GLOSSARY

What is GPL?

A plain definition for the people who carry the risk. This glossary entry explains what GPL is, how its copyleft obligation works, how the AGPL extends it to network use, and where the real distribution exposure sits for an enterprise.

GPL is the GNU General Public License, the best known copyleft open source license. It grants broad freedom to use, study, modify, and redistribute software, on one central condition: if you distribute a derivative work, you must release it under the same license, with the source available. GPL is approved by the Open Source Initiative and is genuine open source. Its defining feature is reciprocity, not restriction on who may use the software or for what purpose.

How the copyleft obligation works

Copyleft is the mechanism that keeps GPL software open as it is reused. When you take GPL code, modify it, and distribute the result, the license requires that the recipients get the same freedoms you did, under the same terms, with access to the source. The obligation is triggered by distribution. If you never distribute the software outside your organization, the reciprocity condition generally does not activate, which is why internal use of GPL software is usually low risk.

GPL versus the AGPL

The GNU AGPL is a variant that closes what is often called the service gap. Plain GPL triggers on distribution, so a provider could run GPL software as a service without distributing it and avoid the source obligation. The AGPL treats offering the software over a network as a distribution like event, which means a service operator can be required to share the corresponding source. For any organization that offers software as a service, the difference between GPL and AGPL is the difference between a dormant condition and a live one.

Why GPL is not the same as source available

GPL is sometimes confused with restrictive licenses such as the Server Side Public License, but they are different in kind. GPL is open source and does not limit the field of use. Source available licenses such as the Business Source License and the Server Side Public License restrict how you may use the software and are not approved by the Open Source Initiative. The distinction is set out in why source available is not open source.

The GPL risk to watch

For an enterprise, GPL exposure is real but predictable. It concentrates at the point of distribution. Shipping a product that incorporates GPL code, or offering AGPL software as a service, can trigger source disclosure obligations that conflict with a proprietary model. Running the same software purely internally usually does not. A clear policy that records the license of every dependency and defines how distribution is handled keeps the obligation manageable. Browse the full open source license risk glossary for related terms.

COMMON QUESTIONS

Questions buyers ask.

CONTAINMENT

Know where GPL and AGPL obligations reach your products.

A confidential open source license risk assessment. Independent, buyer side, paid only by you.

Not ready to talk? Read the free open source license risk guides first.