Re: [GIT PULL] Documentation: Add a file explaining the requested Linux kernel license enforcement policy

[David Woodhouse]

On Mon, 2017-10-16 at 15:46 +0200, Greg KH wrote:
> ÂI'll go add it and push out the updated post in a bit.

Thanks. I think it's especially important to show how useful
Conservancy's work in this area is.

If there's anyone who's nodding in approval to this document but who
*hasn't* joined Conservancy's group of kernel developers to help drive
the policies and decision-making there, I'd strongly recommend that you
do so:Âhttps://sfconservancy.org/copyleft-compliance/

> > conversations with the TAB on early drafts of this â but I'm a little
> > concerned that what we've ended up with is a bit one-sided. We're
> > giving something away, for nothing in return.
>
> I don't feel that is true at all, what we are doing here is providing a
> well-documented way toward compliance and the reinstatement of our
> license.ÂÂThat's a key issue with regards to the existing trolls we are
> currently facing today, which we have to address in order to preserve
> our community.

Which trolls? Do you mean Broadcom or Patrick? :)

I think think this directly addresses either of them. Not unless you're
planning to get Patrick, or those who aspire to his methods, to sign up
to this document somehow?

I do agree that *both* of them need dealing with somehow though.

I'm actually *more* worried about the Broadcoms of this world, because
with Patrick there's an easy safeguard that most people seem to have
forgotten about â do not break the law. Make sure you are so obviously
complying with the GPL that any claim to the contrary would be
immediately thrown out of court and your costs awarded. (I know that's
over-simplifying quite a bit â but while I don't condone Patrick's
actions, at a personal level I do find it slightly hard to sympathise
with his victims.)

> > This would have been better if it specified that it applied to
> > *unintentional* violations, and also gave a time limit â automatic
> > reinstatement *only* happens if complete compliance is achieved within
> > 90 days, for example. That would help genuine developers who are only
> > *accidentally* committing a criminal offence through not paying enough
> > attention, while not giving succour to those who intentionally do so.
>
> Defining "unintentional" and "accidentally", might be a bit difficult,
> given that GPLv3 didn't even attempt to do something like that.Â

Sure. But as you know, those who are *intentionally* violating the
licence will drag out their repeated candidate releases for years,
fixing one thing at a time and costing us loads of time and money as we
painstakingly investigate each attempt. While genuine mistakes are much
more quickly fixed.

So a time limit may well have worked as as primitive proxy for "intent".

We do have a time limit operating in *one* direction, to the benefit of
the criminal â if you stop offending within 30 days, your licence is
automatically reinstated. But we didn't do it in the opposite direction
â however long they take to come into compliance, we still promise that
their licence is reinstated by default when they do. Again it's one-
sided.

And more to the point, it deprives us of the *one* lever we have, short
of the last resort of legal action, for persuading them to come into
*complete* compliance as we define it.

My main concern is that we used to be able to iterate with a violator
until *we* agreed they were compliant. Now I fear that all they have to
do is get into the grey area where they don't think we'll really sue
for what's *left* â if we've signed away our ability to withhold the
licence from them for the original violations.

So given that Patrick was never going to sign this in the first place,
so it doesn't really protect anyone from his abuse, it seems that *all*
we've done is make live easier for the other kind of troll AFAICT. It's
a nice idea, but I'm just not sure it's really going to help overall.

Attachment: smime.p7s
Description: S/MIME cryptographic signature