Download - Open source: an introduction to IP and Legal
© 2016, iText Group NV© 2016, iText Group NV
OPEN SOURCE INDIAOpen source: an introduction to IP and LegalBruno Lowagie, CTO iText Group NV
© 2016, iText Group NV
Open Source: an introduction to IP and Legal2
Introduction: who and what?Bruno Lowagie
Original developer of iTextex-CEO, current CTO at iText Group
© 2016, iText Group NV
Open Source: an introduction to IP and Legal3
Disclaimer: IANAL
• In this talk, I merely share my experience with legal issues.• “The law” can be different in different countries, and• Software is usually international and local laws may apply
I’m an open source developer, not a lawyer
© 2016, iText Group NV
Open Source: an introduction to IP and Legal4
Agenda
Intellectual property (IP) of a projectOpen source licensesCase story: IP review of the iText source code
© 2016, iText Group NV
Open Source: an introduction to IP and Legal5
A quick show of hands
Who knows Stack Overflow?
© 2016, iText Group NV
Open Source: an introduction to IP and Legal6
A quick show of hands
Who knows Stack Overflow?
Who uses code snippets from
Stack Overflow?
© 2016, iText Group NV
Open Source: an introduction to IP and Legal7
A quick show of hands
Who knows Stack Overflow?
Who uses code snippets from
Stack Overflow?
Who knows which license
Stack Overflow uses?
© 2016, iText Group NV
Open Source: an introduction to IP and Legal8
CC-BY-SA version 3.0
© 2016, iText Group NV
Open Source: an introduction to IP and Legal9
AttributionSummarized:
Explain originAdd link to questionAdd author nameAdd link to author profile
http://stackexchange.com/legal:In the event that You post or otherwise use Subscriber Content outside of the Network or Services, with the exception of content entirely created by You, You agree that You will follow the attribution rules of the Creative Commons Attribution Share Alike license as follows:a)You will ensure that any such use of Subscriber Content visually displays or
otherwise indicates the source of the Subscriber Content as coming from the Stack Exchange Network. This requirement is satisfied with a discreet text blurb, or some other unobtrusive but clear visual indication.
b)You will ensure that any such Internet use of Subscriber Content includes a hyperlink directly to the original question on the source site on the Network (e.g., http://stackoverflow.com/questions/12345)
c)You will ensure that any such use of Subscriber Content visually display or otherwise clearly indicate the author names for every question and answer so used.
d)You will ensure that any such Internet use of Subscriber Content Hyperlink each author name directly back to his or her user profile page on the source site on the Network (e.g., http://stackoverflow.com/users/12345/username), directly to the Stack Exchange domain, in standard HTML (i.e. not through a Tinyurl or other such indirect hyperlink, form of obfuscation or redirection), without any “nofollow” command or any other such means of avoiding detection by search engines, and visible even with JavaScript disabled.
© 2016, iText Group NV
Open Source: an introduction to IP and Legal10
Share AlikeCopyright law
• allows an author to prohibit others from reproducing, adapting, or distributing copies of the author's work.
Copyleft
• gives every person who receives a copy of a work permission to reproduce, adapt or distribute the work as long as any resulting copies or adaptations are also bound by the same copyleft licensing scheme.
©
©
© 2016, iText Group NV
Open Source: an introduction to IP and Legal11
Do you have to worry?
Sam Saffron: http://meta.stackexchange.com/users/17174/waffles
Jason Baker: http://meta.stackexchange.com/users/2147/jason-bakerStack Exchange has been trying to
fix these issues for years now,but the problem persists.
© 2016, iText Group NV© 2016, iText Group NV
Intellectual property
You’re an open source developer, but: Who owns the code you write? Who owns the code you use?
© 2016, iText Group NV
Open Source: an introduction to IP and Legal13
A typical project
White zone
Gray zone
Black zone
© 2016, iText Group NV
Open Source: an introduction to IP and Legal14
The White Zone
White zone
Gray zone
Black zone
© 2016, iText Group NV
Open Source: an introduction to IP and Legal15
The White Zone You have written the code yourself, butWhat about your employer? Does your employer own (part of) the code? Do you have a formal agreement with your employer with respect to F/OSS?Where did you get your inspiration? IBM developers are forbidden to look at any code that is not formally approved by IBM’s legal team. Good practice or burden?
