Conservancy and Bro Announce End to Bro's Member Project Status
byon June 4, 2018
Software Freedom Conservancy, a charity that provides a home to free and open source software projects, and the Bro Leadership Team announce that the Bro Project, an open source network traffic analysis framework, will end its status as a Conservancy member project.
During its time with Conservancy the Bro project successfully raised funds and spent them effectively to support the community. For example, Conservancy helped Bro manage a substantial MOSS grant, which created an ecosystem for Bro community contributions through the new Bro package manager & repository. Conservancy also supported three conferences as well as smaller workshops, helped acquire trademarks for the project, and assisted in many other ways. In recognition of all of this work, the Bro Leadership Team is donating $10,000 to the Conservancy’s general fund to aid them in their ongoing efforts to promote and support software freedom and provide a home to other member projects.
The mutual decision for Bro to leave Conservancy is a result of the changing nature of Bro’s community of core contributors, and the diminished fit between the rapidly growing project and Conservancy’s charitable goals and corresponding services. Conservancy will assist Bro moving back to the International Computer Science Institute (ICSI)—the project’s previous home for more than a decade.
When the Bro project first joined Conservancy more than three years ago, the project was primarily a collaboration between two different academic institutions: ICSI and the National Center for Supercomputing Applications (NCSA). At that time, Bro’s development was funded mostly through substantial awards by the U.S. National Science Foundation (NSF), who set out to advance Bro into a powerful security tool for the nation’s education environments and scientific institutions.
Today, the Bro community looks different. With the NSF funding winding down, the team at the NCSA that heavily contributed to Bro for nearly a decade has significantly reduced their work on the project. Most of the core team of Bro is now affiliated with Corelight, placing the company at the center of Bro’s future development—which mismatches Conservancy’s charitable mission. While Bro’s strong footing in the academic community remains, the Bro user community overall has expanded from the public sector to the private sector. This shift has also been reflected in Bro conference attendance. These successes and rapid changes have led to an evolution of the project such that its trajectory is less of an apt match to Conservancy’s goals and services.
Going forward, ICSI will once again provide the Bro Leadership Team with asset and financial management as the project moves into a new phase of its life cycle. The Bro Leadership Team will continue to steer the project’s overall direction as an independent entity working in the best interest of Bro’s large and diverse open-source community, and Conservancy is fully committed to helping Bro transition smoothly to its new home.
Congratulations to Tesla on Their First Public Step Toward GPL Compliance
byon May 18, 2018
Conservancy rarely talks publicly about specifics in its ongoing GNU General Public License (GPL) enforcement and compliance activity, in accordance with our Principles of Community Oriented GPL Enforcement. We usually keep our compliance matters confidential — not for our own sake — but for the sake of violators who request discretion to fix their mistakes without fear of public reprisal. As occurred a few years ago with Samsung, we're thrilled when a GPL violator decides to talk about their violation and works to correct it publicly. This gives us the opportunity to shine light on the real-world work of GPL and copyleft compliance.
We're thus glad that, this week, Tesla has acted publicly regarding its current GPL violations and has announced that they've taken their first steps toward compliance. While Tesla acknowledges that they still have more work to do, their recent actions show progress toward compliance and a commitment to getting all the way there.
Conservancy has been engaging with Tesla on its GPL compliance since June 2013, when we advised Tesla that we had received multiple reports of a GPL violation regarding Tesla's Model S. Customers who purchased Tesla's Model S received on-board system(s) that contained BusyBox and Linux, but did not receive any source code, nor an offer for the source. In parallel, we also asked other entities to advise Tesla about GPL compliance. We know that Tesla received useful GPL compliance advice from multiple organizations, in addition to us, over these years.
For our part, since we first contacted Tesla, we have been working with them collaboratively in various ways to convince their original upstream providers, NVIDIA and Parrot, to disclose complete, corresponding source (CCS) releases for all GPL'd binaries found in Tesla's Model S. During that time, Tesla privately provided Conservancy with multiple rounds of “CCS candidates“. (These are source code releases that are not yet complete and corresponding as required by the GPL.) Conservancy in turn reviewed their CCS candidates and provided technical feedback on how to improve the candidates to reach compliance. In this process, we provide detailed reports explaining how the candidate releases fall short of GPL's requirements. This part of the process is the longest, most difficult part of GPL enforcement. We often wish we could celebrate the triumph of moving from a no-source-or-offer violation to the next step of “incomplete sources provided”1. However, we also can't lose sight of the fact that compliance means meeting all GPL's requirements, so we don't convey false hopes with an incomplete release. We must ultimately remain focused on user freedom in our efforts.
This week, Tesla took a new and different approach. Tesla elected to publish its incomplete CCS candidates, on the online software development collaboration site, GitHub. While our preference is that companies provide adequate CCS immediately, we realize that this can be a challenging process and recognize that Tesla has struggled for years with upstreams to yield proper CCS. We believe Tesla's new approach also has merit, because it allows the entire community to discuss and contribute in public and collaboratively assist Tesla in complying with the GPL. In a case like this, engagement in the community may be an ideal way to transparently assure that compliance is achieved.
We look forward to facilitating Tesla with this new approach to compliance. Toward that end, Conservancy has created a public mailing list to discuss Tesla's source release (and, ideally, to also discuss other CCS candidates if other GPL violators choose to also take this approach.) The first post to this mailing list is our CCS candidate evaluation report 1, written by our Compliance Engineer, Denver Gingerich.
