Navigating the Open Source Legal Waters Presenter: Jeff Strauss August 14, 2013
Who is this guy? Jeff Strauss ArchitectNow Developer, Consultant, and (Non-Practicing) Attorney email@example.com @jeffreystrauss
Well-Known Open Source Apache Linux Android Webkit Firefox ASP.NET MVC, Web API, and Web Pages (Razor)
What does Open Source Mean? Must be freely distributed Source code must be included Anyone must be allowed to modify the code Modified versions can be redistributed License must not exclude or interfere with other software No discrimination (against groups or endeavors)
Wait! I can sell open source? YES! But commercializing a piece of software does not make it proprietary to the distributor. Ways to “sell” open source or related services You also cannot restrict who uses, modifies, or redistributes.
How do I copyright my stuff? The answer: “It Depends” Many licenses provide instructions with them Otherwise, use common sense and follow the pattern This typically includes a LICENSE and/or NOTICE file Also copyright language at the top of relevant code files
Binary Distribution It may be permissible to distribute only compiled binaries NOTE: The binaries cannot be considered “open source”
Permissive vs. Copyleft Copyleft licenses are more restrictive to commercial purposes GPL, LGPL, and (to a lesser extent) the Mozilla licenses Basically licensee must abide by rules and impose them downstream Permissive licenses are any non-copyleft licenses If I am an author, do I really want to use a permissive license?
So which ones are popular? Among the most common are: GNU General Public License (GPL) 2.0 and 3.0 GNU Lesser General Public License (LGPL) 2.1 MIT License BSD License 2.0 Mozilla Public License (MPL) 1.1 Apache License 2.0
MIT License This a short-form license, but with explicit rights granted to the end-user Often referred to as the “X11” license or the “Expat” license These are actually two different versions With X11, you cannot leverage original author’s name for promotion of derived works Non-attribution clause in X11 is there to protect original authors’ reputations
BSD License There have been several versions The “original” version (pre-1999) had an advertising clause Caused problems due to the burden of listing contributors The “modified” version added non-attribution like the MIT X11 There is also a newer “FreeBSD” license that is less restrictive, not including the non-attribution clause
Apache License In many ways, another typical permissive license, with v1.1 working like MIT and BSD Key clauses: Has a (less cumbersome) advertising clause for end-user docs Contains the non-attribution provision License was rewritten (v2.0) and has substantial changes
Apache (version 2.0) Most important piece: patent protection Also expressly defines Contributions, Derivative Works, and excludes “mere” linking of the licensed Work. All contributions become part of the Work (under Apache 2.0) Derivative works may be licensed under other licenses Change log requirements
Mozilla License (MPL) Part of a family of “Common Public License” type This is more of a hybrid license Like a cross of New BSD and GPL… maybe like the LGPL? Designed to motivate both businesses and the open-source community Core software, or Covered Code, remains under MPL, but other derivative works may be distributed with other licenses
GNU Licenses – (L)GPL GPL is the most restrictive of these, a true copyleft Technically any work that is bundled and redistributed with GPL libraries are considered a single derivative work Ironically, the “most restrictive” license could also be seen as providing the “most open” software product LGPL is “semi-permissive” They allow linking with proprietary (or other non-GPL) software The FSF actually prefers and encourages straight GPL
Microsoft Licenses Microsoft has two approved licenses: Ms-PL and Ms-RL The Microsoft Public License is less restrictive The Microsoft Reciprocal License is more like the LGPL
Developer Considerations What are you goals for the project? Do you care about use at the enterprise level? Choose-a-License: http://choosealicense.com Good O’Reilly discussion of open source licenses: http://oreilly.com/openbook/osfreesoft/book/
Consumption Considerations What’s the license? Don’t just click “I accept” without reviewing What happens when you update? How does this play in the enterprise?