August 14, 2006

Extending the GPL for application service providers

Author: Joe 'Zonker' Brockmeier

Funambol CEO Fabrizio Capobianco is scheduled to announce a draft version of a modified GNU General Public License (GPL) today that would add a provision requiring service providers to distribute changes to code, even if they don't "distribute" the code beyond their own servers. Capobianco calls this the Honest Public License (HPL), and the additional provision could add an entirely new wrinkle to free software.

There's little question that the the software landscape is changing, and companies are using free and open source software in ways that weren't considered when the GPLv2 was written more than 15 years ago. This is why the Free Software Foundation (FSF) is revising the GPL and working toward GPLv3 -- which may end up addressing the question of GPLed software being used by application service providers (ASPs) to provide software as a service (SaaS).

Yet another license

However, I spoke with Capobianco on Friday, and he says he can't wait for the GPLv3, so he's going ahead with the Honest Public License right now. Capobianco also says that the FSF is "not talking enough" about this issue, and that he hopes that this will "put more focus" on the problem of ASPs not sharing changes to SaaS code.

One has to wonder, however, do we really need another open source license? It has been widely agreed for a while now that "license proliferation" is something of a problem for open source, since many of the licenses that are compliant with the Open Source Definition are not compatible with one another -- preventing the very code sharing that the licenses were ostensibly created to promote.

Bob Bickel, former vice president of strategy and corporate development for JBoss, says there is a need. Bickel, who has been consulting with Capobianco, says that he typically doesn't like to advise using new licenses, "but the situation that Funambol is in is actually an increasing situation.... The new model of software as a service can have companies taking advantage of code and not necessarily contributing back to the community."

Capobianco describes the license as the GPLv2 with an added provision to require changes to be distributed when a company uses modified HPLed code to offer a service. Capobianco says that the license will be upward compatible with the GPLv3, so there's a possibility that Funambol's software could be relicensed under the GPLv3 at a later date.

The problem, according to Capobianco, is that ASPs can take GPLed code -- like Funambol's software -- modify it, and sell services based on the software without needing to contribute anything back to the community, because the code isn't "distributed" according to the definition in the GPL. Capobianco has been thinking about this for a while, and talking to others about the idea. Capobianco says that others have said it's "time somebody did something about it."

This isn't the first time the question of alternate distribution has been taken up. The Affero General Public License (AGPL) was created to address the problem of user-facing software run over a network. Some programs, such as weblog software, could include a feature that allows a user to download the code via HTTP, and the AGPL requires that the function be preserved, and if modifications have been made to the AGPLed code, they must also be available for download.

Distribution and compliance

One of the problems with the HPL approach is that it could discourage the use of open source software. While some quarters have tried to over-emphasize the "viral" nature of the GPL, code sharing is only triggered by distribution -- users and organizations are free to modify GPLed code for internal use without having to share code, which has been a major factor in adoption by companies like Google, Yahoo!, and others.

Mark Radcliffe, who's chairing Committee C of the GPLv3 drafting process and helping Funambol with the HPL, says that "the obligation is limited to services intended to interact with third parties through a network, so back office functions such as accounting" would not be subject to the license.

The HPL also raises the question of compliance. Enforcing GPL compliance is difficult enough when code is distributed; detecting and proving infringement would be doubly difficult for software running exclusively on someone else's network. Radcliffe acknowledges that this is a problem, but also pointed out that "licensors can always cheat.

"A licensor distributing his product under the GPL could provide object code with changes but not provide the changes in the source code he distributes. Ultimately, the community could discover it, but no contract is a guarantee of ethical behavior."

In the case of HPLed code, Radcliffe says that "the licensees will be most interested in getting the source code if the SaaS vendor has provided functionality which was not in the initial code."

If a program shows new functionality, Radcliffe says that the copyright owner would have the right to demand a copy of the source code. "The failure to provide the source code would be a violation of the HPL and the SaaS vendor could lose his license to the underlying code."


  • News
Click Here!