Where I interview Godot on Software Freedom Conservancy's blog
I did an interview with one of Godot's developers over on the Software Freedom Conservancy blog. Godot is an SFC member project, and a free software 2d and 3d gaming engine, so clearly a cool project! :)
Conservancy's First GPL Enforcement Feedback Session
October 27, 2016 by Bradley M. Kuhn
As I mentioned in an earlier blog post, I had the privilege of attending Embedded Linux Conference Europe (ELC EU) and the OpenWrt Summit in Berlin, Germany earlier this month. I gave a talk (for which the video is available below) at the OpenWrt Summit. I also had the opportunity to host the first of many conference sessions seeking feedback and input from the Linux developer community about Conservancy's GPL Compliance Project for Linux Developers.
ELC EU has no “BoF Board” where you can post informal sessions. So, we scheduled the session by word of mouth over a lunch hour. We nevertheless got an good turnout (given that our session's main competition was eating food :) of about 15 people.
Most notably and excitingly, Harald Welte, well-known Netfilter developer and leader of gpl-violations.org, was able to attend. Harald talked about his work with gpl-violations.org enforcing his own copyrights in Linux, and explained why this was important work for users of the violating devices. He also pointed out that some of the companies that were sued during his most active period of gpl-violations.org are now regular upstream contributors.
Two people who work in the for-profit license compliance industry attended as well. Some of the discussion focused on usual debates that charities involved in compliance commonly have with the for-profit compliance industry. Specifically, one of them asked how much compliance is enough, by percentage? I responded to his question on two axes. First, I addressed the axis of how many enforcement matters does the GPL Compliance Program for Linux Developers do, by percentage of products violating the GPL? There are, at any given time, hundreds of documented GPL violating products, and our coalition works on only a tiny percentage of those per year. It's a sad fact that only that tiny percentage of the products that violate Linux are actually pursued to compliance.
On the other axis, I discussed the percentage on a per-product basis. From that point of view, the question is really: Is there a ‘close enough to compliance’ that we can as a community accept and forget about the remainder? From my point of view, we frequently compromise anyway, since the GPL doesn't require someone to prepare code properly for upstream contribution. Thus, we all often accept compliance once someone completes the bare minimum of obligations literally written in the GPL, but give us a source release that cannot easily be converted to an upstream contribution. So, from that point of view, we're often accepting a less-than-optimal outcome. The GPL by itself does not inspire upstreaming; the other collaboration techniques that are enabled in our community because of the GPL work to finish that job, and adherence to the Principles assures that process can work. Having many people who work with companies in different ways assures that as a larger community, we try all the different strategies to encourage participation, and inspire today's violators to become tomorrow upstream contributors — as Harald mention has already often happened.
That same axis does include on rare but important compliance problem: when a violator is particularly savvy, and refuses to release very specific parts of their Linux code (as VMware did), even though the license requires it. In those cases, we certainly cannot and should not accept anything less than required compliance — lest companies begin holding back all the most interesting parts of the code that GPL requires them to produce. If that happened, the GPL would cease to function correctly for Linux.
After that part of the discussion, we turned to considerations of corporate contributors, and how they responded to enforcement. Wolfram Sang, one of the developers in Conservancy's coalition, spoke up on this point. He expressed that the focus on for-profit company contributions, and the achievements of those companies, seemed unduly prioritized by some in the community. As an independent contractor and individual developer, Wolfram believes that contributions from people like him are essential to a diverse developer base, that their opinions should be taken into account, and their achievements respected.
I found Wolfram's points particularly salient. My view is that Free Software development, including for Linux, succeeds because both powerful and wealthy entities and individuals contribute and collaborate together on equal footing. While companies have typically only enforce the GPL on their own copyrights for business reasons (e.g., there is at least one example of a major Linux-contributing company using GPL enforcement merely as a counter-punch in a patent lawsuit), individual developers who join Conservancy's coalition follow community principles and enforce to defend the rights of their users.
At the end of the session, I asked two developers who hadn't spoken during the session, and who aren't members of Conservancy's coalition their opinion on how enforcement was historically carried out by gpl-violations.org, and how it is currently carried out by Conservancy's GPL Compliance Program for Linux Developers. Both responded with a simple response (paraphrased): it seems like a good thing to do; keep doing it!
I finished up the session by inviting everyone to the join the principles-discuss list, where public discussion about GPL enforcement under the Principles has already begun. I also invited everyone to attend my talk, that took place an hour later at the OpenWrt Summit, which was co-located with ELC EU. Your browser does not support the element. Perhaps you can or .
