 Karen, do you want to introduce us and why we're doing this? Yeah. Of course I do. Well, you can start. Is it time? It's magic. Is this the last session? It is. Woo! Hello, everyone, and welcome to the last session of the Legal and Policy Dev Room. We've had amazing speakers. It's been, like, just overwhelming having so many great, awesome topics in such short creative time. Having to choose from amongst all of the really strong proposals, especially when we had just one day, was so hard. And one of the things that happened when we were evaluating all of the proposals was that we looked at our own proposals. And what happens is when we all submit proposals, we wind up taking them sort of like whoever is submitting the proposal obviously isn't deciding on whether that proposal will get accepted or not. And we had multiple people wanting to submit proposals on the same things. And it was one of these things where we were like, there are just too many great talks from too many great people who aren't us. So we shouldn't have any sessions for us this time at all. So what we did instead was we put this panel together where we basically are able to haggle about some of the issues we care the most about or whatever seems the most relevant on the day. And we also wanted to have a community. We also had this sort of long-standing idea that we wanted to have a community participatory moment. And we're not going to get as much time for that as we'd like, but we wanted to have at least a time slot to use all the brain power that's here at FOSSTEM to talk about these issues. So my thought for this panel was that those of you who might have watched the old Daily Show with John Stuart, Lewis Black would sometime come on and he would say that he was going to find the news stories that fell through the cracks and catch them and bring them in his session in his bit. So one of the things I really want to do is some of the things that weren't covered today that were big stories or even small stories that we think should have been big stories this year and talk about those. One of them we'd like to talk about is the Linux kernel enforcement statement, which happened this year. And that's something that Karen and I from Conservancy were, well, we feel we were the catalysts of, although as you hear the story, it's sort of strange how it works out. So Conservancy published a few years ago, and actually we spoke on these in previous year dev rooms, the community-oriented principles of GPL enforcement. And it was co-published with the FSAF, correct. Sorry about that. And we put as one of the principles that we should treat every GPL enforcement matter as if the termination provision is GPL v3's termination provision, which is substantially more lax than GPL v2's termination provision. And we built a mailing list and we went around and did like a sort of a world tour kind of thing of getting feedback on the principles. Everybody did tend to like that particular one. I generally actually liked all of the principles. And we actually got inquiries from, actually grant likely at the Linux Foundation to sort of talk with him and explain more about that particular principle. We didn't hear much after that. But we then discovered that there was other things in the works. I'll turn that to Karen. Yeah, well, we knew that Grant was working on a statement with a lot of current developers and we had early input into that statement. We at Conservancy, because many of us were a lot of hats. And so we knew that had been ongoing, quite a lot of time where after there was... The next we heard about this was that kernel developers that were in the coalition that Conservancy has for kernel developers who choose to enforce their copyrights in the kernel, they were contacted with an email from Greg K.H., Greg Crow Hartman, about the fact that there would be a kernel enforcement statement that would be published very soon. And that what was interesting about it was that the email said, you're getting this email because you are a pretty major contributor to the most recent release of the kernel. So these are people who are identified as being very important contributors to the kernel. And by the way, this statement is going to be public and people will be signing on to it very, very soon. And if you have a few days, and if you have comments that are substantial, well that's too bad because there's no time to incorporate them now because we have already gotten the input from the corporations that need to be on board. So this was a really interesting thing to happen and very disappointing. I may have gone a little bit further than I had meant to in that summary. I realize now. But I mean this is the interesting thing. I mentioned in the beginning I talked this idea of the room where it happens. And it was clear that there were a lot of people that should have been in the room where that happened that weren't. The sausage, as you talk about the political sausage that gets made, that political sausage was actually very good. It embodied, from our point of view, that one principle among the many. It was something that actually conservancy from our organization were planning when it's actually officially an upstream and in Linus's tree we're going to sign on to it as a copyright holder, conservancy holds some copyrights in Linux and we are willing to agree to it and plan to do that. And I think the kinds of things that it's been a catalyst for elsewhere have created other similar statements. And Richard, I think you wanted to talk about Red Hat's statement that you all did. Yeah, so I was one of the people in that room for better or worse. So we at Red Hat were contacted by the Linux Foundation basically. And so we knew about this statement. I think I had kind of heard that something like that was in the works. So we decided, well, why don't we do something similar ourselves but covering not just our contributions to the Linux kernel but all GPLv2 and LGPLv2 and LGPLv2.1 code licensed by Red Hat, copyrighted by Red Hat. That's actually a lot of software because Red Hat has, those are in a sense, if you look at the whole body of code that Red Hat has released over the years, it's primarily GPLv2 and LGPL. So we published a statement that is very similar to the Linux kernel enforcement statement. It's a commitment to, a legally binding commitment to apply the GPLv3 termination provisions to that GPLv2 and LGPL to code. And we also got three other companies to join with us. Google, Facebook and IBM. And so that was our announcement. And we're actually trying to expand that list now and trying to get projects to sign on to something like our statement and other companies. So I'm just trying to understand, it's the core problem. I'm just trying to understand it from, you know, kind of a developer perspective. It's sound, I mean, I guess for a while I've been really, I sort of went in thinking about Linux, the kernel, as a GPL work, obviously very important and unusual, but that I sort of had this idea that the Linux foundation being named a foundation about Linux, about the kernel, that it would sort of obviously be all about enforcing the copyright of the work after which it's named. And so I was, I'm surprised by your statements because it makes me feel that maybe there are different classes of contributors that are super duper major, I don't know what you said, major contributors. And that there are maybe corporate lawyers that have some sort of an outsized say on what's going on in this community project. But I want to dial back the history to a thread I saw in the kernel, a kernel summit mailing list that had to do with things. And I seem to recall Linus and Greg K. H. kind of actively advocating against enforcement in favor of getting corporate contributions instead of individual contributions. And I'm wondering if you can clarify for me. I can comment on this right track. So no comment on that. But the point that you raise, there's a broader point that you're raising that I think we ought to pivot to. Karen, did you want to comment on that? I will. Okay. I thought no comment was better. It's in the past. I do actually, I do really want to comment on that, which is that the kernel summit discuss thread that Tom mentioned was a really interesting thread. I wouldn't recommend reading it. But I want to say that when Conservancy worked so hard on getting the principles of community-driven enforcement out, we specifically put up a discussion list and anticipated that this was a mechanism in which we could decide what enforcement is good and when and how. And so in some ways, that thread was really another part of that path. And as a result of it, we decided to have feedback sessions at major kernel events over the next year, which we did, and got uniformly positive feedback about enforcement. So I just wanted to say that because I think otherwise the statements sound a little out of context. But I think the broader point that you're raising, Tom, that I think is beyond Linux, I don't think it has to do with just Linux, has to do with most, I will actually say open source instead that's developed today, which is that the benefits that we've gotten, which are numerous from companies paying people to work on open source and free software, has also had the weird effect of meaning there are fewer and fewer independent contributors who keep their own copyrights, who make decisions about the project. So it's not a surprise that across most projects that are wildly popular with companies, which include a lot of projects, there is more and more corporate copyright being added and there's more and more corporate influence and developers are deeply in need of organizations and structures that give them a voice. Individual developer, the small consulting companies and that's something we're going to be looking at this year, at least a conservancy that we care about to try and do something about. So did you want to say on this point? Yeah, I just said it's a broader comment. When we were thinking about this session we were going to talk about not just like other things that have happened this year, but maybe like looking back on all of our dev rooms. And I think this is a theme that's touched on, been touched on by a lot of the talks, I mean certainly ones that you've given both here and elsewhere and I think actually one talks that I've given that this, there's been this problem, I'm not going to characterize it in the same way that you did, but there's been this