Slashdot Mirror
Doubts Raised About Legal Soundness of GPL2
svonkie writes "Two prominent IP lawyers have warned that the all-pervasive General Public License version 2 (GPLv2) is legally unsound. They claim GPLv3 and AGPLv3 are much better suited for the realities of modern open source software. 'If you go back in time to when GPLv2 was written, I don't think people were aware of just how ubiquitous this license would become and how closely scrutinized it would be,' said Mark Radcliffe, partner at the firm DLA Piper and general counsel for the Open Source Initiative (OSI). 'At that time, open source was not something as broadly used as it is now.' Radcliffe was joined by Karen Copenhaver, partner at Choate Hall & Stewart and counsel for the Linux Foundation, for a GPL web conference hosted by the license-sniffing firm Black Duck software"
The article essentially says that the terminology used needs more rigorous definition, and needs to match more closely with the existing legal terminology. For example, their use of "derivative work" might have legal connotations that don't completely follow from the terms of the licence. It's not like they've determined there's some fundimental legal principle which brings the whole thing crashing down, as you see in EULAs for example.
No kidding!!! What do you say at this point?
In other news, Darl McBride was seen dancing a little jig at the corner of 42nd and Broadway in New York City.
A source close to the situation informed Slashdot that he was in fact accepting small change to offset his legal fees for the next phase of his litigation against Linux users.
So, I actually count myself among the few that like Richard Stallman. I've met him, and he's a nice guy. But does anyone recall the furor over GPLv3 when it first came out, & some of the new provisions? This caused a lot of projects to stick with v2.
I'm wondering if this isn't just FUD to try to get people to switch to v3. Which is icky, but it did occur to me.
~dijjnn
They claim GPLv3 and AGPLv3 are much better suited for the realities of modern open source software.
...
"At that time, open source was not something as broadly used as it is now."
Maybe the way it was written is why FOSS is where it's at? Might not be such a bad idea to keep it around?
No comprende? Let me type that a little slower for you...
Hindsight is 20/20.
This argument can be made for most of what's written into law. Where's the news here??
How much of this is about nudging Linus... pushing him, really... into applying GPL 3 to the Linux kernel?
Life is hard, and the world is cruel
TFA claims that the term "derivative work" as used in GPLv2 requires further definition in the GPL itself because courts haven't clarified it, but this is wrong. The authors of the GPLv2 (i.e. RMS) clearly intended it to cover as much as possible: any and all works following under the statutory definition. It's true that software copyright cases are rare so the lgegal system hasn't developed the idea completely -- but that's not the GPL's duty.
The plan hasn't been proceeding as fast as they hoped, so they seek to speed it up by spreading fear about v2.
Yes because I'm sure the OSI and the Linux Foundation are only concerned with what's best for the FSF.
Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
How much of this is about nudging Linus... pushing him, really... into applying GPL 3 to the Linux kernel?
That can't happen without a rewrite. Too much of Linux is composed of patches written by unreachable authors and whose copyrights haven't been assigned to Mr. Torvalds or the Linux Foundation.
And even then, Mr. Torvalds has stated that he prefers the spirit of GPLv2 to that of GPLv3. I'm pretty sure that the spirit of GPLv2 can be expressed in the GPLv3 framework by adding a set of exceptions, much like the Classpath license and the LGPLv3 are sets of exceptions to GPLv3.
The license was already proven in court numerous times in different countries. It can definately hold up. I don't care that there are two big IP lawyers. Especialy when you keep in mind the fact that IP has less chance of holding up. IP laywers don't like copyleft for a reason.
Nothing got disproven with that useless article. That, together with you post, will not make an impact at how FLOSS advocates look at the license and it sure as well will not stop them slow them down or even irritate.
Resistance is futile, proprietary pussy.
Here be signatures
This is a real issue. For instance, I wrote a physics textbook, which is open-source, and I wrote a bunch of ruby and latex code that helps to produce the pdf from the latex sources, automatically handling some things relating to placement of figures on the page that are awkward to do with plain latex. My book, including the ruby and latex code, is under CC-BY-SA. I got an email from a guy at MSU who was writing a textbook, and had already started using my code to handle the illustrations. He wanted to check whether it was okay under the license, since he didn't intend to release his own book under a CC license. Well, my answer ended up being that I really didn't know whether it was okay or not. It wasn't clear to me whether his work counted as a derived work. On the one hand, you could say that what he was using was simply some software I wrote, so his book isn't a derived work based on my software any more than a book written in MS Word is a derived work based on Word. On the other hand, there's really no perfect separation between the software and our books. When you write a book in latex, the latex code *is* a piece of software. My code generates various boilerplate in its output, some of which is text that is visible to the reader, so it's under my copyright and license. Of course I could have just told him that it wasn't an issue, and I wouldn't sue him, but I had intentionally chosen the strong copyleft because that's what I wanted. I suspect that a lawyer would tell him his work was actually not a derived work, but I also suspect that he (and his eventual publisher) wouldn't even want to get into that issue.
