Profile cover photo
Profile photo
Software Freedom Conservancy
138 followers -
Conservancy defends and upholds your software freedom!
Conservancy defends and upholds your software freedom!

138 followers
About
Software Freedom Conservancy's posts

Post has attachment
Why GPL Compliance Tutorials Should Be Free as in Freedom

a blog post by Bradley M. Kuhn

I am honored to be a co-author and editor-in-chief of the most comprehensive, detailed, and complete guide on matters related to compliance of copyleft software licenses such as the GPL. This book, Copyleft and the GNU General Public License: A Comprehensive Tutorial and Guide (which we often call the Copyleft Guide for short) is 155 pages filled with useful material to help everyone understand copyleft licenses for software, how they works, and how to comply with them properly. It is the only document to fully incorporate esoteric material such as the FSF's famous GPLv3 rationale documents directly alongside practical advice, such as the pristine example, which is the only freely published compliance analysis of a real product on the market. The document explains in great detail how that product manufacturer made good choices to comply with the GPL. The reader learns by both real-world example as well as abstract explanation.

However, the most important fact about the Copyleft Guide is not its useful and engaging content. More importantly, the license of this book gives freedom to its readers in the same way the license of the copylefted software does. Specifically, we chose the +Creative Commons Attribution Share-Alike 4.0 license (CC BY-SA) for this work. We believe that not just software, but any generally useful technical information that teaches people should be freely sharable and modifiable by the general public.

The reasons these freedoms are necessary seem so obvious that I'm surprised I need to state them. Companies who want to build internal training courses on copyleft compliance for their employees need to modify the materials for that purpose. They then need to be able to freely distribute them to employees and contractors for maximum effect. Furthermore, like all documents and software alike, there are always “bugs”, which (in the case of written prose) usually means there are sections that are fail to communicate to maximum effect. Those who find better ways to express the ideas need the ability to propose patches and write improvements. Perhaps most importantly, everyone who teaches should avoid NIH syndrome. Education and science work best when we borrow and share (with proper license-compliant attribution, of course!) the best material that others develop, and augment our works by incorporating them.

These reasons are akin to those that led Richard M. Stallman to write his seminal essay, Why Software Should Be Free. Indeed, if you reread that essay now — as I just did — you'll see that much of damage and many of the same problems to the advancement of software that RMS documents in that essay also occur in the world of tutorial documentation about FLOSS licensing. As too often happens in the Open Source community, though, folks seek ways to proprietarize, for profit, any copyrighted work that doesn't already have a copyleft license attached. In the field of copyleft compliance education, we see the same behavior: organizations who wish to control the dialogue and profit from selling compliance education seek to proprietarize the meta-material of compliance education, rather than sharing freely like the software itself. This yields an ironic exploitation, since the copyleft license documented therein exists as a strategy to assure the freedom to share knowledge. These educators tell their audiences with a straight face: "Sure, the software is free as in freedom, but if you want to learn how its license works, you have to license our proprietary materials!" This behavior uses legal controls to curtail the sharing of knowledge, limits the advancement and improvement of those tutorials, and emboldens silos of know-how that only wealthy corporations have the resources to access and afford. The educational dystopia that these organizations create is precisely what I sought to prevent by advocating for software freedom for so long.

While Conservancy's primary job provides non-profit infrastructure for Free Software projects, we also do a bit of license compliance work as well. But we practice what we preach: we release all the educational materials that we produce as part of the Copyleft Guide project under CC BY-SA. Other Open Source organizations are currently hypocrites on this point; they tout the values of openness and sharing of knowledge through software, but they take their tutorial materials and lock them up under proprietary licenses. I hereby publicly call on such organizations (including but not limited to the Linux Foundation) to license materials such as those under CC BY-SA.

I did not make this public call for liberation of such materials without first trying friendly diplomacy first. Conservancy has been in talks with individuals and staff who produce these materials for some time. We urged them to join the Free Software community and share their materials under free licenses. We even offered volunteer time to help them improve those materials if they would simply license them freely. After two years of that effort, it's now abundantly clear that public pressure is the only force that might work0. Ultimately, like all proprietary businesses, the training divisions of +Linux Foundation Linux Training Services and other entities in the compliance industrial complex (such as +Black Duck Software) realize they can make much more revenue by making materials proprietary and choosing legal restrictions that forbid their students from sharing and improving the materials after they complete the course. While the reality of this impasse regarding freely licensing these materials is probably an obvious outcome, multiple sources inside these organizations have also confirmed for me that liberation of the materials for the good of general public won't happen without a major paradigm shift — specifically because such educational freedom will reduce the revenue stream around those materials.

