The Importance of Following Community-Oriented Principles in GPL Enforcement Work

Bradley M. Kuhn and Karen M. Sandler info at
Tue Jul 19 17:29:47 UTC 2016


     (Web version includes various links)

The GNU General Public License (GPL) was designed to grant clear
permissions for sharing software and to defend that freedom for
users. GPL'd code now appears in so many devices that it is fundamental
to modern technology. While we believe that following the GPL's
requirements is neither burdensome nor unreasonable, many fail to do
so. GPL enforcement — the process to encourage those who fail to correct
problems and join our open software development community — is difficult

Our community learned together over the last 20 years how to do this
work well. Last year, Conservancy published the concise but
comprehensive Principles of Communited-Oriented GPL Enforcement. The
Principles were immediately endorsed by Conservancy, FSF and — the three historic community-oriented GPL
enforcement organizations, as well as other non-enforcing organizations
such as OSI. Recently, these principles were also by the Netfilter team,
a core and essential group of Linux developers. However, despite our
best efforts, we have been unable to convince all enforcers to endorse
these Principles. Here, we express our concern and desire to ameliorate
that situation as best we can. Furthermore, we also bring some
transparency and context where enforcers seem unlikely to ever endorse
the Principles.

One impetus in drafting the Principles was our discovery of ongoing
enforcement efforts that did not fit with the GPL enforcement community
traditions and norms established for the last two decades. Publishing
the previously unwritten guidelines has quickly separated the wheat from
the chaff. Specifically, we remain aware of multiple
non-community-oriented GPL enforcement efforts, where none of those
engaged in these efforts have endorsed our principles nor pledged to
abide by them. These “GPL monitizers”, who trace their roots to
nefarious business models that seek to catch users in minor violations
in order to sell an alternative proprietary license, stand in stark
contrast to the work that Conservancy, FSF and have
done for years.

Most notably, a Linux developer named Patrick McHardy continues ongoing
GPL enforcement actions but has not endorsed the community
Principles. When Patrick began his efforts, Conservancy immediately
reached out to him. After a promising initial discussion (even
contemplating partnership and Patrick joining our coalition) in
mid-2014, Patrick ceased answering our emails and text messages, and
never cooperated with us. Conservancy has had no contact with Patrick
nor his attorney since, other than a somewhat cryptic and off-topic
response we received over a year ago. In the last two years, we've heard
repeated rumors about Patrick's enforcement activity, as well as some
reliable claims by GPL violators that Patrick failed to follow the

In one of the many attempts we made to contact Patrick, we urged him to
join us in co-drafting the Principles, and then invited him to endorse
them after their publication. Neither communication received a
response. We informed him that we felt the need to make this public
statement, and gave him almost three months to respond. He still has not

Patrick's enforcement occurs primarily in Germany. We know well the
difficulties of working transparently in that particular legal system,
but both and Conservancy have done transparent
enforcement in that jurisdiction and others. Yet, Patrick's actions are
not transparent.

In private and semi-private communications, many have criticized Patrick
for his enforcement actions. Patrick McHardy has also been suspended
from work on the Netfilter core team. While the Netfilter team itself
publicly endorsed Conservancy's principles of enforcement, Patrick has
not. Conservancy agrees that Patrick's apparent refusal to endorse the
Principles leaves suspicion and concern, since the Principles have been
endorsed by so many other Linux copyright holders, including

Conservancy built a coalition of many copyright holders for Linux
enforcement so that we as copyright holders in Linux could share with
each other our analysis, strategy, plans and diplomacy. Much like Linux
development itself, enforcement functions best when copyright holders
collaborate as equals to achieve the desired result. In coding, Linux
copyright holders seek to create together the best operating system
kernel in history, and in an enforcement coalition like ours, we seek to
achieve proper compliance in the best possible way for the
community. (More collaboration is always better for various reasons, and
we always urge copyright holders in Linux, Debian, Samba, and BusyBox to
join our coalitions.)

