LWN.net Logo

GnuTLS, copyright assignment, and GNU project governance

[LWN subscriber-only content]

Welcome to LWN.net

The following subscription-only content has been made available to you by an LWN subscriber. Thousands of subscribers depend on LWN for the best news from the Linux and free software communities. If you enjoy this article, please consider accepting the trial offer on the right. Thank you for visiting LWN.net!

Free trial subscription

Try LWN for free for 1 month: no payment or credit card required. Activate your trial subscription now and see why thousands of readers subscribe to LWN.net.

By Michael Kerrisk
December 20, 2012

Copyright assignment is a topic that brings out strong passions in the free software community, especially when the assignee is a corporate entity. Assignment to a nonprofit entity such as the Free Software Foundation (FSF) may eliminate some of the problems that can occur when assigning copyright to a company. However, recent events in the GnuTLS project are a reminder that copyright assignment can have a number of downsides even when assigning to a nonprofit chartered with the goal of protecting free software.

The problem with (corporate) copyright assignment

Copyright assignment tends to evoke polarized opinions in the free software community. On the one hand, various companies have promoted copyright assignment agreements as being in the best interests of free software—Canonical is perhaps the most prominent example in recent times. On the other hand, the community at large seems more skeptical of the value of these agreements; Michael Meeks is among those who put the counterarguments well. Project Harmony, an attempt to create a standardized set of copyright licensing agreements, has met with a chilly reception from various quarters of the community, and (so far) seems to have gained little traction in the free software world.

A blog post by Richard Stallman on the FSF web site highlights the most significant of the risks of assigning copyright when contributing code to a commercially owned free software project. One of the powers conferred by a copyright assignment agreement is control of the choice of license of the software: as the copyright owner, the assignee (alone) has the power to change the license of the project. Commonly, corporate copyright assignment agreements place no restriction on the choice of license that the assignee may in the future choose, thus putting a great deal of power in the hands of the assignee. As Richard notes:

[The company] could release purely proprietary modified or extended versions including your code. It could even include your code only in proprietary versions. Your contribution of code could turn out to be, in effect, a donation to proprietary software.

On the other hand, the Free Software Foundation requires copyright assignment for many of the projects hosted under the GNU umbrella. This is a choice of the project creators when making the project a GNU project. The main reason given for this is that being the sole copyright holder puts the FSF in the best position to enforce copyright in the event of a GPL violation. Of course, being the sole copyright owner also gives the FSF the ability to change the license on a GNU project. However, the motivations of a company and the FSF differ substantially: whereas a company is ultimately motivated by profit (and its motivations can change with shifting financial circumstances and changes of company ownership), the FSF is a non-profit charity chartered to further the interests of free software. Thus, its copyright assignment agreement includes an explicit promise that any future distribution of the work will be under some form of free software license.

GnuTLS and the FSF

GnuTLS is "a secure communications library implementing the SSL, TLS and DTLS protocols". The project was founded in 2000, under the GNU umbrella, by Nikos Mavrogiannopoulos. Over the life of the project, the other major contributor has been Simon Josefsson.

That there was a problem in the project became unmistakable on December 10, when Nikos posted the following note (entitled "gnutls is moving") to the gnutls-devel mailing list:

I'd like to announce that the development of gnutls is moving outside the infrastructure of the GNU project. I no longer consider GnuTLS a GNU project and future contributions are not required to be under the copyright of FSF. The reason is a major disagreement with the FSF's decisions and practices. We note however, that we _do_ support the ideas behind the FSF.

This elicited a rather blunt response (entitled "GNUTLS is not going anywhere") from Richard Stallman:

Nikos, when you volunteered to maintain GNUTLS, the GNU Project entrusted its development to you. Your contributions so far are appreciated. However, the project GNUTLS does not belong to you.

If you want to stop doing this job, you can. If you want to develop a fork of GNUTLS under another name, you can, since it is free software.

But you cannot take GNUTLS out of the GNU Project. You cannot designate a non-GNU program as a replacement for a GNU package. We will continue the development of GNUTLS.

Richard's response raises a number of interesting issues. The matter of ownership of the project name is perhaps the simplest, and was acknowledged by Nikos:

I pretty much regret transferring all rights to FSF, but it seems there is nothing I can do to change that. If I receive a formal request from FSF I'll change the name of gnutls and continue from there.

In the days since then, however, the name hasn't changed and there does not seem to have been a formal (public) request to do so. One possible reason for this might be found in a response to Richard's mail from Werner Koch (maintainer and primary author of GnuPG and libgcrypt, both of which are GNU projects):

Nikos started the development of GNUTLS under the GNU label on my suggestion. He is the principal author of GNUTLS and gave away his legal rights on that work without any compensation or help. The success of GNUTLS is not due to the GNU project but due to Nikos' and Simon's work […]

Claiming that the FSF has any moral rights on the name of that software is absurd.

Indeed, of the somewhat more than 11,000 commits in the GnuTLS Git repository, all but around 400 are by either Nikos or Simon. Simon has not spoken up in the current mail thread, but he remains an active contributor to the project.

Thus, while the FSF might have some legal claim on the project name based on common law trademarks, such a claim is, morally speaking, less clear. Furthermore, there are existing projects, such as gnuplot and Gnutella that riff on the "GNU" name without being official GNU projects; indeed, Gnutella does this despite an FSF request that the name should be changed. Also noteworthy in this context is the fact that the gnutls.org domain is registered to Nikos.

Having worked within the framework of the GNU project for 12 years, Nikos's reasons for wanting to move out of the project must have been important ones. In response to a question from Eli Zaretskii about his reasons, Nikos said:

The main issue is that I'm tired of pretending that I'm participating to a project I am only allowed to contribute code (and not even express a different opinion).

Nikos then went on to outline three criticisms of the FSF and GNU projects. The first of these related to copyright assignment:

(a) I felt particularly frustrated when FSF (when gnutls started around 2000) was insisting the transfer of the copyright to it, even though I had decided to transfer the copyright to FSFE (this is a very old issue but it had great influence on me as I realized that the transfer of rights was not simply for protection against copyright violations).