Of course, I can attest first-hand that freely liberating tutorial materials curtails revenue. Karen Sandler and I have regularly taught courses on copyleft licensing based on the freely available materials for a few years — most recently in January 2017 at LinuxConf Australia and at at OSCON in a few weeks. These conferences do kindly cover our travel expenses to attend and teach the tutorial, but compliance education is not a revenue stream for Conservancy. While, in an ideal world, we'd get revenue from education to fund our other important activities, we believe that there is value in doing this education as currently funded by our individual Supporters; these education efforts fit withour charitable mission to promote the public good. We furthermore don't believe that locking up the materials and refusing to share them with others fits a mission of software freedom, so we never considered such as a viable option. Finally, given the institutionally-backed FUD that we've continue to witness, we seek to draw specific attention to the fundamental difference in approach that Conservancy (as a charity) take toward this compliance education work. (My my recent talk on compliance covered on LWN includes some points on that matter, if you'd like further reading).


Post has attachment

Post has attachment

Post has attachment
Private Internet Access launches $50,000 match for Software Freedom Conservancy

Today on Giving Tuesday, Software Freedom Conservancy announces a generous match by Private Internet Access of $50,000 towards our current fundraiser.

Until January 15, Supporters count twice toward our fundraising goals! If you join or renew as a Supporter now, Private Internet Access will contribute matching support. The next 416 Supporters (both new or renewing, monthly or annually) will have the impact of 832 Supporters. Giving now will quickly advance the progress in our fundraiser and help sustain much of Conservancy's work for free and open source software.

With the funds provided by previous match donors in 2016, Conservancy is over 60% towards our goal of 2,500 Supporters which we need to continue our full programmatic activities through 2017. Become a Supporter today!

The match includes renewing annual supporters, and new supporters who join monthly or annually.

Post has attachment
November 23, 2016

“Principles of Community-Oriented GPL Compliance” Now in Chinese

Software Freedom Conservancy is pleased to announce that the Kaiyuanshe Legal Committee has translated the Principles of Community-Oriented GPL Compliance in Chinese. Kaiyuanshe, roughly translated as "open source alliance," is a group of enterprises, communities, and individuals in China supporting and promoting free and open source software. The document is available for download on Kaiyuanshe's web site and on Conservancy's site in HTML and as a PDF.

The Principles were published by Conservancy and the Free Software Foundation last year, and set forth norms around community-oriented enforcement, removing uncertainty for companies who face compliance actions and providing criteria for evaluating whether license compliance is in the community's interest. The translation was primarily worked on by Richard Lin and Maggie Wang, members of the Kaiyuanshe Legal Committee.

"More and more Chinese companies are embracing Free and Open Source Software, but not enough participants truly understand our communities' expectations around compliance," said Lin, Community Director for Huawei Developer Zone. "We in Kaiyuanshe want to help more people to truly understand Free and Open Source Software, and call for more people, organizations and companies to contribute together."

"The principles are good education and very clear to put into practice," added Wang, Representative in China for Ladas & Parry LLP. "I believe the publication of the Principles will ease the tension for a lot of companies who are willing to adopt GPL'd software."

Karen Sandler, Executive Director of Conservancy commented, "This is part of the impressive work undertaken by the Kaiyuanshe Legal Committee. This coordination by Kaiyuanshe shows the strength of all of the organizations and companies that have come together in China."


Post has attachment
+Linux Weekly News has an article about The GPL Compliance BoF Session at +Linux Foundation Events ' Linux Plumbers Conference.

Post has attachment
November 16, 2016 by Brett Smith

Recap: GPL Compliance BoF at Linux Plumbers’ Conference

At the +Linux Plumbers Conference a couple of weeks ago, Karen and I ran a Birds of a Feather session about our GPL Compliance Project for Linux Developers. It was a success by every measure. Approximately seventy people attended, and about twenty of them participated in the discussion, covering a wide variety of issues around compliance. The interactive and inclusive format was ideal for us to provide additional information and get feedback from a lot of interested people. Many thanks to the Linux Plumbers Organizing Committee for scheduling a slot for us to run this session.

We opened the discussion with a basic overview of the program: its history and mission, the structure of how we coordinate with Linux developers on our coalition, the typical flow of how we respond to a violation and work to help the distributor comply. We published the project agreement templates beforehand to facilitate the discussion. In the past, we heard people express concern that these agreements were private. We were happy to tackle that issue head-on, and I was glad to see several attendees download the template and review it during the session.

We also talked about how our work differs from some inappropriately aggressive enforcement efforts going on today—including Patrick McHardy's unfortunate enforcement lawsuits. One person rightly pointed out that less savvy distributors will often assume all GPL compliance is handled the same way. We discussed how Conservancy could emphasize the distinctions up front. We agree that's important; it's why we published our Principles of Community-Oriented GPL Enforcement, and why we were the first organization to publicly criticize McHardy's actions. Still, a new Linux distributor might not know about our principles, or understand that they specifically call on lawsuits only as a last resort. Based on this feedback, we plan to mention the Principles in our first correspondence about GPL compliance problems.

