GNU version of GPL gives feds a break
Agencies can let contractors use software without making it public
- By William Jackson
- Jul 23, 2007
The latest version of the General Public License, released last month by the Free Software Foundation (FSF), has something to please or displease just about everyone. But agencies and their contractors should be happy with an exception carved out for them that will make it easier to keep sensitive federal software code under wraps.
The foundation released GPL Version 3 late last month, updating for the first time in 16 years the license under which some of the most widely used open-source and free software programs are distributed.In harmony
The new version brings GPL into closer alignment with some other free or open-source licenses and moves to restrict cooperative patent agreements, such as the one announced in November by Microsoft and Novell.
'It is extremely significant,' said Doug Levin, president at Black Duck Software, which develops software license management programs. He called the new GPL an extraordinary achievement and described the 18-month collaborative process to produce it as unprecedented. Levin estimated that as much as 70 percent of open-source software is distributed under GPL, the best known of which probably is Linux or, as the Free Software Foundation calls it, GNU/Linux.
The GNU ' which stands for GNU's Not Unix ' operating system on which Linux is based was developed by FSF.
Although free and open-source software often are lumped together, FSF founder Richard Stallman draws a sharp distinction between the two.
Open-source is a process for designing software that enables collaboration among multiple contributors, and free software is an ethical commitment to produce software without restrictions on its use or distribution.
Anyone is free to use, modify and even sell free software, but those same rights must be passed on to any other users of the modified software.
That requirement is at the heart of GPL, which ensures that all rights to a piece of software are conveyed with that software anytime it is distributed. The first version of GPL was released in 1989, and Version 2 was released two years later. Stallman began working on the present version in 2005, and it has undergone an 18-month process of public review and feedback.
The government's traditional reluctance to adopt open-source or free software is beginning to change, Levin said.
'The government is slow to change, but they are increasingly adopting open-source and other third-party components' in their software programs, he said.
This adds another layer of complexity to the chore of managing software licenses, which is where Black Duck earns its bread and butter. It has a contract with the Navy and a number of government contractors.
The contractor issue has caused problems with government use of software under GPL, Levin said. Under Version 2 of the license, changes made in the software became public once the software was distributed, and giving the software to a contractor to run counted as a distribution.There's the rub
That restricted the use of software including code from government developers that the government wanted to keep proprietary for security reasons.
Version 3 of the license includes an exception for contractors: Use of software by a contractor does not constitute distribution and does not trigger the obligation to make modifications public.
'That has been a major impact in the GPL and is a reason why government and contractors should adopt GPLv3 types of code,' Levin said.
Restrictions in the license on reciprocal patent agreements under which companies provide one another's customers with patent protection are receiving much more attention.
FSF does not like software patents and uses terms such as scourge to describe the restrictions patents bring to development, use and distribution of software.
The new license has a grandfather clause and does not interfere with the agreement in which Microsoft offers Novell customers protection from patent infringement claims against SUSE Linux Enterprise software. But when software under the GPLv3 license is involved, the same patent protection must be extended to all customers.
Patent issues are addressed in Section 11 of the license, which says that if you 'grant a patent license to some of the parties receiving the covered work'then the patent license you grant is automatically extended to all recipients.' The next paragraph forbids future agreements of that kind.
'The main reason for this is tactical,' the foundation said in a statement. 'We believe we can do more to protect the community by allowing Novell to use software under GPL Version 3 than by forbidding it to do so.' However, the new version 'will block Microsoft and other patent aggressors from further such attempts to subvert parts of our community.'Other voices
Not everyone is pleased with GPLv3. Some complain that the free-software movement is imposing its ethics on developers. FSF representatives rail against what they call 'Tivolization,' a reference to the digital video recorder that runs Linux but will not allow modified versions of the operating system to run on its boxes in the name of digital rights management.
Because of such limitations, FSF refers to DRM as digital restrictions management and turns Trusted Computing into Treacherous Computing.
Such philosophical and practical differences have generated debate about whether the Linux kernel should be distributed under GPLv3. Red Hat, a commercial distributor of Linux, has welcomed the new license, saying the company 'believes our end user customers will benefit from several of the new provisions in GPLv3, including the patent license provisions.'
The company said it will add GPLv3 to the list of approved licenses for which it will honor its promise not to enforce its software patents.
However, in a digital version of the Cold War doctrine of mutually assured destruction, Red Hat's 'defense is to develop a corresponding portfolio of software patents for defensive purposes,' the company said.