More companies want fairness to open source license enforcement

Red Hat, Inc. has announced that Adobe, Alibaba, Amadeus, Ant Financial, Atlassian, Atos, AT&T, Bandwidth, Etsy, GitHub, Hitachi, NVIDIA, Oath, Renesas, Tencent, and Twitter have joined an ongoing industry effort to combat harsh tactics in open source license enforcement by adopting the GPL Cooperation Commitment. By making this commitment, these 16 corporate leaders are strengthening long-standing community norms of fairness, pragmatism, and predictability in open source license compliance.

This announcement follows an earlier wave of adoption of the commitment within the technology industry. Red Hat, Facebook, Google and IBM made the initial commitment in November 2017. They were joined in March 2018 by CA Technologies, Cisco, Hewlett Packard Enterprise, Microsoft, SAP and SUSE. In July 2018, 14 additional companies signed on to the commitment: Amazon, Arm, Canonical, GitLab, Intel Corporation, Liferay, Linaro, MariaDB, NEC, Pivotal, Royal Philips, SAS, Toyota and VMware. One month later, in August 2018, the eight funding members of the Open Invention Network (OIN) — Google, IBM, Red Hat, SUSE, Sony, NEC, Philips, Toyota — announced that they had unanimously adopted the GPL Cooperation Commitment. With today’s announcement, more than 40 organizations have adopted the GPL Cooperation Commitment.

The 16 new companies in this announcement are a diverse set of technology firms whose participation makes evident the worldwide reach of the GPL Cooperation Commitment. They comprise globally-operating companies based on four continents and mark a significant expansion of the initiative into the Asia-Pacific region. They represent various industries and areas of commercial focus, including IT services, software development tools and platforms, social networking, fintech, semiconductors, e-commerce, multimedia software and more.

The GPL Cooperation Commitment is a means for companies, individual developers and open source projects to provide opportunities for licensees to correct errors in compliance with software licensed under the GPLv2 family of licenses before taking action to terminate the licenses. Version 2 of the GNU General Public License (GPLv2), version 2 of the GNU Library General Public License (LGPLv2), and version 2.1 of the GNU Lesser General Public License (LGPLv2.1) do not contain express “cure” periods to fix noncompliance prior to license termination. Version 3 of the GNU GPL (GPLv3) addressed this by adding an opportunity to correct mistakes in compliance. Those who adopt the GPL Cooperation Commitment extend the cure provisions of GPLv3 to their existing and future GPLv2 and LGPLv2.x-licensed code.

Specifically, the commitment language adopted by each company is:

Before filing or continuing to prosecute any legal proceeding or claim (other than a Defensive Action) arising from termination of a Covered License, [Company] commits to extend to the person or entity (“you”) accused of violating the Covered License the following provisions regarding cure and reinstatement, taken from GPL version 3. As used here, the term ‘this License’ refers to the specific Covered License being enforced.

However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation.

Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice.