Stack OverflowCan I legally incorporate GPL & LGPL, open-sourced software in a proprietary, closed-source project?
[+123] [22] Hans Sjunnesson
[2008-09-18 16:46:30]
[ open-source licensing gpl lgpl closed-source ]

At the company I work for, we develop and sell a proprietary, closed-source software application. Our application uses third party open-source projects licensed under open source licenses such as GPL [1] and LGPL [2]. For instance, we use Hibernate [3] as an ORM.

Sometimes we modify and build upon these third party projects.

What is required of us to not be in violation of the GPL and LGPL licenses when it comes to selling and distributing our closed-source application?

(12) why is this marked as non constructive? it doesn't make any sense! - FRD
I think this is a good reference question - "Can I release my closed-sourced application which uses open-sourced code?", the answer is "Consult your attorney". But I get why it might not fit Stack Overflow. Is there another QA site within Stack Exchange we can move it to? - Hans Sjunnesson
[+148] [2008-09-18 17:00:12] Jim McKeeth [ACCEPTED]

There is a lot of good advice here, but you really need to talk to your attorney, and if your company does not have an attorney who understands software and intellectual property, then you need to get one right away, especially if you may already be in license violation.

Basically for the two licenses you cited:

  • GPL: If you use it in your application then you must release your application under the GPL. That doesn't mean you can't also sell it (like they sell Linux CD's) but you must also release the source code for free. That might work for you, but probably not.
  • LGPL: If you use it in your application then you can still have a closed source proprietary licensed application. But if you modify the LGPL library then you must release your modifications under the LGPL, even though your application can remain closed source.

Keep in mind that the trigger point for the GPL license comes with distribution. This is why Google gets away with modifying Linux for their internal use - they never redistribute it. Since you are actually selling your software then you are distributing it, therefore if you use GPL code you must also license it as GPL.

I hope for your companies sake you haven't actually used any GPL code in your previously distributed application.

If you are bundling GPL licensed code with your application then that is a different story. You can just release the modified bundled applications under the GPL, and then keep your main application closed source. But if you have linked and distributed GPL Code into your application then your application is now GPL.

Again, talk to your attorney.

(13) Well stated; the one thing to note that for GPL/LGPL distribution you are only legally obligated to provide the source to anyone you provide the binaries to. Of course, you cannot restrict them from redistributing, so most companies choose to simply provide the changes to all. - Zathrus
Depends on what you mean by 'bundling' executing a separate GPL program is OK. Loading it as a plugin into the same executable probably isn't. - Martin Beckett
(12) One reason companies are scared of even the LGPL is that having that code in the company makes it possible for someone, even a contractor, to copy some of that into the company's proprietary software. At that point, bad things can happen. There are entire companies built around auditing your software for things like this. Consider the consequence if something like this happened and the software was distributed... the company HAS to release the source code or they're in violation of the license, and liable to be sued by the copyright holder and/or the FSF. - Scott Whitlock
(10) FWIW Wikipedia says that dynamically linking a GPL library into your program may not force you to make it GPL. The issue has not yet been tested in court. (That still sounds pretty scary to me.) Static linking does force you to make the application GPL.… - MarkJ
(4) The answer is a bit misleading. The GPL is not a contract - the GPL simply only gives the user permission to use the GPL covered work in a GPL covered application. The LGPL allows you to use the LGPL covered work in any application. If you are using a GPL licensed code in your application and causing a violation (there is the exception of linking as MarkJ talked about), then you must either licence your work under the GPL (you never have to provide your source code if you don't distribute! - AGPL has stricter definitions on distributing), or forfeit your rights to use the GPL covered work. - balupton
(2) @balupton is right, the GPL is not a contract, it is a license. If you use GPL code in your application and do not make available source code or a written offer to that effect then you have failed to comply with the GPL. What is scary is that if at any point in time you have failed to comply with the GPL then your license is terminated. At that point you would need to renegotiate a new license with each and every copyright holder. This would be basically impossible for a large project like the Linux kernel. - Jacob Stanley
Is there a clear definition for "distribution"? My understanding is that it means to make it publicly accessible, for free or not. In this case, a company could safely "share" code with a limited number of partners without this being considered "distribution". For example, Google could share its version of Linux with another company to work jointly on a certain project. Is this correct? - bouvierr
(2) @bouvierr Distribution gives re-distribution rights to the receiver. So if Google distributes code to another company to collaborate on a project, that company has the right to distribute it, but they are not required to. That freedom to redistribute can't be restricted. - Jim McKeeth
The GPL requires that anyone who is offered the program is also given the option for the source code, which they are allowed to redistribute. - Jim McKeeth
[+17] [2008-09-20 10:59:38] Dark Shikari

There seem to be some serious misconceptions here.

