The Principles of Community-Oriented GPL Enforcement
The GNU General Public License (GPL) is the principal copyleft license. Copyleft is a framework that permits ongoing sharing of a published work, with clear permissions that both grant and defend its users' freedoms — in contrast to other free licenses that grant freedom but don't defend it. Free software released under the GPL is fundamental to modern technology, powering everything from laptops and desktops to household appliances, cars, and mobile phones, to the foundations of the Internet. Following the GPL's terms is easy — it gets more complicated only when products distributed with GPL'd software also include software distributed under terms that restrict users. Even in these situations, many companies comply properly, but some companies also try to bend or even break the GPL's rules to their perceived advantage.
The Software Freedom Conservancy regularly engages in worldwide efforts to ensure compliance with the GPL family of licenses. Conservancy has enforced the GPL for many of its member projects since its founding in 2006. Conservancy also helped published, and hosts, Copyleft and the GNU General Public License: A Comprehensive Tutorial and Guide (often called the “Copyleft Guide”), which includes sections such as “A Practical Guide to GPL Compliance” and “Case Studies in GPL Enforcement”. Those sections explain the typical process that Conservancy follows in our GPL enforcement actions. (A Shorter descriptions of these processes appeared in earlier blog post.)
As stalwarts of the community's freedom, we act as a proxy for users when companies impede the rights to copy, share, modify, and/or redistribute copylefted software. We require all redistributors to follow the GPL's requirements in order to protect all the users' freedom, and secondarily to support businesses that respect freedom while discouraging and penalizing bad actors.
Copyleft is based on copyright; it uses the power of copyright to defend users' freedom to modify and redistribute rather than to hinder modification and redistribution. A traditional copyright license is violated by giving the work to others without permission; a copyleft license is violated by imposing restrictions to prevent further redistribution by others. Nevertheless, with their basis in copyright law, copyleft licenses are enforced through the same mechanisms — using the same vocabulary and processes — as other copyright licenses. We must take care, in copyleft enforcement, to focus on the ultimate freedom-spreading purpose of copyleft, and not fall into an overzealous or punitive approach, or into legitimizing inherently unjust aspects of the copyright regime. Therefore Conservancy does enforcement according to community-oriented principles originally formulated by other community leaders in 2001.
Guiding Principles in Community-Oriented GPL Enforcement
- Our primary goal in GPL enforcement is to bring about GPL compliance. Copyleft's overarching policy goal is to make respect of users' freedoms the norm. The GNU GPL's text is designed towards this end. Copyleft enforcement done in this spirit focuses on stopping incorrect distribution, encouraging corrected distribution, and addressing damage done to the community and users by the past violation. Addressing past damage often includes steps to notify those who have already received the software how they can also obtain its source code, and to explain the scope of their related rights. No other ancillary goals should supersede full compliance with the GPL and respect for users' freedoms to copy, share, modify and redistribute the software.
- Legal action is a last resort. Compliance actions are primarily education and assistance processes to aid those who are not following the license. Most GPL violations occur by mistake, without ill will. Copyleft enforcement should assist these distributors to become helpful participants in the free software projects on which they rely. Occasionally, violations are intentional or the result of severe negligence, and there is no duty to be empathetic in those cases. Even then, a lawsuit is a last resort; mutually agreed terms that fix (or at least cease) further distribution and address damage already done are much better than a battle in court.
- Confidentiality can increase receptiveness and responsiveness. Supporters of software freedom rightly view confidentiality agreements with distrust, and prefer public discussions. However, in compliance work, initiating and continuing discussions in private demonstrates good faith, provides an opportunity to teach compliance without fear of public reprisal, and offers a chance to fix honest mistakes. Enforcement actions that begin with public accusations are much more likely to end in costly and lengthy lawsuits, and less likely to achieve the primary goal of coming into compliance. Accordingly, enforcers should, even if reluctantly, offer confidentiality as a term of settlement. If it becomes apparent that the company is misusing good faith confidentiality to cover inaction and unresponsiveness, the problems may be publicized, after ample warning.
- Community-oriented enforcement must never prioritize financial gain. Financial penalties are a legitimate tool to achieve compliance when used judiciously. Logically, if the only penalty for violation is simply compliance with the original rules, bad actors will just wait for an enforcement action before even reading the GPL. That social model for copyleft and its enforcement is untenable and unsustainable. An enforcement system without a financial penalty favors bad actors over good ones, since the latter bear the minimal (but non-trivial) staffing cost of compliant distribution while the former avoid it. Copyright holders (or their designated agent) therefore are reasonable to request compensation for the cost of their time providing the compliance education that accompanies any constructive enforcement action. Nevertheless, pursuing damages to the full extent allowed by copyright law is usually unnecessary, and can in some cases work against the purpose of copyleft.
- Community-oriented compliance work does not request nor accept payment to overlook problems. Community-oriented enforcement cannot accept payments in exchange for ignoring a violation or accepting incomplete solutions to identified compliance problems. Ideally, copyright holders should refuse any payment entirely until the distributor repairs the past violation and commits formally (in writing) to plans for future compliance.
- Community-oriented compliance work starts with carefully verifying violations and finishes only after a comprehensive analysis. This means fully checking reports and confirming violations before accusing an entity of violating the GPL. Then, all of the relevant software should be examined to ensure any compliance problems, beyond those identified in initial reports and those relating to any clauses of the relevant licenses, are raised and fixed. This is important so that the dialogue ends with reasonable assurance for both sides that additional violations are not waiting to be discovered. (Good examples of compliance already exist to help distributors understand their obligations.)
- Community-oriented compliance processes should extend the benefit of GPLv3-like termination, even for GPLv2-only works. GPLv2 terminates all copyright permissions at the moment of violation, and that termination is permanent. GPLv3's termination provision allows first-time violators automatic restoration of distribution rights when they correct the violation promptly, and gives the violator a precise list of copyright holders whose forgiveness it needs. GPLv3's collaborative spirit regarding termination reflects a commitment to and hope for future cooperation and collaboration. It's a good idea to follow this approach in compliance situations stemming from honest mistakes, even when the violations are on works under GPLv2.
These principles are not intended as a strict set of rules. Achieving compliance requires an understanding of the violator's situation, not so as to excuse the violation, but so as to see how to bring that violator into compliance. Copyleft licenses do not state specific enforcement methodologies (other than license termination itself) in part because the real world situation of GPL violations varies; rigidity impedes success.
In particular, this list of principles purposely does not seek to create strict criteria and/or “escalation and mediation rules” for enforcement action. Efforts to do that limit the ability of copyright holders to use copyleft licenses for their intended effect: to stand up for the rights of users to copy, modify, and redistribute free software.
The GPL, enforced when necessary according to these principles, provides a foundation for respectful, egalitarian, software-sharing communities.
Copyright © 2021, Software Freedom Conservancy.
Copyright © 2015, Free Software Foundation, Inc., Software Freedom Conservancy, Inc., Bradley M. Kuhn, Allison Randal, Karen M. Sandler.
Licensed under the Creative Commons Attribution-ShareAlike 4.0 International License.
The copyright holders ask that per §3(a)(1)(A)(i) and §3(a)(1)(A)(v) of that license, you ensure these two links (, ) are preserved in modified and/or redistributed versions.