Skip to content

Instantly share code, notes, and snippets.

@kn9ts
Last active December 14, 2024 05:38
Show Gist options
  • Save kn9ts/cbe95340d29fc1aaeaa5dd5c059d2e60 to your computer and use it in GitHub Desktop.
Save kn9ts/cbe95340d29fc1aaeaa5dd5c059d2e60 to your computer and use it in GitHub Desktop.
GPLv3 explained

GPL3 LICENSE SYNOPSIS

TL;DR* Here's what the license entails:

1. Anyone can copy, modify and distribute this software.
2. You have to include the license and copyright notice with each and every distribution.
3. You can use this software privately.
4. You can use this software for commercial purposes.
5. If you dare build your business solely from this code, you risk open-sourcing the whole code base.
6. If you modify it, you have to indicate changes made to the code.
7. Any modifications of this code base MUST be distributed with the same license, GPLv3.
8. This software is provided without warranty.
9. The software author or license can not be held liable for any damages inflicted by the software.

More information on about the LICENSE can be found here

@lulcat
Copy link

lulcat commented Jun 27, 2021

GPL3 is very infectious and although one is not distributing , the GPL3 is clearly stating that by linking (making use of) GPL 3 libraries, your code is automatically 3.0. So your private code is GPL3 now. You can of course avoid any demands of seeing it, because you are not distributing it. By not distributing, despite being GPL3, you do not have any obligation to provide the source(s) no. But it's definitely GPL3 (forks or otherwise derivative work). So in the future if you ever use it in something where the code is considered distributed, you will have to provide your sources if asked for.

In other words , to your web service, I won't reply on those specifics as I don't know what you or service is or does in detail, but you are committing in the long term an opportunity cost. Passing it on to even servicing technicians could make an unfaithful servant or just a prick decide to claim you are now distributing and so must disclose your sources. Gotta be careful with viruses. 🗡️
(edited for slightly better clarity).

@vijayaparthiban
Copy link

@hoang-innomizetech: @lulcat is correct. If you mobile/web application is internally calling a cloud based GPL3 library or software automatically/directly, it is linked to your application. In that case, you are obliged to release your code under GPL3. However, if you manually run a GPL3 software internally, get its results/data, store the results (in DB or files) and 'use' the results/data in your server then you are not linking your code with external software's GPL3 code.

Multiple options exist in the industry: 1) Understand the GPL3 code and replicate it in a different programming language with modifications (you could claim that it is your original code). 2) Run the GPL3 software for all possible input options, generate results and store them in a cloud instance to be used by your software (if this is feasible of course). 3) Look for other similar libraries that have a different license, and try to improve them with the concepts used by GPL3 library. 4) Request the GPL3 author to release it under a different license (most of them do not really understand the difference between different OSS licenses). The friendly OSS license regimes include ApacheV2, Creative Commons, amongst others.

@jorge-campo
Copy link

Very helpful, thank you!

@DaanBiesterbos
Copy link

DaanBiesterbos commented Nov 30, 2021

@vijayaparthiban I don't agree that just by calling another application that application would be bound to GPL3 code unless the code bases intertwine. The goal of the license is to protect intellectual property. Let's say I need a microservice to manage users within my organisation. And I use some opensource solution to implement single signon. I would not need to opensource every single application in the whole organisation just because I use this product (for something it was supposed to be used for). Sure, if you fix something, or you add a nice feature, share it with the community. Don't resell it. As an author that is what you want. The license is not a meant to hyjack your entire organisation. You don't want to put a lot of effort into something, then share it, and witness people claiming your work as their own and make money at the expense of your community. It's fair to set expectations on how the code is distributed. So if I would build another application on top of the opensource product, or include its libraries, and build my business on some cloud based authentication service, then I would obviously violate the license terms. Sure, we live in a world where a laywer can succesfully get money from a company for not warning a dumb customer about putting cats in a microwave, but that's another (legal) story.

