Doubts Raised About Legal Soundness of GPL2 521
svonkie writes "Two prominent IP lawyers have warned that the all-pervasive General Public License version 2 (GPLv2) is legally unsound. They claim GPLv3 and AGPLv3 are much better suited for the realities of modern open source software. 'If you go back in time to when GPLv2 was written, I don't think people were aware of just how ubiquitous this license would become and how closely scrutinized it would be,' said Mark Radcliffe, partner at the firm DLA Piper and general counsel for the Open Source Initiative (OSI). 'At that time, open source was not something as broadly used as it is now.' Radcliffe was joined by Karen Copenhaver, partner at Choate Hall & Stewart and counsel for the Linux Foundation, for a GPL web conference hosted by the license-sniffing firm Black Duck software"
Conspiracy? (Score:5, Interesting)
So, I actually count myself among the few that like Richard Stallman. I've met him, and he's a nice guy. But does anyone recall the furor over GPLv3 when it first came out, & some of the new provisions? This caused a lot of projects to stick with v2.
I'm wondering if this isn't just FUD to try to get people to switch to v3. Which is icky, but it did occur to me.
Re:Ideology? (Score:4, Interesting)
That is a lost cause, even though I've heard some fancy legal theories on how they could relicense Linux without getting either approval or ripping out that code from those not actively approving. Even though they might possibly work in a few jurisdictions I doubt they work in all or even most countries of the world, it'd make Linux a copyright minefield.
Re:Not as bad as it sounds! (Score:5, Interesting)
Because the GPLv2 is abandonware. If FSF wants to pick it up and spin a GPLv2.1 and an LGPLv2.1 off the GPLv2 branch, then maybe it would be a viable license. As it stands, as legal flaws are found in the license, your only choices are to move up to GPLv3 and accept all the baggage that comes with it, convince your developer community to all sign over copyright, or convince your developer community to all agree to a license change to a BSD or MIT license after the fact. Good luck with that.
real issue, but is GPLv3 the solution? (Score:5, Interesting)
This is a real issue. For instance, I wrote a physics textbook, which is open-source, and I wrote a bunch of ruby and latex code that helps to produce the pdf from the latex sources, automatically handling some things relating to placement of figures on the page that are awkward to do with plain latex. My book, including the ruby and latex code, is under CC-BY-SA. I got an email from a guy at MSU who was writing a textbook, and had already started using my code to handle the illustrations. He wanted to check whether it was okay under the license, since he didn't intend to release his own book under a CC license. Well, my answer ended up being that I really didn't know whether it was okay or not. It wasn't clear to me whether his work counted as a derived work. On the one hand, you could say that what he was using was simply some software I wrote, so his book isn't a derived work based on my software any more than a book written in MS Word is a derived work based on Word. On the other hand, there's really no perfect separation between the software and our books. When you write a book in latex, the latex code *is* a piece of software. My code generates various boilerplate in its output, some of which is text that is visible to the reader, so it's under my copyright and license. Of course I could have just told him that it wasn't an issue, and I wouldn't sue him, but I had intentionally chosen the strong copyleft because that's what I wanted. I suspect that a lawyer would tell him his work was actually not a derived work, but I also suspect that he (and his eventual publisher) wouldn't even want to get into that issue.
Although the issue is real, it seems goofy to me to suggest GPLv3 as the fix for the problem. First off, there are huge philosophical differences between v2 and v3. Also, there is so much GPL v2 code out there that you can't necessarily just relicense under GPL v3 without causing yourself hassles with license incompatibilities. I also don't quite understand how they think they can bypass the fact that various countries have various inconsistent and ambiguous definitions of a derived work. The only thing that forces anyone to accept the GPL license attached to a work is that copyright law doesn't allow them to do certain things without a license from the author. Those things include (1) copying and redistributing the work, and (2) creating and distributing derived works from it.
Re:Not as bad as it sounds! (Score:5, Interesting)
It's not like they've determined there's some fundimental legal principle which brings the whole thing crashing down, as you see in EULAs for example.
Right. Which strikes me as interesting that they'd suggest "upgrading" from a distribution license (GPLv2) to a EULA (AGPLv3). Remember, if you have an in-house branch of an AGPLv3 package, and you let a customer SSH in to run it, then you have to grant them full rights to your changes (even though you haven't distributed it). I dig RMS and I love the GPL, but I hate that derivative abomination.
