Open Source Licensing Fundamentals for Financial Services · Open Source Licensing Fundamentals for Financial Services November 8, ... Java EE/SE, Sourcefire Snort, Qt. ... Cloudera,
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Open Source Licensing Fundamentals for Financial Services
› Commercial open-source licensing strategies (making money by giving it away)
Free and Open-Source Software
Free & Open-Source Software Definitions
› Free Software Foundation (fsf.org | gnu.org)
› “Free Software” | the “Four Freedoms”
› Roughly, the license must grant recipients the freedom to run,copy, distribute, and modify the software.
› Open Source Initiative (opensource.org)
› “Open Source” | 10 license criteria
› Roughly, the license must be royalty-free, cover source code,permit copying and distribution, and cannot discriminate againstpersons, groups, uses, or technologies.
“Open source” is often used more generally to refer to any software that is licensed:
1. to the public;
2. in source code form; and
3. under a standard (non-negotiable) royalty-free license.
Perhaps more accurately referred to as “public source” licensing
Common OSS License Requirements
1. Provide OSS recipients with certain OSS notices such as the text of the OS license,notice of OSS use, author attributions, warranty disclaimers, descriptions ofmodifications, or offers for source code.
2. Provide OSS recipients with the “corresponding source code” and other supportingmaterials for OSS distributed in non-source form (binary, bytecode, et cetera).
3. Grant outbound IP licenses covering OSS or derivatives or impose IP enforcementpenalties (such as OSS license termination) for asserting IP against the OSS orcontributors.
4. Grant OSS recipients certain additional use and development rights such as the right toreplace or reverse engineer the OS software or to “crack” any anti-circumventionprotection limiting access to the OS software.
Software from many different licensors is licensed to the general public under standard, non-negotiable licenses.
Licensing terms are often negotiable and vary by provider, customer, purchased products and services, and intended use.
Software is delivered in source form and licensed for source or binary use.
Software is typically delivered in binary form and licensed only for binary use.
Licenses generally permit modification, subject to varying obligations and restrictions.
Licenses typically include prohibitions on reverse-engineering and modification of the software.
Licenses generally permit royalty-free redistribution of the software, subject to varying obligations and restrictions.
Licenses typically prohibit or impose royalty fees on redistribution of the licensed software.
Licenses generally include explicit disclaimers of warranty and liability for downstream use of the software.
License may include warranties andindemnification from the licensor.
Ownership interests in the software are often distributed among many contributors.
Ownership interest in the software is typically consolidated in a single entity.
Categories of OSS Licenses
What is Copyleft?
› Copyleft (aka viral, hereditary, reciprocal) licenses require thatcertain software combined with the copyleft software belicensed in source code form under the terms of the samecopyleft license
› The software subject to the license’s copyleft (or “tainting”)requirements varies by license but are often categorizedgenerally as either “strong” or “weak” copyleft.
License Categories and Features
› open-source licenses are often categorized by the scope of their copyleft (or “tainting”) effect:
▪ Strong-copyleft
▪Weak-copyleft (aka “file-level” copyleft)
▪ Permissive (aka “attribution,” “academic”)
› Licenses may also be distinguished by unique restrictions and requirements:
▪GNU
▪ Prohibitive/restricted
▪Network
Strong-Copyleft Licenses
› Copyleft requirements can extend to derivative works of
the OS software which may include certain software
combined with the OS software.
› Which software combinations create derivative works is
debated within legal and software communities and not
clearly delineated under U.S. statutes and case law.
› require modifications or enhancements to the weak-copyleft
OSS to be licensed under the terms of the same weak-copyleft
license.
› Whether combined software is considered a “modification” or
“enhancement” usually depends on how the combined software
and open-source software are combined (e.g., separate processes,
linked runtime library, direct source code combination).
› Examples: • Mozilla Public License (MPL)• Eclipse Public License (EPL)• Common Public License (CPL)• Common Development and Distribution License (CDDL)
Permissive Licenses
› Permissive open-source licenses do not have a copyleft
effect, regardless of how the open-source software is
modified or combined with other software
› Sometimes referred to as “attribution” or “academic” licenses.
› Examples: ▪BSD▪MIT▪Apache▪Boost
GNU licenses
› Examples of GNU licenses:
▪ Library/Lesser General Public License (LGPL): weak-copyleft
▪ General Public License (GPL): strong-copyleft
▪ Affero General Public License (AGPL): network strong-copyleft
› Unique user/licensee-focused requirements
▪ Enabling recipients to replace the GNU software included or embedded within products
▪ Permitting reverse engineering or cracking anti-circumvention protections limiting access to the OS software.
Restricted/Prohibitive Licenses
› Restricted/Prohibitive licenses forbid specific uses of the
› Enforcement primarily driven by the open-source community and OSinterest groups such as the Software Freedom Law Center, SoftwareFreedom Conservancy, Free Software Foundation, and GPL-Violations.org.
› OS software licensed under the General Public License (GPL) hastypically been the focus of enforcement efforts
› Defendants that have settled or lost lawsuits include Cisco, Best Buy,D-Link, Samsung, Skype, TomTom, Westinghouse, Verizon, and JVC.
› Plaintiffs have been successful in U.S., Germany, and France.
> Dual Licensors: Licensor releases source code under a “dual-licensing”model (licensees select either the OS license or fee-based commerciallicense). Licensors often police and pursue allegedly non-compliantuse of the dual-licensed software.
> Open Trolling: individual copyright holders release software underonly an OS license, police non-compliant use, and offer commerciallicenses to non-compliant users and distributors.
> B2B Software Licensing Disputes: OS license obligations or OS licensenon-compliance relied upon for affirmative defenses, counterclaims,or leverage in commercial software disputes.
19
Commercial Open-Source Licensing Strategies
Common Open-Source Business Strategies
OS business models generally rely upon one or more of thefollowing strategies:
1. Dual-licensing proprietary company software;
2. Providing commercial or enterprise versions orextensions to open-source software or platforms;
3. Offering maintenance, support, consulting or otherservices related to or in support of open-source software
4. Closed-source distributions of open-source softwareincluding proprietary modifications or combinations withproprietary or other open-source software.
1. Dual Licensing
Company offers software for use under either an OS license or apaid commercial license. The OS license often prohibits or limitscommercial use of the OS software. Licensees wishing to avoid suchrestrictions can purchase a commercial license. Commercial licensesmay additionally or alternatively:
▪ provide access to company services (support, maintenance,customization)
▪ include warranties or indemnification not available under the open-source license;
▪ provide early access to updated versions of the software; or
▪ serve to resolve company infringement claims.
› Examples: MySQL, Java EE/SE, MongoDB, Qt
2a. Open Core
› Open Core (Freemium): Company offers a version of its product
under an open-source license while offering enhanced versions (aka
an “enterprise” version) of the software under a commercial license.