Wrote section on "grey hat" GPL enforcement.

The inspiration for this section came from the pasted text, which
ultimately whitewashed this well-known and complex situation.  While my
new text likely has the biases inherent in a COGEO-oriented focused
document, so perhaps future patches that soften that side of it would be
helpful.

However, I believe generally that the new section describes the
situation substantially better than the terse pasted text that lauded
it.

Finally, this section is written to build up to some level of crescendo,
since the conclusion immediately follows it.
This commit is contained in:
Bradley M. Kuhn 2014-11-11 22:02:38 -05:00
parent 5bc647b591
commit 29e2d38e9d

View file

@ -1401,19 +1401,54 @@ who has chosen to modify.
% distribution of Javascript on the Web is becoming more frequent
%FIXME-soon: END
\section{Beware The Consultant in Enforcers' Clothing}
% FIXME-URGENT: integrate, and rewrite so it doesn't laud behavior that is
% ultimately problematic.
\section{FIXME}
There are admittedly portions of the GPL enforcement community that function
somewhat like the
\href{http://en.wikipedia.org/wiki/Hacker_%28computer_security%29#Classifications}{computer
security and network penetration testing hacker community}. By analogy,
most COGEO's consider themselves
\href{http://en.wikipedia.org/wiki/White_hat_%28computer_security%29}{white hats},
while some might appropriately call
\hyperref[Proprietary Relicensing]{proprietary relicensing} by the name ``\href{http://en.wikipedia.org/wiki/Hacker_%28computer_security%29#Black_hat}{black hats}''.
And, to finalize the analogy, there are indeed few
\href{http://en.wikipedia.org/wiki/Grey_hat}{grey hat} GPL enforcers.
companies have often formed beneficial consulting or employment relationships
with project developers they first encountered through compliance
inquiries. In some cases, working together to alter the mode of use of the
projects code in the companys products was an explicit element in dispute
resolution. More often, the communication channels opened in the course of
the inquiry served other and more fruitful purposes later.
Grey hat GPL enforcers usually have done some community-oriented GPL
enforcement themselves, typically working as a volunteer as a COGEO, but make
their living as a ``hired gun'' consultant to find GPL violations and offer
to ``fix them'' for companies. Other such operators hold copyrights in some
key piece of copylefted software and enforce as a mechanism to find out who
is most likely to fund improvements on the software.
%FIXME-URGENT: END
A few stories abound in the GPL enforcement community that companies have
often formed beneficial consulting or employment relationships with
developers they first encountered through enforcement. In some cases,
working together to alter the mode of use of the projects code in the
companys products was an explicit element in dispute resolution. More
often, the communication channels opened in the course of the inquiry served
other and more fruitful purposes later.
Feelings and opinions about this behavior are mixed within the larger
copyleft community. Some see it as a reasonable business model and others
renounce it as corrupt behavior. However, from the point of view of a GPL
violator, the most important issue is to determine the motivations of the
enforcer. The COGEOs such as the FSF and Conservancy have made substantial
public commitments to enforce in a way that is uniform, transparent, and
publicly documented. Since these organizations are public charities, they
are accountable to the IRS and the public at large in their annual Form 990
filings, and everyone can examine their revenue models and scrutinize their
work.
However, entities and individuals who do GPL enforcement centered primarily
around a profit motive are likely the most dangerous enforcement entities for
one simple reason: an agreement to comply fully with the GPL for past and
future products, which is always the paramount goal to COGEOs, may not be an
adequate resolution for a proprietary relicensing company or grey hat GPL
enforcer. Therefore, violators are advised to consider carefully who has
made the enforcement inquiry and ask when and where they have made public
commitments and reports regarding their enforcement work, perhaps asking them
to directly mimic the detailed public disclosures done by COGEOs.
\chapter{Conclusion}