Think of it as a security patch (Score:5, Interesting)
GPL2 is not about to become invalid. But consider all of the changes we have gone through since GPL2 came out. Back then, the most complicated input device that people were likely to have in their homes was a touch-tone phone. Music came from phonograph records and cassette tape. The "@" sign was a little-used oddity on the typewriter keyboard for most people. Home computers were more the exception than the rule, and their CPUs used 16-bit addresses.
With the advent of consumer digital media we got a ton of law, both legislative and case law. Garbage legislation like ECPA and then DMCA, and a great increase in software patenting. All of that law essentially blind-sided the GPL, which had to cope with it but was not written with knowledge of it.
So, a license upgrade to deal with all of this is like installing a security patch on your operating system. It's just a sensible thing to do.
Bruce
Re:Conspiracy? (Score:5, Interesting)
So your definition of "extremist nut," then, is someone who thinks they should actually be allowed to exercise the rights that the license is expressly designed to give them. I fail to see how there's anything extremist about requiring that you not distribute software under the license if the hardware directly prevents the users from using the software in a manner that the license explicitly says they can...
It wouldn't be the first time I have seen that definition of "extremist" or "nut" that means "a person who takes a reasonable, legally and morally justifiable action that you happen not to like." It seems to come from a line of thinking which states, "reasonable people cannot possibly disagree on something or take different positions on it; therefore, if you disagree with me, it can only be because something is wrong with you and it is now my job to label what that something is."
Now if someone said that punching random strangers in the face for no reason should be legal and acceptable behavior, I'd say that yes, there probably IS something wrong with them. But to draw such conclusions based on the choice of software license? For code that the author didn't have to write and had no obligation to share with us in the first place? Yeah, that's a bit much.
Besides, if you want to see an "extreme" license, read the average commercial EULA sometime. Wade through all of the legalese and look at the long list of prohibitions and restrictions. Consider whether this really benefits you as a customer and whether it was intended to. Then note that you generally don't get to review it until after you have purchased the commercial software. The freedoms that the GPL guarantees are a breath of fresh air by comparison. Maybe this is just my personal tastes, but I have always found "enjoy this, just don't restrict someone else's ability to enjoy it as you have" to be far more reasonable than "what you bought isn't really yours, and you will use it only in ways that we have decided to allow, which by the way are subject to change."
Re:Not as bad as it sounds! (Score:3, Interesting)
So we tend to be left with a situation where if we want to make any money out of our software, we have to write or clone a commercial agreement. Whereas if we actually want to offer a truly open piece of work, a BSD licence has the advantage of being unambiguous, easily comprehensible and short.
Re:Not as bad as it sounds! (Score:5, Interesting)
As it stands, as legal flaws are found in the license, your only choices are...
Or live with it. The problem they bring up is that "derivative work" is not well defined. So worst case scenario, some edge cases that may or may not be ruled "derivative works" may or may not be bound by the license.
So what? Without some real examples of what might be problematic it's hard to tell how important these issues are. And chances are some of these issues have been dealt with already (see the GPL linking exception).
Re:real issue, but is GPLv3 the solution? (Score:4, Interesting)
Re:Zealots caught in Gnu/Stallmans trap (Score:2, Interesting)
You really beleive it all to be this simple? Have you ever been in a room with either lawters from firms of this size, or with the technology marketing teams that fund them?
They are "interesting" rooms.
"DLA Piper is one of the largest law firms in the world and it is the only firm with more than 3,500 lawyers in North America and Europe. DLA Piper is a legal services organization whose members and affiliates are separate and distinct legal entities."
http://en.wikipedia.org/wiki/DLA_Piper [wikipedia.org]
IBM and Novell both are certainly money this firm takes. Probably Microsoft, too. All of these players have "proxies" that they push markets with - like cold war intelligence and battle operations. I have heard the planners at one proprietary vendor - supposedly Open Source advocate - talk about funding CentOS - to damage RedHat. They'd do so through participation in a third vendor consortium/forum. This stuff is common.
Re:Not as bad as it sounds! (Score:5, Interesting)
Why shouldn't they get the source code to a program they are using, even if it is over SSH? Isn't that the whole point of the Open source and the GPL.
The problem is that all versions of the GPL have governed distribution, and they're on solid ground with copyright law. Basically, they grant you additional distribution rights above and beyond what you'd normally be allowed as long as you comply with certain restrictions. End users don't even have to agree to the GPL to use software so licensed because usage isn't governed by copyright. The GPLv3 (and the AGPLv3, confusingly enough) even explicitly states this:
Contrast with the AGPL which seeks to control how you run the software by adding:
So, there are new limits to how I can modify the software that have never existed in any prior FSF license. If I start with a GPLv3 library and only want to use one function, then I'm allowed to do that. Not so under the AGPLv3! Taken to the extreme, imagine that Linux was relicensed under the AGPLv3. If you host a Linux server, then you have to offer copies of the Linux kernel (which holds the networking code) to any client that connects to it. Wouldn't that be fun to comply with?