Although the issue is real, it seems goofy to me to suggest GPLv3 as the fix for the problem. First off, there are huge philosophical differences between v2 and v3. Also, there is so much GPL v2 code out there that you can't necessarily just relicense under GPL v3 without causing yourself hassles with license incompatibilities. I also don't quite understand how they think they can bypass the fact that various countries have various inconsistent and ambiguous definitions of a derived work. The only thing that forces anyone to accept the GPL license attached to a work is that copyright law doesn't allow them to do certain things without a license from the author. Those things include (1) copying and redistributing the work, and (2) creating and distributing derived works from it.
Find free books.
I wonder who pays these gentlemen. And, again, who pays those who pay them...
"Flyin' in just a sweet place,
Never been known to fail..."
The point of the GPL was that it was very simple and broad-sweeping. Naturally this does make it vulnerable to attack in the sense that the legal system might feel threatened by the massive impact of such a game-changing license; copyleft practically redefines IP law in a way that those in the legal institution (eg lawyers, judges, lawmakers, and the business interests that pay for them) don't acknowledge, understand, or otherwise feel comfortable with because they don't feel in control. All it takes is a mere technicality to disqualify the GPL from functioning at all, and the Free Software community is justifiably anxious about that, but the GPL has been successfully upheld in court time and time again, so I wouldn't worry.
At this point there should be no doubt of the legal soundness of any version of the GPL, but it all boils down to a matter of principle. If a society believes in Free Software, then the GPL's legal application is perfectly simple and valid. To those hostile to freedom in the society, then the application of the GPL becomes something artificially difficult/problematic.
I wonder who pays these gentlemen.
If you had read the summary you'd see they work for the OSI and the Linux Foundation. Hardly organizations that are anti-GPL, anti-FOSS or anti-Linux.
I wonder who pays these gentlemen. And, again, who pays those who pay them...
Blackduck is founded and stocked by Microsoft employees. Though it would be damning enough in this context to point out that it is an active Microsoft partner.
SCO was a pre-existing company re-purposed several times, turned pump-n-dump, turned sock puppet. Blackduck was founded from the beginning for the activities it is engaged in.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
GPL2 is not about to become invalid. But consider all of the changes we have gone through since GPL2 came out. Back then, the most complicated input device that people were likely to have in their homes was a touch-tone phone. Music came from phonograph records and cassette tape. The "@" sign was a little-used oddity on the typewriter keyboard for most people. Home computers were more the exception than the rule, and their CPUs used 16-bit addresses.
With the advent of consumer digital media we got a ton of law, both legislative and case law. Garbage legislation like ECPA and then DMCA, and a great increase in software patenting. All of that law essentially blind-sided the GPL, which had to cope with it but was not written with knowledge of it.
So, a license upgrade to deal with all of this is like installing a security patch on your operating system. It's just a sensible thing to do.
Bruce
Bruce Perens.
It looks like you didn't RTFA.
What they're arguing, is that there might be corner cases (and these have not been in court) where the license isn't going to apply, or do what it is intended to do.
Copyright law (which copyright law? Well, let's say USA's...) plus all the loads of case law that have come from it, defines derivative work a certain way. Assuming you are a well-trained lawyer and have a shitload of money for research and an IQ and Judge-Psi scores of 300 each, you can look at, say, Project Beta and declare whether or not it is a derivative work of Project Alpha.
Let's say Project Alpha is GPL2 licensed.
If Project Beta is not a derivative work, then you don't need to bother to read GPL2 and worry about it's wording, so there's no problem here (for the Project Beta people -- let's get back to this in a little while).
If Project Beta is a derived work of GPL2-licensed Project Alpha, and you don't want to infringe copyright, then you need to follow the terms of GPL2. Now this is where it gets interesting: under the GPL2's definition of derived works -- not the same as copyright's -- Project Beta still might go either way. It might be a derived work under copyright law, but not a derived work under GPL2's defintions, which means that GPL2's terms that talk about derivative works, might not apply. So you might have something that is legally a derivative work, but GPL2 might not give you any distribution rights. Or it might give you distribution (GPL2 defininition) rights, but then legally you might find that you still don't have distribution (copyright definition) rights.
