The free software movement’s most important license — version three of the GNU General Public License (GPLv3) was unveiled by the Free Software Foundation (FSF) late last month. It comes roughly 16 years after its wildly successful predecessor, GPL v2, became one of the most used software licenses ever. Today, about three quarters of the world’s free software packages are distributed under GPLv2.
GPLv3 has some big shoes to fill.
Lots of Changes
The differences between GPLv2 and GPLv3 are simultaneously tiny and tremendous. The third version’s aim is essentially the same as the second’s — to provide protection for free software — but the means have shifted to address the shadows cast by big companies and the possible exploitation of developers laboring for the love of free creation.
At the heart of the FSF is the ideal that software should respect a user’s essential freedom to run it, study it, change it and redistribute it with or without changes. The organization aimed to reflected that ideal in designing GPLv3 to protect the rights of an end user.
Many open source projects have been licensed under GPLv2, and while the open source world at large is on-board with free software and the ideal of free distribution, it is less concerned with the FSF’s social movement to provide software freedom to all users. Consequently, most new features of GPLv3 address issues geared first toward protecting the rights of end users.
While Microsoft’s patent threats have garnered a great deal of press, GPLv3’s so-called Tivoization clause has been a troublesome spot for the document’s drafters. Sorting out the license’s particulars took 18 months of deliberations and four public drafts.
“During the drafting process we talked a lot about tivioziation, which is where hardware manufacturers will use free software on a device, and then they’ll lock down the device so only they can modify the software and nobody else can,” Brett Smith, the FSF’s licensing compliance engineer, told LinuxInsider. “This effectively denies users the right to change that software to fix bugs or add new features, so GPLv3 addresses that.”
The makers of the TiVo television digital video recorder created code that would disable TiVo products if the source code was modified and no longer matched the original code. The benefit of TiVoization is that it makes it harder to modify a device to steal a service, circumvent a digital rights management scheme, or otherwise break a term of service or any applicable laws.
While that’s not a terrible concept, TiVo was still using GPLv2-licensed code, which was freely developed by others. Besides the FSF’s social and political movement that TiVoization is at odds with, here’s an example that illustrates how some end users get really irritated by TiVoization:
Imagine that a customer buys a wooden chair, which was built using free, non-copyrighted blueprints. However, the buyer decides she wants the chair in a different color, one that was offered by the manufacturer. So after she buys the chair, she decides to paint it. Right after it’s painted, the chair crumbles into a pile of useless sticks simply because it — or its original maker — becomes aware that the chair has been somehow modified.
Continuing the metaphor, GPLv3 asserts that a) you have a “right” to paint your chair, and b) the person who sold you the chair built with the free blueprints can’t stop you from modifying it, nor can the seller break the chair if you do modify it.
However, all of this only matters if the the code in question is licensed under GPLv3. TiVo or any other company can still create products that they can lock up in any way they see fit — they just can’t do it by using free software licensed under GPLv3. Early drafts extended TiVoization protection to any device, but the final version has been softened to focus protections on consumer devices rather than those aimed at business or organizational uses.
Similarly, if a modified device causes problems, a service provider could withdraw service. Take, for example, a case of a cell phone that uses a GPLv3-licensed version of GNU/Linux. If a user modified the phone and it “materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network,” access to the network may be denied.
While patent protections apply to end users too, the patent clauses in GPLv3 would most likely protect open source software developers and the organizations that create and distribute free software. While GPLv3 doesn’t mention the elephant in the room that is Microsoft, the patent protections were most certainly spurred by the software behemoth’s recent patent-related threats, wherein it claimed many free and open source applications violate its patents.
The key is to reduce the value of patents and patent rights, particularly when those rights are granted to customers or business partners. Because software patents were relatively rare back in 1991 when GPLv2 was crafted, v2 is ambiguous about its patent-related protections. GPLv3 not only attempts to ensnare companies like Microsoft, but also to prevent any patent holder from engaging in deals similar to the one between Microsoft and Novell.
