kuhn recognises. "Sometimes the BusyBox developers are seen as the only upholders of the GPL, and that has been a challenge for some time," he says.

But, as Jeremy Allison, who is a member of the SFC board, points out. "Litigation is always the last resort so most of these things get resolved without litigation. People do make mistakes. The point is not to punish people for making mistakes, but to bring them into compliance. When people get into trouble it's usually down to laziness and inconvenience. It's usually a case of 'I can't be arsed, and it's too much effort to do it right, so I'll just use it'."

Asked why Samba is less prone to violation than some other GPL'd software that is distributed in small devices, Allison makes the observation that "Samba device vendors tend to have a longer relationship with the customer than other device vendors. People store their data with Samba, and if you're lax about licensing you are probably lax about other things and it won't be a good product, so most of our vendors want to do things right."

Whys and wherefores

Recently BusyBox and the Software Freedom Conservancy were the subject of protracted debates on Linux Weekly News (LWN) that stemmed from an article by Matthew Garrett urging Linux kernel copyright holders to get involved in GPL enforcement.

At the root of the argument was a posting on eLinux from a Sony engineer, Tim Bird, proposing a BusyBox replacement project, and a later follow-up article on LWN, which referenced the toybox project; this project has been revived by Rob Landley to replicate (and enhance) the functionality of BusyBox, using a more liberal open source licence.

The rationale for the replacement project is that BusyBox is "the most litigated piece of GPL software in the world", and that "litigants have sometimes requested remedies outside the scope of BusyBox itself, such as review authority over unrelated products, or right of refusal over non-BusyBox modules. This causes concern among chip vendors and suppliers."

SFC and its role in enforcing the GPL became the focus of much of the discussion on the LWN threads. Inevitably, there were misunderstandings and confusions, some of which have been resolved, but the debates inevitably raise questions about the whys, hows and wherefores of enforcing the GPL.

Right of refusal

The key issue was the perceived manner and effect of GPL enforcement on chip vendors. By implication the litigants, in the shape of SFC, had demanded the right of "review authority over unrelated products", which Kuhn says isn't true, and the "right of refusal over non-BusyBox modules". The claim is that this could impose unworkable penalties on companies, as Tim Bird has claimed: "it is possible for a mistake made by an ODM (like providing the wrong BusyBox source version) could result in the recall of millions of unrelated products. As it stands, the demands made by the SFC in order to bring a company back into compliance are beyond the value that BusyBox provides to a company. I also believe they are wrong from both a legal and moral perspective."

While the Conservancy doesn't require an overview of 'unrelated products', SFC does ask that the manufacturer comes into compliance with all GPL modules on a device that hasn't been in compliance with the BusyBox licence. "You can't just say 'we'll comply with BusyBox but ignore Linux, glibc or anything else that might be GPL or LGPL'," says Kuhn.

Welte concurs with the broad outline of this approach, and notes that gpl-violations.org has routinely asked for "corresponding source code to all GPL licensed software during our communication with the infringing companies. This request was typically honoured by everyone, without the need to apply any pressure onto it."

Kuhn's view is that "you have to comply with everything if you want to use BusyBox. Section 4 of GPLv2 says that as soon as you violate the licence your rights to copy, modify and distribute the software disappear. So once you violate the BusyBox copyrights you have lost your right to distribute any of the GPL code."

Next: The death penalty

Print Version | Permalink: http://h-online.com/-1471698
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit