/home /blog /article

GPLv2 and GPLv3 licensing dynasty or end of the road?

Liz Laffan 4,440 views
Vote This Post UpVote This Post Down

No Ratings Yet


Loading ... Loading ...
  • 4 comments
  • 6 pings
  • print
  • email
  • view license

The GNU GPLv3 license, successor to the pervasive GPLv2 license, was published in June 2007. Following publication several discussions have sprung up regarding GPLv3 s interpretation as well as the perceived benefits and cons as compared with GPLv2. So why the debates and disagreements and is GPLv3 really important anyway?

Firstly one must consider GPLv3 in context to GPLv2. To date, GPLv2 licenses the vast majority, typically 60-70% of all FOSS (free and open source software) projects. Moreover the Linux kernel is licensed under GPLV2 and is used in increasing numbers of consumer electronics and mobile devices thus furthering proliferation of GPLv2. These attributes give GPLv2 a privileged position in the league of FOSS licenses. Therefore any successor license has the capacity to greatly impact the FOSS community.

Historically GPLv2 was a watershed when first published 16 years ago due to its copyleft properties. These intend that users of the license continue to receive the source code and derivatives of that GPLv2 covered code, thus preserving users freedom to run, copy, distribute, study, change and improve the software . As successful as it has been, GPLv2 has also attracted a certain amount of criticism. These criticisms concern the difficulty in interpreting the license due to the lack of formally defined terms, differing views about what makes a derivative work and ambiguous patent license grant.

In writing GPLv3, the FSF (Free Software Foundation and original publishers of GPLv2) set out to rectify these concerns as well as advance the license in light of contemporary themes of patents and digital rights management. Specifically GPLv3 introduces new terms regarding the DMCA (Digital Millennium Copyright Act), a new patent provision and new mechanisms for dealing with anti-Tivoisation. Firstly, the section titled Protecting Users Legal Rights from Anti-Circumvention Law is intended to prevent GPLv3-covered code from being included in technology or products that would be used to enforce the DMCA. Secondly, there is an explicit patent provision in GPLv3 but some argue that the wording used is not particularly clear or straightforward. Thirdly, the anti-Tivoisation section appears to place very specific additional obligations on users to provide source code and its installation information.

So what is the impact of these new terms? Is GPLv2 better than GPLv3? What are the differences? What are the similarities? If I were starting a FOSS Project now would I use GPLv2 or GPLv3? In our just published white paper titled GPLv2 versus GPLv3, The Two Seminal Open Source Licenses Their Roots, Consequences and Repercussions we explore these issues in detail. There are many issues that need to be considered in making such decisions and these criteria are explored and reviewed further in this paper.

The end of the road seems unlikely, particularly given that nearly 600 mature open source projects have already moved from GPLv2 to GPLv3, a transfer rate of about 10% of existing software projects (see Palamida’s website for more details). Additionally on the 10th September 2007 the Open Source Institute (OSI) announced their approval of GPLv3, thus providing formal endorsement of the license. Whilst time will only tell if GPLv3 continues the successful legacy of its predecessor we can for now analyse the issues and contemplate its future.

Liz

P.S. We are at the OSiM Conference in Madrid this week, come and speak to us if you are there also.

4 comments print twitter digg del.icio.us
17Sep2007
Melisa Bleasdale

You bring up an excellent point, that the end of the road for GPL3 adoptions seems unlikely. The open source community must take into account that many more projects will migrate with subsequent and upcoming releases. Many projects chose to hold off until their next revision, meaning that while we haven’t seen a tidal wave of activity in terms of adoption, we have seen a steady rate of conversion.

While tracking GPLv3 conversion rates is important for organizations looking for the risks and benefits of sticking with GPLv2 (or not), understanding what open source you’re currently using in your code base is critical to successful risk mitigation. If you don’t know what you have, where it’s located, how you’re using it and whether or not it carries license or vulnerability risks with it, how can you rectify the issues? When it comes to GPLv2 and v3, organizations must stay on top of possible forking issues and how to determine which parts of their applications fall under which license terms and whether both are present at once. It stands to get very complex, especially as you note, in the embedded market — a market ripe for open source licensing challenges.

–Melisa LaBancz-Bleasdale, Palamida

 
17Sep
Keith

Has anyone yet told you that you got the static/dynamic linking explanation on pages 5/6 backwards? It is generally accepted that static linking with GPL code creates a derivative work and so requires that the combined program be licensed as GPL, while there is disagreement about dymanic linking. You wrote it the other way around.

I don’t intend to be mean or overly-critical, but a mixup of that kind in the first few pages makes me wonder whether it is worth reading further. How well do you know your stuff?

Hi Keith
Firstly thank you for your comments. There is an error in the paper in that there should not be the word ‘not’ in the paragraph where we discuss static linking and we have now amended this in the paper. However we clearly state that there is no clear agreement (and so in your wording ‘disagreement’) within the FOSS community regarding dynamic linking. Finally we hope that you will read the complete paper before being overly-critical and we are always keen to discuss these issues further with all interested parties.
Liz

 
04Oct
Keith

Liz,

The change you made does make the statement correct. I see my wording was unclear, in that I didn’t mean that you wrote anything wrong about dynamic linking, but that you got the statement about static linking backwards. Sorry for the confusion due to that.

I’ll probably take time to read the rest of the paper, but given that this is the first thing I’ve seen by you or VisionMobile, I’m wary of putting very much reliance on what you wrote. When I find mistakes about facts I know in an article, it undermines my confidence in statements about things with which I’m not familiar. That’s a normal response, I would think.

 
06Oct
Andreas Constantinou

Hi Keith,

You ‘re right, finding such an obvious mistake in a article makes you wonder about the quality of the overall paper. But the structure, the attention to detail in the later part of the paper and the depth of analysis I would hope point to a high-quality paper. Unfortunately the typo did crop in, and we ‘re improving our peer review process to make sure such typos don’t slip in again.

We are also in the process of including a client testimonials page to reinforce the continued quality of our work - in the meantime you can look us up at LinkedIn.

Keep the comments coming!

Andreas
VisionMobile

 
08Oct
back to top
CC visionmobile 2005-2009