If special deals wherein a patent holder offers to grant patent protections to only some users running GPLv3-licensed code are rendered ineffectual, the key remaining option for a patent holder would be to identify the violated patents and sue someone in court.
“If Microsoft actually had (a) patent that they published that we copied, we would certainly be willing to excise it from the kernel or wherever else it happens to be,” James Bottomley told LinuxInsider. Bottomley is CTO of SteelEye Technology, a member of the Linux Foundation and gatekeeper of the the Linux Kernel SCSI.
“But since they are unwilling to do this, they have probably patented something we’ve done independently, or at least a member of the FSF did independently. And under patent law, that allows us to challenge on two points,” he explained. “That first, we invented it first — which is not unlikely given the pace of innovation in open source — and the second, that it’s obvious — that if two people think of the same thing at the same time in a solution to the same problem, and you’re not allowed to get a patent on an obvious technique which is obvious to one of ordinary skill in the art. They know they would be facing challenges if they released the patents.”
The net result of the GPLv3 patent protections is to not remove patents or patent rights, but to level the playing field.
While GPLv3 was created first and foremost for users, the benefits for developers are much more tangential. Obviously, patent protections extend to developers and vendors, as well as users. With GPLv3, the FSF also increased the scope of the license by using more general legal wording rather than focusing so much on U.S. copyright law. The change, it hopes, will make the license more relevant worldwide. How international courts will actually end up ruling on hazy future issues, though, is up in the air.
“The GPLv3 is very useful because it is much more clear on a number of important issues, such as termination and scope,” Mark Radcliffe, an attorney with DLA Piper and general counsel of the Open Source Initiative, told LinuxInsider.
“The use by in-house developers will depend on the business model. For example, an ASP (application service provider] service may prefer the AGPL [Affero General Public License],” he said. Code licensed under the Apache Public License (APL) can also be licensed under GPLv3, but not vice-versa.
The APL route gives developers more options, while the AGPL option essentially protects organizations that use free software as the underlying code behind applications repurposed with new interfaces for delivery over the Web via a Web browser. Case in point: much of Google’s online software.
Support So Far
“Overall reaction has been very positive — except from Microsoft. Everyone has had pretty good things to say about it,” FSF’s Smith noted. “For example, lawyers who work with free software issues, executives at some of the larger companies that work with free software in various capacities, like IBM and Red Hat, have all said very positive things about GPLv3, so that’s very encouraging.”
About 30 GNU programs have migrated to GPLv3 so far, Smith noted. He’s been hearing that new programs developers have released are tend to license under GPLv3 first. “Since they don’t have any background to work against, it’s pretty easy for them to decide to go to GPLv3,” he said.
“A lot of projects are working towards it — they are just making sure they have their ducks in a row before they do it. And that’s good. It’s more important to do this right than to do it quickly.”
A potential trouble spot is that there’s no legal way to combine the code under GPLv2 with code under GPLv3, because both are copyleft licenses. They essentially assert that if you include code under the license in a larger program, the larger program must also be under the license.
“Simply put, you can’t cut and past code from one to the other,” Stephen O’Grady, an analyst for RedMonk, told LinuxInsider. “I don’t think we’ll see a majority of projects on the license in the immediate future, if only for logistical reasons.”
Palamida, a company that helps organizations with multi-source development environments figure out what’s in their code, is publishing GPLv3 adoption statistics. Currently, Palamida reports that 190 projects have been converted to GPLv3, while 2,818 projects licensed under GPLv2 or later are automatically now covered by GPLv3.
The Stickiness of Inertia
“I’d say the biggest sticking points are apathy and inertia,” Luis Villa, a law student and a former GNOME Foundation Board member, told LinuxInsider.
“GPLv2 has been a brilliantly successful license, and developers are usually in no hurry to fix things that already work. Combine that with a lack of obvious improvements for developers, and most people are going to be reluctant to move until they see everyone else doing it,” he added.