Open Source Licensing Fundamentals for Financial Services November 8, 2018 Andrew J. Hall © 2015-present Hall Law. All rights reserved. This presentation may be reproduced and distributed under the terms of the Creative Commons Attribution-NoDerivatives 4.0 (CC BY-ND 4.0) International license published at: https ://creativecommons.org/licenses/by-nd/4.0/legalcode.txt www.thehalllaw.com
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Open Source Licensing Fundamentals for Financial Services
November 8, 2018Andrew J. Hall
© 2015-present Hall Law. All rights reserved. This presentation may be reproduced and distributed under theterms of the Creative Commons Attribution-NoDerivatives 4.0 (CC BY-ND 4.0) International license published at:https://creativecommons.org/licenses/by-nd/4.0/legalcode.txt
www.thehalllaw.com
Presentation Overview
› What is open-source software?
› Categories of OSS licenses
› OSS license enforcement
› Commercial open-source licensing strategies (making money by giving it away)
Free and Open-Source Software
Free & Open-Source Software Definitions
› Free Software Foundation (fsf.org | gnu.org)
› “Free Software” | the “Four Freedoms”
› Roughly, the license must grant recipients the freedom to run,copy, distribute, and modify the software.
› Open Source Initiative (opensource.org)
› “Open Source” | 10 license criteria
› Roughly, the license must be royalty-free, cover source code,permit copying and distribution, and cannot discriminate againstpersons, groups, uses, or technologies.
Common use of “open source” in software community
“Open source” is often used more generally to refer to any software that is licensed:
1. to the public;
2. in source code form; and
3. under a standard (non-negotiable) royalty-free license.
Perhaps more accurately referred to as “public source” licensing
Common OSS License Requirements
1. Provide OSS recipients with certain OSS notices such as the text of the OS license,notice of OSS use, author attributions, warranty disclaimers, descriptions ofmodifications, or offers for source code.
2. Provide OSS recipients with the “corresponding source code” and other supportingmaterials for OSS distributed in non-source form (binary, bytecode, et cetera).
3. Grant outbound IP licenses covering OSS or derivatives or impose IP enforcementpenalties (such as OSS license termination) for asserting IP against the OSS orcontributors.
4. Grant OSS recipients certain additional use and development rights such as the right toreplace or reverse engineer the OS software or to “crack” any anti-circumventionprotection limiting access to the OS software.
Distinguishing OSS licenses from typical commercial software licensesopen-source Licensing Commercial Software Licensing
Software from many different licensors is licensed to the general public under standard, non-negotiable licenses.
Licensing terms are often negotiable and vary by provider, customer, purchased products and services, and intended use.
Software is delivered in source form and licensed for source or binary use.
Software is typically delivered in binary form and licensed only for binary use.
Licenses generally permit modification, subject to varying obligations and restrictions.
Licenses typically include prohibitions on reverse-engineering and modification of the software.
Licenses generally permit royalty-free redistribution of the software, subject to varying obligations and restrictions.
Licenses typically prohibit or impose royalty fees on redistribution of the licensed software.
Licenses generally include explicit disclaimers of warranty and liability for downstream use of the software.
License may include warranties andindemnification from the licensor.
Ownership interests in the software are often distributed among many contributors.
Ownership interest in the software is typically consolidated in a single entity.
Categories of OSS Licenses
What is Copyleft?
› Copyleft (aka viral, hereditary, reciprocal) licenses require thatcertain software combined with the copyleft software belicensed in source code form under the terms of the samecopyleft license
› The software subject to the license’s copyleft (or “tainting”)requirements varies by license but are often categorizedgenerally as either “strong” or “weak” copyleft.
License Categories and Features
› open-source licenses are often categorized by the scope of their copyleft (or “tainting”) effect:
▪ Strong-copyleft
▪Weak-copyleft (aka “file-level” copyleft)
▪ Permissive (aka “attribution,” “academic”)
› Licenses may also be distinguished by unique restrictions and requirements:
▪GNU
▪ Prohibitive/restricted
▪Network
Strong-Copyleft Licenses
› Copyleft requirements can extend to derivative works of
the OS software which may include certain software
combined with the OS software.
› Which software combinations create derivative works is
debated within legal and software communities and not
clearly delineated under U.S. statutes and case law.
› Examples: ▪ General Public License (GPL)
▪ Affero General Public License (AGPL)
▪ Creative Commons Share-Alike Licenses (CC *-SA-*)
Weak-Copyleft Licenses
› require modifications or enhancements to the weak-copyleft
OSS to be licensed under the terms of the same weak-copyleft
license.
› Whether combined software is considered a “modification” or
“enhancement” usually depends on how the combined software
and open-source software are combined (e.g., separate processes,
linked runtime library, direct source code combination).
› Examples: • Mozilla Public License (MPL)• Eclipse Public License (EPL)• Common Public License (CPL)• Common Development and Distribution License (CDDL)
Permissive Licenses
› Permissive open-source licenses do not have a copyleft
effect, regardless of how the open-source software is
modified or combined with other software
› Sometimes referred to as “attribution” or “academic” licenses.