Nevertheless, Conservancy does not object to individual copyright
holders who wish to enforce alone; this is their legal prerogative, and
with such limited resources for (and political opposition against) GPL
enforcement on Linux, everyone who wants to help is welcome. However,
Conservancy must denounce anyone who refuses to either endorse the
Principles, or (at least) publicly explain why the Principles are not
consistent with their efforts to advance software freedom.

There are few public facts on Patrick's enforcement actions, though
there are many rumors. That his enforcement work exists is indisputable,
but its true nature, intent, and practice remains somewhat veiled. The
most common criticism that we hear from those who have been approached
by Patrick is an accusation that he violates one specific Principle:
prioritizing financial gain over compliance. Meanwhile, some who
criticize Conservancy's enforcement efforts ironically believe we are
“too nice” — because we don't seek to maximize financial gain, and
therefore we ultimately fund some license compliance work with donations
from the general public. Despite that criticism, and the simple fact
that Conservancy's settlement funds from GPL enforcement usually fail to
cover even the staffing costs associated with our enforcement efforts,
we continue to abide by the Principle that compliance is paramount over
monetary damages. While we sympathize with those who wish GPL
enforcement would fund itself, we also see clear problems if an enforcer
prioritizes financial gain over compliance — even if the overarching
goal is more comprehensive enforcement in other areas.

Conservancy does all our enforcement specifically through a USA
501(c)(3) charity, precisely because that makes us transparently
financially accountable. The IRS requires that our work benefit the
general public and never bestow private inurement to anyone. Success in
enforcement should never personally benefit one individual financially,
and a charity structure for GPL enforcement ensures that never
happens. Furthermore, the annual Form 990 filings of charities allows
for public scrutiny of both enforcement revenue and expenditure [1].

Conservancy, as a charity in the center of GPL enforcement, seeks to
make enforcement transparent. We devised the Principles in part to
clarify long-standing, community-accepted enforcement procedures in a
formalized way, so that violators and GPL-compliant adopters alike can
discern whether enforcement behavior is acceptable under community
norms. We welcome public debate about any enforcement action's
compliance with the Principles (i.e., its meta-compliance with the
Principles). We encourage all those who enforce GPL to come forward to
either endorse the Principles, or publicly propose updates or
modifications to the Principles. (We've created the mailing list,
principles-discuss, as a public place for that discussion.) We urge
developers to state that they support enforcement undertaken in a
principled manner, including litigating only as a necessary last resort
and to never prioritize financial gain.

We chose the phrase “meta-compliance with the Principles”
carefully. Applying the Principles themselves to compliance with those
Principles seems apt to us. For example, we publicized the concerns
about Patrick's enforcement only after two years of good-faith attempts
to discuss the problems with him, and we waited for more than a year
before publicizing the problem, and only after both ample warning to
Patrick, and discussion and coordination with the Netfilter team. Just
as we would with a GPL violator, we exhausted every path we could find
before making this statement publicly.

Thus, we now call on Patrick to endorse the Principles or publicly
engage in good faith with the community to discuss proper methods of
enforcement. We further welcome anyone who does not currently abide by
these Principles to join us anew in our coordinated community-oriented
GPL enforcement work.

In conclusion, to contrast GPL enforcement with the much more common
proprietary software litigation, violators should always have a simple
and solid method to quickly resolve the rare legal action around the
GPL: compliance. GPL enforcers should always seek compliance as the
primary and paramount resolution to any enforcement matter. In this
manner, where community-oriented enforcement exists and thrives, the
risk for danger from lawsuits diminishes. Today's violators can then
become tomorrow's contributors.


[1] Looking at Conservancy's Form 990s, you can see by examining Page 2
    (Part III) (in FY 2011, see Page 25, Schedule O, for continuation)
    each year how much revenue Conservancy received from enforcement
    settlements, and how much Conservancy spends on license compliance
    activity. Most notably, Conservancy has not received a single dollar
    in GPL enforcement revenue since FY 2012.

URLs referenced:

Posted by Bradley M. Kuhn and Karen M. Sandler on July 19, 2016.
Please email any comments on this entry to info at

More information about the announce mailing list