Post on 23-Aug-2014
description
1 © OpenLogic, Inc. - Licensed under CC-BY
Understanding the Most Common OSS Licenses
Jilayne Lovejoy Corporate Counsel 30 November 2011
2 © OpenLogic, Inc. - Licensed under CC-BY
End-to-End Open Source Management
Enabling Successful and Safe Open Source Adoption at 250+ Enterprises
Software Services Support + + In the Data Center In the Cloud
3 © OpenLogic, Inc. - Licensed under CC-BY
OLEX (Data Center) Certified OSS Library
Policies & Governance
Scanning & Compliance
SLA Support Developer Support
Production Support
Open Updates Version and Security
Update Notification
Management Services Policy Workshops
Audit Services
Technical Services OSS Consulting
OSS Training
Comprehensive Product Offering
CloudSwing (Cloud ) Cloud Ready Library
Customization & Deployment
Management & Monitoring
Software Services Support
4 © OpenLogic, Inc. - Licensed under CC-BY
Roadmap
Open source software licenses overview
“Most common” licenses: – Apache License 2.0 – GNU General Public License v2 – GNU Lesser General Public License v2.1
For each license: – Background – What does the license allow you to do (or not do)? – Summary of license compliance requirements – Sticking points – References
5 © OpenLogic, Inc. - Licensed under CC-BY
What is open source software?
Open development methodology – Community-based and collaborative development – Ideological underpinnings/social movement
• Free Software Foundation: “Free software is software that gives you the user the freedom to share, study and modify it. “
Under an open source license – Grants wide range of rights, including license to copy,
modify, create derivative works, and distribute – No warranties/no liability for authors – *Must provide access to source code – *Hereditary / self-perpetuating
• * license terms that are also referred to as “copyleft”
6 © OpenLogic, Inc. - Licensed under CC-BY
Open Source Licenses Overview
Usually named after a project or where the project originated – GNU General Public License; Apache License; Mozilla Public License; MIT; BSD
Most OSS licenses are written so that anyone can use the license
Permissive • Broad grant of rights with no
requirements on relicensing under particular terms
• License requirements are minimal (retain notice; include copy of license)
Copyleft • Source code must be made
available • License must be applied to
original work and any derivative work thereof
7 © OpenLogic, Inc. - Licensed under CC-BY
License analysis
Many (most) OSS licenses were not written by attorneys – Don’t necessarily track on statutory or typical contract language, may be vague,
may use alternative definitions, etc.
No judicial opinions involving interpretation – But there is information from the open source community, e.g., FSF frequently
asked questions page and other pages provided by license
Jacobsen v. Katzer – Artistic license is enforceable as a license remedies available under © law
8 © OpenLogic, Inc. - Licensed under CC-BY 8
License Analysis
OSS licenses have requirements and restrictions just like any IP license Can you break license requirements into an IF – THEN statement?
– WHAT is the requirement? How am I using the OSS? • HOW does that requirement need to be met?
– Devil’s in the details… Incompatibility
– Licenses can be at odds with each other; are there conflicting obligations?
Risk – With no established jurisprudence on license interpretation, how much are you
willing to bet on your interpretation?
9 © OpenLogic, Inc. - Licensed under CC-BY
What are the “most common” OSS licenses?
% of projects used the following licenses: GPL 68.9%
Apache 7.6%
LGPL 6.7%
BSD 5.3%
MIT 4.1%
% of projects downloaded under the following licenses:
Apache 32.7%
LGPL 21%
GPL 14.4%
BSD 3.8%
MIT 1.6%
OpenLogic research available at: http://www.openlogic.com/news/press/05.16.11.php
10 © OpenLogic, Inc. - Licensed under CC-BY
Apache License v2.0 background
Released in 2004
Open Source Initiative (OSI) approved
Third iteration – 1.0 was very much like BSD – 1.1 removed advertising clause – 2.0 departure from BSD style
• Removed “vanity” clauses • Allow license to be used by reference • Added definitions section • Added explicit patent grant
Used for all Apache Software Foundation projects – Apache HTTP Server – Android OS
11 © OpenLogic, Inc. - Licensed under CC-BY
Apache License v2.0 what do you get?
Direct grant from each “Contributor” – Definition of “Contributor” includes the original licensor/copyright holder
and anyone who has contributed to the work subsequently
Grants right to reproduce, prepare derivative works, publicly display, publicly perform, sublicense, and distribute work in source or object form – Section 2
Patent license to patent claims licensable by Contributors that would be “necessarily infringed” by contribution or combination of contribution – Section 3 – Applies to combinations at time of contribution or later acquired patent
claims that read on original contribution as made at that time
No warranty, provided “as is,” and disclaims liability – Section 7 & 8
12 © OpenLogic, Inc. - Licensed under CC-BY
Apache License v2.0 how do you comply?
