Effective regulation matters: Join us in the GPL Cooperation Commitment
Find out why GitHub is joining the GPL Cooperation Commitment, and how effective regulation can help protect open source.
Today, we’re excited to announce that GitHub has joined 40 other software companies in supporting the GPL Cooperation Commitment. Our hope is that this change will improve fairness and certainty for users of key projects that the developer ecosystem relies on, including Git and the Linux kernel. More broadly, the GPL Cooperation Commitment provides an example of evolving software regulation to better align with social goals, which is urgently needed as developers and policymakers grapple with the opportunities and risks of the software revolution.
What is effective regulation?
Regulations are put in place in order to achieve social goals—like reducing pollution or protecting consumers—but those goals aren’t automatically achieved. An “effective” regulation must direct behavior that will actually further intended goals and not cause too much unintended collateral damage.
But that’s not all: an effective regulation would also have an enforcement mechanism that encourages compliance rather than creates an opportunity to shake businesses down. Under effective regulation, the most severe penalties for non-compliance, like shutting down a line of business, would be reserved for repeat and intentional violators. Less serious failures to comply, or accidental non-compliance, may only result in warnings—if the violation is promptly corrected.
The current state of the GPL as private software regulation
The GNU General Public License (GPL) is a tool for a private regulator (copyright holder) to achieve a social goal: under the license, anyone who receives a covered program has the freedom to run, modify, and share that program. (In contrast, a license like MIT does not regulate what freedoms downstream recipients must be offered. Whether to regulate in this manner or not is up to the developer of a program.)
However, if the developer does want to regulate, version 2 of the GPL (GPLv2) has one bug from the perspective of an effective regulator: non-compliance results in termination of the license, with no provision for reinstatement—making the license marginally more useful to copyright “trolls” who want to force companies to pay rather than come into compliance.
In contrast, version 3 of the GPL (GPLv3) fixed this bug by introducing a “cure provision” under which a violator can usually have their license reinstated—if the violation is promptly corrected. On choosealicense.com, we recommend GPLv3 when developers want to use a regulatory license.
Still, GPLv2 has served the Linux kernel, Git, and other developer communities well since 1991, many of which are unlikely to ever switch to GPLv3, as this would require agreement from all copyright holders, and not everyone agrees with all of GPLv3’s changes. But GPLv3’s cure provision is uncontroversial: could it be backported to GPLv2 licensed projects? In a sense yes, to the extent GPLv2 copyright holders agree.
How the GPL Cooperation Commitment can help
The GPL Cooperation Commitment is a way for a copyright holder to agree to extend GPLv3’s cure provision to all GPLv2 (also LGPLv2 and LGPLv2.1, which have the same bug) licenses offered, giving violators a fair chance to come into compliance and have their licenses reinstated.
And importantly, the GPL Cooperation Commitment is an example of making regulation more effective in advancing a social good, like we discussed above. It also incorporates one of several principles (the others do not relate directly to license terms) for enforcing compliance with the GPL and other copyleft licenses as effective private regulation.
Why we support the GPL Cooperation Commitment
We’re happy to agree to the GPL Cooperation Commitment
because it aligns with GitHub’s core values. Everything we build and support is grounded in empowering the people–and the community–behind the technology. We know GPLv2 will likely remain an important private software regulation for decades to come. It’s important to ensure that GPLv2 licensees have the ability to fairly correct license violations, and to support effective regulation that improves open source licensing for everyone. We also want to encourage both private and public policymakers to take similar care for effectiveness when considering regulation that will shape the future of software.
How you can get involved
You can join us in making the GPL Cooperation Commitment as a company or individual. GPLv2 projects can add the GPL Cooperation Commitment as an additional permission.
Written by
Related posts
Students: Start building your skills with the GitHub Foundations certification
The GitHub Foundations Certification exam fee is now waived for all students verified through GitHub Education.
Announcing GitHub Secure Open Source Fund: Help secure the open source ecosystem for everyone
Applications for the new GitHub Secure Open Source Fund are now open! Applications will be reviewed on a rolling basis until they close on January 7 at 11:59 pm PT. Programming and funding will begin in early 2025.
Software is a team sport: Building the future of software development together
Microsoft and GitHub are committed to empowering developers around the world to innovate, collaborate, and create solutions that’ll shape the next generation of technology.