coordinated compliance efforts addresses the issues of this thread

Tito farmatito at tiscali.it
Sun Nov 11 23:09:56 UTC 2012 

On Friday 09 November 2012 23:55:19 Felipe Contreras wrote:
> On Thu, Nov 8, 2012 at 9:35 PM, Tito <farmatito at tiscali.it> wrote:
> > On Wednesday 07 November 2012 20:03:52 you wrote:
> >> On Sat, Oct 20, 2012 at 10:19 PM, farmatito at tiscali.it
> >> <farmatito at tiscali.it> wrote:
> >>
> >> > I would like
> >> > to bring to your attention a few articles of this law
> >> > as they are in
> >> > the "real" reality:
> >>
> >> The reality in Italy.
> >
> > Yes, which is part of the EU and therefore
> > I guess that its copyright law must be in line
> > with european directives.
> 
> It might be in line, that doesn't mean every European country has
> exactly the same law, let alone the rest of the world.
> 
> >> > Collective works made by the union of other works
> >>
> >> Software projects are not a dictionary; it's collaborative work, not
> >> collective work. CPAN is a collection, busybox is not.
> >
> > There is not such a thing in italian law, there are collective works
> > that are characterized by having somebody that acts as coordinator
> > and therefore heavily influences the collective work and therefore
> > is entitled to be holder of the copyright and to enforce it.
> > This is a fact.
> 
> Yes, and software projects are nothing like that.
> 
> They are not collections.
> 
> >> > This opens up interesting questions about the ownership of the
> >> > copyright of collective works
> >> > like for example busybox or even the
> >> > linux kernel.
> >>
> >> Linus Torvalds has said that it's up to each developer to decide how
> >> to exercise their copyright rights. Even if under *Italian* law the
> >> Linux kernel was considered nothing more than a compilation of other
> >
> > Not a compilation, a collective work. Please don't mix up terms.
> 
> "Collective works made by the union of other works or parts thereof,
> that have a  character of autonomous creations, as result of choice
> and coordination for a particular literary, scientific, didactic,
> religious, political or artistical purpose, as encyclopaedias,
> dictionaries, antologies or newspapers"
> 
> *You* should not mix terms, we are not talking about a collection of
> works that have a character of autonomous creations; the Linux kernel
> is not a collection of patches each one considered an autonomous
> creation.
> 

Italian Copyright  law is very ancient
"Legge 22 aprile 1941 n. 633" and at that time there was 
no software,  so it is not explicitely named because it did not exist yet.
One more point, surely due to my rough translation,
is that the words "character of autonomous creations",
probably better translated as "character of autonomous creation",
are reffered to the  collective work and not to the parts
thereof. I am sorry for this error.

> >> works, Linus Torvalds wouldn't ask for enforcement.
> >
> > Today he wouldn't, tomorrow who knows......
> > after tomorrow there will be another maintainer......
> > Panta rei.
> 
> And the next maintainer still cannot change the nature of the Linux
> kernel, which is not a collection of works that have a character of
> autonomous creations.

See above.

> And supposing hyopthetically that he did, he couldn't claim anything
> for the work that Linus did, so it's really dubious how exactly this
> article would apply, and even if it did apply, let's wait for that to
> happen, this is already too many hypothetical levels.

Yes I agree, but as long as there are no juridical facts
the hypothetical level is the only one we have
to reason about this things.

> >> > it is very naive for the part that concers the
> >> > commercial entity
> >> > as in most law system there are the concepts of:
> >> > 1) due diligence
> >> > 2) wilful misconduct
> >> > 3) worngful conduct
> >>
> >> The burden of proof is on the plantiff to demonstrate either of those,
> >> and if the defense shows proof of due diligence, and no signs of the
> >> other, they can't be considered at fault.
> >
> > They cannot be considered at fault of having deliberately
> > changed the software license themselves for profit
> > but during this process it is ascertained that the software
> > is not correctly licensed.
> 
> Indeed.
> 
> >> But let's assume they are, the court will force to either a) get a
> >> proper license from the copyright owner (which might mean complying
> >> with the GPL),
> >
> > Exactly.
> >
> >> or b) stop using that software from their products. But
> >> this doesn't automatically transfer rights to the end-user.
> >
> > Even in this case why shouldn't the judge order them to "show the source"
> > of the already distributed binaries once it is ascertained that the
> > software is under the GPL?
> 
> The judge might order them to do that, because they violated the
> license, but the owner of the code (e.g. me), might provide exactly
> the same code under a different license, therefore they wouldn't be
> violating the license.

Very difficult solution to be applied to busybox or the Linux kernel.
 
> Whether the custom license was provided before or after the product
> was launched has absolutely no relevance to the end-user, because the
> end-user never saw any license.

In the case of busybox the user maybe didn't see the license
but once he is aware that this software  is running on his device
he knows that there was a license, a GPL license
and that he was deprived of seeing the source code
and/or modifications thereof.

> But supposing the judge orders them to do that, he cannot enforce such
> a thing, they can claim the code was damaged in a server fault, or any
> lame excuse like that. In the end the code might be truly gone (e.g.
> they deliveratively removed it), and the only thing left is to pay
> punitive damages, which _can_ be enforced.

Bad bad boys, of course they could burn down their headquartes
and so the poor GPL fanboy gets nothing. They need new headquarters tough...

> It sounds like something illogical, but companies might opt to do that
> rather than to reveal some of their IP.

You mean the stolen IP or some other NDA encumbered IP they should
have never been mixing with GPL code?

> > There are no law cases until now apart the french "vnc" one
> > (where they in fact had to show the source, the source of the
> > distributed binary, not an earlier nor a later version)
> > so how could you be sure?  it is just your opinion.
> 
> The judge might have ordered them to do that, and they might have
> complied, but that was their _choice_. They might have decided
> otherwise; that they didn't loose too much by giving the code, so they
> did it, but if the situation was different, they might have opted to
> destroy the code, lie, and face the consequences. It wouldn't be the
> first time a company does something inappropriate.

Still it is hard to believe that for example the busybox
source code can contain such secrets to compell a company
to hide it, or burn their servers. Mostly it is greed or arrogance.

> >> Which is what the court would ask them to do anyway, even if they are
> >> not guilty of misconduct. The only difference is that they won't get
> >> punitive damages.
> >>
> >> > I also doubt
> >> > you would dare  to make the same example
> >> > if the program at stake would
> >> > be a proprietary software.
> >>
> >> Yes I would, specially in this case. If my software is proprietary, a
> >> colleague of mine sells it to another company, how on Earth can the
> >> company be blamed for something they didn't know (and couldn't know).
> >
> > Usually it is possible for people educated in some activity to  value the
> > work of other people working in the same field.
> 
> I don't understand what you are trying to say here. If I wrote the
> code, Federico took it and sold it as his own to Company X, how on
> Earth could Company X know that if it was not public?

If it was a GPL project it was indeed public.

> >> They can't use Google to search for my code, because it's not there.
> >> So even if the company spends tons of resources in their due
> >> diligence, they won't find anything wrong.
> >
> > If they don't want to of course they will not find that something is wrong.
> > Sometimes asking a few simple questions helps:
> > 1) who is this man?
> 
> Federico, a software engineer.
> 
> > 2) is he a reliable partner of other corporations?
> 
> Yes, he has worked in many big successful companies. (including the
> one I was working for)
> 
> > 3) where are his headquarters?
> 
> His home.
> 
> > 4) how many people compose the staff?
> 
> Only himself. There's many successful one-man companies.
> 
> > 5) how many years needs his staff to write such a software?
> 
> 6 man months.
> 
> > 6) was this software ever seen or heard of before?
> 
> No.
> 
> > 7) is there other software out there performing the same functions?
> 
> No.
> 
> > 8) is there maybe some GPL software out there performing the same functions?
> 
> No.
> 
> > _________________________________________________________________________
> >
> > Result:  No money for Federico
> 
> If Federico didn't get any money, a lot of colleagues from one-many
> companies would be having very difficult times (they aren't).

This is fine, you did your due diligence and got paid.
Now substitute busybox or linux kernel as the software at stake
and let us see if you reach the same conclusions.
  
> >> > Now let us reduce and analyze the only
> >> > important step of the example:
> >> >
> >> > 3)         Federico (licensor) ->
> >> > Commercial entity (licensee) # Commercial entity  gets the
> >> > source code
> >> > by paying money to Federico, which provides it with a  __(FALSE)__
> >> >
> >> > propriety license
> >>
> >> It is a true license. Federico can sue the Commercial entity for not
> >> complying with the license. The license might get invalidated if it's
> >> found out that Federico had no rights to license the software, but
> >> that makes it invalid, not "false" (whatever that might mean), and
> >> that might not happen at all.
> >
> > False means fake.
> 
> Maybe, once something is determined to be fake.

Exactly.

> 
> > Federico deliberately changed the original license with a fake one with the purpose of making a profit.
> 
> Yes, but if nobody determines the license is a fake, the license remains.

In the case of busybox I can assure you that it is usually
very easy even for a self-taught hobby developer like me
to spot its presence in firmware images.
 
> >> > The commercial entity must follow the principle of
> >> > due diligence
> >> > and have to ascertain that the source code they are
> >> > buying for their product
> >> > is legally sound  as they have the knowhow
> >> > legally and technically.
> >> > If they fail to do so it is at least a wilful
> >> > misconduct. In other words no
> >> > commercial entity whatsover will give
> >> > money to the first Federico that comes knocking
> >> > at their door without
> >> > being sure he is the author of the software being sold.
> >>
> >> Nobody can be sure of anything.
> >
> > Yes and the Earth is a dish.
> 
> Yes, Spherical Earth, Heliocentrism, Gravity, Evolution, they are all
> _very_ strong theories. But any scientist would tell you nothing is
> 100% sure. 99.9e100 maybe, but not 100%.
> 

99,9 % is good enough.

> >> After doing their due diligence they
> >> might find no signs that the software comes from another entity, where
> >> in fact they are wrong. Specially if the software is proprietary.
> >>
> >> In a trial, if they show proof of this due diligence, they are out of
> >> the waters.
> >>
> >> > In case of a wrongful conduct/wilful misconduct
> >> > there are third parties that are damaged
> >> > and that are entitled to start
> >> > a legal action whatever the outcome will be.
> >>
> >> Yes, *in that case*, which might not be.
> >
> > But also might be and as you said before: Nobody can be sure of anything.
> 
> Of course, but things that might happen in certain circumstances are
> not *rights*.

Once a law case is established things could became rights depending on the law system
and on the degree of judgment.

> Is it *possible* that you, as a user, will sue a company for a GPL
> violation and will get the source code you seek as a result?
> Definitely. Is is a *right*? No.

So summarizing it is possible for me as a user to sue a company
for a GPL violation in other words I have the right
to sue them, whatever the outcome will be.

> Cheers.
> 
> 
Ciao,
Tito

More information about the busybox mailing list