understanding the most common oss licenses

36
1 © OpenLogic, Inc. - Licensed under CC-BY Understanding the Most Common OSS Licenses Jilayne Lovejoy Corporate Counsel 30 November 2011

Upload: openlogic

Post on 23-Aug-2014

1.632 views

Category:

Real Estate


0 download

DESCRIPTION

This webinar takes a few of the more commonly found OSS licenses and examine such issues as what the licenses actually say, what it means to comply, and sticking points that may be overlooked or open for interpretation.

TRANSCRIPT

Page 1: Understanding the Most Common OSS Licenses

1 © OpenLogic, Inc. - Licensed under CC-BY

Understanding the Most Common OSS Licenses

Jilayne Lovejoy Corporate Counsel 30 November 2011

Page 2: Understanding the Most Common OSS Licenses

2 © OpenLogic, Inc. - Licensed under CC-BY

End-to-End Open Source Management

Enabling Successful and Safe Open Source Adoption at 250+ Enterprises

Software Services Support + + In the Data Center In the Cloud

Page 3: Understanding the Most Common OSS Licenses

3 © OpenLogic, Inc. - Licensed under CC-BY

OLEX (Data Center)   Certified OSS Library

  Policies & Governance

  Scanning & Compliance

SLA Support   Developer Support

  Production Support

Open Updates   Version and Security

Update Notification

Management Services   Policy Workshops

  Audit Services

Technical Services   OSS Consulting

  OSS Training

Comprehensive Product Offering

CloudSwing (Cloud )   Cloud Ready Library

  Customization & Deployment

  Management & Monitoring

Software Services Support

Page 4: Understanding the Most Common OSS Licenses

4 © OpenLogic, Inc. - Licensed under CC-BY

Roadmap

  Open source software licenses overview

  “Most common” licenses: –  Apache License 2.0 –  GNU General Public License v2 –  GNU Lesser General Public License v2.1

  For each license: –  Background –  What does the license allow you to do (or not do)? –  Summary of license compliance requirements –  Sticking points –  References

Page 5: Understanding the Most Common OSS Licenses

5 © OpenLogic, Inc. - Licensed under CC-BY

What is open source software?

  Open development methodology –  Community-based and collaborative development –  Ideological underpinnings/social movement

•  Free Software Foundation: “Free software is software that gives you the user the freedom to share, study and modify it. “

  Under an open source license –  Grants wide range of rights, including license to copy,

modify, create derivative works, and distribute –  No warranties/no liability for authors –  *Must provide access to source code –  *Hereditary / self-perpetuating

•  * license terms that are also referred to as “copyleft”

Page 6: Understanding the Most Common OSS Licenses

6 © OpenLogic, Inc. - Licensed under CC-BY

Open Source Licenses Overview

  Usually named after a project or where the project originated –  GNU General Public License; Apache License; Mozilla Public License; MIT; BSD

  Most OSS licenses are written so that anyone can use the license

Permissive •  Broad grant of rights with no

requirements on relicensing under particular terms

•  License requirements are minimal (retain notice; include copy of license)

Copyleft •  Source code must be made

available •  License must be applied to

original work and any derivative work thereof

Page 7: Understanding the Most Common OSS Licenses

7 © OpenLogic, Inc. - Licensed under CC-BY

License analysis

  Many (most) OSS licenses were not written by attorneys –  Don’t necessarily track on statutory or typical contract language, may be vague,

may use alternative definitions, etc.

  No judicial opinions involving interpretation –  But there is information from the open source community, e.g., FSF frequently

asked questions page and other pages provided by license

  Jacobsen v. Katzer –  Artistic license is enforceable as a license remedies available under © law

Page 8: Understanding the Most Common OSS Licenses

8 © OpenLogic, Inc. - Licensed under CC-BY 8

License Analysis

  OSS licenses have requirements and restrictions just like any IP license   Can you break license requirements into an IF – THEN statement?

–  WHAT is the requirement? How am I using the OSS? •  HOW does that requirement need to be met?

–  Devil’s in the details…   Incompatibility

–  Licenses can be at odds with each other; are there conflicting obligations?

  Risk –  With no established jurisprudence on license interpretation, how much are you

willing to bet on your interpretation?

Page 9: Understanding the Most Common OSS Licenses

9 © OpenLogic, Inc. - Licensed under CC-BY

What are the “most common” OSS licenses?

% of projects used the following licenses: GPL 68.9%

Apache 7.6%

LGPL 6.7%

BSD 5.3%

MIT 4.1%

% of projects downloaded under the following licenses:

Apache 32.7%

LGPL 21%

GPL 14.4%

BSD 3.8%

MIT 1.6%

OpenLogic research available at: http://www.openlogic.com/news/press/05.16.11.php

Page 10: Understanding the Most Common OSS Licenses

10 © OpenLogic, Inc. - Licensed under CC-BY

Apache License v2.0 background

  Released in 2004

  Open Source Initiative (OSI) approved

  Third iteration –  1.0 was very much like BSD –  1.1 removed advertising clause –  2.0 departure from BSD style

•  Removed “vanity” clauses •  Allow license to be used by reference •  Added definitions section •  Added explicit patent grant

  Used for all Apache Software Foundation projects –  Apache HTTP Server –  Android OS

Page 11: Understanding the Most Common OSS Licenses

11 © OpenLogic, Inc. - Licensed under CC-BY

Apache License v2.0 what do you get?

  Direct grant from each “Contributor” –  Definition of “Contributor” includes the original licensor/copyright holder

and anyone who has contributed to the work subsequently

  Grants right to reproduce, prepare derivative works, publicly display, publicly perform, sublicense, and distribute work in source or object form – Section 2

  Patent license to patent claims licensable by Contributors that would be “necessarily infringed” by contribution or combination of contribution – Section 3 –  Applies to combinations at time of contribution or later acquired patent

claims that read on original contribution as made at that time

  No warranty, provided “as is,” and disclaims liability – Section 7 & 8

Page 12: Understanding the Most Common OSS Licenses

12 © OpenLogic, Inc. - Licensed under CC-BY

Apache License v2.0 how do you comply?

  Provide a copy of the license – Section 4.1

  Retain notices – Section 4.3 & 4.4 –  copyright, attribution, NOTICE.txt file

  Give notice of modified files – Section 4.2

  Apply license to derivative works if submitted as contribution to the licensor – Section 5

  No permission to use trademarks or trade names, except as necessary in notices – Section 6

  Agree to indemnify contributors if you offer additional support, warranty, etc. - Section 9

  License terminates if patent litigation commenced that alleges the work infringes licensee’s patent – Section 3

Page 13: Understanding the Most Common OSS Licenses

13 © OpenLogic, Inc. - Licensed under CC-BY

Apache License v2.0 modifying the code

  Notice of modified files –  4. Redistribution. You may reproduce and distribute copies of the

Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: . . . 2. You must cause any modified files to carry prominent notices stating that You changed the files . . .

  Distribution of modified code –  No requirement to submit modifications to ASF –  Original code still under Apache 2.0 –  May distribute modified version under a different license, but still

need to comply with license terms (e.g. attribution)

Page 14: Understanding the Most Common OSS Licenses

14 © OpenLogic, Inc. - Licensed under CC-BY

Apache License v2.0 compatibility w/GPL

  Conflicts with GPL v2 –  FSF considers clause that terminates the license if patent

infringement suit initiated and indemnification clause as a “further restriction” in violation of Section 6 of GPL v2

–  ASF does not consider the licenses incompatible, arguing that GPL v2, section 7, is similar enough to the Apache patent termination clause to make them the same restriction

–  GPL v3 remedied this controversy by allowing certain additional

clauses including such a patent retaliation clause –  ASF considers GPL v3 and Apache 2.0 as “one-way” compatible

due to licensing philosophy incompatible regarding linking

Page 15: Understanding the Most Common OSS Licenses

15 © OpenLogic, Inc. - Licensed under CC-BY

Apache 2.0

Use it if:   Your goal mass adoption of

your project/code (including proprietary or closed code usage)

  You aren’t concerned about accessing modified versions of the source code

Compliance tip:   Track your modifications   Attribution, attribution,

attribution!

Page 16: Understanding the Most Common OSS Licenses

16 © OpenLogic, Inc. - Licensed under CC-BY

GNU General Public License v2 background

  Released in 1991

  Open Source Initiative (OSI) approved

  Second iteration –  1.0 - released in 1989 –  Version 3 released in 2007

  Allows use of any version of the license, unless otherwise stated

  Used for GNU projects –  BusyBox –  Linux (v2 only)

•  Clarification on derivative work question in copying file: –  This copyright does *not* cover user programs that use kernel services by

normal system calls - this is merely considered normal use of the kernel, and does *not* fall under the heading of "derived work".

Page 17: Understanding the Most Common OSS Licenses

17 © OpenLogic, Inc. - Licensed under CC-BY

GPL v2 what do you get?