I work for a company that uses GPL code in their proprietary application... completely legally. How is this the case?

The GPL program is x264, which is used by the proprietary application AVCD. AVCD_x264 is a GPL wrapper that includes the x264 library. Frames to be encoded are passed via a pipe from the main AVCD app to AVCD_x264. By doing this, one never has to link proprietary to GPL code at all, yet one can make full use of the GPL software.

Of course, this isn't violating the spirit of the GPL either; since the wrapper is GPL, the customer can easily recompile AVCD_x264 himself and make whatever modifications he wants and have it still work with the main proprietary applications.

Of course, we distribute our product; if you don't distribute the app (its solely in-house), there are no restrictions whatsoever placed upon you by the GPL or LGPL.

(1) I don't think this is legal. Just because you only communicate through pipes doesn't mean your program isn't dependent on the GPL code. - Georg Schölly
(1) gs: you need to read the GPL/talk to a lawyer, one commonly accepted techniques: Service Mixing – GPL can provide generic services that do not depend on the detailed design of the GPL software to work (e.g., Unix pipes) - Kurt
(2) It sounds as if the application isn't able to work without the GPL code and is in this case dependent, even if not linked, on the GPL'd work. - Georg Schölly
(4) As far as I know this is a grey area; various techniques like that haven't been found to definitely be legal or not. It hinges on a definition of "derived work" which is somewhat open to debate. - Peter
(12) @gs: if what you say is true, then any application written to run on Linux, depends on Linux and would therefore have to be GPL. That's just utter nonsense. - Jeff Yates
(7) The GPL (v2 anyway) has a specific exception for OS services. So "linking" against Linux doesn't apply. - jmucchiello
(3) A wrapper for the sole intend to slipstream the GPL'ed work, Completely legal. Oh man, don't tell that the judge then. - hakre
(1) "But if the semantics of the communication are intimate enough, exchanging complex internal data structures, that too could be a basis to consider the two parts as combined into a larger program." – from Wikipedia. I think single video frames should be considered "internal data structures" in this context, but yes it currently is a gray area. - mb21
[+13] [2008-09-18 16:49:55] workmad3

GPL is classed as viral in this case, as if you have used or linked to it with any of your code, the licence requires you to release ALL of the source code (not just the GPL code) under the GPL licence, with certain exceptions (such as the classpath exception). LGPL is not parasitic in this case. As long as you have linked to the LGPL library dynamically then you can just release the code for the LGPL libraries.

Also check the FAQ [1] for the 2 licences.


(1) This is not true for GPL with the classpath exception. - Asgeir S. Nilsen
Fair comment. Updated anwser to include this important information and provided link to the FAQ - workmad3
(47) Please do not use terms like "parasitic" or "viral" for the GPL. 1) they are not true, GPL software isn't infectious nor feeds off other software; 2) they are not well-defined; 3) they are derogatory 4) "viral" was invented by Microsoft for a FUD campaign, it has no place in an objective discussion - Jörg W Mittag
(8) If the term fits, wear it. A mosquito that bites you shares everything it has bitten so far, and takes your source code (DNA) and share it with everything else it distributes to. Just because you don't like the term doesn't make it any less of an adequate analogy. - Adam Davis
(14) The term "parasitic" does not fit in this case. A parasite is a living organism that depends on another one for survival, can't live on its own - GPL software is perfectly capable of standing on its own, needs not being attached to a proprietary host. - Joe Pineda
(16) Viral would be a better analogy than parasitic. GPL is infectious in the sense that if I use GPL code in my code, my code is infected with the GPL as well. - Lance Fisher
(9) @Jörg: "viral" was not invented by MS. Term General Public Virus was used by Open Source supporters (as opposed to FSF supporters) decades before MS started using it. See for example - vartec
Changed parasitic to viral as I agree it's a better term. I'm not saying it's a bad thing, but it's definitely a term that fits the licence and you need awareness of this when using the licence. - workmad3
(4) @Jörg - even if Microsoft had invented the term, just pointing out that Microsoft said it doesn't make it wrong. It's a fair analogy given the legal effect of including GPL code in your project. You can call it FUD, but in this case it may even be FUD that benefits GPL-licensed projects - people are more aware of those terms, and less likely to violate them, which is less hassle all around. - Steve314
(3) @Jorg: IF it's not called "viral" then what do you name a license that, when combined with basically any other license, seems to subsume them (GPL + LGPL = GPL for instance)? Amoeba-like? "super-license"? Infectious? - rogerdpack
[+11] [2008-09-18 17:37:44] Jörg W Mittag

There is only one correct answer to this question. Or, actually, there's about 210 answers to this question: ask (an) intellectual property lawyer(s) for the country/countries that you are going to distribute your software in.

