We do that in KDE too, where the decision to update to a possible gpl4 is decided by a vote of the KDE e.v. (the legal non profit organization behind the project) membership.
> I find neither approach to be ideal. It is often impossible to gain consensus of all copyright holders since some may be unreachable.
Well, licences are not universal wonder tools. They have restrictions about their use cases. But, narrowing this down solely to "GPL xyz" versus "GPL xyz - or later fancypants", I always found the variant WITHOUT the "or later" to be better. It simply adds more complexity when a licence can willy-nilly be changed, at a later time, when a change happens. I understand the use case for the "or later" part, as the GPL is very strict as well as an ideological tool against abuse from corporations (let's be honest here; and I think the GPL is a good licence, despite this too), but even then I find it better to stick to the simpler variants. It is one reason why I may use GPLv2. I also use MIT/BSD when I essentially don't care much. I don't think I have had a use case for GPLv3; and not for "or later" either. LGPL is also fine.
> It’s patently clear that the license allows this, and it surprises me that this is rarely brought up in debates about GPL-3.0-only and GPL-3.0-or-later.
I was unaware that a proxy can be designated upfront; so that's another complexity with regards to the "or later" part. What can proxies do? I dislike the "or later" clause; it really just makes this way more complicated than it should be.
The main advantage for using "or later" is not really to be OK when a new version of the license is published, as this happens rarely.
What you gain is the possibility of combining this code with any other code that is under a later version of the license. If there is code X under GPL-2.0-only and code Y under GPL-3.0-only, these cannot be combined, since each license declares that any derivative work has to be under the same license. If code X were under GPL-2.0-or-later, the combination would be compliant.
"It is often impossible to gain consensus of all copyright holders since some may be unreachable."
How one feels about that is a matter of where one stands. The GPL first and foremost protects the interests of software users. Not developers. Not companies.
In that regard, the above should be seen as a feature, not a bug. I believe it is the most effective way to protect the user from being locked-in.
With the "or later" version it's a concern that in the future someone nefarious could gain control of the FSF, and publish a GPL removing most of the copyleft provisions.
On the other hand, if Linux had used the "or later" version it could have helped prevent TiVoization.
> if Linux had used the "or later" version it could have helped prevent TiVoization
Only if the hardware manufacturer used a combined work of Linux and some GPLv3-only code, no? Otherwise, if Linux was GPLv2-or-later, they could just use it under GPLv2 terms and tivoize.
It seems that "or later" would be putting an upper bound on the GPL restrictions? If additional restrictions are added, then users can still choose 3. If any restrictions are removed, the users can choose the later version.
Can I (pedantically) raise an epistemic issue with:
> Pursuant to Section 14 of the GNU Affero General Public License, Version 3.0, [Runxi Yu] is hereby designated as the proxy who is authorized to issue a public statement accepting any future version of the GNU Affero General Public License for use with this Program.
Notice that [Runxi Yu] is an external reference, pointing to runxiyu.org.
Wouldn't this mean that the designated proxy is (any?) future entity claiming to be Runxi Yu and substantiating that claim by demonstrating control over DNS entry for runxiyu.org could effectively upgrade the GPL licence? Or practically, if the domain registration lapses, a hacker takes control or Runxi Yu looses interest — what might happen to the license? And how would this affect any contributers?
Remember that law is not technical. This is a declaration to be interpreted. The Interpretation that a specific person with the legal name Runxi Yu is designated here is very clear, the link just a helper to identify the correct person at the time of writing.
Thank you for pointing out this mistake. Of course, there also is nothing technically preventing anyone to ignore the GPL; the license itself is "just" some legalese.
I do believe, though, that these kind of references (from paper into the real world) often introduce surprising gotchas. Especially when they are intended to address some future (mostly unknown) issue.
The designated anchor point (person, technological artifact, legal entity) is itself often more likely subject to change than the thing it's trying to govern. Persons may be hit by a car, registries may expire, companies may go bankrupt. Governing laws may change. Countries may cease to exist...
