GPLv2 decline and debate on open source licenses

Code scanning and management vendor Black Duck reports the GNU General Public License v2 (GPLv2) now dipping below 50% share of open source software. While we already knew that GPLv2 was somewhat in decline from its far greater share of open source code over the last 5-10 years, it is useful to know what pool of code we’re talking about. We must also remember that while GPLv2 may not be as dominant as it once was and that other licenses, particularly GPLv3, are quickly gaining share, GPLv2 is still quite relevant to enterprise open source software, is used in a variety of newer and popular applications across the enterprise stack and is likely to remain in the top 10 licenses for a long time.

Regarding GPLv2 and Black Duck’s findings, some folks are rightly asking what code and how much of it are we considering where GPLv2 accounts for half or less of the software? Well, the short answer is, I believe, hosted open source code. Black Duck draws its figures from open source software in its Software Knowledgebase, which draws on other repositories and includes more than 185,000 software projects.

For our recent report, The Myth of Open Source License Proliferation, we thought it would be useful to look at open source license representation in another cross-section of software that was more reflective of code in use. Thus, with the help of Airius Internet Solutions, we considered the open source licenses of software that was the subject of vulnerability reporting (arguably, a decent measure of the software’s use). What we found, somewhat surprisingly, was that the list of most popular open source licenses among hosted open source software was very consistent with the list of most popular open source licenses among open source software in use. Both lists have the GPLv2, GPLv3, Artistic, BSD and Apache licenses in their top six, albeit in somewhat different orders. The percentages for different licenses, however, were quite different, giving more share to other licenses further down the list in the case of software in use.

At the time of our report, May 2009, the GPLv2 license accounted for 50.49% of all projects documented in Black Duck’s Software Knowledgebase, which is more than 185,000 projects. During the same time frame, Airius reported that the GPLv2 license accounted for 36.34% of software subject to vulnerability reporting and the Airius Risk Report, which consists of more than 139,000 projects reviewed. GPLv2 still tops both lists for now, but it is clear that GPLv3 is rising fast. Black Duck reported in June that GPLv3 had moved past the Mozilla, MIT and Apache licenses to the fifth spot on its list with 5.10%, behind BSD. Our research with Airius indicated that GPLv3 was number two on the list of projects reviewed with 18.5% as of June 15, 2009. This reinforces the idea that GPLv2 is being used less while GPLv3 is gaining more use. Nevertheless, it is important to remember GPLv2 is still being used in many projects and products beyond Linux and MySQL (which are, nevertheless, among prominent uses of the GPLv2). Examples range from applications such as Jaspersoft BI to systems management software such as Likewise, to cloud computing pieces such as the Puppet server automation software.

We’ll be delving into these and related issues with a lively, live debate on OSS licenses coming this Monday, August 31. We’ll have Matt Asay argue for GPL, Eclipse Foundation’s Mike Milinkovich pull for EPL and Coverity’s David Maxwell for the BSD as they spar over which license is best. The audience and a panel including yours truly will judge who wins, and we’ll post our thoughts here and elsewhere for others to weigh in as well. Please join the discussion and the debate.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , ,

11 comments ↓

#1 Bill Karwin on 08.27.09 at 4:05 pm

What is meant by “which license is best?” They have different goals, so how can you make a qualitative judgment like which is best? Perhaps which one achieves its respective goal most effectively?

Also, your statistics of how many projects needs to be weighted by how widely each project is used. The fact that GNU/Linux is GPL-based should count for more than some irrelevant abandonware on Sourceforge that has a BSD license.

I’m not an advocate for any one license over another, I just wonder exactly what question your statistics are answering.

#2 Jay Lyman on 08.28.09 at 12:09 am

‘Which license is best’ may be an oversimplification, granted, and our debate is largely intended to bring out the goals, effectiveness and merits of these different licenses, which is similar to what you state.

In terms of the statistics, by looking at software based on vulnerability reporting and thus use, we address the idea of irrelevant abandonware on SourceForge or anywhere else. What we found, and the question that our statistics answer, is that the top licenses among hosted code are the same top licenses among code in use (based on vulnerability reporting). Thus, Linux and GPL get their fair share in the ‘open source code in use’ figures, as does BSD. Both licenses are atop the most popular license lists, but the code-in-use figures show a more dramatic decline for GPLv2 and incline for GPLv3. Thanks,

JL

#3 Why is IDG News Service Attacking the GPL? | Boycott Novell on 08.27.09 at 9:47 pm

[…] filtering) to saturate its pool and then claim a dip in GPL. This deceptive claim is still being parroted today and also today we’ve heard of private stories where similar anti-GPL actions were taken in […]

#4 Jay Lyman on 08.28.09 at 10:44 am

So Roy,

You say I’m parroting a ‘deceptive claim.’ I don’t know what deceptive claim you are referring to, but if it is the fact that GPLv2 is being used less and GPLv3 is being used more, I am indeed guilty of perpetuating this truth.

As far as GPLv2 itself and its place among the top open source licenses and value, I think this post makes clear I don’t think GPLv2 is going away. In addition, I highlight a few newer, growing applications and projects that are licensed under GPLv2. Did you not get to that part?

As for the debate and anything being ‘stacked,’ I invite you and everyone else to judge for themselves the arguments in the debate and the merits of the licenses, all of which are extremely relevant and important to today’s enterprise use of open source software.

JL

#5 Math World | 451 CAOS Theory » GPLv2 decline and debate on open source licenses on 08.28.09 at 1:32 am

[…] See the original post here: 451 CAOS Theory » GPLv2 decline and debate on open source licenses […]

#6 451 CAOS Theory » GPLv2 decline and debate on open source licenses « Computer Internet and Technology Articles. on 08.28.09 at 1:53 am

[…] here to read the rest: 451 CAOS Theory » GPLv2 decline and debate on open source licenses August 27th, 2009 | Tags: black-duck, business-models, conferences, licensing, open-source, […]

#7 451 CAOS Theory » GPLv2 decline and debate on open source licenses | Open Hacking on 08.28.09 at 3:34 am

[…] here: 451 CAOS Theory » GPLv2 decline and debate on open source licenses This entry was posted on Thursday, August 27th, 2009 at 1:00 pm and is filed under Linux, News, […]

#8 451 CAOS Theory » On the GPL, Apache and Open-Core on 08.28.09 at 5:48 am

[…] the GPL, Apache and Open-Core Matthew Aslett, August 28, 2009 @ 5:48 am ET Jay has already provided a good overview of the debate related to the apparent decline in the usage of the GPLv2. I […]

#9 Twitter Trackbacks for 451 CAOS Theory » GPLv2 decline and debate on open source licenses [the451group.com] on Topsy.com on 08.28.09 at 10:11 pm

[…] 451 CAOS Theory » GPLv2 decline and debate on open source licenses blogs.the451group.com/opensource/2009/08/27/gplv2-decline-and-debate-on-open-source-licenses – view page – cached An open source blog by The 451 Group. — From the page […]

#10 451 CAOS Theory » And the best open source license is … on 08.31.09 at 1:03 pm

[…] different than software in use (where other licenses do have greater representation). However, our research indicates that the most popular open source licenses among hosted code are consistent with the most […]

#11 And the best open source license is … « PlanetMysql.ru – информация о СУБД MySQL on 08.31.09 at 3:07 pm

[…] different than software in use (where other licenses do have greater representation). However, our research indicates that the most popular open source licenses among hosted code are consistent with the most […]