Open Source Software Licensing Software And its Components

Open Source Software Licensing: Software And it’s Components SEAN KENEFICK

Disclaimer • This presentation is meant to provide you with a basic understanding of Open Source licensing. • If you encounter a situation with open source licensing in the field, consult your company guidelines and seek legal advice.

What Will Be Covered • Past cases of open source licensing dispute • Open Source Initiative • Open Source Definition • Popular Licenses • Open Source license categories • Different ways to utilize open source in a project • Internal vs. External use applications • Risk Management

Sony BMG Copy Protection • 2005 Sony release music CDs with two hidden DRM rootkits • These rootkits were known to cause security risks in infected computers. • One of the programs (XCP) has been found to use code from the following open source software code: LAME MP 3, mpglib, FAAC, mpg 123, and VLC media player. • Developers of LAME posted an open letter to Sony stating that they expected “appropriate actions” by Sony, but they didn’t take legal action • Sony recalled the product in an embarrassing case of copyright violation and security threats on software they developed to protect their music.

Jacobsen vs. Katzler, February 2010 • The case was over the use of open course code from Java Model Railroad Interface (JMRI) under artistic license developed by Jacobsen. • Katzler used code from Jacobsen’s product to create commercial software. • Jacobsen sued for copyright infringement because Katzler didn’t comply with the requirements of the artistic license in order to utilize the code.

Jacobsen vs. Katzer Results • Katzer was required to pay $100, 000 to Jacobsen and was not allowed to reproduce any “JMRI Materials” • This was the first case of open source copyright infringement in the US taken to court. • Even though Jacobsen published his software for free, he was able to get a monetary amount from the settlement. • The settlement terms sent a clear message that the court system was going to back Open Source Software licenses.

Copyright Overview • Copyright limit the expression of an idea. • Not as strong as patents, does not prohibit the expression of the same idea. • Copyright is applied as soon as you make something. • Copyright law is applied to software as “non-dramatic literary work. ” • Unless otherwise licensed, all materials which can be protected by copyright, are licensed solely to the creator.

Rights Given by Copyright • Reproduce the copyrighted work • Prepare derivative works based on the work • Distribute copies of the work to the public • Perform the copyrighted work publicly • Display the copyrighted work pubicly

Types of Software Licenses • Proprietary • Open Source • Public Domain

Open Source Initiative • Rebranding of the Free Software Movement to move away from confusion caused by the work “free. ” • Released the Open Source Definition (OSD) to provide guidelines to what licenses qualify as open source. • Published and maintains a formal list of open source licenses.

Open Source Definition • OSD includes 10 points, we will examine 6 of them. • Points we will not examine in depth: No Discrimination Against Persons or Groups • License Must Not Be Specific to a Product • License Must Not Restrict Other Software • License Must Be Technology-Neutral •

Free Redistribution • “The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license shall not require a royalty or other fee for such sale. “ • Anyone is allowed to sell Open Source Software, but you are not allowed to require a portion of the sale to come back to the author.

Source Code • “The program must include source code, and must allow distribution in source code as well as compiled form. Where some form of a product is not distributed with source code, there must be a well-publicized means of obtaining the source code for no more than a reasonable reproduction cost preferably, downloading via the Internet without charge. The source code must be the preferred form in which a programmer would modify the program. Deliberately obfuscated source code is not allowed. Intermediate forms such as the output of a preprocessor or translator are not allowed. “

Derived Works • “The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software. ” • Allows “Copyleft” licenses Require that any derivative works be published under the same license as the original work. • Keeps the source code in the community. •

Integrity of The Author’s Source Code • “The license may restrict source-code from being distributed in modified form only if the license allows the distribution of "patch files" with the source code for the purpose of modifying the program at build time. The license must explicitly permit distribution of software built from modified source code. The license may require derived works to carry a different name or version number from the original software. ” • Derivative works may be required to also distribute the author’s original code. • Modifications made by another author can be required to be released under a different name.

No Discrimination against Fields of Endeavor • “The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research. ” • This reflects back the concept of the Free Software Imitative that anyone should be allowed the freedom to use it as they wish. • This is a matter of freedom, not price, so think of “free speech, ” not “free beer. ” – Richard Stallman

Distribution of License • “The rights attached to the program must apply to all to whom the program is redistributed without the need for execution of an additional license by those parties. ” • When you distribute Open Source Software, you must include a copy of the license. • Open Source software cannot be blanketed by closed source licenses.

Most Commonly OS Licenses

Ways to Categorize OS Licenses • Open Source Definition left quite a bit of flexibility for licenses to be individualized. • Categories we will look at Copyleft vs. Permissive • Viral vs. Non-Viral Licenses •

Copyleft vs. Permissive • Copyleft requires any derivative works be release under the same license. Helps to keep improvements to open source products in the community. • Companies utilizing open source products may contribute back to the code base to improve products they use. • • Permissive allows derivative works to be release under any license. Most products release under permissive licenses are tools to help the developers rather than end user products. • Allows companies modify an open source product and release it under a proprietary license. •

Viral Licenses • Viral Licenses act on a “horizontal” progression where copyleft acted on “vertical” progression. • Products or projects that include or link to a viral licenses are required to be released under the viral license. • GNU Public License in the most popular example. • Non-Viral • Lesser GNU Public License (LGPL) allows unmodified libraries can be dynamically linked to by a application without being required to release under the same license.

Utilizing Open Source • When looking at how to utilize OS, we have to first examine the intended use and then screen what types of licenses would allow it. • The most import difference to look at is Internal (Non-Distributed) vs. External (Distributed).

Internal Use • Internal use application get the most freedom under Open Source Licenses. • The requirement to release source code is tied to the distribution of the software. • You are NOT required to release the source code, unless you release the program. • Allowing someone to run an application is not distribution. Employees are not given the software that runs on their computers. • If I opened Notepad++ on this computer, the university isn’t required to give me the source code, even if they had modified it. •

External Use • External use is more complex than internal so we further break it down. • Modifying or using source code • Look for a non-viral, permissive license. • Using a library in your application • Look for non-viral, LGPL like licenses. • Software packages • What if windows wanted to include Notepad++ (GPL) by default? • Yes, but depending on how they do it, it could be a risk.

Risk Management • Develop company policies on use of Open Source Software • Consult an expert in the field, preferably legal advise. • Train developers on the policies and risks of violating them. • Establish an inventory of Open Source Code in your projects • Use code reviews to update this inventory and catch new Open Source Code.

References • The Open Source Initiative. (n. d. ). The Open Source Initiative. Retrieved October 29, 2013, from http: //opensource. org/ • Meeker, H. J. (2008). The open source alternative: understanding risks and leveraging opportunities. Hoboken, NJ: Wiley & Sons. • Lerner, J. , & Tirole, J. (2002). The scope of open source licensing. Cambridge, Mass. : National Bureau of Economic Research. • Lindberg, V. (2008). Intellectual property and open source: a practical guide to protecting code (1. ed. ). Beijing [u. a. : O'Reilly. • Top 20 Open Source Licenses. (n. d. ). Black Duck. Retrieved October 29, 2013, from http: //www. blackducksoftware. com/resources/data/top-20 open-source-licenses

Questions?