There are an awful lot of people who feel that simply because this is Linux, they have some kind of right to get it for free. Unfortunately, they don't.

That is not what the "free" in Free Software means, and it never was. Red Hat puts an enormous amount of work into developing Free Software, into making sure its code makes its way back upstream, and into producing safe, secure, and long-term stable supported versions of inherently rapidly changing FOSS software, aimed primarily at large enterprise customers. //

And perhaps the clearest sign that it's not really interested in dealing with small users and small customers is that it continues to make the product available free of charge for those who only want up to 16 servers. //

There are a host – pun intended – of other distros out there if you don't want to pay for your Linux. If you are happy to pay but you feel aggrieved with IBM or Red Hat, both Canonical and SUSE will be happy to take your money and provide you with enterprise-level support, and both of them let you get and use a version of their enterprise OS entirely free of charge.

On November 4th, a class action lawsuit — Doe 1 v. GitHub Inc., N.D. Cal., No. 3:22-cv-06823, 11/3/22 — was filed in the US District Court in the Northern District in California, alleging against Microsoft and GitHub (a Microsoft subsidiary), inter alia: violation of the DMCA; breach of contract; tortious interference in a contractual relationship; unjust enrichment; unfair competition; violation of California Consumer Privacy Act; and negligence. Also sued were a confusing mishmash of for profit and non-profit related entities all using a variation of the name OpenAI (OpenAI, Inc., OpenAI, LLC, OpenAI Startup Fund GP I, L.L.C.; you get the picture). OpenAI received one billion dollars in funding from Microsoft although they seem “officially unrelated.” //

Plaintiffs allege that OpenAI and GitHub assembled and distributed a commercial product called Copilot to create generative code using publicly accessible code originally made available under various “open source”-style licenses, many of which include an attribution requirement. As GitHub states, “…[t]rained on billions of lines of code, GitHub Copilot turns natural language prompts into coding suggestions across dozens of languages.” The resulting product allegedly omitted any credit to the original creators. //

As a final note, the complaint alleges a violation under the Digital Millennium Copyright Act for removal of copyright notices, attribution, and license terms, but conspicuously does not allege copyright infringement. A material breach of a copyright license can give rise to an infringement claim, so this is an interesting move. While the plaintiffs’ attorney indicated that an infringement claim might be added later, I suspect that this was done to avoid a messy fair use dispute. The complaint includes a statement by GitHub asserting an expansive, almost global fair use assertion which is at odds with explicit relevant law in many countries and frankly at odds even with US law. Nonetheless, fair use as a defense is expensive and complicated to litigate, so perhaps they chose to focus on something that is beyond factual dispute, and still provides the same damages.

Copyleft Through Copyright

The primary goal of every GPL enforcement action is to gain compliance, which means getting to users complete and corresponding source code so they can copy, share, modify and install improved versions. The GPL itself is a copyright license that does a weird hack on copyright: it uses the copyright rules to turn them around, and require people to share software freely (as in freedom) in exchange for permission to copy, modify and distribute the software. A GPL violation occurs when someone fails to meet the license requirements and thereby infringes copyright. The copyright rules themselves then are the only remedy to enforce the license — requiring that the violator come into compliance with the license if they want permission to continue distribution.

Up until now, almost all the enforcement I've done has been purely under GPL version 2 (GPLv2). GPLv2§4 says that upon violation, the violator loses permission to engage in those activities governed by copyright: including copying, modifying and distributing the software. The only way to get those permissions back is for the copyright holder to grant them back.
Speaking For the Users

Copyleft's unique way of using copyright means the parties who may enforce are copyright holders (and their designated agents). However, the victims of the violation are typically thousands of users who have bought a product that included the GPL'd program. The goal, therefore, is to get source code that these users can actually use to compile and install the software. In GPLv2-speak, the goal is to get the all the "complete source code", which includes "the scripts used to control compilation and installation of the executable".

Corn-y demo heralded as right-to-repair win //

"Turns out our entire food system is built on outdated, unpatched Linux and Windows CE hardware with LTE modems." //

And he also wondered aloud whether John Deere has complied with the terms of the GPL, now that it appears the company incorporates GPL code into its products without meeting its source code disclosure obligations.

in order to use the App Store, you have to agree to the iTunes Store Terms of Service and/or the App Store Terms of Service. You can confirm this yourself just by reading the documents: they say as much in their all-caps preambles. The two documents are pretty similar; this post will give section numbers from the App Store Terms of Service, but the same language appears in the iTunes Store Terms of Service and so our analysis applies identically to it. You can read both those documents on Apple's site, and we have a copy of that page as it exists today to provide this commentary.

Along the same lines, we'll be talking about GPLv2 specifically in this blog post, since that's the license at issue, but this analysis would apply to all versions of the GNU GPL and AGPL. Section 6 of GPLv2 says:

Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein.

(Emphasis added.) This last sentence is a crucial part of the strong copyleft in the GPL and AGPL: it prevents distributors from using separate legal agreements, like Terms of Service or NDAs, to take away the freedoms that the license is supposed to grant. This is the license condition that Apple is violating when it distributes GPL-covered software through the App Store. //

That's the problem in a nutshell: Apple's Terms of Service impose restrictive limits on use and distribution for any software distributed through the App Store, and the GPL doesn't allow that. This specific case involves other issues, but this is the one that's most unique and deserves explanation.

