www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <wr...@rowe-clan.net>
Subject Re: Third Party FOSS licenses
Date Mon, 03 Aug 2015 19:35:36 GMT
On Mon, Aug 3, 2015 at 12:30 PM, Lawrence Rosen <lrosen@rosenlaw.com> wrote:

> The reasons that there are so many FOSS licenses is mostly because of
> other things (patents, defensive termination, "corresponding source," the
> scale of attribution conditions, warranties, static linking, DRM
> prohibitions) than what Sam is asking about. At least, I think so.
> Sometimes Sam's questions here go wildly into complex, multi-layered
> hypotheticals that can be boiled down to asking about whether companies
> like IBM, Microsoft, Google, Adobe, etc., are free to copy and create
> derivative works of all Apache products even under proprietary licenses.  *The
> answer is always YES as long as the components – including the ALv2
> components – are and remain FOSS.* Nobody is allowed to change that. Read
> our license and our attribution notices and our source code archives.
"as long as"... there you go again.  The origin of the source is and always
remains FOSS, the derivative (be it a fork, an extention, GNU static
linkage of a larger work, etc etc ad nauseam) need not.

Let me give you a concrete and coherent example.  You will disagree, but
that's your privilege as a person.

I have a number of downstream customers who do fix source code.  They
enhance it.  They do not share that source code with their downstream users
(usually employees or customers of their own who are handed a black box
from the development team).  Many of them want to give their changes back

I'm often able to help get such changes back to the ASF, but far from
always.  Issues such as liability, reputation, compartmentalization, even
corporate compliance prevent these employees from exercising their interest
in pushing good changes back upstream, and there are many cases I cannot
help.  In fact I'm sometimes barred by a corporate policy of knowing what
source code changes they may or may not have in place, even as I'm
contracted to help them solve their problem with little visibility into the
specific problem.  I'm even encumbered by my relationships from disclosing
anything much more specific than that in the most complex cases.

If a customer extended their security modules and dropped those on user
workstations, those users, under the terms of the GPL for example, are
suggested that they have a right to see that source code under those
licensing terms. Corporate policy says that source code and internal
corporate knowledge stays behind the curtain, even though they would like
to start from trusted and well validated OSS software.  So that GPL to many
customers is simply unacceptable (and let's not launch into the issues of
EGPL).  Any encumbrance such as DRM clauses or copyleft will never be
acceptable to that subset of our users.

I read your comments, Larry, that all OSS uses of ASF software are fine by
you, and all other such downstream applications of ASF software are
unwanted by you.  I'm sorry we aren't bridging this chasm.  If what you
proposed was that all ASF software could be utilized by users under the AL
and had no additional encumbrances, but you wanted (as suggested in threads
long ago) to combine an external non-AL encumbered work to make something
larger than what ASF software alone can provide, that might be very
welcome.  The ASF producing software that can only be used with additional
encumbrances runs counter to the founding of organization, even as you
advocate for this to change.  Because this is not a legal argument, but a
policy argument, I'm not sure whether legal-discuss is the obvious forum to
change the purpose of the foundation.

View raw message