Navigating the Open Source Legal Waters Presenter: Jeff Strauss August 14, 2013 Who is this guy? • • • • • Jeff Strauss ArchitectNow Developer, Consultant, and (Non-Practicing) Attorney jstrauss@architectnow.net @jeffreystrauss Well-Known Open Source • • • • • • Apache Linux Android Webkit Firefox ASP.NET MVC, Web API, and Web Pages (Razor) What does Open Source Mean? • • • • • • Must be freely distributed Source code must be included Anyone must be allowed to modify the code Modified versions can be redistributed License must not exclude or interfere with other software No discrimination (against groups or endeavors) Wait! I can sell open source? • YES! But commercializing a piece of software does not make it proprietary to the distributor. • Ways to “sell” open source or related services • You also cannot restrict who uses, modifies, or redistributes. How do I copyright my stuff? • The answer: “It Depends” • Many licenses provide instructions with them • Otherwise, use common sense and follow the pattern • This typically includes a LICENSE and/or NOTICE file • Also copyright language at the top of relevant code files Binary Distribution • It may be permissible to distribute only compiled binaries • NOTE: The binaries cannot be considered “open source” Permissive vs. Copyleft • Copyleft licenses are more restrictive to commercial purposes • GPL, LGPL, and (to a lesser extent) the Mozilla licenses • Basically licensee must abide by rules and impose them downstream • Permissive licenses are any non-copyleft licenses • If I am an author, do I really want to use a permissive license? So which ones are popular? Among the most common are: • GNU General Public License (GPL) 2.0 and 3.0 • GNU Lesser General Public License (LGPL) 2.1 • MIT License • BSD License 2.0 • Mozilla Public License (MPL) 1.1 • Apache License 2.0 MIT License • This a short-form license, but with explicit rights granted to the end-user • Often referred to as the “X11” license or the “Expat” license • These are actually two different versions • With X11, you cannot leverage original author’s name for promotion of derived works • Non-attribution clause in X11 is there to protect original authors’ reputations BSD License • There have been several versions • The “original” version (pre-1999) had an advertising clause • Caused problems due to the burden of listing contributors • The “modified” version added non-attribution like the MIT X11 • There is also a newer “FreeBSD” license that is less restrictive, not including the non-attribution clause Apache License • In many ways, another typical permissive license, with v1.1 working like MIT and BSD • Key clauses: • Has a (less cumbersome) advertising clause for end-user docs • Contains the non-attribution provision • License was rewritten (v2.0) and has substantial changes Apache (version 2.0) • Most important piece: patent protection • Also expressly defines Contributions, Derivative Works, and excludes “mere” linking of the licensed Work. • All contributions become part of the Work (under Apache 2.0) • Derivative works may be licensed under other licenses • Change log requirements Mozilla License (MPL) • Part of a family of “Common Public License” type • This is more of a hybrid license • Like a cross of New BSD and GPL… maybe like the LGPL? • Designed to motivate both businesses and the open-source community • Core software, or Covered Code, remains under MPL, but other derivative works may be distributed with other licenses GNU Licenses – (L)GPL • GPL is the most restrictive of these, a true copyleft • Technically any work that is bundled and redistributed with GPL libraries are considered a single derivative work • Ironically, the “most restrictive” license could also be seen as providing the “most open” software product • LGPL is “semi-permissive” • They allow linking with proprietary (or other non-GPL) software • The FSF actually prefers and encourages straight GPL Microsoft Licenses • Microsoft has two approved licenses: Ms-PL and Ms-RL • The Microsoft Public License is less restrictive • The Microsoft Reciprocal License is more like the LGPL Developer Considerations • What are you goals for the project? • Do you care about use at the enterprise level? • Choose-a-License: • http://choosealicense.com • Good O’Reilly discussion of open source licenses: • http://oreilly.com/openbook/osfreesoft/book/ Consumption Considerations • What’s the license? • Don’t just click “I accept” without reviewing • What happens when you update? • How does this play in the enterprise? Questions? Comments?