GPL Cooperation Commitment: Promise of Collaborative Interpretation

GNU General Public Licence version 2 (GPLv2) was written in the early nineties to ensure compliant distribution of copyleft-licensed software. Even though its popularity has dropped dramatically  during the past decade, it nevertheless continues to be one of the most widely used and important open source licences.

Notedly, GPLv2 was drafted by non-legal free (as in “free speech,” not as in “free beer”) software enthusiasts and yet it has necessitated legal interpretation and application in accordance with  IP and contract law principles. For nearly two decades, compliance and enforceability of the licence by its users has had to deal with ambiguity and uncertainty with respect to its terms.

From uncertainty to death

Various attempts to achieve uniform interpretation of GPLv2 provisions, such as the introduction of amendments/exceptions, and reliance on individual enforcement statements or through litigation, have proved to be ineffective or have introduced more questions than answers, hence the licence text remains subject to varying (and not infrequently conflicting) interpretations. Accordingly, licence compliance has remained challenging and once you are in default, you are potentially facing severe consequences without any option for relief.

Section 7, the so-called "Liberty or Death" clause, has caused perhaps the most concern. This provision entitles licensees to distribute a GPL-covered work only when all licence obligations are satisfied. If other legal obligations are pertinent yet are in conflict, the licence may not be severed; rather, it is automatically terminated. This effectively means that a single act of (even) inadvertent non-compliance could give rise to an infringement claim, with no obligation for the copyright holder to provide notice prior to taking legal action and even more so with no opportunity for the licensee to remedy the deficiency.

Has the cure been found?

One of the features that was introduced more than a decade ago in GNU General Public License version 3 (GPLv3) is a “cure” period to correct licence non-compliance before it is terminated. The cure approach has been widely supported across the open source community. A couple of years back the Free Software Foundation and Software Freedom Conservancy, which lead worldwide efforts to ensure compliance with the GPL licences, incorporated it into The Principles in Community-Oriented GPL Enforcement. In October 2017, Linux kernel developers announced their enforcement statement, which encompassed the same concept.  Moreover, hundreds of individual developers signed the commitment to allow for a remediation period.

In cooperation we trust

However, numerous projects that continued to use GPLv2 would have been deprived of the GPLv3 approach for correcting compliance errors. It often amounts to a mammoth task to upgrade a licence for the entire project due to licence compatibility issues and divergent preferences of the stakeholders. Against this background, in November 2017, Red Hat, Google, Facebook and IBM announced their commitment to extend GPLv3 cure provisions to GPLv2. The GPL Cooperation Commitment is a statement by GPLv2 copyright holders that gives licensees an opportunity to cure violations before their licences are terminated.

Specifically, before filing a claim arising from termination of a licence, a copyright holder grants a 30-day remediation period coupled with licence reinstatement to a person or entity accused of violating the licence. If all the violations are ceased, the licence is reinstated (a) provisionally unless and until explicitly terminated afterwards and (b) permanently, if the copyright holder fails to notify of the violation prior to 60 days after the cessation. Moreover, a licence is reinstated permanently if: (i) the copyright holder notifies the user of the violation, (ii) it is the first time such user has received notice of violation of this licence (for any work) from that copyright holder, and (iii) if such user cures the violation within 30 days after the receipt of the notice. Red Hat, which initiated and led the initiative, took its commitment a step forward by making it irrevocable, binding and enforceable.

Since 2017, when the GPL Cooperation Commitment was first rolled out, over 40 companies, including big names from different industries around the world, such as Toyota, AT&T, Microsoft, SAP, SAS, VMware, Alibaba and others, have declared their accession to the commitment to provide a fair chance of remediation.

Why it matters

From a technical perspective, the commitment modifies the termination language that is present in GPLv2 and GNU Lesser General Public License. A natural question that comes to mind is whether GPL Cooperation Commitment may contradict GPLv2 itself, which does not allow changes to its provisions or any further restrictions imposed on the user’s rights. The commitment supporters assert that it should be treated as a substantive GPLv2 exception, like the Classpath Exception, or what GPLv3 calls an “additional permission” and not as a further restriction. Furthermore, GPL Cooperation Commitment does not enjoy a retroactive effect and applies only to software contributions made after the project joined the commitment.

The principle rationale of the GPL Cooperation Commitment is to provide clarity and predictability in how GPLv2 is enforced. It holds a promise of eliminating the major concern of GPLv2 licensees, namely that minor, negligent and curable licence violations may result in a ban of distribution or production interruptions.

More importantly, the GPL Cooperation Commitment takes licence governance back to the community realm, where a solution is found by collaboration and consensus, which generally aligns best with open source community approach. Whether this approach will be adopted again in future efforts to adapt licence to various changes of technology, such as packaging and delivery of software, remains an open question for now.  

Image credits: opensourceforu.com and Chae Bae