ESR: "We Don't Need the GPL Anymore"by Federico Biancuzzi
Recently, during FISL (Fórum Internacional de Software Livre) in Brazil, Eric Raymond gave a keynote speech about the open source model of development in which he said, "We don't need the GPL anymore. It's based on the belief that open source software is weak and needs to be protected. Open source would be succeeding faster if the GPL didn't make lots of people nervous about adopting it." Federico Biancuzzi decided to interview Eric Raymond to learn more about that.
Why did you say we don't need the GPL anymore?
It's 2005, not 1985. We've learned a lot in the last 20 years. The fears that originally led to the reciprocity stuff in GPL are nowadays, at least in my opinion, baseless. People who do what the GPL tries to prevent (e.g., closed source forks of open source projects) wind up injuring only themselves. They trap themselves unto competing with a small in-house development group against the much larger one in the parent open source project, and failing.
I read that you studied marketing to promote OSI. I'm wondering whether maybe the fact that Linux is more famous than BSD could be related to the "virality" of the GPL. If every time you build a product based on Linux you must release the source code, it's clear that everyone will know that it's based on Linux. And so the buzz keeps growing: another product based on Linux! This doesn't happen with BSD licensed code. For example, I read that the new portable console Sony PSP includes some code from NetBSD. How do we know it? Just for the advertising clause written in a simple text file that someone discovered on their web site. But that is different from the way Sony announced that Playstation 3 will natively run Linux. They proudly wrote a press release and started a big buzz. What is your opinion?
I believe you overestimate the marketing benefits of saying "Linux Inside!"; most technology consumers don't care, and Sony knows that. I think Sony is announcing Linux support because they know it's the most likely option to attract developers. NetBSD is a worthy project, but, let's face it, the fan base for it simply is not large enough to justify spending marketing effort to recruit them.
More generally, I don't think the GPL is the principal reason for Linux's success. Rather, I believe it's because in 1991 Linus was the first person to find the right social architecture for distributed software development. It wasn't possible much before then because it required cheap internet; and after Linux, most people who might otherwise have founded OS projects found that the minimum-energy route to what they wanted was to improve Linux. The GPL helped, but I think mainly as a sort of social signal rather than as a legal document with teeth.
Some time ago there was a monetary offer to get a Linux snapshot under BSD license. Would you have accepted?
I wouldn't have had the right to accept Jeff Merkey's offer; I'm not Linus. But supposing I were ... hmmm ... it's interesting that you asked me this, because I've exchanged email with Linus about a not entirely dissimilar set of questions having to do with how we cope if a court breaks the GPL.
I think the answer to your question is no. I wouldn't worry about a closed fork harming the community; I think that's a self-punishing form of idiocy. Linus probably still disagrees with me on this; he's always been more of a GPL fan than I am. What I would feel is something I know for certain Linus does--an obligation not to violate the expectations of the kernel contributors without better reason than a few dollars in my pocket.
Linus has told me he will relicense the kernel only in the case of an emergency that makes it necessary. I think in his shoes I would have the same policy.
Linux (the kernel) comes under GPL version 2. Quoting Linus's note:
Also note that the only valid version of the GPL as far as the kernel is concerned is _this_ particular version of the license (ie v2, not v2.2 or v3.x or whatever), unless explicitly otherwise stated.
Is it certain that Linus will adopt GPL v3?
It depends. I know for a fact that he is concerned that GPL 3.0 will overreach.
Is there any risk of a fork over this? One Linux kernel led by Linus under GPL v2 and another led by someone else under GPL v3?
I think not. The technical culture of the Linux kernel group doesn't seem to me to be composed of licensing fanatics.
The GPL includes a clause that automatically shifts the license terms to any new version of the license itself. Isn't this a Trojan horse?
No, because the clause says "at your option." That is, the person receiving GPL v2 software gets to choose whether v2 or the later version applies.
But this means:
- The user will choose which particular version of GPL he prefers, not the original software author.
- This mobile target (GPL 2.0, 2.1, 2.x, 3.x) could be chosen appropriately in case of a lawsuit.
How can this undefined condition be a good thing?
The user chooses only for copies of the software still under GPL 2. The author is free to change his license to 3.0.
