BSD->GPL Relicense Follow Up 1
In a previous article I mentioned a spat between some BSD developers and some GPL developers, with the SFLC getting pulled in to find a resolution.
It does appear that a resolution has been found, and it looks like the right thing was done.
Logic Prevailed.
In an excellent follow-up article at Linux-Watch by Steven J. Vaughan-Nichols, the SFLC asked for a quiet period to finish their research and analysis of the situation.
This of course allowed tempers to cool off (I’ve seen Eben do that before, because it was me and it worked) and provided minimal distraction for the SFLC to investigate and collect the data needed for their findings:
There the matter has sat until now. According to the SFLC, “All the copyright holders of the Linux ath5k-driver code, derived from ar5k, have been contacted and have agreed to license their changes under the ISC license, thus allowing improvements to be re-incorporated into OpenBSD. One of the three historical branches of the code reviewed by SFLC, however, included portions that are only licensed under the GPL, and SFLC has determined that it would be very difficult to re-incorporate that code into OpenBSD.”
You can read the analysys of the wireless driver’s development history at the SFLC site directly. Talk about transparency!
Ath5k-driver (discussed in Section 2) currently carried by Linville represents a clear and documented line of descent from ar5k to an ath5k driver for Linux. In addition, all new copyright holders in ath5k-driver code have been contacted and have agreed to license their changes to the ar5k-derived files under the ISC license.9 SFLC has provided a patch to Linville that provides correct attributions for all copyright holders in question. Therefore, SFLC recommends that development under the ISC license continue from what is currently in Linville’s commit c1928199c27de433d1e81b78e3178be4f0e978d2 in his ath5k branch of the wireless-legacy git repository.
I was unsure if the SFLC would take this course, and it is a pleasant read for me, as the SFLC demonstrates an understanding and cooperative approach to non-GPL projects.
Perhaps the most useful of this all is their article about originality requirements which discusses what they believe are reasonable and logical guidelines for determining the copyright status of software.
As well, they have published a guideline for developers who wish to maintain permissive-licensed files in a GPL project.
These last two documents are of great importance to the open source developer community, and I recommend every single one of you take the time to read these. They have thoughtfully been provided in PDF and PS formats for reading offline or printing.
Excellent, excellent work done by the SFLC.
BSD-to-GPL Relicense Stirs Controversy Between F/OSS Camps 2
I read an article on Slashdot (ok, actually a RSS feed) about a public spat about a wireless driver getting relicensed without respecting the original copyright or license. Basically the argument is brought public by a mailing list post by Theo de Raadt, founder and leader of the OpenBSD and OpenSSH efforts. There’s also a public request for an explanation by the original writer (and copyright holder), Reyk Floeter.
I’m not sure where to start on this one. There are both legal and ethical issues involved here, and I’m personally more intrigued by the ethical ones. Since I’m not an attorney I’ll leave the legal debate to folks that, well, know a heck of a lot more about copyright law than I.
However, that leaves the ethical issues as fair game.
Summary
Reyk wrote the driver for OpenBSD and ported it to several operating systems, and released it under the BSD license. It was clearly his desire to port his driver to work for linux, and release it under the BSD license for that platform as well.
The developers working on the port to linux allegedly took Reyk’s work, removed the BSD license in the header, added their names, and wrapped the code in the GPL license.
Problem: Copyright Violation
The act of taking someone else’s work, making minimal modifications and adding your names above the original authors is illegal. It is called copyright violation, and has become part of a growing, disturbing trend in F/OSS circles.
If you want to place your name on someone else’s software, you at least have to make significant contributions to it – and you cannot take the name of the creator away, as it will always be considered a derivative work. You can, however, release the additions that you made separately under your own copyright and license. This apparently was not done.
Another example is Joomla, a frequent topic on this site :-) As a co-founder, my name used to be in the COPYRIGHT.php file distributed with the work. I contributed to this software for a three-year period, and was much more active early – as when we rebranded from Mambo to Joomla I became busy with legal and administrative issues; and also focused my time on evangelism of the technology to both developers and enterprises.
Now, however, you will not find my name in there anywhere. Nor will you find the name of the guy that came up with the name “Joomla”. When I asked about this happening, the excuse was more or less “we’re removing the names of people that didn’t contribute directly to the 1.5 effort, which you didn’t really do that much work on.” Technically, they are correct in saying I wasn’t an active 1.5 contributor; but they completely failed to accept the fact that I was a copyright holder of the first release of that work, called Joomla 1.0. As such, my name should always be there if that work is called Joomla, as it will always be a derivative work, even if it is completely refactored – the name is the same, the terminology is the same, even the API calls are there for the most part.
Call it Open Source or Free Software, whatever – but the whole impetus behind this is sharing. And I never knew that sharing would turn into taking, and violating people’s copyright by removing their names sure sounds like taking to me.
Finally, let me remind everyone that the only currency in open source development is recognition for your efforts. I put three years of my life into this project, including a lot of code, and a lot of design; and having that erased invalidates all of my efforts, and completely devalues my involvement in the development of that software.
If you’re a young, budding developer and would like to get involved then take these words to heart: There are folks out there that are happy to take your contributions and intentionally fail to give you proper credit or attribution. Think carefully about the project that you are going to donate your energy and time to, as an unpaid volunteer you at least deserve credit for your efforts.
Problem: License Change Without Permission
There’s a legal angle to this – the developers took a BSD work and relicensed it as GPL, without the permission of the copyright holder. This is a simple no-no and shouldn’t require an attorney to understand.
