Features Download
From: Bradley M. Kuhn <bkuhn <at> ebb.org>
Subject: Re: coordinated compliance efforts addresses the issues of this thread
Newsgroups: gmane.linux.busybox
Date: Sunday 26th August 2012 14:09:35 UTC (over 5 years ago)
> On Friday 24 August 2012, Felipe Contreras wrote:
>> So if part of the company makes good efforts, and another part of the
>> company does not, the company as a whole wouldn't be sued?

Tito  replied at 16:24 (EDT) on Friday:
> There is not something like a part of company.

AFAIK, Tito is correct, but I'm only familiar with USA corporate law.
In the USA, Tito is indeed correct and there is no such thing as a "part
of a company", to my knowledge.

>> I hope this means the proxy strategy doesn't get used: if a company
>> violated the busybox GPL, that doesn't mean it cannot ship products
>> with other GPL projects (e.g. Linux).

It will be up to what the individual copyright holders want to do.
Conservancy now coordinates enforcement for dozens of copyright holders.
Each has a say, and can give input in what we do.  Notwithstanding the
copyrights in BusyBox that Conservancy holds itself, Conservancy is
primarily an "aggregator" that works on behalf of a coalition.  Everyone
in the coalition has a say.

>> Lawyers don't care about things actually occurring, but what could
>> potentially happen.

I believe you've got a subtle misunderstanding here that's leading to an
erroneous conclusion.  Corporate lawyers, primarily, assess risk for
businesses.  Risk is based on percentages and likelihoods of outcome.

If the mere *potential* of something happening (e.g., a 2% chance), then
*no* lawyer would accept the GPL, nor indeed *any* third-party code of
any kind to be used in any product.  Accepting third-party code always
generates small risks of horrible outcomes.  Indeed, I've known
hyper-conservative lawyers who advise against doing anything if there is
even a 2% chance of bad outcome.  These lawyers are, fundamentally, bad

But a lawyer's job isn't to decide what a business does.  A lawyer's job
is to give their client the chances various outcomes might happen, let
the client decide what the right course of action is, then advocate
zealously for the client and the client's choice.

>> And potentially if say one unit of Sony is negligent and has a GPL
>> violation shipping busybox, Conservancy could ask for an injunction
>> to stop all products shipping GPL code,

Perhaps Sony has bad lawyers who have been too conservative, but I don't
think so.  Note that Sony is still shipping BusyBox, even today.  I've
had plenty of conversations with the *one* person at Sony who has raised
any concerns, and I have an open thread of communication with him.  Are
you talking to Sony employees on a regular basis about their concerns
regarding compliance and working with them to mitigate that risk?  I am,
and based on that experience, I think the issues that were originally
raised are solved.

If you have direct, personal experience with Sony that shows something
different, I'd love to hear about it and let's start a four-way
conversation with my contacts and your contacts at Sony to sort it out.

>> If Conservancy explicitly states that only projects that want GPL
>> enforcement will be targeted, and not use the proxy method to target
>> *all* GPL code, then perhaps in practice people won't have problems
>> using busybox. But I haven't seen any public statement of this sort,
>> so the fear is still probably out there.

As I said, these kinds of decisions are made on a case-by-case basis,
and Conservancy consults the dozens of copyright holders who are part of
the coalition before making any fundamental decision in what to do in
any case.

Conservancy still has an open invitation to any copyright holders in
BusyBox, Samba, and/or Linux to be involved with our efforts and have a
voice in how these decisions are made.  Felipe, I'd invite you into this
coalition, but unfortunately I can only find one line of code that
you've changed in BusyBox, so I don't think your copyright claim on that
one line of code would be enough to enforce the GPL.

>> *Some* Linux developers. Probably the copyrights owned by these don't
>> even amount to 1% of the Linux code.

> Nonetheless this developers having contributed to the project under a
> precise license have some rights, particularly the right to have this
> license enforced even if the project maintainers or other entities do
> not enforce it.

IMO, Tito's response is quite correct.  However, I'd add that various
maintainers (and former maintainers) of projects have supported
enforcement: Denys has agreed to continue enforcement on BusyBox, and
Erik agrees -- and in fact, is very supportive -- as a former
maintainer.  Rob, as a former maintainer, used to agree and now
disagrees, and I respect his opinion and Conservancy doesn't enforce on
his behalf anymore.  Many other BusyBox copyright holders agree and have
either assigned copyright to Conservancy or are coordinating with
Conservancy in enforcement efforts.

Regarding Linux, obviously Linus Torvalds isn't enforcing his own
copyrights through Conservancy, but I recently asked Linus at a party:
"Are you mad at me for doing GPL enforcement for Linux?"  Linus
answered: "No.  In fact, part of the reason I didn't require copyright
assignment for Linux was because I want individuals to decide what they
want to do with their copyrights."  Many Linux copyright holders work
with Conservancy on enforcement, following Linus' directive that they
should make their own decisions about their copyrights.

In the Samba community, there's widespread support for Conservancy's
enforcement efforts.  I haven't yet found a major copyright holder of
Samba who *doesn't* support Conservancy's enforcement efforts. :)

> If you contribute 1 dollar to a charity foundation, do you have the 
> right to sue them if you know that there is a funds misappropriation?

Probably you do, but I suspect you'd just get a refund rather quickly.
If you donated $5,000, then I think the situation might be different
and it might be a complicated legal battle. :)

By analogy, I wouldn't enforce GPL unless there are sufficient copyrights
involved such that the copyrights in question can't be trivially written
out of the codebase.  This adds an additional check-and-balance that
there's sufficient contributors supporting the efforts.
Bradley M. Kuhn, Executive Director, Software Freedom Conservancy
CD: 2ms