Getting Ready for GPL 3.0: Call the Lawyers

Rob Enderle

Last week started talking about GPL 3.0 and the fact that folks on both sides don't seem to want you to read it. In addition, we discussed the basics of software licenses, and how the new model presented by the GPL creates some challenges for companies.

 

Now I'll dig a little deeper into how the GPL poses risks to your business, and make some suggestion on how to approach the new -- and highly contentious -- GPL 3.0 that many in the open source movement can't seem to agree on and argue that you simply may not be able to avoid it, whether you want to or not.

 

What makes the GPL different is that it has built within it provisions that ensure people who develop custom code on GPL'd products contribute to the overall software effort. In effect, it has built-in payment terms, but in this case the payment is intellectual property, not cash.

 

Typically, the only person who has the right to give away a firm's intellectual property is the CEO, and even then it may still require board approval. The Free Software Foundation, the organization driving this license type, has as a primary goal the elimination of software intellectual property rights to promote broader collaboration and increase innovation.

 

I doubt very much your organization's approval policy has been altered to take into account the GPL. Not only might you want to correct this, but you will likely be held to the terms and intent of the policy, and it would be wise to know the related implications.


 

This IP-sharing component is fundamentally different from other software license types. In addition, like any other license, this license attempts to follow the code. So, for instance, if a piece of protected code were to make it into a third-party product with a proprietary license, your choice as a user or vendor would be to either settle with the content owner or stop using the offending product.

 

However, under the GPL, if you are using an infringing product, you may now be bound under the conditions of the GPL, even though you were not aware of the connection. This suggests that even if you never plan to use the GPL, your legal folks should be up to speed on it because it is likely you are, or will be, unintentionally bound by it in the future.

 

As with any new contract type, there is the risk of unintended consequences. This primarily follows from the fact that the clauses in the contract have not yet been creatively interpreted by those either unintentionally or intentionally misreading them. For the most part, at least from what I can interpret myself (and my own legal skills are not up to date nor is the agreement final), it would appear the risks largely reside with your ability to protect any intellectual property you develop on or with code protected by any version of the GPL. Enforcing the 3.0 version of the GPL will be a nightmare, largely due to its complexity, and I doubt we will know the full scope of the license change for some time after it is put into place.

 

There may be certain things you will avoid with the platform and certain procedures you can use to mitigate the risk, but to adequately make a decision you need a contract expert that is both current and has your best interests at heart.

 

Legal Department Problem

 

This isn't a trivial problem, because most legal departments are focused on traditional contracts and the GPL, in all its forms, is not traditional. When lawyers see something new, they have a tendency to "just say no" because that, to them, is the safest path. Lawyers only get into real trouble when they say yes by mistake, no has little risk.

 

This probably goes a long way to explain why a number of companies have outlawed open source in general and why a number of IT organizations are quietly going around their management and legal departments.

 

This is a risky path and, should they be found out, creates a potential board-level disclosure event with very painful consequences, including termination (in fact that's generally what is recommended because of the breach of trust at the foundation of the act).

 

Preparing for GPL 3.0

 

The latest form of the GPL is undergoing final review. If you are already tied to Linux, your legal department should be up to speed on it and, if they have concerns, they should be expressing them to the Free Software Foundation. Once in place, this agreement should, by following the code created under it, become the dominant form of the GPL until it is replaced by a later version.

 

You can't hide from it or dodge it, and eventually it will either be used to your benefit or used to your detriment. The key difference is knowledge.

 

I'm not suggesting you need to study law and become an expert on this license type -- only that you need to make sure those that have that background and have the mission to protect your company do so.

 

What bothers me about the agreement is that the goals are not aligned with what customers want -- which would probably suggest a focus on making it easier to get through an approval process -- but the goals of the FSF. This is no different from the development path for a proprietary license and suggests, underneath all of the rhetoric, that there are good reasons to watch this effort more closely.

 

In the end, much like it would be if you were buying a car or a house, if anyone tells you to not worry about the small print, that's the time to start reading it. Make sure someone who is qualified and whom you trust to have your best interest at heart has reviewed this license before you fall under it and take their recommendations to heart.

 

So What Is the Real Truth Behind GPL 3.0?