As Richard confirmed, assignment of copyrights for all GNU projects (that employ assignment) is solely to the US-based FSF, rather to one of the regional sister organizations (located in Europe, India, and South America). One can easily imagine a number of reasons for this state of affairs. Given the FSF's desire to have a single copyright holder, it makes sense to assign all copyrights in an individual GNU project to a single entity, and for administrative and legal reasons it is probably simpler to assign copyrights for all projects to the same entity.

However, one can also imagine that when the primary developers of a project reside outside the US—both Nikos and Simon are in Europe—the requirement to assign to the US-based FSF, rather than FSF Europe, is irksome. In addition, the FSF Europe tends to have a quieter, less confrontational style of working than its US counterpart, which may also have been a factor in Nikos desire to assign copyright to the European organization.

The other theme that came out in Nikos's criticisms was the problem of feeling figuratively distanced from the parent project:

(b) The feeling of participation in the GNU project is very low, as even expressing a different opinion in the internal mailing lists is hard if not impossible.
(c) There is no process for decision making or transparency in GNU. The only existing process I saw is "Stallman said so"…

The lack of openness was a theme echoed by Werner in reply to Eli's question:

I can't speak for Nikos, but there are pretty obvious reasons knowable to all GNU maintainers. I don't know whether you, as GDB maintainer, are subscribed and follow gnu-prog-discuss@gnu.org. We had a long discussion a year ago about the way the GNU project is managed and first of all about all of the secrecy involved there. The occasion was a request to have at least an open archive of the g-p-d list, so that non-GNU hackers would be able to learn about architectural discussions pertaining to the GNU project.

The content of the discussion that Werner refers to is, of course, unavailable, so it is difficult to gain further insight into why discussions on the gnu-prog-discuss mailing list need to be secret.

Clearly, at least a few GNU project maintainers are quite unhappy with the current governance of the umbrella project. And when a maintainer of twelve years' standing wants out of the GNU project, that suggests that there are some serious governance problems.

Of course, this is hardly the first time that governance issues have caused significant division in GNU projects. The GCC project is one of the most notable cases, providing an example both in the late 1990s, with the egcs fork of the GCC compiler (where the fork ultimately supplanted the original GCC project inside the GNU project), and more recently when questions on plugin licensing led the FSF to pressure the GCC project to delay the GCC 4.4 release, to the disgruntlement of many GCC hackers.

The problems of assigning copyright to a nonprofit

The events in the GnuTLS project reveal a number of the problems of copyright assignment that remain even when assigning to a nonprofit such as the FSF.

The first of these problems has already been shown above: who owns the project? The GnuTLS project was initiated in good faith by Nikos as a GNU project. Over the lifetime of the project, the vast majority of the code contributed to the project has been written by two individuals, both of whom (presumably) now want to leave the GNU project. If the project had been independently developed, then clearly Nikos and Simon would be considered to own the project code and name. However, in assigning copyright to the FSF, they have given up the rights of owners.

The mailing list thread also revealed another loss that developers suffer when signing a copyright assignment agreement. As noted above, the ability of the FSF—as the sole copyright holder—to sue license violators is touted as one of the major advantages of copyright assignment. However, what if, for one reason or another, the FSF chooses not to exercise its rights? Juho Vähä-Herttua raised this point in the mail thread:

As a side note, I find Werner's accusations, as written on his blog, of FSF not defending its rights in case of GnuPG copyright violations very serious. When a copyright holder transfers their rights to FSF they also transfer their rights to defend against copyright violations.

The blog post that Juho refers to questions a number assumptions around FSF copyright assignment. In the post, Werner states:

My experience with GnuPG and Libgcrypt seems to show that the FSF does not care too much about [copyright violations]. For example, at least two companies in Germany sold crypto mail gateways with OpenPGP support provided by GnuPG; they did not release the source code or tell the customers about their rights. The FSF didn't act upon my requests to stop them violating their (assigned) copyright on GnuPG.

Once a developer assigns copyright, they are at the mercy of the assignee to enforce the copyright. In this particular case, one can speculate that the failure to pursue the violation was likely a shortage of human resources. As Richard noted, "We have staff for GPL enforcement, […] but there are so many violations that they can't take action on all."

But that very response throws into question the wisdom of assigning a large number of copyrights to a resource-starved central organization. A more distributed approach to dealing with copyright violations would seem more sensible. And indeed, organizations such as gpl-violations.org and the Software Freedom Conservancy have shown that the GPL violations can be successfully fought without being the sole copyright holder in a work of code. By now, the argument that copyright assignment is necessary to successfully enforce free software licenses is rather weak.

Werner outlines a few other problems with FSF copyright assignment. One of these is the seemingly arbitrary nature of copyright assignment across GNU projects. He points out that there are two cryptographic libraries that are part of the GNU project, one of which (libgcrypt) requires copyright assignment while the other (Nettle) does not. The seeming arbitrariness in this example was further emphasized by the fact that GnuTLS (which, as we already saw, requires copyright assignment) switched from using libgcrypt to using Nettle.

The rationale that copyright assignment is necessary to allow relicensing also strikes Werner as dubious. He considers the two likely scenarios for relicensing GPLed software. One of these is relicensing to a later version of the GPL. This scenario is in most cases already covered by the default "or later" language that is usually applied to software licensed under the GPL. Although there are projects that deliberately exclude the "or later" clause when applying the GPL—most notably the Linux kernel—it's likely that few or no GNU projects exclude that clause. Projects that exclude the "or later" language of the GPL are likely also to avoid using copyright assignment.

The other likely scenario for relicensing a GPL project is to relax the license constraints—for example, switching from GPL to LGPL, so as to allow interoperability with software that is not under a GPL-compatible license. Such relicensing can be performed even when the project lacks a copyright assignment (as was recently done for portions of the VLC code base). However, this requires a formidable effort to obtain permissions from all contributors. But, Werner points out, the FSF has in practice rarely been interested in relaxing licensing constraints in this way.