  Grants right to copy, distribute, modify – any deviation from these rights expressly granted automatically terminates license – Section 4

  Explicitly states that you may charge a fee or offer warranty for a fee – Section 1

  Direct grant from licensor every time you redistribute the work or a modified version – Section 6

  No warranty, provided “as is,” and disclaims liability – Section 11 & 12

  Can use license on any work, but cannot modify license text itself

Page 18: Understanding the Most Common OSS Licenses

18 © OpenLogic, Inc. - Licensed under CC-BY

GPL v2 how do you comply?

  Provide a copy of the license – Section 1, 2, 3

  Retain notices – Section 1, 2, 3 –  copyright, attribution, disclaimer

  Give notice of modified files – Section 2, 3

  Provide the source code – Section 3

  Apply license to derivative works – Section 2

  No further restrictions on grant of rights – Section 6

  License automatically terminates if license terms violated – Section 4

Page 19: Understanding the Most Common OSS Licenses

19 © OpenLogic, Inc. - Licensed under CC-BY

GPL v2 notice of modified code

  2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: –  a) You must cause the modified files to carry prominent notices stating

that you changed the files and the date of any change.

Tip: Create a policy for tracking modified files that will work for all applicable licenses (if possible)

Page 20: Understanding the Most Common OSS Licenses

20 © OpenLogic, Inc. - Licensed under CC-BY

GPL v2 providing the source code

  3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: –  a) Accompany it with the complete corresponding machine-readable

source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

–  b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code . . .

Tip: Keep copy of all source code that is distributed or used at runtime with your codebase

Page 21: Understanding the Most Common OSS Licenses

21 © OpenLogic, Inc. - Licensed under CC-BY

GPL v2 derivative works

  2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: . . . b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.

  If you create a derivative work, you must release it under GPL v2, but what is a derivative work?

Page 22: Understanding the Most Common OSS Licenses

22 © OpenLogic, Inc. - Licensed under CC-BY

GPL v2 derivative works

  GPL v2 authors and community considers these scenarios to create a derivative work –  Static or dynamic linking –  Plug-ins that make function calls and share data structures (except

operating system libraries) –  Modules included in same executable file –  Modules designed to run linked together in a shared address

space

  Would a court agree? Does it matter?

Tip: Think in terms of the spirit of the license, not the actual words; consider the intimacy of the integration

Page 23: Understanding the Most Common OSS Licenses

23 © OpenLogic, Inc. - Licensed under CC-BY

GPL v2 no further restrictions

  6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein.

Tip: If you distribute the software under your own license, you may need to draft a carve-out or exception for conflicting

terms with OSS licenses

Page 24: Understanding the Most Common OSS Licenses

24 © OpenLogic, Inc. - Licensed under CC-BY

GNU General Public License v2

Use it if:   Your goal is to perpetuate the

freedoms of FOSS   You want access to modified

versions of the source code (or you don’t want people to modify it and release it under a proprietary license)

Compliance tip:   Track your modifications   Source code, source code,

source code!!   If combining it with other OSS

or your own code, pay attention to how it all interacts

Page 25: Understanding the Most Common OSS Licenses

25 © OpenLogic, Inc. - Licensed under CC-BY

GNU Lesser General Public License v2.1

  Released in 1999

  Open Source Initiative (OSI) approved

  Second iteration –  Version 2.0 is very similar –  Version 3 released in 2007

  Used for many GNU project libraries

  Developed as “lesser” version of GPL –  Permits use of the library in proprietary programs –  Enables more people to use free library version by relaxing obligations

when linking the library to other code

Page 26: Understanding the Most Common OSS Licenses

26 © OpenLogic, Inc. - Licensed under CC-BY

LGPL v2.1 what do you get?

  Grants right to copy, distribute, modify – any deviation from these rights expressly granted automatically terminates license – Section 4

  Explicitly states that you may charge a fee or offer warranty for a fee – Section 1

  Direct grant from licensor every time you redistribute the work or a modified version – Section 10

  No warranty, provided “as is,” and disclaims liability – Section 15 & 16

Page 27: Understanding the Most Common OSS Licenses

27 © OpenLogic, Inc. - Licensed under CC-BY

LGPL v2.1 how do you comply?

  Provide a copy of the license – Section 1, 2, 4, 6

  Retain notices – Section 1, 2, 4, 6, 7 –  copyright, attribution, disclaimer

  Give notice of modified files – Section 2 –  Modified versions must still be a library

  Apply LGPL (or option for GPL) to derivative works – Section 2, 3 –  “exception” to what constitutes a derivative work – Section 6

  Provide the source code if distributing object code– Section 4, 6

  Provide uncombined library if combining library with other libraries – Section 7

  No further restrictions – Section 10

  License automatically terminates if license terms violated – Section 8

Page 28: Understanding the Most Common OSS Licenses

28 © OpenLogic, Inc. - Licensed under CC-BY

LGPL v2.1 section 6 exception

  6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.

