All right.
I would like to welcome our next speaker, Peter Eisenthal.
Please go ahead.
Better now? Yeah, that sounds good. Okay.
This did not come out right. Those were fun flags up there.
We'll fix that later. It's open source.
So I'm Peter Eisenthal. I'm affiliated with the PostgreSQL project.
I've been coming to FOSDEM since, well, 2003. So, wow.
I'm in the PostgreSQL project. I'm part of the core team.
That's the steering committee, you could say.
And I'm also a member of, I think, PGCA, which we'll explain in a minute.
I've also been involved in the Devian project.
I'm probably fair to say I'm retired now. This does not sound well,
but I'll trust your figure. Yeah. Maybe you can mute that one.
Okay. All right. I'll just keep going.
I'm retired from Devian, but, you know, if you're in the Devian project,
you do learn a lot about the open source policy.
So that was good training there as well.
I'm involved with SPI a little bit, because that's obviously affiliated with Devian.
And I've also been involved in, because of these connections,
to make PostgreSQL an affiliated project of SPI.
And I'm not a lawyer. That's a cliche, but maybe in this room it should be said.
I have no legal training, but, you know, if you do this for two decades,
you absorb a lot of stuff.
And in effect, the point of this talk is to explain the issues we work through.
This is not a guide on how to do it, but this is just what we figured out.
Maybe it helps.
So by Postgres, I know like half the room here are Postgres friends.
Hopefully most of everybody else kind of knows about Postgres,
but just so we're on the same level as database systems, right?
There's a stand across the campus here, and there's a Devroom tomorrow.
But I like coming to FOSDEM, because, you know, the Devroom, Postgres,
Devroom is nice, but, you know, I know a lot about Postgres,
so that's not too interesting, to be honest.
But I always go to these other Devrooms,
and then sometimes give presentations there, you know,
to sort of talk about intersecting and crosscutting issues like this.
So that's why I'm here.
Postgres has... Postgres came out of the University of California, Berkeley,
you know, like BSD and others, and so we always used to say it has a BSD license,
and then somebody actually read the license as,
this doesn't look like a BSD license, this is actually the...
We just talked about this, right? You actually have to read it, right?
This looks more like an MIT license, and then we read it again and again,
and we realized it's neither, so there's actually...
PostgresGal license is actually a separate license registered with the open source initiative.
So, but the point here is basically we're not too concerned in the Postgres project
about copyright enforcement, right?
Because there's no obligations, really, other than attribution,
so that's not really a thing we're worried about.
And then there's a fine print down here.
Postgres, PostgresGal, and this Lonnie logo are trademarks,
or registered trademarks of the PostgresGal Community Association of Canada
and used by their permission.
I didn't actually ask for their permission, maybe that's wrong, but...
That's what that is.
And then finally, I want to introduce those of you who don't know, to Slonic, this is Slonic,
this is the logo, and as you just learned, it's a trademark, or a registered trademark, I don't know.
So, the three pillars of intellectual property are copyright patents and trademarks.
And the whole reason why we're here every year is because some of those who came before us
essentially wanted a different arrangement for copyright around software.
So you can share it and do all these things.
And this has been very successful, obviously, there's issues that we just talked about,
but the reason why we've been doing this for, you know,
it fosters them for 20 plus years, and the whole thing, 40 plus years and so on,
is because this worked out pretty well.
And then some time ago, we had issues with patents,
and we've had, you know, in this very event, you know, we just kept getting talked about.
I don't really know what happened to that.
It sort of fizzled out a little bit, but I don't really want to talk about patents here today,
but this was sort of an issue that, you know, patents do exist.
The question of whether software patents should apply was sort of the question being debated,
and this was partially used to impose additional restrictions on free software use, right?
And in some sense, this was sort of hacked around by putting patent clauses into software license,
like Apache license is a good example of that, so I guess this kind of quieted that down a little bit.
And then there's trademarks, and that's what I want to talk about.
So why do trademarks even exist in general?
And it's basically to prevent consumer confusion or have a functioning marketplace at all, right?
Because otherwise, if everybody could just fill in some brown stuff in a bottle and label it Coca-Cola and sell it,
then nobody could ever go shopping again and just rely on that anything is anything, right?
So that you have to have some protection of names so there's any sanity in the marketplace at all.
So that makes sense.
And then the companies who have these built these names, these brands,
they want to protect their reputation or their brand, right, or they could will.
So that's sort of the general idea, right?
So that's existed for a long time.
I think that's pretty well understood.
Why do we care about trademarks?
We specifically in the Postgre's project that I've worked on,
but also potentially other, you know, software projects, open-source software projects.