In that talk, I spoke about a specific example of community success in GPL enforcement. As explained on the OpenWrt history page, OpenWrt was initially made possible thanks to GPL enforcement done by BusyBox and Linux contributors in a coalition together. (Those who want to hear more about the connection between GPL enforcement and OpenWrt can view my talk at https://sfconservancy.org/videos/2016-10-13_Kuhn_GPL-Enforcement-OpenWrt.mp4 )
Since there weren't opportunities to promote impromptu sessions on-site, this event was a low-key (but still quite nice) start to Conservancy's planned year-long effort seeking feedback about GPL compliance and enforcement. Our next session is an official BoF session at Linux Plumbers Conference, scheduled for next Thursday 3 November at 18:00. It will be led by my colleagues Karen Sandler and Brett Smith.
Posted by Bradley M. Kuhn on October 27, 2016.
Now, you can access all of Youtube videos without having to use Adobe's proprietary software, so long as your browser supports the W3C's version of Adobe's proprietary software.Show all 6 repliesAlso we have seen Adobe code quality. That's scary. I can't wait for 0day through the DRM modules. Engineering at Mozilla tells us "sandbox ! sandbox ! sandbox !". but you know what? Chrome sandbox Flash. and pwned to own that way.
Claes Wallin (韋嘉誠) likes this.YouTube has some great videos, which is why I use their service, and I will continue to use their service. In the past I have split my habits between different browsers. When I want to watch videos I use Chromium, and I use Firefox for everything else. If I only use the W3C DRM enabled web browser for viewing videos then so be it.
It's about time people used another video sharing website other than YouTube.
I find browser and client support for videos is good enough these days I can just upload video to my own server. Five or ten years ago I'd have worried about codecs or who could view it with what software. Not these days.
@mgebbe, I'm delighted that you've found a way to again construct a two-way bridge to Twitter with a federated Free Software service.
However, I'm completely befuddled at how you are in compliance with Twitter's API Terms of Service, which states:
You will not attempt or encourage others to … redistribute, or syndicate access … Twitter Content to any third party without prior written approval from Twitter.
Exporting Twitter Content to a datastore as a service or other cloud based service … is not permitted.
(Admittedly, Twitter Content appears to be a defined term, but it isn't, at least not in that document. But I think @-replies from third-parties almost surely qualifies under a reasonable definition of "Content".)
Meanwhile, I think your software also qualifies for the additional rules as well, which say:
Some Services or applications attempt to replicate Twitter's core user experience, typically by accessing the home timeline, account settings, or direct messages API endpoints or User Streams product. The following additional rules apply to Services or applications that fall within this category.
those additional rules contain:
not arrange for your Service to be pre-installed on any device, promoted as a "zero-rated" service, or marketed as part of a specialized data plan.
display a prominent link or button in your Service that directs new users to Twitter's sign-up functionality.
… both of which means your software can't be Free Software, because you must restrict it from being packaged for, say, Debian. Thus, if you were to GPL your software, everyone downstream from you would have a GPLv2§7 / GPLv3§12 problem.
Meanwhile, you also run into this problem right now. I think Pumpbridge.me is already violating this one outright:
not use Twitter Content or other data collected from end users to create or maintain a separate status update or social network database or service.
I think we all need to be realistic. Twitter is a proprietary, software freedom unfriendly service that's designed to stop Free Software social networking software from integrating with it. Yes, I know lots of people we want to talk to are on Twitter. That's the scam that Twitter is playing on everyone: make the place everyone wants to be, then make it expensive to be there. With network service software: if you aren't the customer of a product, you are the product.You probably understand these things better than me, but I have troubles understanding how the rules are problematic for the source code.
It's pretty obvious that Twitter doesn't want you to run a service that acts as a shell around it. On that aspect, the pumpbridge.me service has probably some worry to come.
However, I don't see how this limits the distributability of the code itself. The worst that might happen is that @mgebbe will lose his Twitter acount for violating the rules. However, in the spirit of Pump.io itself, I guess people could run their own instance for themselves, as I am not sure what legal recourse Twitter has to control code distribution. Their only option would be to block pumpbridge requests on their end.
Having just read GPLv2§7, I see your point. But I undertsand it only applies in the case of a court order forbidding distribution of the code alongside binaries (or, in this case, service).
Altogether, I guess Twitter could prevent single people from distributing the code by enforcing their user agreement, but what about non-Twitter users? I'm not sure there is much recourse there. And copying code is cheap.
"exporting" .. I think there is an exception for temporary caches in apps but no they don't like long term storage
if it doesn't redistribute the posts to other sites/services and only acts on behalf of a user logged in locally and using their own account at twitter/fb its behaviour and limitations is essentially the same as any other twitter/fb "app"
users often manually copy/paste content to/from there to/from everywhere else and there could be millions of such posts per day and there might sometimes be even a clash between their terms and terms on other sites something might have been copied from
I'm no lawyer but I suspect that might be a bit of a pandora's box even lawyers might prefer to avoid! (as well as a bad-publicity minefield!)