www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lawrence Rosen" <lro...@rosenlaw.com>
Subject Aggregation of software
Date Mon, 01 Jun 2015 19:04:23 GMT
FYI, I sent the following to the European Legal Network for its internal
discussions according to the  Chatham House Rule
<http://www.chathamhouse.org/about/chatham-house-rule> . I'm resending it
within Apache under CC-BY 4.0.  Every list has its own rules, but as the
copyright owner I set my own license. :-)  /Larry


************* COPY of a long email follows....


Open source attorneys recognize the long fought battle about whether one
FOSS program can "infect" another FOSS or proprietary program through
linking. While the litigation details are still murky, this seems to be a
main issue in the recent VMware-GPL case
license/>  in Germany. Someday a court will finally resolve whether one is
required to change one's own copyright license merely because a GPL program
links to one's code in some mechanical "API" way. (See also the Oracle v.
Google case for that API copyright issue in the non-FOSS (?) context.)


This is also directly related to the Open Source Definition
<http://opensource.org/osd>  ["1. Free Redistribution") which states: 

The license shall not restrict any party from selling or giving away the
software as a component of an aggregate software distribution containing
programs from several different sources. The license shall not require a
royalty or other fee for such sale.

I have always interpreted that provision as a blanket permission for
"aggregating" FOSS software with any other software. Some companies are
afraid, however, that they can infect their own software by aggregating it
with GPL software. 


We will have to let a court finally decide that. Beliefs about copyright
licenses are hard otherwise to quench and we're all tired of the infernal
arguments by me and others about that within our community.


However, this fear of "infection" has crept into other FOSS licenses that
have no possible interpretation as affecting independently written software
under different licenses by other authors no matter how it links!  Prime
examples of that are the Eclipse (EPL) and Mozilla (MPL) licenses. 


There are many at Apache and elsewhere who confuse the GPL made-up word
"copyleft" with the contractual requirement for reciprocal licensing of
derivative works. The EPL and the MPL are not "copyleft" like the GPL but
merely "reciprocal for derivative works." Fear of infection by that code
through linking or any other form of aggregation is unjustified. 


This longtime fear and confusion led me to propose a new Apache Third Party
Licensing Policy that would allow Apache projects to aggregate third-party
contributions under FOSS licenses such as the EPL and MPL where the
licensors obviously wanted such aggregations. Since that is a proposed
policy for ASF, there is no need for me to publish that draft proposal here
or argue for it now.


It is important that the larger community understands the issues: ASF
already sort of allows this aggregation with third party code. See their
Ramblings <https://www.apache.org/legal/ramblings.html>  and their current
Third Party Policy <http://www.apache.org/legal/resolved.html> . 


This happens through the acceptance of "exceptions" using a Legal-JIRA
process within Apache. There have been over 200 such JIRAs, many asking
about "exceptions" to the current policy for optional components, components
distributed in binary, components that the software will download itself
when installed, the aggregation with free data and text and standards, etc.
Usually the results are publicly documented along with the Apache software
released. As far as I can tell, EPL and MPL components have been included as
exceptions in some Apache software. That's great!


More productively (as a result of this online discussion about the ASF Third
Party License Policy) the SPDX project at the Linux Foundation recently
offered to help Apache projects adopt the new open source SPDX standards.
Many attorneys believe that it is essential to the open source supply chain
that Apache customers know the provenance of components in Apache and other
FOSS software.


I've suggested that Apache projects publish a NOTICE file and/or SPDX
information for each Apache aggregation. 


But there is another difficult legal/policy issue I'm trying to resolve. My
draft policy that encourages the aggregation of third party FOSS
contributions with Apache projects is being confused by some as an
invitation to aggregate infectious software with Apache software. 


There is nothing infectious about non-GPL FOSS software. Apache projects and
software companies everywhere aggregate such software ALL THE TIME without
catching any infection. OSD #1 promises that.


Many of us believe that the GPL itself is not infectious either, but
apparently it will require a court decision somewhere to determine that.


A frequent complaint in Apache is that I see this proposed Third Party
License Policy as a "legal" issue whereas others view it as a "policy" issue
where the law shouldn't matter. As a policy, they say, Apache prefers to
discourage and avoid the aggregation of non-Apache code in Apache projects
except where an "exception" is justified by the project in some way. They
assert  that Apache customers want this reluctant policy from ASF, and that
Apache customers usually don't want such FOSS multi-licensed aggregations
from Apache projects.


I view that discouragement as a loss to the entire FOSS community. All FOSS
software is meant to be shared. Apache should encourage it and not make it


As I said above, technology companies around the world already aggregate
Apache software with third party software from Eclipse and Mozilla and Linux
Foundation and elsewhere without fear. I am not aware of any substantial
commercial software applications in the world that are not already
aggregations of FOSS software under a variety of licenses. Those
aggregations (including whatever derivative or independent works those
engineers create) are distributed by skilled companies in accordance with
the generous terms of those FOSS licenses. 


For Apache to treat this as a policy to be avoided is contrary to our
grander public FOSS policy expressed in OSD #1: FOSS is free and can be used
and aggregated worldwide. 


Lawrence Rosen

"If this were legal advice it would have been accompanied by a bill."


Rosenlaw & Einschlag (www.rosenlaw.com <http://www.rosenlaw.com/> ) 

3001 King Ranch Rd., Ukiah, CA 95482

Cell: 707-478-8932 

LinkedIn: http://lnkd.in/D9CWhD 


View raw message