Provide a copy of the license – Section 4.1
Retain notices – Section 4.3 & 4.4 – copyright, attribution, NOTICE.txt file
Give notice of modified files – Section 4.2
Apply license to derivative works if submitted as contribution to the licensor – Section 5
No permission to use trademarks or trade names, except as necessary in notices – Section 6
Agree to indemnify contributors if you offer additional support, warranty, etc. - Section 9
License terminates if patent litigation commenced that alleges the work infringes licensee’s patent – Section 3
13 © OpenLogic, Inc. - Licensed under CC-BY
Apache License v2.0 modifying the code
Notice of modified files – 4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: . . . 2. You must cause any modified files to carry prominent notices stating that You changed the files . . .
Distribution of modified code – No requirement to submit modifications to ASF – Original code still under Apache 2.0 – May distribute modified version under a different license, but still
need to comply with license terms (e.g. attribution)
14 © OpenLogic, Inc. - Licensed under CC-BY
Apache License v2.0 compatibility w/GPL
Conflicts with GPL v2 – FSF considers clause that terminates the license if patent
infringement suit initiated and indemnification clause as a “further restriction” in violation of Section 6 of GPL v2
– ASF does not consider the licenses incompatible, arguing that GPL v2, section 7, is similar enough to the Apache patent termination clause to make them the same restriction
– GPL v3 remedied this controversy by allowing certain additional
clauses including such a patent retaliation clause – ASF considers GPL v3 and Apache 2.0 as “one-way” compatible
due to licensing philosophy incompatible regarding linking
15 © OpenLogic, Inc. - Licensed under CC-BY
Apache 2.0
Use it if: Your goal mass adoption of
your project/code (including proprietary or closed code usage)
You aren’t concerned about accessing modified versions of the source code
Compliance tip: Track your modifications Attribution, attribution,
attribution!
16 © OpenLogic, Inc. - Licensed under CC-BY
GNU General Public License v2 background
Released in 1991
Open Source Initiative (OSI) approved
Second iteration – 1.0 - released in 1989 – Version 3 released in 2007
Allows use of any version of the license, unless otherwise stated
Used for GNU projects – BusyBox – Linux (v2 only)
• Clarification on derivative work question in copying file: – This copyright does *not* cover user programs that use kernel services by
normal system calls - this is merely considered normal use of the kernel, and does *not* fall under the heading of "derived work".
17 © OpenLogic, Inc. - Licensed under CC-BY
GPL v2 what do you get?
Grants right to copy, distribute, modify – any deviation from these rights expressly granted automatically terminates license – Section 4
Explicitly states that you may charge a fee or offer warranty for a fee – Section 1
Direct grant from licensor every time you redistribute the work or a modified version – Section 6
No warranty, provided “as is,” and disclaims liability – Section 11 & 12
Can use license on any work, but cannot modify license text itself
18 © OpenLogic, Inc. - Licensed under CC-BY
GPL v2 how do you comply?
Provide a copy of the license – Section 1, 2, 3
Retain notices – Section 1, 2, 3 – copyright, attribution, disclaimer
Give notice of modified files – Section 2, 3
Provide the source code – Section 3
Apply license to derivative works – Section 2
No further restrictions on grant of rights – Section 6
License automatically terminates if license terms violated – Section 4
19 © OpenLogic, Inc. - Licensed under CC-BY
GPL v2 notice of modified code
2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: – a) You must cause the modified files to carry prominent notices stating
that you changed the files and the date of any change.
Tip: Create a policy for tracking modified files that will work for all applicable licenses (if possible)
20 © OpenLogic, Inc. - Licensed under CC-BY
GPL v2 providing the source code
3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: – a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
– b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code . . .
Tip: Keep copy of all source code that is distributed or used at runtime with your codebase
21 © OpenLogic, Inc. - Licensed under CC-BY
GPL v2 derivative works
2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: . . . b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
If you create a derivative work, you must release it under GPL v2, but what is a derivative work?
22 © OpenLogic, Inc. - Licensed under CC-BY
GPL v2 derivative works
GPL v2 authors and community considers these scenarios to create a derivative work – Static or dynamic linking – Plug-ins that make function calls and share data structures (except
operating system libraries) – Modules included in same executable file – Modules designed to run linked together in a shared address
space
Would a court agree? Does it matter?
Tip: Think in terms of the spirit of the license, not the actual words; consider the intimacy of the integration
23 © OpenLogic, Inc. - Licensed under CC-BY
GPL v2 no further restrictions
6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein.
Tip: If you distribute the software under your own license, you may need to draft a carve-out or exception for conflicting
terms with OSS licenses
24 © OpenLogic, Inc. - Licensed under CC-BY
GNU General Public License v2
Use it if: Your goal is to perpetuate the
freedoms of FOSS You want access to modified
versions of the source code (or you don’t want people to modify it and release it under a proprietary license)
Compliance tip: Track your modifications Source code, source code,
source code!! If combining it with other OSS
or your own code, pay attention to how it all interacts
25 © OpenLogic, Inc. - Licensed under CC-BY
GNU Lesser General Public License v2.1
Released in 1999
Open Source Initiative (OSI) approved
Second iteration – Version 2.0 is very similar – Version 3 released in 2007
Used for many GNU project libraries
Developed as “lesser” version of GPL – Permits use of the library in proprietary programs – Enables more people to use free library version by relaxing obligations
when linking the library to other code
26 © OpenLogic, Inc. - Licensed under CC-BY
LGPL v2.1 what do you get?
