In talking with a lot of different companies recently, I've come to the realization that we really need to do something about companies that violate the kernel's GPLv2 license. It has been a common criticism that "Well, our company abides by the GPL by releasing the code properly for our kernel modules, but what about all of those other companies that do not?" The companies that are good members of the community are getting a lot of pressure by people internal to them to stop releasing the code. This is justified by pointing to the companies that do not release their code as they are not having any "penalties" by doing this.

Previously the kernel community has ignored almost all violators (with the obvious exception of the project). The kernel changes so rapidly that it is quite expensive for a company to try to keep up without releasing their changes and becoming part of the community. This has been done by the constant API changes and other rapid evolution that dictates Linux kernel development. However, if a company throws a bunch of money and developers at the problem, it is pretty trivial to keep up with this development model.

Another big problem is the fact that the kernel is created and copyrighted by thousands of individual developers and companies. Companies are usually not eager to sue other companies as they most likely already have business agreements with them. So that leaves the individual developers, but it's hard for an individual to do anything on their own against companies who violate their code.

So, what can the community do to handle these problems? Here's a few ideas that I've come up with:

  • continue as before, ignoring violators. But if we do this, more companies will see this as an implicit acceptance of the closed source modules and start to do it more and more.
  • Go after companies with legal action. This is good, but it's pretty "mean" and doesn't do much to try to help convert companies who could learn to become good members of the community. Remember, we need their help, and antagonizing them isn't the best way to accomplish this.
  • Ask companies who are friendly toward Linux to apply business pressure against these other companies to get them to change their ways.
  • Quietly take legal action against companies who violate the license. This has been the way the FSF has done things in the past, and for some instances this does work. But it does not give any publicity for the other offending companies to provide a disincentive.
  • Do big public notices of the offending companies. This will work in some cases, but others, not at all.

The best thing to do is probably a mixture of the above, but I really don't have any solid answers as to how to achieve some of them very well. Taking legal action against another company takes time and resources that individual developers do not usually have. Perhaps a combination of these things is probably the best thing to do.

Anyone have any other ideas?

Or how about incentives for companies who do abide by the license and are good community members. What can we do for them that will help make other companies realize the benefits of doing the same? It's usually easier to convince companies of a tangible benefit, rather than just the risks of incurring legal action.

Anyone have any good ideas about how we can help these companies more?

We need to do something, as I don't think that the current status is workable over the long term.

Thanks to everyone who read and provided feedback to early versions of this document. This includes the whole SuSE kernel development team (not all of whom agree with this document, but they provided their input anyway), and members of other companies that probably do not want to be listed here...

posted Wed, 28 Mar 2007 in [/linux]


My Linux Stuff