[HN Gopher] Will the new judicial ruling in the Vizio lawsuit st...
___________________________________________________________________
Will the new judicial ruling in the Vizio lawsuit strengthen the
GPL?
Author : sillystuff
Score : 125 points
Date : 2024-01-21 03:05 UTC (19 hours ago)
(HTM) web link (blog.tidelift.com)
(TXT) w3m dump (blog.tidelift.com)
| seabass-labrax wrote:
| I'm usually rather scathing of test cases, because they allow
| more affluent parties to exert undue influence on legal
| precedent. However, in this scenario I have nothing but
| congratulations to offer to the Software Freedom Conservancy:
| they took on a party several times their size, seeking resolution
| of a clear-cut GPL violation, and - most importantly - in a way
| that seems to me entirely compatible with the spirit of the GPL.
|
| If one reads the articles written by the progenital big cheeses
| of the early Free Software Foundation (such figures as Richard
| Stallman, Eben Moglen and even Bradley Kuhn of the SFC himself),
| it's clear both from the legalese and the marketing slogans that
| _user_ empowerment was the intention. Those old articles don 't
| give me the impression that enforcement the GPL was ever supposed
| to be a privilege limited to the software author, even if this
| was the most conventional situation for copyright infringement
| cases and thus the only legally viable action.
|
| I'd posit that the SFC are being lenient, even generous with
| their legal action against Vizio. Suing to enforce the GPL 3.0
| rather than version 2.0 would have been slightly more so,
| considering the "cure within 30 days" provision introduced in the
| GPL 3.0 family. But that is all but irrelevant considering
| Vizio's long-standing disregard for copyleft license compliance.
| bonzini wrote:
| They can't sue to enforce GPLv3, because Linux isn't under a
| "GPLv2 or later" license. However, Conservancy established
| "Principles of Community-oriented Enforcement"
| (https://sfconservancy.org/copyleft-
| compliance/principles.htm...), and these include extending the
| 30 days provision to GPLv2-only works. This is a concession by
| Conservancy and not a requirement of the license, but it's a
| part of the Principles that has been widely lauded and adopted
| by others including Red Hat
| (https://www.redhat.com/en/about/gplv3-enforcement-statement).
| richardfontana wrote:
| The lawsuit does not ask for source code solely for the
| kernel, but also for several userspace components under GPLv2
| and LGPLv2.1 (at least some of which are at least in large
| part under "or-later" licensing). They don't recite any
| noncompliance wrt any *GPLv3 components, perhaps (though I'm
| just guessing) because Vizio doesn't include any in their
| TVs.
| dang wrote:
| See also https://social.coop/@luis_in_brief/111766701183578447
| (via https://news.ycombinator.com/item?id=39077286), but we
| merged that thread hither.
| andy99 wrote:
| So there have been discussions about how AI model weights may not
| be copyrightable because they are computer generated. Personally
| I disagree but there is not a clear court ruling yet and we'll
| have to see.
|
| Nevertheless, practically all weights of any significance get
| released under various software-like licenses, either open source
| like Apache 2.0 or other more restrictive ones.
|
| I wonder would this ruling be relevant to these AI weight
| licenses being enforceable as contracts, even if the weights
| cannot be copyrighted? If so, would it only work if the license
| actually conferred some benefit like with GPL? Any ideas?
| alexchamberlain wrote:
| I'd like to preface this comment with the fact I support what the
| SFC is trying to do here: if you're using GPL software, you have
| to publish the modifications. It's pretty simple...
|
| That being said, and please correct me if this doesn't exist in
| the US/US-CA, have they risked a malicious intent argument here?
| Did they go out and buy the TV with the sole intent of baiting
| Visio into an argument?
| wmf wrote:
| AFAIK people have bought stuff specifically to hang lawsuits on
| for decades. If that was somehow improper I'd think there would
| be precedent against it by now.
| gumby wrote:
| > if you're using GPL software, you have to publish the
| modifications. It's pretty simple...
|
| If you _redistribute_ GPLed binaries you have to be willing to
| provide the source that built that binary, whether it
| incorporated changes or not, to anyone who asks. "Provide" can
| include pointing someone at a public repo these days.
| Lt_Riza_Hawkeye wrote:
| I believe it only has to be provided to recipients of the
| binaries, so you can still charge money for linux
| modifications, such as grsec.
