Murphy's Law: Open-Source Licensing Brings Headaches, Confusion
Murphy's Law: Open-Source Licensing Brings Headaches, Confusion
Posted 07/09/2009 at 4:45pm
| by David Murphy
9
Comments
Print
Open-source licensing can be a tricky beast. But it's not just aspiring software developers that need be concerned about the nuances of OSS licensing (or freeware licensing, for that matter). If you offer up apps on a CD or a Web site for others to grab, you're just as impacted by the parameters of licensing as anyone else. If you're just a downloader who's thinking, "why me? I just install cool programs," it behooves you to understand the differences between legitimate and illegal distribution models for the programs you fancy. While you, yourself, cannot be held accountable for another's licensing violation when you go to download software, you shouldn't encourage their efforts either. Playing by the rules is the only way to keep the spirit of open source alive.
That doesn't make it any less easy for you to understand the rules. And there are certainly number of them. There are licensing restrictions for what you can make available to others. There are restrictions on the kinds of files or code you need to package alongside applications you're distributing (be it on a CD to a friend or on your personal home page). There are restrictions on your ability to modify the software and retain elements of its original trademarks, and there are restrictions on what you can charge to deliver the software to others. There are a lot of restrictions--far more than what I could ever cover in a single column. And they aren't always as clearly defined as one would hope.
The GNU General Public License (GPL), for example, allows you to make whatever modifications to a program you want without additional reservations, provided you keep the changes to yourself. The license most concerns itself with distribution of the software. If you choose to make your modified work available to a friend, a group of fans, or the Internet as a whole, you have to package your derivative work along with the requisite license and source code. But even that's a can of worms in itself.
Is it enough to pack the complete source code along with your program's binaries? Yes. That's actually the preferred method of satisfying your licensing requirements. You can also link to a third-party site that hosts the applicable source-code for you--if you're passing along a binary as part of a software distribution package, for example--but you have to make sure that said site is both easily found via the program and that it is able to host the relevant source code for as long as you're distributing the binary.
As always, the necessity of packaging source code along with a program varies depending on the licensing scheme. OpenOffice.org's LGPL v3 allows you to just link back to main OpenOffice.org site--it's as easy as that. Other licenses like the Berkeley Source Distribution (BSD) have no source code requirement. Unlike the GPL, which prohibits the inclusion of licensed open-source code into closed-source projects, projects based on a BSD license can be passed around, modified, and locked into programs without requiring the source code to be released in any fashion. Mozilla's MPL license requires that modifications of its applicable code-as opposed to new files you've created using your own code--be documented and the source code for the work be made available to the public for no less than 12 months.
Without getting into too much detail (for fear of writng a book instead of a column), this is a great example of the gap between strong and weak copyleft provisions. In a nutshell, copyleft--an obvious play on the word "copyright"--signifies a license's ability to force derivative works to use the same license when released. The GPL would be the strong copyleft example, whereas the free-ranging, do-whatever-you-want BSD license would fall in the latter category.
Of course, even if you were to follow all the parameters of whatever license it is that you're bound by as a developer or user, you could still run afoul of a company's legal rights by passing along a modified binary of the program without approval. Mozilla's Firefox browser represents the perfect scenario here. Suppose you found an awesome extension that you wanted to pack into a version of Firefox that you later decided to release on the Web or give to your friends. Technically, you would not be allowed to call the release Mozilla Firefox without approval, nor could you use the company's logos in the software itself.
Think about it. Any variation you make to Firefox--be it one as large as changing the default bookmarks to one as small as repackaging the installation file into a new archive--would be seen as an implicit endorsement by the company were you to use its Mozilla or Firefox trademarks in reference to the project. Were you to rename your creation AwesomeBrowser and strip the accompanying logos from the program, you'd be in the clear (assuming you fulfilled the other terms of the MPL).
Confusing? You betcha. But integrity in the open-source and freeware world leads to software development and community involvement in a manner that's consistent and fair for all involved. Without standards, the very nature of open-source would fold into one giant mush of "it's free, do whatever." And that's not what anybody wants, nor would its presumed benefits trickle down to you, the user, in a positive fashion. By helping developers enforce the rules of their software, you do your part in making sure that everyone, regardless of background, has the same ability to create and improve as anybody else. That's a good thing.
