The GPLv3 Paranoia


What is it, exactly, that makes the companies feel weak in their knees when it comes to GPLv3? Every legal team in an incorporated has second thoughts while reviewing the adoption of a GPLv3 licensed software or the licensing of their own source code under GPLv3.

GPLv3, released in 2007 by the Free Software Foundation (FSF), was formulated to cover up the loopholes in GPLv2. The resulting draft came out so stringent that many prominent open source projects seem to avoid it — Linux kernel, Busybox, etc. Ever wondered ‘why exactly’ and ventured to read the real thing? Ahem… the legal parlance of the license is notoriously difficult to understand for a programmer — seriously, even harder than “Klingon”! Also, one cannot find a simple explanation in plain english, just enough for a programmer, to comprehend the implications of GPLv3.

So here is some easy-peasy description. Please note, this is not an exhaustive coverage of the GPLv3 — only the “interesting” stuff!

NOTE: If you are a serious reader, read the actual license!

What’s about the Patent Clause?

If your contribution to the GPLv3 software infringes a patent that you own, then you handover the license to use the patent to anyone using, modifying and distributing the software.

Furthermore, if you are the aggressive party suing another user (of the GPLv3 software) for patent infringement, you lose the right to use that GPLv3 software, at all.

What is Copyleft and its “Viral” Nature?

Copyleft implies giving the authority to everyone to redistribute and modify some work with a condition that the modified version will also contain this same condition in its license.

If your software is statically or dynamically linked to a GPLv3 licensed library, then your software, too, is GPLv3 licensed — as open source and free as any GPLv3 code. (If you want to create a library with GPL-like license, but want to link it dynamically with proprietary software, this is possible with LGPL. But that is a whole new Star Trek season in itself!)

What is DRM?

Digital Rights Management (DRM) collectively refers to the various digital copy protection methods. This is done by employing  access-control mechanisms at several layers in the system — hardware to software. A familiar example, Amazon Kindle disallows opening an e-book, bought by a user, on anything other than Kindle hardware or Kindle app, both of which needs the user’s login.

GPLv3 prohibits evasion of its rules using digital signatures in hardware, thus proving to be anti-DRM.

What is “Tivoization”?

“Tivoization” is adopting a copyleft license (like GPLv2) software but instead putting restrictions through hardware on running modified versions of the software.

Intentionally, or unintentionally, TiVo did this — and, sadly, got crucified by FSF with coining of the term in its name. TiVo used GNU softwares and the Linux kernel that were licensed under GPLv2. However, any software that did not match the digital signature authorized by TiVo would not execute on its hardware. Thus, they perfectly complied with GPLv2, but circumvented it through external (hardware) restrictions. Precisely, they incorporated DRM into their system.

GPLv3 has anti-tivoization clause, but it is relaxed when the software is distributed to business where software integrity is crucial like security appliances, medical devices, voting machines, etc.

There is much more to GPLv3, but this might be good enough to calm the curiosity of an inquisitive programmer.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s