| Someone wrote:
| I don't think it necessarily is _"to anyone who asks"_.
|
| https://www.gnu.org/licenses/gpl-3.0.html#license-text,
| article 6a:
|
| _"a) Convey the object code in, or embodied in, a physical
| product (including a physical distribution medium),
| accompanied by the Corresponding Source fixed on a durable
| physical medium customarily used for software interchange."_
|
| Assuming any "durable physical medium customarily used for
| software interchange" still exists, that means that, if you
| choose to ship your software on CD you have to give the
| source to whomever you distribute the binary, but need not
| make the source code available to others.
|
| If, instead, you go for the distribution method of article
| 6b, you do have to make the source code available to anyone
| who possesses the object code, but not indefinitely:
|
| _"b) Convey the object code in, or embodied in, a physical
| product (including a physical distribution medium),
| accompanied by a written offer, valid for at least three
| years and valid for as long as you offer spare parts or
| customer support for that product model, to give anyone who
| possesses the object code either (1) a copy of the
| Corresponding Source for all the software in the product that
| is covered by this License, on a durable physical medium
| customarily used for software interchange, for a price no
| more than your reasonable cost of physically performing this
| conveying of source, or (2) access to copy the Corresponding
| Source from a network server at no charge."_
|
| So, if you distribute the binary in a "physical distribution
| medium", and then immediately claim to stop supporting that
| product, I think you're off the hook if nobody asks for the
| source code for 3 years.
|
| Also, should that _"(including a physical distribution
| medium)"_ have been there in that article in the license? It
| means you can sell a CD with your software, immediately stop
| supporting that CD, and get of the hook in 3years time.
| gumby wrote:
| Technically only people _you_ furnished the binary to,
| true. If they give it to a friend, redistribution is their
| problem.
|
| These days you can just post a link to a github repo on
| your web site
| Brian_K_White wrote:
| I think it doesn't matter. If the major question was if a 3rd
| party could have standing, and the answer was yes because they
| were a beneficiary, then all they need is to show that they
| were not given a benefit they were owed. If the reason they
| bought the tv was to use it on their wall, and would have
| benefitted from the source code to modify the tv or study how
| tvs worked etc, that would just be one possible benefit. Using
| the tv to excercise a right just to test if you actually have
| that right, or to use the tv and it's source as an example in
| the persuit of their operation which is to defend the gpl and
| the authors and users, that is still using the tv, and still a
| benefit that the gpl grants and that it's framers and users
| definitely intended to grant. The gpl goes on and on and
| restates the intent multiple times in multiple ways that the
| whole purpose is _explicitly_ to grant every end user the right
| for any purpose and without having to justify it.
|
| It would seem that this makes buying the tv just for the sake
| of the case perfectly fine by at least 2 different vectors,
| each of which would seem to be enough all by itself. 1 - You
| have to be able to test something to prove you have it. 2 - The
| overwhelmingly unambiguous writing in the gpl itself, let alone
| all the other surrounding decades of writings and speaking by
| both the people who wrote it, and the people who chose to apply
| it to their own works.
|
| Maybe yet a 3rd factor, the SFC probably isn't trying to get
| paid money besides maybe the cost of the trial itself and some
| token, all they really want is for Vizio to do what they are
| already supposed to do. No matter why the SFC buys a tv, Vizio
| still has no excuse for not doing it's part, and all the SFC
| wants is for Vizio to have done what it should have, and it's
| not even something which costs Vizio anything. If they try to
| argue that SFC can't show they were actually harmed, neither
| can Vizio show that SFC is merely seeking to harm them.
|
| My very biased (I want it to mean this) view anyway.
| progval wrote:
| (nitpick: it's the SFC, not the FSF)
| Brian_K_White wrote:
| in time to edit, thanks
| 8note wrote:
| If the visio is using GPL software, isn't buying it in order to
| do GPL stuff with it an advertised feature?
| ArnoVW wrote:
| To quote Wikipedia
|
| In law, standing or locus standi is a condition that a party
| seeking a legal remedy must show they have, by demonstrating to
| the court, sufficient connection to and harm from the law or
| action challenged to support that party's participation in the
| case.
|
| I suspect that is the reason. So it is not 'bad', it is just
| necessary in order to sue
| hamilyon2 wrote:
| I think it may matter in specifics of how Red Hat chose to
| implement GPL compliance recently. This means that even non-
| clients of Red Hat can ask for copy of source code as long as
| they have binaries. And you should definitely have right to give
| away binaries without asking Red Hat for permission.