[+7] [2009-12-12 14:33:36] Jonathan Mitchell

You can distribute an app containing a GPL component without needing to release the entire app under the GPL if the distribution can be perceived as an aggregate.

The GPL is quite clear about this (see below), though as in everything GPLish the waters quickly get murky. In the end it seems to come down to a judgment about intimacy. Now where did I put that intimacy lawyer?

The excerpt below is from

What is the difference between an “aggregate” and other kinds of “modified versions”? An “aggregate” consists of a number of separate programs, distributed together on the same CD-ROM or other media. The GPL permits you to create and distribute an aggregate, even when the licenses of the other software are non-free or GPL-incompatible. The only condition is that you cannot release the aggregate under a license that prohibits users from exercising rights that each program's individual license would grant them.

Where's the line between two separate programs, and one program with two parts? This is a legal question, which ultimately judges will decide. We believe that a proper criterion depends both on the mechanism of communication (exec, pipes, rpc, function calls within a shared address space, etc.) and the semantics of the communication (what kinds of information are interchanged). If the modules are included in the same executable file, they are definitely combined in one program. If modules are designed to run linked together in a shared address space, that almost surely means combining them into one program.

By contrast, pipes, sockets and command-line arguments are communication mechanisms normally used between two separate programs. So when they are used for communication, the modules normally are separate programs. But if the semantics of the communication are intimate enough, exchanging complex internal data structures, that too could be a basis to consider the two parts as combined into a larger program.

(5) It's a frickin mess to deal with those lawyer things. But afaik, only 3 times was GPL discussed in an actual court. My belief is; GPL has little to no legal impact, and you can safely abuse it's sources if your only concern is the law. I prefer to guide myself through morals and ethics than the law. Personally, I would steal some code and anonymously donate to the developers the amount I think they deserve. That's how I think it should be in the first place. - Camilo Martin
[+5] [2008-09-18 16:55:03] Asgeir S. Nilsen

This is a tricky question to answer generally, since it really depends on many things. LGPL softens some requirements in the GPL specifically related to linking. GPL also exists in a classpath exception [1] variant where putting the library on the classpath of a proprietary application is not considered derived works.

I recommend that you read the GPL FAQ [2]. It tries to answer some of these questions.

One thing many people seem to forget is that the GPL mostly relates to distribution of software. Building a proprietary application and copying it internally in your corporation is not considered as distribution.

But to get a complete answer you need to seek legal counsel and / or contact the copyright holders to ascertain their opinion on the matter. Many open source projects are also dual licensed.

For Hibernate you should read -- it provides some insight and has this to say:

Using Hibernate (by importing Hibernate's public interfaces in your Java code), and extending Hibernate (by subclassing or implementation of an extension interface) is considered by the authors of Hibernate to be dynamic linking. Hence our interpretation of the LGPL is that the use of the unmodified Hibernate source does not affect the license of your application code.

Another thing you could do is to break up your applications into several modules that interact at arm's length. In this matter only the components that actually use GPL-licensed modules would have to be released under a GPL compatible license.


[+5] [2008-09-18 17:04:06] Robert Gould

Everyone is missing the most important point here... your company surely has a policy towards GPL and LGPL and if you're working for your company you have to follow those policies. It's not about your opinion, its about the opinion of your legal/business departments.

Now as mentioned before, if you don't release a product, say you make an internal tool, then your Ok, GPL won't affect you. Probably 99% of the software companies in the world have internal tools based on GPL technology, so there is no issue with it (I learned this is safe from a software lawyer that works at my company).

(5) "Surely"? Not. Small businesses often don't have such policies in place -- there's always a first time. But, I agree it would be prudent to seek legal advice before distributing a product incorporating any third party code. - Chris W. Rea
[+4] [2008-09-18 16:50:28] Jim

If you build upon GPLed software, you must either license your application under the terms of the GPL to the people you distribute to, or you must negotiate with the copyright holders of that code for a non-GPL license. Anything else is copyright infringement.

You do not need to release your code to the entire world, only to the people you distribute to. But as you must license your application under the GPL, they are free to share your application with the entire world.