problem of a loss of developer autonomy as open source, and I'll use the term open source deliberately, has become a great commercial success in a sense. And I don't think we really know all the answers to that yet, but I think it's an ongoing preoccupation of ours. Get back to my point. Which is that I did also want to draw one thing which is I really wanted to talk about when we originally had this panel, which was that the Kernel Enforcement Statement and the statement made by the companies where I think the statement made by the four companies, and I again underscore that all of these statements are very welcome. They are pieces of the principles that we published and have been advocating for at Conservancy, so we're thrilled. So by dwelling on some of these things and analyzing them and complaining about little pieces of how things, some things were done, that's just, you know, that's what you have in a legal and policy dev room. But the two statements were of a slightly different character in that the statement that the Linux Kernel Enforcement Statement is drafted like an actual exception to the license. It's written as an additional permission and it's included in the Kernel Tree, so it looks a little bit different in character than the statement made by the companies who made it basically a covenant and like a promise generally. It's just, it looks a little bit different from a legal perspective to me and that was originally the thing that we were hotly discussing that caused the genesis of this panel. So we can... Legally equivalent to an exception. I mean I don't know if this is such an important point. Yeah. So that's the first time I've ever gotten Richard not just at a live event but even on the phone privately to go on record about making a decision about something Red Hat believed. He's a good lawyer in that way. I'm kind of like overwhelmed by it that that just happened. But I do really want to, I'm sorry to aggressively switch to it but there's this story that's been going for a while that the lawyers in the room have probably followed it because it's your kind of stuff but I think many of the developers and even the general legal geeks might have missed it. There was a case going between Cisco and Arista regarding copyright of effectively command line interfaces. The idea that you can hold copyright on the things we type like LS-L and so forth. Now it's not regarding the UNIX command line interface, it's regarding Cisco's what they call iOS, which they called iOS long before Apple had something called that, interface that other companies try to imitate because you go to big corporate trainings to learn how to modify, not modify because it's a proprietary software, configure is what I meant, yes, Cisco routers. And they are claiming that no one else can imitate that interface. Okay, if this had been the rule of the land when RMS started GNU, it would have never happened because he would not have been allowed to write all the UNIX commands one by one and give them the same command line options. So it's very disturbing. There's a question back there. Yeah, the question is, you're asking is what Cisco trying to sort of copyright over both those things or one of them? I'm actually, I don't know the answer to that question. The question is, there's different ways that the, if you think of the UNIX shell, the analogy I used, the UNIX shell works in various different ways. It has commands with command line interfaces and then when you write a shell script, you use many of those and they're actually all separate programs like copy and LS and so forth. And the question is, is Cisco trying to sort of copyright on all of it, just the command line options? I don't actually know the answer to that. I haven't read all every last filing of the case. I don't know, I don't expect none of the panelists do. The fortunate thing is that a risk to one, and it was not to clear copyright, once Cisco is appealing. Because a case, to be clear about this, people who aren't lawyers, I mean I'm a non-lawyer and I've learned this from lawyers, cases are never over until all the appeals are done. They're still ongoing. They're not done complete. When you hear about a decision either way, it's always, almost always, if it's important there's going to be an appeal and that's what's happening here. So this case is not over, just step one was one. So yeah, sorry, this seems to be a lot of questions. Well, it doesn't necessarily mean it's fine with Cisco. They may have other reasons they pecked Arista as a target and not someone else, etc., and so on. So they may want to win this case and then go through Dell next. And I wouldn't be surprised if they did if they were to win on the appeal. And actually I was sad to see a very small number of organizations in our community filed an amicus brief. Conservancy signed onto it. The lead amicus was GitHub. There were three or four other organizations. Mozilla and Engine Advocacy were the other two and we signed onto that amicus brief. And one of the things that I'm very proud of we said in the amicus brief is that I've publicly said I'm not a fan of various parts of GitHub because it's proprietary software. But Conservancy also has Git as a member project and Git has lots of