 

It is a contract, one you probably can't change, one that needs appropriate approval, and one you should treat with the same deference and concern as any other contract. In other words, you have an expert advise you on it. It is also one you probably can't avoid, which suggests you need to make sure your legal folks are up to speed on it, and contributing where appropriate to its wording.

 

Should you be concerned? If someone was unilaterally changing a contract I lived under, I'd be concerned. The time for comment is now. If you or your company aren't involved, you probably should be, and anyone who says you either shouldn't be concerned or shouldn't be involved is suspect.

 

Or to quote Linus Torvolds: "...I would be totally crazy to accept a license for my code sight unseen."

 

I don't think Linus will have a choice with regard to GPL 3.0 any more than you will, and that is something to think about.



Add Comment      Leave a comment on this blog post
Apr 15, 2007 1:57 AM atai atai  says:
Poor article Reply
Apr 15, 2007 2:00 AM atai atai  says:
This series of articles repeated the previous old FUDs on GPL 2.0 on the new GPL 3.0 and it provides little, if any, information on the specifics of GPL 3.0. It is short on substance and concrete material.The series spent the first article explaining what is a license. That should give some clue on the value, or the lack of it, of the articles. Reply
Apr 15, 2007 2:43 AM Sean Michael Campbell Sean Michael Campbell  says:
I did not manage to read the hole thing. He lost me when I read that he thinks the GPL and it's development ideals are new. This person I can not call him an author or a techie that is for sure; has no view of software development in a thirty year perspective. Reply
Apr 15, 2007 4:04 AM DV Weissman DV Weissman  says:
Enderle is nothing other than a SHILL for MicrosShaft out to spread more FUD to businesses everywhere. Yes! Using him is what MicroShaft is left with now that their pro-Vista spin is failingly visible to all.Check out Rob Enderle, Microsoft Evangelist! at http://www.technewsworld.com/perl/board/mboard.pl?board=tnwtalkback&thread=754&id=756&display=1&tview=collapsed&mview=threadedEnderle in turn is known as calling pro-Linux people "terrorists and the glowing example of humanity I call the Linux Zealot." He is now renown for this! Reply
Apr 15, 2007 6:38 AM Rob Enderle Rob Enderle  says:
What is interesting is the constant miss-information that folks like this like to post. They dont actually connect to anything I wrote but to folks who either wrote on what I wrote (and dont connect to it either) or on folks who didnt actually read what I wrote and ranted anyway. It continues to strike me as ironic that Open Source advocates dont actually like to read source. They tend to read the abbreviated versions of things, which in many cases arent even remotely accurate, and then comment on the source like an expert. If they dont read the original article, the source of the story, so why would anyone believe they actually look at the source code? This kind of thing is probably the best example I can showcase that Open Source means squat if no one actually looks at the source code. What really gets me is, for the most part, Linux is up against UNIX not Windows, choosing between Windows and Linux still looks incredibly easy to me, its the UNIX/Linux choice that is much harder. I mean seriously, in a UNIX shop if I were to walk in with the best arguments in the world for Windows wouldnt you just take me outside and have me committed? Granted there is some cross over in areas where Netware is being displaced but thats because Novell never created a true replacement product and Windows Server was designed to be that kind of an offering and Novell, who created Netware, is doing SuSe. So you have to choose between the vendor and the product and that probably isnt easy, but I dont recall writing on that topic (maybe I should). It just seems like folks are going through a lot of trouble making stuff up to keep people from making up their own minds. My constant message is do your own due diligence and dont let anyone, from either side, convince you not to. If you think that message is pro-Microsoft, in other words people who actually do the research will choose Microsoft more often, that says more about you Open Source advocates than it does about me or Microsoft. I would suggest this, before going off on someone, read what they actually wrote and take exception to that. It just seems really silly to go off on me for things I neither said nor currently believe. The full sentence on the Terrorist comment was :In my column last week -- "Pros, Priests and Zealots: The Three Faces of Linux" -- I divided the folks who have been writing to me about Linux into three groups. The most controversial statement I made in that column was a comment about the last group: I wrote that I was having trouble differentiating between terrorists and the glowing example of humanity I call the Linux Zealot.http://www.technewsworld.com/story/31961.htmlBasically I was saying that after a lot of folks told me to shut up or else I started viewing the folks who were trying to scare me as terrorists. You can look up Cyber Terrorist on Wikipedia and I think youll see the definition actually fits. But I never said all were, just the Zealots who were threatening me, funny how that is. If Open Source and Linux are so good, why do poeople like the folks posting above have to make things up? Why do they work so hard to fight what would seem to be reasonable advice like "read the darned GPL draft and get involved"? The true counter to FUD is not hiding from information it is becoming expert in it. If you actually know the risks, I would argue, at lest the U part of FUD is eliminated. Reply
Apr 15, 2007 7:34 AM Matthew Flaschen Matthew Flaschen  says:
I don't know how you can argue that the FSF doesn't want people to read GPLv3 when it is heavily advertised on their website. I also think you're stating the risk of GPLv3 to companies inaccurately. No one is bound by the terms of GPLv3 unless they do something that requires permission under copyright law. Even then, far more permissions are granted than with typical proprietary licenses. However, you are right that the license has the 4 freedoms (http://www.gnu.org/philosophy/free-sw.html) at heart, not corporate interests. Finally, GPLv3 will not apply to Linus's (or anyone else's) code unless he chooses it. This is an obvious corollary of copyright law. Reply
Apr 15, 2007 8:13 AM Rob Enderle Rob Enderle  says:
I don't think I'm saying the FSF doesn't want folks to read the GPL. I am saying there are people on both sides who don't seem to want you to read it, but the FSF offically, is asking for comment. If you use a product that has code that is protected by the GPL you may be held to the conditions of that agreement and I doubt you will be able to use Linux in any form for long without falling under code that was written for the new License type. I had a long chat with one of the Oracle executives a few days ago and he convinced me this would be the case. I think you are fogetting about contanimation and I doubt that can be avoided between the GPL types, we already have had cases where GPL code has made it into BSD offerings. http://bsd.slashdot.org/bsd/07/04/07/1618239.shtml Reply
Apr 15, 2007 11:46 AM izt izt  says:
yep, can certainly see the enderle infamy grow and grow, as someone writes above. The shill of the MS-Empire, Strikes Back at GPL from the outside ;=} TG for "Luke" RMS and the FSF! Reply
Apr 18, 2007 6:26 AM Jisaku Jien Jisaku Jien  says:
To free software partisans that subscribe to RMS's philosophy on software, this article reeks of ignorance. I'm probably being trolled for responding like this.> What makes the GPL different is that it has built within it provisions that ensure people who develop custom code on GPLd products contribute to the overall software effort. In effect, it has built-in payment terms, but in this case the payment is intellectual property, not cash.GPL is not about "contributing to the overall software effort"; the GPL is all about __ensuring the user has the right to **use, modify, share AND publish improvements** to the software that the user runs on their **own computer systems**__. There is no payment of IP; it is about ensuring the user's freedom.> The Free Software Foundation, the organization driving this license type, has as a primary goal the elimination of software intellectual property rights to promote broader collaboration and increase innovation.Wrong. The FSF's goal is to advocate the use of "free software" through education and supporting the development of various free software projects. > Enforcing the 3.0 version of the GPL will be a nightmare, largely due to its complexity, If you understand GPLv2, it's not difficult to understand GPLv3. Enforcing works covered under GPLv3 is just as difficult as enforcing any other copyrighted work.> I doubt we will know the full scope of the license change for some time after it is put into place. ... I doubt we will know the full scope of the license change for some time after it is put into place.If you read the licence, it tells you the scope. The majority of the terms of the licence applies to **redistribution** requirements and restrictions for a covered program.> You cant hide from it [GPLv3] or dodge it [GPLv3], and eventually it will either be used to your benefit or used to your detriment. The key difference is knowledge.This is probably the most insightful thing in this article.> So What Is the Real Truth Behind GPL 3.0?It is a contract, one you probably cant change, one that needs appropriate approval, and one you should treat with the same deference and concern as any other contract.The GNU General Public **License** is NOT A CONTRACT. The GPL is a licence agreement. Nobody has signed any contract. The owner of the code licenses the redistribution of the code to the user through the GPL. The only time that the licensing agreement takes place is when the user chooses to **redistribute any part of the covered work**. Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data


Close
Thanks for your registration, follow us on our social networks to keep up-to-date