In summary, using copyright assignment as a tool to allow relicensing seems to serve little practical use for the FSF, and comes at the cost of removing the contributor's freedom to relicense their code.

Werner's blog post highlighted one more problem with copyright assignment—a problem that occurs with assignment both to companies and to nonprofits. The requirement to sign a copyright assignment agreement imposes a barrier on participation. Some individuals and companies simply won't bother with doing the paperwork. Others may have no problem contributing code under a free software license, but they (or their lawyers) balk at giving away all rights in the code. In general, those contributors just silently fail to appear. By chance, a discussion on copyright assignment is currently taking place in the Gentoo project, where Greg Kroah-Hartman, a long-standing contributor to the project, commented on this point:

On a personal note, if any copyright assignment was in place, I would never have been able to become a Gentoo developer, and if it were to be put into place, I do not think that I would be allowed to continue to be one. I'm sure lots of other current developers are in this same situation, so please keep that in mind when reviewing this process.

To illustrate his point, Werner related his recent experience with the libgcrypt project. Concluding that copyright assignment served little practical use, he relaxed that requirement for libgcrypt: starting in April of this year, he permitted contributions accompanied by an emailed kernel-style developer certificate of origin. The result was a noticeable increase in patches sent in to the project.

Concluding remarks

The risks of assigning copyright to corporate entities have in the past been well publicized. Assigning copyright to a nonprofit eliminates the most egregious of those risks, but carries its own burdens and risks, which have not necessarily been so well publicized. One of those burdens is the necessity of buying into an associated governance model, one that may or may not work well for project developers. The FSF governance model is, it seems, not working well for a number of GNU projects. Developers should consider (in advance) the questions of project ownership that are bound to arise if the governance model does not work for them and they want to separate from the governing project.

In addition, the costs of assigning copyright to a nonprofit should be balanced against the (supposed) benefits. The assertion that assigning copyright to a single entity improves the chances of successful prosecution of a copyright violations looks dubious when one considers that the assignee may not be well enough resourced to prosecute every violation. To that should be added the facts that assignment means that the assigner loses the ability to themselves prosecute copyright violations and that copyright violations have been successfully prosecuted even when there is no single copyright holder. Finally, the value of copyright assignment as a tool that permits the FSF to relicense code seems rather limited in practice. In summary, the arguments for copyright assignment start to look decidedly weak, even when the assignee is a nonprofit such as the FSF, and it is hard to find any justification for the FSF maintaining this requirement.

(Thanks to Carlos Alberto Lopez Perez for the heads-up).


Did you like this article? Please accept our trial subscription offer to be able to see more content like it and to participate in the discussion.


(Log in to post comments)

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 20, 2012 3:49 UTC (Thu) by rsidd (subscriber, #2582) [Link]

One could in fact argue that the more the copyright holders, the more stakeholders can pursue legal action against infringement, and the better it is for enforcement. But when the FSF decided on these policies, the legalities of all these things weren't very clear. The Linux experience shows that (1) one can still pursue infringement claims even when the copyright is held by hundreds of people, (2) a lot of companies are willing to cooperate without being beaten with a stick: infringement is usually out of ignorance. And, as RMS himself points out, the FSF's ability to enforce its copyrights is limited by manpower. In view of all this, the FSF should change its policies, and perhaps even retroactively return copyright to all past contributors, if such a thing is possible.

However, the copyright assignment problem with FSF is a symptom, not a disease. The disease is RMS -- remember Ulrich Drepper (long-time maintainer of GNU libc) calling him a "control freak and raging manic"? The "control freak" part sounds about right and has been proved again and again in the GNU project. This is not to discount his contributions and his continuing role as a conscience keeper. But his coding contributions (gcc, glibc, emacs) date to the 1980s, and for two decades he has used these, together with a bunch of utilities (most of which also existed in free versions in BSD) to claim ownership of a mythical GNU operating system and its "variant" "GNU/Linux". The OS in question uses the Linux kernel, gcc, glibc, the above utilities, and a huge amount of non-GNU software.

It is time RMS retired from administering the GNU project and focused solely on free software evangelism. Actually, he should have done that 20 years ago. But it is clear he does not trust the developers at various GNU projects to independently run their own projects.

Finally, a correction: the "gnuplot" program does not riff on the GNU name and has no connection with the GNU project. It dates back to 1986 (when the GNU project was in its infancy), and was a riff on "llamaplot", favoured by one author, and "newplot" which it turned out was already taken.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 20, 2012 6:52 UTC (Thu) by JoeBuck (subscriber, #2330) [Link]

RMS can be very difficult to deal with, but Drepper was definitely a pot calling the kettle black.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 20, 2012 9:41 UTC (Thu) by amonnet (subscriber, #54852) [Link]

Shouldn't a copyright assignment agreement for a non-profit :

- maintain every contributor rights as a joint holder of the contribution,
- share governance of the project proportionnaly to the contribution ?

+++

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 20, 2012 10:57 UTC (Thu) by rwmj (subscriber, #5474) [Link]

Maybe it should, but currently it doesn't. As I read it, the assignment assigns everything to the FSF:

http://git.savannah.gnu.org/cgit/gnulib.git/tree/doc/Copy...

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 21, 2012 1:37 UTC (Fri) by keeperofdakeys (subscriber, #82635) [Link]

As stake holders they also all need to be contacted for any issues that may come up. This was shown with the recent re-licensing of parts of VLC, https://lwn.net/Articles/525718/. The linux kernel would also has a similar problem, since there is no copyright assignment, all contributors would have to agree for anything like a license change.

Allowing for a non-profit to hold the full copyright is also useful, as individual people may come and go, change opinions. For GPL software, Giving copyright to the FSF also protects against changes to non-free licenses. Having the guarantee that the software will stay opensource is something that agrees strongly with RMS's views.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 20, 2012 9:58 UTC (Thu) by wingo (subscriber, #26929) [Link]

As the person who started the "project governance" discussion a year ago, I can say that this article covers the bases pretty well.