We would've liked to see Apple do the right thing and remove these limits, but it looks like that's not going to happen. Apple has removed GNU Go from the App Store, continuing their longstanding habit of preventing users from doing anything that Apple doesn't want them to do. As we said in our initial announcement, this is disappointing but unsurprising; Apple made this choice a long time ago. We just need to make sure everybody else gets the message: if you value your independence and creativity, you should be aware that Apple doesn't. Take your computing elsewhere.

Guiding Principles in Community-Oriented GPL Enforcement

• Our primary goal in GPL enforcement is to bring about GPL compliance.
• Legal action is a last resort. Compliance actions are primarily education and assistance processes to aid those who are not following the license.
• Confidentiality can increase receptiveness and responsiveness.
• Community-oriented enforcement must never prioritize financial gain.
• Community-oriented compliance work does not request nor accept payment to overlook problems.
• Community-oriented compliance work starts with carefully verifying violations and finishes only after a comprehensive analysis.
• Community-oriented compliance processes should extend the benefit of GPLv3-like termination, even for GPLv2-only works.

Copyleft itself is not a moral philosophy; rather, copyleft is a strategy that software freedom activists constructed to advance a particular set of policy goals. Specifically, software copyleft was designed to ensure that all users received complete, corresponding source for all binaries, and that any modifications or improvements made anywhere in the chain of custody of the software were available in source form to downstream users. As orginially postulated, copyleft was a simple strategy to disarm proprietarization as an anti-software-freedom tactic.
The Corruption of Copyleft

Copyleft is a tool to achieve software freedom. Any tool can be fashioned into a weapon when wielded the wrong way. That's precisely what occurred with copyleft — and it happened early in copyleft's history, too. Before even the release of GPLv2, Aladdin Ghostscript used a copyleft via a proprietary relicensing model (which is sometimes confusingly called the “dual licensing” model). This business model initially presented as benign to software freedom activists; leaders declared the business model “barely legitimate”, when it rose to popularity through MySQL AB (later Sun, and later Oracle)'s proprietary relicensing of the MySQL codebase.

In theory, proprietary relicensors would only offer the proprietary license by popular demand to those who had some specific reason for wanting to proprietarize the codebase — a process that has been called “selling exceptions”. In practice, however, every company I'm aware of that sought to engage in “selling exceptions” eventually found a more aggressive and lucrative tack. //

Most proprietary relicensing businesses work as follows: a single codebase is produced by a for-profit company, which retains 100% control over all copyright in the software (either via an ©AA or a CLA). That codebase is offered as a gratis product to the marketplace, and the company invests substantial resources in marketing the software to users looking for FOSS solutions. The marketing department then engages in captious and unprincipled copyleft enforcement actions in an effort to “convert” those FOSS users into paying customers for proprietary licensing for the same codebase. (Occasionally, the company also offers additional proprietary add-ons, improvements, or security updates that are not available under the FOSS license — when used this way, the model is often specifically called “Open Core”.)

Why We Must End The Proprietary Relicensing Exploitation of Copyleft

This business model has a toxic effect on copyleft at every level. Users don't enjoy their software freedom under an assurance that a large community of contributors and users have all been bound to each other under the same, strong, and freedom-ensuring license. Instead, they dread the vendor finding a minor copyleft violation and blowing it out of proportion. The vendor offers no remedy (such as repairing the violation and promise of ongoing compliance) other than purchase of a proprietary license. Industry-wide. I have observed to my chagrin that the copyleft license that I helped create and once loved, the Affero GPL, was seen for a decade as inherently toxic because its most common use was by companies who engaged in these seedy practices. You've probably seen me and other software freedom activists speak out on this issue, in our ongoing efforts to clarify that the intent of the Affero GPL was not to create these sorts of corporate code silos that vendors constructed as copyleft-fueled traps for the unwary. Meanwhile, proprietary relicensing discourages contributions from a broad community, since any contributor must sign a CLA giving special powers to the vendor to continue the business model. Neither users nor co-developers benefit from copyleft protection. //

Given the near ubiquity of proprietary relicensing and the promulgation of stricter copylefts by companies who seek to engage (or help their clients engage) in such business models, I've come to a stark policy conclusion: the community should reject any new copyleft license without a clause that deflates the power of proprietary relicensing. Not only can we incorporate such a clause into new licenses (such as copyleft-next), but Conservancy's Executive Director, Karen Sandler, came up with a basic approach to incorporating similar copyleft equality clauses into written exceptions for existing copyleft licenses, such as the Affero GPL. I have received authorization to spend some of my Conservancy time and the time of our lawyers on this endeavor, and we hope to publish more about it in the coming months.

We've finished the experiment. After thirty years of proprietary relicensing, beginning with Aladdin and culminating with MongoDB and their SS Public License, we now know that proprietary relicensing does not serve or extend software freedom, and in most cases has the opposite effect. We must now categorically reject it, and outright reject any new licenses that can be used for it.