Category Archives: gpl

Furthering the interests of Free Software?

Or not.

The Free Software Foundation (FSF) has gone public with a statement on the Oracle vs Google litigation.  The FSF is of course free to do so, and since it’s also a campaigning organisation we should not be surprised when they do.  But does the statement itself stand up to scrutiny?

Before going any further, I should make it clear: this is a comment on the FSF’s position statement.  No matter where this appears aggregated, I don’t represent anyone or anything other than myself.  Any views I may have on the FSF itself, on Oracle or Google, on Java implementations, Android/Dalvik, on patents (software or otherwise) or on anyone/anything else, fall outside the scope of this posting.  Nor should this be taken as comment on the FSF beyond this single document: as it happens, I am in general terms an admirer of the FSF.

The introduction is clear enough:

As you likely heard on any number of news sites, Oracle has filed suit against Google, claiming that Android infringes some of its Java-related copyrights and patents. Too little information is available about the copyright infringement claim to say much about it yet; we expect we’ll learn more as the case proceeds. But nobody deserves to be the victim of software patent aggression, and Oracle is wrong to use its patents to attack Android.

That’s fair: the FSF’s position against software patents is rational and consistent.  Oracle vs Google is one of many patent cases currently in the courts throughout the rapidly-growing mobile devices space: some other household names that spring to mind include Apple, Nokia, HTC, and of course the victim of the biggest injustice, Blackberry-maker RIM.  But it’s also fair to say Oracle vs Google may have more far-reaching repercussions than the others, insofar as it may affect Free Software in the Android ecosystem.

The second paragraph is more problematic:

Though it took longer than we would’ve liked, Sun Microsystems ultimately did the right thing by the free software community when it released Java under the GPL in 2006. […]

That’s fair as far as it goes, but it’s becoming a partisan statement within FOSS when you implicitly dismiss the ongoing controversy over licensing a TCK.  The third paragraph goes on to say:

Now Oracle’s lawsuit threatens to undo all the good will that has been built up in the years since. Programmers will justifiably steer clear of Java when they stand to be sued if they use it in some way that Oracle doesn’t like. […]

Hang on!  How is that new?  The entire TCK issue is about field-of-use restrictions that are problematic for free software!  At the same time, let’s not forget that Java was hugely popular among Free Software developers even before 2006: these controversies matter only to an activist minority.

If the above is nitpicking, paragraph 4 is altogether more suspect.  Let’s quote it in full:

Unfortunately, Google didn’t seem particularly concerned about this problem until after the suit was filed. The company still has not taken any clear position or action against software patents. And they could have avoided all this by building Android on top of IcedTea, a GPL-covered Java implementation based on Sun’s original code, instead of an independent implementation under the Apache License. The GPL is designed to protect everyone’s freedom—from each individual user up to the largest corporations—and it could’ve provided a strong defense against Oracle’s attacks. It’s sad to see that Google apparently shunned those protections in order to make proprietary software development easier on Android.

Erm, this really is an attack on Apache!  How would IcedTea have helped here?  The only valid argument that it might have done is that rights were granted with Sun’s original code.  I don’t think it’s clear to anyone outside the Oracle and Google legal teams whether and to what extent such ‘grandfather’ rights might affect the litigation.  As far as licenses are concerned, the Apache License is a lot stronger on protection against patent litigation than the GPLv2 under which IcedTea is licensed.  Indeed, in separate news, Mozilla (another major player in Free Software) is updating its MPL license, and says of its update:

The highlight of this release is new patent language, modeled on Apache’s. We believe that this language should give better protection to MPL-using communities, make it possible for MPL-licensed projects to use Apache code, and be simpler to understand.

Well, Mozilla is coming from a startingpoint closer to the GPL than Apache.  It seems I’m not alone in supposing the Apache license offers the better patent protection, contrary to the FSF’s implication!

Finally the tone[1] of the FSF statement, as expressed for example in the final paragraph, makes me uneasy:

Oracle once claimed that it only sought software patents for defensive purposes. Now it is using them to proactively attack free software.

Hmmm, attacking Android/Dalvik is proactively attacking free software?  While it’s a supportable position it’s also (to say the least) ambiguous, and you haven’t made a case to convince a sceptic.  Or a judge.

[1] Not to mention the grammar, up on which some readers of this blog will undoubtedly pick.

He told us so!

Anyone who works in or with software knows the danger of a product/project being orphaned: left unsupported, and its users in limbo, facing forced migration to something else[1]. It is a strong argument in favour of open source: if you have the source, then if the worst happens and your supplier/support organisation disappears, or is bought up by someone hostile to it, you can hire someone else to maintain it.

My Apache colleague Gianugo Rabellino (one of the most interesting thinkers and inspiring speakers anywhere in the FOSS world) has argued for years that open source alone is necessary but not really sufficient, and for a product, you need open development. This evening he’s one of the many bloggers to comment on the Oracle acquisition of Sun, and argues there is now a danger of MySQL being orphaned and its users left in limbo despite MySQL being open source (GPL)! His thesis (here) is that if Oracle wants to stifle MySQL, they can make it very unrewarding for anyone else to pick up development.

I don’t think his point completely stands. If enough of the original/current MySQL team were to leave Oracle en masse, they could pick up development, and make a support business of it on the basis of their reputation, in spite of not owning the IP. But that’s not a nice scenario, compared to MySQL as an independent or within Sun.  Or of course within a supportive Oracle.