Not a single company out there would use, contribute or fund opensource projects that would legally require them to put their entire business on github ^^

@imagtek
Copy link

imagtek commented Feb 25, 2022

Can a GNU GPL legal expert (JD in IP please) explain exactly what the following quote from the GPL means in the context of a proprietary work that contains GNU GPL code?
Specifically, does GPL compliance require the open-sourcing in totality of any proprietary source code base that touches GPL code?
The FSF dances around this, goes into moralizing and PR, and does not provide a straight answer.
If the GNU GPL requires open sourcing in totality of any source code base that touches GPL code, how is this enforced other than by hijacking copyright to the entire source code base, and placing it under the GPL?
How is this even legal?

I have yet to find a coherent explanation of this portion of the GPL license anywhere. Just lots of opinions.

' To "modify" a work means to copy from or adapt all or part of the
work in a fashion requiring copyright permission, other than the
making of an exact copy. The resulting work is called a "modified
version" of the earlier work or a work "based on" the earlier work. '
--GNU General Public License Version 3, 29 June 2007 '

Thank you in advance.

@vijayaparthiban
Copy link

vijayaparthiban commented Mar 5, 2022

@DaanBiesterbos Looking at your reply just now. Let me breakdown your comment into a few bits and pieces.

  1. Let's say I need a microservice to manage users within my organisation....
    This falls in a grey area. ie. If you use the microservice -within- your organisation, you may not be distributing. If you use it to sell your service/product externally, then your are distributing.

  2. Secondly, I agree with your whole comment from a fairness point of view. You are 100% correct and there is bunch of OSS licenses that are fully supportive of that (eg, Apache License 2.0 is just fine)

  3. My original comment mainly applies to a few restrictive OSS licenses such as GPLv3.0 or Affero GPL. I still standby by comment unfortunately (it is not my personal wish :) ie. If you use GPLv3.0 code within your service and distribute your product/service, then the license would expect you to OS the whole code. It may not be fair, but it is what it is. Also, if you do it anyway, then the original author may not sue you just because many of them IMO do not know the difference between GPLv2.0 and GPLv3.0 and adopt a higher version believing it is better. However, if your competitor finds out there is a remote probability that they may sue or expose you.

  4. A bit of history on why GPL3.0 was created. Suse Linux signed an agreement with Microsoft to settle all the lawquits when MS sued them for violating their patents in the OSS code. By enforcing GPL3.0 into OSS software the OSS community forced MS to abandon suing other Linux vendors. ie. If they extended the OSS code elsewhere they had to open their code.

Disclaimer: I am not a legal expert, so enquire a lawer who specialises in it (we did).

@vijayaparthiban
Copy link

@imagtek Know the version of your license. Is it GPLv3.0? If so, it may not forgiving unfortunately. If you use it within your service, it may affect all the code.

@imagtek
Copy link

imagtek commented Mar 23, 2022 via email

@DaanBiesterbos
Copy link

@DaanBiesterbos Looking at your reply just now. Let me breakdown your comment into a few bits and pieces.

  1. Let's say I need a microservice to manage users within my organisation....
    This falls in a grey area. ie. If you use the microservice -within- your organisation, you may not be distributing. If you use it to sell your service/product externally, then your are distributing.
  2. Secondly, I agree with your whole comment from a fairness point of view. You are 100% correct and there is bunch of OSS licenses that are fully supportive of that (eg, Apache License 2.0 is just fine)
  3. My original comment mainly applies to a few restrictive OSS licenses such as GPLv3.0 or Affero GPL. I still standby by comment unfortunately (it is not my personal wish :) ie. If you use GPLv3.0 code within your service and distribute your product/service, then the license would expect you to OS the whole code. It may not be fair, but it is what it is. Also, if you do it anyway, then the original author may not sue you just because many of them IMO do not know the difference between GPLv2.0 and GPLv3.0 and adopt a higher version believing it is better. However, if your competitor finds out there is a remote probability that they may sue or expose you.
  4. A bit of history on why GPL3.0 was created. Suse Linux signed an agreement with Microsoft to settle all the lawquits when MS sued them for violating their patents in the OSS code. By enforcing GPL3.0 into OSS software the OSS community forced MS to abandon suing other Linux vendors. ie. If they extended the OSS code elsewhere they had to open their code.