The one nitpick I have is a continued conflation between "FSF governance" and the GNU project. The FSF and GNU don't have much in common, structurally, besides the fact that Richard is at the head of both, and that many GNU people are in the FSF. The FSF has little effect on GNU.

More on this point: http://wingolog.org/archives/2009/12/13/gnu-gnome-and-the...

The assignment policy is an anachronism, but it is a GNU/Richard policy (for some projects) and not an FSF policy.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 20, 2012 10:38 UTC (Thu) by dd9jn (subscriber, #4459) [Link]

The missing resources at the FSF have a serious effect on GNU. Only yesterday I received a complaint from a potential contributor who is waiting since weeks on a reply (other than the RT ack) to his request for an assignment. Alas, this is a common pattern with the FSF.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 20, 2012 23:47 UTC (Thu) by johnsu01 (subscriber, #34757) [Link]

If you want to send me any info about this at johns@fsf.org then I can track down what happened and remedy it. I'd appreciate it.

Fortunately, this kind of thing has become much, much less common. There has been dramatic improvement in the speed of the copyright assignment process over the last couple of years, and more improvements are on the way. For example, we are working more and more with scanned assignments when legally possible.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 20, 2012 10:40 UTC (Thu) by mirabilos (subscriber, #84359) [Link]

Just call it nongnu-tls now ;)

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 20, 2012 15:16 UTC (Thu) by kay (subscriber, #1362) [Link]

nongnu = ng = tls-ng

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 20, 2012 15:46 UTC (Thu) by intgr (subscriber, #39733) [Link]

> nongnu-tls

Now that's a double-negative. How about "gnu-is-unix-tls"? GiuTLS?

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 20, 2012 18:42 UTC (Thu) by maney (subscriber, #12630) [Link]

The GNU which is Unix is not GNU.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 20, 2012 21:43 UTC (Thu) by jwarnica (subscriber, #27492) [Link]

This does bring to the forefront issues, which I'm not at all surprised by, have previously been at best very quite rumors.

I know it really isn't the mailing list + color commentary style of LWN, but perhaps some directed emails to other community members possibly in similar situations?

Does everyone really understand that the GNU Project and the FSF are distinct, but in "personal union", with some very anachronistic relations, otherwise?

On assignment as it relates to enforcement

Posted Dec 20, 2012 22:21 UTC (Thu) by bkuhn (subscriber, #58642) [Link]

I'm the only person in the world who is involved with both Software Freedom Conservancy and the FSF, and I've also likely spent more time on GPL enforcement than anyone on the planet, so I feel I have some authority to speak on that subject.

The article is correct wherein it says that Conservancy's GPL compliance work has shown that enforcement is possible in a multi-copyright-held project. I do that every single day. But, there is no question that the work is easier if the non-profit that seeks to enforce holds an overwhelming majority of the copyrights.

Basically, those of us who enforce in the USA used to think that the curve between “copyrights held” to “ease of enforcement” was exponential — in that it got exponentially easier to enforce the more copyright you had. In fact, I think my work has shown that the graph is probably linear. Each few lines of copyrighted code that's assigned makes it that much easier to enforce. Here's why:

Simply put, the GPL violation defending lawyers have gotten more obsessed than ever with delay tactics. They try to raise every spurious issue they can think of to delay you, distract you, or otherwise try to avoid bringing their client into compliance with the terms of GPL. If you don't hold all the copyrights, they'll focus on that issue. For example, I had an executive of a large computer maker tell me that his lawyers say copyright infringement claims are legally invalid unless you hold a majority of the copyrights. This is completely asinine and clearly incorrect in the USA, but violators make these arguments all the time. As another example: I was once deposed in a court case for 8 hours about the topic whether or not BusyBox's configuration files magically made Erik Andersen's copyrights fail to appear in the binary work. That's a spurious argument that I spent 8 hours refuting, yet the violator's lawyer again brought it up in the Court as a defense that we had to refute.

In that sort of climate, I don't blame my fellow FSF Directors from being skeptical about ending copyright assignment. You can guess, and I've said publicly, that I think FSF should take my Conservancy enforcement work into account, and they are. But, when I am asked: Isn't it easier to enforce when you have all the copyrights?, my answer has to be: Yes, it's easier. It's a trade-off; there's no question. My personal position is probably obvious on this, since I have written often about preferring multi-copyright held projects myself, but even I admit to being annoyed by the downsides from time to time.

I wish the culture of violator-defending lawyers would change. I wish enforcing the GPL weren't so difficult. It's a bleak situation out there, and I talked about this in my interview on GPL enforcement with The H this week. But, I know that both FSF and Conservancy have one thing in common: both organizations are working hard to uphold the GPL through compliance and enforcement activity. No other non-profits in the world are doing that.

(Note, as I said in my interview The H, gpl-violations.org isn't a non-profit organization; it's just Harald Welte and a group of volunteers. Harald does good work, but he's also posted on lwn and elsewhere to note he's been busy on other important projects and not involved as much with enforcement lately.)

On assignment as it relates to enforcement

Posted Dec 21, 2012 1:20 UTC (Fri) by paulj (subscriber, #341) [Link]

Why not, instead of transferring copyright, have contributors give some kind of right of representation? I.e. grant the right to act on behalf of the copyright owner when it came to copyright infringement, to the extent needed to negotiate for and/or sue for any damage or restitution? Give the copyright holder a right to veto any action perhaps.

Wouldn't that cover things?

On assignment as it relates to enforcement

Posted Dec 21, 2012 1:50 UTC (Fri) by bkuhn (subscriber, #58642) [Link]

paulj asked:
Why not, instead of transferring copyright, have contributors give some kind of right of representation? I.e. grant the right to act on behalf of the copyright owner when it came to copyright infringement, to the extent needed to negotiate for and/or sue for any damage or restitution? Give the copyright holder a right to veto any action perhaps.

[ Speaking purely on behalf of Conservancy first.]

