open source licenses in detail - ncb source workshop/4 - session… · former name: library general...
TRANSCRIPT
Open Source Licenses in Detail
Open Licensing Workshop, Mauritius, October 1/2, 2018
Dr. Till Jaeger
Certified Copyright and Media Law Attorney
www.jbb.de
2
Compatibility of FOSS Licenses
www.jbb.de
3
Licenses with a strong Copyleft:
● GPL - GNU General Public License, Versions 2 and 3
● AGPL - GNU Affero General Public License
● EPL – Eclipse Public License, Version 1
Licenses with a weak Copyleft
● LGPL – GNU Lesser General Public License, Versions, 2, 2.1 and 3
● MPL – Mozilla Public License, Versions 1, 1.1, 2
● EPL – Eclipse Public License, Version 2
OSS licenses
www.jbb.de
4
Non-Copyleft (permissive) licenses:
● BSD License (2-Clause, 3-Clause und 4-Clause)
● Apache License 2.0
● MIT License
● Academic Free License
● PHP License
● ...
OSS licenses
www.jbb.de
5
Derivative works cannot be licensed under more than one license at the same
time (except in the case of dual licensing)
Compatibility check:
a) are two components to be considered a derivative work?,
b) if yes: Copyleft triggered?,
c) if yes: are the FOSS licenses compatible?
License Compatibility
www.jbb.de www.jbb.de
6
Examination:
● Is there a Copyleft license? Is the Copyleft applicable? (e.g. derivative
work) - compatibility of the licenses involved
● More than one Copyleft license?
● If yes: compatibility clause applicable?
● If not: contains the non-copyleft license restrictions not contained in the
Copyleft license
License Compatibility
www.jbb.de
7
Non-copyleft licenses are always compatible among each other
Copyleft licenses are not compatible (except in the case of a compatibility clause)
Non-copyleft and copyleft licenses are compatible but in the case that the non-copyleft license provides an obligation the copyleft license does not provide (example: GPL-2.0 and Apache License 2.0 or BSD-4-Clause)
License Compatibility
www.jbb.de
8
Solution for copyleft licenses: compatibility clause
Sec. 3 LGPL-2.1, sec. 13 AGPL-3.0
“You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library.”
Sec. 3.3 MPL-2.0, Sec. 3.2 EPL-2.0 (compatibility with „secondary licenses“)
License Compatibility
www.jbb.de
9
GPL-2.0 (Linux) and GPL-3.0 – internal compatibility
Sec. 9 GPL-2.0 provides as follows:
● "any later version" – license under the GPL-3.0 possible
● Program does not specify a version number – license under all versions (GPL-1.0, GPL-2.0 and GPL-3.0) possible
● GPL-2.0 only? Not intended by sec. 9 GPL-2.0, but FSF tolerates this licensing for a long time – GPL-2.0 and GPL-3.0 are not compatible in this case
License Compatibility
www.jbb.de
10
License Compatibility
Source: https://stackoverflow.com/a/6523628
11
New solution for the compatibility problem in the GPL-3.0
Sec. 7 GPL-3.0
"Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or ….”
License Compatibility
www.jbb.de
12
Lizenzkompatibilität bei der GPL
13
FOSS Licenses (I)
BSD, MIT, Apache and MPL
www.jbb.de
14
Permissive License (Non-Copyleft-License)
Three versions: BSD-2-clause, BSD-3-clause and BSD-4-clause
2-clause and 3-clause are compatible with most other OSS licenses, BSD-4-clause not
compatible with the GPL
Simple use with proprietary developments
BSD Licenses
www.jbb.de
15
Copyright © 2012 Yahoo! Inc. All rights reserved.Redistribution and use of this software in source and binary forms, with or without modification, are permitted provided that the following conditions are met:Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.Neither the name of Yahoo! Inc. nor the names of YUI's contributors may be used to endorse or promote products derived from this software without specific prior written permission of Yahoo! Inc.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
BSD Licenses
www.jbb.de
16
BSD-4-clause - advertising clause:
“All advertising materials mentioning features or use of this software must display the
following acknowledgement: This product includes software developed by the
University of California, Berkeley and its contributors.“
BSD-3-clause – „non-advertising“ clause:
„Neither the name of the <rightholder> nor the names of its contributors may be used
to endorse or promote products derived from this software without specific prior
written permission.“
BSD Licenses
www.jbb.de
17
License obligations:
● Delivery of the license text (including the disclaimer)
● Providing all copyright notices
BSD Licenses
www.jbb.de
18
Permissive license
Grant of rights is broad
License obligations:
“The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.“
MIT License
www.jbb.de
19
Permissive license
Obligations similar to the BSD-3-clause
Additional obligations:
● Indemnification clause
● Prominent notice about modifications in adapted files
● Providing a NOTICE file (if preexisting)
● Retaining trademark, patent and copyright notices
Apache License 2.0
www.jbb.de
20
21
Compatible with GPL-3.0, but not with GPL-2.0
Indemnification provision in sec. 9
