Language Selection

English French German Italian Portuguese Spanish

Legal

Licensing: Facebook Responds to Licence Complaints, Cloud Native Open Source License Choices Analysed

Filed under
OSS
Legal
  • Facebook relicenses several projects

    Facebook has announced that the React, Jest, Flow, and Immutable.js projects will be moving to the MIT license. This is, of course, a somewhat delayed reaction to the controversy over the "BSD+patent" license previously applied to those projects.

  • Relicensing React, Jest, Flow, and Immutable.js

    Next week, we are going to relicense our open source projects React, Jest, Flow, and Immutable.js under the MIT license. We're relicensing these projects because React is the foundation of a broad ecosystem of open source software for the web, and we don't want to hold back forward progress for nontechnical reasons.

    This decision comes after several weeks of disappointment and uncertainty for our community. Although we still believe our BSD + Patents license provides some benefits to users of our projects, we acknowledge that we failed to decisively convince this community.

  • Cloud Native Open Source License Choices

    One of the most common questions regarding open source licensing today concerns trajectories. Specifically, what are the current directions of travel both for specific licenses as well as license types more broadly. Or put more simply, what licenses are projects using today, and how is that changing?

    We’ve examined this data several times, most recently in this January look at the state of licensing based on Black Duck’s dataset. That data suggested major growth for permissive licenses, primarily at the expense of reciprocal alternatives. The Apache and MIT licenses, for example, were up 10% and 21% respectively, while the GPL was down 27%. All of this is on a relative share basis, of course: the “drop” doesn’t reflect relicensing of existing projects, but less usage relative to its peers.

    [...]

    One such community with enough of a sample size to be relevant is the one currently forming around the Cloud Native Computing Foundation. Founded in 2015 with the Kubernetes project as its first asset, the Foundation has added eleven more open source projects, all of which are licensed under the same Apache 2 license. But as a successful Foundation is only a part of the broader ecosystem, the real question is what are the licensing preferences of the Cloud Native projects and products outside of the CNCF itself.

    [...]
    Unsurprisingly, perhaps, given the influence of the CNCF itself, Apache strongly outperforms all other licenses, showing far greater relative adoption than it has in more generalized datasets such as the Black Duck survey. Overall in this dataset, approximately 64% of projects are covered by the Apache license. No other project has greater than a 12% share. The only other licenses above 10%, in fact, are the GPL at 12% and MIT at 11%. After that, the other projects are all 5% or less.

A New Era for Free Software Non-Profits

Filed under
OSS
Legal

The US Internal Revenue Service has ushered in a new and much more favorable treatment for free software projects seeking to have 501c3 tax exempt non-profit organizations of their own. After years of suffering from a specially prejudicial environment at IRS, free software projects—particularly new projects starting out and seeking organizational identity and the ability to solicit and receive tax-deductible contributions for the first time—can now do so much more easily, and with confident expectation of fast, favorable review. For lawyers and others counseling free software projects, this is without question “game-changing.”

At SFLC, we have ridden all the ups and downs of the US tax law’s interaction with free software non-profits. When I formed SFLC—which in addition to being a 501c3 tax-deductible organization under US federal tax law is also a non-profit educational corporation under NY State law—in 2005, we acquired our federal 501c3 determination in less than 70 days. Over our first several years of operation, we shepherded several of our clients through the so-called “1023 process,” named after the form on which one applies for 501c3 determination, as well as creating several 501c3-determined “condominium” or “conservancy” arrangements, to allow multiple free software projects to share one tax-deductible legal identity.

But by the middle of the Obama Administration’s first term, our ability to get new 501c3 determinations from the IRS largely ceased. The Service’s Exempt Organizations Division began scrutinizing certain classes of 1023’s particularly closely, forming task forces to centralize review of—and, seemingly, to prevent success of—these classes of application. In our practice on behalf of free software projects seeking legal organization and tax exemption, we began to deal with unremitting Service pushback against our clients’ applications. Sometimes, the determination to refuse our clients’ applications seemed to indicate a fixed political prejudice against their work; more than once we were asked by IRS examiners “What if your software is used by terrorists?”