The ethical issue here is best stated by Reyk, who points out that by releasing their modifications in a license that is incompatible with the BSD license, he cannot incorporate their changes; but they were able to take all his work, which is the basis for their work.
“Some time ago, I got repeated requests to change the license of the code to GPL or to dual-license it but I always rejected these requests. I clearly explained my reasons against dual-licensing in the past. It needed some time, but it had seemed to me that the involved people had finally accepted my decision.
I do like to idea to port the free Atheros driver to other operating systems in addition to OpenBSD, because it is a clear sign against hardware companies attacking the free software “community” by releasing binary-only driver objects instead of free code or hardware documentation. I used to cooperate with the people working on the madwifi port of “OpenHAL”; we exchanged ideas, bug fixes, and small code snippets. They sent me some bug reports and I also looked at their changes and reported some functional problems. This was possible because they kept the license in place.
But now the Linux code is almost ready and somebody wants to cancel any options to cooperate by locking me out with a prepended GPL and an invalid copyright on top of it. I hope that this was not caused by the same people.”
When he says locking me out, he’s talking about the GPL stuff being off-limits to the upstream developer (himself). So the changes made and released under the GPL will never make their way back to the original work, which fundamentally goes against the base tenets of open source and free software.
If something is released under an open source license, and you make modifications to it, and the license it was originally under is compatible with the license that you want to use, then why do you even need to change it in the first place? If you feel that strongly about the differences in licenses then you need to take the initiative to write your own software and license it as you wish.
The BSD license doesn’t mean you can take someone’s work and insert your name, change the license and pretend like this is your version of the work. The BSD license means you can use and redistribute the software as you see fit, as long as you respect the copyright and license header. So the developers were not acting in good faith by taking an open source work and relicensing it under another open source license – especially without a clear explanation as to why they were doing it, despite Theo’s accusations that the developers were being counseled by attorneys that should know better in the first place. He clearly requested that the changes be made to the original work, or at least be released under a compatible license so there wouldn’t be forks confusing everybody.
This is a tough subject for me to cover as I know quite a lot of people on the GPL side of the fence, and also many people on the non-GPL side of the fence (that would be MIT, BSD and many others). And I don’t want to be beating up on individuals, either.
But to take software that someone else wrote, and released under an OSI-approved license, and then change the license to one that is incompatible (knowing full well that the original author cannot accept your contributions), and add your name to something when your contributions are less-than-significant, this is just wrong.
Conclusion
It looks like things are going to get cleared up, however for some time the software was released with an incorrect license and improper attribution to copyright. Something tells me this is more about developers not realizing that committing to their repositories makes their software available immediately to the general public, and less about malicious intent to harm the original author.
However it’s bizarre to see one developer’s software get slightly modified and released under a different license without his permission. And I will tee off on the removing the names of copyright holders issue in another article (which needs more work).
Hopefully this issue gets resolved to Reyk’s satisfaction, and I don’t find myself writing similar articles :-)
How Do You Protect Your Copyright? 3
Matt Mullenweg, founding developer of WordPress, posted an interesting article called Price of Freedom. The main thrust of the article is the thorny problem of open source software protecting itself from people that simply remove all original references and copyright notice and pretend they created the software.
Being someone that just recently had their own copyright violated (article on that one soon), I can relate. Matt states:
“Though the freedom intrinsic in the GPL that has allowed people to abuse WordPress it has allowed even more people to do amazing things and over time the good far, far outweighs the bad. Most importantly I feel like WordPress would have never gotten off the ground if it hadn’t been open from the beginning. (In fact there were several more functional blogging programs started around the same time that have since withered away.)
Ultimately I know our software isn’t going to change anyone’s spots. Good people will do good things with it, and bad people will do bad things with it — regardless of any protections I put in place. Windows Vista, a multi-billion dollar enterprise, was cracked within days. Does any piddling encoding I can do in PHP really matter? If protection like that isn’t broken it’s a statement of popularity, not security. I suppose could harass the bad guys, shut down their host, send them scary letters, but it’s just going to stress me out and like cockroaches they’ll pop up someplace else. I also know that most projects, software, and ideas die from obscurity, not piracy.”
I agree wholeheartedly with Matt on the encryption/obfuscation issue, as it just doesn’t make sense with open source software. I’m also not hip to the idea of encrypting a footer or other such include in order to enforce some sort of copyright notification that the end user has no power to suppress.
For example, on a PHP-based open source CMS project I was once involved in, we were trying to tackle the same issue: Some folks were taking our software, removing all references to us, and rebranding it as their own and selling it as a closed commercial product.
How do you police such behavior?
As an open source volunteer, you’re most likely working with limited resources, so you don’t really have the time to spend 5 hours a day surfing the Internet looking for violations like a miniature RIAA.
On this particular project, it was decided to include a META tag in all output, identifying the platform that was powering the site. (For the record, I was aghast at the notion and fought the idea as it was not really any better than the encrypted copyright notice. But I was outnumbered. C’est la vie.)
Of course, one of the first things all clients asked me to do was remove the META output, but not because they were wanting to violate copyright, but avoid a storm of corporate issues – angry vendors when they learned the corporate site was not on their platform, competing vendors who claim favoritism, and such. My biggest gripe was that it made it easy for less-virtuous people to hunt down websites with a vulnerable version of that software if a major exploit was ever found.
It looks like Matt’s perspective is one I endorse at the end of the discussion though; as to me it’s totally uncool and un-FOSS-like to encrypt a copyright notice or spit out unwanted META output. The only thing we can do is continue to innovate, express ourselves in our craft, and know that the bad guys always end up with a burning paper bag of dog droppings on their front porch.
Not that I’m suggesting anyone take any action. (cough)