© 2016, iText Group NV
Open Source: an introduction to IP and Legal16
Employees and IP
Dilbert:Copyright by Scott AdamsFair Use
© 2016, iText Group NV
Open Source: an introduction to IP and Legal17
The Gray Zone
White zone
Gray zone
Black zone
© 2016, iText Group NV
Open Source: an introduction to IP and Legal18
The Gray Zone The code was contributed, but did the contributor agree with the license? did the contributor’s employer agree? where did the contributor get his inspiration?
The code is taken from another project, but are the licenses compatible? do you respect the other project’s license? where did the other project get its code from?
© 2016, iText Group NV
Open Source: an introduction to IP and Legal19
The Gray ZoneContributor License AgreementsThe Apache Foundation demands contributors and their employers to sign a CLASUN used to demand contributors to sign an SCA from the moment contributions contained more than 20 lines of code“Fair Use”: does not apply to source code in the USA!
Check License CompatibilityKeep a detailed inventory of all F/OSS projects (subset / derivative work)
© 2016, iText Group NV
Open Source: an introduction to IP and Legal20
License compatibility
Your product: ASLv2
GPLv2
Your product: LGPLv3
ASLv2
© 2016, iText Group NV
Open Source: an introduction to IP and Legal21
The Black Zone
White zone
Gray zone
Black zone
© 2016, iText Group NV
Open Source: an introduction to IP and Legal22
The Black Zone Unfortunately, it may happen that you weren’t allowed to use some specific code that is now part of your project. Possible solutions:
Either you ask (and get!) permission, or You rewrite the code, or You remove the code.
© 2016, iText Group NV© 2016, iText Group NV
Open source licenses
Copyright versus Copyleft How open source licenses work Open source business models
© 2016, iText Group NV
Open Source: an introduction to IP and Legal24
Open Source License overview
© 2016, iText Group NV
Open Source: an introduction to IP and Legal25
GPL-style software licensesIt’s all about distribution
License: MPL / LGPL GPL AGPL
Car distribution(e.g. OEM)
Commercial use? OK for gratis commercial use Commercial license needed Commercial license needed
Bus service(e.g. SaaS)
Commercial use? OK for gratis commercial use OK for gratis commercial use Commercial license needed
Free/Proprietary Before iText 5:Improvements engine: LGPL
Car or bus: can be proprietaryCar: must be GPL
Bus: can be proprietary
Since iText 5:Car or bus: must be AGPL
Or: buy commercial license
© 2016, iText Group NV
Open Source: an introduction to IP and Legal26
Open Core licensing: e.g. iText 7
Open source
Closed source
© 2016, iText Group NV
Open Source: an introduction to IP and Legal27
Business Source License: e.g. MariaDB
All source code is open, but not “open source”: it’s “business source”.
MaxScale is only needed in case of heavy use of MariaDB.
This prevents perceived abuse by GAFA & co.
© 2016, iText Group NV© 2016, iText Group NV
Case study
Who owns iText? Mapping the white zone Clarifying the gray zone Refactoring or removing the black zone
© 2016, iText Group NV
Open Source: an introduction to IP and Legal29
Who was asking this question?July 2006: Eclipse Simultaneous Release
“Callisto”; tested and approved by IBM
Eclipse/BIRT (Actuate) is part of this releaseProject led by Actuate
iText is used in Eclipse/BIRTLicense MPL/LGPL: not acceptable for IBMResearch agreement between Actuate and Ghent University with as deliverable: IP Review
© 2016, iText Group NV
Open Source: an introduction to IP and Legal30
Turning Gray and Black into White
White zone
Gray zoneBlack zone
© 2016, iText Group NV
Open Source: an introduction to IP and Legal31
In practice Source code was vetted by lawyers Source code was screened using software Weekly reports listing potential issues
© 2016, iText Group NV
Open Source: an introduction to IP and Legal32
Issue 1: Quick&Dirty XML parser State machine to parse XML Source code taken from:
http://www.javaworld.com/javaworld/javatips/jw-javatip128.html
© 2016, iText Group NV
Open Source: an introduction to IP and Legal33
Read the fine-print!
