When licenses attack

Published July 14, 2009. Filed under: Misc, Pedantics, Python.

Jacob posted twenty questions about the GPL. Zed followed with an explanation of why he placed Lamson under the GPL. This has provoked some discussion around the internets, some of which I have read and some of which I’ve ignored.

Unfortunately, there’s a lot of noise drowning out useful discussion, much of it centered around alleging — directly or indirectly — that if you ask questions about how the GPL interacts with other licenses, you must be trying to “get around” the GPL, or take someone’s GPL code and use it against their wishes. This is quite sad, because the question of how the GPL interacts with non-GPL open-source licenses is both interesting and important.

I don’t have any doubts about Jacob’s or Zed’s bona fides when it comes to Free/open-source software. I know both of them well enough to know that they’re really smart guys who are producing and giving away incredibly useful software. So if they’re talking about this, it’s not because anybody’s trying to be sneaky or do end runs around someone else’s licensing.

And, to be honest, I’d really like a straight answer on how the different licenses interact. Jacob mostly confined himself to simple hypotheticals, which is fine, but to get the point across I’d like to mention some specific pieces of software and show how confusion and conflicts can pop up.

Some real examples

Suppose you’re writing an application in Python, and you use the readline and/or rlcompleter libraries. These are interfaces to GNU readline, which is GPL software, and so many people would argue — quite possibly correctly — that if you distribute that application you’re obligated to do so under the terms of the GPL.

Now, suppose your application also needs to do SSL. Python has a module for that, but what happens if you use it? Well, now you’re also interfacing with OpenSSL, which has a viral advertising clause in its license. And viral advertising clauses and the GPL cannot legally mix, which means you may be up a creek. There may be a solution to this (GPLv3 has a somewhat similar clause to the one mentioned there), but there may not be, and nobody really knows.

So if you need both readline and SSL support and you’re conscientiously doing your best to comply with the relevant licenses, what can you do? Right now, you can:

  1. Never distribute your application, since then you won’t incur any of the GPL’s distribution requirements (though a lot of Jacob’s questions poke into the nooks and crannies of just what counts as “distribution”), or
  2. Write your own version of one or both of those libraries, or write interfaces to alternative versions and hope you can find alternatives with compatible licensing, or
  3. Give up and not write your application.

It’s that last one which worries me: Free/open-source licensing should never serve to impair the production of Free/open-source software.

A more mundane example is the code for my recently-published book. I’m doing my best to get a code package out there, but right now I’m literally up against a licensing snag: one of the projects it covers is a weblog application which can post links to delicious, and the Python library which does that is GPL. I don’t personally have a problem with that and I don’t really care what license the code ends up under, but I need to know which license I’m obligated to use, and right now I don’t, because there’s a lot of confusion over when the GPL will be invoked by use in Python code.

Even more mundane, but interesting: the other day I saw someone asking about GeoDjango (aka django.contrib.gis), which provides geographic extensions to Django’s ORM. This person wanted to build and distribute an application using Django and the GIS add-ons, and was wondering how that ends up licensed, because if you use PostgreSQL, you enable GIS in the database though PostGIS, which is GPL.

I’m reasonably certain that the GPL doesn’t reach up into the Django layer in that case (PostGIS, if used, is separate, lives on the other side of a process boundary, isn’t “linked to” from the Django side as far as I know, and contrib.gis simply generates queries according to an open, standard interface, and leaves it to the end user to provide a database server implementation to send those queries to). But the fact that people ask these questions points to an awful lot of confusion about just how different licenses interact.

This is why we need answers

Nobody that I know is trying to steal anyone else’s code or sneak around someone else’s license. As someone who both benefits from and produces freely-licensed software, I wouldn’t stand for that. But well-meaning people can easily get bogged down in the morass that is license terms. To deal with this problem, the types of questions Jacob was asking yesterday need clear, common answers, many of which are not currently found in the FAQ documents of popular licenses (e.g., what exactly is “linking” in the context of a language like Python? If software is only used inside a particular company, is it being “distributed”?). Of course, any such answers would be subject to “until a court rules definitively one way or another”, but anything would be better than what we have right now.