What has gone wrong, is that GPL2 is using copyright-related terms. The license doesn't change, but copyright changes all the time. This can make a big fucking mess and create ambiguities that no one can guess how courts will resolve.
Let's get back to the case where Project Beta is not (according to copyright law) a derived work of Project Alpha. But let's say that it is a derived work according to the definitions in the GPL, if only those definitions actually applied (which the don't). Project Alpha released their code under GPL2 because it does what they want. But now the GPL2 has let them down, because the people who built on their work, aren't having to comply. Maybe that's ok. From a public policy viewpoint, it is ok. But nevertheless, Project Alpha just got "tricked" by RMS into believing they were going to get what they want. (No, I don't really blame RMS.)
You went with BSD because you were willing to make a no-strings-attached gift of your software to everyone. Had you not been willing to do that, you would have found a license that did acceptably what you had wanted from GPL2.
For many of us, sharing-with-rules is more attractive than gift. This is especially true for business, because sharing-with-rules admits the potential for dual licensing. This is one of the few ways to carry out Open Source business that actually works.
GPL vs. BSD is essentially a matter of business (or non-business) strategy. You pick the rules that work for you, and then you pick a license.
Bruce Perens.
Yet the US courts are where the majority of this issue will be argued. Even I, as a Rightpondian, can see the sense in that. Chill. Not everything is a calculated insult to your national sovereignty.
Resistance is futile. Reactance buggers it up.
These are lawyers talking about a possible flaw in a legal document.
It's like a coder talking about a bug in a C program. You can say to yourself "Oh, that coder's just causing trouble. There's no real bug" - but that doesn't change the reality that the compiled program will do just what the C instructions tell it to do - nothing more, nothing less. (Well, except that a legal document is interpreted more subjectively - if the document is not written very precisely then different readers may interpret it differently... This is why we live in a world of "legalese" - it sounds arcane and needlessly complicated to non-lawyers but that's just because non-lawyers haven't learned the terminology and practice of precisely phrasing a legal document and guarding against the various rules which may be in effect "by default"...)
We have to be realistic about this - there have been some GPL-related court cases in which the GPL was upheld, but there are also issues surrounding the license, as well as how those are likely to play out in actual court cases, which may be unresolved or unfavorable to people who value software freedom. If one hopes to fix the problem, then one has to be realistic about where and what the problem is. We have a certain set of goals when we license something under the GPL - if we want to actually achieve those goals, we have to do our best to make sure the GPL is legally sound.
The problem of what constitutes a derivative work is one that I've heard before... The problem is that what you or I might consider a GPL violation could in fact be a very small piece of GPL code pulled into a very large non-GPL project. It's difficult to call that a "derived work" of the GPL'ed project. It's using GPLed code but the project as a whole may very well not be "derived" in a real sense from that GPLed work. If the project is big and the bit of borrowed GPL code is small, courts may not take the offense seriously. I don't know if this is something that can be solved with a better license, or if the kind of protection the GPL demands is beyond the scope of copyright... Anyway, it seems like a problem. Even if we want to tell people "you can't reuse parts of this code in other projects unless those projects are GPLed, too", we may not be able to rely upon that demand being fully effective...
Finally, it's worth emphasizing that law is not a static thing. It's a set of agreements between people subject to interpretation and alteration by people. Saying "it works and it doesn't need to change" may not be realistic. If people are working to undermine the GPL, then other people must work to reinforce and improve the license, if it is to be viable in the future. Basically, if the GPL matters to you then you need to fight for it.
Bow-ties are cool.
If you borrow the phrase 'derivative work', which is defined by copyright laws, and then the definition of 'derivative work' is changed in the copyright laws, does that mean the definition in the GPLv2 has also changed?
It doesn't matter how you word it, when the legal definition of the words you use change, what they mean in the license will change. You have to use words that have legal meaning to write your license, if the legal meaning of those words changes, the meaning of your license will change.
The truth is that all men having power ought to be mistrusted. James Madison
You really beleive it all to be this simple? Have you ever been in a room with either lawters from firms of this size, or with the technology marketing teams that fund them?
They are "interesting" rooms.