As for how you can best stay afloat in these multi-license waters, well. Read the licenses. Understand the licenses. Ask questions, search for FAQs, troll message boards. As the oft-repeated phrase goes, know your rights. And more importantly, know if you're accidentally violating someone else's.
David Murphy (@ Acererak) is a technology journalist and former Maximum PC editor. He writes weekly columns about the wide world of open-source and roundups of awesome, freebie software. Shoot him a message via Twitter, especially if you have an awesome app or game you're dying to recommend!
[image credit: http://www.gnu.org/software/software.html]
More like this
9
Comments
Comments are closed on this article
winmaster
July 09, 2009 at 7:14pm
So the version of Firefox packaged with Tor really shouldn't be called Firefox, but instead something like Torfox. What about Firefox Portable? Should that be called something else (although, they probably have permission...) This is very confusing, maybe you should write a book.
--------------------------------------------------------------------------------------------------
The quick brown fox jumps over the lazy dog.
jwalch.hawk
July 09, 2009 at 9:54pm
I'm not Murph, but I can sorta answer those...
I'm not sure if it's the same one you're talking about, but the version of Firefox I've seen with Tor capabilities is actually called TorPark rather than Firefox. I admit that I haven't checked thoroughly myself, but TorPark is fairly well known - if there were license violation issues (beyond the name thing, and they did actually rename it) one would think they'd have come up by now.
Firefox Portable was involved in the discussion of LiberKey. The guy who pointed out that LiberKey (may) have potential licensing issues brought it up. Apparantly, the Mozilla blog has made reference to PortableApps having explicit permission to do the repackaging they've done.
TheMurph
July 10, 2009 at 9:33am
Close.
In regards to Firefox with Tor capabilities, the current version of that is deemed the xB Browser. While it initially started out as a fork of the PortableApps Portable Firefox (and, thus, licensed under the GPL), it has since switched to a proprietary license -- the Ethical Software License Agreement. According to Haller (creater of said Portable Firefox), this was done without his permission and thus violates the original GPL license upon which the program was based.
That said, the developers of xB Browser aren't standing down on the matter. Posted in the same thread to which Haller accuses them of violations, the developer writes:
"Upon reviewing the source, as anyone is capable, you will find that it contains not a single bit of Johns code, and hasn't for a very long time. It was rewritten from scratch by both myself and the NSIS developer himself, Amir Szekely, three years ago. I reject John's claim, and suggest anyone who is interested may investigate for themselves, and I will provide the tools below."
Haller and the developer, Steve Topletz (I believe), continue to exchange words in a successive series of posts, with no ultimate resolution as to who's technically in the right. IANAL, so I can't exactly tell you myself.
As for Portable Firefox, Mozilla has given Haller permission to use Mozilla trademarks in his modified program.
jwalch.hawk
July 09, 2009 at 4:53pm
"it's free, do whatever." <--- Being a card-carrying skeptic, I fear this is actually far too common a sentiment.
Anyways, great article, Murph.
Wonder what inspired it?
TheMurph
July 09, 2009 at 5:03pm
Sadly, that's accurate -- people misperceive "open source" as a kind of "freeware," only their definition of the latter is far different than what typically is found on the Internet. After all, freeware can -- and often does -- come with a licensing provision.
I suppose it's more accurate to say that people often misperceive "open source" as "public domain" software, which is entirely innacurate.
To answer your question, the column came from my stewings and research over the entire LiberKey fiasco from this week's software roundup. I hope to have more to report on that next week, provided people return my queries...
domih2009
July 10, 2009 at 2:51pm
Regarding LiberKey, see:
http://www.informationweek.com/blog/main/archives/2009/06/liberkey_thats.html;jsessionid=3K4CCDDZNUOTGQSNDLPSKH0CJUNN2JVN
Which includes quotes from the PortableApps' people.
