Join the GPL Cooperation Commitment
Join with leading companies, developers, and other leaders in the open source community who have all committed to provide GPLv2 and LGPLv2.x licensees a fair chance to correct violations before their licenses are terminated.
Our goal is to reduce opportunities for abusive enforcement tactics and, more broadly, to promote greater predictability in the enforcement of GPLv2 and LGPLv2.x licenses. Through this initiative, we hope ultimately to increase participation in the use and development of open source software by helping to ensure that enforcement, when it takes place, is fair and predictable.
What is the GPL Cooperation Commitment
The GPL Cooperation Commitment is a statement by GPLv2 and LGPLv2.x copyright holders and other supporters that gives licensees a fair chance to correct violations before their licenses are terminated.
The “automatic termination” feature of GPLv2 and LGPLv2.x does not provide an express “cure” period in the event of a violation. This means that a single act of inadvertent non-compliance could give rise to an infringement claim, with no obligation to provide notice prior to taking legal action. When GPLv3 was introduced in 2007, one of the key improvements was the inclusion of a cure period.
In order to address this imbalance in GPLv2 and LGPLv2.x license enforcement, Red Hat, IBM, Google, and Facebook announced in November 2017 a commitment to apply the GPLv3 cure provisions for their GPLv2 and LGPLv2.x licensed software. Since that time, over 40 companies have announced that they too were making the commitment (see current list). The cure approach has support across the open source community, including individual developers and users. It is the same approach that was adopted in 2017 by over a hundred Linux kernel developers, and is also among the Principles of Community-Oriented GPL Enforcement promulgated by the Software Freedom Conservancy. Red Hat has adopted the cure approach for all new Red Hat-initiated open source projects that opt to use GPLv2 or LGPLv2.1. Similarly, a growing number of existing Red Hat-led GPLv2 and LGPLv2.x projects are adopting the cure commitment for new contributions. Finally, there is also an initiative to enable individual developers to add their names to the cure approach.
The open source community should focus on building great things and encouraging others to participate.
Let’s be reasonable. People make mistakes. Supporters of this commitment believe it is important to provide incentives to organizations who seek to―and actually do―comply and fix their mistakes. We are promoting this initiative so that organizations can have reasonable assurances that they can use GPLv2 and LGPLv2.x-licensed code even if there is an inadvertent and temporary noncompliance with the license due to ambiguity, misunderstanding or otherwise (as long as they make the effort to fix their non-compliance).
Why does this matter? It promotes a balanced approach to license enforcement. Greater predictability in open source licensing will help to increase participation and grow the open source ecosystem. Innovation takes a village, and fairness and predictability are keys to growing that village.
What is our goal? Our goal is to get as many GPLv2 and LGPLv2.x copyright holders as possible to make this commitment. Sign today to become an early adopter.
Make this commitment and tell the world that:
- You support open source community members whose intent is to foster collaboration and participation.
- You expect licensees to comply with the GPL and LGPL when redistributing code.
- You assume positive intent and understand that well-meaning people sometimes make mistakes.
- You have committed to giving licensees a fair chance to correct license violations.
Ready to add your name to the commitment?
Companies and other Organizations. If you are a company or other organization, follow these instructions. There is no agreement to sign and it costs nothing.
Individuals. Visit this page, clone the repo, add your name to the bottom of the commitment text, and submit a pull request. Full instructions are provided on the page.
It’s easy!
Tell the world that you added your name to the GPL Cooperation Commitment via Twitter!
This commitment is for copyright holders in an individual capacity (i.e. not on behalf of the company for whom you may be working).
“As President of the Open Source Initiative (OSI), I’m pleased to sign my name to the GPL Cooperation Commitment. This recent initiative by Red Hat helps to set a precedent for cooperation in GPL license enforcement―it’s a way to tell the open source community that good intentions matter. I encourage other members of the community to support this initiative by adding your name. Let’s celebrate the 20th anniversary of Open Source by spreading this everywhere!” -Simon Phipps
Projects.
A project may wish to adopt the GPL Cooperation Commitment for all contributions going forward. Simply put this file in the same directory in your source repository as the GPLv2, LGPLv2 or LGPLv2.1 license file.
FAQs
Is there something wrong with GPLv2 that the GPL Cooperation Commitment is seeking to fix?
No. GPLv2 continues to be a very popular and important open source license. It was written to ensure compliant distribution of copyleft-licensed software. The GPL Cooperation Commitment seeks to provide additional predictability in how the license is enforced, recognizing that occasional, minor and easily-fixed forms of noncompliance may occur due to ambiguity or misunderstandings.
How does the GPL Cooperation Commitment work?
