Language Selection

English French German Italian Portuguese Spanish

Legal

FOSS Licensing: Good Compliance Practices and "Do I Have to Use a Free/Open Source License?"

Filed under
OSS
Legal
  • Good Compliance Practices Are Good Engineering Practices

    Companies across all industries use, participate in, and contribute to open source projects, and open source compliance is an integral part of the use and development of any open source software. It’s particularly important to get compliance right when your company is considering a merger or acquisition. The key, according to Ibrahim Haddad, is knowing what’s in your code, right down to the exact versions of the open source components.

  • Do I Have to Use a Free/Open Source License?

    That, as we all probably already know, is not the case. The only licenses that can be called "open source" are those that are reviewed and approved as such by the Open Source Initiative (aka OSI). Its list of OSI-Approved licenses allows developers to choose and apply a license without having to hire a lawyer. It also means that companies no longer need to have their own lawyers review every single license in every piece of software they use. Can you imagine how expensive it would be if every company needed to do this? Aside from the legal costs, the duplication of effort alone would lead to millions of dollars in lost productivity. While the OSI's other outreach and advocacy efforts are important, there's no doubt that its license approval process is a service that provides an outsized amount of value for developers and companies alike.

Microsoft Openwashing and Revisionism

Filed under
GNU
Microsoft
Legal
  • Microsoft joins effort to cure open source license noncompliance [Ed: Pushing Microsoft lies under the false pretenses that Microsoft plays along with the GPL (it violates, smears and undermines it)]
  • Microsoft joins group working to 'cure' open-source licensing issues [Ed: Mary Jo Foley uses this initiative to whitewash Microsoft after it repeatedly violated the GPL and attacked it publicly, behind the scenes etc. And watch the image she uses: a lie.]

    It's kind of amazing that just over a decade ago, Microsoft was threatening Linux vendors by claiming free and open-source software infringed on 235 of Microsoft's patents. In 2007, Microsoft was very openly and publicly anti-GPLv3, claiming it was an attempt "to tear down the bridge between proprietary and open source technology that Microsoft has worked to build with the industry and customers."

  • Today's channel rundown - 19 March 2018

    The six have committed to extending additional rights "to cure open source license noncompliance".

    The announcement was made by Red Hat, which says the move will lead to greater cooperation with distributors of open source software to correct errors.

    In a statement, Red Hat referenced widely used open source software licenses, GNU General Public License (GPL) and GNU Lesser General Public License, which cover software projects including the Linux kernel.

    GPL version 3 offers distributors of the code an opportunity to correct errors and mistakes in license compliance.

  • Tails Security Update, Companies Team Up to Cure Open Source License Noncompliance, LG Expanding webOS and More

    According to a Red Hat press release this morning: "six additional companies have joined efforts to promote greater predictability in open source licensing. These marquee technology companies—CA Technologies, Cisco, HPE, Microsoft, SAP, and SUSE—have committed to extending additional rights to cure open source license noncompliance. This will lead to greater cooperation with distributors of open source software to correct errors and increased participation in open source software development."

What legal remedies exist for breach of GPL software?

Filed under
Legal

Last April, a federal court in California handed down a decision in Artifex Software, Inc. v. Hancom, Inc., 2017 WL 1477373 (N.D. Cal. 2017), adding a new perspective to the forms of remedies available for breach of the General Public License (GPL). Sadly, this case reignited the decades-old license/contract debate due to some misinterpretations under which the court ruled the GPL to be a contract. Before looking at the remedy developments, it’s worth reviewing why the license debate even exists.

Read more

CLA vs. DCO: What's the difference?

Filed under
Legal

In your open source adventures, you may have heard the acronyms CLA and DCO, and you may have said "LOL WTF BBQ?!?" These letters stand for Contributor License Agreement and Developer Certificate of Origin, respectively. Both have a similar intent: To say that the contributor is allowed to make the contribution and that the project has the right to distribute it under its license. With some significant projects moving from CLAs to DCOs (like Chef in late 2016 and GitLab in late 2017), the matter has received more attention lately.

So what are they? The Contributor License Agreement is the older of the two mechanisms and is often used by projects with large institutional backing (either corporate or nonprofit). Unlike software licenses, CLAs are not standardized. CLAs can vary from project to project. In some cases, they simply assert that you're submitting work that you're authorized to submit, and you permit the project to use it. Other CLAs (for example the Apache Software Foundation's) may grant copyright and/or patent licenses.

Read more

​Linux beats legal threat from one of its own developers

Filed under
Linux
Legal

In a German court earlier this week, former Linux developer Patrick McHardy gave up on his Gnu General Public License version 2 (GPLv2) violation case against Geniatech Europe GmbH. Now, you may ask, "How can a Linux programmer dropping a case against a company that violates the GPL count as a win?"

It's complicated.

First, anyone who knows the least thing about Linux's legal infrastructure knows its licensed under the GPLv2. Many don't know that anyone who has copyrighted code in the Linux kernel can take action against companies that violate the GPLv2. Usually, that's a non-issue.