The LAW® has literally millennia of dealing with these kinds of things - especially with regards to physical property, the definitions of which may refer to a king of a country that hasn't existed for five hundred years. You can find all sorts of examples, look to the US southwest or Europe or any country that has been controlled by another for a time, and then stopped.
If you are an individual developer, please don’t do this. I think proxy delegation is best suited to an organisation (ideally to a non-profit) whose lifespan is longer than of a solo developer and more likely to have “checks and balances” that protect all maintainers’ rights vs just you and yours.
If you don’t want to hand FSF a carte blanche regarding your project—perfectly understandable—then pick a “version X only” variant and move on.
a) The "founder" of the code disappears in to the ether, and it is the equivalent of "version X only";
b) The "founder" stays involved, and if GPL 3 is updated, they can choose.
only b is worth speaking of. In b, isn't having someone in a position to make a choice much better than no one? What is the boogie monster that is the worry? The FSF puts out the 4.0 version, with a special "except for boramalper" clause, that lets you specifically monetise the hell out of it while keeping it closed source? I would not lose much sleep over that.
Stallman is a nutcase, in an endearing way (ok, maybe you have to have moved in the right circles). But he has put in place a system that needed just such a nutcase, who established clear black lines that could not be crossed, and who was also writing enough amazingly meaningful code that we needed to take his license seriously, that could then establish the institutions and governance to make it all live beyond him.
A risk of putting in a literal person is that you might stop maintaining the project, and changing the maintainer is now effectively a license change. It may be better to say "consensus among whoever is currently maintaining the project, as specified by the file MAINTAINERS".
I think it's not the best, considering the chardet debacle. It would make sense though to have clauses indicating what happens or who gains the proxy role in the event the original author is gone.
Uh yes of course, I thought of that and thought "isn't that neat" but of course it goes against exactly what the author wants. I don't find this fear very natural I suppose! A different trusted third party could be nominated, I guess (KDE project nominate KDE e.V. for instance).
> It’s patently clear2 that the license allows this, and it surprises me that this is rarely brought up in debates about GPL-3.0-only and GPL-3.0-or-later.
It's an interesting avenue, but the ultimate problem is that people die and/or lose interest in projects. What happens to this particular project if Runxi dies, or decides to make furniture out of wood instead? That basically becomes "GPL-3.0-only" again.
You enter an "unclear title" scenario which may mean that individuals are fine using it, but no company wants to get involved because of the risks.
Similar things happen with physical property, where a title cannot be cleared and either people just live with it or they go to court to get it "reset".
When a copyright holder dies, their copy rights pass on to their heirs. Depending on the state, this means it can go to cousins or twelfth cousins twice removed if that's all that is alive. Failing that, it goes to the state. Any/all of these could potentially sue if there is money in it.
So it's basically GPLv3-or-later but with veto power of the "-or-later" part by the maintainer (but not the contributor). That's pretty clever. And, since you're asking someone to maintain your contribution, it also seems pretty fair.
> It’s patently clear2 that the license allows this, and it surprises me that this is rarely brought up in debates about GPL-3.0-only and GPL-3.0-or-later.
There is nothing surprising about it as the contentious issue about GPL3.0 is the patent claim one (which did cause multiple companies go "HELL NO we're not touching GPL with 100m pole"), not this.
https://invent.kde.org/office/marknote/-/blob/master/LICENSE...
Well, licences are not universal wonder tools. They have restrictions about their use cases. But, narrowing this down solely to "GPL xyz" versus "GPL xyz - or later fancypants", I always found the variant WITHOUT the "or later" to be better. It simply adds more complexity when a licence can willy-nilly be changed, at a later time, when a change happens. I understand the use case for the "or later" part, as the GPL is very strict as well as an ideological tool against abuse from corporations (let's be honest here; and I think the GPL is a good licence, despite this too), but even then I find it better to stick to the simpler variants. It is one reason why I may use GPLv2. I also use MIT/BSD when I essentially don't care much. I don't think I have had a use case for GPLv3; and not for "or later" either. LGPL is also fine.