<<...It looks like they're repackaging most of that freeware [e/g., Chrome]without permission. And they're using the trademarks of Google, Mozilla and many others in connection with modified software, also apparently without permission, which isn't permitted by any of the trademark guidelines I've seen...>>
<<...They were using most of our software but with our splash screens, readme files, source code and the GPL license removed in violation of the GPL for about a year...>>
So it looks to me clearly there 3 actual causes of GPL and other licenses violations:
- Using trademarks without permissions (this is beyond GPL, it's pure copyright issue).
- Non-redistribution of the original GPL source code.
- Distribution of a derivative of a GPL product without publication of the modifications to the original source code or the derivative source code.So it looks like the LiberKey people are way over the rainbow and have either no clue about what they are doing or do not care (maybe there are in for the 15mn of fame).
Otherwise, regarding OSS licenses in general:
Yes, you have to read all the licenses and know what you are doing. "Open Source Licensing, Software Freedom and Intellectual Property Law" by Lawrence Rosen is a pretty good starting point to discover the issues and then actually understand the lawyer speak of the licenses (http://www.amazon.com/Open-Source-Licensing-Software-Intellectual/dp/0131487876). OOS Licensing is entirely based on copyright. The book explains the difference between copyright and patent and then went on describing the major difference difference between reciprocal (e.g. GPL) and non-reciprocal (e.g. BSD, Apache) licensing (anti-OSS people rather say viral and non-viral). I really advise reading this book if you are in the business or planning to create an application based on OSS software.
Practical notes:
- Once you have identify an OSS project that you would like to redistribute, Google it, browse the forums. Is is legit? Is it still in development and/or maintained? Browse the source code. Repeat this step for each of the OSS sub-projects used in it.
- Keep track of what and wich version you use. If you end up creating a business around the solution built with OSS projects and if you end up selling it. The buyer will want to know if you are legit, hence it will be time to disclose everything to the buyer, including whether or not you use GPL, BSD and so on. Usually corporate America will choke on GPL (and many on LGPL too!) if they want to keep the stuff they are buying proprietary.
- Keep track of the modifications to reciprocal source code you make.
- Contrary to what anti-OSS people think and beyond the nature of reciprocal OSS licenses most of the OSS projects love to see their projects used in commercial products. Usually they just want to see their copyright and some paragraph maintained in the commercial products. They are also interested in being able to publicly list you as a use case on their web site for the project fame. If you are not sure about a license (some projects just have a page saying "it's free!") contact the authors and get the OK from them for reusing their ware. In addition there are quite a number of projects where the non-commercial use is GPL (or whatever) and commercial use is non-GPL and allow use in proprietary solutions. Corporate America loves paying for software.So the overall landscape is rather positive unless you behave like an idiotic shoplifter (like apparently LiberKey does).
All that is above applies to redistribution or to works that are derivative but does not apply to use. In 99.99% of the cases, use is free. There are cases where there is restriction on use (e.g. MySQL is free for non-commercial use but is NOT free for commercial use), but this is not the same thing as redistribution or derivative.
TheMurph
July 10, 2009 at 7:14pm
I wouldn't be so quick to judge LiberKey, given that nobody has heard their side of the story and/or actually affirmed the claims that Haller is making on the Portable Apps forum.
I'm not saying he's 100% wrong. But I'm not saying he's 100% right either -- we just don't know... yet.
mesiah
July 09, 2009 at 8:45pm
Hehe, I had a feeling thats what got this article started. Good to see you are following up on those acusations, alot of people would have just said "My work here is done." and washed their hands of it.
TheMurph
July 09, 2009 at 9:34pm
Mad props to MPC reader Michael Secord for initially notifying me of the issue. As for my Liberkey investigation, I'm not sure what I'll be able to report to you next week, if anything. I'll do my best.
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Fraps 3.5.2 fixes lots of bugs, so if your motto, like @PCGamer's, is "always be frapsing," you should pick it up http://t.co/3DW3WUI02 hours 22 min ago
- maximumpc: Google Chrome Becomes World's Most-Used Web Browser, Kinda http://t.co/Xqgscmrp20 hours 16 min ago
- maximumpc: Don't call 'em Kepler: Nvidia's GeForce GT 610, 620 and 630 are rebadged Fermi parts. http://t.co/OjQvoLgk21 hours 56 min ago