Disclaimer: I am not a legal expert, so enquire a lawer who specialises in it (we did).

Thanks. Sounds like a license to stay far away from. Guess we have microsoft to thank for it.

@imagtek
Copy link

imagtek commented Mar 23, 2022 via email

@Kylejustknows
Copy link

The product I am distributing is a “cloud virtual server” (Windows 2012) with a “GPLv3.0 tool” pre-installed on the desktop.

Should I make my whole product (Windows 2012 disk image at the backend) GPLv3.0 open source?
Where can I get the Windows2012 source code, please? Need help!

@vijayaparthiban
Copy link

@Kylejustknows I am not sure if you are really serious... Windows 2012 is Microsoft's proprietary product. Someone who uses your GPLv3 tool can get just the tool from you and install the OSthemselves. You should not distribute the Windows image as it must have a specific product key...

That said, it is possible to distribute the Windows 2012 image with a pre-installed product, just in the same way like the laptop vendors do. They pay MS directly and sell the OS pre-installed along with other bloatware :) Each image carries a different product key. It is legal in this way.

It seems I keep tracking this thread for years :) But I am happy to respond...

@pedro15
Copy link

pedro15 commented Mar 22, 2023

So if i use a plugin that uses this lisence in my privative closed source android application, i have to make open source just the modifications that uses the plugin, right?

or i'm breaking the rules and i need to make the whole thing open-source??

@RogerInHawaii
Copy link

If a company develops a 3D printer that uses Open Source software (under the GPL3 license), such as the Merlin code that's used with many commercial 3D printers, and the 3D printer hardware includes a patented addition that provides some unique feature, with modifications to the Merlin code handling the processing of that patented unique piece of hardware, I understand that the modified Merlin code needs to be made available as Open Source code, but does that have any impact on the patent that covers the unique hardware? Can the company still enforce its patent rights and prohibit other companies from building a similar printer that includes the patented part?

@vijayaparthiban
Copy link

Looking at the messages just now...

@pedro15 If your android app is for private (?!) use, you are not distributing. If you pu it in the Google Play store (for instance), you are distributing. One of tackling this situation is to force the user to install the plugin after the instalation. Then you are not distributing anything and what the user does is none of your concern.

@RogerInHawaii In your case, it is important to know what you are patenting. Is it the unique hardware part? Even if you open source your software, your patent would protect the hardware design. As for the software side, any unique addition that you offer with OSS GPV3.0 must be open source. Patenting that part is difficult and even if you do, enforcing or protecting it would be difficult.

Disclaimer: I am not a legal expert, get advice from an IP lawer.

@obriat
Copy link

obriat commented Nov 17, 2023

@hoang-innomizetech

All code linked with GPL 3.0 source code must be disclosed under a GPL 3.0 compatible license.

There's is no such text on the linked page, where did you see it?

@shubhh123
Copy link

shubhh123 commented Sep 5, 2024

Hi,
You mentioned about open sourcing the source code. Well, does that mean I need to open source my entire application or only the modifications I made?
Thanks!

@RogerInHawaii
Copy link

@shubhh123 , My reading of the GPL3 LICENSE is that you only need to open source YOUR VERSION of the open source code that you use in the application, including any modifications you made to IT. Your program may well include other code that you developed and even code that invokes part or all of the open source code you included (and potentially modified), but you do NOT have to make that other code open source. So, no, NOT the entire application, ONY the open source code that you included in the application (plus the modifications you made to IT).

Disclaimer: I am not a patent attorney.

@RogerInHawaii
Copy link

Yet another question: (Trying to protect my own software from being open source).

