The ability to correct errors in GPLv2 compliance: the right thing to do

How often is it that 10 large technology companies agree on anything, much less agreeing to give up legal rights? It can happen when it’s the right thing to do.

Today, six more technology companies – CA Technologies, Cisco, HPE, Microsoft, SAP and SUSE -- have all committed to offering the GPLv3 cure approach to licensees of their GPLv2, LGPLv2.1 and LGPLv2 licensed code (except in cases of a defensive response to a legal proceeding). The GPLv3 cure approach offers licensees of GPLv2 code a period of time to come into compliance before their licenses are terminated but does not involve the relicensing of the code under GPLv3.

Today’s announcement follows two similar earlier announcements. In October 2017, the Linux kernel Technical Advisory Board announced in the Linux Kernel Enforcement Statement that the Linux kernel project was adopting the GPLv3 cure commitment. Then, in November, four major GPL code contributors, including Red Hat, Facebook, Google and IBM, made the same commitment but applying to all of their contributions, not just contributions to the Linux kernel.

Speaking as part of the Red Hat team, we extended these rights because we believed it was the right thing to do – good, in our view, for the community, for our customers and partners and for our licensees. The cure rights offer additional comfort that users of GPLv2 code have reasonable assurances of quiet use of that code, even if there is a temporary license noncompliance due to ambiguity, misunderstanding or otherwise. We also believe that community adoption of these rights will reduce the opportunity for copyright trolling. The cure commitment that the 10 companies have adopted is intended to offer relief to any non-compliant distributors of GPLv2 code which take immediate action to correct non-compliance – actual compliance with the GPL is, after all, our ultimate objective. On the other hand, troll-like enforcement for purely financial gain and which does not provide reasonable opportunities to come into compliance is inconsistent with the collaborative values of the open source community and should be shunned.

We applaud those who announced their commitments today: CA Technologies, Cisco, HPE, Microsoft, SAP and SUSE. We hope that others will also join in this endeavor to reassure the open source ecosystem that good faith efforts to cure non-compliance will be embraced.