Language Selection

English French German Italian Portuguese Spanish

Legal

FRAND Is Not A Compliance Issue

Filed under
OSS
Legal

The European Commission has been persuaded by lobbyists to change its position on standards to permit the use of FRAND license terms for patents applicable to technologies within those standards. This is a massive mistake that will harm innovation by chilling open source community engagement.

Read more

EU jeopardises its own goals in standardisation with FRAND licensing

Filed under
OSS
Legal

On 19 April, the European Commission published a communication on "ICT Standardisation Priorities for the Digital Single Market" (hereinafter 'the Communication'). The Digital Single Market (DSM) strategy intends to digitise industries with several legislative and political initiatives, and the Communication is a part of it covering standardisation. In general, the Free Software Foundation Europe (FSFE) welcomes the Communication's plausible approach for integrating Free Software and Open Standards into standardisation but expresses its concerns about the lack of understanding of necessary prerequisites to pursue that direction.

Read more

Also: A fresh look at the U.S. draft policy on 'federal sourcing'

A perfect marriage: YOU and Ubuntu 16.04

Filed under
GNU
Ubuntu
Legal

Canonical claims it has taken legal advice and that it is allowed to ship OpenZFS with its Linux.

What ever the legal rights and wrongs, Ubuntu's support is clearly aimed primarily at the server use case. ZFS is not an option within the installer. In fact you'll need to install the userland parts of ZFS yourself before you can format disks and get everything working. Still, if you're interested in trying Ubuntu atop ZFS, Canonical has a guide to using ZFS.

Read more

Anti-innovation: EU excludes open source from new tech standards

Filed under
OSS
Legal

It's no surprise that the Commission was trying to keep that particular detail quiet, because FRAND licensing—the acronym stands for "fair, reasonable, and non-discriminatory"—is incompatible with open source, which will therefore find itself excluded from much of the EU's grand new Digital Single Market strategy. That's hardly a "balanced IPR policy."

The problem for open source is that standard licensing can be perfectly fair, reasonable, and non-discriminatory, but would nonetheless be impossible for open source code to implement. Typically, FRAND licensing requires a per-copy payment, but for free software, which can be shared any number of times, there's no way to keep tabs on just how many copies are out there. Even if the per-copy payment is tiny, it's still a licensing requirement that open source code cannot meet.

Read more

FSF on GPL and ZFS

Filed under
GNU
Legal

Is Source Code covered by the PSI Directive?

Filed under
OSS
Legal

Concerning France, the court decision may have a considerable impact, as the source code of any software produced by or for the various national or local administrations becomes legally “libre” or open source under no or very permissive conditions. Therefore the interest to clarify the applicable licence: when communicating it, relevant administration should then apply the EUPL or the French CeCILL, according to the 12 September 2012 prime minister Ayrault circular.

Read more

Free 'law for Linux developers' class opens its virtual doors

Filed under
OSS
Legal

No one becomes a programmer to become an intellectual property (IP) expert. But, in today's lawsuit-happy world, with patent trolls ready to attack and licensing becoming increasingly complicated, developers needs to know some IP law.

So, at the Linux Foundation Collaboration Summit, Jim Zemlin, the Linux Foundation's executive director announced the availability of Open Source Compliance Basics for Developers (LFC291), This free course is designed to provide software developers with the basic knowledge about legal and licensing issues they need for building and using open-source software.

Read more

BMW complies with GPL by handing over i3 car code

Filed under
GNU
Legal

BMW has sent Terence Eden a DVD containing GPL-licenced code used in its electric i3 model .

Why should you care? Because Oxford resident Eden last month inadvertently caused something of a global stir when he pondered the quality of the i3's software and the security of BMW's update mechanisms. Along the way he noticed that the i3's on-board “About” screen mentioned it uses some GPL-licenced code and idly wondered if the auto-maker complies with the licence.

Read more

Also: All’s Well That Ends Well With The GPL

Friday Free Software Directory IRC meetup: April 1st (not a joke)

Are you legally open source compliant?

Filed under
OSS
Legal

Meeting legal requirements is one of the key elements that large software companies factor in to their release cycles. They have teams that check for software patents that may impact their code, make sure that every copyright is acknowledged and look at the detailed usage clauses in any third-party software that they use.

