[bitwize]

In American law, a contract must have three parts: an offer, acceptance, and consideration. Consideration is something of value given in exchange for the offer in the contract.

Because there is nothing paid for a piece of open source software downloaded off the interwebs, there is no consideration. Therefore, open source licenses by themselves constitute what is known as a bare license and may be revoked at any time, for any reason, by the licensor.

[Y_Y]

Common law countries (including the USA) don't limit consideration to cash. It can (and indeed has) been argued that there is consideration for licensor in GPL cases, see e.g. https://www.technollama.co.uk/us-court-declares-gpl-is-a-con... .

[bitwize]

Yes, it has been argued, but has it been ruled so in a court of law?

The answer is no -- just the opposite. In Jacobsen v. Katzer it was ruled that the Artistic License is not a contract, and the licensor could seek damages for copyright infringement, not just breach of contract. In Artifex v. Hancom it was ruled that because the defendants did not agree to the contract terms for a proprietary license, the terms defaulted to the GPL which they were found in violation of as a license, not a contract.

And if a license is not a contract then it is a bare license and can be rescinded at any time for any reason.

[michaelmrose]

I thought the problem with that argument was one part promissory estoppel and one part non-monetary consideration. EG you realized something under the GPL with expectation that said work would serve to for instance help you get a job later by demonstrating your work and users by submitting bug reports, code, endorsements helped you achieve the expected goals by making your work more visible and credible.

I'm not aware of any case in which for instance someone has successfully defended their right to rescind a license to the GPL license code they granted in history. A pragmatic court given 2 plausible interpretations with some merit isn't obligated to endorse an interpretation with an obviously negative effect they're people not CPUs interpreting code.

A timeline where we need a GPLv4 to cover the case of assholes taking back their shit contrary to decades of expectations and leaving mission critical v2 projects like Linux constantly at risk of a 10,000 time bombs from heirs taking back daddy's code is clearly the dumbest of all possible worlds and we are under no obligation to live there if their is a reasonable out.

My money is on this theory remaining a fairy tale until someone actually spends enough money to test it and its dissolved forever by actual case law.

Artifex Software, Inc. v. Hancom, Inc. which was ultimately settled out of court seems to have found the exact opposite of what you said if I read this correctly.

https://www.synopsys.com/blogs/software-security/breach-gpl-...

Jacobsen v. Katzer is a complicated affair but regardless of your interpretations it certainly doesn't concern the revocation of a bare license. Most of the action seems to concern whether the party could get damages.

[gamblor956]

In Artifex v. Hancom it was ruled that because the defendants did not agree to the contract terms for a proprietary license, the terms defaulted to the GPL which they were found in violation of as a license, not a contract.

This is not what the motion for summary judgment in Artifax v Hancom ruled...

The issue was not whether the GPL was a contract, but rather what the proper measure for damages should be. The Defendant argued $0 because there was no royalty owed for the GPL license, but the court ruled that the correct measure for damages of this breach of contract should probably have been the royalty that would have been paid if Defendant had entered into the commercial licensing contract which would have applied if they had entered into the proper license for their intended use of the copyrighted material. However, as this was a motion for summary judgment and not a ruling on the merits, it has no precedential value.

And with respect to Jacobsen v. Katzer, the issue was that the Plaintiff was seeking to enforce copyright infringement provisions in lieu of pursuing the infringement as a breach of contract. The Federal Appeals court ruled that a breach of an open source contract constituted both a breach of contract and also a infringement of copyright. The point of the case was to allow a second cause of action because copyright infringement claims are easier and usually more monetarily valuable to pursue than a breach of contract claim.

[1MachineElf]

Using this logic, how might it play out for Red Hat Enterprise Linux? They are now requiring payment in exchange for access to the source code.

[bitwize]

Red Hat may start requiring CLAs for any source they accept as contribution to any software they maintain. To do otherwise would put them at risk of contributors rescinding their licenses and preventing Red Hat from distributing the software they make money on.

CLAs may become standard for all serious open source projects for similar reasons.

There's a reason why CLAs, including signed permission from your employer, have been standard for GNU Project contributions since forever ago, even if it weren't tied to this particular issue. It gives the FSF free and clear rights to the code to enforce copyleft without the potential for legal snags regarding ownership and permission to distribute later on down the line.

[michaelmrose]

You still need to show that rescinding the license you granted for your open source code is even a thing. It would basically look to collapse a good portion of the software industry into an endless flurry of lawsuit from any number of contributors and their heirs looking to monetize blackmailing projects by threatening to take back contributions. Why wouldn't the US court system nope out of all that by any means available?

[medstrom]

Yeah, I was also led to understand that if you've distributed version 1.00 of your code with a license, there's no rescinding that, you can only stop distributing the license for versions 1.01 onwards. People wouldn't be allowed to use your new versions, but they can stay on version 1.00 forever.

Maybe that's just the GPL due to how it's formulated.