When did having the program you're using running on your own computer become a prerequisite for obtaining GPL rights?
When the GPL was written as a distribution license.
"I've killed at least two Mac conferences" (Score:5, Interesting)
Except that this is a story about a "web conference hosted by the license-sniffing firm Black Duck software". Blackduck is hardly going to allow any criticism of its partner, Microsoft, nor allow its major thorn, the GPL, to go unmolested. Go re-read plaintiff's exhibit 3096 [google.com] about stacking conference panels. Even without a sock puppet organizing the conference, M$ has a prolific history now of interfering with and shutting down conferences on competing (that's everything by the way) technologies.
When you're dealing with Microsoft, you're dealing with cockroaches. Get over it.
Re:Zealots caught in Gnu/Stallmans trap (Score:4, Interesting)
I wonder who pays these gentlemen.
If you had read the summary you'd see they work for the OSI and the Linux Foundation. Hardly organizations that are anti-GPL, anti-FOSS or anti-Linux.
OSI was founded by people who were unhappy with the Free Software Foundation and the GPL. OSI Founder Eric S. Raymond recently said that the GPL is no longer needed [osnews.com].
Re:Not as bad as it sounds! (Score:3, Interesting)
If only they had released GPLv2 under GPLv2, then you could fork it yourself.
You can, but you cannot call your new license the GNU GPL v2.1, and it won't be a successor with regard to the "or any later version" clause. It will be a completely separate license, which you can use to license your own code. It is unlikely to be compatible with the GPL, so you wouldn't be able to combine it with GPL software (except for mere aggregation).
Doubts Raised About Legal Status of OSI (Score:5, Interesting)
better story: OSI attempts earth-shaking announcement about GPL to draw attention away from fact that their status as nonprofit in California is suspended. Perhaps it was due to failure to file required tax documents (for California and U.S. IRS) for many years, that issue was discussed on Bruce Peren's now-defunct site Technocrat
http://kepler.sos.ca.gov/corpdata/ShowAllList?QueryCorpNumber=C2224685 [ca.gov]
Re:Conspiracy? (Score:3, Interesting)
The freedoms that the GPL guarantees are a breath of fresh air by comparison.
In addition, the GPL is one single license used by many projects. I have read it, so I don't need to read it for every new GPL-licensed project that I use. This is contrary to proprietary software licenses where every vendor seems to write their own EULA. You cannot know what some random vendor will put in the license without reading it.
It would be nice if proprietary software vendors could agree on using one of a small number of EULAs, so that you don't have to read each one. The same applies to ToS agreements required by certain web sites. And all this while time and again, vendors and media complain about license proliferation in F/OSS. I'd like to ask them to clean up their own back yards first.
Re:Zealots caught in Gnu/Stallmans trap (Score:5, Interesting)
This is very petty lawyer-ing and typical misunderstandings from software EULA lawyers chasing their own tails for so many years.
GPL covers SOURCE CODE, and thru "derivative works" covers binary "performances". The whole reason we even have EULA's (End User LICENSE Agreements) is that there was one case 30 years ago where somebody argued that typing source code from a book to RAM and from the RAM to CPU was "infringement" and duplication of the work. So because of the internal machine copies needed, you have to be granted a special LICENSE to USE any kind of software (source code or binary). EULA writers have used US law's reliance on "contracts" to throw the "kitchen sink" in EULAs and call them "contracts" rather than license for use.
yes, the terms they point out have been more precisely defined since 1991. Judges respect stability and don't fall for dizzying logic like this. Judges will realize terms change and favor the UNMODIFIED document nearly every time as a matter of good faith. GPL v2 has been in heavy use unmodified for 18 years, that's incredible stability in an industry where other EULA writers reserve the right to edit/change/modify their EULAs online, without notice, and you pre-agree to the new terms you haven't even seen yet. The GPL is a legal rock, if the best they can do is mince words there's no threat at all.
Re:Not as bad as it sounds! (Score:4, Interesting)
The whole web-app phenomenon
No. Just... stop. Before we had web apps, we had shell apps and BBS doors and hundreds of other ways to do client/server. This is not some new thing that came along in the last few years.
Dual licenses don't work for open source ... (Score:3, Interesting)
"You can dual-license something all you want."