"DLA Piper is one of the largest law firms in the world and it is the only firm with more than 3,500 lawyers in North America and Europe. DLA Piper is a legal services organization whose members and affiliates are separate and distinct legal entities."
http://en.wikipedia.org/wiki/DLA_Piper
IBM and Novell both are certainly money this firm takes. Probably Microsoft, too. All of these players have "proxies" that they push markets with - like cold war intelligence and battle operations. I have heard the planners at one proprietary vendor - supposedly Open Source advocate - talk about funding CentOS - to damage RedHat. They'd do so through participation in a third vendor consortium/forum. This stuff is common.
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
Oh I don't know....GPL V2 has been in and out of the court all over in Europe.
Most settle without a hitch.
Some, need to have it explained in front of a judge.
This guy doesn't know what he is talking about, and if the GPLv2 was unsound legally, it would have long been over turned.
GPLv2 even scares Microsoft's lawyers.
The guy just wants attention.
Send him a cookie.
-Hackus
Got Geometrodynamics? Awe, too hard to figure out? Too bad.
Except that this is a story about a "web conference hosted by the license-sniffing firm Black Duck software". Blackduck is hardly going to allow any criticism of its partner, Microsoft, nor allow its major thorn, the GPL, to go unmolested. Go re-read plaintiff's exhibit 3096 about stacking conference panels. Even without a sock puppet organizing the conference, M$ has a prolific history now of interfering with and shutting down conferences on competing (that's everything by the way) technologies.
"So you want to love those conferences to death. I've killed at least two Mac conferences. First there was the Mac App Developers Conference. I was on the Board of Directors of the Mac App Developers Association long ago, and after I left I worked to try to turn it into a cross- platform developers conference, and I did. I managed to make their last conference was very cross-platformn, both Windows and Macintosh, which of course turned off their Macintosh audience; half of the conference was irrelevant to them. They didn't care about Windows. They were a bunch of Mac guys. Which diluted the value of the conference. And they didn't know how to advertise the Windows guys when the Windows guys showed up. So they lost money that year and the group folded. Oh, well. One less channel of communication that Apple canuse to reach its developers." Plaintiff's Exhibit 2456, Comes v MicrosoftWhen you're dealing with Microsoft, you're dealing with cockroaches. Get over it.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
I wonder who pays these gentlemen.
If you had read the summary you'd see they work for the OSI and the Linux Foundation. Hardly organizations that are anti-GPL, anti-FOSS or anti-Linux.
OSI was founded by people who were unhappy with the Free Software Foundation and the GPL. OSI Founder Eric S. Raymond recently said that the GPL is no longer needed.
better story: OSI attempts earth-shaking announcement about GPL to draw attention away from fact that their status as nonprofit in California is suspended. Perhaps it was due to failure to file required tax documents (for California and U.S. IRS) for many years, that issue was discussed on Bruce Peren's now-defunct site Technocrat
http://kepler.sos.ca.gov/corpdata/ShowAllList?QueryCorpNumber=C2224685
A lot of the supposed ambiguity can be eliminated if you first look at the code as not being computer programs, but just being another written work, then evaluate any potential "derivative works" from that perspective, and let existing copyright law and case law guide the evaluation. Once you've done that, then look at the license-specific terms of the GPL regarding what it says constitutes distribution, as well as what it says triggers the requirement for distribution, and I think you'll find it's not nearly as convoluted as these two jokers are making it out to be.
This is very petty lawyer-ing and typical misunderstandings from software EULA lawyers chasing their own tails for so many years.
GPL covers SOURCE CODE, and thru "derivative works" covers binary "performances". The whole reason we even have EULA's (End User LICENSE Agreements) is that there was one case 30 years ago where somebody argued that typing source code from a book to RAM and from the RAM to CPU was "infringement" and duplication of the work. So because of the internal machine copies needed, you have to be granted a special LICENSE to USE any kind of software (source code or binary). EULA writers have used US law's reliance on "contracts" to throw the "kitchen sink" in EULAs and call them "contracts" rather than license for use.
yes, the terms they point out have been more precisely defined since 1991. Judges respect stability and don't fall for dizzying logic like this. Judges will realize terms change and favor the UNMODIFIED document nearly every time as a matter of good faith. GPL v2 has been in heavy use unmodified for 18 years, that's incredible stability in an industry where other EULA writers reserve the right to edit/change/modify their EULAs online, without notice, and you pre-agree to the new terms you haven't even seen yet. The GPL is a legal rock, if the best they can do is mince words there's no threat at all.