The condition you call "undefined" means users cannot have rights they might have been counting on summarily yanked out from under them. Which is a good thing: the GPL was supposed to be about guaranteeing the users' rights, after all.
You take code under GPL and then you are free to choose every single day of the week a different version of that license because you don't have to write that number anywhere. Shouldn't the people working on the GPL v3 remove this clause or require licensors to write somewhere the exact version number of the GPL "receiving" developers have chosen?
Why? What problem would this solve?
It certainly wouldn't do anything for the users, who would be losing options rather than gaining them.
Quoting from Insider Hints at GPL Changes:
The current version of the GPL, which was last updated in 1991, fails to trigger the open source license if a company alters the code, but does not distribute its software through a CD or floppy disk.... But the rule does not apply to companies that distribute software as a service, such as Google and eBay, or even dual-license companies like Sleepycat.... "That means a bunch of innovation is being taken out. This is an important problem for us working on the new GPL to get right."
Wouldn't expanding its virality to software distributed as a service be a dangerous path?
I never really thought virality was a good idea in the first place, so I have to see this as a step in the wrong direction. I've used GPL on many of my own projects, but more as a gesture of solidarity with the majority in the community than because of any attachment to the GPL itself.
The pros and cons of "viral licensing" is something I've been thinking about a lot recently. As far back as 1998, I suspected that allegiance to the GPL is actually evidence that open source developers don't really believe their own story. That is, if we really believe that open source is a superior system of production, and therefore that it will drive out closed source in a free market, then why do we think we need infectious licensing? What do we think we gain by punishing defectors?
Stronger virality punishes defectors more effectively, but also has more tendency to scare people away from joining the open source community in the first place. Where the optimum point is all depends on how important punishing defectors really is relative to the economic pressures in favor of open source. My current belief is that the free market will do quite a good job of punishing defectors on its own; thus, increasing virality is a bad move.
Mind you, in saying this I'm not defending or excusing anybody who is cheating on the GPL's terms now. Whether our not viral licensing is a good idea for the community may be debatable, but software authors who choose it have a right to expect that those terms will be obeyed.
On gpl-violations.org there are some examples of companies that used GPLed code for their products, but "did not make any source code offering or include the GPL license terms with their products."
Most of them signed a "Declaration to Cease and Desist from further distributing their product without adhering to the license terms," while one of them refused to sign the declaration and so "the netfilter/iptables project was compelled to ask the court for a preliminary injunction," banning the distribution of that product unless the company "complies with all obligations imposed by the GNU GPL."
Why does this happen? Don't business companies understand GPL terms? Or maybe they try to cheat, hoping that nobody will discover them?
It's probably both. That is, some companies cheat and others blunder. There are probably some that have both cheated and blundered.
But if they prefer to keep the source code undisclosed, why don't they choose BSD-licensed code?
The blunderers don't know what they're doing. The cheaters may not know of BSD equivalents of what they want.
Maybe because they chose to put Linux in their embedded products just because it's one of the current buzzwords in IT and not because it is technically better than BSD systems?
I can't read the minds of blunderers and cheaters, and would not want to immerse myself in their thinking if I could.
Is managing a successful software company really possible, providing all your code under GPL?
Cygnus ran that way at a profit for years. I think Red Hat does today, though I'm not certain about the status of Cygwin.
But Red Hat doesn't release all of its software as open source.
I believe they make their real money on a product (Red Hat Enterprise Linux) that is completely GPLed. If you know differently, can you tell me what other licenses they are using?
It seems that Red Hat is selling its GNU/Linux distribution under a sort of user license that limits the freedom No. 2 provided by the GPL. The short version of the story, as I was told, is that if I buy a CD/DVD with the last Red Hat version and I make an ISO from that and put that online, I'll get sued.
The same thing happens with computer magazines. They cannot include any Red Hat CD because the term Red Hat is a trademark or something like that, and they don't let the magazine use it without permission. And obviously they don't give you that permission. Magazines must use Fedora and never say Red Hat.
Excuse me while I fire up a browser and research this a bit... Ahhh... right, if you republish a RHEL CD in either form, you could get sued for illegal use of the embedded trademarks. I think I just found the user license in question.
So the answer to your question is yes... Red Hat is a demonstration that you can have a profitable business based on entirely GPL code. You may have to play some interesting tricks with trademark law to do it, though. As I understand it now, what Red Hat has done is legally blocked republication of its entire RHEL distribution even though any component part is still GPLed and therefore freely redistributable.
Damn, that's clever and sneaky. I like it. It serves everybody: Red Hat gets a fence around its product, but all the community objectives of open source licensing are still met.
Do you consider this behavior coherent?
Yes. It makes logical and even ethical sense.
Isn't one of the community objectives of open source licensing the possibility to share the code? So how can the fact that every single piece is still under GPL and thus redistributable, but if I take the whole CD/ISO it will be covered by the US trademark laws, be acceptable?
That's the beauty of it. The possibility of sharing the code is unaffected--what you can't "share" is Red Hat's integration work and branding.
Some time ago, Linux abandoned BitKeeper because the company behind it didn't like the reverse-engineering effort done by Andrew Tridgell. Larry McVoy, BitKeeper's primary author, said, "You can compete with me, but you can't do so by riding on my coattails. Solve the problems on your own, and compete honestly. Don't compete by looking at my solution."
This is not the first reverse-engineering effort to write an open source tool that uses a proprietary protocol; just think of Samba or Gaim.
Is freedom more important than innovation?
The question is falsely posed. Freedom and innovation are not opposites; they are intimately connected. Proprietary protocols and the monopolies they spawn prevent innovation. Open standards encourage it.
McVoy is engaging in a rhetorical deception, one he copied from Microsoft. He wants you to believe that innovation will stop if software vendors can't collect secrecy rents. But this is pure, unadulterated bullshit. Is innovation in automobile designs stopped because auto designers can look at each other's engines?
Open source designers think up and deploy more new ways to do things every week than the proprietary industry can manage in six months. The reason is lower process friction--when you want to experiment, you don't have to argue with a boss or risk being shot down because your company thinks it might be too disruptive of their existing product line. You just do it.
Freedom is the oxygen of innovation, not its enemy.
So why didn't Andrew develop a new protocol and made it an open standard? I mean, he chose to write a free tool to handle a proprietary protocol. He chose freedom, not innovation. Only after the company stopped the support of the free client did they start a new project (Git).
Tridge did this because what he needed was a tool to extract BitKeeper metadata from the kernel archive--data which had been put in BitKeeper but which McVoy did not own. Writing a new protocol would have been beside the point--what he wanted was to get the metadata out of jail.
Everyone is free to choose where to put his own data. Linus chose BitKeeper years ago. So the root of the problem is that someone chose a proprietary application from the very beginning.
That's right. But Linus's choice should not constrain either Linus or other developers from getting at their own data.
If I don't want to have my data trapped in a proprietary format, I will avoid those proprietary applications. What is the sense of using the proprietary application and then asking for an open source tool to access the data?
You own your data, even when it's trapped in a proprietary application. There is a term in American law, conversion, for the act of refusing to give back property of others that has been entrusted to you for safekeeping. This is probably illegal wherever you live, too, and when proprietary vendors trap your data and refuse to let you get at it except through their application, they may be committing a crime.
In the open source world, we think this gives you a right to do whatever is necessary to retrieve it. The wrong, if there is one, isn't in creating open source rescue tools as Tridge did; it is on the part of proprietary vendors who refuse to provide facilities for export to an open, fully documented dump format.
In fact, in this case McVoy did provide such an export format. All Tridge did was figure out the magic words that tell the BitKeeper server to dump that information to the client. His rescue tool--I've seen it--is a trivial script. So there was no wrongdoing on either side here, just McVoy shooting his mouth off because Tridge figured out how to use a poorly documented feature.
If open standards are the final goal, why should people write open source software to support proprietary protocols?
To support users who don't want their data to be trapped in proprietary applications under vendor control.
So why did those users choose proprietary applications at first?
Sometimes they might have no choice. Sometimes they might believe that choosing a proprietary application is the best choice. It doesn't really matter which of these is the case. Either way, they have a right to get their data out of jail once they've realized their mistake.
But if we keep writing open source software for people "trapped" in proprietary formats or applications, people will keep choosing them just because there is an "emergency exit door"!