> It’s patently clear that the license allows this, and it surprises me that this is rarely brought up in debates about GPL-3.0-only and GPL-3.0-or-later.
I was unaware that a proxy can be designated upfront; so that's another complexity with regards to the "or later" part. What can proxies do? I dislike the "or later" clause; it really just makes this way more complicated than it should be.
What you gain is the possibility of combining this code with any other code that is under a later version of the license. If there is code X under GPL-2.0-only and code Y under GPL-3.0-only, these cannot be combined, since each license declares that any derivative work has to be under the same license. If code X were under GPL-2.0-or-later, the combination would be compliant.
How one feels about that is a matter of where one stands. The GPL first and foremost protects the interests of software users. Not developers. Not companies.
In that regard, the above should be seen as a feature, not a bug. I believe it is the most effective way to protect the user from being locked-in.
On the other hand, if Linux had used the "or later" version it could have helped prevent TiVoization.
https://sfconservancy.org/blog/2021/mar/25/install-gplv2/ https://sfconservancy.org/blog/2021/jul/23/tivoization-and-t... https://events19.linuxfoundation.org/wp-content/uploads/2017...
Only if the hardware manufacturer used a combined work of Linux and some GPLv3-only code, no? Otherwise, if Linux was GPLv2-or-later, they could just use it under GPLv2 terms and tivoize.
> Pursuant to Section 14 of the GNU Affero General Public License, Version 3.0, [Runxi Yu] is hereby designated as the proxy who is authorized to issue a public statement accepting any future version of the GNU Affero General Public License for use with this Program.
Notice that [Runxi Yu] is an external reference, pointing to runxiyu.org.
Wouldn't this mean that the designated proxy is (any?) future entity claiming to be Runxi Yu and substantiating that claim by demonstrating control over DNS entry for runxiyu.org could effectively upgrade the GPL licence? Or practically, if the domain registration lapses, a hacker takes control or Runxi Yu looses interest — what might happen to the license? And how would this affect any contributers?
I do believe, though, that these kind of references (from paper into the real world) often introduce surprising gotchas. Especially when they are intended to address some future (mostly unknown) issue.
The designated anchor point (person, technological artifact, legal entity) is itself often more likely subject to change than the thing it's trying to govern. Persons may be hit by a car, registries may expire, companies may go bankrupt. Governing laws may change. Countries may cease to exist...
If you don’t want to hand FSF a carte blanche regarding your project—perfectly understandable—then pick a “version X only” variant and move on.
It seems like there are two options:
a) The "founder" of the code disappears in to the ether, and it is the equivalent of "version X only";
b) The "founder" stays involved, and if GPL 3 is updated, they can choose.
only b is worth speaking of. In b, isn't having someone in a position to make a choice much better than no one? What is the boogie monster that is the worry? The FSF puts out the 4.0 version, with a special "except for boramalper" clause, that lets you specifically monetise the hell out of it while keeping it closed source? I would not lose much sleep over that.
Stallman is a nutcase, in an endearing way (ok, maybe you have to have moved in the right circles). But he has put in place a system that needed just such a nutcase, who established clear black lines that could not be crossed, and who was also writing enough amazingly meaningful code that we needed to take his license seriously, that could then establish the institutions and governance to make it all live beyond him.
It's an interesting avenue, but the ultimate problem is that people die and/or lose interest in projects. What happens to this particular project if Runxi dies, or decides to make furniture out of wood instead? That basically becomes "GPL-3.0-only" again.
Similar things happen with physical property, where a title cannot be cleared and either people just live with it or they go to court to get it "reset".
(Similarly to what the author of the article wrote: i’m not a lawyer and this is not legal advice)
There is nothing surprising about it as the contentious issue about GPL3.0 is the patent claim one (which did cause multiple companies go "HELL NO we're not touching GPL with 100m pole"), not this.