LGPLed software allows you to only provide the changes you make to the libraries themselves to the people you distribute to.

But above all else, you should be talking to a lawyer about this, rather than asking for legal advice on random Internet forums.

[+4] [2008-10-16 16:33:42] Adam Higerd

@ Thomas Vander Stichele [1]:

That couldn't be more wrong.

I'm not a lawyer but I AM a software engineer and I HAVE read the licenses and the FAQs.

Running in the same process has nothing to do with it. Running in a separate process is a sure way to indicate that the two binaries aren't linked or derivative, but a commercially-licensed runtime-loaded dynamic library (that is to say, a plugin) used by a GPL application (or vice versa) is also permissible under certain conditions. The plugin is only considered part of the application if they make function calls to each other and share data structures. If the application only invokes functions on the plugin (the plugin doesn't get to invoke functions on the application), and if the only data structures passed between the application and plugin are function parameters and return values (not global state, although both the application and plugin are permitted to maintain their own global state), it's not considered linking and the two components are not considered to form a single program.

This is derived from an article published by the Free Software Foundation; they ARE lawyers. :P


[+3] [2008-09-18 16:57:18] Mark Bessey

If your product incorporates any GPL code, you have to release all the code to your product under the GPL. The LGPL is more complicated. You have to make available the code of the LGPL component (including any modifications), and you also need to make it possible for someone to replace your modified version with their own (by dynamically linking the LGPL component, or by providing the object code, linker files, and instructions, or some similar route).

You can read the licenses online here:

(or in the source of the components you're using)

[+3] [2008-09-20 10:25:09] Thomas Vander Stichele

Disclaimer: as everyone else here IANAL and this comment is only meant to make sure you ask your lawyer the right set of questions.

I read all the comments and nobody is pointing out a pretty important point: the fact that, if you don't actually link to the GPL code, it is fine to distribute your binary application and the GPL application.

Most people agree that 'linking' is to be interpreted as 'running in the same process'.

So, there are lots of ways in which a non-GPL program can use a GPL project: by spawning its command line tools (for example a closed GUI frontend on top of an open command line tool), or by building a GPL server on top of the GPL library and having the closed application communicate with that server.

I'm not saying this is morally the right thing to do - but 'running in the same process' is commonly agreed to be the border across which the GPL 'virus' spreads.

[+2] [2008-09-18 16:51:27] Fire Lancer
  • with GPL you must distribute your app under GPL.
  • with lGPL you must dynamicly link to the lGPL code, and you must provide the object files for your code so people can relink with a new (or modified) version of the lGPL libary.
  • In both cases if you modify the libaries you must make the modified source freely avaible.

[+2] [2011-03-14 17:56:30] Héctor Suárez Barenca

I think your company will be safe with the LGPL license, there is a simple an official explanation about the license and Java (I think this is a good example for the use of LGPL libraries in general):

... If you distribute a Java application that imports LGPL libraries, it's easy to comply with the LGPL. Your application's license needs to allow users to modify the library, and reverse engineer your code to debug these modifications. This doesn't mean you need to provide source code or any details about the internals of your application. Of course, some changes the users may make to the library may break the interface, rendering the library unable to work with your application. You don't need to worry about that—people who modify the library are responsible for making it work. ...

Best regards, Héctor.

[+1] [2008-09-18 16:48:41] Kibbee

I think that as long as you don't release the software you are ok. That is, if you run hosted solutions and never release any binaries, you are safe. If you ship binaries, you have to release your code. If you do ship binaries, I think with LGPL you are safe as long as you release source to the LGPL items, but you don't have to release the rest of your code. With GPL, you have to release all your code back under the GPL.

"I think that as long as you don't release the software you are ok. That is, if you run hosted solutions and never release any binaries, you are safe." I'm very curious about that. Does anyone have a firm answer yes or no? - eyelidlessness
The GPLv2 allows everybody who has the binary to request the source code. If you never distribute the binaries, you don't have to distribute the source code. Try downloading the source to Google's Linux modifications ... This is perceived as a hole and has been fixed in GPLv3 and others. - Jörg W Mittag
Clarification: it's the Affero GPL that requires source code for network services, not the GPL. - Jörg W Mittag
[+1] [2008-09-18 16:51:55] Sklivvz

GPL: Your whole application becomes bound by the GPL. You can sell it, if you wish, but in any case you have to provide source code for the whole application, easily and for free.

LGPL: If you link to it only, you have no limitations. If you modify it then you have to provide source code for the modified version, easily and for free.