Read more

Software Patents Versus Free Software (WordPress, MP3 Playback)

Filed under
OSS
Legal
  • On React and WordPress

    Big companies like to bury unpleasant news on Fridays: A few weeks ago, Facebook announced they have decided to dig in on their patent clause addition to the React license, even after Apache had said it’s no longer allowed for Apache.org projects. In their words, removing the patent clause would "increase the amount of time and money we have to spend fighting meritless lawsuits."

    I'm not judging Facebook or saying they're wrong, it's not my place. They have decided it's right for them — it's their work and they can decide to license it however they wish. I appreciate that they've made their intentions going forward clear.

    A few years ago, Automattic used React as the basis for the ground-up rewrite of WordPress.com we called Calypso, I believe it's one of the larger React-based open source projects. As our general counsel wrote, we made the decision that we'd never run into the patent issue. That is still true today as it was then, and overall, we’ve been really happy with React. More recently, the WordPress community started to use React for Gutenberg, the largest core project we've taken on in many years. People's experience with React and the size of the React community — including Calypso — was a factor in trying out React for Gutenberg, and that made React the new de facto standard for WordPress and the tens of thousands of plugins written for WordPress.

    We had a many-thousand word announcement talking about how great React is and how we're officially adopting it for WordPress, and encouraging plugins to do the same. I’ve been sitting on that post, hoping that the patent issue would be resolved in a way we were comfortable passing down to our users.

    That post won't be published, and instead I'm here to say that the Gutenberg team is going to take a step back and rewrite Gutenberg using a different library. It will likely delay Gutenberg at least a few weeks, and may push the release into next year.

  • MP3 Is Dead! Long Live MP3!

    Back in May, there was an unexpected surge in press coverage about the MP3 audio file format. What was most unexpected about it was it all declared that the venerable file format is somehow “dead”. Why did that happen, and what lessons can we learn?

    What had actually happened was the last of the patents on the MP3 file format and encoding process have finally expired. Building on earlier work, it was developed by the Moving Pictures Expert Group (MPEG) built on the doctoral work of an engineer at Fraunhofer Institute in Germany. Many companies held patents on the standard and it was not until April that the last of them expired. There’s no easy way to ascertain whether a patent has expired even after the date one moght expect it, so the wave of news arose from announcements by Fraunhofer Institute.

    Framing this as an “ending” fits the narrative of corporate patent holders well, but does not really reflect the likely consequences. Naturally the patent holding companies would rather everyone “upgrade” to the newer AAC format, which is still encumbered under a mountain of patents necessitating licensing. But for open source software, the end of patent monopilies signals the beginning of new freedoms.

FOSS Licensing News

Filed under
OSS
Legal
  • Public Money? Public Code! 22 Organizations Seek to Improve Public Software Procurement

    Today, 22 organizations are publishing an open letter in which they call for lawmakers to advance legislation requiring publicly financed software developed for the public sector be made available under a Free and Open Source Software license. The initial signatories include CCC, EDRi, Free Software Foundation Europe, KDE, Open Knowledge Foundation Germany, Open Source Business Alliance, Open Source Initiative, The Document Foundation, Wikimedia Germany, as well as several others; they ask individuals and other organization to sign the open letter. The open letter will be sent to candidates for the German Parliament election and, during the coming months, until the 2019 EU parliament elections, to other representatives of the EU and EU member states.

  • Two Open Source Licensing Questions: The AGPL and Facebook
  • How Open Source and Proprietary IP Can Co-Exist [Ed: law firms pushing software patents, not just copyright]

    Open source software imparts a number of benefits, including decreasing product development time, distributing development across a community and attracting developers to your organization. However, some organizations shy away from it due to perceived risks and disadvantages around intellectual property.

    [...]

