Q: So why are we here?
A: At the end of this week, after 16 years, the Free Software Foundation should bless version three of the GNU General Public License, the sequel to what is arguably the most widely used and most impactful copyright license ever.1 Quite literally everyone who makes software – open, proprietary, or web – needs to understand the v3 and figure out if it is evolutionary, revolutionary, or DOA, and how it impacts them as a potential contributor, consumer, cooperator or competitor. This is my small contribution towards that understanding.
Q: Can you summarize this Q&A in a haiku?
new license rolls in
stormcloud- large, complex, strong, dense
scares, but should bring rain
(I really, really wanted to use “Snuffleupagus” in that, but sadly that doesn’t leave many syllables for imagery.)
Q: Why did you feel the need to summarize in haiku?
A: Because this was the longest blog post I’ve ever written. It is now going to be in (at least) four parts over three or four days, so you’ve been warned: you might want to leave off at the haiku :)
A: Tons. I am not a lawyer; whether I’m even a particularly good law student is still up in the air :) Don’t rely on this for legal advice.
I’ve based this commentary on the final discussion draft of the license; changes between now and the final, final version may invalidate some of my claims.
I’ve been on GPL Commitee A, so I’m predisposed to believe the FSF and SFLC’s interpretation of the license. On the flip side, I may not have learned much from that experience; mistakes are my own and may be plentiful.
Finally, I’m currently a Red Hat employee, but this is emphatically not a statement of Red Hat’s policy or interpretation of the license. No one at Red Hat has read this or commented on it beforehand, so again, mistakes are my own and may be plentiful.
Q: Why are we doing all this again? Isn’t GPL v2 reasonably good?
A: As I already mentioned, GPL v2 is almost certainly the most important and successful copyright license ever. By ensuring cooperation instead of competition, it has played a critical role in creating the large and thriving free/open source ecosystem. By providing a robust legal framework, it has provided predictability and protection for everyone who uses it. And by protecting the rights of users, it has done a fairly good job advancing the explicit goals of the authors of the license. So one has to consider it incredibly successful- especially considering that it is a legal document which most lawyers considered insane for a long time, and which still makes many uncomfortable.
That said, the license was written in 1991, and the computer industry has changed a lot since then. Patents have become a much more critical issue for the industry- in 1991, Microsoft had only just begun to understand how important patents would be to locking out new competitors. In 1991, the idea that computers would be the dominant form of media delivery would have been fairly ludicrous, much less the idea that software would be legally protected against “tampering.” And since 1991, the free and open source software community has gone from being a decent number of volunteers and one company, operating primarily on an informal basis, to being millions of volunteers and a multi-billion dollar industry, with all the legal structure, firepower, and infighting that implies. So an update was probably not a bad idea.2
Q: So what should a rewrite have done?
A: That is the million dollar question. While few people think of it that way, the FSF is a user-focused organization. GPL v2, to them, was about protecting the rights of users to control their own computing devices. The pragmatist camp sees GPL v2 as being about the rights of developers to progressively expand the commons and prevent bald-faced exploitation of their labor, a la Apple/BSD. These camps aren’t mutually exclusive- many of the license features which the FSF originally intended primarily to benefit users have been beneficial for developers, and obviously the thriving developer community is beneficial to users. But members of both communities often seem happy to trade away the rights of the other parties if there is a conflict.
Given that broad background, FSF’s specific goals for v3 were to protect user freedoms from ‘new’ threats like patents, DRM, and tivo-ization, while benefiting (or at least not alienating) developers. To the pragmatist camp, if there were to be changes, they needed to make life easier for developers- including not just individuals, but corporations. Since no one could think of any significant way to improve on the old license in that respect, they wanted to focus primarily on simplifying and strengthening what was already there.
Q: Given the success and the controversy of change, has the license really changed that much from v2 to v3?
A: The core goals, methods, and structures of v2 were successful and have been carried over with very few changes. If you use GPL code and do not redistribute it, you still get to do whatever you want with it. If you modify and redistribute GPL code, or build new applications on top of GPL-licensed libraries, you still have to release modifications and derivatives as GPL-licensed source. And you can can still build ‘immoral’ (aka, proprietary and/or DRM) code on top of the new LGPL. Some of the language has been changed enough that these goals may be hard to find in a casual read- but they are very much still there.
Q: What has changed, then?
A: A few major changes (note that some of these have been grossly oversimplified to be audience and scope appropriate; please don’t jump on me when I’ve not noted exceptions, loopholes, etc.) Note that I’ll have more on several of these over the next couple of days.
