www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henri Yandell <bay...@apache.org>
Subject Re: Aggregation of software
Date Tue, 02 Jun 2015 06:38:28 GMT
This is basically this JIRA:

    https://issues.apache.org/jira/browse/LEGAL-24

The sad thing is that there's much interest in this question. You can see
Sam leaning towards it. I'm more favourable on the subject than I was in
2008, and I was hardly against it then. Jukka was in favour.

Hen


On Mon, Jun 1, 2015 at 12:04 PM, Lawrence Rosen <lrosen@rosenlaw.com> wrote:

> FYI, I sent the following to the European Legal Network for its internal
> discussions according to the  Chatham House Rule
> <http://www.chathamhouse.org/about/chatham-house-rule>. I'm resending it
> within Apache under CC-BY 4.0.  Every list has its own rules, but as the
> copyright owner I set my own license. :-)  /Larry
>
>
>
> ************* COPY of a long email follows....
>
>
>
> Open source attorneys recognize the long fought battle about whether one
> FOSS program can "infect" another FOSS or proprietary program through
> linking. While the litigation details are still murky, this seems to be a
> main issue in the recent VMware-GPL case
> <http://www.zdnet.com/article/vmware-sued-for-failure-to-comply-with-linuxs-license/>
> in Germany. Someday a court will finally resolve whether one is required to
> change one's own copyright license merely because a GPL program links to
> one's code in some mechanical "API" way. (See also the *Oracle v. Google*
> case for that API copyright issue in the non-FOSS (?) context.)
>
>
>
> This is also directly related to the Open Source Definition
> <http://opensource.org/osd> ["1. Free Redistribution") which states:
>
> *The license shall not restrict any party from selling or giving away the
> software as a component of an aggregate software distribution containing
> programs from several different sources. The license shall not require a
> royalty or other fee for such sale.*
>
> I have always interpreted that provision as a blanket permission for
> "aggregating" FOSS software with any other software. Some companies are
> afraid, however, that they can infect their own software by aggregating it
> with GPL software.
>
>
>
> We will have to let a court finally decide that. Beliefs about copyright
> licenses are hard otherwise to quench and we're all tired of the infernal
> arguments by me and others about that within our community.
>
>
>
> However, this fear of "infection" has crept into other FOSS licenses that
> have no possible interpretation as affecting independently written software
> under different licenses by other authors *no matter how it links!*
> Prime examples of that are the Eclipse (EPL) and Mozilla (MPL) licenses.
>
>
>
> There are many at Apache and elsewhere who confuse the GPL made-up word
> "copyleft" with the contractual requirement for reciprocal licensing of
> derivative works. The EPL and the MPL are not "copyleft" like the GPL but
> merely "reciprocal for derivative works." Fear of infection by that code
> through linking or any other form of aggregation is unjustified.
>
>
>
> This longtime fear and confusion led me to propose a new Apache Third
> Party Licensing Policy that would allow Apache projects to aggregate
> third-party contributions under FOSS licenses such as the EPL and MPL where
> the licensors obviously wanted such aggregations. Since that is a proposed
> policy for ASF, there is no need for me to publish that draft proposal here
> or argue for it now.
>
>
>
> It is important that the larger community understands the issues: ASF
> already sort of allows this aggregation with third party code. See their
> Ramblings <https://www.apache.org/legal/ramblings.html> and their current Third
> Party Policy <http://www.apache.org/legal/resolved.html>.
>
>
>
> This happens through the acceptance of "exceptions" using a Legal-JIRA
> process within Apache. There have been over 200 such JIRAs, many asking
> about "exceptions" to the current policy for optional components,
> components distributed in binary, components that the software will
> download itself when installed, the aggregation with free data and text and
> standards, etc. Usually the results are publicly documented along with the
> Apache software released. As far as I can tell, EPL and MPL components have
> been included as exceptions in some Apache software. That's great!
>
>
>
> More productively (as a result of this online discussion about the ASF
> Third Party License Policy) the SPDX project at the Linux Foundation
> recently offered to help Apache projects adopt the new open source SPDX
> standards. Many attorneys believe that it is essential to the open source
> supply chain that Apache customers know the provenance of components in
> Apache and other FOSS software.
>
>
>
> I've suggested that Apache projects publish a NOTICE file and/or SPDX
> information for each Apache aggregation.
>
>
>
> But there is another difficult legal/policy issue I'm trying to resolve.
> My draft policy that *encourages* the aggregation of third party FOSS
> contributions with Apache projects is being confused by some as an
> invitation to aggregate *infectious* software with Apache software.
>
>
>
> *There is nothing infectious about non-GPL FOSS software.* Apache
> projects and software companies everywhere aggregate such software ALL THE
> TIME without catching any infection. OSD #1 promises that.
>
>
>
> Many of us believe that the GPL itself is not infectious either, but
> apparently it will require a court decision somewhere to determine that.
>
>
>
> A frequent complaint in Apache is that I see this proposed Third Party
> License Policy as a "legal" issue whereas others view it as a "policy"
> issue where the law shouldn't matter. As a policy, they say, Apache prefers
> to *discourage* and avoid the aggregation of non-Apache code in Apache
> projects except where an "exception" is justified by the project in some
> way. They assert  that Apache customers want this reluctant policy from
> ASF, and that Apache customers usually don't want such FOSS multi-licensed
> aggregations from Apache projects.
>
>
>
> I view that discouragement as a loss to the entire FOSS community. All
> FOSS software is meant to be shared. Apache should encourage it and not
> make it exceptional.
>
>
>
> As I said above, technology companies around the world already aggregate
> Apache software with third party software from Eclipse and Mozilla and
> Linux Foundation and elsewhere without fear. I am not aware of any
> substantial commercial software applications in the world that are not
> already aggregations of FOSS software under a variety of licenses. Those
> aggregations (including whatever derivative or independent works those
> engineers create) are distributed by skilled companies in accordance with
> the generous terms of those FOSS licenses.
>
>
>
> For Apache to treat this as a policy to be avoided is contrary to our
> grander public FOSS policy expressed in OSD #1: *FOSS is free and can be
> used and aggregated worldwide.*
>
>
>
> Lawrence Rosen
>
> "If this were legal advice it would have been accompanied by a bill."
>
>
>
> Rosenlaw & Einschlag (www.rosenlaw.com)
>
> 3001 King Ranch Rd., Ukiah, CA 95482
>
> Cell: 707-478-8932
>
> LinkedIn: http://lnkd.in/D9CWhD
>
>
>

Mime
View raw message