On the Server GPL Hole


There is a known hole in the GPL that would allow someone to take STAGE or Cyphesis-C++, modify it, run a copy of it on the internet, and sell access to it, without ever needing to provide their modifications back to WorldForge. Both myself and Miguel of Arianne have noticed and mentioned this to Richard Stallman, who recognizes this as a problem which will need to be addressed in the next revision of the GPL license. Unfortunately, it is unclear when exactly GPL 3.0 will be available; there has been no indications that we can expect it any time soon.

In general, no one expects to see any money for our work on this project, and some wonder that if the modifications are good enough for the corporations to entice users to pay for access, then maybe they deserve it. So the effects of abuse of this loophole will merely be secondary, such as merely the discouragement of seeing others exploit our hard work.

However, I think we all know that reality has a habit of belying logic such as this. In the real world, just because something is good does not mean it will win; indeed, we can point to altogether too many examples of greed, iniquity, and corruption winning out. Thus it would be idealistic to assume that only those who do good work will be able to charge for access to the servers; we must not discount possibilities such as use of deceptive marketing, deliberate malignment or destruction of the open community, or appropriation and subversion of protocols and standards. This probably barely scratches the surface of ill that a corporation could take. Our best defense is to always seek to preserve openness, and thus this keeping this loophole from being exploited is something I feel we should place much importance in.

Miguel of the Arianne project and I have discussed this at length. Currently there's no really clear solution that we could put our minds on, but something probably can be found. For good or bad, WorldForge is not far enough along in development for this to be a significant worry, and it'll probably be at least a year or two before we're close to where this might matter. And of course, in the end it might merely be excess paranoia and nothing bad will come of it. But we'd sure like to hear if anyone has ideas for how to close this loophole, without having to go away from the GPL.

Bryce