Changeset - 29e2d38e9db0
[Not reviewed]
0 1 0
Bradley Kuhn (bkuhn) - 9 years ago 2014-11-12 03:02:38
bkuhn@ebb.org
Wrote section on "grey hat" GPL enforcement.

The inspiration for this section came from the pasted text, which
ultimately whitewashed this well-known and complex situation. While my
new text likely has the biases inherent in a COGEO-oriented focused
document, so perhaps future patches that soften that side of it would be
helpful.

However, I believe generally that the new section describes the
situation substantially better than the terse pasted text that lauded
it.

Finally, this section is written to build up to some level of crescendo,
since the conclusion immediately follows it.
1 file changed with 48 insertions and 13 deletions:
0 comments (0 inline, 0 general)
compliance-guide.tex
Show inline comments
...
 
@@ -1401,19 +1401,54 @@ who has chosen to modify.
 
% distribution of Javascript on the Web is becoming more frequent
 
%FIXME-soon: END
 

	
 

	
 
% FIXME-URGENT: integrate, and rewrite so it doesn't laud behavior that is
 
% ultimately problematic.
 
\section{FIXME}
 

	
 
companies have often formed beneficial consulting or employment relationships
 
with project developers they first encountered through compliance
 
inquiries. In some cases, working together to alter the mode of use of the
 
project’s code in the company’s products was an explicit element in dispute
 
resolution. More often, the communication channels opened in the course of
 
the inquiry served other and more fruitful purposes later.
 

	
 
%FIXME-URGENT: END
 
\section{Beware The Consultant in Enforcers' Clothing}
 

	
 
There are admittedly portions of the GPL enforcement community that function
 
somewhat like the
 
\href{http://en.wikipedia.org/wiki/Hacker_%28computer_security%29#Classifications}{computer
 
  security and network penetration testing hacker community}.  By analogy,
 
most COGEO's consider themselves
 
\href{http://en.wikipedia.org/wiki/White_hat_%28computer_security%29}{white hats},
 
while some might appropriately call
 
\hyperref[Proprietary Relicensing]{proprietary relicensing} by the name ``\href{http://en.wikipedia.org/wiki/Hacker_%28computer_security%29#Black_hat}{black hats}''.
 
And, to finalize the analogy, there are indeed few
 
\href{http://en.wikipedia.org/wiki/Grey_hat}{grey hat} GPL enforcers.
 

	
 
Grey hat GPL enforcers usually have done some community-oriented GPL
 
enforcement themselves, typically working as a volunteer as a COGEO, but make
 
their living as a ``hired gun'' consultant to find GPL violations and offer
 
to ``fix them'' for companies.  Other such operators hold copyrights in some
 
key piece of copylefted software and enforce as a mechanism to find out who
 
is most likely to fund improvements on the software.
 

	
 
A few stories abound in the GPL enforcement community that companies have
 
often formed beneficial consulting or employment relationships with
 
developers they first encountered through enforcement.  In some cases,
 
working together to alter the mode of use of the project’s code in the
 
company’s products was an explicit element in dispute resolution.  More
 
often, the communication channels opened in the course of the inquiry served
 
other and more fruitful purposes later.
 

	
 
Feelings and opinions about this behavior are mixed within the larger
 
copyleft community.  Some see it as a reasonable business model and others
 
renounce it as corrupt behavior.  However, from the point of view of a GPL
 
violator, the most important issue is to determine the motivations of the
 
enforcer.  The COGEOs such as the FSF and Conservancy have made substantial
 
public commitments to enforce in a way that is uniform, transparent, and
 
publicly documented.  Since these organizations are public charities, they
 
are accountable to the IRS and the public at large in their annual Form 990
 
filings, and everyone can examine their revenue models and scrutinize their
 
work.
 

	
 
However, entities and individuals who do GPL enforcement centered primarily
 
around a profit motive are likely the most dangerous enforcement entities for
 
one simple reason: an agreement to comply fully with the GPL for past and
 
future products, which is always the paramount goal to COGEOs, may not be an
 
adequate resolution for a proprietary relicensing company or grey hat GPL
 
enforcer.  Therefore, violators are advised to consider carefully who has
 
made the enforcement inquiry and ask when and where they have made public
 
commitments and reports regarding their enforcement work, perhaps asking them
 
to directly mimic the detailed public disclosures done by COGEOs.
 

	
 
\chapter{Conclusion}
 

	
0 comments (0 inline, 0 general)