Amusingly, you've basically precisely described the agreement that Conservancy makes with BusyBox, Linux and Samba copyright holders whom Conservancy represents. However, I'd point out again: this is the kind of a thing that violators love to use as a distraction to waste time. For example, if you read the history of the Conservancy v. Best Buy et al case, you'll see plenty of the Defendants arguing that Conservancy should be fully dismissed from participating in the action. Again, Conservancy found that argument incorrect and spurious, and the judge agreed and never dismissed us from the case as lead Plaintiff. Yet, I spent hours helping our lawyers draft responses on that issue, which they in turn spent many more hours on too!

That's what a lot of people don't understand about USA Court proceedings or indeed any type of legalistic enforcement action: the other side obsessively looks for every pointless issue they can find and then pretends it is the biggest show-stopping problem in the world. This is particularly true when you line a non-profit with very little resources up against a big, wealthy tech company who hires fancy $800/hour (or more!) lawyers. Their strategy is to wear you down by wasting your time. The simpler the situation, the easier the enforcement is.

[ Ok, putting both Conservancy and FSF hats on for the rest of the response.]

Conservancy has decided it wants to take on this complication, but I wouldn't begrudge FSF for not being sure it wants to have to do this work. I think the ideal situation is when the non-profit holds an overwhelming majority of the copyrights, as that would get most of the benefits of having all the copyright but still not make copyright assignment necessary for every little patch, but rather just from the really heavy contributors.

On assignment as it relates to enforcement

Posted Dec 21, 2012 19:24 UTC (Fri) by lonely_bear (subscriber, #2726) [Link]

Out of topic. Why would lawyers are allow to do that without punishment? When they are wasting everybody's time using pointless arguments, should they be fined, up to forbid from practicing in law? We will have less ridiculous court cases.

On assignment as it relates to enforcement

Posted Dec 21, 2012 20:19 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]

because sometimes they are right to pick at what others consider 'minor details'

The Justice system in the US is biased towards the accused (in spite of what it sometimes seems when reading headlines, those headlines are there _because_ they are unusual)

As for the reasoning behind it, Ben Franklin put it

> it is better 100 guilty Persons should escape than that one innocent Person should suffer

John Adams wrote a more extensive justification, part of which goes:

> It is more important that innocence be protected than it is that guilt be punished, for guilt and crimes are so frequent in this world that they cannot all be punished.

> But if innocence itself is brought to the bar and condemned, perhaps to die, then the citizen will say, "whether I do good or whether I do evil is immaterial, for innocence itself is no protection," and if such an idea as that were to take hold in the mind of the citizen that would be the end of security whatsoever.

On assignment as it relates to enforcement

Posted Dec 23, 2012 2:35 UTC (Sun) by JanC_ (guest, #34940) [Link]

It should never be forbidden to use "minor details" in a court case, but using things like "you don't own all or a majority of the copyright", which have been proven to be false several times already in previous court cases, should be considered a sign of either an incompetent lawyer or one who tries to play games with the court.

On assignment as it relates to enforcement

Posted Dec 23, 2012 14:09 UTC (Sun) by bkuhn (subscriber, #58642) [Link]

dlang, I don't think these quotes related to criminal prosecution relates correctly to civil legal matters. While I agree that minor details sometimes ferret out major issues, many defense attorneys in civil matters for wealthy clients use the system's tendency to allow such issues to be heard as a way to outspend plaintiffs. That happens to us all the time: it ain't cheap trying to enforce the GPL for the community!

And, to be brutally honest, we even have people in the community who want businesses to adopt Free Software, even if it's in violation of the licenses. So, they work against us too, sometimes.

On assignment as it relates to enforcement

Posted Dec 22, 2012 18:24 UTC (Sat) by heijo (guest, #88363) [Link]

The problem is that most people just won't bother to contribute if they have to send anything in the mail to do so.

It's already a miracle that someone contributes for free, and making him do ANYTHING boring, costly or time consuming, like mailing paper documents, is the quickest way to drive most contributors away.

IMHO copyright assignment is insane for this reason.

It's far more important to further improve the software than to be better able to defend it, especially since it's really rare that a GPL violator effectively competes with the original software, as opposed to just making a derivative for a niche market.

On assignment as it relates to enforcement

Posted Dec 23, 2012 13:50 UTC (Sun) by bkuhn (subscriber, #58642) [Link]

I just realized that quote from the executive at the computer maker had a typo and should s/are/aren't/, to read instead: copyright infringement claims aren't legally invalid unless you hold a majority of the copyrights.

I think the intent of the quote was clear because of the unless part, but to be abundantly clearly: he was arguing that copyright claims are invalid legally without all copyright holders, which just isn't true.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 20, 2012 23:44 UTC (Thu) by PaulWay (✭ supporter ✭, #45600) [Link]

Just wanted to say: great reporting, Michael. It's fair, balanced and well-researched writing like that that makes LWN so great.

Thanks,

Paul

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 21, 2012 1:57 UTC (Fri) by bkuhn (subscriber, #58642) [Link]

Paul wrote:
great reporting, Michael. It's fair, balanced and well-researched writing like that that makes LWN so great.

I agree with the part about well-researched and good writing, and that it's a good opinion piece. But, I think it really is opinion, not journalism, particularly the Concluding Remarks section.

LWN does a really good job, but I've somewhat seen this problem before at LWN. I think it'd be better if columns that include the author's opinions directly should be marked as opinion pieces more clearly.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 21, 2012 2:16 UTC (Fri) by aryonoco (subscriber, #55563) [Link]

Every news article, every piece of journalism, every report, will consciously or subconsciously carry the writer's opinions. This very American notion of being able to separate news reporting from opinion is a mere fantasy.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 21, 2012 9:40 UTC (Fri) by nix (subscriber, #2304) [Link]

The BBC is 'very American' now?

I think you'll find that the culture of objective journalism covers more than just the US (indeed the US is not particularly good at it).

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 22, 2012 23:25 UTC (Sat) by marcH (subscriber, #57642) [Link]

> This very American notion of being able to separate news reporting from opinion is a mere fantasy.

