The GNU Public License, one of the oldest and most widely selected open-source licenses, is about to get its second makeover. There\u2019s been a lot of uncertainty about the GPL\u2019s differences in version 3, and exactly what they mean for end users, developers and corporations. \n\nPart of the uncertainty stems from the fact that it was hard to pin down the exact nature of GPLv3 until late in the day. The license underwent multiple drafts, and some specific provisions (such as allegedly anti-Novell patent language) were added between drafts. But the current draft appears at last to be the final language that will be adopted\u2014sometime this July, according to current plans.\n\nThe Free Software Foundation (FSF), the caretaker of the GPL, has a clear political agenda regarding the creation and distributions of software. Consider this portion of its FAQ for the GPL:Of course, your software is not a contribution to our community if it is not free, and people who value their freedom will refuse to use it. Only people willing to give up their freedom will use your software, which means that it will effectively function as an inducement for people to lose their freedom. \nIf you hope some day to look back on your career and feel that it has contributed to the growth of a good and free society, you need to make your software free.Leaving aside any discussion of whether its premise is even true (that most people place much weight in the relative \u201cfreeness\u201d of software as a measure of its value), this statement provides a fairly accurate snapshot of the FSF\u2019s attitude. Specifically, it believes that all software should be available without cost and should be freely distributable. This philosophy informs everything the FSF does, and particularly the GPL. \nIt is likely that if the FSF had its way, the GPL would require that anything that remotely touched a piece of GPL\u2019d software would need to be GPL\u2019d itself. However, even in its stridency, the FSF recognized that the GPL would not be widely adopted if it contained too extreme or coercive measures, and companies might not use open-source software with the GPL license. As a result, the GPLv2 largely concerned itself with GPL\u2019d software, and programs that linked directly with GPL\u2019d libraries. Some, if not most, of that safe haven for proprietary applications has been eroded in version 3. \nHowever, uncertainty does not mean that the GPLv3 should be avoided by all (or even any) enterprises. In this article, I\u2019ll point out the advantages and disadvantages to corporate IT departments. \nWhat to Like About GPLv3\n1) It improves the language in regards to internationalization of the GPL\u2019d license. \nKat McCabe, vice president and general counsel for Black Duck Software, a firm that specializes in advising on open-source licensing, summarizes the changes so:Internationalization of the license was talked about early on as a key goal for the new license. GPL3 allows developers to add local disclaimers, which is certainly helpful from an international point of view. The license also uses broader defined terms around distribution, which arguably captures some activities that weren\u2019t covered under GPL2 but should have been. \n\nStill, there are likely a number of issues that are not optimal for enforcement of the license in specific countries\u2014and that raises some concerns for lawyers based outside of the United States. In a commercial context, most licensors use multiple versions of their base license, tailored to meet local requirements. The FSF did not want to take this approach. Having one license is certainly simpler. But to the extent enforcement is actually impaired, it may not be worth the trade off. Of course, we haven\u2019t seen much litigation around the GPL. It remains to be seen whether concerns raised by international lawyers will play out in a way that hinders the use and adoption of the license.2) It increases compatibility with other open-source licenses. \nIn the past, you couldn\u2019t mix libraries written under the GPL with those written under the Apache or Mozilla licenses, for example. Again, McCabe describes the changes:One of the original goals was to increase compatibility of GPL with other licenses, to expand the world of code that can be combined with GPL3 code and with that to expand development options. A worthy goal\u2014but increased compatibility has proven to be very hard to achieve. GPL3 has a fairly complex mechanism that doesn\u2019t seem to get us much past where we are today as a practical matter. In addition, GPL3 is now expressly compatible with a yet-to-be-published version of the Affero license. The current version of Affero is a license that is rarely used\u2014so that seems to add complexity without clear value. There have been steps toward compatibility with Apache, which would be welcome news for many in the open-source community. As we understand it, though, that negotiation is still in process. So, seemingly a lot of effort without much in the way of results.3) It puts pressure on companies not to patent software. \n\nThis can be a good or bad thing, depending on whether you\u2019re a smaller firm worried about being slammed with infringement cases by patent trolls or a large company that holds a lot of software patents. \n\nEssentially, what GPLv3 says is that if you use GPL\u2019d software to create a new product, you can\u2019t sue anyone who uses your product to create a new product with patent infringement. A later provision, aimed directly at the Novell-Microsoft cross-licensing deal, further restricts companies by basically saying that you can\u2019t cut a deal to distribute GPL\u2019d software with a patent protection from a third party for which you pay, unless that same patent protection is also granted to anyone else using the software. Here\u2019s McCabe\u2019s analysis:GPL3 is designed to have much greater reach than GPL2 on the patent side. Companies with significant patent portfolios will need to evaluate the impact of GPL3 code on their patent strategies\u2014in terms of their enforcement choices and their licensing programs. There has been some stated concern about a chilling effect on contributions from large companies because of those patent implications. \n\nThat said, to the extent companies are using and distributing GPL3 code that doesn\u2019t relate to key patents in their portfolios, it\u2019s probably not much of an issue. So, as complex as the patent issues are, and as much time and attention that has been paid to those provisions, they likely affect a small group of companies in the end.Those items may make you feel more positively toward the new version. But you probably shouldn\u2019t put away the worry beads just yet.\n\nPotential Gotchas in GPLv3\n1) Version 3 contains language designed to address what the FSF calls \u201cTivoization.\u201d \nA provision of the GPL requires a company using GPL software in its products to make generally available to customers the source code to all the GPL\u2019d software, including any changes that the company made. TiVo, which uses Linux inside the box, has traditionally done this. However, TiVo also placed a clever locking mechanism in the software, such that if it is changed by the user in any way, the box will not operate. \n\nVersion 3 slams the door on this practice. It states, in brief, that if you sell a product whose software can be upgraded, you may not prohibit customers from making their own changes. This could have far-reaching consequences.\n\nFor example, many home broadband routers are based on Linux, and have firmware that can be upgraded. Under version 3, the router manufacturers would have to allow customers to make their own modifications to the firmware. In fact, they would have to provide documentation on how to do it, since the GPLv3 requires that the company offer \u201call the necessary installation methods, procedures, authorization keys, or other information required to install and execute modified versions of GPLv3 covered works.\u201d For companies like TiVo, which need to lock out changes to enforce digital rights management (DRM, more on this in a second), it is pretty much a deal killer.\n\n2) It bans DRM.\nAny GPLv3 product is allowed to have DRM in it, but it must allow users to remove it. So essentially the DRM becomes useless.\n\nThis could cut two ways\u2014first by making it virtually impossible for any GPL\u2019d product (such as a Linux-based media appliance) to play proprietary media formats, since the likelihood that the RIAA and MPAA will allow distribution of software that can strip the DRM off music and films approaches zero. It also means, as a producer of such products, that you will, of necessity, be driven to use operating systems such as Microsoft Windows (and pay the Microsoft license fees). \n\nWhat Does This Mean in the Short Term?\nEven if the GPLv3 would put your company out of business, you don\u2019t need to start panicking quite yet. Version 3 is not retroactive. While developers are free to release existing products under the new license, they must still be available under the old license. \n\nHowever, this is a short-term relief, at best. As soon as new versions of software begin to be released, they can be licensed exclusively under the v3 version of the GPL. So, assuming that you want to incorporate bug fixes or new features into your products, you would have to comply with the version 3 provisions.\n\nIn short, GPLv3 is going to affect your company to a varying degree depending on how you use GPL\u2019d software. For companies with large patent portfolios or that depend on locking users out of their software, the new version is going to be a major concern. Companies that use GPL\u2019d tools internally probably won\u2019t notice a thing. \n\nIn some cases, you may not have a choice about adopting GPL3, if the vendors or products you depend upon adopt it. For example, if your company uses the open-source Eclipse development environment to write Java code, it is almost certain that in the future some of the packages that come together to make Eclipse will move to a GPL3 library. So, if you need to keep Eclipse up to date and compatible with new tools as they come along, you may end up with GPL3 libraries intermingling with your end product.\n\nBut you need to start thinking about it soon, because as soon as the license is released, GPLv3 software won\u2019t be long behind!