ways to inter-operate with GitHub through the command line. And I think that's just fine and I do not believe, I will go on record saying something, that's inter-operating through the command line of Git as published by our Git developers and using that to interface with GitHub through its URLs is somehow a GPL violation. And actually if this case goes the wrong way it would be. So that's very, very disturbing. Now Karen, I want to hand it to you to talk a little bit about the legal defense if you want to. I could, but I think that given that we have not that many much time left why don't we open it up to questions in case the people have things we want to talk about. Like are there any, we could do like and ask us anything. Okay, here first. Oh, we'll repeat. Is the case that Kristoff brought against VMware on GPL enforcement, is it finally resolved? And the answer is Bradley was saying about appeals, it's currently on appeal. So maybe we should have someone to talk about how they feel. Let me take a stab at this. This is an ongoing case and you probably may not be at liberty to comment about. Okay. I think it's, my understanding is that it's ongoing and there may be some technicalities but it's not resolved. The question was really like do you feel like it's going to be successful on appeal? I'm going to take it. I know. And I'll just say that, so the lower court decision is a very interesting one because it was, the case was thrown out on an evidentiary point which is a really, if you take a look at the case at the judgment, it's really on a very strange technicality and I was sort of scratching my head over it until a lawyer who was not connected to the case, who is a German lawyer published a memo that said basically that the decision was very out of left field and said that they believed that the decision violated Kristoff's constitutional rights. So seeing a third party lawyer make an opinion like that on a memo published on their website, you know, I think it's interesting. It doesn't indicate whether or not the case will go in what direction. Someone did say that the decision read to, German lawyer said that the decision read to them like the lower court didn't want to have to be the ones to make the decision on such an important point and so they found something that would allow them to not decide it. And in fact, so I only read it into, I'm actually, I'm going to skip the queue and jump to work for him because he may have read the decision in German. Oh, you were there. So I was going to throw it to work for him in a second, but one of the things I read in the English translation of the decision was that they said we received a CD, a CD by the way, which I prepared, that can, or helped, I actually helped Kristoff prepare it, that contained the copyrighted material of Kristoff Hellwig, but we did not know what to do with it. So I almost feel like they didn't have a CD round drive. Like that's the way it read. Like, did you put it in and load up and we had all the code that Kristoff contributed? Anyway, what were you going to say on this case? Well, it's going to be hard for him to come forward. He's trapped. So I was there in Hamburg at the court and one thing I think which was very memorable is that the court as the judge acknowledged the huge crowd. So usually they have, there are just one or two people sitting there and there's a whole bunch of people and he acknowledged that and mentioned that he's aware that this judgment could have a major influence. So that's what he said and now follows my interpretation as they chickened out. But this is purely my speculation. So I just wanted to comment on Bradley's comment about and I guess Richard's follow up on corporate copyrights and large open-source projects and the lack of influence of individuals and things like that. This is kind of old school but there is an organization that explicitly addresses this and they're called Apache. So we have 15 people probably contributing significantly to projects. Some of them are on PMC's. One of them has been joined the foundation and they are all explicitly acting as individuals because that is this explicit governance in Apache projects. So the model exists. Other projects just need to adopt it. I think we don't have a lot of time. I just was going to say that I don't think that this would necessarily solve the problem that we have in this case particularly because there are individual contributors that are very well respected that are contributing to the Linux kernel. I think that the question is what are the political machinations that include some of those people to be included at some times and others to not be included at others. Okay. So I have a theoretical question on open-source software. You're supposed to not restrict usage of the software and how it is to be used but what is free software? It says free software means a software that respects users freedom and community. That's what it says on GNU page one. So my question is you're not allowed to restrict on for instance do no harm but GNU basically says well you're not supposed to hurt people's freedom but suppose in one way you're not allowed to restrict it and on the other hand if you don't restrict it it may be used for privacy violation