Re: bettering open source involvement

Dave Taht <> Wed, 03 August 2016 08:03 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 62A4812D142 for <>; Wed, 3 Aug 2016 01:03:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id EZY06GnFI-XO for <>; Wed, 3 Aug 2016 01:03:53 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4001:c0b::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9C12A127078 for <>; Wed, 3 Aug 2016 01:03:53 -0700 (PDT)
Received: by with SMTP id u186so292185316ita.0 for <>; Wed, 03 Aug 2016 01:03:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=F6l5ttFvansRTGYvTTEs4t4jlLWZhHu2moMugBVFTBM=; b=pDshAKP+iMoEZHhMpNlfdruGQgajBdQ6KVm65weRdFzHRTP2Chm5DFx/hh84cn78W2 KFo4luT5mJsNmwlSbAdCDbzp2re9zQNIx/eAu9xABY8ei+da+AjVN8WyUqVGtfpbkLlN JH85a9jjySEg6vzKNyyxeUcaRqYGRwwj7hn5nR97Br3UTrujrxizmcq8HCmZ4x8QK+KR EtJjyuUe5P88VjDDnyuCJ4236eM1fylUHGZE61Kadk0hPfdAlwxldUp7e2xtinCwakav UnWjPDjs5weGW+MzaczHWmS7AwYAmzNt+nz2x8DlwgBcBEyhEDLuQYvntW6mh3b/NSBi KYVA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=F6l5ttFvansRTGYvTTEs4t4jlLWZhHu2moMugBVFTBM=; b=JNMjaU8t60jz0mFnugQZUw8JfUlgdAtlxD9Kw4iDWLjWL80PyKNGTLPliD7xeaVFvY 6MFVZRLyGOIcb2cEDtQopDq8Phr2GASslTCdl8ZLH+w+8Y3uYx312nP4tQvmDnJp3+Ha hwlSIuT3au/1DlAGR2PXm3MWmXjxMnisEztZfxleKo9+9Yx+fudm+xvwmXgNVf5XniRC qu1nr57xxIZV6fUIcGNnkjOxCPOYC7qWl/7u320fSBk9WM+RbqregMcVfQk5Chl3pCKL 4Jt9PRivG7zpHOxiH6YQexXMonejQmahb/WEcinn/GB9QxW+Kkv3upCOkJR8fF2Y9V48 cGtw==
X-Gm-Message-State: AEkoouttcDuSl42FUsVYeRsPbS5C+O1JVC9qFqfgL/GZcV7WJNoOY7MN9qnOVKXr+bEXXZbYT2XDPBtD+CZ2NQ==
X-Received: by with SMTP id n5mr23180898ita.78.1470211432827; Wed, 03 Aug 2016 01:03:52 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Wed, 3 Aug 2016 01:03:51 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <> <>
From: Dave Taht <>
Date: Wed, 3 Aug 2016 10:03:51 +0200
Message-ID: <>
Subject: Re: bettering open source involvement
To: Brian E Carpenter <>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Cc: Michael Richardson <>, IETF Discussion Mailing List <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 03 Aug 2016 08:03:56 -0000

On Wed, Aug 3, 2016 at 2:55 AM, Brian E Carpenter
<> wrote:
> On 03/08/2016 03:42, Michael Richardson wrote:
>> Brian E Carpenter <> wrote:
>>     > This is a *very* important point. If an IETF WG sponsors code development, it needs to
>>     > be under an IETF-friendly licence. One way is to post it as an I-D. Another way is the
>>     > BSD 2-Clause "Simplified" or "FreeBSD" License. GPL is not a useful
>>     > option.
>> GPL is not useful for **some** companies that want to exploit the code directly.
> It's significantly worse than that. Companies that have already been sued over
> such matters will *not* allow employees who have studied GPL code to discuss
> details with employees who are not "contaminated" in that way.

Companies have been sued for making too hot coffee. companies that
make software (:cough: vw) that intentionally violates regulations are
slapped with heavy fines. I don't know how many people the business
software alliance sues over license violations but I suspect it's one
hell of a lot more that have GPL issues.

The usual negotiated end to a GPL compliance lawsuit (not that there
are many, anymore) is a gpl compliance program. Companies such as
black duck make tools to help companies evaluate their exposures.

> The boundary
> between fair use and plagiarism is not clear cut. If code that closely resembles
> GPL code shows up under sub poena in a non-GPLed product, anything can happen
> in court. So the company lawyers makes sure that never happens.

Which company's lawyers? What percentage of the members of the ietf
still have such policies?

This would be a useful poll to have more details than just percentages
on, as the landscape has shifted, just as it has over software
patents. Identifying how multiple companies are *now* dealing
internally with open source issues, in terms of employee contracts and
policies,  would be nice.

(I had a friend from AT&T tell me last week, proudly! about how the
release of their gigantic new open source codebase - had also led to a
clearcut all-company employee open source contribution policy. I said!
"Great!" Could I read it?" - and the answer was, "no". Irony.)

Every company I've been (self biased sample) in the last decade have a
clear policy. Google's is particularly straightforward.

>> There are a number of advantages otherwise to GPL.
> There are. But if the IETF wants to encourage code that anybody can study
> and/or borrow, GPL is not the way to go.

I don't think the "study" argument flies anymore. It's akin to banning
a doctor from reading "one flew over the cookoos nest".

The "borrow", may.. Who is "the ietf" in this case? Certainly anyone
willing to start a codebase and complete it in the process of
producing a standard can roll whatever license they want most
compatible with the standard's intent.

Still the process of getting to running code and rough consensus is
hampered by the BSD requirement, particularly when we have to stand on
the shoulders of giants to do something new. I think conflating the
license under which a piece of code is written with the intent of the
owner/authors of that code towards standardization, is a key problem

Perhaps the IPR disclosure process (currently for patents only), could
have something like: "The *authors* of this draft hereby give
permission to copy the referenced GPL licensed code files, of which we
are the *authors*, also, to any and all comers, under the terms of the
IETF approved licenses".

Or a disclaimer at the head of the draft: "This draft contains
references to GPL'd codebases as an implementation aid. "

>     Brian
>> *One* of them is that it becomes very clear to the IETF when patent claims on
>> the protocol are incompatible with the GPL.
>> The other major advantage has to do with how and when patches get contributed
>> back to the system over time if the code turns out to be more than an
>> existence proof.
>>     >> (This is a major reason what we are doing IETF specs for DCTCP and
>>     >> CUBIC - so that they can be implemented without needing to
>>     >> read Linux kernel code.)
>> Aside from the white-room issue of reading source code, the code doesn't
>> explain to how deal with corner cases that the coders didn't consider.
>> --
>> Michael Richardson <>ca>, Sandelman Software Works
>>  -= IPv6 IoT consulting =-

Dave Täht
Let's go make home routers and wifi faster! With better software!