GPL v3 Thoughts

At 10am Eastern (3pm GMT) tomorrow, The Free Software Foundation is going to unveil the first draft of version 3 of the GPL. I thought it would be profitable to have a think about version 2, while my mind was still unbiased by knowing their suggested improvements.

Tweaks To The Existing Text

Section 2 a) (“You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change”) is the most widely-ignored piece of the GPL, and for good reason – such notices would be a pain in the rear to maintain, and having changelogs inside files messes up your source control. What was the original purpose of this clause? Is it necessary any longer?

Section 2 c) (that the program must print a licence banner on startup if its an interactive command-line program) is anachronistic. One merely needs to say that users of the program must be made aware of their rights.

With regard to the two above, licences should require results rather than specify methods to achieve them. That will make them much better suited to withstanding the progress of time.

The last paragraph of section 3), which says that ‘equivalent access to copy’ is sufficient to fulfil the requirement to distribute source, should also allow a similar scheme when distributing via other methods than download. I.e. you should be able to buy GPLed binaries on CD, and optionally request the source CDs at no extra charge if you also want them. Potentially, in this world of cheap bandwidth and cheap CD-Rs, the principle of equivalent access could replace the “written offer” provisions.

Potential Change: Requiring Source for Web Applications

Some have argued that source distribution should be required for GPLed applications one uses with a web browser and a network, as well as those one uses by downloading and installing them. If this ties into the already-existing legal concept of public performance of a work, and merely states that source code need be made available in an equivalent manner to if you had distributed the binaries to the user, this would be OK. If it forces particular abilities on the software, like the Affero GPL does (download over HTTP), this would be bad and non-free, as the software would then have an “invariant section”.

Potential Change: Patent Defence Clauses

Some have suggested a form of mutual defence clause, where suing someone for patent infringement in GPLed software terminates your right to distribute all GPLed software. I personally would like to see that, but I suspect it might split the community. Companies like Sun and IBM would be faced with either giving up their rights to sue authors of GPLed works for patent violations, or giving up their right to distribute GPLed code. One would hope they’d choose the former… There are more mild forms of anti-patent clause which might cause less friction. I don’t know what the FSF will go for.

Potential Change: Requiring ‘Trusted Computing’ Keys

Some embedded GPLed software can’t be modified in practice because the binaries need to be signed, and the hardware checks the signature. Section 3) needs beefing up to make it more clear that you need copies of everything which allows you to use a modified binary in place of the original binary. And that means Trusted Computing or DRM encryption keys.

Various Debian people have also put forward their views.

19 thoughts on “GPL v3 Thoughts

  1. The entire issue of patents should be left out of the licence. Patents do not necessarily impinge on distribution or copying the software, which is the scope of the licence. Furthermore, they cannot impinge on the use of the software due to the terms of the GPL, which causes you to agree that it alone allows you to use the software. Anyway, that’s my uninformed opinion. Others likely have thought about the issue more, and perhaps see problems that are not obvious to casual users like me.

    The issue of patent defence clauses seems like it is trying to use to shove GPL copyright law into the area of patent law: why? If you don’t like the idea of software patents, work to change the laws applicable to them: it doesn’t make sense to use the GPL to influence patent laws, potentially turning it into a monster (and probably something that will be looked at dimly by courts, lawyers, companies and even end-users). It also doesn’t make sense to prevent people from distributing or using GPL software based on their behaviour with regards to patents. That is just arbitrariness, even if the issues seem at first related. It is as arbitrary as saying that plagiarizers shouldn’t be allowed to further publish. It is taking away freedom (even though the people who you are taking that freedom from may also be guilty of taking away some freedom from others). I have, in general, contempt for the philosophy that seeks to place additional restrictions on someone’s future behaviour due to their past offence, and not limiting my contempt only to restrictions on behaviour that would otherwise be considered legal (such as the opportunity to create and use GPL software). I believe plagiarizers, and abusers of the spirit, if not the letter, of the GPL, should have as much a right to publish as anyone else, with no restrictions placed specifically upon them. They should only have to bear the consequences of their actions. They should even be afforded the opportunity, equal to anyone else, to re-plagiarize, re-patent, or generally re-abuse, exactly what they plagiarized or abused before! Why? They’re abusing copies of things, and not abusing PEOPLE. Your work is NOT an extension of yourself (however much you’d wish to believe otherwise), it is a thing unto itself, separate from you, and protected by laws that are utterly disinterested in your thoughts and opinions.

    If a person has patented something, and then created software which uses the patent, and released the software under the current GPL, that person should not ever reasonably expect to be able to restrict the use of the software using patent laws in any way that restricts the scope of the GPL, because so much in the GPL implies that this would not be possible. If you want to do this, you’d do better to invent a new licence.

    [Quote]you should be able to buy GPLed binaries on CD, and optionally request the source CDs at no extra charge if you also want them[/quote]

    Although, if you’re distributing a program via cd, it’s often practical to include the sources on the CD anyway. If you don’t, you already must provide the source free (plus a nominal fee of distribution) to absolutely anyone who demands it (via internet, cd) regardless of whether they bought your program. If you include the sources with your binary distribution at the point of sale, you can at least force your customers to pay for the program (if that’s important to you).

    I think the biggest issue will be clearly defining distribution and use. The area of when and how internet applications skirt the boundaries of the GPL lies largely in the definitions of those terms.

  2. It is as arbitrary as saying that plagiarizers shouldn’t be allowed to further publish.

    That’s what the GPL says now – if you break the GPL licence (e.g. by plagiarising its code for your own proprietary application), you lose your ability to distribute the software.