Tip: Make sure your EULA allows customer to modify or reverse engineer this portion of code

Page 29: Understanding the Most Common OSS Licenses

29 © OpenLogic, Inc. - Licensed under CC-BY

LGPL v2.1 section 6

  6. . . . Also, you must do one of these things: –  a) Accompany the work with the complete corresponding machine-

readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)

Page 30: Understanding the Most Common OSS Licenses

30 © OpenLogic, Inc. - Licensed under CC-BY

LGPL v2.1 sticking points

  6. . . . Also, you must do one of these things: –  b) Use a suitable shared library mechanism for linking with the

Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.

Tip: If dynamically linking to the library, must allow new versions of the library to be linked with the application

Page 31: Understanding the Most Common OSS Licenses

31 © OpenLogic, Inc. - Licensed under CC-BY

GNU Lesser General Public License v2.1

Use it if:   Your goal is mass adoption of

your library   You want to perpetuate the

freedoms of FOSS, but still allow your library to be used with proprietary code

Compliance tip:   Track your modifications   Source code, source code,

source code!!   Make sure you allow

modification and recombination of the library

Page 32: Understanding the Most Common OSS Licenses

32 © OpenLogic, Inc. - Licensed under CC-BY

Resources

  Apache Software License v2 http://www.apache.org/licenses/LICENSE-2.0 –  Applying the Apache License v2:

http://www.apache.org/dev/apply-license.html –  ASF Legal frequently asked questions:

http://www.apache.org/legal/resolved.html#category-b –  Apache 2.0 and GPL compatibility:

http://www.apache.org/licenses/GPL-compatibility.html http://www.gnu.org/licenses/license-list.html#apache2

–  License Profile: Apache Software License, v2.0: http://www.ifosslr.org/ifosslr/article/view/42

–  The Apache License (v2) – An Overview: http://www.oss-watch.ac.uk/resources/apache2.xml

Page 33: Understanding the Most Common OSS Licenses

33 © OpenLogic, Inc. - Licensed under CC-BY

Resources

  GNU General Public LIcense v2 http://www.gnu.org/licenses/gpl-2.0.html –  Frequently Asked Questions about version 2 of the GNU GPL:

http://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html –  Frequently Asked Questions about the GNU Licenses:

http://www.gnu.org/licenses/gpl-faq.html –  SFLC: A Practical Guide to GPL Compliance:

http://www.softwarefreedom.org/resources/2008/compliance-guide.html

–  Understanding Derivative Works in Open Source Software: The “Border Dispute” of GPL v2: http://www.openlogic.com/downloads/open-source-derivative-works.php

–  Software Interactions and the GPL: http://www.ifosslr.org/ifosslr/article/view/44

–  GNU GPL 2.0 and 3.0: obligations to include licenses text, and provide source code: http://www.ifosslr.org/ifosslr/article/view/31

Page 34: Understanding the Most Common OSS Licenses

34 © OpenLogic, Inc. - Licensed under CC-BY

Resources

  GNU Lesser General Public License v2.1 http://www.gnu.org/licenses/lgpl-2.1.html –  Frequently Asked Questions about the GNU Licenses:

http://www.gnu.org/licenses/gpl-faq.html

–  The GNU Lesser General Public License v2.1 – An Overview: http://www.oss-watch.ac.uk/resources/lgpl.xml

–  The LGPL and Java: http://www.gnu.org/licenses/lgpl-java.html –  Why you shouldn’t use the LGPL for your next library:

http://www.gnu.org/licenses/why-not-lgpl.html

Page 35: Understanding the Most Common OSS Licenses

35 © OpenLogic, Inc. - Licensed under CC-BY

Q&A

Connect with OpenLogic www.openlogic.com/twitter www.openlogic.com/facebook www.openlogic.com/googleplus

Slides & Resources www.openlogic.com/downloads www.openlogic.com/olex www.openlogic.com/wazi

Contact Us www.openlogic.com [email protected] 1-888-OPENLOGIC

Get a Quote or Demo www.openlogic.com/support www.openlogic.com/scanning www.openlogic.com/governance

Page 36: Understanding the Most Common OSS Licenses

36 © OpenLogic, Inc. - Licensed under CC-BY

Questions?

Jilayne Lovejoy [email protected]

© 2011 OpenLogic, Inc. This work is licensed under the Creative

Commons Attribution 3.0 Unported License. To view a copy of this license, visit:

http://creativecommons.org/licenses/by/3.0/