Grants right to copy, distribute, modify – any deviation from these rights expressly granted automatically terminates license – Section 4
Explicitly states that you may charge a fee or offer warranty for a fee – Section 1
Direct grant from licensor every time you redistribute the work or a modified version – Section 10
No warranty, provided “as is,” and disclaims liability – Section 15 & 16
27 © OpenLogic, Inc. - Licensed under CC-BY
LGPL v2.1 how do you comply?
Provide a copy of the license – Section 1, 2, 4, 6
Retain notices – Section 1, 2, 4, 6, 7 – copyright, attribution, disclaimer
Give notice of modified files – Section 2 – Modified versions must still be a library
Apply LGPL (or option for GPL) to derivative works – Section 2, 3 – “exception” to what constitutes a derivative work – Section 6
Provide the source code if distributing object code– Section 4, 6
Provide uncombined library if combining library with other libraries – Section 7
No further restrictions – Section 10
License automatically terminates if license terms violated – Section 8
28 © OpenLogic, Inc. - Licensed under CC-BY
LGPL v2.1 section 6 exception
6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.
Tip: Make sure your EULA allows customer to modify or reverse engineer this portion of code
29 © OpenLogic, Inc. - Licensed under CC-BY
LGPL v2.1 section 6
6. . . . Also, you must do one of these things: – a) Accompany the work with the complete corresponding machine-
readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)
30 © OpenLogic, Inc. - Licensed under CC-BY
LGPL v2.1 sticking points
6. . . . Also, you must do one of these things: – b) Use a suitable shared library mechanism for linking with the
Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.
Tip: If dynamically linking to the library, must allow new versions of the library to be linked with the application
31 © OpenLogic, Inc. - Licensed under CC-BY
GNU Lesser General Public License v2.1
Use it if: Your goal is mass adoption of
your library You want to perpetuate the
freedoms of FOSS, but still allow your library to be used with proprietary code
Compliance tip: Track your modifications Source code, source code,
source code!! Make sure you allow
modification and recombination of the library
32 © OpenLogic, Inc. - Licensed under CC-BY
Resources
Apache Software License v2 http://www.apache.org/licenses/LICENSE-2.0 – Applying the Apache License v2:
http://www.apache.org/dev/apply-license.html – ASF Legal frequently asked questions:
http://www.apache.org/legal/resolved.html#category-b – Apache 2.0 and GPL compatibility:
http://www.apache.org/licenses/GPL-compatibility.html http://www.gnu.org/licenses/license-list.html#apache2
– License Profile: Apache Software License, v2.0: http://www.ifosslr.org/ifosslr/article/view/42
– The Apache License (v2) – An Overview: http://www.oss-watch.ac.uk/resources/apache2.xml
33 © OpenLogic, Inc. - Licensed under CC-BY
Resources
GNU General Public LIcense v2 http://www.gnu.org/licenses/gpl-2.0.html – Frequently Asked Questions about version 2 of the GNU GPL:
http://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html – Frequently Asked Questions about the GNU Licenses:
http://www.gnu.org/licenses/gpl-faq.html – SFLC: A Practical Guide to GPL Compliance:
http://www.softwarefreedom.org/resources/2008/compliance-guide.html
– Understanding Derivative Works in Open Source Software: The “Border Dispute” of GPL v2: http://www.openlogic.com/downloads/open-source-derivative-works.php
– Software Interactions and the GPL: http://www.ifosslr.org/ifosslr/article/view/44
– GNU GPL 2.0 and 3.0: obligations to include licenses text, and provide source code: http://www.ifosslr.org/ifosslr/article/view/31
34 © OpenLogic, Inc. - Licensed under CC-BY
Resources
GNU Lesser General Public License v2.1 http://www.gnu.org/licenses/lgpl-2.1.html – Frequently Asked Questions about the GNU Licenses:
http://www.gnu.org/licenses/gpl-faq.html
– The GNU Lesser General Public License v2.1 – An Overview: http://www.oss-watch.ac.uk/resources/lgpl.xml
– The LGPL and Java: http://www.gnu.org/licenses/lgpl-java.html – Why you shouldn’t use the LGPL for your next library:
http://www.gnu.org/licenses/why-not-lgpl.html
35 © OpenLogic, Inc. - Licensed under CC-BY
Q&A
Connect with OpenLogic www.openlogic.com/twitter www.openlogic.com/facebook www.openlogic.com/googleplus
Slides & Resources www.openlogic.com/downloads www.openlogic.com/olex www.openlogic.com/wazi
Contact Us www.openlogic.com info@openlogic.com 1-888-OPENLOGIC
Get a Quote or Demo www.openlogic.com/support www.openlogic.com/scanning www.openlogic.com/governance
36 © OpenLogic, Inc. - Licensed under CC-BY
Questions?
Jilayne Lovejoy jlovejoy@openlogic.com
© 2011 OpenLogic, Inc. This work is licensed under the Creative
Commons Attribution 3.0 Unported License. To view a copy of this license, visit:
http://creativecommons.org/licenses/by/3.0/