As promised, here's the interview Sean Daly did with Harald Welte [Ogg 4.4 MB], of gpl-violations.org, at the 3rd International GPLv3 Conference in Barcelona, Spain, this week. His organization "tries to raise public awareness about past and present infringing use(r)s of GPL licensed software," so naturally, that is what they talked about.
We have a transcript as well. You might also enjoy LWN's interview from June 12.
Our audio file is an Ogg file. You can play Ogg files on Windows, Macs, and GNU/Linux systems with Audacity, and there are other players too. Here's a list of players that can play this interview for you.
Interview transcript: Harald Welte of gpl-violations.org
Interviewer: Sean Daly
June 23, 2006 1:30PM interview, The 3rd International GPLv3 Conference, Centre de Cultura Contemporānia de Barcelona, Spain
Q: OK, I'm sitting with Harald Welte here. Harald amongst other activities runs the site gpl-violations.org and I thought we could ask you a few questions about that. First of all, could you just tell us briefly what the site is about and what it is you do with it?
HW: Yeah, I started gpl-violations.org, the website, in early 2004 as an information platform and a source of information on the efforts of the gpl-violations.org project which mainly aims to enforce the new General Public License, and I got into all this at some point in 2003 when I -- I'm a software author and when software that I wrote was misused in a way that some corporate users were not obliging to the new General Public License. So I started doing enforcement -- in the first case, only for my own software, and enforcing copyright on software that I wrote, and the gpl-violations.org basically takes that a little bit off from my person and my source code to more a way in which it tries to serve the community and multiple authors of Free Software that [are] licensing the GPL.
Q: You work on the netfilter project, is that right? or iptables?
HW: Yes. Yes.
Q: Tell us about that for a second.
HW: Netfilter/iptables is the Linux packet filtering subsystem. It is basically the firewall, network firewall that any Linux 2.4 or Linux 2.6 system uses today.
Q: OK. Now, How do you find GPL violators? I mean, is it a network of people who notice something and they send word to you? Do you go out looking? How do you find out?
HW: Initially, I found out or actually was looking for violations on my own, looking at devices that had a suspiciously similar feature set than the software I wrote, doing things like that. But for the last one and a half years, I get lots of hints from a large community of Free Software users and developers. So the project is well known within the community and people who find out about violations of the General Public License that do not affect code that is from the Free Software Foundation, they report it to me and I try to find out about respective authors and try to confirm that the violation is going on, and so on.
Q: Now, is this - is the usual case that it's embedded in a device, or -- what's the typical case of these violations?
HW: Yeah, the typical case is very much embedded devices, with Linux-based operating systems. I would say it accounts for 98% or even more of the violations I get reported. Software-only products seem to be very rare.
Q: And would you call these violations in general, or perhaps in terms of percentage, are they companies attempting to be evil, or is it merely oversight?
HW: It's always hard to know. You never really know for sure. I mean, obviously, everybody or almost everybody will say: "Oh, we didn't know", you know? But, did they really not know, or did they, well, intentionally not care, or -- you know, it's hard to say, it's really hard to say.
Q: And what's your procedure, what's your usual response when you find a violator?
HW: In the most often case -- oh, the procedure, basically, yeah. So I verify that there actually is a violation going on. I do a test purchase, I download whatever software update or whatever it is from the network, I verify that there is no license text, no written offer, no source code included, and so on, and then I -- these days I'll immediately hand it over to the lawyer who will send a warning notice to that respective infringing organization and that warning notice basically states, "Oh, we found out you violated the GPL of our client's rights and so on, and we demand that you cease and desist from doing so and send us a declaration you cease and desist". That's basically the initial step and if the respective infringing organization agrees to that and sends back a letter to cease and desist and actually ceases at that point then they have to cover the lawyer's expenses, and my test purchase and so on and then the case is over. And for most cases, this is exactly how it works out. Most companies recognize that they did something wrong or they overlooked something or whatever was going on and they get into compliance very quickly. That's the regular case. Sometimes, obviously, you will have more resistance from the infringing parties.