| bonzini wrote:
| > you should definitely have right to give away binaries
| without asking Red Hat for permission.
|
| You do, and you have to provide sources in that case.
|
| But, Red Hat can choose to stop doing business with you if you
| give away binaries for reasons that they judge to be against
| their interest. They aren't forced to accept your money.
| AnthonyMouse wrote:
| How would they even know who it is? Alice is a Red Hat
| customer, gives binaries and sources to Bob in private, now
| Bob publishes them on the internet for the world without
| telling anyone it was Alice he got them from.
|
| "Tell us who it was so we can retaliate against them for
| exercising their rights under the license" doesn't seem like
| a good faith request.
| yjftsjthsd-h wrote:
| That is certainly what RH likes to claim, but it always
| struck me as extremely suspicious logic. If the license says
| you have to share code with users and cannot restrict their
| rights to do the same, and they exercise those rights and you
| immediately retaliate, it sure seems like a reasonable person
| would say that you're restricting the rights of your
| customers in direct contravention of the license terms.
| tsimionescu wrote:
| > This means that even non-clients of Red Hat can ask for copy
| of source code as long as they have binaries.
|
| No, that is not a part of this trial. The SFC is a customer of
| Vizio, if they weren't they would not have had any kind of
| standing. The novelty is that a company who buys RHEL and
| redistributes it might be able to sue IBM if they then refuse
| future contracts.
|
| As it stands today, only Linus or other Linux copyright holders
| could sue. End users have never tried before.
| pwarner wrote:
| What's the benefit to Vizio in withhold the source? Wouldn't all
| their interesting custom code be outside the scope of the GPL?
| bayindirh wrote:
| Maybe they have written some kernel modules which claim to be
| GPL licensed to be able to access all kernel APIs unimpeded? So
| it's their interesting code infringing GPL.
|
| Maybe they modified tools, kernel or some GPL licensed tool to
| work with their hardware, and don't want to spill the beans?
|
| Possibilities are endless.
| bornfreddy wrote:
| Or drivers, possibly for devices / modules for which they are
| not at liberty to share the details (NDA).
|
| Either way, such hiding should stop. There is no reason I
| should not be able to repair / upgrade / change the TV I
| bought however I wish, as long as I'm not harming others
| (RF). Even then, this should be my responsability.
| gary_0 wrote:
| Maybe their engineers were lazy or rushed by management, and
| didn't keep things organized, so GPL code,
| proprietary/internal code, potentially-patent-violating
| hardware documentation, and secret keys all got munged
| together, and they figured it would be cheaper to fight a
| lawsuit than to carefully untangle the terabytes of junk so
| they can hand over the relevant code without having their
| digital asses hanging out.
|
| The possibilities are indeed endless.
| bluGill wrote:
| It would cost them millons to find and package everything. This
| is assuming they have everything in source control and have
| nothing to hide (that is no code that isn't public anyway) sure
| you can do a git to tar.gz easy, but GNU is likely to demand
| the hash everything was built from which means people need to
| figure that out.
|
| if they have a monorepo with non GPL code (which doesn't link
| to anything GPL) stripping it all out will cost a lot more.
| tsimionescu wrote:
| It costs nowhere near that much to find all your third party
| dependencies. It's not pleasant work, to be sure, but it's
| not rocket science either.
| kurts_mustache wrote:
| I know they don't rely on GPL much, but what does the ruling here
| suggest for OSS foundations like Apache and CNCF? Specifically
| this part: only the author can initiate the lawsuit.
|
| Does that mean failure to adhere to the terms of licenses like
| ASLv2 or MIT would could only be settled in court if the person
| who wrote the code actually bring suit and that OSS foundations
| basically become (more) toothless?
| 8note wrote:
| The impacts of the case are only to keep the status quo, or to
| extend who can bring a case.
|
| Apache can have enforcement rights to a project if you as an
| author gift them the copyright over one of the commits
| GrilledChips wrote:
| The reasoning of this case rests on the intentions of the FSF
| when they wrote the licence. If the person who wrote the
| licence didn't intend you to be able to get benefits, you
| can't.
