Open-source projects glibc and gnulib look to sever copyright ties with Free Software Foundation

Project maintainers follow GCC in dropping copyright assignment requirement

The GNU C Library (glibc) and GNU Portability Library (gnulib) are laying the groundwork to divorce themselves from the troubled Free Software Foundation by removing the requirement for copyright assignment.

This move follows in the footsteps of the same shift by the GNU Compiler Collection (GCC) on 2 June.

Like many projects under the GNU umbrella, glibc and gnulib – the GNU Project's C standard library and a collection of subroutines designed to ease cross-platform porting respectively – allow anyone to contribute code. Those doing so are asked to assign copyright to the Free Software Foundation – for now, at least.

"The glibc stewards are seeking input from developers to decide if the project should relax the requirement to assign copyright for all changes to the Free Software Foundation," developer Carlos O'Donell announced in a post to the libc-alpha mailing list.

"The changes to accept patches with or without FSF copyright assignment would be effective on August 2nd, and would apply to all open branches."

A follow-up request for input on the same topic was soon posted to the bug-gnulib mailing list. "In many cases we simply copy from glibc," developer Paul Eggert confirmed in a reply to the original thread, "so we're using glibc's policy there. For non-glibc files, gnulib could stick with the current policy, or move to glibc's policy."

Responses to the proposal have been overwhelmingly positive. "I do not, and have never, had an assignment in place (it's a running joke that my patch contributions have been all-minus-signs)," wrote glibc contributor Rich Felker, "but given recent behaviour by the FSF board, I am completely unwilling to assign copyright to them in the future, so not making this change may affect my ability to contribute."

"As someone who has nagged about this at practically every Cauldron I've attended, I think this is a positive change and I fully endorse it," added Siddhesh Poyarekar. "The copyright assignment step has been a pretty significant hurdle for me in the past when I've tried to get more students in India involved in the GNU toolchain."

Under the proposed change, contributors would be asked to sign a Developer Certificate of Origin (DCO), originally written by the Linux Foundation and contributors, in which they assert the right to license the contribution as open source.

While a reason for the proposed shift hasn't been publicly given, the timing offers a hint. The GCC Steering Committee announced it was dropping the requirement for copyright assignment earlier this month following mailing list discussions raising concerns about its links to the FSF – triggered by its reinstatement of controversial board member Richard Stallman.

"He has allowed the GNU Project to become a nasty cult of personality," GCC developer Jonathan Wakely claimed in the discussions preceeding the change in contribution requirements. "The FSF seems to be imploding (with mass resignations in the past week). I don't think GCC benefits from being associated with either of them."

Stallman had stepped down from the his role as FSF president and board member in September 2019 following criticism of his behaviour and public comments on issues including child abuse, some made in defence of his friend and MIT professor Marvin Minsky, who was accused of having slept with a 17-year-old allegedly trafficked by Jeffrey Epstein. In a 2006 post still on his website, Stallman declared himself to be "skeptical of the claim that voluntarily pedophilia harms children."

"Some of you will be happy at this," Stallman said of his return to the FSF in March this year, "and some might be disappointed, but who knows? In any case, that's how it is, and I'm not planning to resign a second time."

With the FSF choosing to back Stallman, it's clear that a growing number of FSF-aligned projects – including Red Hat, which pulled its funding following Stallman's reinstatement – sit firmly in the "disappointed" camp.

Andrew Katz, managing partner and head of tech and IP at Moorcrofts Corporate Law, said of the move: "My view is that the GPL is sufficient in itself. For GPL, licence in = licence out seems to be the fairest approach from both the developers' and the project's perspective, and it means that, ultimately, the developers remain in control of their code.

"Recent questions about governance of the FSF (specifically, concerning RMS's departure and reinstatement) may cause people to be concerned about the quality of that governance as regards licensing decisions. Assigning copyright to an organisation requires a significant amount of trust, and developers may understandably be concerned that trusting a third party (whether a business or a not-for-profit) presents a greater risk than retaining their own rights in the code." ®

Other stories you might like

  • Experts: AI should be recognized as inventors in patent law
    Plus: Police release deepfake of murdered teen in cold case, and more

    In-brief Governments around the world should pass intellectual property laws that grant rights to AI systems, two academics at the University of New South Wales in Australia argued.

    Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe failing to recognize machines as inventors could have long-lasting impacts on economies and societies. 

    "If courts and governments decide that AI-made inventions cannot be patented, the implications could be huge," they wrote in a comment article published in Nature. "Funders and businesses would be less incentivized to pursue useful research using AI inventors when a return on their investment could be limited. Society could miss out on the development of worthwhile and life-saving inventions."

    Continue reading
  • Declassified and released: More secret files on US govt's emergency doomsday powers
    Nuke incoming? Quick break out the plans for rationing, censorship, property seizures, and more

    More papers describing the orders and messages the US President can issue in the event of apocalyptic crises, such as a devastating nuclear attack, have been declassified and released for all to see.

    These government files are part of a larger collection of records that discuss the nature, reach, and use of secret Presidential Emergency Action Documents: these are executive orders, announcements, and statements to Congress that are all ready to sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to give America's commander-in-chief immediate extraordinary powers to overcome extraordinary events.

    PEADs have never been declassified or revealed before. They remain hush-hush, and their exact details are not publicly known.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading

Biting the hand that feeds IT © 1998–2022