Caveat: IANAL (I am not a lawyer)

[+1] [2008-09-18 16:53:20] Jim Puls

You can incorporate software with any license you want (at least in the open-source world) if you're never going to release a product.

If you're going to sell and distribute, though, that's the entire difference between the GPL and the LGPL. The former requires you to open-source your app, too, while the latter allows linking.

[+1] [2008-09-18 16:53:43] Federico Builes

With the LGPL you should be safe. On the GPL side you have two options:

  1. Provide a "service" without redistributing the product. This means you can have a hosted service (like Google does) but you can't distribute the final product to anybody.
  2. Release your changes.

[+1] [2008-09-18 17:29:48] Kasprzol

Keep in mind that the new version of GPL -- GPL3 -- has some changes for hosted applications as well (software as a service). From wikipedia on GPL [1]

The Affero General Public Licence (GNU AGPL) is a similar licence with a focus on networking server software. The GNU AGPL is similar to the GNU General Public Licence, except that it additionally covers the use of the software over a computer network, requiring that the complete source code be made available to any network user of the AGPLed work, for example a web application. The Free Software Foundation recommends that this licence is considered for any software that will commonly be run over the network.


(1) Note that the AGPL is not the same as the GPL3. - Bennett McElwee
[+1] [2009-06-01 08:13:43] Comptrol

Qt Software [1] has elaborated enough the differences between GPL and LGPL:


(1) These links appear to have gone stale. - Mark Booth
[0] [2008-09-18 16:49:35] HappySmileMan

You cannot use GPL code in a proprietary applications, you can, however, use LGPL code as long as any changes relevant to the LGPL code are made available to your users.

Some licenses like BSD licenses allow you to use the code in proprietary software without making changes available.

You really just need to look up each of the licenses individually for any others, but those are the main ones.

If the software is being developed for your (or your companies) personal use you can use any open source code you want (at least all the major licenses allow it), but if you ever distribute your software the license will become a problem

(2) You can use GPL code in a proprietry app - you just cannot distribute the app. You are free to use it internally or run a service based on it. - Martin Beckett
[0] [2008-10-17 14:36:06] mattl

AGPLv3 is different from GPLv3.

While in some of the early drafts of v3, the AGPL clause was in the GPL -- it did not make the final cut and is a separate license.

[0] [2011-03-22 00:33:29] Andrew Finnell

Note: I realize this thread is old

My response is not based on legal reasoning but from a philosophical one.

The very idea of asking these types of questions violates the spirit of GPL and The Free Software Foundation. For anyone that has read their web site they are dead set against companies closed-source proprietary software.

They do make a valid point. Most commercial developers are looking for a free hand out from the FSF. This very question proves it. At the very core of their philosophy they do not want you using their software in any fashion unless you also make it free.

Here is a very simple rule. If you plan on selling software do not use GPL or LGPL. All these problems are solved by this simple creed.

There are so many conversations based on how to get around GPL and to a lesser extent LGPL. These conversations would never happen with a commercial companies License if they had the money to sue everyone using their software. Yet companies try their best to find ways around GPL. They do NOT want you using GPL software in your proprietary software. It's as simple as that. They are not out to promote the development of software, they are out to promote the development of FREE software. They despise proprietary software. It's written all over their FAQ's, license agreements, etc.

Quotes from GNU:


Using the ordinary GPL for a library gives free software developers an advantage over proprietary developers: a library that they can use, while proprietary developers cannot use it. ( 1 [1])


Proprietary software development does not contribute to our community, but its developers often want handouts from us. Free software users can offer free software developers strokes for the ego—recognition and gratitude—but it can be very tempting when a business tells you, “Just let us put your package in our proprietary program, and your program will be used by many thousands of people!” The temptation can be powerful, but in the long run we are all better off if we resist it. ( 2 [2])


Here the GNU GPL comes to the rescue. The programmer shows the boss that this proprietary software product would be copyright infringement, and the boss realizes that he has only two choices: release the new code as free software, or not at all. Almost always he lets the programmer do as he intended all along, and the code goes into the next release. ( 2 [3])


The GNU GPL is designed to make an inducement from our existing software: “If you will make your software free, you can use this code.” ( 2 [4])



Yeah... or maybe the software just doesn't use GPL to begin with. Your logic is flawed, please educate yourself on how the real world works: - Robot Mess
@RobotMess Did you read that article you posted? "First, usage of GPL licensed software in commercial products is very limited (it's only done by exploiting the loopholes in GPL)," - Andrew Finnell