Shouldn't we use this "trap" to attract people to open source software directly? If we keep accepting and helping people with proprietary formats, why should they change software and formats?
Because the software they're using is, in general, badly engineered, inflexible, and full of security holes. By supporting proprietary formats, we reduce the friction costs of migrating out of that world.
What type of relation do you see between the open source world and standards such as IEEE standards and de facto standards?
A very intimate and symbiotic one: each requires the other. Most people already understand one direction of the dependence--for open source to flourish, strong open standards for communications protocols and data formats are essential.
What a lot of people have not figured out yet--though the W3C and IETF are moving in this direction--is that open standards depend on open source reference implementations. It is extremely difficult to specify everything that needs to be specified in a technical standard; in some notorious cases, such as the way Microsoft perverted Kerberos, vendors have used that underspecification as a loophole to create implementations that locked in their customers. Open source reference implementations are the only known way to prevent such abuse.
Do you think that organizations such as W3C and IETF should actively verify and enforce that protocols and formats proposed by companies not be patented? I'm thinking of Cisco and the VRRP story....
Yes. A "standard" with blocking patents is a dangerous trap.
The upcoming GPL version should cover some new aspects such as patents. Do you think that this could worry businesses more than its virality and make lots of people even more nervous about adopting it?
It depends on how sweeping the new clauses are. Without seeing them, I can't really evaluate the possibility.
Some big companies announced that they will share their patents to cover Linux and some other open source projects. I don't understand how this can be a good thing. If every open source developer is against software patents, shouldn't we try to boycott the system? What is the sense if we say, "We are against software patents, but if any big companies patents things for us, it's better"?
I don't hear anybody saying this. The open source community is not asking companies to patent anything, merely accepting those grants when they happen. It's not like we could stop them, really.
I don't understand your last sentence. If someone gives you a present, you will probably accept. But if you are against something and the present is related to that "something," shouldn't you refuse the present?
I didn't hear anyone saying, "Thanks, IBM, we don't want your patents because we are against this system and we don't want to support it or being part of it." Don't you think they should have?
Why do that, rather than encouraging IBM in an action that subverts the system?
I don't think IBM behavior subverts the system. I think they did that move to get the press talking about them and Linux, and to tell clients that they will be covered by IBM lawyers if needed. However, the point is that since Linux people didn't refuse this move, now they have an entanglement with IBM patents. Doing so, they sent a message to the people that is clearly not "we are against patents."
I don't agree with that interpretation. Think back to the days of the Cold War. If the Soviets let some dissidents out of jail, would you have told them "No, put those people back in jail" because you thought accepting that action meant supporting the Gulag?
It's a strange example.
Just follow the logic.
Let's get back to the GPL. Aren't you concerned that you'll stir up a political mess by saying we don't need it? Some people might think you're trying to wreck GPL 3.0 before it launches.
No. I've actually been making the argument that the GPL is rationally justified only if open source is an inferior system of production since 1998. But back then, the evidence that open source is a superior system was much less clear. I believed it, having written the first analytical argument for that proposition in The Cathedral and the Bazaar in late 1996. I already knew what that implied about the superfluousness of the GPL when I wrote the paper--but until there was a lot more real-world evidence, I knew the argument would be difficult for GPL fans to hear.
In fact, it's political considerations that kept me quiet for a while. For a long time, I judged that any harm the GPL might be doing was outweighed by the good. For some time after I stopped believing that, I didn't see quite enough reason to fight with the GPL zealots. I'm speaking up now because a couple of curves have intersected. It has become more apparent how much of an economic advantage open source development has, and my judgment of the utility of the GPL has fallen.
Yes, many people will view this as heresy. Fine--it's part of my job to speak heresy in ways other people might feel afraid to do. If there is any better use for being famous and respected than using that status to question orthodoxy, I haven't found it yet.
Federico Biancuzzi is a freelance interviewer. His interviews appeared on publications such as ONLamp.com, LinuxDevCenter.com, SecurityFocus.com, NewsForge.com, Linux.com, TheRegister.co.uk, ArsTechnica.com, the Polish print magazine BSD Magazine, and the Italian print magazine Linux&C.
Return to ONLamp.com.