by Florian Idelberger
Late last year, the Free Software Foundation (FSF) in conjunction with the Software Freedom Conservancy (Conservancy) released updated report about its “Principles of Community-Oriented GPL Enforcement”, a reminder of how it sees its GPL (GNU General Public License) enforcement efforts and how it intends to act in these matters. This can serve as an example to show project maintainers what to look for in their own license management, or be helpful if they consider taking refuge under the protection of the Conservancy. On the other hand it could serve as an educational tool for commercial companies, to better understand what the priorities and needs of community oriented projects are.
In a historical summary of GPL enforcement, the FSF claims to have led enforcement efforts since the 1980s and the Conservancy has enforced the GPL for its members since its foundation around 10 years ago. Together they also published “Copyleft and the GNU General Public License: A Comprehensive Tutorial and Guide“ that aims to give more in depth practical guidance from their perspective and showcases case studies.
The community nature of the GPL is based on ensuring all licensees/licensors have the freedom to redistribute and modify the licensed code under the conditions of the license, through the copyleft clause that makes this a licensing condition. As a result, the same enforcement mechanism as for restrictive traditional copyright licenses that mostly try to restrict distribution and uses are used.
For the enforcement according to these copyright mechanisms (slight different between different jurisdictions) the FSF and Conservancy have set themselves certain guidelines, though they see these not as hard and strict rules and take the situation of the violator into account, favoring flexibility over rigidity as they think otherwise this would “limit the ability of copyright holders to use copyleft licenses for their intended effect: to stand up for the rights of users to copy, modify and redistribute the software.”
The main objective of this “Community Oriented Enforcement” is to achieve the compliance that was not there, such that unreleased source code is released and users who might have received a product without proper license compliance might be informed.
Furthermore, the principles recognize that a GPL violation can easily occur by mistake and then assistance without legal threats can do a lot, or even when there is willful infringement, if compliance can be achieved or violation ceased through a mutual agreement this is seen as preferable.
The document by FSF and Conservancy also state that from the side of the enforcers, it can be very helpful to first approach in private or agree to secrecy as long as this is not abused. This often helps the overall result in the end, and results in less long and unsatisfactory lawsuits.
Regarding financial penalties, these are considered necessary in judicial actions and just to recover legal costs and punish violators, whereby compliant competitors are also indirectly rewarded as otherwise the non-compliant party would gain by waiting until an enforcement action. Nevertheless, it is stressed in the guidelines damages should not be prioritized and that depending on the local law and the case, pursuing them to the greatest extent possible could hurt overall compliance.
As a strong focus of community oriented enforcement is actually proper compliance, it is emphasized that no payment should be accepted to overlook nonexistent or incomplete solutions and ideally no payment accepted before compliance and a written agreement is secured.
This makes a lot of sense, but might be hard to keep in mind for project maintainers, especially in case they are not used to dealing with legal issues.
Most of all, the FSF and the Conservancy stress, that before making any accusations of GPL violation, all reports should be checked and careful analysis done, also with regard to if there are other potential GPL violations apart from those reported. As a result, in the end there should be reasonable assurance on both sides that no other violations are hidden.
Lastly, the FSF and conservancy would like to extend the benefit of ‘GPL v3 like termination, even for GPL v2 only works.’ as GPL v2 permanently terminates copyright permission on violation, which is permanent, whereas GPL v3 is more lenient, allowing one-time violators automatic restoration of distribution rights after resolution of the issue and enumerating which copyright holders have to give permission. In the spirit of future cooperation, especially in cases of honest mistakes, this is seen as a good idea.
All in all, the principles by the FSF and Conservancy to some degree are just common sense as to not create stronger tensions between parties if the situation is not clear, and in other cases help to understand the principles and values important to free software advocates and the projects the work on and represent.