People who find violations typically turn to organizations such as the Free Software Foundation, Software Freedom Conservancy (SFC), and the Software Freedom Law Center (SFLC) to approach violators. These organizations then try to convince violating companies to mend their ways and honor their GPLv2 legal requirements. Only as a last resort do they take companies to court to force them into compliance with the GPLv2.

Read more

Black Duck Still FUDing, Licenses and Contracts Debate at FOSDEM

Filed under
Legal
  • Building Open Source Security into DevOps [Ed: The Microsoft-connected liars from Black Duck are still at it]
  • Licenses and contracts

    Some days it seems that wherever two or more free-software enthusiasts gather together, there also shall be licensing discussions. One such, which can get quite heated, is the question of whether a given free-software license is a license, or whether it is really a contract. This distinction is important, because most legal systems treat the two differently. I know from personal experience that that discussion can go on, unresolved, for long periods, but it had not previously occurred to me to wonder whether this might be due to the answer being different in different jurisdictions. Fortunately, it has occurred to some lawyers to wonder just that, and three of them came together at FOSDEM 2018 to present their conclusions.

    The talk was given by Pamela Chestek of Chestek Legal, Andrew Katz of Moorcrofts, and Michaela MacDonald of Queen Mary University of London. Chestek focused on the US legal system, Katz on that of England and Wales, while MacDonald focused on the civil law tradition that is characteristic of many EU member states. The four licenses they chose to consider were the "Modified" or "three-clause" BSD, the Apache License, the GNU General Public License (their presentation was not specific to GPLv3, but the passage they quoted to make a point was from GPLv3), and the Fair License. The first three are among the most common free-software licenses currently in use. The latter is the shortest license the Open Source Initiative has ever approved, and though it is used by hardly any free software, it was included as an example of the maximum possible simplicity in a license.

Top 10 open source legal stories that shook 2017

Filed under
OSS
Legal

Like every year, legal issues were a hot topic in the open source world in 2017. While we're deep into the first quarter of the year, it's still worthwhile to look back at the top legal news in open source last year.

Read more

How to make sense of the Apache 2 patent license

Filed under
Red Hat
OSS
Legal

In essence, when a software developer contributes code to a project (i.e., the Work under the license), he or she becomes a Contributor. Under the above term, Contributors are granting permission to use any of their patents that may read on their contribution. This provides peace of mind to users since the Contributor would likely be prevented from pursuing patent royalties from any users of the software covering that contribution to the project.

Complexities arise when the software developer contributes code that is not claimed by any of the Contributor's patents by itself, but only when combined with the Apache 2.0 licensed open source program to which the contribution was made (i.e., the Work under the license). Thus, the Contributor owning such a patent could pursue patent royalties against a user of that revised Work. The authors of the Apache 2.0 license were forward thinking and account for this scenario. Section 3 states that the license applies to "patent claims licensable by such Contributor that are necessarily infringed... by a combination of their Contribution(s) with the Work to which such Contributions was submitted."

Read more

Bruce Perens Suffers for Copyleft Defense, Microsoft Still Openwashing

Filed under
Legal

Free Electrons becomes Bootlin (After Trademark Bullying/Trolling by FREE SAS)

Filed under
Linux
Legal

The services we offer are different, we target a different audience (professionals instead of individuals), and most of our communication efforts are in English, to reach an international audience. Therefore Michael Opdenacker and Free Electrons’ management believe that there is no risk of confusion between Free Electrons and FREE SAS. However, FREE SAS has filed in excess of 100 oppositions and District Court actions against trademarks or name containing “free”. In view of the resources needed to fight this case, Free Electrons has decided to change name without waiting for the decision of the District Court. This will allow us to stay focused on our projects rather than exhausting ourselves fighting a long legal battle.

[...]

Nothing else changes in the company. We are the same engineers, the same Linux kernel contributors and maintainers (now 6 of us have their names in the Linux MAINTAINERS file), with the same technical skills and appetite for new technical challenges.

More than ever, we remain united by the passion we all share in the company since the beginning: working with hardware and low-level software, working together with the free software community, and sharing the experience with others so that they can at least get the best of what the community offers and hopefully one day become active contributors too. “Get the best of the community” is effectively one of our slogans.

Read more

Syndicate content

More in Tux Machines

Programming/Development: uTidylib, From Python to Rust, Programming Experiences and Go Tips

  • uTidylib 0.4
    Two years ago, I've taken over uTidylib maintainership. Two years has passed without any bigger contribution, but today there is a new version with support for recent html-tidy and Python 3.
  • Rewrote summain from Python to Rust
    I've been learning Rust lately. As part of that, I rewrote my summain program from Python to Rust (see summainrs). It's not quite a 1:1 rewrite: the Python version outputs RFC822-style records, the Rust one uses YAML. The Rust version is my first attempt at using multithreading, something I never added to the Python version.
  • Which programming language for work? For the weekend?
    Our writer community grows each month as new, interesting folks write for us and join in on the fun of sharing their expertise and experiences in open source technology. So, it's no surprise that they are brimming with fascinating information. It's just asking the right question to release it. Recently, I asked: What programming languages do you use at work, and which ones do you use on the weekend?
  • Go command and packages cheat sheet
    Of the many things the go executable can do, most people know only go run and go build. And, of the many packages in the standard Go library, most people know only the fmt package. This cheat sheet will list many uses of the go executable and the most important packages in the Go standard library.