- internationalization: the new license moves away from language like ‘derivative’ – which comes from US copyright law – in favor of language which does not exist in any system of copyright law. This is excellent in theory- it should make the license more politically palatable and legally enforceable outside the US. In practice no one can really know what courts will think of this until it is tested. 3
- increased complexity: this tries to be a more lawyer-friendly document. It is not clear that it succeeded. Regardless of whether the lawyers like it, it is definitely less clear for hackers and executives on first glance, and that may slow uptake.4
- patents, the straightforward part: the license attempts to create an explicit and irrevocable patent grant extending from all contributors to all users. If you contribute a substantive patch upstream5, you’re granting a patent license to the whole project. Merely distributing without copyrightable contribution, like IBM does with many GNU tools6 still does not grant a license. This should help create more certainty about the patents owned by our major contributors- the folks like Sun, Novell, etc. – but it doesn’t help against those who don’t contribute code, like Microsoft and patent trolls. So the impact is positive but limited.
- patents, the complicated part: a lot of verbiage has been added in an attempt to prevent future blanket indemnifications like the Microsoft-Novell deal, and to ‘trick’ Microsoft into granting us their patents. I won’t go into these in much depth because I’m pretty sure they don’t buy us much – it looks like the Xandros and Linspire deals are already structured to avoid triggering these clauses, and there is no reason to believe that Novell and Microsoft can’t do the same. So net result here is probably that only the worst abuses of the old language, like the current Novell deal, are prevented. Not bad, but not the end of the Microsoft problem by any stretch.
- user control: the new license tries to make it clear that users have the right to control their hardware and software. This takes two forms: first, it forbids a claim by distributors of GPL’d code that the code is part of an ‘effective technical protection measure’ and second, it explicitly guarantees that installation instructions (including all the necessary tools and keys) must be available so that users can modify their software and reinstall it on devices that they own. This language, while not always straightforward, should mean that consumer-level users of GPL v3 code should be able to reliably modify the GPL-licensed code on devices that they own.
- license compatibility: the new license is compatible with the Apache Public License, so if you’re working on GPL v3 code, you should now be able to copy and paste from APL-licensed code. This does not mean that someone working on APL-licensed code can copy and paste from GPL v3 licensed code, though- compatibility with the GPL is always one way. (And the same applies to GPL v2 code- you can’t copy out of GPL v2 code, even into GPL v3 code.)
Q: So did the FSF reach their goals?
A: Since the FSF was in control of the process, the changes have focused on users rather than developers. Developers don’t necessarily fare poorly, but where there is choice between user freedoms and developer flexibility, the balance always tilts towards users. If, despite this, developers choose to use the license, it should give users and developers more certainty about patents, and it should ensure that users have the legal rights to control the devices that they own.7 Overall, then, a win for the FSF.
Q: Bottom line- in a year, what are we going to be saying about GPL?
A: Over the next few days I’ll explore the details of how developers and companies might feel about the new license, but I think the bottom line is that within a few years many will switch over. Communities who feel particularly threatened by patents, who badly want to draw from Apache, or who are particularly inclined to protect users and disregard possible costs to developers will adopt it particularly quickly. After that, adoption will slow for a while, but as users, developers, and corporates get comfortable, the various small improvements will gradually make it the default license for a plurality of new open source code, despite the understandable reservations (some well-grounded, some not) that many people currently feel.
- Microsoft’s licenses are possibly more widely used, but only by a handful of pieces of software; the various Creative Commons licenses are probably also more widely used but (for better or for worse) have not yet set billion dollar industries on their ear. Really, we owe to GPL the notion that a copyright license can actually be important at all. [↩]
- Novell’s decision to expose a real loophole in the patent language of the old license was only icing on the cake; the process was well underway before that happened. [↩]
- The Creative Commons lawyers think this approach is borderline insane, but their approach- one license per legal regime- drastically increases license fragmentation, which we know is a very real problem. [↩]
- Note that v2 isn’t nearly as clear as people would like to think- much of the supposed ‘clarity’ is really just the result of living with it and interpreting it for 16 years. [↩]
- not just any patch; it must be meaningful enough to be copyrightable [↩]
- edit later: IBM contributes to a number of GNU tools like gcc and classpath, I don’t mean to downplay that. Just that they also distribute the entire GNU user-space stack on AIX, which is the biggest example of ‘simple’ distribution that I know of. [↩]
- Of course, those new rights only help you if you’re also a hacker, or can afford to pay one to hack for you. But this was a problem with the v2 as well. [↩]