It's not a fantasy but an ideal / a principle. Some journalists do the best they can to make this separation clear while others don't bother; which do you prefer reading?

This is very similar to software engineering principles: you can never apply them all perfectly but they still have value.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 21, 2012 0:38 UTC (Fri) by johnsu01 (subscriber, #34757) [Link]

(The FSF unfortunately wasn't asked to comment for this article, but I wanted to add a few things now.)

We resolve violations on a regular basis, and in countries around the world. We usually do not publish the specifics, because most violations are resolved constructively -- it often turns out people have unintentionally made mistakes and do not deserve shaming once they have remedied the problems. If they do not respond to our offers to help them distribute in a compliant way, then we escalate to stop the flawed distribution. But at that point, lawyers are often involved, and there can be other constraints on publicity.

Here is a description of our compliance strategy. It's tricky business, figuring out how to let people know exactly how much of this work we do on a daily basis, without going too far and shaming those who have corrected their mistakes.

In recent conversations with Werner, it's become clear that our primary deficiency here was in communication. I admit that we did not pursue the violations he reported to us with the kind of urgency that I expect us to -- but we did pursue them, progressing through the steps of documentation, contact, and escalation that are required in these cases. The most recent violations were not of the easy kind, because they involved difficult-to-track-down companies with mostly bogus contact information. The problem is that we did not keep Werner up-to-date, and I am sorry for that. We've now adjusted our process to include explicitly notifying GNU maintainers when we take action. And of course we have stepped up our efforts to get these violations resolved.

Organizations like ours contain many moving parts, and unfortunately this creates opportunities for error. But there are always things that can be done to improve the situation, and it's my job to make them happen.

Many of the issues in the article are about lack of resources in nonprofit organizations. The solution to these issues is to help rally more resources, for us and for others doing this work. Volunteer time can be a big help, and so can monetary donations.

Thanks to a successful fundraiser at the end of last year, we were able to add additional staff resources to our licensing and compliance lab this Spring. Of course the new staff had to be brought up to speed, but this has already gone a long way toward reducing the backlogs we are facing. We have triaged the license violation reports queue, reducing its size by over 50%. We have opened more compliance cases than ever before, and have also rapidly made progress on outstanding licensing education questions. This effort has been amplified by our existing volunteer team, who does a lot of the heavy lifting answering licensing questions from the community.

We are also doing our major fundraising drive for the coming year, and are almost 40% of the way there. Like last year, our licensing area is one of the top ones on my mind for expansion. I will always strive to improve our efficiency in the way we use our current resources, but I am also confident that with more, we could get more done and do a better job living up to the expectations you all have for us.

Thanks!

-- John Sullivan, Executive Director, FSF

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 21, 2012 1:53 UTC (Fri) by giraffedata (subscriber, #1954) [Link]

I believe some of the point this article wanted to make got confused by poor terminology: corporation/corporate, company, and nonprofit. Most nonprofits are companies and corporations, and the points made in the article seem to apply equally to various other entities, such partnerships and individual people.

Though I may not have seen through the confusion myself, I believe the two kinds of copyright holders the article really meant to refer to are 1) businesses; and 2) non-business entities. The latter could reasonably be called nonprofits, but to some people, nonprofit specifically refers to a status recognized by law that gives an entity privileges such as tax exemption.

A corporation, incidentally, is a group of people, chartered by the state, with a few special legal powers. The main ones are 1) the individual members are not liable for the actions of the group; and 2) the group can function like a single person in certain ways, such as signing contracts.

A company is any group of people working together on something.

A business is an enterprise whose purpose is economic gain.

Asking the FSF for comments

Posted Dec 21, 2012 15:19 UTC (Fri) by corbet (editor, #1) [Link]

Just to be clear on this: we stopped asking the FSF for comments many years ago because the FSF refused to talk to us without prior promises from us on what we would say and which terms we would use. We are unwilling to make such promises. If the FSF's policy on such things has changed, we would be pleased to know about it.

Asking the FSF for comments

Posted Dec 22, 2012 21:10 UTC (Sat) by quotemstr (subscriber, #45331) [Link]

> we stopped asking the FSF for comments many years ago because the FSF refused to talk to us without prior promises from us on what we would say and which terms we would use

Thank you. There's a reason I've been a subscriber for years. It's heartening (but, in a different light, unfortunate) that lwn.net has more journalistic integrity than the New York Times.

Asking the FSF for comments

Posted Dec 23, 2012 6:29 UTC (Sun) by ferringb (subscriber, #20752) [Link]

Just to be clear on this: we stopped asking the FSF for comments many years ago because the FSF refused to talk to us without prior promises from us on what we would say and which terms we would use. We are unwilling to make such promises. If the FSF's policy on such things has changed, we would be pleased to know about it. Good freaking $DEITY that's just fricking wrong, and not at all matching what the FSF is supposed to be about (or represents themselves as). While I'd like to believe their requirements there were just so that they could try enforcing 'gnu/linux' (which is @!#*ing retarded and overreaching), their general behaviour makes me think it was beyond that. Echoing what others have said, this frankly is a shame- FSF's goals are good and what most folk agree with, but the implementation? In need of a major refactoring in my books.

Asking the FSF for comments

Posted Dec 23, 2012 6:30 UTC (Sun) by ferringb (subscriber, #20752) [Link]

Related note, paying attention to the comment preview would've made that formatting far less attrocious. *cough*.

Asking the FSF for comments

Posted Dec 23, 2012 9:38 UTC (Sun) by jae (subscriber, #2369) [Link]

GNU/Linux is overreaching?

Do you have a non-GNU Linux system? Remove GNU coreutils, and then boot your system. Fun, innit?

It may be replacable, but it isn't being replaced.

As to the retarded part... only retards call others retarded.

Asking the FSF for comments

Posted Dec 23, 2012 10:23 UTC (Sun) by ekj (subscriber, #1524) [Link]

No, but "we are unwilling to talk to you about this matter unless you agree beforehand to use our preferred words" is.

