The Software Freedom Conservancy (SFC) -- a nonprofit project hosting the Samba and BusyBox projects -- has announced a new initiative to engage in enforcement of the Gnu General Public License and related free software licenses. The move arises following a controversy earlier in the year when it seemed that a former developer of BusyBox -- a command-line interface used in embedded devices -- was working on ToyBox, a non-GPL-licensed clone of the project. This concerned GPL enforcement activists because BusyBox is a popular entry point to wider GPL enforcement by the SFC on embedded devices.
The news brings together several SFC projects, including Samba, BusyBox, Evergreen, Inkscape, Mercurial, Sugar Labs, and Wine, all of which explicitly permit the conservancy to pursue violators of the GPL. SFC is also launching a new project to gather copyright holders in the Linux kernel who are keen to see legal pursuit of GPL violators. Called the GPL Compliance Project for Linux Developers, it brings together seven Linux kernel contributors, including the well-known Matthew Garrett.
With these projects joining the effort -- especially the Linux kernel copyright holders -- SFC now has copyright standing even in cases that do not involve BusyBox.
No concern for enterprise users
Although this news may sound worrying to enterprise open source deployers, it's unlikely to result in any change. You are several orders of magnitude more likely to be raided by your proprietary suppliers, in the form of the Business Software Alliance, than to ever hear from SFC, let alone face any action. License compliance is a major and costly issue for proprietary software, but the case concerns an end-user license agreement (EULA), not a source license. Open source licenses deliver extensive liberties to developers and place no burden on users. Indeed, as Kuhn comments:
... most free software users never actually have to deal with the details of compliance. Requirements of most copyleft licenses like GPL generally trigger on distribution of the software -- particularly distribution of binaries. Because most users simply receive distribution of binaries and run them locally on their own computer, rarely do they face complex issues of compliance. As the GPLv2 says, "The act of running the program is not restricted."
When you compare like for like, you see that open source software has minimal compliance issues. Users of open source are always free to employ the software for any purpose without further permission. They do not need to have a license management server, hold audits, or fear BSA raids. Of the many attributes of software freedom that could move to front of mind, it strikes me that the story on license-compliance burdens for open source software shows a key strength, regardless of what proprietary vendors -- or companies whose business models predate the open source movement -- may want you to think.