| NoZebra120vClip wrote:
| > The reasoning of this case rests on the intentions of the
| FSF when they wrote the licence. If the person who wrote the
| licence didn't intend you to be able to get benefits, you
| can't.
|
| I contend that it does not.
|
| It doesn't matter who wrote a license, it only matters who
| adopted that license when they authored a work.
|
| The Conservancy is doing license enforcement on behalf of
| numerous authors and vendors of code, not authors of licenses
| such as the FSF or Creative Commons.
|
| When I create a distribution of code and copy a LICENSE file
| into it, I take responsibility for the wording of that
| license. I don't foist that onto the FSF or MIT or BSD. I
| take responsibility for the wording, whether it is
| boilerplate or if I modify it after the fact.
| Karellen wrote:
| > Does that mean failure to adhere to the terms of licenses
| like ASLv2 or MIT would could only be settled in court if the
| person who wrote the code actually bring suit and that OSS
| foundations basically become (more) toothless?
|
| Until now, only the authors of code have actually been the ones
| to bring suit against non-compliers. OSS foundations have been
| able to choose to provide financial/legal support to authors
| willing to bring suit, and I don't see why that would change no
| matter how this court rules.
|
| The only question here is whether _end users_ can bring suit,
| with third-party beneficiary standing. Until now, no end-user
| has tried. If the case succeeds, it may open the floodgates to
| compliance actions from end-users, but if it fails then it
| should have no bearing on the actions that authors and the
| organisations that support authors can take, as the court is
| not being asked to rule on any such question.
|
| However, the result of ruling may be dependent on the intent of
| the license authors. The GPL, having been written by the FSF,
| has the explicit goal of empowering end-users, so whether end-
| users have third-party beneficiary standing to enforce it (and
| other FSF licenses) seems like a reasonable case. However, if
| other OSS licenses (like those authored by ASF or CNCF) do not
| have that as an explicit goal, and instead focus on "creating
| better software", then even if the ruling in this case goes in
| the SFC's favor, it may not automatically apply to works
| covered by those other licenses. Another test case might be
| needed to see whether end-users of those other works do have
| standing, and it need not turn out the same way.
| Octokiddie wrote:
| > In October of 2021 the Software Freedom Conservancy (SFC)
| decided to launch what is believed to be the first significant
| open source lawsuit based in contract rather than in copyright.
| Critically, the SFC's case argued that anyone who benefits from
| the General Public License (GPL), not just the authors of the
| software, should be able to bring a lawsuit to enforce the terms
| of the GPL.
|
| This seems to be the key issue. It's the first time I've heard of
| a case in which the party claiming harm was not the author of the
| software.
|
| It raises a lot of questions - for example around linking. My
| understanding of the issue with respect to Linux was that Linus
| won't enforce GPL against those who link, therefore, Linux is
| immune to the reciprocity requirement when just linking occurs.
|
| This new case seems to raise the issue of whether those other
| than authors of GPL software can bring suit under contract rather
| than copyright for linking to GPL-licensed software.
| torstenvl wrote:
| > _This is because, under a doctrine known as preemption, state
| courts generally cannot rule on questions of federal law, like
| copyright._
|
| This is too broad and in need of slight correction. By default,
| state courts have jurisdiction to hear cases under federal law,
| unless indicated otherwise "by an explicit statutory directive,
| by unmistakable implication from legislative history, or by a
| clear incompatibility between state-court jurisdiction and
| federal interests." Gulf Shore Co. v. Mobil Oil Corp., 453 U.S.
| 473, 478 (1981).
|
| In this case, the author is correct, because copyright--like
| bankruptcy--is a matter of exclusive federal jurisdiction.
| However, extrapolating that "generally" to all "questions of
| federal law" is not accurate.
| chris_wot wrote:
| It's funny - Vizio saves a ton of money by using all this GPL-
| licensed and free-as-in-money software, and yet they cannot even
| comply with the license requirements of the people who saved them
| all this money?
| wmf wrote:
| Like every embedded vendor, they have a decade of technical
| debt so it will take them a person-year to untangle their build
| system just to get to the point where they even know what
| dependencies they have. Then they can start on the license
| audit.
| internetter wrote:
| I just want to reiterate the point in the article that this is
| very much a David vs Goliath situation. If you value free
| software, please consider donating to the SFC here:
| https://sfconservancy.org/donate/
___________________________________________________________________
(page generated 2024-01-21 23:00 UTC)