I hereby waive the Chatham House Rule for this talk
This obviously only applies to what I say and not any questions / comments by others
Developer, as technical as it gets
[system level] software development
[digital] electronics engineering
autodidact [never went to university]
developing Free / Open Source Software since late 1990s
1999-2008: mostly working on Linux
2008-present: mostly working on FOSS in telecommunications
not a lawyer!
Early middle ages between roman empire and renaissance
approximately 5th .. 10th century in Europe
time of intellectual darkness (ignorance and error)
GPL first established in 1989
Linux first released in 1991
GPLv2 applied to Linux in 1992
15-year old Harald starts using Linux in 1994
shortly thereafter: Deploying Linux based systems at schools and other places, first as a volunteer, later professionally
20-year old Harald starts hacking on Linux in 1999
Around 2000: Many companies are deploying GNU/Linux systems
2002: Linux based WiFi routers appear on the market (Linksys WRT54G)
2003: netfilter/iptables project starts GPL enforcement
2004: gpl-violations.org project starts as more embedded devices use Linux without license compliance
no copy of the license[s] passed along with product
no source code passed along with product
no source code provided along with software updates
no written offer on how to obtain source code
So, basically, 100% non-compliant
Usually, at that time, companies
had no Open Source Program Office
had no legal knowledge about FOSS licensing
had no related internal processes
not for the software supply chain
not for internal R&D work
Typical sequence of events:
obtain test-purchase of a product
reverse engineering to obtain proof that the product contains Linux
verification that no source code nor written offer is included
send a warning letter, requesting source code + declaration to cease + desist
verify completeness, if company responds
apply for preliminary injunction, if deadline expires without cease + desist
clarify legal situation for everyone
put an end to industry claims about GPL not being possible to enforce
Get our hands on the sources (example: For OpenWRT or other alternative software
make everyone aware that FOSS licenses do have obligations
If the police never did speed checks, nobody would respect the speed limit!
establish processes
look at supply chain (SPDX, SBOM, …)
develop tooling
mostly driven by requirements of customers towards their suppliers
copy of license[s] passed along with product
even if the product contains no code under that license [license text carpet bombing]
written offer is passed along with product + firmware update
source code possibly not provided upon inquiry
source code possibly not complete + corresponding
We’ve seen 20 years of improved processes
Processes focused on compliance "on paper"
Those processes lead to real compliance at times
Still noticeable number of non-compliant embedded Linux products :(
some of those even in the same market as Linksys > 20 years ago :(
upstream FOSS projects want [modified] source code
to be able to integrate fixes / extensions
to enable end users to run [possibly their own modified] versions
GPL is a legal hack trying to approximate what goal via copyright
upstream FOSS projects usually not interested in exact to-the-letter compliance, as long as complete corresponding source code is made available
license compliance is important
please don’t focus only on process / checklists / on-paper compliance
keep in mind the purpose of license compliance
GPL compliance situation is still far from perfect
Please think of the developer, not [just] the bureaucrat!
to Armijn Hemel for his help
to Dr. Till Jaeger and his team at JBB for legal support
to everyone else supportive in the community
to the Open Compliance Summit team for inviting me
Questions? Comments?
You can reach me * here at the Open Compliance Summit * by e-mail at laforge@gnumonks.org
End of File