Free but not easy: A guide to open-source compliance

The Free Software Foundation has published a handy guide to GPL compliance, but it also opens up new interpretations to old open-source licensing "problems."

A friend pointed out to me that the Free Software Foundation's "Practical Guide to GPL Compliance" has some intriguing details. One, in particular, caught his eye.

Most people familiar with open source understand that distribution of modified open-source software compels the modifying party to make source code available for the derivative work. However, as the Free Software Foundation points out, there is no obligation to make it easy to compile source code:

The GPL contains no provision that requires distribution of the compiler used to build the software. While companies are encouraged to make it as easy as possible for their users to build the sources, inclusion of the compiler itself is not normally considered mandatory. The Corresponding Source definition--both in GPLv2 and GPLv3--has not been typically read to include the compiler itself, but rather things like makefiles, build scripts, and packaging scripts.

In other words, source code must be available, but the onus isn't necessarily on the code author to pave the way to a perfect binary. I personally believe that it's in the developer's interest to make it as easy as possible to compile as the benefits of open source start the moment the receiving party can contribute and participate in the code, but it's not a requirement.

One other thing that caught my eye was the Free Software Foundation's clarification as to whom a code author must distribute her source code:

...[GNU General Public License (GPL)] v2 § 3(b) requires that offers be "to give any third party" a copy of the Corresponding Source. GPLv3 has a similar requirement, stating that an offer must be valid for "anyone who possesses the object code". These requirements indicated in v2 § 3(c) and v3 § 6(c) are so that non-commercial redistributors may pass these offers along with their distributions. Therefore, the offers must be valid not only to your customers, but also to anyone who received a copy of the binaries from them. Many distributors overlook this requirement and assume that they are only required to fulfill a request from their direct customers.

This is the language that allows, for example, CentOS to take Red Hat's code and redistribute it. Lost in this language, however, is an increasingly common business practice to only distribute source code to one's immediate customers, and to impede the right of redistribution through a separate contract. Regardless of the validity of such contracts, it is absolutely the case that very few downstream business users of software have any interest (or even internal policies that allow) in software redistribution.

As such, companies could make their software available as open source without any material concern that their source code will be redistributed and modified, if such is their concern. (Of course, if this is a concern, why bother using an open-source license at all...?)

I encourage you to read the Free Software Foundation's compliance guide. It makes a lot of things about the GPL and its affiliate licenses easier to understand.

Featured Video