Murphy's Law: Open-Source Licensing Brings Headaches, Confusion

9

Comments

+ Add a Comment
avatar

winmaster

So the version of Firefox packaged with Tor really shouldn't be called Firefox, but instead something like Torfox. What about Firefox Portable? Should that be called something else (although, they probably have permission...)  This is very confusing, maybe you should write a book. 

-------------------------------------------------------------------------------------------------- 

The quick brown fox jumps over the lazy dog.

avatar

jwalch.hawk

I'm not Murph, but I can sorta answer those...

I'm not sure if it's the same one you're talking about, but the version of Firefox I've seen with Tor capabilities is actually called TorPark rather than Firefox.  I admit that I haven't checked thoroughly myself, but TorPark is fairly well known - if there were license violation issues (beyond the name thing, and they did actually rename it) one would think they'd have come up by now.

 

Firefox Portable was involved in the discussion of LiberKey.  The guy who pointed out that LiberKey (may) have potential licensing issues brought it up.  Apparantly, the Mozilla blog has made reference to PortableApps having explicit permission to do the repackaging they've done.

avatar

TheMurph

Close.

In regards to Firefox with Tor capabilities, the current version of that is deemed the xB Browser.  While it initially started out as a fork of the PortableApps Portable Firefox (and, thus, licensed under the GPL), it has since switched to a proprietary license -- the Ethical Software License Agreement.  According to Haller (creater of said Portable Firefox), this was done without his permission and thus violates the original GPL license upon which the program was based.

That said, the developers of xB Browser aren't standing down on the matter.  Posted in the same thread to which Haller accuses them of violations, the developer writes:

"Upon reviewing the source, as anyone is capable, you will find that it contains not a single bit of Johns code, and hasn't for a very long time. It was rewritten from scratch by both myself and the NSIS developer himself, Amir Szekely, three years ago. I reject John's claim, and suggest anyone who is interested may investigate for themselves, and I will provide the tools below."

Haller and the developer, Steve Topletz (I believe), continue to exchange words in a successive series of posts, with no ultimate resolution as to who's technically in the right. IANAL, so I can't exactly tell you myself.

As for Portable Firefox, Mozilla has given Haller permission to use Mozilla trademarks in his modified program.

avatar

jwalch.hawk

"it's free, do whatever." <--- Being a card-carrying skeptic, I fear this is actually far too common a sentiment.

 

Anyways, great article, Murph.  

Wonder what inspired it? 

avatar

TheMurph

Sadly, that's accurate -- people misperceive "open source" as a kind of "freeware," only their definition of the latter is far different than what typically is found on the Internet.  After all, freeware can -- and often does -- come with a licensing provision. 

I suppose it's more accurate to say that people often misperceive "open source" as "public domain" software, which is entirely innacurate.

To answer your question, the column came from my stewings and research over the entire LiberKey fiasco from this week's software roundup.  I hope to have more to report on that next week, provided people return my queries...

avatar

domih2009

Regarding LiberKey, see:

http://www.informationweek.com/blog/main/archives/2009/06/liberkey_thats.html;jsessionid=3K4CCDDZNUOTGQSNDLPSKH0CJUNN2JVN

Which includes quotes from the PortableApps' people.

<<...It looks like they're repackaging most of that freeware [e/g., Chrome]without permission.  And they're using the trademarks of Google, Mozilla and many others in connection with modified software, also apparently without permission, which isn't permitted by any of the trademark guidelines I've seen...>>

<<...They were using most of our software but with our splash screens, readme files, source code and the GPL license removed in violation of the GPL for about a year...>>

So it looks to me clearly there 3 actual causes of GPL and other licenses violations:

- Using trademarks without permissions (this is beyond GPL, it's pure copyright issue).
- Non-redistribution of the original GPL source code.
- Distribution of a derivative of a GPL product without publication of the modifications to the original source code or the derivative source code.

So it looks like the LiberKey people are way over the rainbow and have either no clue about what they are doing or do not care (maybe there are in for the 15mn of fame).

Otherwise, regarding OSS licenses in general:

Yes, you have to read all the licenses and know what you are doing. "Open Source Licensing, Software Freedom and Intellectual Property Law" by Lawrence Rosen is a pretty good starting point to discover the issues and then actually understand the lawyer speak of the licenses (http://www.amazon.com/Open-Source-Licensing-Software-Intellectual/dp/0131487876). OOS Licensing is entirely based on copyright. The book explains the difference between copyright and patent and then went on describing the major difference difference between reciprocal (e.g. GPL) and non-reciprocal (e.g. BSD, Apache) licensing (anti-OSS people rather say viral and non-viral). I really advise reading this book if you are in the business or planning to create an application based on OSS software.

Practical notes:
- Once you have identify an OSS project that you would like to redistribute, Google it, browse the forums. Is is legit? Is it still in development and/or maintained? Browse the source code. Repeat this step for each of the OSS sub-projects used in it.
- Keep track of what and wich version you use. If you end up creating a business around the solution built with OSS projects and if you end up selling it. The buyer will want to know if you are legit, hence it will be time to disclose everything to the buyer, including whether or not you use GPL, BSD and so on. Usually corporate America will choke on GPL (and many on LGPL too!) if they want to keep the stuff they are buying proprietary.
- Keep track of the modifications to reciprocal source code you make.
- Contrary to what anti-OSS people think and beyond the nature of reciprocal OSS licenses most of the OSS projects love to see their projects used in commercial products. Usually they just want to see their copyright and some paragraph maintained in the commercial products. They are also interested in being able to publicly list you as a use case on their web site for the project fame. If you are not sure about a license (some projects just have a page saying "it's free!") contact the authors and get the OK from them for reusing their ware. In addition there are quite a number of projects where the non-commercial use is GPL (or whatever) and commercial use is non-GPL and allow use in proprietary solutions. Corporate America loves paying for software.

So the overall landscape is rather positive unless you behave like an idiotic shoplifter (like apparently LiberKey does).

All that is above applies to redistribution or to works that are derivative but does not apply to use. In 99.99% of the cases, use is free. There are cases where there is restriction on use (e.g. MySQL is free for non-commercial use but is NOT free for commercial use), but this is not the same thing as redistribution or derivative.

avatar

TheMurph

I wouldn't be so quick to judge LiberKey, given that nobody has heard their side of the story and/or actually affirmed the claims that Haller is making on the Portable Apps forum.

I'm not saying he's 100% wrong.  But I'm not saying he's 100% right either -- we just don't know... yet.

avatar

mesiah

Hehe, I had a feeling thats what got this article started. Good to see you are following up on those acusations, alot of people would have just said "My work here is done." and washed their hands of it.

avatar

TheMurph

Mad props to MPC reader Michael Secord for initially notifying me of the issue.  As for my Liberkey investigation, I'm not sure what I'll be able to report to you next week, if anything.  I'll do my best.

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.