Fortinet has apparently settled the suit filed by Harald Welte earlier this month. Welte, who founded gpl-violations.org to bring vendors into compliance with the GPL, managed to get an injunction against Fortinet which banned the company from distributing products containing GPL'ed code.
Now that the case with Fortinet seems to be taken care of, I e-mailed Welte to see what is next on the slate with gpl-violations.org. Welte said that he's "always dealing with a number of cases in parallel."
If I'd only be dealing one case at any given time, I wouldn't be able to do 30+ enforcements within a year. On the other hand, that degree of parallelism involves costly context-switches, as every operating systems developer knows.
I asked Welte what kind of help he's received with gpl-violations.org, and what kind of help he needs going forward. Welte says he's receiving "numerous reports of GPL violations, which is obviously important. However, each report means more work for me." He also noted that users are helping by participating in discussions on the gpl-violations.org mailing lists, but "it is still a one man show, after all."
Welte also said that there are talks in the works about integrating the gpl-violations.org effort with the Free Software Foundation Europe (FSFE), "but that hasn't been decided yet."
Welte's victory against Fortinet came in the German court system. I asked Welte if he thought it would be possible for an effort like gpl-violations.org to work as quickly and effectively in the U.S. Welte said that it's "not a question about speed, it's about a legal system that is (from my point of view) a bit fairer. It doesn't count if you have big money or not - you can win legal battles without a big budget."
Now that Fortinet has settled, I wondered if Welte thought the code would actually be of interest -- or if the main point was just to keep the company honest, whether or not the code was of interest. Welte said he couldn't comment on that, since he hadn't seen the code yet.
Once that is published, we can see whether there are parts that the community can merge into the respective upstream projects.
Looking at most of the code that has been released by other previously-gpl-violating companies, there rarely is anything that can be merged. In the WLAN-Router sector, the code quality usually is so low that no FOSS project would merge that kind of code. It makes you creep to know that this is running on millions of WLAN and DSL routers. I really wonder why we aren't seeing lots of exploits for them up to now. Probably the security community is still way too much concentrated on desktop and servers...
Finally, I asked Welte if there was a chance that this could backfire against GPL'ed software. With many companies looking to give the GPL a bad name, it seems that some companies might try to use gpl-violations.org as evidence that the GPL isn't "business friendly." Welte agreed that it "could backfire."
However, we're trying to stress it very much that there is no problem with using GPL licensed software in commercial products - you just need to comply with the license.
If 'paying royalties' is more business friendly than offering the source code and copying the GPL, I don't know. Using GPL licensed software is cheaper, if you follow it from the beginning. Only if you don't comply, you run into legal cost and bad PR.