Changeset - efae6e0921ec
[Not reviewed]
0 0 1
Bradley Kuhn (bkuhn) - 6 years ago 2015-11-29 20:15:47
bkuhn@ebb.org
First publication of GPL Enforcement Principles.

Bradley M. Kuhn wrote the first draft of these principles on 23 May
2015. They were from there rewritten collaboratively over the following
months with the participation (in chronological order) of Karen
M. Sandler, W. John Sullivan, and Allison Randal.

This commit is the first publication of the principles on 1 October
2015.
1 file changed with 187 insertions and 0 deletions:
0 comments (0 inline, 0 general)
www/conservancy/static/copyleft-compliance/principles.html
Show inline comments
 
new file 100644
 
{% extends "base_compliance.html" %}
 
{% block subtitle %}GPL Compliance Project - {% endblock %}
 
{% block submenuselection %}Principles{% endblock %}
 
{% block content %}
 
<h1>The Principles of Community-Oriented GPL Enforcement</h1>
 

	
 
<p>The GNU General Public License (GPL) is the principal copyleft
 
license. Copyleft is a framework that permits ongoing sharing of a
 
published work, with clear permissions that <em>both</em> grant
 
<em>and</em> defend its users' freedoms &mdash; in contrast to other
 
free licenses that grant freedom but don't defend it.
 
Free software released under the GPL is fundamental
 
to modern technology, powering everything from laptops and desktops to
 
household appliances, cars, and mobile phones, to the foundations of
 
the Internet. Following the GPL's terms is easy &mdash; it gets more
 
complicated only when products distributed with GPL'd software also
 
include software distributed under terms that restrict users. Even in
 
these situations, many companies comply properly, but some companies
 
also try to bend or even break the GPL's rules to their perceived
 
advantage.</p>
 

	
 
<p>The Free Software Foundation (FSF) and Software Freedom Conservancy
 
  (Conservancy) today lead worldwide efforts to ensure compliance with
 
  the GPL family of licenses. The FSF began copyleft enforcement
 
  in the 1980s, and Conservancy has enforced the GPL for many of
 
  its member projects since its founding nearly a decade ago. Last
 
  year, the FSF and Conservancy jointly
 
  published <a href="https://copyleft.org/guide/"><cite>Copyleft and
 
  the GNU General Public License: A Comprehensive Tutorial and
 
  Guide</cite>, which includes sections such as
 
  &ldquo;<a href="https://copyleft.org/guide/comprehensive-gpl-guidepa2.html#x17-116000II">A
 
  Practical Guide to GPL Compliance&rdquo;</a> and
 
  &ldquo;<a href="https://copyleft.org/guide/comprehensive-gpl-guidepa3.html#x26-152000III">Case
 
  Studies in GPL Enforcement</a>&rdquo;, which explain the typical
 
  process that both the FSF and Conservancy follow in their GPL
 
  enforcement actions. (Shorter descriptions of these processes appear
 
  in blog posts written
 
  by <a href="https://www.fsf.org/blogs/licensing/compliance-situations">the
 
  FSF</a>
 
  and <a href="https://sfconservancy.org/blog/2012/feb/01/gpl-enforcement/">Conservancy</a>.)</p>
 

	
 
<p>As stalwarts of the community's freedom, we act as a proxy for users when
 
companies impede the rights to copy, share, modify, and/or
 
redistribute copylefted software. We require all redistributors to
 
follow the GPL's requirements in order to protect all the users' freedom,
 
and secondarily to support businesses that respect freedom
 
while discouraging and penalizing bad actors.</p>
 

	
 
<p>Copyleft is based on copyright; it uses the power of copyright to
 
defend users' freedom to modify and redistribute rather than to hinder
 
modification and redistribution. A traditional copyright license is
 
violated by giving the work to others without permission; a copyleft
 
license is violated by imposing restrictions to <em>prevent</em>
 
further redistribution by others. Nevertheless, with their basis in copyright law,
 
copyleft licenses are enforced through the same mechanisms &mdash; using
 
the same vocabulary and processes &mdash; as other copyright
 
licenses. We must take care, in copyleft enforcement,
 
to focus on the ultimate freedom-spreading purpose of copyleft,
 
and not fall into an overzealous or punitive approach, or into
 
legitimizing inherently unjust aspects of the copyright regime.
 
Therefore Conservancy and the FSF do enforcement according to community-oriented principles originally formulated by the FSF in 2001.
 
</p>
 

	
 
<h4>Guiding Principles in Community-Oriented GPL Enforcement</h4>
 

	
 
<ul>
 
<li><strong>Our primary goal in GPL enforcement is to bring about GPL
 
compliance.</strong>  Copyleft's overarching policy
 
goal is to make  respect of users' freedoms the norm.
 
The FSF designed the GNU GPL's text towards this end.
 
Copyleft enforcement done in this spirit focuses on stopping
 
incorrect distribution, encouraging corrected distribution, and
 
addressing damage done to the community and users by the past
 
violation. Addressing past damage often includes steps to notify those
 
who have already received the software how they can also obtain its
 
source code, and to explain the scope of their related rights. No
 
other ancillary goals should supersede full compliance
 
with the GPL and respect for users' freedoms to copy, share, modify
 
and redistribute the software.
 