One of the features that was introduced in GPLv3 is a “cure” period for license noncompliance, which creates incentives for distributors of GPLv3-licensed code to discover and fix compliance problems. With the GPLv3 cure period, a licensee is afforded a period of time (the cure period) to correct errors in compliance before the license is effectively terminated. Projects that continue to use GPLv2 would benefit from adoption of the GPLv3 approach to correcting compliance errors. It is often impractical for existing GPLv2 and LGPLv2.x-licensed projects to upgrade to the later versions, whether because it would be inconsistent with upstream license obligations or contrary to the general preferences and expectations of participants. A copyright holder who signs the GPL Cooperation Commitment is stating that they are applying the cure and reinstatement language of GPLv3 to copyrighted code that is licensed under GPLv2, LGPLv2.1 and LGPLv2.
Does the GPL Cooperation Commitment itself violate the GPL?
No. Signing the GPL Cooperation Commitment, whether as a company, individual developer or project, does not impose a “further restriction” on the user’s rights relative to GPLv2. Rather, it is akin to well-known substantive GPLv2 exceptions, like the Classpath Exception, or what GPLv3 calls an “additional permission”. In particular, a given project may legitimately have a subset of its GPL copyrights covered by the Commitment, since the Commitment is an additional grant of permission; this is analogous to a GPL-licensed codebase containing portions that are licensed under a more permissive GPL-compatible license like the MIT license.
Note also that the project version of the GPL Cooperation Commitment applies only to contributions made to the project after adoption of the Commitment by the project; it does not apply to past contributions.
As the steward of the GPL, has the Free Software Foundation expressed any opinion about the GPL Cooperation Commitment?
The Free Software Foundation supports the approach underlying the GPL Cooperation Commitment and has welcomed its adoption by Red Hat and other companies. In September 2015, the Free Software Foundation joined the Software Freedom Conservancy in promulgating the Principles of Community-Oriented GPL Enforcement, which call for applying the GPLv3 termination policy to GPLv2 enforcement. Following the adoption of the GPL Cooperation Commitment by Red Hat, Facebook, Google and IBM, the Free Software Foundation publicly endorsed their approach:
Now, in a positive step forward, a group of companies led by Red Hat has announced a commitment in effect adopting an important part of the Principles: They will use the GPLv3’s more refined approach to compliance and termination when dealing with violations on their GPLv2-licensed works.
. . . . .
The announcement of the Common Cure Rights Commitment [as the GPL Cooperation Commitment was referred to at the time] is welcome news for the free software movement, and we look forward to more organizations either fully adopting the Principles of Community-Oriented GPL Enforcement or making similar commitments in the same spirit. These steps help to strengthen copyleft and therefore the long-term protection of user freedom.
Why should I add my name to the formal commitment on GitHub as an individual? Can’t I just decide privately that I will provide the GPLv3 cure provisions to GPLv2 violations?
Signing the commitment is a way to demonstrate your commitment and publicly communicate to others in the free and open source community that you have adopted the cure provisions. Also by adding your name to this commitment, you are providing more awareness and support for the initiative.
What are the origins of the GPL Cooperation Commitment?
Red Hat initiated and is promoting the GPL Cooperation Commitment because Red Hat believes it will lead to more predictability in enforcement and, in turn, greater participation in the development and use of free and open source software. Red Hat’s intention is to let the world know that various companies and individuals support this initiative and have signed on to the GPL Cooperation Commitment.
Red Hat, IBM, Google, Facebook, CA Technologies, Cisco, HPE, Microsoft, SAP, SUSE, and many Linux kernel developers have made this or a similar commitment. Check out the list of individuals and companies who have joined this particular initiative.
The roots of the GPL Cooperation Commitment lie in the pioneering work of the Free Software Foundation and Software Freedom Law Center on GPLv3. The Free Software Foundation and Software Freedom Conservancy later embodied the concept in their Principles of Community-Oriented GPL Enforcement. Later, in October 2017, a large number of individual Linux kernel developers adopted the approach in their Linux Kernel Enforcement Statement.
What if I am a company or an individual who doesn’t own any copyrights in GPLv2, LGPLv2, or LGPLv2.1 code (for example, I only work on permissive-licensed projects, or my employer owns all the copyrights in my work)?
We encourage you to add your name to this commitment. The commitment would apply to future GPLv2, LGPLv2 and LGPLv2.1 code to which you do own the copyright and that you decide to distribute at a future time. In addition, you would be helping to document a more collaborative norm in the community and demonstrating your support for a more cooperative and predictable approach to license enforcement.
Who can I contact if I have questions?
If you have any further questions, please send an email to gplcc@redhat.com
Important privacy Information
This page/repository is managed by Red Hat, Inc.
If you are an individual, we suggest that you only provide your name and no other identifying information about yourself. The decision is yours of course but you should know that if you provide more information such as your email, phone number, or address the general public will have access to that information. Red Hat has no intention to contact you using information you are providing to this repository on GitHub in connection with the GPL Cooperation Commitment initiative but we cannot promise that other individuals or companies will not attempt to contact you. That is why we suggest just providing your name. Also be aware of GitHub’s applicable Terms of Service and Privacy policies. Note that this repository and content may be moved to a different location and/or managed by a different entity or person in the future.