I'm torn on this VMWare issue. On one hand I want GPL to be upheld. On the other hand if they win it will mean the end of most corporations using GPL code (possibly any open source licensed code that isn't as liberal as MIT or something). These megacorps are not going to expose themselves to a risk like this. I know from experience as we already are removing OSS that we feel could be a liability and replacing it with solutions that in some cases are not as good technically but legally less of a risk.
IT won't be good for the OSS ecosystem to have thousands of devs all the sudden stop contributing at their day jobs when the code is replaced.
On the other hand if they win it will mean the end of most corporations using GPL code
[citation needed]. I'm very irritated by this FUD "Just think of the jobs!" line of thinking.
Companies are aware of the "license risk" surrounding GPL today. They know what they can and can't do -- services like BlackDuck exist mainly to assess this "license risk".
Any sizable company using GPL is doing so because it helps their bottom line, not because they have their fingers crossed praying that it won't get enforced.
I think hyperbole was pretty obvious in my original comment but I don't have a citation other than experience. We're working hard to remove GPL code in some of our products.
> We're working hard to remove GPL code in some of our products.
Reading that, I am instantly wondering if you are currently infringing someones copyright and are now working hard to hide the crime?
There is alternatives of course. Are your product a prototype that never got shipped to a customer? Are the product at the moment gpl'ed, witch corresponding source code provided to the customer, and you want to move away to closed source in the future? I know any of the three scenarios could be the situation you are describing.
If a game company can understand the unreal license and know that distributing a game based on that engine require them to pay 5% of their total revenue, other corporations can understand the concept that they got to release the source code of programs based on GPL licensed software.
There is a reason why almost every AAA game now days comes with a long list of licensed works in their credits. The competition is just that impossible to fight if they decide to write their own xml parser, their own font types, their own everything. This will happen to any aspect of the computer industry that has enough competition, so the question about using third-party licensed software, be that of any license, is a simple question about competition.
> I don't think other companies have to feel threatened.
Many CTOs of large enterprises have, let's say, a less nuanced view of the GPL. Their concern is that "just complying" would mean the complete and total revelation of all of their code, all of their trade secrets, and thus all of their competitive advantage. They believe, wrongly, that there are no other ways to come into compliance than to do something they believe would kill their business. Cases like this are accelerants on those flames of Fear, Uncertainty, and Doubt.
I'm sure they could have licensed the equivalent code from someone like Oracle, but the CFO would have probably balked at the costs. VMware received an extremely generous offer from Hellwig and his co-contributors, at zero price, even. Not honouring their side of the deal is no different from defrauding any other of their contractors.
I'm actually agreeing with you. The trick is that the remedy for defrauding a vendor is clear: you pay a fine. I've worked directly with folks who believed that the only remedy for a GPL violation was completely turning over their entire business to the public domain. That fear kept them from even touching GPL'd code, including in ways that would be completely compliant and beneficial to everyone involved.
CTOs are not unused to contracts and licenses. I refuse to believe that they are incapable of dealing with outside entities and coming to terms. VMware is just being willfully rotten.
Hogwash. Corporations use GPL because it saves time and furthers business needs. However, many/most/some corporations ignorate the strictures on the use of this intellectual property and this is wrong. Corporate compliance with the license on the GPL will not impose a burden that obviates the benefit. What it may do is force the individuals or management consultants at a particular corporation to coordinate with internal attorneys when using other people's work. Which they would do with any externally licensed IP. Yes, it may encourage a bit more NIH mentality, but it will be just as wrong.
There's a long history of companies being sued over GPL. For instance, that's how we have OpenWRT. This lawsuit won't change many companies' attitudes. Either you're a company who's already embraced GPL and figured out how to make money with it, or you've rejected GPL (and if anything, in the latter group, some will start paying more attention to contract law).
If EMC wins the lawsuit, I'd seriously consider never releasing open source code again, and I'm sure many developers would feel similarly. There are many jobs that exist only because of open source. The damage done by EMC winning this lawsuit would be substantial. And for companies who pay for their employees to develop GPL code, you think they're going to be happy if competing companies start absorbing their code into proprietary systems?
Affero GPL is the only license that has made sense to me business-wise. If EMC prevailed and it was based on some flaw in the GPL, then fine let's correct it and everything would be (eventually) better. But if the linking provisions or other fundamental theories in the GPL are found the be unenforceable or fatally flawed, it would give me pause. I'd have to research the ramifications and whether it's a precedent that would defang the license in Germany and effects globally. I think most of my customers would be ok with some kind of commercial license that also provides them rights over the source itself. If GPL is a risk, I'd ditch it. I have no enormous legal budget, so if companies start thinking they can win GPL lawsuits, it's not worth it.
Perhaps this comment comes from a position of ignorance, but what's all this about "risk"? Complying with the GPL is simple. If I understand correctly, VMWare wouldn't have been in trouble here if they'd have just put a link in their docs to the effect of "ESX distributes Busybox, the source for which can be downloaded here (link)".
And even if you screw up and forget the link, the lawyers don't descend on you like buzzards - you get tapped on the shoulder and asked to fix it, which is a pretty simple matter too. The lawyers don't come out unless you stall and act in bad faith like VMWare has done.
If I understand correctly, VMWare wouldn't have been in trouble here if they'd have just put a link in their docs to the effect of "ESX distributes Busybox, the source for which can be downloaded here (link)".
This is about more than Busybox. Their 'vmkernel' proprietary code seems to rely heavily on code from the Linux kernel, up to the point where it may be a derived work:
In other words, their hypervisor could violate the GPL.
Of course, that does not change the point. If you want to benefit from GPL-licensed code, you also have to play by the rules. If the rules are never enforced, companies will systematically violate the license, as we've seen with many Android OEMs.
This chain of comments illustrates the reason that companies think the GPL is risky. Even in a highly-technical OSS-friendly community like HN, there are many different interpretations of what the GPL's restrictions actually mean. That uncertainty plus the viral nature of the GPL means that there's no way to know for sure that you won't be forced to open your whole codebase at some point in the future.
Suppose I grabbed a copy of the sources of NT, and then started modifying it and released a product based on that, without getting licensing from Microsoft. Do you think people would be "oh, this is why using Windows is risky .. there are many different interpretations of what the MSFT license means"? Of course not.
There's a difference between "not having a license" (in which case copyright applies, in which case you lose, simple), and having a license who's terms are ambiguous and not fully legally tested.
The risk that I was speaking of specifically comes into play when you use GPL code along side other proprietary code. Potentially exposing the need to release your proprietary code to comply with the license.
Since it seems we're going down this path regardless, I sincerely hope the Conservancy sends a loud, clear message that they attempted to resolve this issue amicably and reasonably. We must create the impression that violating the GPL is punishable, but only as an absolute last resort. We need to come out of this looking rational, fair, and helpful: our first goal is compliance, not litigation.
The Conservancy has good people and provides valuable services to the F/OSS community. I trust they've weighed these considerations before deciding to act.
Is the GPL a contract? What is the 'punishment' possible? I thought civil suits could only result in money for damages.
For instance, its not possible to make VMware do anything; just to fine them.
Its not clear how much money, nor clear what damages occurred. How does this usually play out?
It may or may not be; I think its usually seen as a gratuitous license, but I've seen some argument that it is a contract, and which it is may vary by jurisdiction.
> I thought civil suits could only result in money for damages.
This is inaccurate.
> For instance, its not possible to make VMware do anything; just to fine them.
Civil suits can result in orders for specific performance of duties under a contract, they can result in money damages, and they can result in permanent injunctions and other measures that mandate or constrain behavior of the parties. Money damages are the most common thing in civil suits, but not the only possible outcome. (And, of course, the possible outcomes and what the rules are for them all vary by jurisdiction.)
(IANAL) The GPL is a license, which is similar to but different than a contract. It says "you may use my IP under these circumstances (and I can't sue you even if I change my mind)". If one "violates" a license, one is simply using IP without permission. Incorporating GPL'd code contrary to its terms (and with no alternative license from the IP owners) is no different than copying a chapter or three from a book and releasing it as your own.
> The GPL is a license, which is similar to but different than a contract.
"license" is an overlapping category to "contract". Some licenses are also contracts, some licenses are gratuitous. Anything that gives the receiver permission to do something that the issuer has the exclusive right to control (such as, in the GPL, the right to do things which are exclusive to the copyright holder under copyright law) is a license, whether something is a contract depends on whether there is offer, acceptance, mutual consideration, etc.
I think the saddest part is that it exposes big companies like this as being giant, whining babies. They knew up front what using the GPL software would require them to do. And it's really not that hard to comply with the license.
IT won't be good for the OSS ecosystem to have thousands of devs all the sudden stop contributing at their day jobs when the code is replaced.