Re: The sad decline of copyleft software licenses? :(

[Pen-Yuan Hsing]

On 9/25/20 10:51 AM, Denver Gingerich wrote:
> On Fri, Sep 25, 2020 at 09:34:28AM +0800, Pen-Yuan Hsing wrote:
> > 2. To my surprise, the highly proprietary messaging app WhatsApp uses the
> > GPL-licensed implementation of the Signal protocol developed by Open Whisper
> > Systems for its self-proclaimed end-to-end encryption:
> >
> > https://en.wikipedia.org/wiki/WhatsApp#End-to-end_encryption
> >
> > I suppose the Facebook army of lawyers were able to perform the necessary
> > legal gymnastics to make a GPL program fit in their proprietary app, perhaps
> > by technically keeping the GPL'ed binary separate from the rest of the app?
> > (can someone more knowledgeable speak to this?)
>
> No.  What is more likely is that Facebook paid Open Whisper Systems to give 
> them a proprietary license to libsignal-protocol so that Facebook could use it 
> without complying with the GPL.
>
> As far as I can tell from reading the source code headers, Open Whisper Systems 
> retains copyright in all of libsignal-protocol so they are legally permitted to 
> engage in this proprietary relicensing.  I'm not a fan of this model, and would 
> recommend people instead maintain multi-copyright-holder codebases instead, so 
> the codebase can't be unilaterally relicensed by a single entity in this way.

I see, I haven't considered the possibility that Facebook might have 
"simply" obtained a custom, proprietary license from Open Whisper 
Systems to incorporate their implementation of the Signal protocol. I 
agree with you that I am also not a fan of this model!

> We definitely need to push back against companies that are violating the GPL.  
> That's the main part of my job at Software Freedom Conservancy, and I encourage 
> people who notice GPL violations in any of our member projects (listed at 
> https://sfconservancy.org/projects/current/ - including BusyBox, Samba, and 
> Linux) to report these violations to compliance@sfconservancy.org - I'll get 
> back to you if we need more details (I manage that address).
>
> One excellent way to help with this is to check your devices (phone, TV, car) 
> to see if they include an offer for source code.  If so, then check if the 
> offer works by going to the listed website or emailing the listed address to 
> get the source code for your device.  If you can't find it or the source is 
> incomplete, let Conservancy know at the email address above.
>
> The only way we prevent the GPL from effectively becoming a permissive license 
> is by enforcing the GPL, since big companies won't comply unless we do.

Thank you for your wonderful work on GPL enforcement! It's so important, 
as you say, to prevent it from becoming a de facto permissive license.

That said, GPL enforcement seems like a "passive" rather than "active" 
way to encourage GPL adoption. If anything, do you think there's a risk 
that because of GPL enforcement, that would "scare" even more developers 
into using permissive licenses because they just don't want to "think 
about it"?

Based on your experience, what's an active and positive way to encourage 
the adoption of a copyleft license such as the GPL?