What some (many?) people don’t understand about the GPL

Bottom line up front; the GPL license is viral.

I have had a lot of discussions with people about software licensing, and it amazes me how few of them really understand them, especially the GPL. I’ll do a quick comparison of licenses:

EULA: sharing is evil
 BSD: sharing is not evil
 GPL: not sharing is evil

I’m not sure who originally said it, but one of my favorite sayings.

Now, mainly what people don’t understand about the GPL is that it’s an extremely viral license, and it’s all about distribution. As long as you don’t distribute your changes to the GPL software, you don’t have give anybody any source code. But the moment you hand over binary copies of it to anyone, you must also provide them with the full source, including your changes, to those people you gave the binary code to.

Here’s the thing; this isn’t just about changes to the software itself, it’s changes to the whole way in which that software is built as well. The Makefile for example. While it technically isn’t source code to your program, you can’t give the source code and not the Makefile used to build it, because the build has to be able to be reproduced. It isn’t limited to make, it extends to any means you use to build the source.

The same concept applies to ksplice. They currently violate the GPL with their distribution of update to the linux kernel (a GPL program) and don’t:

a) release the source code change (patch file) their binary update is built from, and
b) release the source code in which they used to build the binary update

I get that companies want to keep their code proprietary, I really do. I don’t have any problem with that; if I ran a large corporation, I certainly wouldn’t want all source code available to my customers, or the public at large. So no, Oracle isn’t an evil corporation for wanting to keep their source codes private (such as ksplice), they’re simply trying to protect what makes them their money.

However, since ksplice makes changes to a GPL program (the linux kernel), they are bound by the GPL. Since the GPL is such a viral license, its terms extends to the source code of the ksplice utilities just the same, regardless of whether they like it or not. There isn’t any choice in the matter.

I’ve been in contact with them about this, there hasn’t been a whole lot of movement from them, other than to putting back what they had originally released on their website:


A fine gesture, but it isn’t any different than the source code they had on their website before, which I have a copy of here:


which is, I might add, now over 2 years old. I don’t believe for a second that they’ve gone two whole years and haven’t made a single change to the source code. Also, I’ve been working with the tool, and can say that there is no way that they have their uptrack as automated as they do now without having fixed some problems in this source.

Now, there is the argument that modules don’t necessarily get tied to the GPL simply by going into the linux kernel. In fact, there is a whole general debate about it, and revolves around the fact that the GPL doesn’t cover APIs. However, this argument doesn’t apply here, just look at what it takes to build ksplice updates. You need the full source code of the linux kernel to build the update. So not only does ksplice modify kernel code, the ksplice update itself contains portions of the linux kernel source code, which is GPL code. Remember what I said about the GPL being viral?

Keep this in mind whenever you want to start a business involving software. One wrong move in terms of licensing choice or distribution policy, and you’ll get an army of free software zealots knocking on your door.

3 thoughts on “What some (many?) people don’t understand about the GPL”

  1. This [ksplice] is truly one of the darker corners of licensing debate. The bulk of it comes down to being able to reproduce the build for a GPL module that it packages and inserts into your kernel. If you can reproduce it, there’s no violation. If you can’t, then yes — there is some cause for eyebrow raising. If I can’t study and modify that update en situ, then I don’t have the rights that the GPL guaranteed. I question the entire motivation of making ksplice proprietary to begin with.

    One thing to note about the kernel is that simply using the kernel interface (via header inclusion to get the magic numbers / etc) is considered normal use of the kernel. So, just including those bits doesn’t cause you to inherit the license of the kernel. More often than not, those bits are already available in glibc, which is licensed under the LGPL.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>