Termination of patent license in sec. 3
Apache License 2.0
www.jbb.de
22
Weak Copyleft
The copyleft is restricted to files containing CDDL/MPL code (file-based approach is a mere formal
criterium)
No risk to be obliged to license proprietary software under the MPL/CDDL as long as modifications
are made outside such files
MPL-2.0 contains specific compatibility clause with the AGPL, GPL and LGPL
MPL and CDDL
www.jbb.de
23
License obligations:
● Delivery of the license text
● Access to the source code and information about how to access
● Retaining trademark, patent and copyright notices
● Prominent notice about modifications in adapted files
MPL and CDDL
www.jbb.de
24
FOSS Licenses (II)
AGPL, GPL and LGPL
www.jbb.de
25
Overview to GNU licenses:
● Free Software Foundation (FSF) is the license steward
● GNU GPL is the flagship license for Copyleft
● GNU LGPL is a specific license for libraries
● GNU AGPL is a license for SaaS with Copyleft
GNU Licenses
www.jbb.de
26
GNU Licenses
www.jbb.de
Source: Derek Molloy, http://derekmolloy.ie/writing-a-linux-kernel-module-part-1-introduction/
27
Most popular FOSS license
Linux is probably the most important free software (Android, embedded
systems)
Version 2 from 1991, version 3 from 2007
GPL
www.jbb.de
28
Right to reproduce and distribute
Right to create derivative works
Right to make the software publicly available (see sec. 3 GPL-2.0)
Rental right
GPL-2.0 – Grant of Rights
www.jbb.de
29
Providing the license text (in paper or electronically)
Copyright notice(s) and disclaimer
Providing the complete corresponding source code (or written offer thereof)
No license fees or further restrictions
www.jbb.de
GPL-2.0 – Distribution Obligations
30
Source code exactly corresponding to the distributed binary
Scripts to control compilation and installation
Not necessary: standard libraries, compiler and other tools (but helpful for
embedded systems with cross compiling)
GPL-2.0 – Complete Corresponding Source Code
www.jbb.de
31
Sec. 2b GPL-2.0:
“You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.“
GPL-2.0 – Copyleft
www.jbb.de
32
Sec. 0 GPL-2.0:
“The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language.“
Sec. 2 GPL-2.0: interpretation of what is considered as a derivative work – or just a
referrer to what is a derivative work under copyright law?
GPL is not very clear about how to interpret „derivative work“
GPL-2.0 – Copyleft
www.jbb.de
33
Sec. 2 (2) GPL-2.0:
“If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works.”
Proposal for an interpretation: formal and functional criteria
Formal criterion: code in one single file has to be considered as a derivative work (e.g.
static linking)
GPL-2.0 – Copyleft
www.jbb.de
34
Clear cut cases: modifications within a source code file
IPC – inter process communication (e.g. sockets, pipes): typical for independent
works
Use of software tools which do not copy code in the created program (but Bison
and gcc have specific exceptions)
GPL-2.0 – Copyleft
www.jbb.de
35
Unclear cases: dynamic linking, kernel modules
Kernel modules are deeply integrated into the kernel – copyleft probably applies
Dynamic linking: differentiation between standard libraries and non-standard
libraries? But: strict position of the FSF (always a derivative work)
GPL-2.0 – Copyleft
www.jbb.de
36
License FAQ of the FSF: http://www.gnu.org/licenses/gpl-faq.html
Interpretation of the FSF: not binding, but factual relevance
GPL-2.0 – Copyleft
www.jbb.de
37
Internationalization of terms: “Propagate” and “convey”
“Convey” replaces “distribution”
“Convey”: transfer of a copy – SaaS does not trigger license obligations (except
javascript running on the client)
GPL-3.0 – Changes to GPL-2.0
www.jbb.de
38
Changed distribution obligations (e.g. source code can be provided by
download)
Anti-tivoization clause and „Installation Information“
Anti-DRM clauses
Automatic termination and automatic licensing
www.jbb.de
GPL-3.0 – Changes to GPL-2.0
39
Strengthening of license compatibility
Additional restrictions allowed under sec. 7
Affero General Public License (AGPL-3.0) – Copyleft for webservices
But: no license compatibility with GPL-2.0 „only“
GPL-3.0 – Changes to GPL-2.0
www.jbb.de
40
Strong copyleft license
Grant of rights and license obligations as in the GPL-3.0
Additional requirement: source code for software that is running on a server
instead of being distributed has to be provided under the AGPL-3.0
Compatible with GPL-3.0
AGPL-3.0
www.jbb.de
41
Weak copyleft
License for libraries, in particular: glibc
Former name: Library General Public License
Goal: free libraries as a standard
Version 2.1 from 1999, version 3 from 2007
Libraries under the LGPL are dual licensed under both the GPL and LGPL (sec. 3 LGPL-2.1) - can be used with GPL licensed applications
LGPL
www.jbb.de
42
Distribution of the combination of an application with the library:
● Sec. 5: the application is defined to be a „derivative work“ if linked with the library
