From here on, Red Hat's new GPLv2 software projects will have GPLv3 cure for license violators
We'll forgive you if you change your ways, says Linux giant
Red Hat on Monday said all of its newly initiated open-source projects that adopt GPLv2 or LGPLv2.1 licenses will be expected to include the GPLv3 "cure" provision.
The move follows Red Hat's announcement last November, in conjunction with Facebook, Google and IBM, that the four companies intended to extend the GPLv3 violation remediation language to existing projects under GPLv2, LGPLv2.1 and LGPLv2, except when defending against lawsuits.
In March, CA Technologies, Cisco, HPE, Microsoft, SAP and SUSE joined the group of companies working to make the licenses more friendly to accidental violators.
The GPLv3 cure clause gives open-source license violators grace periods of 30 or 60 days, depending on the circumstances, to remedy license violations. Having this time makes it easier for those who have run afoul of licensing terms to fix things before being exposed to the possibility of litigation.
"Automatic license termination, as commonly understood in the community, meant that a single act of inadvertent non-compliance could, in theory, give rise to a large number of infringement claims, with no obligation on the part of copyright holders to notify the alleged violators prior to seeking legal recourse," explained Richard Fontana, senior commercial counsel at Red Hat, in a blog post today.
To help individual developers play nice under the same forgiving rules companies have embraced, Red Hat in May created the GPL Cooperation Commitment. It's a statement that individual GPLv2 and LGPLv2.1 copyright holders can make in support of allowing unintentional license violators to take the necessary steps to prevent their licenses from terminating.
"We're trying to really influence community opinion on what's the right way to enforce these licenses," said Fontana in a phone interview with The Register.
The reason to do so, he said, is to encourage people to contribute code to open source projects. Because outside contributors retain copyright in contributions they make to open source projects, it's important to encourage this sort of change at the project level, he said.
"To the extent people are concerned about using GPLv2 code...we want to provide assurances so that people will continue to grow these ecosystems," said David Levine, Red Hat's assistant general counsel.
Much of the angst about license violation litigation follows from Linux developer Patrick McHardy's efforts over the past few years to sue companies in Germany over alleged GPL violations of his copyrights.
The Software Freedom Conservancy, an organization with more of a stomach for litigation than the Software Freedom Law Center, in 2016 characterized McHardy as a "GPL monetizer," someone more interested in extracting fines than ensuring compliance.
Paul Berg, an open-source licensing expert who advises the Idaho National Laboratory in the US, in an email to The Register, said it would be unrealistic to ask every open source project under GPLv2 and LGPLv2.1 to fully adopt the corresponding version 3 license.
Berg said the GPL and LGPL version 3 have more lenient termination clauses for good reason: Most people have no idea they've violated the terms and would comply if made aware of the problem.
So grafting on the GPLv3 cure provision onto older licenses makes sense, as he sees it.
"By adopting the cure provisions of versions 3 of of the licenses, the disruptions of the software distribution process can be kept to a minimum in the event of unintentional violation while still retaining the ability to legally enforce the license terms for violators that willfully refuse to comply," he said. "My feeling is that this is a good move and reduces the risk of incorporating GPLv2 and LGPLv2.1 software into projects where the project fully intends to comply with the license." ®