This is not quite like mathematics. A legal document may hold for a long time until someone finds a loophole. At the stage that they do find a loophole then very quickly more and more people will start taking advantage of it. Think of tax breaks, where you save tax by having a company or something. To begin with there is no problem until someone realises that you can cheat by registering a company even if you aren't really working like a company. Soon everybody is doing this and the law is no longer working the way it was intended. This is more like crypto. When you start hearing of weaknesses (as with MD5) and someone has already developed a stronger algorithm (here I won't guess which is the right one; RIPEMD? SHA256?) then that is the time to start changing and developing better alternatives (SHA-3). In the case of the GPL-v2 the weaknesses are already showing; hosted/cloud/web applications provide mechanisms for providing people software access without triggering the protections of the GPL-v3. The weak patent protections included are being worked around by Microsoft. "attacks always get better, they never get worse". The time has come to walk, not run away from the GPL-v2. Each of those problems is already addressed in the GPL-v3.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
Yes, because the OSI and the Linux Foundation are going to hire lawyers to be their counsel that are actually enemies of their cause. Yeah, that makes a ton of sense.
"You can dual-license something all you want."
Dual licenses don't work for open source ... without an assignment of rights.
Specifically, if I license something under the "GPL or the Artistic License", and someone takes it under the terms of the GPL, makes modifications to it, and donates those changes back to me, those changes are a derivative of a GPL licensed work, and therefore must be under the GPL. Only if in their donation back to me there is an assignment of rights to me, am I free to relicense the changes out under the Artistic License.
This is what bit SGI, when they thought they were gong to get a boatload of developers jumping on their attempt to step out in front of the open source parade with a baton and lead the parade; almost none of the changes that were made by outside developers were usable to them, due to them lacking an assignment of rights.
-- Terry
OSI was founded by people who were unhappy with the Free Software Foundation and the GPL. OSI Founder Eric S. Raymond recently said that the GPL is no longer needed [osnews.com].
There's a very good reason few people listen to that fruitcake anymore.
One thing that's often confused me is the exact relationship between the GPL and interpreted languages. For example, if I write a perl script which calls perl functionality which is part of the base interpreter, my script need not be distributed under the terms of the GPL. This is akin to using a GPL word processor or other software, where the output of a program is not subject to the GPL.
If, on the other hand, my script calls a perl function which is itself written in perl (licensed under the GPL), the FSF argues that this constitutes a derivative work akin to dynamic linking. Thus, my script (if distributed) must be distributed under a GPL-compatible license.
I can see it both ways. On the one hand, calling a function written in the same interpreted language is very much like calling a function in a library from a compiled binary. On the other, it's strange to think that there's a distinction based on whether the function being called is written as part of the interpreter (in, for example, C) versus the interpreted language itself. In addition, there seems to be disagreement about whether the GPL really binds like the FSF claims. Lots of interpreted code gets released as the GPL when it seems likely that the LGPL is what the authors really intend; that is, they do not want to restrict scripts and functions which call the code.
A good example of this is R This statistical language has fairly small interpreter and a large set of both included and downloadable packages, themselves written in R (and licensed under the GPL). Clearly most of the primary authors do not intend for all R scripts using the most basic of functionality to be released in a GPL compatible way; for one, they make the header files necessary for writing C-based libraries for use in R LGPL to explicitly allow such libraries to be non-free. In addition, they are fine with a large number of downloadable packages which restrict commercial use (obviously not allowed under the GPL). Their interpretation of the GPL seems at odds with the FSF. Even if you want to release all your code in a GPL-compatible way, it may be (IANAL) that you cannot call both code restricted from commercial use and GPL-licensed code (basically unavoidable) in the same project.
"The universe seems neither benign nor hostile, merely indifferent." --Carl Sagan
Sorry if I wasn't clear, but the 'insidious secret plot' was to handwave around GPLv2 and derived works (see anything GNU has ever said about "linking").
If OSI's lawyers just discovered this issue, which people argued about on Usenet back in the 80s, they're not doing a very good job.
Business. Numbers. Money. People. Computer World.
GPL covers SOURCE CODE, and thru "derivative works" covers binary "performances". The whole reason we even have EULA's (End User LICENSE Agreements) is that there was one case 30 years ago where somebody argued that typing source code from a book to RAM and from the RAM to CPU was "infringement" and duplication of the work. So because of the internal machine copies needed, you have to be granted a special LICENSE to USE any kind of software (source code or binary). EULA writers have used US law's reliance on "contracts" to throw the "kitchen sink" in EULAs and call them "contracts" rather than license for use.
Except that under Copyright Law, you don't need any special license to USE software. See Section 117, which was amended in 1980:
Source: http://www.copyright.gov/title17/92chap1.html#117
I believe that the Copyright Act preempts your statements. :)
It was a really good paper.