In association with heise online

17 December 2012, 17:36

Defence of the GPL realm

A conversation with Bradley Kuhn

with Fabian A. Scherschel

The H talks with Bradley Kuhn, noted GPL compliance enforcer, about whether there should be more people patrolling the GPL perimeter and what tools and techniques a potential protector should take into battle.

The H: You do some GPL enforcement and Harald Welte is also doing a lot in Germany but your time is naturally limited. Do you think we need more people enforcing the GPL and if yes, what advice would you give them?

Bradley Kuhn: It's worth noting that there are basically three centres of (what I would I call) community-oriented GPL enforcement activity: Harald's work in Germany, Conservancy's work in the USA and France (and occasionally Australia), and FSF's work in a number of places.

That's admittedly not very many groups: we're talking two 501(c)(3) charities in the USA with a small amount of staffing, plus a single person working individually with a coalition of colleagues (ie, IIRC, gpl-violations.org is not an organisation – it's just a website for Harald and his volunteers).

The H: Are any commercial companies trying to enforce GPLed code copyrighted by themselves?

BK: What I call for-profit enforcement occurs much more than I would like. MySQL AB championed this activity, and it's still carried on by the MySQL division of Oracle, and now by many other companies, too. They keep all the copyrights to themselves, and use "GPL compliance" as synonymous with "sales": their goal is to find a violation (or, just pretend there's one) to get the so-called "customer" to buy a proprietary licence for the code rather than come into compliance with GPL.

I find this activity despicable, and I'm quite angry with myself that I didn't realise at first that it was problematic. I was admittedly supportive of MySQL AB in its early years, but I'm not supportive of that business model any more.

The H: Is that the full extent of GPL enforcement going on out there?

BK: There's also the advent of so-called "licence compliance" companies – including Black Duck, Palamida, and OpenLogic – who seek to convince customers that they need complex and expensive solutions to properly comply with Free Software licences. Generally speaking, I wouldn't be against this type of work, but I have two big criticisms of these companies.

Their solutions all centre around proprietary-software code-scanning tools and I think the idea of selling proprietary software to people to help them comply with Free Software licences is not only wrong in the "usual sense" that all proprietary software is wrong, but also it has a strange irony that really bothers me: ie, they say: "Buy this proprietary tool, so you can use Free Software".

Additionally, those companies often use some scare tactics to make companies think they need these expensive solutions to be able to adopt Free Software. My biggest regret is that these companies have often used my GPL compliance work over the years to scare their customers. I even heard a rumour once that my name is actually spoken during "sales" meetings in a "well, you wouldn't want Bradley Kuhn to come knocking at your door about a compliance problem, would you?" sort-of way.

Fact of the matter is: these "compliance" companies don't actually address any of the issues that are the most common violations I find, which I call: "no-source-nor-offer" and "offer-fail". "No-source-nor-offer" is distribution of GPL'd and/or LGPL'd software in binary form without any source code nor offer therefor. "Offer-fail" is when such an offer is made, but, when tested, it turns out to not actually get a response from the violator.

Next: Not about the money

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit








The H Open

The H Security

The H Developer

The H Internet Toolkit