Our transparency in our methods and goals distinguishes Conservancy's compliance work from others'. There were several suggestions that we could take this further by publishing different numbers about how many cases we're handling, and different ways they've been resolved. To this end, Karen echoed the same point Bradley made at ELC EU that we only have the resources to pursue a relatively small percentage of the violation reports we receive. Because of this, publishing these numbers could de-anonymize active cases, which would contravene our compliance principles. Nonetheless, we will reexamine this issue to see if we could publish some numbers safely.

That discussion led to suggestions that volunteers could help us with technical compliance work, confirming violations and the completeness of source code. We've discussed that idea internally for many years. Even more than publishing numbers, engaging volunteers risks leaking information about violators to the public. Furthermore, we would need to vet and train volunteers, which we lack the resources to do now. If we received funding for this work, we could use that to plan and provide volunteer training, but there has been limited interest in funding community-oriented compliance initiatives.

Finally, we discussed different ways to make compliance work less necessary. We'd love to see more of this: as more distributors proactively come into compliance, we have more time to spend supporting our member projects and other initiatives. That's a big reason we helped write the Copyleft Guide, which helps distributors better understand the conditions and requirements of the GPL. The pristine source example, in particular, is designed to show step-by-step the process of verifying a complete, corresponding source release. There's certainly lots of great ideas for more work like this, and I think naming them in the BoF helped make some good connections between them.

Our thanks to everyone who attended and provided feedback. If you couldn't attend this BoF, don't worry. We'll be running similar sessions at other conferences over the next few months, and you can also provide feedback on our principles-discuss mailing list. We want to hear from as much of the community as possible, so if you have questions or comments about our Linux compliance work, we hope we'll hear from you soon.

Posted by Brett Smith on November 16, 2016. Please email any comments on this entry to info@sfconservancy.org.

Post has attachment
Conservancy Promotes Transparency by Publishing Template Agreements for Linux Compliance Program

Discussion Invited at Second Feedback Session on GPL Enforcement

Today at the +Linux  Plumbers Conference, Software Freedom Conservancy hosts its second feedback session on the GPL Compliance Program for Linux Developers. These sessions, which Conservancy is hosting at relevant events over the next year and summarizing for public review, will seek input and ideas from the Linux community about GPL enforcement, answer questions, and plan strategies to deal with GPL enforcement actions that do not follow Conservancy and +Free Software Foundation's Principles of Community-Oriented GPL Enforcement.

The publication of the template agreements ([1], [2]) demonstrates Conservancy's commitment to transparency. The documents have a similar structure as Conservancy's agreements with its member projects, designed to work at the service of the coalition. They include an easy termination provision, requiring just thirty days' notice at any time. Because the aim of Conservancy's compliance work is to avoid litigation, no lawsuits may be initiated without further explicit agreement.

Two versions of the template agreement are provided. The anonymous agreement includes a clause binding Conservancy to not disclose the identity of the participant. This clause was directly requested by Linux contributors who fear repercussions from their employers or other community members who oppose GPL enforcement. Conservancy designed this version to respect the wishes of those who want to help ensure the future of copyleft, but are not prepared to face public attacks from those who oppose copyleft.

Karen Sandler, who will co-host today's session at the Plumbers Conference, noted the importance of designing agreements that adhere to the Principles of Community-Oriented GPL Enforcement. "The agreements empower developers to direct and control Conservancy's enforcement actions. While the Principles allow for recovery of costs, the terms ensure that developers direct how such funds are spent." Karen noted, however, "While the agreement sets out how money received through any compliance actions is divided, to date no amounts have been received under this initiative."

Conservancy is publishing these agreements today as background for the enforcement feedback session at 6:00 PM Mountain Time at the Linux Plumbers Conference 2016. Conservancy's Executive Director, Karen Sandler, and Director of Strategic Initiatives, Brett Smith, will host the session, and all conference attendees are welcome to join the discussion. Conservancy will also take feedback on the agreements over its mailing list for discussion of the GPL enforcement principles and at feedback sessions at other conferences over the coming months.

Conservancy, as always, recommends that anyone who is contemplating signing an agreement consult legal counsel about their own specific situation prior to doing so.

Post has attachment
On Free as in Freedom 0x5E, Bradley and Karen discuss Conservancy's
ContractPatch Initiative that will help Free Software developers negotiate
their agreements with employers. Do you think that developers should have
the tools to ensure they can decide the licensing of their own work in the
Open Source and Free Software community? Take a listen and see what you think!

Post has attachment
October 27, 2016 by Bradley M. Kuhn

As I mentioned in an earlier blog post, I had the privilege of attending Embedded Linux Conference Europe (ELC EU) and the OpenWrt Summit in Berlin, Germany earlier this month. I gave a talk (for which the video is available below) at the OpenWrt Summit. I also had the opportunity to host the first of many conference sessions seeking feedback and input from the Linux developer community about Conservancy's GPL Compliance Project for Linux Developers.

