Transcript Open Source Software Licensing: Software And it’s Components

Open Source Software Licensing:
Software And it’s Components
SEAN KENEFICK
Disclaimer
• This presentation is meant to provide you with a basic
understanding of Open Source licensing.
• If you encounter a situation with open source licensing in the field,
consult your company guidelines and seek legal advice.
What Will Be Covered
• Past cases of open source licensing dispute
• Open Source Initiative
•
Open Source Definition
• Popular Licenses
•
Open Source license categories
• Different ways to utilize open source in a project
• Internal vs. External use applications
• Risk Management
Sony BMG Copy Protection
• 2005 Sony release music CDs with two hidden DRM rootkits
• These rootkits were known to cause security risks in infected computers.
• One of the programs (XCP) has been found to use code from the
following open source software code: LAME MP3, mpglib, FAAC,
mpg123, and VLC media player.
• Developers of LAME posted an open letter to Sony stating that they
expected “appropriate actions” by Sony, but they didn’t take legal action
• Sony recalled the product in an embarrassing case of copyright violation
and security threats on software they developed to protect their music.
Jacobsen vs. Katzler, February 2010
• The case was over the use of open course code from Java Model
Railroad Interface (JMRI) under artistic license developed by
Jacobsen.
• Katzler used code from Jacobsen’s product to create commercial
software.
• Jacobsen sued for copyright infringement because Katzler didn’t
comply with the requirements of the artistic license in order to
utilize the code.
Jacobsen vs. Katzer Results
• Katzer was required to pay $100,000 to Jacobsen and was not
allowed to reproduce any “JMRI Materials”
• This was the first case of open source copyright infringement in the
US taken to court.
• Even though Jacobsen published his software for free, he was able
to get a monetary amount from the settlement.
• The settlement terms sent a clear message that the court system
was going to back Open Source Software licenses.
Copyright Overview
• Copyright limit the expression of an idea.
• Not as strong as patents, does not prohibit the expression of the
same idea.
• Copyright is applied as soon as you make something.
• Copyright law is applied to software as “non-dramatic literary
work.”
• Unless otherwise licensed, all materials which can be protected by
copyright, are licensed solely to the creator.
Rights Given by Copyright
• Reproduce the copyrighted work
• Prepare derivative works based on the work
• Distribute copies of the work to the public
• Perform the copyrighted work publicly
• Display the copyrighted work pubicly
Types of Software Licenses
• Proprietary
• Open Source
• Public Domain
Open Source Initiative
• Rebranding of the Free Software Movement to move away from
confusion caused by the work “free.”
• Released the Open Source Definition (OSD) to provide guidelines to
what licenses qualify as open source.
• Published and maintains a formal list of open source licenses.
Open Source Definition
• OSD includes 10 points, we will examine 6 of them.
• Points we will not examine in depth:
•
•
•
•
No Discrimination Against Persons or Groups
License Must Not Be Specific to a Product
License Must Not Restrict Other Software
License Must Be Technology-Neutral
Free Redistribution
• “The license shall not restrict any party from selling or giving away
the software as a component of an aggregate software distribution
containing programs from several different sources. The license
shall not require a royalty or other fee for such sale. “
• Anyone is allowed to sell Open Source Software, but you are not
allowed to require a portion of the sale to come back to the author.
Source Code
• “The program must include source code, and must allow
distribution in source code as well as compiled form. Where some
form of a product is not distributed with source code, there must
be a well-publicized means of obtaining the source code for no
more than a reasonable reproduction cost preferably, downloading
via the Internet without charge. The source code must be the
preferred form in which a programmer would modify the program.
Deliberately obfuscated source code is not allowed. Intermediate
forms such as the output of a preprocessor or translator are not
allowed. “
Derived Works
• “The license must allow modifications and derived works, and must
allow them to be distributed under the same terms as the license of
the original software.”
• Allows “Copyleft” licenses
•
•
Require that any derivative works be published under the same license as
the original work.
Keeps the source code in the community.