So the thing that one reason why we looked into this is because the domain registrations are in some weird way tied to trademarks.
So if you have a trademark, you have sort of priority to domain registrations.
The details of that are very complicated, but this is kind of how some of this got started
because anybody can just register a domain that matches your project's name
and now there's so many top-level domains you can't really, like, prevent that.
And then they put something up that looks like your website and potentially offers downloads or do whatever
and then you have no control over what they were doing.
So by registering a trademark, you have some kind of way to prevent that
or have a sort of priority for these domains.
But also, you know, you want to protect the reputation of your brand, of your project, right?
If you have a certain size, then you get imposters and people want to take advantage of that.
And then finally, in a weird way, what we learned is you have to protect your trademark just so you have it
because unlike copyright, and we'll get to that in a moment,
once you lose your trademark, you can't really get it back
and so you might want to just have it for later, in a way, in case, you know, something bad happens.
And so it's a bit of a self-preserving system in some way, but that's what we figured out.
So here's a way to, again, I'm not going to talk about the patent stuff,
there could be a third column but that's not what we want to do.
This is sort of a chart here, what makes dealing with trademarks
arguably much more complicated than with copyrights.
Because, you know, I'm sure there's people writing software here in their laptops,
like right now in the halls here, right, and they're not thinking about copyright
because the copyright happens automatically, more or less in most commercially relevant jurisdictions, let's say.
So as soon as you create something that applies to software and anything you create,
you're the copyright owner and if you don't want to share it, that's fine.
If you want to give it to someone under certain conditions, that's you, or that's up to you.
But you don't have to do anything about it, you don't have to register it.
There is copyright registration, that's not really relevant.
Also the copyright applies internationally more or less automatically.
Also in the context of software projects, everybody who contributes is sort of a joint owner in some way, right,
this kind of protects, there's copyright assignments and some people do,
but in general, like at least in our project, everybody sort of owns it together,
that means nobody can just take it away.
In trademark, this doesn't work that way because you have to register the trademark,
otherwise it doesn't exist. Well, there's unregistered trademarks, but that is very weak,
so you do want to register it.
And so as paperwork is complicated, potentially you have to get legal help,
or at least it's hard, you know, or somebody has to sit down, you have to pay fees,
and you have to renew it, and somebody has to be the owner of that, it can't just be,
oh, you know, us 250, who half of those we don't even know, really in person, right,
you can't do that, you have to have someone who actually has it.
And then, well, to share it, you have licenses, so that's sort of similar,
but with copyright we have these public licenses that are just sort of there to take in a way, right,
maybe that could exist for trademarks, but at the moment it's not really clear how that would work,
or at least we haven't figured it out.
And that's the final point I've already mentioned, right, you have to enforce trademarks,
otherwise you lose them.
Copyright, you don't really have to do it, I don't know, but mostly we don't do that, right,
I mean, of course people do GPL enforcements, but certainly you don't have to literally enforce
every single violation, you can sort of go against the big fish and things like that, right.
And so the copyright stuff basically happens by itself, if there's no problems,
you don't have to do anything, you put a license on your project, and if nothing weird happens,
that's it, that's new, right, but the trademark, you have to be on the ball all the time, right,
you have to file paperwork, make sure you do it right, and whoever does it actually has to make sure to keep it updated,
you have to license it, and you have to go after everyone who violates it.
And that's hard to do for just small-time projects, I guess, right.
So what have we done?
And we came, the title was sort of, we figured this out on the fly, because we, when the project was founded,
we took the, we, I wasn't there, the University of California basically abandoned the software,
and somebody said, like, hey, we'll put it on the server, we'll keep working on it, we'll figure it out, right.
And this was actually, this was in 1996, and I figured this was actually before the term open source even existed.
So I went back to the original email messages, and there was no terminology for that, they said,
like, hey, let's do a project like free, as free BSD does.
So that was sort of like, there was no term open source, it was just like, let's do it like these guys do, kind of.
Well, that individual, you know, happened to live in Canada, and they had the domain registration in their name,
because, you know, somebody has to do it, and then later on also registered trademark,
it wasn't, we haven't really quite figured out why that was done initially, but they figured they should do it, so it existed.
And when that individual then sort of wanted to step back and retire from the project,
you know, we wanted to put this under some proper footing, and we were initially thinking just about the domain registration,
and, you know, the trademark kind of came along with it, and so we founded this little tiny nonprofit association in Canada
just to hold those domains and those trademark registrations, and it wasn't really supposed to do anything else,
it was really just like, do a meeting once a year, rubbish them to budgets, and keep these things rolling, and do little else.