Q: And I understand you've had some success negotiating with violators?
HW: Yeah, basicially, I cannot -- legally speaking, there was not a single case where there was no success which I enforced so far. There should be about 120 violations that I've done something about up to now and all of them were brought into compliance. However, I think two of them decided to stop distributing that product. So it's success from a legal point of view, but not success from the point of view "Oh, yes, we got that source code and there is now a GPL-compliant product".
Q: Well, I would call, I think, 118 out of 120 "success" by any normal measure. But I guess since you work with packets you like to have zero percent lost?
HW: [laughter] Yeah, that's good. So, out of -- another figure that is interesting is that out of these roughly 120
all but 5 were actually out of court. So in five cases we had to obtain a preliminary injuction and in two of these cases we actually had to go beyond the preliminary injuction but in general those cases can be resolved out of court.
Q: Well, it seems to me that you -- your soft approach, you know, in other words instead of immediately condemning
a company is an effective approach.
HW: Well, a lot of people don't consider it a soft approach...
Q: Well, by that I mean, you know, you could find a violator and say to yourself, you know, I'm going to denounce them to the news media as evil users of the GNU GPL and operating in bad faith. But, you know, it seems to me more effective to do what you do, in other words, to step up, to notify them first, and I think you let a period of time go by after you've notified them, for them to respond?
HW: Yes. So I -- yes. I don't think it's worth doing the public shame kind of thing initially, it doesn't really make sense. You first have to notify them, give them some amount of time -- that "some" amount is quite restricted in Germany because there is a maximum period of 30 days between knowing of some infringement and the last day you can obtain a preliminary injuction. So all kinds of negotiation, whatever is going on, has to happen within that time period. So when they get that warning letter, they most often only for a response get a deadline of 14 days or something like that. But anyway, still, it might be valuable to publicize the fact that there was a problem which has been resolved at some later point but initially, just putting public pressure before having evaluated other options is not a good strategy, I think. But it's very much the aim of the project to publicize the success cases, or some of them at least, in order to raise awareness that first of all, it will get noticed if you violate the license, secondly, that you have to take care of the license and make yourself aware as a coporate user/distributor/vendor/whatever and use this to prevent further cases from happening. I mean, ideally, the success of any kind of GPL enforcement project is to make it obsolete. And I think that the fact of publicizing some or maybe even all cases is important to raise the awareness and create prevention. This is one of the points where I disagree with the way the Free Software Foundation does its enforcement, because it never publicizes any facts about enforcements, neither during the process, nor after the process, and I think that I have actually had a lot of success with publicizing results, and media coverage, creating awareness on a management level, on an executive level that if you use GPL-licensed Free Software you have to take care of the license.
Q: Will changes in the GPLv3 affect this work?
HW: Well, there is no GPLv3 yet, so... [laughter]
Q: Well, I mean, as we see it today, what's your feeling? For you, is it more or less positive? Some negative? What's your feeling on that right now?
HW: First of all, as a software developer I would certainly use GPL version 3 in the way the current draft indicated for my software. I don't see any problems with that. From an enforcement point of view, it will probably get a little bit more difficult because there's some wording introduced in GPL version 3 which basically replaces the automatic termination of license clause that exists in GPL version 2. So GPL version 2 basically automatically terminates the license once you violate it, and with GPL version 3, you have to explicitly terminate it, which creates some difference in, some -- some -- yeah, a different kind of process in the enforcement. So, first you have to notify them of the violation, and then you can actually, after that, not at the same time but after that, you can notify them of the termination of the license. And -- so I personally think it's not really going to make it too much more difficult, but there's some debate on the exact wording and the exact outcome and meaning of that 60-day period of time and the explicit termination of the license.
Q: OK, Harald, thank you very much!
HW: Oh, you're welcome, thank you.
Sean Daly is a Fellow of the Free Software Foundation Europe.
Copyright Š 2006 Pamela Jones. Verbatim copying and distribution of this interview (audio and text) in its entirety is permitted in any medium without royalty provided this notice is preserved.