Integrity of The Author’s Source Code
• “The license may restrict source-code from being distributed in
modified form only if the license allows the distribution of "patch
files" with the source code for the purpose of modifying the
program at build time. The license must explicitly permit
distribution of software built from modified source code. The
license may require derived works to carry a different name or
version number from the original software.”
• Derivative works may be required to also distribute the author’s
original code.
• Modifications made by another author can be required to be
released under a different name.
No Discrimination against Fields of Endeavor
• “The license must not restrict anyone from making use of the
program in a specific field of endeavor. For example, it may not
restrict the program from being used in a business, or from being
used for genetic research.”
• This reflects back the concept of the Free Software Imitative that
anyone should be allowed the freedom to use it as they wish.
•
This is a matter of freedom, not price, so think of “free speech,” not “free
beer.” – Richard Stallman
Distribution of License
• “The rights attached to the program must apply to all to whom the
program is redistributed without the need for execution of an
additional license by those parties.”
• When you distribute Open Source Software, you must include a
copy of the license.
• Open Source software cannot be blanketed by closed source
licenses.
Most Commonly OS Licenses
Ways to Categorize OS Licenses
• Open Source Definition left quite a bit of flexibility for licenses to be
individualized.
• Categories we will look at
•
•
Copyleft vs. Permissive
Viral vs. Non-Viral Licenses
Copyleft vs. Permissive
• Copyleft requires any derivative works be release under the same
license.
Helps to keep improvements to open source products in the community.
• Companies utilizing open source products may contribute back to the code
base to improve products they use.
•
• Permissive allows derivative works to be release under any license.
•
•
Most products release under permissive licenses are tools to help the
developers rather than end user products.
Allows companies modify an open source product and release it under a
proprietary license.
Viral Licenses
• Viral Licenses act on a “horizontal” progression where copyleft
acted on “vertical” progression.
• Products or projects that include or link to a viral licenses are
required to be released under the viral license.
•
GNU Public License in the most popular example.
• Non-Viral
•
Lesser GNU Public License (LGPL) allows unmodified libraries can be
dynamically linked to by a application without being required to release
under the same license.
Utilizing Open Source
• When looking at how to utilize OS, we have to first examine the
intended use and then screen what types of licenses would allow it.
• The most import difference to look at is Internal (Non-Distributed)
vs. External (Distributed).
Internal Use
• Internal use application get the most freedom under Open Source
Licenses.
• The requirement to release source code is tied to the distribution of
the software.
• You are NOT required to release the source code, unless you release
the program.
• Allowing someone to run an application is not distribution.
•
•
Employees are not given the software that runs on their computers.
If I opened Notepad++ on this computer, the university isn’t required to give
me the source code, even if they had modified it.
External Use
• External use is more complex than internal so we further break it
down.
• Modifying or using source code
•
Look for a non-viral, permissive license.
• Using a library in your application
•
Look for non-viral, LGPL like licenses.
• Software packages
•
What if windows wanted to include Notepad++ (GPL) by default?
•
Yes, but depending on how they do it, it could be a risk.
Risk Management
• Develop company policies on use of Open Source Software
•
Consult an expert in the field, preferably legal advise.
• Train developers on the policies and risks of violating them.
• Establish an inventory of Open Source Code in your projects
•
Use code reviews to update this inventory and catch new Open Source Code.
References
• The Open Source Initiative. (n.d.). The Open Source Initiative. Retrieved
October 29, 2013, from http://opensource.org/
• Meeker, H. J. (2008). The open source alternative: understanding risks
and leveraging opportunities. Hoboken, NJ: Wiley & Sons.
• Lerner, J., & Tirole, J. (2002). The scope of open source licensing.
Cambridge, Mass.: National Bureau of Economic Research.
• Lindberg, V. (2008). Intellectual property and open source: a practical
guide to protecting code (1. ed.). Beijing [u.a.: O'Reilly.
• Top 20 Open Source Licenses. (n.d.). Black Duck. Retrieved October 29,
2013, from http://www.blackducksoftware.com/resources/data/top-20open-source-licenses
Questions?