On the subject of MySQL itself, I’m more optimistic (albeit through the perspective of benefit of the doubt – I want this to be good). While acknowledging the danger, I’m sure Oracle can see the business case for maintaining a healthy MySQL product and community[2]. LAMP and other FOSS users are not short of credible alternatives: obvious candidates include PostgreSQL for serious applications or SQLite for lightweight php-ish stuff, and if MySQL loses its bloom, they’ll migrate. Surely better for Oracle to keep them on-side, make tiny margins on LAMP business and support, but gain a serious market from those who grow big and might be sold a smooth upgrade to a top-end platform where Solaris and Oracle replace Linux and MySQL.

[1] Even Government seems to have got the basic message!

[2] What’s MySQL’s current market share? Is it more than all other SQL databases combined?

Apache/APR MySQL Driver

The subject of bundling the MySQL driver with APR has resurfaced on the APR developer list.

It looks different to last time it was discussed. We can still argue over whether the driver or anything else is a derived work within the meaning of the GPL. But we don’t really need to: we have MySQL’s FOSS “exception” explicitly sanctioning what we want to do. And we’ve reviewed it in the context of Debian bundling the driver.

Suppose we were distributing a non-free product that was arguably a MySQL “derivative work” under the terms of the GPL. We could negotiate terms with MySQL. For a commercial product, that would probably mean paying them money, but that’s beside the point. Under our agreement with MySQL, we can distribute our product on our agreed terms, without reference to the GPL. No problem.

But that’s exactly what the FOSS Exception gives us. Explicit permission to distribute our product under the ASL. We didn’t pay for it, but we got it anyway. End of problem.

I think that driver could finally be migrating to Thanks to Joachim for prompting me to revisit the subject.

GPL update

GPLv3 is old news now. I haven’t blogged about it before, and so far as I can recollect, the nearest to it I’ve come is in raising an eyebrow at the shenanigans around ASL compatibility.

I am a fan of GPLv2, and commonly apply it to my work when there is a free choice. I’m not sure about v3: I need to find time to read what it’s finally become first. But I have a gut feeling, which goes something like:

GPLv2 – a work of genius.

GPLv3 – a work of committee.

Now I see Anthony Towns blogs about what looks like a very nasty gotcha: LGPLv3 incompatible with GPLv2. If he’s right, that’s likely to cause serious grief not only in the pedantic camp (Debian et al), but also in the centre ground (Redhat, etc). Who foresaw/intended that?

But such an incompatibility also feels like a suicide note for GPL as a mass-participation movement. As of now, the GPL has a very long tail: independent developers (such as Yours Truly) licensing works under the GPL. Most “long tail” works may have little or no value individually, but the tail as a whole comprises a very substantial body of work. Not everyone in that tail is going to pay attention to the nuances of a license change. I expect we’ll have chaos, and a lot of unnoticed technical violations.

That looks like fertile ground for lawyers when someone big and serious – for example Microsoft – wants to fight the GPL.

Re-licensing apr_dbd_mysql

OK, I’ve re-licensed apr_dbd_mysql to permit distribution under the ASL 2.0 when aggregated with APR-UTIL.  Due to the licensing incompatibility, this is necessary if it is to be aggregated.  Which in turn makes life easier for end-users.

This follows recent discussion with the Debian packagers.  The original problem is discussed in more detail here.

Apache/APR/MySQL packaging

My attention has just been drawn to Debian bugs 395959/403541 re: packaging the MySQL driver in apr-util. This is a legal problem of meeting the terms of all licenses involved.

That’s bad, because I believe packagers such as Debian are precisely the people best placed to make this integration available to end-users. Speaking as a key holder of the intellectual property in question, maybe I can help. I just posted an entry to the Debian bug tracker, but I’m not sure how that works. So I’ll blog it here for the record.


Joachim has just drawn my attention to this report.

I am the original developer of the MySQL driver, and it was originally my decision to license it under the GPL. I’m also director of WebThing, and a member of the Apache Software Foundation (though not, in this message, speaking in an official capacity).

I’m not dogmatic about the licensing, and I’d be happy for it to change if it helps, subject to the constraints of the other licenses involved. Originally I’d have been more dogmatic about it, because apr_dbd_mysql released under the Apache license seems to risk undermining MySQL’s GPL rights, and I didn’t want to be responsible for that. However, MySQL AB has made it clear that they are happy to live with that: indeed, they explicitly name APR and the Apache license at

So the sticking point is no longer the GPL, but rather ASF policy, which does not permit us to distribute anything that would impose restrictions on our users, over and above those in the Apache License. The ASF takes the view that to take advantage of MySQL’s exception risks leaving our users in limbo. That clearly doesn’t apply to Debian: your primary license is after all the GPL.

A quick google reveals that some Linux distros have apr_dbd_mysql as a separate (RPM) package, and have presumably built apr-util to enable dynamic loading of a DBD driver. This seems to me an excellent solution.

I hope Debian will see a way to make this available for your users. If I can help, please ask.

Half-open source

On October 17th, MySQL AB announced a new commercial offering, based of course on their renowned opensource database product. Apache folks Ian Holsman and Steve Loughran comment on the announcement.

But we have a very similar scenario even closer to home, with the acquisition by Breach Security of mod_security. I’ve actually been thinking about the possible implications of that one, with a view to featuring it in my column for El Reg, and my conclusion is that if Ristic and Breach play their cards right, this could be good news for everyone. Ristic’s interview with securityfocus is reassuring on this count.

One thing that may have profoundly affected the mod_security situation is the use of the GPL. Of course, Breach (like MySQL) can do exactly what they like with their product. But if AN Other bases a new product on it – and mod_security certainly has scope for that – it has a profound effect. In effect, Breach have bought themselves a monopoly on the right to release a closed-source enterprise edition.