One of the reasons for doing this is to avoid expensive litigation from companies often referred to as patent trolls. These are companies that have purchased large software patent libraries. Their business model is to then use those libraries to bring lawsuits against developers and over the last decade we’ve seen a number of high profile lawsuits against companies such as IBM, Microsoft, Google and others. Some of these have been dismissed by the courts but others have been upheld costing hundreds of millions of dollars in both fines and costs.

While open source developers might think that they are immune from this type of issue they are not. It may be that a piece of software that has been released as open source is later alleged to have infringed a software patent. This would mean that anyone using that software could be found guilty of an infringement.

To help reduce the impact of patent claims Google, IBM, Red Hat, SUSE, NEC, Philips and Sony created the Open Innovation Network. The goal was to create a pool of defensive patents that could be used to protect Linux and developers using Linux. This has been successful with over 1946 companies signing up to the OIN to use their patents to defend themselves from attack.

Read more

Syndicate content

More in Tux Machines

Security Leftovers

  • Linux Foundation launches badge program to boost open source security
    The Linux Foundation has released the first round of CII Best Practices badges as part of a program designed to improve the quality and security of open-source software. Announced on Tuesday, the non-profit said the Core Infrastructure Initiative (CII), a project which brings tech firms, developers and stakeholders together to create best practice specifications and improve the security of critical open-source projects, has now entered a new stage with the issue of CII badges to a select number of open-source software.
  • Free Badge Program Signals What Open Source Projects Meet Criteria for Security, Quality and Stability
  • How to Conduct Internal Penetration Testing
    The best way to establish how vulnerable your network is to a hacker attack is to subject it to a penetration test carried out by outside experts. (You must get a qualified third party to help with penetration testing, of course, and eSecurity Planet recently published an article on finding the right penetration testing company.)
  • SSH for Fun and Profit
    In May last year, a new attack on the Diffie Hellman algorithm was released, called Logjam. At the time, I was working on a security team, so it was our responsiblity to check that none of our servers would be affected. We ran through our TLS config and decided it was safe, but also needed to check that our SSH config was too. That confused me – where in SSH is Diffie Hellman? In fact, come to think of it, how does SSH work at all? As a fun side project, I decided to answer that question by writing a very basic SSH client of my own.

Open Data in Europe

  • Helsinki to enhance open democracy technologies through a hackathon
    The International Open Data Day brings together citizens and developers in major cities around the world to develop tools and applications based on Open Data. In 2016, Open Data Day took place on the 5-6 March.
  • Dutch government organisations not ready for open data requests
    Dutch government organisations are generally unable to process requests under the new 'Law for re-use of government information' in a timely and correct manner. According to inventories made by the Open State Foundation and Open Archives, government at all levels took months to decide on the requests, had problems providing the information in an open and machine-readable format, and failed to forward requests that should be handled by other organisations.
  • Hungarian Post charging high costs to frustrate right to public information
    The issue was brought before Péterfalvi Attila, President of the National Authority for Data Protection and Freedom of Information, by Tóth Bertalan, Deputy Faction Leader for the Hungarian Socialist Party (MSZP). Tóth argued that citizens are restricted in exercising their right of access to public information if an agency asks that much money for its data.

No Ubuntu Back Doors, Windows and Mac Migrations

Today in Linux news Microsoft's market share has dipped below 90% and Mac is disappearing from Linux conventions. Ubuntu founder Mark Shuttleworth said in an interview today that security and encryption are a commitment of Ubuntu's. Jesse Smith reviewed the latest version of Ubuntu and OMG!Ubuntu! shared some glimpses of Ubuntu in the wild. Bryan Lunduke listed 12 "Linux geeks" all users should follow on social media and Sandra Gittlen highlighted six colleges that "immerse students in Open Source." Read more

pfSense 2.3 Open-Source BSD Firewall Gets Patch That Fixes NTP Security Issues

pfSense developer Chris Buechler announced the availability of a small update for the stable pfSense 2.3 open-source firewall platform based on the FreeBSD operating system. Introduced as pfSense 2.3 Update 1, this is a small patch that only fixes the recently discovered security issues in the Network Time Protocol (NTP) packages, upgrading them from version 4.2.8p6 to 4.2.8p7, and it shouldn't be confused with pfSense 2.3.1, which will be released in the coming weeks as the first maintenance build. Read more