GPL in the workplace?
-
16-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I once interviewed at a consulting company where it came up in the conversation that they use open source products (which is great, I've used Hibernate, JBoss, etc. extensively.) One thing that did surprise me is that when I asked if they used GPL licensed OSS when writing applications for clients, they said "Sure, all the time! As long as the client gets what they want and are happy." Now, I'm no lawyer or big license buff, but I was under the impression that using GPL code (let's say some library that you include), then you are required to release the entire application under the same license. When I pointed this out, I was given a quick response of, "Well, we give the clients all the source code when we're done, so that's really not an issue."
Not wanting to press the issue further (interviews aren't the place for arguments like that), I let it slide. However, that still concerns me about that particular practice of the business. What is the official word on GPL licensed code and how "open" does it need to be? Do you have to publish it and say "My company used this library so here is the site where you can download our shopping and order fulfillment system application that we spend millions of dollars to build."? In this situation, is the company right for using GPL code without the client's knowledge? Is it enough to just "give them the source"?
Solution
Standard disclaimers apply: I am not a lawyer and neither are you.
GPL, at its core, is about protecting the rights of those using the program to obtain and use the source as well. It does not mandate that you publish the source of any program you write that uses GPL'd code, merely that if you publish such a program you must also provide the source.
I can write any number of apps for my personal use, pull in GPL'd code, and never give the source of any of this to anyone. I can write such apps for internal use by my company, and need only provide the source to those within my company who use the program (practically-speaking, I would have to do this anyway if they had any good reason to request it). If I write such a program for some other entity, I merely have to give them the code (and make it clear that the program is GPL-licensed) - if they go on to distribute it, they also must then make the source available, but I'm out of the picture.
So the only worry your consulting company might have is that they were failing to make their clients aware of the license the code they provided fell under. Actually, I lie - if they had negotiated a different license with their clients (client owns all rights to code...) then they could be in hot water over that as well... But this is true for any third-party code: unless it's public-domain, you must comply with the license, and must not re-license it unless that right has been granted you by the copyright holder.
OTHER TIPS
As a consultant, I make a point of raising license issues early with my customer so that they can make an informed choice. If the best technology to apply to their problem is under GPL but they can't comply with the license, then I can't use it. In practice, this has had two effects.
First, many are happy to pay for a commercial product specifically to avoid this issue. This is especially common in the embedded systems world where compliance with GPL would effectively require publishing the complete hardware design and documenting how it all works to meet the spirit of the GPL which is an attempt to make it possible for an end user to change the product. While it is possible to to make products that are that open, it requires a great deal of commitment at all levels of the company. The larger problem is that many components of a design are documented to us by their makers under NDA and it is effectively impossible to create GPL compliant code that uses documentation released under NDA.
Second, we now have a preference for the MIT license and its many relatives (which make it clear that commercial use is acceptable) over the GPL at any revision. I haven't had any customer object to releasing bug fixes and improvements made back to the relevant product communities. Since the license is permissive, I can comply with my NDA obligations, keep my customer happy, and contribute to the relevant communities.
Open source does not necessarily mean free.
IANAL either, but generally speaking the requirement for GPL is to provide the source code for your project. You can certainly sell a product to someone else. However, I believe that you cannot prevent them from giving it away. That is probably what makes most GPL'd software free, as in beer. I'm fairly certain that you do not have to publish your code to world+dog just because it is GPL'd.
From the preamble to v3 of the GPL (emphasis my own):
The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too.
When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things.
(source)
In this situation, is the company right for using GPL code without the client's knowledge? Is it enough to just "give them the source"?
This is a slightly different question. If the client has some expectation and that expectation is dictated in a contract, the company may have an issue. Otherwise, it is up to them to determine how best to do the job. However, they are supposed to include a notice in the source code regarding the license. I am uncertain if they must disclose this to their client in any other way.
No, you are correct. Heres why:
Consider if we have an application under GPL. Now, then it can't be used by proprietary code.
If it was enough just to open source code that uses GPL, I could open source a project based on it as BSD.
Then proprietary software could use the GPL product.
