Open source is about community, yet some want to use open source licensing as a club. Here's how to spot the trolls.
In an ideal world, people wouldn't be trolls and we wouldn't need the GPL Cooperation Commitment (GCC). Unfortunately, we don't live in that world, so a swelling list of companies have agreed not to be jerks and use open-source licensing as a club.
Making open source less open
This shouldn't be an issue, of course. Open source is supposed to be about collaboration and community. When Red Hat, Facebook, Google, and IBM initially proposed the GCC in November 2017, therefore, it was a bit of a surprise. By July 2018, 20 more companies had joined, including Toyota, Intel, and Royal Philips. More head scratching. This week 16 more companies joined the GCC, including my employer, Adobe, and I finally asked the question, "Is this really a problem? Are individuals or companies really weaponizing GPL licensing against (likely) innocent wrongdoers?"
The answer is "Yes."
SEE: Software licensing policy (Tech Pro Research)
The GCC attempts to thwart this by committing a company (or an individual) to enforce GPLv2 the same way GPLv3 is enforced; namely, to offer a "cure" period in which an infraction can be remedied. As Red Hat's Jeffrey Kaufman wrote earlier this year:
[W]e believe that license enforcement should ordinarily be judged by whether they ultimately foster greater adoption of open source software and participation in open source development. License enforcement can help to ensure that all companies play by the same rules, but enforcement tactics that are overly aggressive, unfair or unpredictable can discourage users from joining the community....
[Under GPLv3 or the new GCC] you have a period of time to correct that non-compliance before the license terminates. This means that licensees have the ability to correct their mistakes. This creates greater predictability in open source license enforcement and, likewise, encourages increased participation and growth in the open source ecosystem. Innovation takes a village and fairness and predictability are keys to growing that village.
It's somewhat ironic that the GCC should even have to exist but, again, some have been inclined to use the GPL as a weapon.
Will it work?
The GPL Cooperation Commitment does nothing to stop trolls from wielding the GPL like a club. In this respect, it's a bit of an empty gesture, as it is basically a club for those already committed to not being jerks. The same individuals or companies inclined to bludgeon anyone suspected of non-compliance can continue to do so.
The difference is that it is quickly becoming clearer which companies you can't trust. The GCC is pretty unobjectionable. If a company isn't willing to sign up to the GCC, it's a tell that maybe you as an individual or company don't want to risk using their software. Is your preferred vendor on the list of signatories? No? In your shoes, I'd ask them why not and, barring innocent omission, I'd strongly reconsider using their software.
Open source, after all, is a community. No one wants a license troll clubbing all the neighbors.
- It's MongoDB's turn to change its open source license (ZDNet)
- Open-source licensing war: Commons Clause (ZDNet)
- GitHub makes open-source project licensing easier with an open-source program (ZDNet)
- Why novelty open source licenses hurt businesses more than they help (TechRepublic)
- Why Redis Labs made a huge mistake when it changed its open source licensing strategy (TechRepublic)
- GitHub: A cheat sheet (TechRepublic)