Asking the FSF for comments

Posted Dec 23, 2012 11:37 UTC (Sun) by bronson (subscriber, #4806) [Link]

What on earth does coreutils have to do with the grandparent's post?

Asking the FSF for comments

Posted Dec 23, 2012 11:40 UTC (Sun) by rleigh (subscriber, #14622) [Link]

It is overreaching. I have no problems with the FSF/GNU using such terminology, that's their perogative. I use it myself. But to require other parties to use their terminology is certainly overreaching.

I've read time and time again people (mainly RMS) harp on and on about this point to others, quite often to the detriment of the real subject of discussion. That is to say that by obsessing over this minor point of terminology the discussion was sidetracked into irrelevance, and the actual important discussion was forgotten. This does not help the FSF/GNU in any meaningful way. Forcing others to adopt their terminology does not advance their real goal of software freedom.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 23, 2012 0:21 UTC (Sun) by stevenb (subscriber, #11536) [Link]

> We resolve violations on a regular basis, and in countries around
> the world. We usually do not publish the specifics, because most
> violations are resolved constructively -- it often turns out people
> have unintentionally made mistakes and do not deserve shaming once
> they have remedied the problems.

There is no shame in reporting a successful resolution of a violation
issue. It hurts no-one to say that such-and-so a company had violated,
inadvertently, the conditions of the GPL on this-and-that piece of
software and that the issue was successfully resolved to satisfaction
for both parties. The company involved will typically have to show
the code anyway (assuming the typical resolution does not involve
removing the GPL-covered code).

No need for a wall of shame, and it might help change the perception
that the FSF is a lame duck.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 23, 2012 6:34 UTC (Sun) by mjg59 (subscriber, #23239) [Link]

Companies don't like having their name attached to negative connotations in places that Google can find, and so they're often more willing to compromise if they know that the outcome will be kept quiet. The question is whether public shaming is likely to prevent other companies from making the same mistakes - the evidence so far is that it doesn't, so keeping things quiet seems fairly reasonable.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 23, 2012 15:30 UTC (Sun) by stevenb (subscriber, #11536) [Link]

My point is that there is *no* shame in resolving an accidental GPL infringement. It's a matter of how you bring the message. You could even just make a list of entities using free software, with non-infringers and ex-infringers in a single list. Just to show where and how often free software is used.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 21, 2012 12:24 UTC (Fri) by ramon_garcia (subscriber, #67060) [Link]

Clearly the GNU project is being mismanaged. Thus, assigning copyright to it is the wrong thing to do.

The mistake in management of GNU is called micromanagement. There is a superman (Stallman) that seems to think that he knows everything, and all the software development must be done according to his views or interests. Unfortunately, many unconditional followers reinforce this wrong view.

This is wrong because he is not the most informed person take make most decisions. And he destroys the morale of many developers.

The right way to manage is freedom and responsability. Everyone should be responsable for one's work. One should be free for whatever he programs, and responsable for the results. Do not make any kind of suggestion about how he should work. He is the most informed person to make his own decisions. Just look at results. Value him only for the end results, with predictable evaluations, features added, shipping time and so on. Replace him if he fails.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 21, 2012 14:35 UTC (Fri) by hummassa (subscriber, #307) [Link]

> Replace him if he fails.

How exactly do you replace volunteers?

Moreover, how do you evaluate if a volunteer effort is failing or just in the process of succeeding?

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 21, 2012 18:06 UTC (Fri) by gebi (subscriber, #59940) [Link]

Really nice article!

I've just one question about copyright assignment...

Here in Austria it's impossible to assign copyright away from the author, it's forbidden by law!
I mean, you can do it but the contract doing so gets worthless.

Anyone thought about that one for a second? Because AFAIK Austria is not the only country in the EU with such law's in place.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 21, 2012 20:25 UTC (Fri) by pkern (subscriber, #32883) [Link]

There's no such thing as copyright in the first place. However you can transfer basically all rights that pertain to this discussion even in non-Common Law countries. Those non-copyright rights even grant you the right to sue others using the work in a non-compliant way. But it's not a copyright assignment in any case, that's true.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 22, 2012 9:34 UTC (Sat) by atai (subscriber, #10977) [Link]

that's interesting. So how do companies gain copyright ownership of their employees' work in Austria?

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 22, 2012 13:48 UTC (Sat) by mpr22 (subscriber, #60784) [Link]

Via explicit work-for-hire provisions (basically: if you wrote the program as part of your normal duties of employment it's a work for hire unless you have a written agreement with your employer to the contrary) in the section of the Urheberrechtsgesetz pertaining to computer software (which include permitting the company to subsequently transfer its rights so granted to another party).

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 23, 2012 15:53 UTC (Sun) by ceplm (subscriber, #41334) [Link]

The difference which is often lost on non-civil-law-countries people is the split between copyright itself (i.e., the fact I am the author, right to avoid my work in dishonesting way, and some other bits) and my right to economically exploit my work (e.g., ask for royalties). These two are separable in the civil law countries, and although the former cannot be transferred and assigned ever, the latter can be, and actually it expressly is by the created-on-job provisions (if you create the work as part of fulfilling your obligations from the employment, your employer is the automatic assignee of the economic rights to such work).

However, I don’t think in the end, this distinction is that important, and it can be covered mostly by the salvator clause (“If any portion of this section is held invalid or unenforceable …”).

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 22, 2012 12:29 UTC (Sat) by ian00 (subscriber, #55476) [Link]

"when a maintainer of twelve years' standing wants out of the GNU project, that suggests that there are some serious governance problems." Honestly, it doesn't suggest this any more than it suggests the opposite, and when you throw that bit of conjecture into an article that is mostly written in a factual reporting style, it gives it a ton of credibility that it doesn't deserve and makes me quite offended, whereas I wouldn't care one bit to read that statement as someone's comment.

Whenever you have an internet based project with hundreds of people involved, there is guaranteed to be disagreements, and guaranteed people will want to leave, even those who have been around. It doesn't suggest problems in the project any more than it suggests there are NOT problems in the project.