CCS reports have been the standard document of GPL enforcement since 1998. Conservancy has probably produced hundreds of such reports since we began. However, this marks the first time that circumstances have allowed us to share such a report with the public without violating our Principles. We're excited to do that, thanks to Tesla's willingness to engage everyone in their GPL compliance process.
We know many of you, particularly those Linux-savvy folks who bought Tesla vehicles, have reached high levels of frustration with the lengthy time this GPL compliance effort is taking. Nevertheless, this situation shows precisely why patience is essential for successful enforcement work; it gives us the opportunity to welcome violators to become contributors to the copyleft software community. Our community's history is filled with such success stories. To that end, we ask that everyone join us and our coalition in extending Tesla's time to reach full GPL compliance for Linux and BusyBox, not just for the 30 days provided by following GPLv3's termination provisions, but for at least another six months.
We welcome those interested in the CCS evaluation process to join the mailing list, as this marks one of the few opportunities to engage pubilcly in CCS evaluation. Additionally, anyone who holds copyrights in Linux may join our enforcement coalition of Linux Developers by writing to <firstname.lastname@example.org>
1 While Tesla partly corrected the violation yesterday by making some offers for source, the source provided is not complete, corresponding source with complete “scripts used to control compilation and installation of the executable”. Denver's email outlines the specific, current compliance failures.
Update on Trademark Action (Fraud Claim Dismissed, New Filing)
byon April 30, 2018
This sensible ruling is just the next step of many; the suit will proceed at the usual near-glacial pace of litigation. On Friday, we moved to the next procedural step, which is to ask the TTAB to allow us to update our answer as planned.
UPDATE: as of 2018-08-24, the Summary Judgement motion is refiled and pending before the TTAB.
We continue steadfast in our previous position: the entire matter remains a waste of resources for both organizations, and SFLC should do the honorable and right thing and simply withdraw their complaint.
Conservancy at LibrePlanet 2018
byon March 22, 2018
March 24-25th hundreds of free software activists, community managers, hackers, legal experts, and all around fans will meet in Cambridge, MA for LibrePlanet 2018, the Free Software Foundation's annual conference and members meeting.
Topics covered include copyleft, the usibility of the GPL, medical devices, and free software in business.
State of the copyleft union
Bradley Kuhn, Distinguished Technologist
The license-importance divide seems almost generational: the older generation cares about licenses, and the younger generation does not. Yet, the historical focus on licensing in FLOSS, while occasionally prone to pedantry to a degree only developers can love, stemmed from serious governance considerations regarding how community members interact.
Copyleft was invented to solve the many problems of project governance, assuring the rights of users and creating equal footing for all contributors. The licensing infrastructure today also has increased in complexity, with proprietary relicensing business models, excessive use of CLAs, and tricky clauses on top of existing licenses.
Given this climate, how do we understand if copyleft is succeeding? This talk explores historical motivations and modern reactions to these licensing matters, and digs into understanding how policies have impacted Free Software communities for both good and ill.
A usability study of the GPL
Brett Smith, Director of Strategic Initiatives
We want software creators to use the GPL and its cousin licenses. We also know that people make mistakes in the process, or don’t even try because they’ve heard it’s "too complicated." Just as we do when we develop software, we would do well to study these failures and use them as opportunities to improve the usability of the GPL. This talk aims to start that process by identifying some known problems and considering some possible solutions. (None of these solutions are a new version of the license!)
Copyleft, Diversity & Critical Infrastructure
Karen Sandler, Executive Director
GPL enforcement and Outreachy are the two most visible and controversial programs that Conservancy undertakes. In this talk, Karen will explore how the programs fit together in the context of software freedom generally. Karen will review her work around medical devices and critical infrastructure and show how seemingly disparate initiatives fit into a single advocacy narrative.
Freedom, devices, and health
Mad Price Ball, Rachel Kalmar, Dana Lewis, Karen Sandler
When it comes to health, freedom is literally visceral. How do the principles of freedom apply to the devices used for medicine, health, and wellness? Moderated by Mad Price Ball, a Shuttleworth Foundation Fellow, this panel introduces leaders that bridge industry, community, and individual experiences. Rachel Kalmar (Berkman Klein Center), uses her experience with sensors and wearables to confront how devices and their data interact with a larger ecosystem. Dana Lewis (OpenAPS) connects us to health communities, and her work with the Nightscout project and patient-led efforts in type 1 diabetes. Karen Sandler (Software Freedom Conservancy) shares her experience as an individual with a device close to her heart: a defibrillator she uses, as a matter of life or death -- and she cannot get the source code to it. Join us to learn about how freedom matters for devices in health.
In business: Keeping free software sustainable
Denver Gingerich, Compliance Engineer
Starting a business is a big decision, and choosing to share its results with the world is perhaps bigger still. Denver started JMP early last year, and faced this very choice, deciding to release all of JMP's code as free software and to charge money to use the instance he runs. In this session, Denver will describe why he chose to build a free software business, and will discuss the details of the business model he arrived at, alongside other business models for free software companies.
Few contributors are paid to work on free software today, and far fewer are paid by non-profit organizations (or even by small businesses). It is imperative for us to explore how we can sell free software, especially through non-profits and small businesses, so we can bring freedom to more people and, just as importantly, build sustainable futures for our contributors.
More information is available on the LibrePlanet 2018 website.
Organized by the FSF, LibrePlanet is focused entirely on user freedom. We hope to see you there, in our talks or at the Conservancy booth in the exhibit hall.