What The New GPL Means For Enterprise IT

After two years of consultation, the Free Software Foundation has published version 3 of the GPL (GNU General Public License GPL), its first update in 16 years. Since then, GPL-licensed software has become a part of most enterprise IT installations (and a lot more besides), so its revision could have a major impact.

The Linux kernel itself is unlikely to adopt GPLv3, as copyright on it is held by many different contributors and all would have to agree to any licensing change. However, all major Linux distributions also require the FSF's GNU code, so in practice the license will eventually apply to most enterprise Linux users.

The new GPL looks like a win-win for IT. It adds a few restrictions to software vendors, all of these which will benefit customers. The one proposed change that could potentially have hurt enterprise users has been dropped entirely. The main changes from version 2 and previous drafts are:

Patent Protection For Users
The most important feature of the new GPL is an explicit patent grant: Anyone who distributes GPLv3 software must automatically grant every user of the software a license to use any relevant patents. In theory, this will protect all users of GPL patent lawsuits, while preventing Linux vendors from striking exclusive deals with patent-holders such as Microsoft.

According to the FSF, the new GPL means that Microsoft's patent licensing deals with Novell, Xandros, LG Electronics, and Linspire mean that all users -- not just customers of those four vendors -- are immune from any Microsoft lawsuits covering GPLv3 software. Microsoft disagrees, but the dispute will not actually be settled unless it actually tries to sue a Linux vendor or user for patent infringement, which is extremely unlikely.No Web Services Clause
Early drafts of GPLv3 had included an optional clause requiring that networked applications make their source code available to remote users. This has now been removed, thanks to concerns that it placed an undue burden on developers and users. Though intended to ensure that customers who obtain software as a service have the same rights as those who get it as binaries, it could potentially have had a much wider impact.

The clause was only ever an option, so it probably wouldn't have affected regular Linux servers. However, its absence should make server administrators' lives easier, as it means that any GPL program can be freely used without having to check whether any of it is covered by the extra requirement.

The goal of source code for SaaS users hasn't been abandoned altogether, though. The FSF still endorses the Affero license, which is based on the GPL but includes the extra clause. It is likely to appeal to vendors who have a dual-licensing strategy, as it gives their service provider customers a fairly strong incentive to pay up for a commercial license rather than use the open source version.

Limitations On DRM
The most controversial provisions of GPLv3 deal with digital rights management. The new GPL doesn't forbid DRM, but does limit it in two important ways.

The first is a statement that DRM based on GPL code does not constitute an "effective technological measure." This is intended to ensure that breaking the GPL-based DRM is not illegal under the DMCA and similar laws that criminalize reverse-engineering of DRM systems. This is aimed mostly at consumer applications, but could also benefit enterprise users if it prevents DRM from being used to restrict interoperability.The second is a requirement that home appliances containing GPL software must allow users to run their own modified version. This is intended to prevent devices like TiVo, which uses GPL code but requires that it be signed by the hardware vendor. However, this only affects home appliances: Enterprise vendors can still use digital signatures to lock down GPL code. The disparity is because of concerns from developers that signed code has legitimate security applications, which are more likely to be needed in the enterprise.