Limitations and things we failed to accomplish
What is SFLC?
Law firm, all client driven, no advocacy, support free software community
Pro-bono (how funded?), non-profit
GPL is a copyright license
Now it is also a patent license -- explicit patent grant in GPL v3, vs implied in v2
Not a trademark license
Not a social contract or the embodiment of the ethics of a community, it is used as such by people but in actuality it is really just a set of permissions for software use
We talk about the GPL as a protection of a certain type of freedom and arbiter of right from wrong
We ask it to take a role beyond other copyright licenses, but it is limited by being a license
Actually incapable of playing a role we are asking it to play, which leads to problems when people think of it as the embodiment of right and good, and don't necessarily agree on what right and free is.
Some people believe it prohibits commercial uses, which they imagined as good values for free software but are not actually in the GPL
Leads to a lot of discord between those who have read and have not actually read the GPL!
Having one dominant license is good for interop, but problem in that it can never be perfect and play the role people ask of it, which leads to problems/friction in communities
But it is good enough that we've won: is there anyone left who doubts that free software will stick around and grow?
Happened partly because of good license but also because of FSF strategy of building basic tools that others can build on to create a free software ecosystem, which creates an economic rationale, because outside of free software this stuff is a lot more difficult and expensive to develop, due to the groundwork already lain
People use GPL because it is efficient, no good business case for not using it.
Downside: we've invited a lot of people/companies into our community who do not share our values. We're starry-eyed idealists who believe in the value of spreading free software because it is good for people, but that's not the ethic that drives businesses to get involved
Lots of stakeholders that don't share the values
With GPLv3, what do we do about all these people?
Do we owe them an obligation? We could destroy them
But wouldn't do anyone much good.
Never really answered ethics question, though: do we owe these stakeholders anything, what is their role when they're doing it for profit motive?
No one has really talked about/written about/or done anything about this question, but a conversation may be needed about what we each owe each other and what the partnership actually means day-to-day and long-term.
Not a trademark license
Does not do well with attribution
Does not do well with names -- projects fork and take two months squabbling about the new name, this is a big problem, brand of a project, marketing increasingly large part of free software projects, but license does not address it at all.
People look to the license to embody the right path, so no one really knows what to do about trademarks, who owns them, how they are managed?
GNOME-compatible apps with foot logo
(also mozilla name and logo)
Wendy: why do they even need a trademark license?
A: they probably don't, but with the GPL everyone is now convinced of the value of a license as the basis for this, we've habituated them to look at licenses. But you shouldn't be using legal documents to communicate to developers, non-lawyers, general public
DavidW: Wasn't GPL like a wikipedia page, where people came to gether to discuss what is the right way forward
A: Yes, but we shouldn't do that going forward, we should have guidelines and discussions, and not force it all into the license
So many people operate witih social view/"commnon understanding" of what GPL means, so the legal language did not nurture free software, it was the work of the FSF to talk about it and write the software, the ethics and ideals that the community coalesced around. GPL was huge piece but the specific words were not what drove it.
Some Guy: OSS as an alternative to formal standards process? GPL could support this, on the copyright side?
A: Standards are not a piece of GPL discussion.
Hugely important to free software but not trademark or copyright, need detailed technical specs, which don't fit well in licenses.
Look at v2 vs v3, who have read them?
More 2 than 3
More 2 than 3, 3 is long and complex
How to describe it?
Talk about four freedoms, then say go read it yourself
We live in a more complicated time, which is part of it.
GPL v3 is compatible with Affero GPL license, which is GPLv2 + software as a service requirement: have to distribute code, like, if you're Google or 37signals providing a service build on Affero-licensed code
More protective of freedom than GPLv2 but yet not a default part of license even though many in free software community would like it.
Many thought that should have gone into GPL so that everyone gets that protection, but it didn't make it in there.
Goes back to: what do we owe to people who have built businesses around GPL software? Changing the rules at this stage would not fly, equivalent of driving the bus off the cliff.
There are things in v3 we didn't get to solve
DRM is complicated
DRM looks a lot like security measures (in games, in software, authentication)
So they put in DMCA-type "copyright control mechanisms". Some people wanted them to go further, but limitations of reality meant couldn't go that far, too many unintended consequeces of capturing all of that activity.
Don't know how this will all play out, need to watch it and see how that clause is used.
Wendy: tech to authenticate a game or a britney spears album may be the same, but we could make distinctions based on who is making the choice (gamer joining network) vs music purchaser (drm'ed song)
A: there are differences and you could ask people to explicitly opt-in, but ToS basically does this already. Putting that into the GPL at such a specific use case for a license used so broadly would be really difficult.
Medical devices: pacemakers can be re-flashed, doctors can change the code on the computer running your heart.
But you can't see that code, and there isn't an access control mechanism that would let your doctor upgrade your software but not you as a patient. We suspect there really isn't any access-control mechanism, anyone could walk up to you and change your pacemaker's code.
Medical device makers are very afraid of end-users hacking their implantable. But users at some point are going to want to do it. No insurance company on the planet thinks this is a good idea.
Some guy: liability issues are totally unclear, but the FDA director (6 years ago) thought OSS was a "magnet for excellence."
Tech moves faster than we can write new licenses, lots of interesting edge cases in medical, its going to be tricky.
DavidW: Where can we have these dicsussions if not around the license?
A: Not sure there is a solution to get all the communities together, would be a long-term project.