All contents of JavaWorld, including text, programs, applets, source code, and images are copyrighted and owned by IDG or the copyright holder specified, all rights reserved. No material may be reproduced electronically or in print without written permission.
© 2016, iText Group NV
Open Source: an introduction to IP and Legal34
Solution 1 Write JavaWorld and author, get permission! There were many other places where license
information was incomplete or missing. It must become your second nature to ask
for permission and to document! document! document!
© 2016, iText Group NV
Open Source: an introduction to IP and Legal35
Issue 2: RC4 encryption algorithmNames and variables referring to RC4
RC4 was initially a trade secret, but in September 1994 a description of it was anonymously posted to the Cypherpunks mailing list.It was soon posted on the sci.crypt newsgroup, and from there to many sites on the Internet. Because the algorithm is known, it is no longer a trade secret.The name "RC4" is trademarked, however. The current status seems to be that "unofficial" implementations are legal, but cannot use the RC4 name.
© 2016, iText Group NV
Open Source: an introduction to IP and Legal36
Solution 2 RC4 is often referred to as "ARCFOUR" or
"ARC4" (meaning Alleged RC4, because RSA has never officially released the algorithm), to avoid possible trademark problems. Change all class and variable names:
Don’t use: RC4_ENCRYPTION Use: ARCFOUR_ENCRYPTION
© 2016, iText Group NV
Open Source: an introduction to IP and Legal37
Issue 3: Class IntHashtableCode taken from ACME.com:
// This is 90% based on JavaSoft's java.util.Hashtable.// Visit the ACME Labs Java page for up-to-date versions// of this and other fine Java utilities:// http://www.acme.com/java/
JavaSoft is a name used by Sun in the past in their Java activities.ACME indicates use of the class java.util.Hashtable which is subject to unfriendly Sun licenseIt is unlikely that this code is available under a license that permits this use. Without information indicating that Sun approved of this usage the class should not be used.
© 2016, iText Group NV
Open Source: an introduction to IP and Legal38
Solution 3 Use the same class released by Apache under the ASL in Apache-Commons instead of the ACME class.
© 2016, iText Group NV
Open Source: an introduction to IP and Legal39
Issue 4: EPS functionalityTaken from an example released by SUN under a Sample LicenseThe Sample License allowed the use of the code, but…The source code contained this text:
/* * Copyright 1998 by Sun Microsystems, Inc., * 901 San Antonio Road, Palo Alto, California, * 94303, U.S.A. All rights reserved. * * This software is the confidential and proprietary * information of Sun Microsystems, Inc. * ("Confidential Information"). You shall not * disclose such Confidential Information and shall * use it only in accordance with the terms of the * license agreement you entered into with Sun. */
© 2016, iText Group NV
Open Source: an introduction to IP and Legal40
Solution 4: remove the codeAfter a very long argument about the liberal Sample License versus the strict comment section (which was clearly overlooked at the moment the code was released to the public), the EPS functionality was removed from the iText code base.
It’s better to be safe than sorry…
© 2016, iText Group NV© 2016, iText Group NV
Results of this exercise
We work with CLAs and keep track of contributors We changed the license from MPL/LGPL to AGPL We created a successful business
© 2016, iText Group NV
Open Source: an introduction to IP and Legal42
Contributor License Agreement
© 2016, iText Group NV
Open Source: an introduction to IP and Legal43
Today: disciplined IP “book keeping”
© 2016, iText Group NV
Open Source: an introduction to IP and Legal44
Commercial open source
Enterprise
closedsource
opensource
commercialsource
FOSS Company
The product is available for free for those who accept and comply with the F/OSS license
If the product is also distributed under another license, a commercial license is needed.The FOSS company makes the product available under a custom license for those who pay for the product:• Support,• Warranty,• Indemnification,• Release from the
requirements of the F/OSS license
© 2016, iText Group NV
Open Source: an introduction to IP and Legal45
Questions?
iText Software [email protected]+65 67 16 97 85itextpdf.com