› Examples: ▪BSD▪MIT▪Apache▪Boost
GNU licenses
› Examples of GNU licenses:
▪ Library/Lesser General Public License (LGPL): weak-copyleft
▪ General Public License (GPL): strong-copyleft
▪ Affero General Public License (AGPL): network strong-copyleft
› Unique user/licensee-focused requirements
▪ Enabling recipients to replace the GNU software included or embedded within products
▪ Permitting reverse engineering or cracking anti-circumvention protections limiting access to the OS software.
Restricted/Prohibitive Licenses
› Restricted/Prohibitive licenses forbid specific uses of the
open-source software
› Examples:
▪ Creative Commons Non-Commercial licenses (CC *-NC-*) prohibits commercialuse
▪ Oracle Binary Code License Agreement prohibits modification or use on dedicatedhardware.
▪ Microsoft Limited Public License (MS-LPL) prohibits use on non-Windowsplatforms (e.g., Linux, Mac open-source).
▪ The JSON license prohibits using the software for evil.
Network Licenses
› Unlike many other open-source licenses, the requirements of
network licenses are triggered by either distribution or certain
hosted uses of the OSS (e.g., SaaS deployments).
› Examples of network copyleft licenses:
▪ GNU Affero General Public License (AGPL)
▪ Creative Commons Share-Alike Licenses (CC *-SA-*)
▪ Open Software License (OSL)
Open-Source License Enforcement
Community OS License Enforcement
› Enforcement primarily driven by the open-source community and OSinterest groups such as the Software Freedom Law Center, SoftwareFreedom Conservancy, Free Software Foundation, and GPL-Violations.org.
› OS software licensed under the General Public License (GPL) hastypically been the focus of enforcement efforts
› Defendants that have settled or lost lawsuits include Cisco, Best Buy,D-Link, Samsung, Skype, TomTom, Westinghouse, Verizon, and JVC.
› Plaintiffs have been successful in U.S., Germany, and France.
Private OS License enforcement
> Dual Licensors: Licensor releases source code under a “dual-licensing”model (licensees select either the OS license or fee-based commerciallicense). Licensors often police and pursue allegedly non-compliantuse of the dual-licensed software.
> Open Trolling: individual copyright holders release software underonly an OS license, police non-compliant use, and offer commerciallicenses to non-compliant users and distributors.
> B2B Software Licensing Disputes: OS license obligations or OS licensenon-compliance relied upon for affirmative defenses, counterclaims,or leverage in commercial software disputes.
19
Commercial Open-Source Licensing Strategies
Common Open-Source Business Strategies
OS business models generally rely upon one or more of thefollowing strategies:
1. Dual-licensing proprietary company software;
2. Providing commercial or enterprise versions orextensions to open-source software or platforms;
3. Offering maintenance, support, consulting or otherservices related to or in support of open-source software
4. Closed-source distributions of open-source softwareincluding proprietary modifications or combinations withproprietary or other open-source software.
1. Dual Licensing
Company offers software for use under either an OS license or apaid commercial license. The OS license often prohibits or limitscommercial use of the OS software. Licensees wishing to avoid suchrestrictions can purchase a commercial license. Commercial licensesmay additionally or alternatively:
▪ provide access to company services (support, maintenance,customization)
▪ include warranties or indemnification not available under the open-source license;
▪ provide early access to updated versions of the software; or
▪ serve to resolve company infringement claims.
› Examples: MySQL, Java EE/SE, MongoDB, Qt
2a. Open Core
› Open Core (Freemium): Company offers a version of its product
under an open-source license while offering enhanced versions (aka
an “enterprise” version) of the software under a commercial license.
› Examples: Sendmail, Java EE/SE, Sourcefire Snort, Qt
2b. Open Platform
› Open Platform: Company releases a software platform under an
open-source license and offers proprietary plug-ins, extensions,
applications, or content through the platform under commercial
licensing terms.
› Examples: Android, Eclipse, Wordpress
3. Providing Related Services
› Company offers services related to OS software that may or
may not be owned by the company.
› Related services can include training, customization,
implementation, maintenance, hosting (SaaS, PaaS, IaaS),
certification, support, or compiling, building, or packaging
services.
› Examples: Red Hat, AWS, MongoDB, IBM, Oracle, and Microsoft.
4. Closed-Source Open Source
› Company releases commercial (closed-source) versions of open-
source originally licensed under a permissive license (e.g.,
Apache 2.0) or offers commercial plugins or extensions to an
open-source project or platform. The distributions are often
specialized for a particular industry or use case.
› Examples: Cloudera, Hortonworks, MapR and AWS (offering
virtual server space incorporating numerous open-source
projects).
Questions, Comments, Thoughts?
Contact:Andrew J. Hallahall thehalllaw.comwww.thehalllaw.com
© 2015-present Hall Law. All rights reserved. This presentation may be reproduced and distributed under theterms of the Creative Commons Attribution-NoDerivatives 4.0 (CC BY-ND 4.0) International license published at:https://creativecommons.org/licenses/by-nd/4.0/legalcode.txt
Related Documents