Dual licenses don't work for open source ... without an assignment of rights.
Specifically, if I license something under the "GPL or the Artistic License", and someone takes it under the terms of the GPL, makes modifications to it, and donates those changes back to me, those changes are a derivative of a GPL licensed work, and therefore must be under the GPL. Only if in their donation back to me there is an assignment of rights to me, am I free to relicense the changes out under the Artistic License.
This is what bit SGI, when they thought they were gong to get a boatload of developers jumping on their attempt to step out in front of the open source parade with a baton and lead the parade; almost none of the changes that were made by outside developers were usable to them, due to them lacking an assignment of rights.
-- Terry
Derivative works and interpreted languages (Score:3, Interesting)
One thing that's often confused me is the exact relationship between the GPL and interpreted languages. For example, if I write a perl script which calls perl functionality which is part of the base interpreter, my script need not be distributed under the terms of the GPL. This is akin to using a GPL word processor or other software, where the output of a program is not subject to the GPL.
If, on the other hand, my script calls a perl function which is itself written in perl (licensed under the GPL), the FSF argues [gnu.org] that this constitutes a derivative work akin to dynamic linking. Thus, my script (if distributed) must be distributed under a GPL-compatible license.
I can see it both ways. On the one hand, calling a function written in the same interpreted language is very much like calling a function in a library from a compiled binary. On the other, it's strange to think that there's a distinction based on whether the function being called is written as part of the interpreter (in, for example, C) versus the interpreted language itself. In addition, there seems to be disagreement about whether the GPL really binds like the FSF claims. Lots of interpreted code gets released as the GPL when it seems likely that the LGPL is what the authors really intend; that is, they do not want to restrict scripts and functions which call the code.
A good example of this is R [r-project.org] This statistical language has fairly small interpreter and a large set of both included and downloadable packages, themselves written in R (and licensed under the GPL). Clearly most of the primary authors do not intend for all R scripts using the most basic of functionality to be released in a GPL compatible way; for one, they make the header files necessary for writing C-based libraries for use in R LGPL to explicitly allow such libraries to be non-free. In addition, they are fine with a large number of downloadable packages which restrict commercial use (obviously not allowed under the GPL). Their interpretation of the GPL seems at odds with the FSF. Even if you want to release all your code in a GPL-compatible way, it may be (IANAL) that you cannot call both code restricted from commercial use and GPL-licensed code (basically unavoidable) in the same project.
Re:Not as bad as it sounds! (Score:3, Interesting)
You ask me if your terms are fair. You're damn straight, I don't. Let me turn it around: what makes your code so special that you feel you can restrict the conditions under which I install and run it?
I wanted to encourage a share-alike development model for my web-application, like the software in the stack it runs on.
But web-application licensing has to be different to OS/server/platform licensing to have the same share-alike development model.
You ask me why my code is so special, but you could ask "why does Zend think its code is so special that they feel they can restrict the conditions under which I distribute it?"
They restrict how you distribute the code, I restrict how you can run it (by requiring you distribute it when you run it).
We both place these different restrictions on our code to the same end, and I don't see why one of the restrictions is less fair than the other.
My code did used to be BSD licensed (before the AGPL came out), but it got plagiarized and the license was ignored.
When I uncovered it they re-included the license, but they didn't share back any code, and made only the minimum required mention that their code is derived from mine while soliciting thousands dollars of donations from users of their code.
I think that truly is unfair, and goes against the ideals that made PHP, MySQL, etc, etc, successful. I think AGPL provides the best equivalent protection to the GPL for code which doesn't rely on distribution for success.
As soon as the AGPL came out I protected my code with it, and now have a much more mutually beneficial relationship with derivative sites. So you can see why I support the AGPL; it got me the open share-alike development environment I want and that's hard to pose theoretical/moral arguments to.
If you still can't see my side of the argument at least you can avoid my code if you don't like the license.
Re:Conspiracy? (Score:3, Interesting)
Re:Not as bad as it sounds! (Score:4, Interesting)
Because it's like that saying if you get handed lemons, make lemonade. GPL relies on the exact same copyright law pertaining to EVERYBODY and available to EVERYBODY but turns the implementation on it's ear by giving things away in a very specific and legal manner that software companies don't like. They can't break GPL without seriously breaking the law that protects their own copyrights.
Re:Not as bad as it sounds! (Score:3, Interesting)
The GPL3 has terms that I believe literally every developer I have ever talked to is not happy about.
Really? I have to ask: what are those terms? Because, speaking as a developer myself, I'm quite happy with the GPLv3.