    That's a situation in which we might open source an implementation and file for a patent at the same time. In scoping the patent and the license terms, the open source community gets access to the software but the patent retains value.

No To “No Hacking” Clauses

Filed under
Legal

Adding any subjective restriction automatically creates doubt for developers, especially if they are corporate employees. They will need at a minimum to stop and ask their manager what the restriction means in their context, and that in turn is likely to be referred to a legal advisor. Even if the answer is “go ahead” the need to ask permission will be enough to chill use and stifle innovation.

The OSD tries to to prevent this and promote the granting of permission in advance to use, improve and share software for any purpose. Permission in advance is responsible for the whole open source phenomenon. So OSI won’t let you add a clause to a license that denies it. No matter how cleverly you word it.

Read more

The supposed decline of copyleft

Filed under
GNU
Legal

Reproducible observations are necessary to the establishment of solid theories in science. Sullivan didn't try to contact Black Duck to get access to the database, because he assumed (rightly, as it turned out) that he would need to "pay for the data under terms that forbid you to share that information with anybody else". So I wrote Black Duck myself to confirm this information. In an email interview, Patrick Carey from Black Duck confirmed its data set is proprietary. He believes, however, that through a "combination of human and automated techniques", Black Duck is "highly confident at the accuracy and completeness of the data in the KnowledgeBase". He did point out, however, that "the way we track the data may not necessarily be optimal for answering the question on license use trend" as "that would entail examination of new open source projects coming into existence each year and the licenses used by them".

In other words, even according to Black Duck, its database may not be useful to establish the conclusions drawn by those articles. Carey did agree with those conclusions intuitively, however, saying that "there seems to be a shift toward Apache and MIT licenses in new projects, though I don't have data to back that up". He suggested that "an effective way to answer the trend question would be to analyze the new projects on GitHub over the last 5-10 years." Carey also suggested that "GitHub has become so dominant over the recent years that just looking at projects on GitHub would give you a reasonable sampling from which to draw conclusions".

Read more

Facebook's React Patents License and OSI

Filed under
OSS
Legal
  • Why Not to Overreact to Facebook's React Patents License

    The reaction to this news is surprising, given the parallel patent licensing model is nothing new. Facebook released its “BSD+Patents” grant in 2013 (with a revision in 2015). But a similar model was used with some fanfare by Google with its WebM codec in 2010. This licensing model involves two parallel and simultaneous grants of rights: a BSD license to the copyright in the software, and a separate grant to practice patents that read on the software. Putting the two together means there are two independent and parallel grants of rights. In this respect, it is quite similar to the Apache 2.0 license which, like BSD, is a permissive license, and which also contains a defensive termination provision that exists alongside the copyright license grant.

    Much of the reaction to Apache Foundation’s announcement has just created confusion, such as this article misleadingly calling it “booby-trapped.” In fact, many open source licenses have defensive termination provisions — which are mostly considered a reasonable mechanism to discourage patent lawsuits, rather than a booby trap. They are also the rule rather than the exception; all major open source licenses with patent grants also have defensive termination provisions — each with slightly different terms. The difference between the Facebook grant, which Apache has rejected, and the Apache 2.0 license, which Apache requires for its projects, is more subtle than the controversy suggests.

    [...]

    Defensive termination provisions of the scope in the Facebook grant are very common in patent licensing, outside of the open source landscape. Most patent licenses terminate if the licensee bring patent claims against the licensor. The reason is that a licensor does not want to be unilaterally “disarmed” in a patent battle. Most patents are only used defensively — asserted when a competitor sues the patent owner. A sues B and then B sues A, resulting in mutually assured destruction. If B has released its software under an open source license without a broad defensive termination provision, B is potentially without recourse, and has paid a high price for its open source code release. A gets to simultaneously free ride on B’s software development and sue B for patent infringement.

    Finally, the Facebook grant itself is not new. The grant was released in 2013, and ReactJS’ popularity has been growing since then. As with many open source licenses, the industry’s willingness to absorb a new license depends on the tastiness of the code released under it. In the case of ReactJS, the code was great, and the patent license terms were new, but reasonable.

