UserBusybox

[Rob Landley]

On Friday 15 September 2006 6:22 am, Andy Green wrote:

> > Wouldn't work.  The guy you're demanding encryption keys from could laugh 
in 
> > your face and go "I'm using GPLv2".  _He_ is the recipient too, and it's 
fine 
> > to violate the terms of a license you're not using.  You just need to obey 
> > the terms of one valid license in order to have permission to create and 
> > distribute copies.
> 
> If the vendor found a way to remove the "or later" language from the 
> license, then this method you describe can work.

Look at it this way: Suppose somebody dual-licensed some conde under GPL and 
BSD.  You go to a vendor and say "I'm enforcing the terms of the GPL against 
you, give me the source code".  The vendor says "The BSD license allows me to 
ignore you.  I'm relying on BSD as the authorization to make my copies, I 
don't care that there's a second authorization I could have used, but didn't, 
which would have required me to jump through these hoops.  Go away."

This is why people don't normally dual-license code under GPL and BSD: the 
more permissive license prevents anyone from reforcing the restrictions on 
the more restrictive license, because anyone relying exclusively on the more 
permissive license is not violating anyone's copyright, so no enforcement 
action can be taken against them for nonexistent violations.

> But considering the  
> GPL2+ case with the "or later" part of the license intact, if the vendor 
> himself sent out code with that specific offer in the license, "you can 
> treat this code as GPL2 or any later license how you like", then he has 
> to in good faith be ready for the guy he directly distributed to, to 
> say, "I am uninterested in your upstream views, I choose the GPL3 option 
> as it says I am empowered to in the license file you gave me: give me 
> your keys".

You could take him to court, but you'd almost certainly lose.

There are two categories of copyrights at issue here, and as far as I can tell 
neither really works for you:

If the vendor modified the code, then the vendor has a copyright on the 
modifications they made.  You can't enforce a license against the owner of 
the copyright, since the owner of the copyright doesn't _need_ a license to 
use their own copyright.  A copyright license is not a contract but merely a 
permission grant stating under which terms the rights reserved by the 
copyright may be used by those other than the copyright holder.  It states 
what _you_ can do, not what they must do.  So if you're talking about the the 
vendor's own copyrighted contributions, the license gives you no leverage 
over them.  It seems to me that this fails as a cause of action.

If you're using the copyrights of the underlying code they merged with, and 
say that they're violating THOSE copyrights by redistributing and that's your 
reason for enforcing the license, they can point out that the _other_ license 
gives them the right to redistribute (and even modify) that code so they're 
not violating those copyrights by redistributing that underlying code.  So it 
looks to me like that also fails as a cause of action.

P.S.  I'm not a lawyer.  A real lawyer could probably cut your argument off at 
the knees faster, cleaner, and in fewer words than the above.  These are just 
the glaring holes in your case that _I_ can see.  I could always be wrong, 
not being a lawyer and all, but if so it's probably because I'm failing to 
see more obvious failings like lack of standing to sue under copyright law if 
you don't own any of the copyrights that were potentially infringed.  I.E. if  
you're just a user of the project and not a contributor to it, your ability 
to take license enforcement action on behalf of the project may be somewhat 
limited.  (For example, the SFLC had Eric and me sign little pieces of paper 
authorizing them to do stuff on our behalf.  It's pretty much impossible to 
use any BusyBox binary without using either of our code, and that's not 
taking into account the concept of a compliation copyright: 
http://copyfight.corante.com/archives/003638.html)

However, what you are making is an argument that every vendor who ships dual 
licensed code and doesn't want to be harassed about this should religiously 
strip off all but one of the licenses in anything they ever redistribute, to 
minimize their legal exposure.  Not because people would be likely win (not 
if the vendor had a good lawyer), but because people who might not understand 
why they wouldn't win could be motivated to try their luck in court anyway, 
costing the vendor time and money.  Is this really a viewpoint you want to 
promote?

> > http://www.fool.com/portfolios/rulemaker/2000/rulemaker000501.htm
> 
> Cool articles.

Thanks.  I wrote financial articles for them for three years, and actually 
supported myself doing it for most of a year (or at least let one programming 
day job end and didn't bother getting a new one).

I am _not_ a lawyer, merely an educated layman, but as you can see this has 
been a hobby of mine for several years.  If I couldn't get work as a 
programmer, didn't want to go back to journalism or other writing, didn't 
want to go back to teaching, and so on...  I could always go to law school.  
(Although the closest I ever seriously looked at that was a paralegal 
certification program a place down the street had offered in Austin.  Same 
way I spent a couple semesters studying to be a nurse rather than a doctor 
back in college; I tend to be happier assisting than leading.  Plus the 
whole "36 hours on call thing" of doctors, and the "being a lawyer" thing of 
lawyers...  Not my first choice.)

I enjoy programming.  That's why I've arranged my life so I get to spend so 
much time doing it.

> -Andy

Rob
-- 
Never bet against the cheap plastic solution.