Suppose I set up a secondary processor, like an Arduino, and have some of MY software running on it. I have the open source code running on the primary processor and modifications I made to that open source code SENDS INSTRUCTIONS, perhaps by way of serial communications, to the secondary processor to have that secondary processor run its own software (that I wrote).

Is the software that I'm running on the secondary processor considered to be "part" of the open source code and therefore must also be made open source? Or can I (potentially) patent or copyright or otherwise protect that software I wrote that's running on the secondary processor?

@BluePyTheDeer251
Copy link

Thanks man, I was a bit overwhelmed by the unholy amount of stuff it said, and now I actually understand it.

@zaphod77
Copy link

zaphod77 commented Nov 26, 2024

Some clarification of things.

  1. the GPL only kicks in for distribution of the work. As long as you keep the derivative work to yourself, the GPL doesn't matter.
  2. the GPL requires that you state the work that yours is a derivative of. This definitely matters, for two reasons. One is you can't pretend it's the original work. The other is that it affects your ability to relicense the work. If you fork a GPL work on github, this is already done for you. Otherwise you MUST state it explicitly, either in the documentation or the source itself.
  3. linking to a GPL library requires opening up the source of the linking work. dynamic linking to a LGPL library does not. That's why the LGPL exists, to allow that use case.
  4. While the gpl makers would very much like the original work creator to be bound by the license, copyright simply cannot force that. If it is your original work that doesn't link to any GPL libraries, then you are 100% free to relicense future versions of your work under any other license. But this ONLY applies to the original author. If you modify a work, you cannot put the genie back in the bottle. All future versions of your modified work that are distributed must be under the GPL. If you link to a GPL (not LGPL) library, you are bound by the GPL.
  5. This is where point 2 comes in. Whoever made the work is responsible for enforcement. If someone else violates the GPL on your work, you aren't required to respond, because copyright allows selective enforcement. The original author can never actually bound by their own copyright license. This is part of moral rights as a creator. This is also why you can relicense the work. This is how aali's open source driver got rewritten into a closed source driver for steam releases of Final Fantasy games without violating the GPL. But if it's a derivative work, or links to a GPL library, the original author can call for enforcement.
  6. depending on your local law, the GPL may be considered a contract that anyone may sue for enforcement of. This is very much within the spirit of the license, but is not actually required.
  7. as works are modified by different people the chain of enforcement growls longer. anyone in the chain can demand enforcement, even without any case law making it a contract.
  8. v3 note number 1. You cannot create DRM with gplv3 code. If you try anyone with the source, which is anyone who asks for it is allowed to bypass it by modifying the work. In particular, if firmware with drm is GPLed, you can make a drm free version of it which also works on the original device.
  9. v3 note number 2. to satisfy the source available requirement, it must be possible for the one who asks to compile said source and use it with anything that the original source is used with. Again, this affects firmware. If you can't create a firmware the device will accept with the source, it doesn't count. This is known as the anti-TiVOization clause.

Roger's question. Is he distributing binaries? If no, the GPL doesn't matter. If yes (he is distributing copies of the device to others), then he must distribute the source for what runs on processor a, and is not required to distribute the source of the software that runs on processor b, assuming they are different pieces of software. software b does not run any of the code inside software a, so software b does not link against software a. However, to not run afoul of the anti-tivoization clause, processor B must not perform any integrity checks on software A. Any modification of software A running on processor A has to still be able to work with processor B after it's been modified, or it doesn't fulfill the obligation to provide source. Sufficiently documenting what processor B expects is good enough to avoid needing to open the software for processor B.

@RogerInHawaii
Copy link

RogerInHawaii commented Nov 26, 2024

Roger here.

I would be distributing a binary (executable) file of my modified (originally Open Source) Firmware that runs on the main machine I am building. So the source of that would be available as a fork of the GPL work.

I would be distributing a binary (executable) file of my own specific software which runs on an additional processor (likely an Arduino) that is NOT derived from any Open Source software.