  • The Faces of Open Source: Till Jaeger

    Dr. Till Jaeger features in the fifth episode of Shane Martin Coughlan's, "The Faces of Open Source Law." The series was shot during breaks at the FSFE Legal Network 'Legal and Licensing Workshop' in Barcelona during April 2017, and is provided here to promote greater understanding of how the law and open source projects and communities are interacting and evolving.

Violating and Complying With GPL, Grsecurity Bullying, Facebook 'Faking' FOSS With Patent Trap

Filed under
OSS
Legal
  • Making a Wrong into a Right: After Violating GPL and Filing for Bankruptcy, Chinese OEM IUNI Releases Source Code

    There are times in life when making the wrong decisions can have major repercussions in all the spheres that surround you. These repercussions can be so severe that they can literally turn your life upside down and nothing you say or do can change the self-consuming spiral that they set you on. Smartphone company IUNI learned this the hard way, and as a result they’ve finally decided to comply with the GPL.

    This was the case for a relatively small Asian manufacturer called IUNI, which was a small subsidiary company of the much-larger Gionee. As was the case with many Eastern OEMs, IUNI was the proud manufacturer of entry to mid range devices, with phones closely resembling those from Xiaomi, which coincidentally also resembles other manufacturers as well (plagiarism is the ultimate form of flattery after all). The company, unfortunately had a rough start, which ultimately led to its impending doom and eventual demise about a year ago.

  • Grsecurity Vendor Sues Open Source Pioneer Bruce Perens in GPLv2 Disagreement

    One of open source’s guiding lights, Open Source Initiative co-founder Bruce Perens, is being sued by Open Source Security, the company behind the Grsecurity patch management software for the Linux kernel, over a disagreement about the GNU GPLv2 license.

    Open Source Security alleges that Perens made “abusive and false” claims in a blog post that resulted in “substantial harm to Grsecurity’s reputation, goodwill, and future business prospects,” according to a complaint filed at the U.S. District Court, Northern District of California, San Francisco Division.

    Perens’ own attorney Heather Meeker sees the defamation lawsuit as “an attack on the free exchange of ideas in the free software community on matters of public interest.” Open Source Security did not respond to a request for comment.

  • Don’t Over-REACT to the Facebook Patents License

    Recently, Apache re-classified code under Facebook’s “BSD+ Patents” license to “Category X,” effectively banning it from future contributions to Apache Foundation projects. The move has re-ignited controversy over the patent grant, but like many events in the open source community, the controversy is more partisan than practical. In fact, it’s unlikely the move will affect adoption of ReactJS, and the criticisms of the BSD+patent grant mostly don’t survive the scrutiny of reason.

    The Facebook patent grant, officially called the Additional Grant of Patent Rights Version 2, has been in effect for years. It applies to the wildly popular ReactJS code — a Javascript library for rendering user interfaces. The roster of major technology companies using the code is impressive, including such consumer-facing giants as Netflix — and of course, Facebook itself.

Licensing and Development: Patrick McHardy, React's Open Source [sic] Licence, Programming Success

Filed under
Development
Legal
  • Patrick McHardy and copyright profiteering

    Many in the open source community have expressed concern about the activities of Patrick McHardy in enforcing the GNU General Public License (GPL) against Linux distributors. Below are answers to common questions, based on public information related to his activities, and some of the legal principles that underlie open source compliance enforcement.

    Who is Patrick McHardy? McHardy is the former chair of the Netfilter core development team. Netfilter is a utility in the Linux kernel that performs various network functions, such as facilitating Network Address Translation (NAT)—the process of converting an Internet protocol address into another IP address. Controlling network traffic is important to maintain the security of a Linux system.

  • Facebook Refuses to Alter React's Open Source License

    The Apache Foundation recently announced that Facebook's BSD+Patents open source license has been disallowed for inclusion with Apache products. The resulting fallout has caused gnashed teeth and much soul searching for React developers and Facebook has so far refused to reconsider.

