Recap: GPL Compliance BoF at Linux Plumbers’ Conference
byon November 16, 2016
At the Linux Plumbers Conference a couple of weeks ago, Karen and I ran a Birds of a Feather session about our GPL Compliance Project for Linux Developers. It was a success by every measure. Approximately seventy people attended, and about twenty of them participated in the discussion, covering a wide variety of issues around compliance. The interactive and inclusive format was ideal for us to provide additional information and get feedback from a lot of interested people. Many thanks to the Linux Plumbers Organizing Committee for scheduling a slot for us to run this session.
We opened the discussion with a basic overview of the program: its history and mission, the structure of how we coordinate with Linux developers on our coalition, the typical flow of how we respond to a violation and work to help the distributor comply. We published the project agreement templates beforehand to facilitate the discussion. In the past, we heard people express concern that these agreements were private. We were happy to tackle that issue head-on, and I was glad to see several attendees download the template and review it during the session.
We also talked about how our work differs from some inappropriately aggressive enforcement efforts going on today—including Patrick McHardy's unfortunate enforcement lawsuits. One person rightly pointed out that less savvy distributors will often assume all GPL compliance is handled the same way. We discussed how Conservancy could emphasize the distinctions up front. We agree that's important; it's why we published our Principles of Community-Oriented GPL Enforcement, and why we were the first organization to publicly criticize McHardy's actions. Still, a new Linux distributor might not know about our principles, or understand that they specifically call on lawsuits only as a last resort. Based on this feedback, we plan to mention the Principles in our first correspondence about GPL compliance problems.
Our transparency in our methods and goals distinguishes Conservancy's compliance work from others'. There were several suggestions that we could take this further by publishing different numbers about how many cases we're handling, and different ways they've been resolved. To this end, Karen echoed the same point Bradley made at ELC EU that we only have the resources to pursue a relatively small percentage of the violation reports we receive. Because of this, publishing these numbers could de-anonymize active cases, which would contravene our compliance principles. Nonetheless, we will reexamine this issue to see if we could publish some numbers safely.
That discussion led to suggestions that volunteers could help us with technical compliance work, confirming violations and the completeness of source code. We've discussed that idea internally for many years. Even more than publishing numbers, engaging volunteers risks leaking information about violators to the public. Furthermore, we would need to vet and train volunteers, which we lack the resources to do now. If we received funding for this work, we could use that to plan and provide volunteer training, but there has been limited interest in funding community-oriented compliance initiatives.
Finally, we discussed different ways to make compliance work less necessary. We'd love to see more of this: as more distributors proactively come into compliance, we have more time to spend supporting our member projects and other initiatives. That's a big reason we helped write the Copyleft Guide, which helps distributors better understand the conditions and requirements of the GPL. The pristine source example, in particular, is designed to show step-by-step the process of verifying a complete, corresponding source release. There's certainly lots of great ideas for more work like this, and I think naming them in the BoF helped make some good connections between them.
Our thanks to everyone who attended and provided feedback. If you couldn't attend this BoF, don't worry. We'll be running similar sessions at other conferences over the next few months, and you can also provide feedback on our principles-discuss mailing list. We want to hear from as much of the community as possible, so if you have questions or comments about our Linux compliance work, we hope we'll hear from you soon.
Please email any comments on this entry to firstname.lastname@example.org.