Many developers in the Linux community have concerns about the copyright activities of Patrick McHardy. Here are answers to common questions.
Many in the open source community have expressed concern about the activities of Patrick McHardy in enforcing the GNU General Public License (GPL) against Linux distributors. Below are answers to common questions, based on public information related to his activities, and some of the legal principles that underlie open source compliance enforcement.
Who is Patrick McHardy? McHardy is the former chair of the Netfilter core development team. Netfilter is a utility in the Linux kernel that performs various network functions, such as facilitating Network Address Translation (NAT)—the process of converting an Internet protocol address into another IP address. Controlling network traffic is important to maintain the security of a Linux system.
How much has McHardy contributed to Linux? This is not an easy question to answer. First, it’s not easy to assess the importance of contributions; all we can do is look at number and size of commits. And second, even if one tracks commits, the tracking mechanisms are not perfect. Git has a blame feature that tracks who nominally commits certain lines of code to the git repository. Tools like cregit can be used with git blame to report commits at a more granular level of a code token, producing a more accurate picture of contributions at a file level. Git blame and cregit are useful because they both use publicly available information—the information just needs to be interpreted properly.
An analysis of blame with cregit can help assess McHardy’s potential contributions. For example:
The bulk of his contributions appear to be concentrated during the period 2006-08 and 2012.
Of approximately 135 files in which McHardy included his copyright notice, only 1/3 are files to which McHardy contributed 50% or more of the file’s code.
His contributions appear to constitute well under .25% of the code in the kernel.
Most of McHardy’s contributions appear to be to Netfilter; however, blame might not always tell the whole story. For example, a committer can check in many lines of code having made only minor changes, or can check in code written or owned by others. For these reasons, the authorship of a committer can be under- or over-reported.
Records of contributions to the kernel prior to 2002 are not useful to identify contributors, because at that time, Linus Torvalds checked in all code. Patrick McHardy’s contributions did not begin until 2004.
The difficulty of establishing copyright ownership using development repository metadata arose in the Hellwig v. VMware case. Courts may be reluctant to accept such information as evidence of authorship.
What copyright rights does McHardy have in the Linux kernel? Copyright ownership in large projects such as the Linux kernel is complicated. It’s like a patchwork quilt. When developers contribute to the kernel, they don’t sign any contribution agreement or assignment of copyright. The GPL covers their contributions, and the recipient of a copy of the software gets a license, under GPL, directly from all the authors. (The kernel project uses a document called a Developer Certificate of Origin, which does not grant any copyright license.) The contributors’ individual rights exist side-by-side with rights in the project as a whole. So, an author like McHardy would generally own the copyright in the contributions he created, but not in the whole kernel.
What is “community enforcement”? Because the ownership of large projects like the Linux kernel is often spread out among many authors, individual owners can take enforcement actions that are inconsistent with the objectives of the community. While the community may have a range of views on how best to encourage adherence to the GPL’s terms, most agree that enforcement should be informal (not via lawsuits) and that the primary goal should be compliance (rather than penalties). Software Freedom Conservancy, for example, has issued certain principles of community enforcement, which prioritize compliance over the pursuit of lawsuits or money damages. There is no bright-line rule for when informal actions should become lawsuits, or how much money an enforcer should request. Most developers in the Linux community, however, consider lawsuits only the last resort, and are willing to refrain from legal action and work with users who sincerely wish to comply.
Why have so many open source lawsuits been filed in Germany? Some plaintiffs seeking to enforce open source licenses have filed their claims in Germany’s court system. There are a few instruments for pursuing legal action in Germany that don’t have exact analogs in the U.S. or other common law countries.
Abmahnung (“warning”): The “warning” is a request from the claimant to the defendant to stop doing something. In the copyright context, it is a letter from the copyright owner requesting that an alleged infringer stop infringing. These letters are issued by lawyers, not courts, and are often the first step in a copyright enforcement action in Germany. In the U.S., the closest analog would be a cease and desist letter.