ELC EU has no “BoF Board” where you can post informal sessions. So, we scheduled the session by word of mouth over a lunch hour. We nevertheless got an good turnout (given that our session's main competition was eating food :) of about 15 people.

Most notably and excitingly, Harald Welte, well-known Netfilter developer and leader of gpl-violations.org, was able to attend. Harald talked about his work with gpl-violations.org enforcing his own copyrights in Linux, and explained why this was important work for users of the violating devices. He also pointed out that some of the companies that were sued during his most active period of gpl-violations.org are now regular upstream contributors.

Two people who work in the for-profit license compliance industry attended as well. Some of the discussion focused on usual debates that charities involved in compliance commonly have with the for-profit compliance industry. Specifically, one of them asked "how much compliance is enough, by percentage?" I responded to his question on two axes. First, I addressed the axis of "how many enforcement matters does the GPL Compliance Program for Linux Developers do, by percentage of products violating the GPL"? There are, at any given time, hundreds of documented GPL violating products, and our coalition works on only a tiny percentage of those per year. It's a sad fact that only that tiny percentage of the products that violate Linux are actually pursued to compliance.

On the other axis, I discussed the percentage on a per-product basis. From that point of view, the question is really: "Is there a ‘close enough to compliance’ that we can as a community accept and forget about the remainder?" From my point of view, we frequently compromise anyway, since the GPL doesn't require someone to prepare code properly for upstream contribution. Thus, we all often accept compliance once someone completes the bare minimum of obligations literally written in the GPL, but give us a source release that cannot easily be converted to an upstream contribution. So, from that point of view, we're often accepting a less-than-optimal outcome. The GPL by itself does not inspire upstreaming; the other collaboration techniques that are enabled in our community because of the GPL work to finish that job, and adherence to the Principles assures that process can work. Having many people who work with companies in different ways assures that as a larger community, we try all the different strategies to encourage participation, and inspire today's violators to become tomorrow upstream contributors — as Harald mention has already often happened.

That same axis does include on rare but important compliance problem: when a violator is particularly savvy, and refuses to release very specific parts of their Linux code (as VMware did), even though the license requires it. In those cases, we certainly cannot and should not accept anything less than required compliance — lest companies begin holding back all the most interesting parts of the code that GPL requires them to produce. If that happened, the GPL would cease to function correctly for Linux.

After that part of the discussion, we turned to considerations of corporate contributors, and how they responded to enforcement. Wolfram Sang, one of the developers in Conservancy's coalition, spoke up on this point. He expressed that the focus on for-profit company contributions, and the achievements of those companies, seemed unduly prioritized by some in the community. As an independent contractor and individual developer, Wolfram believes that contributions from people like him are essential to a diverse developer base, that their opinions should be taken into account, and their achievements respected.

I found Wolfram's points particularly salient. My view is that Free Software development, including for Linux, succeeds because both powerful and wealthy entities and individuals contribute and collaborate together on equal footing. While companies have typically only enforce the GPL on their own copyrights for business reasons (e.g., there is at least one example of a major Linux-contributing company using GPL enforcement merely as a counter-punch in a patent lawsuit), individual developers who join Conservancy's coalition follow community principles and enforce to defend the rights of their users.

At the end of the session, I asked two developers who hadn't spoken during the session, and who aren't members of Conservancy's coalition their opinion on how enforcement was historically carried out by gpl-violations.org, and how it is currently carried out by Conservancy's GPL Compliance Program for Linux Developers. Both responded with a simple response (paraphrased): "it seems like a good thing to do; keep doing it!"

I finished up the session by inviting everyone to the join the principles-discuss list, where public discussion about GPL enforcement under the Principles has already begun. I also invited everyone to attend my talk, that took place an hour later at the OpenWrt Summit, which was co-located with ELC EU.
Your browser does not support the element. Perhaps you can or .

In that talk, I spoke about a specific example of community success in GPL enforcement. As explained on the OpenWrt history page, OpenWrt was initially made possible thanks to GPL enforcement done by BusyBox and Linux contributors in a coalition together. (Those who want to hear more about the connection between GPL enforcement and OpenWrt can view my talk.)

Since there weren't opportunities to promote impromptu sessions on-site, this event was a low-key (but still quite nice) start to Conservancy's planned year-long effort seeking feedback about GPL compliance and enforcement. Our next session is an official BoF session at Linux Plumbers Conference, scheduled for next Thursday 3 November at 18:00. It will be led by my colleagues Karen Sandler and Brett Smith.

Posted by Bradley M. Kuhn on October 27, 2016. Please email any comments on this entry to info@sfconservancy.org.
Wait while more posts are being loaded