The GNU Public License v2 in the Land of Microservices

Another question I get asked is how containers and new architectural styles like microservices-based architectures relate to copyleft licenses, in particular the GPLv2 license.

First things first: I don’t recommend taking a “let’s work around this pesky license” approach. You should follow both a license’s spirit and letter; license evasion (“Umgehungsversuch”) may not hold up in court. Someone is trying to do you well, but only under certain conditions, so take it (properly) or leave it.

With that: If you package copyleft-licensed code in a container image and distribute this image, does the copyleft-licensed code affect any other container it communicates with?

To answer this question, we need to separate code coupling from runtime architecture. If communication is purely based on moving data back and forth and no code is shared in its implementation, not even to hold the data being shuttled back and forth, then you have properly decoupled the container images and created a combined (rather than derivative) work from the perspective of all but one copyleft license.

A system with a microservice architecture fulfills this condition (of decoupling), if each microservice has its own technology stack, which is to say, no libraries are used more than once across the microservices.

Using the still prominent GPLv2 license as an example, you are complying both with its spirit and letter, if you restrict the GPLv2 license obligations to the code of the microservice in which it is included. It does not spread to other microservice code bases.

The exception to the rule mentioned above is the AGPLv3 license, which tries to spread the license through communication mechanisms as well. In my understanding, it was the intention of the designers to make the license reach as far as possible, including across runtime process boundaries, even if no actual code was being distributed. However, we will not know until it has been tested in the courts, so I’ll avoid further speculation. It is of little practical relevance anyway, as companies are avoiding the AGPLv3 like the plague.

If you would like to learn more about open source licenses, how to comply with them, and how to deliver a product that includes open source software in a license compliant way, I recommend my license-compliant delivery seminar and handbook.

Back to how to read open source license obligations.

Leave a Reply