피드 구독

“Discourage litigation. Persuade your neighbors to compromise whenever you can.”

This was Abraham Lincoln speaking in the mid-1800s but his advice is still relevant today. Litigation is almost always a poor tool for fostering collaboration, whether among neighbors or software developers.

In approaching the topic of open source license enforcement, it is important to consider Lincoln’s advice. Collaboration during open source license enforcement is a key to successful compliance just as it is an important element to success in the software development process. In assessing license enforcement tactics, you need to ask whether they will foster greater collaboration in open source software development. If the ultimate result of excessive or abusive enforcement is that developers and enterprises are turned off from participating in upstream open source communities, the ecosystems will wither and we all suffer as a result.

What good is enforcement if no one is engaging in open source development?

At a minimum, license enforcement should be conducted in a manner that is fair and predictable. This means providing a chance to correct inadvertent errors in license compliance -- a common-sense idea that is now gathering great momentum.

Today, Red Hat announced that another wave of leading companies Amazon, Arm, Canonical, GitLab, Intel, Liferay, Linaro, MariaDB, NEC, Pivotal, Royal Philips, SAS, Toyota and VMware have joined Red Hat and nine other forward-thinking companies in rejecting harsh tactics in the enforcement of open source licenses. Following the lead of the open source development community, the move today reflects the growing strength of the norms in the open source community about the importance of responsible license compliance and supports the long-held belief that individual trolling for personal or corporate gain is not appropriate in the open source ecosystem. Today’s announcement brings the total number of companies who have adopted this approach to 24. The list of companies comes from across industries and geographies, all of whom have agreed to apply the principle of fairness in license enforcement.

For those who review and negotiate commercial contracts on a regular basis, the idea of a reasonable notice and opportunity to fix problems may seem obvious but this wasn’t always the case for the GPL. Version 2 of the GPL and LGPL do not contain express “cure” periods to fix problems before the licenses are terminated. In an earlier era, the Free Software Foundation (FSF) owned the copyrights for nearly all GPL-licensed code and was the only copyright holder regularly engaged in license enforcement. At that time, the idea of automatic termination in the hands of a benevolent license steward may have seemed appropriate to encourage and enforce license compliance. But, over time, there was an increasing volume of GPL and LGPL-licensed software that was distributed by a growing body of copyright holders (i.e., many potential license enforcers). A consensus began to form that automatic termination could result in potential unfairness and opportunities for abusive enforcement. When the FSF, with the guidance and assistance of the Software Freedom Law Center, ultimately released GPLv3 in 2007, one of its new features was the introduction of a cure period for license noncompliance and mechanisms for license reinstatement when compliance errors were promptly fixed.

Following the release of GPLv3, the FSF encouraged existing GPLv2 projects to adopt GPLv3. While many projects did move, there is still a large body of code that continues to be licensed under version 2. Some projects have chosen not to move and others were unable to do so due to license selection upstream or other reasons.

At the same time, the use of open source software has become increasingly ubiquitous across a growing number of industries -- it is fast becoming the very foundation of cloud computing. An increasing number of companies in a variety of industries ranging from automobiles to banks to consumer products are now contributing to, distributing and using open source software within their enterprises and product portfolios. The diversity and volume of open source code used in products today have now become so large that it is no longer reasonable to expect that there will be 100 percent compliance all of the time. The potential for abusive enforcement of the automatic termination provisions of the GPLv2 became concerning to developers and community enforcement organizations who have been coalescing behind the position that heavy-handed approaches to license enforcement are out of place in the community.

This movement to adopt the GPLv3 cure approach for GPLv2 licensed-code originated with community-focused organizations and developers and, as today’s announcement demonstrates, is now being adopted by leading companies across industries and geographies. The approach has been adopted by more than 100 Linux kernel developers and by Red Hat-led projects. In addition, a growing number of individual open source developers are adding their names to the GPL Cooperation Commitment for their own GPLv2 and LGPLv2, and LGPLv2.1 copyrighted code through a repository hosted on GitHub.

Starting from a concept first embodied in GPLv3, the idea of affording GPLv2 and LGPLv2.x licensees the same opportunity to correct errors in compliance is now catching hold: the Linux Foundation and its work with the Linux kernel developers, Red Hat projects, 24 companies and more than 100 developers -- all adopting the GPLv3 cure approach for GPLv2 and LGPLv2.x-licensed-code.

Red Hat intends to continue its effort to encourage other companies, projects and developers to adopt the GPL Cooperation Commitment and to support approaches to license enforcement that foster greater collaboration in open source software development. Visit the GPL Cooperation Commitment GitHub page if you or your company are interested in joining.

Innovation takes a village, and fairness and predictability are keys to growing that village

 

David Levine is assistant general counsel at Red Hat.


저자 소개

UI_Icon-Red_Hat-Close-A-Black-RGB

채널별 검색

automation icon

오토메이션

기술, 팀, 인프라를 위한 IT 자동화 최신 동향

AI icon

인공지능

고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트

open hybrid cloud icon

오픈 하이브리드 클라우드

하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요

security icon

보안

환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보

edge icon

엣지 컴퓨팅

엣지에서의 운영을 단순화하는 플랫폼 업데이트

Infrastructure icon

인프라

세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보

application development icon

애플리케이션

복잡한 애플리케이션에 대한 솔루션 더 보기

Original series icon

오리지널 쇼

엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리