top ten open source licenses

The Top 10 Open Source Licenses

Karen Copenhaver

Mark Radcliffe

Peter Vescuso

Webinar

February 11, 2009

Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.

Speakers

Karen Copenhaver

Partner at Choate Hall & Stewart

Counsel for the Linux Foundation

Mark Radcliffe

Partner at DLA Piper

General Counsel for the Open Source Initiative (OSI)

Peter Vescuso

EVP of Marketing and Business Development, Black Duck Software


Agenda

The Top 10 Open Source Licenses Open Source Licenses and the OSI

Discussion of Top 101. BSD2. MIT3. Apache4. Mozilla5. Common Public License6. Eclipse Public License7. Artistic8. GPL (v2, v3)9. LGPL (v2.1, v3)10.AGPL (aka Affero GPL)

Summary

Q & A


Open Source Licenses and the OSI Who is the OSI (Open Source Initiative)?

– The OSI are the stewards of the Open Source Definition (OSD) and the community-recognized body for reviewing and approving licenses as OSD-conformant.

OSI lists 72 licenses which OSI has approved as being “Open Source”

Three types of open source licenses:– Reciprocal Licenses: General Public License, Mozilla Public License, Common Public License– Notice: Apache License, BSD, MIT– Other: NASA Open Source

Open Source Definition– 1. Free Redistribution– 2. Program must include Source Code and must allow distribution in source code as

well as compiled form. – 3. Must Allow Modifications and Derived Works– 4. Integrity of the Author's Source Code– 5. No Discrimination Against Persons or Groups– 6. No Discrimination Against Fields of Endeavor– 7. Distribution of License – no additional license can be required of others who

redistribute the program– 8. License Must Not Be Specific to a Product– 9. License Must Not Restrict Other Software– 10. License Must Be Technology-Neutral – not predicated on any individual

technology

(www.opensource.org)


The Updated BSD LicenseCopyright (c) <YEAR>, <OWNER>

All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

Neither the name of the <ORGANIZATION> nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


Advertising Clause from Original BSD License

Advertising Clause is deleted in the updated version

3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the University of

California, Berkeley and its contributors.


The MIT License

Very Similar to BSD but note the difference:

– THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.


The Apache License

“Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.

"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner.


Apache - Continued

Grant of Patent License.

Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.


Apache - Continued

Accepting Warranty or Additional Liability.

While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.


The Mozilla License

''Modifications'' means any addition to or deletion from the substance or structure of either the Original Code or any previous Modifications. When Covered Code is released as a series of files, a Modification is: A. Any addition to or deletion from the contents of a file

containing Original Code or previous Modifications. B. Any new file that contains any part of the Original

Code or previous Modifications.

Description of Modifications.

You must cause all Covered Code to which You contribute to contain a file documenting the changes You made to create that Covered Code and the date of any change. You must include a prominent statement that the Modification is derived, directly or indirectly, from Original Code provided by the Initial Developer and including the name of the Initial Developer in (a) the Source Code, and (b) in any notice in an Executable version or related documentation in which You describe the origin or ownership of the Covered Code.


Common Public License or Eclipse Public License

"Contribution" means:

a) in the case of the initial Contributor, the initial code and documentation distributed under this Agreement, and

b) in the case of each subsequent Contributor: i) changes to the Program, and ii) additions to the Program;

where such changes and/or additions to the Program originate from and are distributed by that particular Contributor. A Contribution 'originates' from a Contributor if it was added to the Program by such Contributor itself or anyone acting on such Contributor's behalf. Contributions do not include additions to the Program which: (i) are separate modules of software distributed in conjunction with the Program under their own license agreement, and (ii) are not derivative works of the Program.


The Difference between Eclipse and Common Public License

If Recipient institutes patent litigation against a Contributor with respect to a patent applicable to software (including a cross-claim or counterclaim in a lawsuit), then any patent licenses granted by that Contributor to such Recipient under this Agreement shall terminate as of the date such litigation is filed. In addition, if Recipient institutes patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Program itself (excluding combinations of the Program with other software or hardware) infringes such Recipient's patent(s), then such Recipient's rights granted under Section 2(b) shall terminate as of the date such litigation is filed.


The Artistic License

An early version of this license was the subject of the Jacobsen case. It will be addressed in an upcoming webinar.


The GNU General Public License (GPL)

GPLv2 first published in 1991 (final version of GPLv3 published 6/29/2007)

Key Terms of GPLv2– Right of customers to modify and distribute modification

under GPL– Non-exclusive– Obligation to distribute (can charge, but not pass through

this obligation)– Any “work based on the program” is subject to GPL– Must include source code– Automatic termination


The GNU General Public License: GPLv2

Contains political statements

Scope of “based on” work– Derivative work analysis– Dynamic vs. static linking– Collective work

Disclaimer of all warranties

Disclaimer of liability

Patent license: uncertain (FSF Position: “Implied License”)


Free Software Foundation (FSF) Reasons for GPLv3 Codify “FSF case law” on GPLv2 (e.g., system library exception,

binary distribution methods, additional permissions/restrictions)

Internationalization– Prevent anti-GPL judicial nationalism and country-specific FOSS licenses– Achieve greater uniformity across jurisdictions (country-neutral terminology)

Patents– Desire for explicit patent license grant by GPL commons participants– Greater policing of collusive patent licensing practices by distributors

DRM-related issues– Close GPLv2 loophole: technical restrictions on modification in situ (Tivo)– Protect developers from liability under anti-circumvention law (DMCA, EUCD)

License compatibility– Rationalize existing practices (removable additional permissions, additional

restrictions in permissive licenses)– Solve certain GPLv2 compatibility problems (Apache, Affero)


The GNU GPLv3

Scope defined by “copyright law”, not US copyright law– Applies to any copyrightable works– Applies to hardware

Does not apply to ASP services (see Affero GPL)

Convey vs. propagate

Patents– Direct license for “contributors” (no license for simple distribution)– “Knowing reliance” for upstream license

Make source code available to everyone Deprive of benefit Extend license to all downstream users

– Prohibit Novell/Microsoft Microsoft Like Position = Patent license to all copies of work Novell Like Position = No licenses limiting exercise of rights

under GPLv3


The GNU GPLv3 vs GPLv2 Scope defined by “copyright law”, not US copyright law

– Applies to any copyrightable works– Applies to hardware

Does not apply to ASP services

Convey vs. propagate (contract terms, not copyright terms)

Termination: automatic, but curable

Patents– Direct license for “contributors” (no license for simple distribution)– “Knowing reliance” for upstream license

Make source code available to everyone Deprive of benefit Extend license to all downstream users

– Prohibit Novell/Microsoft Microsoft Like Position = Patent license to all copies of work Novell Like Position = No licenses limiting exercise of rights under

GPLv3


The GNU Library or Lesser General Public License: LGPLv2.1 “Library software” is a collection of software functions and/or data

prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables

“Works based on library” – Either the Library or any derivative work under copyright law – License: GPLv2 terms

“Work that uses the Library” – Designed to work with the Library by being compiled or linked with it – However, linking a "work that uses the Library" with the Library creates an

executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.

– License: Section 6 License object code under any terms you wish Provide for reverse engineering Include Library copyright notices GPLv2 obligations relating to source code of library

“Small Bits” exception to Section 6 (LGPLv2 does not apply)– Numerical parameters– Data structure layouts and accessors– Small macros and small inline functions


The GNU Library or Lesser General Public License: LGPLv3

Addition to GPLv3 which it incorporates GPLv3 “The Library”

– Refers to a covered work governed by this License, other than an Application or a Combined Work as defined below

“Application” – Any work that makes use of an interface provided by the Library, but which is

not otherwise based on the Library. Defining a subclass of a class defined by the Library is deemed a mode of using an interface provided by the Library.

– License: If it includes Library header files: terms of choice but required to give notice of the use of the Library and include copy of LGPLv3 (no requirements if object code includes only numerical parameters, data structure layouts and accessors, or small macros, inline functions and templates (ten or fewer lines in length))

“Combined Work” – Work produced by combining or linking an Application with the Library. The

particular version of the Library with which the Combined Work was made is also called the “Linked Version”.

– License: Terms of choice except need to keep right to modify Library and reverse engineer to permit debugging modifications to Library and give notice of the use of the Library and include copy of LGPLv3 and three options for providing source code of Library (with certain obligations relating to the Application)


The GNU Affero General Public License: AGPLv3

Includes all GPLv3 terms and “Network Use” clause (see below)

Network Use Clause: Shift from “distribution” trigger to “distribution” and “all users who access through a computer network”

The network use clause is set forth below:

Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software. This Corresponding Source shall include the Corresponding Source for any work covered by version 3 of the GNU General Public License that is incorporated pursuant to the following paragraph.


Summary

Open source software is fundamentally changing the economics of development

Making good choices with open source means evaluating the license obligations as well as the code

While there are many open source licenses, these licenses are the most widely used and account for 94% of usage

Software management platforms can automate the collaboration required between lawyers and developers to ensure compliance


Next in the Black Duck Legal Webinar Series: Developing in a Hybrid Open Source-Proprietary World

In this next webinar find out:– What obligations are imposed by open source licenses?– Why should executive management care about compliance with

open source license obligations? – What are the best approaches to managing the risks?– How can developers be given the freedom to get their jobs done,

while controlling risk and ensuring compliance?

Day and time: – Wednesday March 18th at 11:30AM EST, 8:30am PT, 4:30pm GMT

To sign up:http://www.blackducksoftware.com/files/legal-webinar-series.html

top ten open source licenses

Technology

types of open source

osi open source initiative

distribution of license

open source definition

apache license

redistributions of source

additional license

authors source code