    I have, in general, contempt for the philosophy that seeks to place additional restrictions on someone’s future behaviour due to their past offence

    But isn’t that the basis of the current criminal justice system? Prison is placing restrictions on someone’s future behaviour (their liberty) due to a past offence. So is a probation order.

    Although, if you’re distributing a program via cd, it’s often practical to include the sources on the CD anyway.

    The Debian GNU/Linux OS comes on, I think, more than ten binary CDs. If you want the source too, that’s even more CDs. I believe many Debian CD distributors currently use a system like the one I suggest, but it would be good to see it explicitly permitted by the licence.

  3. I don’t know if you understood my comment. It is not so glib as your comments imply.

    The GPL of a program doesn’t speak to further violations of that program, or other programs released under the GPL. One violation is as equal as another. A second violation is the equal of the first. The licence of a program speaks only to the program itself. Punishments meted out in settlement may often involved promisses and undertakings and oaths, but these are utterly outside the GPL’s scope, and are not informed by it specifically. Nor are they in any other copyright licence. Nor should they ever be.

    If it is found that you break the GPL for an application, you do not have the ability to distribute that application. However the licence doesn’t speak to your abilities to distribute any future applications, only the one exactly in question. It also does not speak to punishments at all! To pretend that a licence can insinuate a suggested punishment is offensive to democracy and the rule of law.

    To compare copyright violations to criminal justice is a false comparison. Copyright violation may be criminal, but it is more likely a breach of contract. But, philosophically, the criminal justice system seeks to punish past behaviour (perhaps by removing them from society), and serve as an example to DETER future behaviour. Generally, once an offender has served his sentence he is as free to re-offend as any other free man, and his past behaviour does not having any bearing upon the legality or illegality of specific actions (that is, in general, an act, which were it to be commited by a free man, unconvicted of a crime, be found utterly legal, that act could not then be considered illegal were the criminal to do that same). Furthermore, a criminal is as free as any other man to recommit the very offence he did at first. His punishment may be greater, but his punishment is decided by society and principles of equality before the law. His punishment can never be decided or dictated by the community or individuals which he has aggrieved.

    To say that past GPL offenders should not have the opportunity in the future to distribute anything in general or even just one specific thing, under the GPL, you are placing the GPL above the law, are mandating punishments, and are seeking to reduce people’s freedoms. That is odious, and disturbing, and antidemocatic and dictatorial, and without precedent.

  4. Regarding patents, I believe the patent provisions of the current GPL are on the right track, and just need to be tightened up: no “patent retaliation” clause, just making it explicit that if you’re distributing GPLed software, you cannot use patents or anything else to restrict any of the rights granted by the license.

    Regarding source for web applications, I would suggest that even a non-technology-specific indication that public performance requires source distribution is likely to split the community far more than the patent defense clause. I don’t know that I’m opposed to it; I’m just suggesting that many people are, and it will not go over well.

    Regarding changelogs and 2a: I agree that this needs to be fixed, but I don’t believe the clause should be removed entirely; it should just be made less specific, such that a separate changelog or a public version control system is sufficient.

    Regarding source distribution, I think the existing text is fine, as long as it is clear that the Internet is considered a “a medium customarily used for software interchange”. There may need to be some specific text added to cover the fact that the URL could stop working, though.

    Regarding Treacherous Computing, I think that such a fix would be the most important addition to the GPL. However, it needs to be worded very carefully. For example, the requirement that “you need copies of everything which allows you to use a modified binary in place of the original binary” would be difficult in the case where you really can’t change the hardware; we shouldn’t prevent people from creating hardware with GPLed firmware permanently burned into ROM, nor do we want to affect the common case where software distribution tools automatically check GPG signatures.

  5. To say that past GPL offenders should not have the opportunity in the future to distribute anything in general

    I’m not saying that. I’m saying that people who attack GPLed software with patent lawsuits should not benefit from the use of that which they are attacking. That seems like a reasonable principle to me.

    It seems, however, that the FSF disagrees. So there you go.

  6. Well it’s here:

    Section 2 is moved to section 5. [2]a) is basically the same. [2]c) has gotten bigger and changed. I think it’s better. Section [3] has been mostly rewritten. Your afterthoughts would be appreciated :)

  7. I assume even legislators and lawyer do not know what it means to performs a computer program. Does it mean making the effects of running the perceivable or does it mean reciting the source code? I am inclined to believe it may be dangerous for free software advocates to try to make the interpretation converge on the former, because it is relevant to freedom but not properly covered in licenses.

  8. Yes athis version more clear and I like the part about original authors intent or ‘reputation’ protected so there remains a privacy explanation so as not to think this is a totally ‘public’ or ‘public domain’ license. It just protects the public’s rights once the item is recieved but the creation remains private. Also I like the explanation of ‘Object Code’ which is code that is not intended for distibution and completley private to the author, I think.

    Also the DRMers have ‘stolen’ this software and used it for their own purposes to lock in consumers. if people want to use Open Source code they have to play buy the rules.
    I like the geographical explanations
    Privacy Invasion maybe needs more expounding like explanation of ‘Rootkits’ and ‘Personal Informaiton Gathering.’
    Really this contract could quite literally take care of most digital privacy threats.

  9. I’ve added some comments to their cool webtool; but I think I’ll wait for the dust to settle a little bit before writing something here. The next draft is, I believe, due out in June so we have some time :-)