IPFire 2.21 - Core Update 124 released

This is the official release announcement for IPFire 2.21 – Core Update 124. It brings new features and immensely improves security and performance of the whole system. Read more

Mozilla: Featured Extensions Advisory Board, Extended Mind, Firefox Deprecating TLS 1.0 and TLS 1.1 Support, Google's Lies, Mozilla Reps

  • Apply to Join the Featured Extensions Advisory Board
    Do you love extensions? Do you have a keen sense of what makes a great extension? Want to help users discover extensions that will improve how they experience the web? If so, please consider applying to join our Featured Extensions Community Board! Board members nominate and select new featured extensions each month to help millions of users find top-quality extensions to customize their Firefox browsers. Click here to learn more about the duties of the Featured Extension Advisory Board. The current board is currently wrapping up their six-month tour of duty and we are now assembling a new board of talented contributors for the months January – June, 2019. Extension developers, designers, advocates, and fans are all invited to apply to join the board. Priority will be given to applicants who have not served on the board before, followed by those from previous boards, and finally from the outgoing board.
  • Mozilla VR Blog: How XR Environments Shape User Behavior
    In previous research, The Extended Mind has documented how a 3D space automatically signals to people the rules of behavior. One of the key findings of that research is that when there is synchrony in the design of a space, it helps communicate behavioral norms to visitors. That means that when there is complementarity among content, affordances, and avatars, it helps people learn how to act. One example would be creating a gym environment (content), with weights (affordances), but only letting avatars dress in tuxedos and evening gowns. The contraction of people’s appearances could demotivate weight-lifting (the desired behavior). This article shares learnings from the Hubs by Mozilla user research on how the different locations that they visited impacted participant’s behavior. Briefly, the researchers observed five pairs of participants in multiple 3D environments and watched as they navigated new ways of interacting with one another. In this particular study, participants visited a medieval fantasy world, a meeting room, an atrium, and a rooftop bunker.
  • Removing Old Versions of TLS
    In March of 2020, Firefox will disable support for TLS 1.0 and TLS 1.1. On the Internet, 20 years is an eternity. TLS 1.0 will be 20 years old in January 2019. In that time, TLS has protected billions – and probably trillions – of connections from eavesdropping and attack. In that time, we have collectively learned a lot about what it takes to design and build a security protocol. Though we are not aware of specific problems with TLS 1.0 that require immediate action, several aspects of the design are neither as strong or as robust as we would like given the nature of the Internet today. Most importantly, TLS 1.0 does not support modern cryptographic algorithms.
  • Wladimir Palant: So Google is now claiming: "no one (including Google) can access your data"
    A few days ago Google announced ensuring privacy for your Android data backups. The essence is that your lockscreen PIN/pattern/passcode is used to encrypt your data and nobody should be able to decrypt it without knowing that passcode. Hey, that’s including Google themselves! Sounds good? Past experience indicates that such claims should not always be taken at face value. And in fact, this story raises some red flags for me. The trouble is, whatever you use on your phone’s lockscreen is likely not very secure. It doesn’t have to be, because the phone will lock up after a bunch of failed attempts. So everybody goes with a passcode that is easy to type but probably not too hard to guess. Can you derive an encryption key from that passcode? Sure! Will this encryption be unbreakable? Most definitely not. With passwords being that simple, anybody getting their hands on encrypted data will be able to guess the password and decrypt the data within a very short time. That will even be the case for a well-chosen key derivation algorithm (and we don’t know yet which algorithm Google chose to use here).
  • Rabimba: Voting impartially for fun and profit a.k.a Mozilla Reps Council Voting
    I am part of a program called Mozilla Reps. Though I am involved as a volunteer contributor with Mozilla for quite some time now, I am relatively new to the Mozilla Reps program and hardly know anything about the program apart from my scope of work in it. Apparently, this is the Election time for voting the nominated candidates for the Council who will spearhead the program for the next session. Since I am new to the program reading about everyone's election campaign and hearing about what they will do for the program was not giving me any clear motivation to vote for anyone specific. Though this wasn't anything super important, I still thought since I have a bit of time in my hand why not do something interesting about it.

Xfce Screensaver 0.1.0 Released

  • Xfce Screensaver 0.1.0 Released
    I am pleased to announce the release of Xfce Screensaver (xfce4-screensaver) 0.1.0! This is an early release targeted to testers and translators. Bugs and patches welcome!
  • Xfce4-Screensaver Has Its First Release - Fork Of MATE Screensaver, Forked From GNOME
    As a new alternative over XScreenSaver or using other desktop environments' screensaver functionality, xfce4-screensaver has out its first release albeit of alpha quality. The xfce4-screensaver project made its preliminary (v0.1.0) release today that is described of alpha quality intended for testers and translators. This new screensaver option for Xfce users is forked from the MATE Screensaver code, which in turn was forked from the GNOME Screensaver.