● Sec. 6: exception for the distribution of executables containing the library
● Sec. 7: exception for the combination of library facilities within one library
LGPL
www.jbb.de
43
License obligations (general obligations):
● Providing the license text of the LGPL
● Providing the source code of the library
● Prominent notice about modifications in adapted files and the date
● Modified library must itself be a software library
● Modified library has to be licensed under the LGPL
LGPL
www.jbb.de
44
License obligations (for the distribution with an application, sec. 6 LGPL-2.1):
● Permission (license) to modify the application for the customer's own use and reverse engineering for debugging such modifications – but no obligation to provide the source code of the application
● Prominent notice that the library is used in the application (if so) and that the library is covered by the LGPL
● Use a shared library mechanism or deliver the object code file of the application to allow relinking
LGPL
www.jbb.de
45
License obligations (for the distribution with an application):
● If the application displays copyright notices:
– Including a copyright notice for the library among them
– Including a reference directing the user to the license text
LGPL
www.jbb.de
46
LGPL-3.0 is the GPL-3.0 with additional permissions
Modifications of the library have not to result in a (new) library
No permission needed to allow the modification of the library (see sec. 4)
Providing the license texts of the LGPL-3.0 and GPL-3.0 required
LGPL
www.jbb.de
47
Software Freedom Law Center Guide to GPL Compliance: https://www.softwarefreedom.org/resources/2014/SFLC-Guide_to_GPL_Compliance_2d_ed.html
Copyleft and the GNU General Public License: A Comprehensive Tutorial and
Guide: https://copyleft.org/guide/
FAQ of FSF and FAQ of ifrOSS: http://www.ifross.org/en/faq-frequently-asked-questions
www.jbb.de
GNU Licenses - Interpretation
48
FOSS Licenses (III)
EPL and other FOSS Licenses
www.jbb.de
49
EPL is an adapted version of the Common Public License (CPL)
License steward is the Eclipse Foundation instead of IBM
EPL-2.0 published in 2017 – weak copyleft license
The laws of the state of New York are applicable
EPL and CPL
www.jbb.de
50
EPL-1.0: strong copyleft but scope is unclear (and this interpretation)
Copyleft:
"Contribution" means: a) …, b) in the case of each subsequent Contributor:
i) changes to the Program, and ii) additions to the Program;
where such changes and/or additions to the Program originate from and are distributed by that particular Contributor. A Contribution 'originates' from a Contributor if it was added to the Program by such Contributor itself or anyone acting on such Contributor's behalf. Contributions do not include additions to the Program which: (i) are separate modules of software distributed in conjunction with the Program under their own license agreement, and (ii) are not derivative works of the Program.
EPL
www.jbb.de
51
EPL
www.jbb.de
52
Different interpretations of FSF and Eclipse Foundation about what is a
„derivative work“
Problem solved with EPL-2.0:
“Modified Works shall not include works that contain only declarations,
interfaces, types, classes, structures, or files of the Program solely in each case
in order to link to, bind by name, or subclass the Program or Modified Works
thereof.”
EPL
www.jbb.de
53
EPL-1.0 allows licensee to use the software under EPL-2.0:
“Each new version of the Agreement will be given a distinguishing version
number. The Program (including Contributions) may always be distributed
subject to the version of the Agreement under which it was received. In addition,
after a new version of the Agreement is published, Contributor may elect to
distribute the Program (including its Contributions) under the new version..”
EPL
www.jbb.de
54
License obligations:
● Providing the license text of the EPL (or complying license)
● Providing the source code
● Prominent notice about modifications in adapted files
● Retaining trademark, patent and copyright notices
● Indemnification for contributors (sec. 4)
EPL
www.jbb.de
55
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
Version 2, December 2004
Copyright (C) 2004 Sam Hocevar <[email protected]>
Everyone is permitted to copy and distribute verbatim or modified
copies of this license document, and changing it is allowed as long
as the name is changed.
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. You just DO WHAT THE FUCK YOU WANT TO.
WTFPL
www.jbb.de
56
Permissive license
License for the license text and license for a computer programme
No license obligations
WTFPL
www.jbb.de
57
Public domain in the US: waiver is possible
Public domain in Germany: copyright protection has to be expired (70 years after the death of the author; sec. 15 Mauritius Copyright Act: 50 years)
Dedication to the public domain may be interpreted as unristricted permissive license without license conditions
Sample code in books or public documents – license required
Public Domain
www.jbb.de