The use of open source software has become increasingly ubiquitous across a growing number of industries — it is fast becoming the very foundation of cloud computing. An increasing number of companies in a variety of industries ranging from automobiles to banks to consumer products are now contributing to, distributing and using open source software within their enterprises and product portfolios.
Red Hat has been working on an effort to encourage companies, projects, and developers to support approaches to license enforcement that foster greater collaboration in open source software development. This initiative is named the GPL Cooperation Commitment (GPLCC) which has the goal to reduce opportunities for abusive enforcement tactics and, more broadly, to promote greater predictability in the enforcement of GPLv2 and LGPLv2.1 licenses. Through this initiative, we hope ultimately to increase participation in the use and development of open source software by helping to ensure that enforcement, when it takes place, is fair and predictable. We are encouraging all companies active in the open source supply chain (irrespective of the volume of code that they may contribute to particular GPLv2 or LGPLv2.1 projects) to adopt this commitment as part of a cultural norm based on the fundamental concepts of fairness and pragmatism.
By way of background, one of the more prevalent open source licenses is the General Public License (GPL) and Lesser General Public License (LGPL). These licenses incorporate certain requirements for use and distribution. For example, upon distribution of a binary or executable version of the software, a copy of the license must be provided to recipients and the source code (or offer to provide the source code) must be provided along with the distribution. There are many other requirements under these licenses, some subtle and others more pronounced. For those not having experience using this form of licensed software, it is possible to make innocent mistakes. In fact an entire industry has developed to help with compliance. Unfortunately, there has been a recent situation where a certain individual uses this condition and attempts to monetize non-compliance, no matter how innocent or trivial.
For those who review and negotiate commercial contracts on a regular basis, the idea of a reasonable notice and opportunity to fix problems may seem obvious but this wasn’t always the case for the GPL. Version 2 of the GPL (and version 2.1 of the LGPL) do not contain express “cure” periods to fix problems before the licenses are terminated. When a license is terminated there are no longer any permissions to exercise the rights granted under the license, including distribution and creation of modified versions. Any such activity would be copyright infringement and subject to monetary and injunctive relief. Not a happy result.
In an earlier era, the Free Software Foundation (FSF) owned the copyrights for nearly all GPL-licensed code and was the only copyright holder regularly engaged in license enforcement. At that time, the idea of automatic termination in the hands of a benevolent license steward may have seemed appropriate to encourage and enforce license compliance. Over time, there was an increasing volume of GPL and LGPL-licensed software that was distributed by a growing body of copyright holders (i.e., many potential license enforcers). A consensus began to form that automatic termination could result in potential unfairness and opportunities for abusive enforcement. When the FSF, with the guidance and assistance of the Software Freedom Law Center, ultimately released GPLv3 in 2007, one of its new features was the introduction of a cure period for license noncompliance and mechanisms for license reinstatement when compliance errors were promptly fixed.
So what exactly is GPLCC?
GPLCC “ports” the cure provision from GPLv3 and LGPLv3 to any code licensed under the GPLv2 and LGPLv2.1. Effectively allowing anyone licensing GPLv2 and LGPLv2.1 software from an individual or entity that has adopted the GPLCC to be afforded the same cure provisions of the GPLv3 and LGPLv3.
This movement to adopt the GPLv3 and LGPLv3 cure approach for GPLv2 and LGPLv2.1 licensed-code originated with community-focused organizations and developers and is now being adopted by leading companies across industries and geographies. Over 40 leading companies including Amazon, Arm, Canonical, Facebook, Google, IBM, Intel, Linaro, MariaDB, NEC, Pivotal, Royal Philips, SAP, SAS, Toyota and VMware have joined Red Hat in this effort. The approach has also been adopted by more than 100 Linux kernel developers and by many Red Hat-led projects…and list keeps growing. The full list may be found at this link: https://github.com/gplcc/gplcc/blob/master/Company/Company-List.md
Consider having your company join the GPL Cooperation Commitment. You may also join the many hundreds that have also signed-up in an individual capacity. Visit https://gplcc.github.io/gplcc/ for more information about how to join as a company or individual. There is also additional information about the program at this website.
You may also contact me at jkaufman@redhat.com with any questions or further information.
Jeffrey R. Kaufman is Senior Commercial Counsel (Open Source Legal Team) for Red Hat, Inc., the world’s leading provider of open source software solutions. Jeffrey also serves as Adjunct Professor of Law at the University of North Carolina. Previous to Red Hat, Jeffrey served as Patent and Open Source Counsel for Qualcomm Incorporated and Director of Product Management of Software and Connectivity for Zebra Technologies Corporation. Jeffrey holds multiple patents in RFID, barcoding, image processing, and printing technologies.