  • Users as Co Developers OR The Secret of Programming Success

    And so I inherited popclient. Just as importantly, I inherited popclient’s user base. Users are wonderful things to have, and not just because they demonstrate that you’re serving a need, that you’ve done something right. Properly cultivated, they can become co-developers.

    Another strength of the Unix tradition, one that Linux pushes to a happy extreme, is that a lot of users are hackers too. Because source code is available, they can be effective hackers. This can be tremendously useful for shortening debugging time. Given a bit of encouragement, your users will diagnose problems, suggest fixes, and help improve the code far more quickly than you could unaided.

  • Oracle to open source Java Enterprise Edition (JAVA EE)

    They say that you can never expect a favor from the corporate world without them getting some profit. Oracle seems to be shutting shop on Java Enterprise Edition (Java EE) and has now decided to open source it.  After earning millions from Java EE, now Oracle seems to have realized that it needs to move on.

Facebook won't change React.js license despite Apache developer pain

Filed under
Legal

Facebook's decided to stick with its preferred version of the BSD license despite the Apache Foundation sin-binning it for any future projects.

The Foundation barred use of Facebook's BSD-plus-Patents license in July, placing it in the “Category X” it reserves for “disallowed licenses”.

Facebook's BSD+Patents license earned that black mark because the Foundation felt it “includes a specification of a PATENTS file that passes along risk to downstream consumers of our software imbalanced in favor of the licensor, not the licensee, thereby violating our Apache legal policy of being a universal donor.”

Read more

Syndicate content

More in Tux Machines

Packet radio lives on through open source software

Packet radio is an amateur radio technology from the early 1980s that sends data between computers. Linux has natively supported the packet radio protocol, more formally known as AX.25, since 1993. Despite its age, amateur radio operators continue to use and develop packet radio today. A Linux packet station can be used for mail, chat, and TCP/IP. It also has some unique capabilities, such as tracking the positions of nearby stations or sending short messages via the International Space Station (ISS). Read more

Linux 4.14-rc2

I'm back to my usual Sunday release schedule, and rc2 is out there in all the normal places. This was a fairly usual rc2, with a very quiet beginning of the week, and then most changes came in on Friday afternoon and Saturday (with the last few ones showing up Sunday morning). Normally I tend to dislike how that pushes most of my work into the weekend, but this time I took advantage of it, spending the quiet part of last week diving instead. Anyway, the only unusual thing worth noting here is that the security subsystem pull request that came in during the merge window got rejected due to problems, and so rc2 ends up with most of that security pull having been merged in independent pieces instead. Read more Also: Linux 4.14-rc2 Kernel Released

Manjaro Linux Phasing out i686 (32bit) Support

In a not very surprising move by the Manjaro Linux developers, a blog post was made by Philip, the Lead Developer of the popular distribution based off Arch Linux, On Sept. 23 that reveals that 32-bit support will be phased out. In his announcement, Philip says, “Due to the decreasing popularity of i686 among the developers and the community, we have decided to phase out the support of this architecture. The decision means that v17.0.3 ISO will be the last that allows to install 32 bit Manjaro Linux. September and October will be our deprecation period, during which i686 will be still receiving upgraded packages. Starting from November 2017, packaging will no longer require that from maintainers, effectively making i686 unsupported.” Read more

Korora 26 'Bloat' Fedora-based Linux distro available for download -- now 64-bit only

Fedora is my favorite Linux distribution, but I don't always use it. Sometimes I opt for an operating system that is based on it depending on my needs at the moment. Called "Korora," it adds tweaks, repositories, codecs, and packages that aren't found in the normal Fedora operating system. As a result, Korora deviates from Red Hat's strict FOSS focus -- one of the most endearing things about Fedora. While you can add all of these things to Fedora manually, Korora can save you time by doing the work for you. Read more