You know, we're not running any events or anything like that, it was just a really tiny operation.
The name of Canada has confused people over time, so we kind of dropped this last year from our title.
It kind of worked out because the domain we used for that association, not for the software project,
but for that association is Postgres.ca, so the CA can now stand for Community Association,
which is sort of was a kind of pun we used.
Because people kept coming to us and thought, we're like the Canadian, we, I'm from Germany, right,
so it's just where that organization runs, we're like the Canadian user group or something like that,
and can we run like a Postgres evening in Toronto, but that's not what we were about.
So here's a little bit of a timeline.
So in about 2018, we started registering trademarks in various jurisdictions, so we had the Canadian one already,
we did the EU one, the funny thing is also once you register trademarks, you start getting spam.
People like monitor these registries and then just want to sell you stuff, like hey, domain registration,
hey, do you want to, hey, we have, we saw somebody registered something similar to you,
do you want to help us figure this out for you, and you know, always kind of weird stuff, so it's kind of fun and annoying.
We have the US registration, but currently on the secondary register, which if anybody knows what that means,
so it's a little bit tricky to, if the name is already out there, then to register a trademark afterwards,
so we're kind of backfilling that a little bit.
And so we, and this is maybe some of you who are not close to the Postgres project might have even seen that
and like the general hacker media in between about 2020 and 23, we had actually various disputes around the trademarks.
In a way, a lucky coincidence perhaps that we just got those trademark registrations done shortly before that,
and, but as you, as I just mentioned, it was really supposed to be just a small organization with really no operating budget,
and then all of a sudden we had people go register domains that looked similar to the project,
actually people going out registering trademarks, like Postgres as a trademark in some jurisdictions,
just in their own name without asking anybody, and then putting that on their website and creating sort of a shadow ecosystem,
that looks like sort of an official Postgres thing, and then we asked them nicely,
you know, can you please stop doing that, and then they didn't want, and it goes on and on,
and this is sort of, you know, legal cases were filed, and it went to courts and things like that,
so that was extremely expensive, and we had no income stream right, this little organization,
so we were figuring this out, but it's, you know, it's, this is a problem,
if you do want to get into the trademark game, you have to be prepared for this to happen, and it's become very expensive.
How harmful would it be for your trademark, not to pursue all of your legal cases?
The question I heard was how harmful would it be if we just didn't pursue those cases?
Yes.
Well, to some degree we don't know that, because we, you know, there's no,
there's no room for trial and error really, because if we say, well, let's not do it,
then the next person that we really do want to pursue this dispute with,
can then say in court like, well, you didn't pursue those guys, so your trademark is invalid,
can get invalidated, and then it's gone, and then this whole thing is over, right?
So the legal advice that we have been given, the actual legal advice that we have been given,
that we should do it that way.
So we have sort of a two-tier, so if you do want to use the trademark,
because obviously, you know, people, you go over to the other building,
you can get hoodies with Postgres on it, right?
So obviously we do want people to talk about Postgres somehow.
So we have a two-tier structure in a way that there's a policy on the website that says what you can do with it.
This has been reviewed by legal aides, lawyers, right?
So what you can do is, what are we already in the law about fair use you can do?
So if you just factually talk about Postgres, of course that's allowed.
Any kind of what's in the law about fair use you can do, of course.
You can write logs and books about Postgres and stuff like that.
People do, right? That seems fair.
People want to make YouTube videos about Postgres short, that's fine too, right?
And then we have, which maybe not obvious, we have a thing also in the Postgres community
that we can in a way certify conferences, right?
Because we don't have a central association that controls the whole project.
And so a lot of independent people around the world run like a Postgres conference, for example.
And there is a system that you can self-certify that your Postgres is what we call a community conference.
It sort of follows certain guidelines.
So it's not just sort of a sham corporate event basically, right?
And so if you self-certify your conference as a community conference, then you can use the trademark.
If you self-certify your user group evening as following these certain guidelines, then you can also use the trademark.
Or if you have a regional NPO, for example, the thing that's happening over there in the other room, the Dev Room,
the Postgres stand over there and the Dev Room is organized by an association called Postgres School Europe,
which does these things in Europe.
And there's others like Postgres School US, for example.
So they are recognized NPO's and they can use the trademark.
Yes, all the way in the back, yes.
You say no company names on the phone?
Yeah, so...
How many... that actually brings in a number of products that are specifically key to Postgres?
Yeah, yeah, we'll get to that, exactly.
Yeah, yeah, so...
By company names, I should have solved the company once in a focus.
Yeah, yeah.
So the question there, and we'll get to that for the microphone again, like what about company names and stuff.
So what is not allowed by the trademark policy on the website is that you name your company or product as Postgres in the name,
or register Postgres.something domain.
Now you can try, but then you get into trouble with this.
If we can be bothered, as previously explained.
But no, if you don't... this is the policy on the website, you can read that, right?
So if you fall into any of this, if you want to write a book about Postgres, just go ahead.
You don't have to do anything.
For some additional uses, you can get a license, right?
This is something that's still kind of in progress, right?
So this is... we've only been doing this for a couple years.
Five minutes.
Yeah.
So the first thing we did is to respond to the question, we grandfathered, tried to grandfather everything, and that was already out there.
So a lot of these, and we tried to track them down.
You know, if you have a company that's well recognized in the Postgres ecosystem, and they somehow have a product or the company name itself that has Postgres in the name,
then we got in touch with them and tried to work out, like, a license that explicitly allows that, but also contains, like, let's not do that again kind of thing, maybe, right?
But to some degree, we also provide additional licenses.
For example, and this is kind of the... it leads into some questions I will have at the end.
So this is kind of what we're working toward or what's effectively happening,
but it's, you know, it would be kind of nice to actually have some guidelines and we're not just making that up.
So if you have a Postgres conference that is not self-certified as a community conference, you can still get a license for it.
You know, we'll look at what you're doing. If you're not doing a total sham job, then that's probably okay. We'll get a license.
Or if you want to use the logo for a product, you can use this Postgres, you can get a license for that logo.
But that's all manual work at the moment.
So what we generally allow is merchandise sales, except the kind of stuff that's happening there by recognized NPOs,
or any new, ideally any new business names.
And also weirdly, what we generally don't want to license is anything that's not even related to software that wants to use the logo for some reason.
There's people who want to write like novels about Postgres or use the logo in board games and things like that, which is all interesting,
but we have so far not really wanted to go into that.
So this is kind of the question I'm asking myself, and this is sort of bothering me, right?
We've had just these discussions of overlaying additional restrictions on top of software licenses,
and this has been done with patents extensively, or tried at least.
Just what we talked about a moment ago, what do they call it? Customer agreements that interfere with that.
And remember maybe some of you remember the Ice Weasel fiasco, where Debian had to rename Firefox because of trademark issues, uncertainties with Mozilla.
And I don't really know.
We're not trying to trick anyone, right?
This is not what we're trying to do. Others could do it maybe, but we're just trying to do the right thing.
But what is the level of things that we shouldn't allow?
I don't know. This is really hard to find examples about.
We've looked at some examples. Debian, for example, has a trademark policy.
Linux has this sort of trademarking system, and KDE has something, but there's really nothing sort of consistent that you just copy as a template.
It's really, really difficult. So this kind of gets to my asks here to conclude.
It would have been nice to have some any kind of organized information about this.
It doesn't seem to exist.
Now you can go to these organizations and there's others.
Sorry if I offend anyone. I know there's some rivalries between some of these.
I don't know. But if you create something, if it's software and say, yeah, I would like to share this somehow, how do I do that?
You can go to OSI and learn everything about open source copyright issues.
Or if you just create or something else, you want to share it somehow.
Creative comments, they have all this information about this is how you can share and this is the kind of public copyright license you can create and so on and so on.
So there's this whole thing out there that you can rely on and it works really well.
But I've went through all of these things and searched the website.
It's like, is there anything here about trademarks? Is there any guidance at all?
It's like, no. I don't know.
I know that they know that this exists because creative comments itself is a trademark and open source itself is a trademark.
So this obviously exists, but there's nothing to find.
So in some sense, this is sort of my call here.
If anybody has any interest in this at all, it would be nice to share information somehow and build at least some kind of baseline expectations about like how do we create trademark licenses that are compatible with the software freedoms
or the open source definitions or anything like that.
That's what I would be interested in.
And of course, if you're out there as a project struggling to work this out, maybe you want to get in touch with the postcards people.
That's also fine.
So great to conclude.
So dealing with trademarks is much more complicated than copyright.
It's not really clear where it's useful.
So that was the question.
It has in effect been useful for us because we had some bad actors who were trying to do the wrong things.
This gave us a tool to prevent that.
So it is in effect useful.
But the way this interacts with software freedoms is unclear and I would like to learn more about that.
I would like to learn more about how others do it or if others want to learn from us, that's also great.
That's all for me.
We have time for one question if someone has.
I'm sorry, we run out of time for questions.
No questions.
That's also fine, but I'll stick around here and if somebody wants to ask, that's fine.
Thank you.
Thank you, Peter.