I feel I am equally likely to find out that in comparison to self-governed projects, GNU has a lot less governance problems overall, and even in this case, the process of dealing with with the problem is working out better than some horrible cases of self governed projects that imploded and had other problems. I don't know if that's the case, but I expect far better from the author here.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 22, 2012 14:52 UTC (Sat) by ian00 (subscriber, #55476) [Link]

"In summary, the arguments for copyright assignment start to look decidedly weak." Honestly, this article did not give a fair look at the benefits of copyright assignment to a non-profit like fsf, and I am sorely disappointed.

While I am not going to make a comprehensive list of copyright assignment benefits, a few things off the top of my head I think can demonstrate how out of balance this article is.

* As BKuhn said, it makes enforcement easier "linearly", which is a really big deal. The article deserves a correction, and we deserve better from our author.

* The article suggests that developers would potentially be better off enforcing copyrights themselves. But we know from BKhun that non-profits are doing the vast majority of all enforcement. This itself seems to prove otherwise overall. The article mentions a developer complaining that FSF didn't enforce something, then states: "Once a developer assigns copyright, they are at the mercy of the assignee to enforce the copyright." The strange and false implication being that the FSF's would generally actively prevent people from helping them do or fund enforcement. If this developer owned his copyrights, that wouldn't magically make someone else do the enforcement for him like he asked of the FSF.

* Dismissing relicencing as a rare and unneeded benefit, I believe is quite short sighted and wrong. Consider effectively indefinite copyright, our legislature more and more taking up laws governing technology, new technologies, and eventually people dying and becoming truly inaccessible to agree to a licence change.

* "Or later" doesn't mean that a licence shouldn't actually be changed to the later version.

* Another thing I actually haven't seen mentioned much. The idea behind copyleft (as many envision it) is that restricting our freedoms with respect to software is wrong, and in fact, it is wrong enough that we should employ our legal system to stop it from happening. However, a copyright licence cannot accomplish that task for the copyright owner. So, giving that ownership to a nonprofit which is legally bound to fulfil its mission of software freedom, is like an even stronger version of copyleft, another step to strengthening that software's freedom. For example, many free software developers have or will write proprietary code for some company, and they have free reign to use any previously copylefted code they own the copyrights to in order to do so.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 22, 2012 22:08 UTC (Sat) by hugoroy (subscriber, #60577) [Link]

Responding to your last paragraph: that's true only to the extent that this is a project written by only one person. Because if the copyleft project has got multiple contributors (i.e. different copyright holders all licensing code with each other under GPL terms) then not any single one of them can do what you describe (writing proprietary software derived from that copylefted software). So I think your argument is not valid regarding copyright assignment being more strong than copyleft to protect software freedom from software developers themselves.

An org's commitment lasts longer than any individual

Posted Dec 23, 2012 14:26 UTC (Sun) by bkuhn (subscriber, #58642) [Link]

Hugo Roy, it seems you've intentionally left out at least one key reason why assignment helps protect copyleft stronger. Specifically, when the assignment is made to an organization committed to defending software freedom, the it can uphold copyleft in perpetuity.

I've been doing GPL enforcement for 15 years. (Hugo, I'm not sure how long you've been doing enforcement — or even if you have at all — so maybe you just haven't been around long enough to see this point.) I know that it's extremely rare to find a copyright holder like Erik Andersen, who cares so deeply about copyleft he wants to be involved with enforcement actions for decades. This kind of commitment by an individual for a task as boring as GPL enforcement comes along but once in a generation.

Meanwhile, an organization that cares about software freedom can live on, and new staff can come in when the prior staff burns out (this happens a lot in non-profits), and keep going to uphold software freedom.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 23, 2012 5:16 UTC (Sun) by rfontana (subscriber, #52677) [Link]

Dismissing relicencing as a rare and unneeded benefit, I believe is quite short sighted and wrong. Consider effectively indefinite copyright, our legislature more and more taking up laws governing technology, new technologies, and eventually people dying and becoming truly inaccessible to agree to a licence change.

My sense of the article was that the author was saying that relicensing was a dubious benefit of copyright assignment for GNU projects in particular, since such projects invariably use "or later" licensing and it is probably quite rare for the FSF to relicense its copyrighted code from (a) GPL to LGPL, (b) GPL/LGPL to noncopyleft, or (c) GPL/LGPL to some non-GNU copyleft license. There are known historical examples of (a) (though I have a feeling that such examples are typically ancient) and I suspect there have been rare cases of (b); I'd be rather shocked if (c) had ever occurred.

Copyright assignment is not the only policy that can be used to ease relicensing, but that's a whole nother topic. I've come to think that, for all its cultural pain, copyright assigment may actually be more honest than such alternative instruments as CLAs or, say, requiring contributions to a copyleft-outbound project to be licensed in under a noncopyleft license. These alternative instruments are troubling to me as they seem to feed off a prevailing irrational sentiment among many developers that giving up formal ownership (while retaining a license allowing most of what ownership gave you) is somehow worse than retaining formal ownership while giving some inbound entity much of what ownership transfer would have given it, including power to relicense.

The best policy IMO is inbound=outbound and acceptance that possible future relicensing may be a bit of a hassle for copyleft projects. In general it's a problem that has been exaggerated by people on all sides of disputes over contribution policies.

GnuTLS, copyright assignment, and GNU project governance

Posted Dec 23, 2012 5:22 UTC (Sun) by karim (subscriber, #114) [Link]

FWIW, I'm seeing evidence that people are just plain walking away from the GPL. Android is one obvious example. More recently, status.net just announced they're end-of-lifing their code (Affero-licensed) and restarting a new project entirely based on ASL; as seen in earlier LWN story: https://lwn.net/Articles/529681/

And another one

Posted Dec 23, 2012 14:12 UTC (Sun) by CChittleborough (subscriber, #60775) [Link]

Paolo Bonzini has just resigned as maintainer for GNU sed and GNU grep. See http://lists.gnu.org/archive/html/bug-gnu-utils/2012-12/m... for details, including a link to this very article.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds