GPL3 Sees the Light of Day

Starting today, you can actually use the GPL Version 3 to license your code. After an extended gestation, the Free Software Foundation has released its update to the license.

And, contrary to what I expected, it represents significantly less change than might have been expected from earlier drafts. Richard Stallman is a stringent ideologue, but it appears that he concluded that he would rather lead a movement than move forward at the head of a one-person parade.

First, the good news. If you’re an end user of GPL3-licensed code, you won’t see much difference in terms of how you have to handle code.

Next, the bad news. The 18-month comment period has let many, many, many lawyers submit comments. The resulting license has much more legalese than GPL2. This means you’ll need to get attorneys involved much more than in the past to understand just what in the heck the license means in a particular situation.

Now to the specifics.

The DRM conditions have been loosened. What originally read like a screed now reads like a government report, complete with reference to the WIPO copyright treaty. Stallman’s idee fixe with “Tivo-ization” resulted in earlier versions effectively negating any protection against user modifications, which, in the case of medical devices (for example) was clearly not desirable. This version explicitly focuses its restrictions on consumer devices, using language like “normally used for personal, family, or household purposes.” I predict that this effort will result in lots of billable time for lawyers, since attempting to explicitly define something offers opportunity to figure out how to circumvent the definition.

The patent provisions have kept the original intent, which was to ensure that contributors who put code out under a GPL license explicitly renounce asserting patent rights against users of the code, which is, I think, exactly the right thing to do.

The license also responds to the Novell/Microsoft deal by prohibiting discriminatory patent licenses by third parties; on the other hand, it grandfathers in the Novell/Microsoft deal. Overall, I applaud the prohibition of discriminatory patent protection, because, as Eben Moglen pointed out, the Novell/Microsoft agreement protected users but didn’t extend protection to developers — clearly not a desirable end. (It must be said, however, that the GPL3 patent resolution is but one skirmish in the war regarding software patents, which is a much more troubling contest

that still threatens to disrupt the technology industry).

From the point of view of end users, one of the most attractive things about the license is that is specifically states that using a GPL3-licensed program over a network does not trigger a need to offer source code. Originally, I thought this was one of the most problematic aspects of the GPL3 drafts, as many organizations would never allow themselves to be put in a position to need to distribute source code to end users, customers, or even internal employees.

Another attractive aspect of the license for end users is that it allows organizations to give code to other parties that are doing software development for them without being defined as conveying code. This has been a gray area in the past, and the new license unambiguously addresses it.

What are the prospects for GPL3 adoption? That’s the critical question, of course. The earlier drafts were such that many organizations would have never adopted GPL3-licensed code.

The current license is likely to see inconsistent adoption. End users will be likely not so much to embrace it as not prohibit GPL3-licensed code from internal use, meaning that GPL3-licensed code will slowly make its way into production infrastructures. Some technology providers will begin using it, while others, particularly in the embedded market segments, will resist adoption, perhaps going as far as to fork products in order to keep GPL2 versions around.

When it comes to Linux, on balance I think it will not move to GPL3. Despite Linus Torvald’s recent not-so-negative comments regarding the license, I heard pretty negative things about it from kernel developers at the recent Linux Foundation Community Summit. In any case, there are significant practical challenges to any thought of migrating the kernel to GPL3, so conversion is unlikely.

I definitely recommend that you have your IP attorney review the license in light of the way you’re currently using GPL-licensed code (see, I told you GPL3 would generate lots of billable hours).

Where can you learn more about GPL3? Obviously, a good first stop is the Free Software Foundation website itself. Another good source I found is written by Luis Villa, an ex-Novell employee now attending Columbia Law School. He wrote a series of articles on the license (1, 2, and 3), discussing the license and

its affect on developers and users.

I took part in a podcast about GPL3  last week along with some other open source-involved folks (and Rob Enderle, who is more of a general industry analyst). Our general conclusion was that GPL3 would not have dramatic impact. However, a couple of the participants felt that adoption of the license would be more rapid than I expect, and one of them, Matt Asay, was pretty disappointed with the provision that use over a network did not trigger the need for source code distribution, feeling that this enabled companies to freeload on the work of others. You can listen to the podcast and get some perspective about GPL3.

In the end, this license seems more evolutionary than revolutionary. Most organizations will digest its conditions and be able to move on without major disruption to their activities. Many of the things that motivated Richard Stallman to update the license seem to have been watered down in this final version, for which we should all be thankful. Overall, this license will neither accelerate nor retard the rapid march of open source software throughout the technology industry — which is the most significant trend in software today.