In the golden age of Open Source compliance offerings, one of the key marketing argument still appears to be: “The General Public License (GPL) is sooo risky. In case of GPL infringement, you will have to release all of your code – speak your intellectual property (IP) – under the same terms. Take our license scanner as we are the best to protect you against such nightmares.”
That statement simply is not correct. But very effective if you want to sell your services. Which company wants to be forced to release its valuable IP into the public only by not following specific license terms?
This myth was supposedly framed by Steve Balmer of Microsoft who once said back in 2001: “The way the license is written, if you use any open-source software, you have to make the rest of your software open source. […] Linux is a cancer that attaches itself in an intellectual property sense to everything it touches. That’s the way that the license works.”
His general understanding of one of the basic principles of Free Software and the GPL – reciprocity – speaks of great intellectual power. However this muddle-headed theory in total is utterly wrong but still persistent today serving as one of the main arguments to sell license compliance offerings.
Even infringing the terms of the GPL will never force you to put your own source code under the same license. Simple as that.
Sure, in the worst case you have violated a software license. In this aspect there is no difference between the GPL or any other even proprietary license. Copyright infringement claims are caused by
- the actual violation of the license and
- the unlicensed use of software.
You have to cope with its consequences. Legal remedies are
- punitive damages and
- injunction to not distribute your product any further.
Not more, not less.
The most straight forward way out of this would naturally be to release your source code also under the terms of the GPL. Thereby making it public. This is what is understood as reciprocity – others can also benefit from your work, as you did from the original work. It is the recommended choice of the Free Software community.
But in case you want to protect your IP by keeping your own code secret, you are still left with various other options:
- Remove it. Double check if the GPL-licensed component is really needed by your product. In case not, just remove it.
- Refactor it. Either re-write the functionality provided by the component from scratch or replace it by another one that comes with a more permissive license.
- Relicense it. Ask the original author(s) if they are open to re-license it. Either under a more permissive license or a commercial license for proprietary use.
The best wrap-up I have read is given by Heather J. Meeker in her book “Open (Source) for Business: A Practical Guide to Open Source Software Licensing”. A must read not only regarding this issue.
To conclude – whenever you hear such statement, be alarmed and listen more carefully to assure that the talking alleged expert really offers the necessary expertise to help you with license compliance.
Update 2020/07/11: For the sake of completeness, it should be mentioned that the GPL also has a paragraph about its automatic termination in case its obligations are not fulfilled:
- GPLv2 (4.): […] You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. […]
- GPLv3 (8.): Has the same wording and even defines a kind of cure period to conform in case of violation.