From 29e2d38e9db079b9663aef937b5a4c4a2f5563f3 Mon Sep 17 00:00:00 2001 From: "Bradley M. Kuhn" Date: Tue, 11 Nov 2014 22:02:38 -0500 Subject: [PATCH] Wrote section on "grey hat" GPL enforcement. The inspiration for this section came from the pasted text, which ultimately whitewashed this well-known and complex situation. While my new text likely has the biases inherent in a COGEO-oriented focused document, so perhaps future patches that soften that side of it would be helpful. However, I believe generally that the new section describes the situation substantially better than the terse pasted text that lauded it. Finally, this section is written to build up to some level of crescendo, since the conclusion immediately follows it. --- compliance-guide.tex | 55 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 45 insertions(+), 10 deletions(-) diff --git a/compliance-guide.tex b/compliance-guide.tex index 57a2e7f..d22c351 100644 --- a/compliance-guide.tex +++ b/compliance-guide.tex @@ -1401,19 +1401,54 @@ who has chosen to modify. % distribution of Javascript on the Web is becoming more frequent %FIXME-soon: END +\section{Beware The Consultant in Enforcers' Clothing} -% FIXME-URGENT: integrate, and rewrite so it doesn't laud behavior that is -% ultimately problematic. -\section{FIXME} +There are admittedly portions of the GPL enforcement community that function +somewhat like the +\href{http://en.wikipedia.org/wiki/Hacker_%28computer_security%29#Classifications}{computer + security and network penetration testing hacker community}. By analogy, +most COGEO's consider themselves +\href{http://en.wikipedia.org/wiki/White_hat_%28computer_security%29}{white hats}, +while some might appropriately call +\hyperref[Proprietary Relicensing]{proprietary relicensing} by the name ``\href{http://en.wikipedia.org/wiki/Hacker_%28computer_security%29#Black_hat}{black hats}''. +And, to finalize the analogy, there are indeed few +\href{http://en.wikipedia.org/wiki/Grey_hat}{grey hat} GPL enforcers. -companies have often formed beneficial consulting or employment relationships -with project developers they first encountered through compliance -inquiries. In some cases, working together to alter the mode of use of the -project’s code in the company’s products was an explicit element in dispute -resolution. More often, the communication channels opened in the course of -the inquiry served other and more fruitful purposes later. +Grey hat GPL enforcers usually have done some community-oriented GPL +enforcement themselves, typically working as a volunteer as a COGEO, but make +their living as a ``hired gun'' consultant to find GPL violations and offer +to ``fix them'' for companies. Other such operators hold copyrights in some +key piece of copylefted software and enforce as a mechanism to find out who +is most likely to fund improvements on the software. -%FIXME-URGENT: END +A few stories abound in the GPL enforcement community that companies have +often formed beneficial consulting or employment relationships with +developers they first encountered through enforcement. In some cases, +working together to alter the mode of use of the project’s code in the +company’s products was an explicit element in dispute resolution. More +often, the communication channels opened in the course of the inquiry served +other and more fruitful purposes later. + +Feelings and opinions about this behavior are mixed within the larger +copyleft community. Some see it as a reasonable business model and others +renounce it as corrupt behavior. However, from the point of view of a GPL +violator, the most important issue is to determine the motivations of the +enforcer. The COGEOs such as the FSF and Conservancy have made substantial +public commitments to enforce in a way that is uniform, transparent, and +publicly documented. Since these organizations are public charities, they +are accountable to the IRS and the public at large in their annual Form 990 +filings, and everyone can examine their revenue models and scrutinize their +work. + +However, entities and individuals who do GPL enforcement centered primarily +around a profit motive are likely the most dangerous enforcement entities for +one simple reason: an agreement to comply fully with the GPL for past and +future products, which is always the paramount goal to COGEOs, may not be an +adequate resolution for a proprietary relicensing company or grey hat GPL +enforcer. Therefore, violators are advised to consider carefully who has +made the enforcement inquiry and ask when and where they have made public +commitments and reports regarding their enforcement work, perhaps asking them +to directly mimic the detailed public disclosures done by COGEOs. \chapter{Conclusion}