</li>
 

	
 
<li><strong>Legal action is a last resort. Compliance actions are primarily
 
education and assistance processes to aid those who are not following the
 
license.</strong>
 

	
 
Most GPL violations occur by mistake, without ill will.
 
Copyleft enforcement should assist these distributors to
 
become helpful participants in the free software
 
projects on which they rely. Occasionally, violations are intentional
 
or the result of severe negligence, and there is no duty to be
 
empathetic in those cases.  Even then, a lawsuit is a
 
last resort; mutually agreed terms that fix (or at least cease)
 
further distribution and address damage already done are much better than a battle in court.
 
</li>
 

	
 
<li><strong>Confidentiality can increase receptiveness and
 
responsiveness.</strong> Supporters of software
 
freedom rightly view confidentiality agreements with
 
distrust, and prefer public discussions.  However, in compliance
 
work, initiating and continuing discussions in private demonstrates
 
good faith, provides an opportunity to teach compliance without fear
 
of public reprisal, and offers a chance to fix honest mistakes.
 
Enforcement actions that begin with public accusations are much more
 
likely to end in costly and lengthy lawsuits, and less likely to achieve the
 
primary goal of coming into compliance. Accordingly, enforcers should,
 
even if reluctantly, offer confidentiality as a term of settlement. If
 
it becomes apparent that the company is misusing good faith
 
confidentiality to cover inaction and unresponsiveness, the problems
 
may be publicized, after ample warning.</li>
 

	
 
<li><strong>Community-oriented enforcement must never prioritize
 
financial gain.</strong>
 

	
 
Financial penalties are a legitimate tool to achieve compliance when
 
used judiciously. Logically, if the only penalty for violation is
 
simply compliance with the original rules, bad actors will just wait
 
for an enforcement action before even reading the GPL. That social
 
model for copyleft and its enforcement is untenable and unsustainable.
 
An enforcement system without a financial penalty favors bad actors
 
over good ones, since the latter bear the minimal (but non-trivial)
 
staffing cost of compliant distribution while the former avoid it.
 
Copyright holders (or their designated agent) therefore are reasonable
 
to request compensation for the cost of their time providing the
 
compliance education that accompanies any constructive enforcement
 
action. Nevertheless, pursuing damages to the full extent allowed by
 
copyright law is usually unnecessary, and can in some cases work against
 
the purpose of copyleft. </li>
 

	
 
<li><strong>Community-oriented compliance work does not request nor accept payment
 
to overlook problems.</strong>
 

	
 
Community-oriented enforcement cannot accept payments in exchange for
 
ignoring a violation or accepting incomplete solutions to identified
 
compliance problems. Ideally, copyright holders should refuse any
 
payment entirely until the distributor repairs the past violation and
 
commits formally (in writing) to plans for future compliance.</li>
 

	
 
<li><strong>Community-oriented compliance work starts with carefully
 
verifying violations and finishes only after a comprehensive
 
analysis.</strong>
 

	
 
This means fully checking reports and confirming violations before accusing
 
an entity of violating the GPL. Then, all of the relevant
 
software should be examined to ensure any compliance problems, beyond
 
those identified in initial reports and those relating to any clauses of the
 
relevant licenses, are raised and fixed. This is important so that
 
the dialogue ends with reasonable assurance for both sides that additional
 
violations are not waiting to be discovered.
 
(<a href="http://gpl.guide/pristine-example">Good examples of
 
compliance</a> already exist to help distributors understand their
 
obligations.)</li>
 

	
 
<li><strong>Community-oriented compliance processes should extend the
 
benefit of GPLv3-like termination, even for GPLv2-only
 
works. </strong> GPLv2 terminates all copyright permissions at the
 
moment of violation, and that termination is permanent. GPLv3's
 
termination provision allows first-time violators automatic
 
restoration of distribution rights when they correct the violation
 
promptly, and gives the violator a precise list of copyright holders
 
whose forgiveness it needs. GPLv3's collaborative spirit regarding
 
termination reflects a commitment to and hope for future cooperation
 
and collaboration. It's a good idea to follow this approach in
 
compliance situations stemming from honest mistakes, even when the
 
violations are on works under GPLv2.</li>
 
</ul>
 

	
 
<p>These principles are not intended as a strict set of rules.
 
Achieving compliance requires an understanding of the violator's
 
situation, not so as to excuse the violation, but so as to see how
 
to bring that violator into compliance.  Copyleft licenses do not
 
state specific enforcement methodologies (other than license termination itself)
 
in part because the real world situation of GPL violations varies;
 
rigidity impedes success. </p>
 

	
 
<p>In particular, this list of principles purposely does not seek to
 
create strict criteria and/or &ldquo;escalation and mediation
 
rules&rdquo; for enforcement action. Efforts to do that limit the
 
ability of copyright holders to use copyleft licenses for their
 
intended effect: to stand up for the rights of users to copy, modify,
 
and redistribute free software.</p>
 

	
 
<p>The GPL,
 
enforced when necessary according to these principles, provides a
 
foundation for respectful, egalitarian, software-sharing
 
communities.
 
</p>
 

	
0 comments (0 inline, 0 general)