One thing is clear, however. If you are going to live under this license, and most of you will, either intentionally or not, you'd better make sure your interests are being addressed. Right now, it looks more like an argument between headhunters over the main course, which is you.
This often feels more like an election with two sides arguing, and the troubling, and consistent, sense is that neither has your best interest at heart. It often feels like the Linux side is actually where most of the disagreement lies.
If there is some consistency between the sides, it would appear none of them want you to do the analysis of the license yourself; both simply want you to take their word for the relative safety or risk the license represents.
Nothing is perfect, and this license isn't even done. Like any general contract, this one will have clauses that are consistent with what you want done and things that could create problems for you.
It appears to have the most power, and risk, for those that develop software, and the least for government organizations who may be able to ignore much of it due to protections they already have that should supersede conflicting provisions. (An interesting side note: In the preamble, the agreement tries to lecture the state on software patents, something I've never seen before.)
Today, let's broaden the discussion a bit to make sure we all agree what a license is, and how the new model of the GPL fits into the ways corporations address these concerns. In my next post, I'll follow-up with some specific thoughts on how to evaluate GPL 3.0.
What Is a License?
A license is a contract between you and whoever owns the related property you are licensing. It is generally subordinate to (and may be overridden by) local and national laws that speak to the same subject. Any contract represents risk, even if you are using something for free. There is a cost for that use and historically, with respect to the GPL, that cost is some of your own intellectual property rights.
What makes a license different from the majority of contracts is that you don't actually sign it. You become obligated under the conditions of a license by using the product in question. In most cases, and in very general terms, the software license's primary purpose is to keep you from sharing the software with folks who aren't paying for it, and the secondary purpose is to limit the liability for the company supplying the product.
Licenses are typically made up of what is termed "boilerplate," or clauses that are believed to have been tested in court and have substantial case law behind them to ensure they can be enforced by the companies that use them.
This brings up a point: This is a contract type that you typically do not have the right to alter. You either take the contract as is or you choose not to use the product. This means the license, particularly if unique, has to be part of the product review process.
Because a license is not formally executed, it often does not fall under normal contract review and approval processes. For instance, most organizations have signature approval policies that prevent low-level employees from obligating the company. These approval policies, which specify the level of executive required to sign off on an obligation by the company, are typically based on a tiered structure based on the cash value of the contract. A director may be able to sign off on $10,000, a VP on $100,000, and the CEO may be required for anything above this.
Typically, as part of a broad license with a product or products from a company like Oracle or Microsoft, both the contract for the purchase and the related licenses are reviewed to make sure they meet the requirements put forth by your own legal experts. If you are big enough, there is actually a reasonable chance that you can change things that your attorneys feel are not in your company's best interest. Even license terms -- once again, if the deal is large enough -- have been altered in the past. Governments do this regularly. I'm not aware of any process that would allow such a change with the GPL. It often makes me wonder how the GPL is making it through government reviews; it is in the changes that government legal teams show their "value."
The check-and-balance is that before funds are released to pay for the software, someone is typically required to make sure the appropriate approvals are in place. However, because a license is often a separate agreement to the purchase agreement, unless someone has assured, through policy and enforcement, that the actual licenses have been reviewed, it may not have been. While many believe a license has been reviewed by someone, because no signature for the license is required, it can be difficult to assure that this review has taken place.
With most proprietary software, this is generally believed to be a relatively small risk, because the goals for the company supplying the license are the avoidance of piracy and limits to liability. This last can often be overcome if the supplying company was negligent, and since that typically forms the basis for any related legal remedy, most seem to think the risk is reasonable. Personally, I think all contracts should be reviewed and appropriately approved, regardless.
Next post, I'll go into more detail about GPL 3.0 and how you -- and your legal department -- should approach it.