The main machine will indeed be communicating with the additional (Arduino) machine and it will be very clear, in the source code for the Main machine that will be available from the fork on GitHub, what information is sent to the additional machine and what information comes back from that additional machine to the Main machine.

I THINK that means that I do not have to publish any additional information about the communication protocol between the two machines.

I THINK that also means that I am free to keep the source code that runs on the additional machine PRIVATE, company secret, possibly to copyright or even patent it (if patentable).

@zaphod77
Copy link

The issue is would someone be able to modify the open source firmware and actually put it on the device and have it work?

If yes, you are fine. If not you fall afoul of the anti-tivoization.

@RogerInHawaii
Copy link

Zaphod77,

I really appreciate you taking the time to address my concerns. The software community really can be a wonderful help to others.

Regarding your latest comment . . .

They would definitely be able to modify MY version of the Open Source firmware and be able to install it on a device (in my case it would be any 3D printer that employs the Marlin Open Source firmware). But if they wanted their installation of my version to make use of the additional capabilities I have added to it, which is sending commands to the attached extra microprocessor and having that microprocessor control certain pieces of new hardware that I intend to have on MY version of a 3D printer, they would have to, on their own, attach a microprocessor and the additional hardware as well as WRITE the code for that attached microprocessor.

It's that additional code which runs only on that separate microprocessor and makes no use of any Open Source software that I hope I can keep from being Open Source. Others may well be able to figure out what that code does, how it does it, and write their own, but I don't see that there's any requirement that I simply give it away.

I'm also expecting there to be a very unique piece of hardware as part of my design and which also would be controlled by that software residing on the additional microprocessor. That hardware is unique enough that I would be pursuing a patent on it. That would not prohibit anyone from figuring out what that (potentially patented) hardware does and figuring out how to have something else do what it does and how to have the software (that they would write) control that hardware. But if they wanted to incorporate MY unique hardware they may well need to license it from me or purchase it from me.

But since that hardware does not really preclude anyone from building a 3D printer that does everything MY new 3D printer will do, I would think there would be nothing that violates the Open Source principles.

Yes? No?

@zaphod77
Copy link

zaphod77 commented Nov 27, 2024

You shouldn't be forced to open the coprocessor firmware.

As i said the test is if someone could modify the firmware, and then install the modified version in a device that has your coprocessor and custom firmware for it. if YES, you aren't violating the anti-tivo.

Since you aren't intending to distribute your coprocessor firmware anyway, that sidesteps the entire issue. Unless you intend to distribute the modified open source firmware to others, the GPL is a complete non issue. Your modification is PRIVATE. You would only have to give someone the source of the gpl portion if you sold them your 3d printer. which would also give them your closed source additional firmware. Printing stuff with the printer doesn't count as distributing the firmware unless it is AGPL, and it almost certainly is not.

Happy to explain things.

@BluePyTheDeer251
Copy link

One question, does it matter if I use a library that is not licensed with the GPL?

@zaphod77
Copy link

zaphod77 commented Nov 27, 2024 via email

@RogerInHawaii
Copy link

zaphod77
I'm asking all these questions because I DO HOPE for my design to be the basis of a start-up company and to manufacture and sell the resultant 3D printers. It's really quite a unique design. It should print much faster and create much stronger prints (fingers crossed).
But it does seem like my code that runs on the separate processor can be kept as the company's trade secret, with no requirement that its source code has to be made available as Open Source.
So, that's a relief. :)

Thank you.

@zaphod77
Copy link

zaphod77 commented Nov 27, 2024 via email

@BluePyTheDeer251
Copy link

BluePyTheDeer251 commented Nov 27, 2024

The libraries in question are in my Cobalt repo under bot_code.py, it needs A LOT of work, it's concept is being a programming assistant that you can configure to only make answers to certain languages, this would be beneficial if for example, you ran the bot offline, so you don't download useless data you won't need.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment