Language Selection

English French German Italian Portuguese Spanish

Legal

Mixing Free/Open Source Licenses and Changes at Mir

Filed under
OSS
Legal
  • A Realistic Approach to Mixing Open Source Licenses

    At the upcoming Open Source Summit in Los Angeles, Lars Kurth, director of Open Source Solutions at Citrix and chair of the Advisory Board of the Xen Project at The Linux Foundation, will be delivering a wealth of practical advice in two conference talks.

    The first talk is “Mixed License FOSS Projects: Unintended Consequences, Worked Examples, Best Practices” and the second talk is “Live Patching, Virtual Machine Introspection and Vulnerability Management: A Primer and Practical Guide.”

    Here, Kurth explains more about what he will be covering in these presentations.

  • Mir Relicensed To GPLv2 Or GPLv3

    While we await the Mir 1.0 release with its new target of supporting Wayland clients directly, we noticed there was a re-licensing change this week for the Mir code-base.

    Previously the Mir code was licensed under the GPLv3 for the Mir server and LGPLv3 for the client code. The license has now been updated to reflect GPLv2 or GPLv3 for the Mir server code and LGPLv2 or LGPLv3 for the Mir client code.

Man jailed for role in spreading Linux malware

Filed under
Linux
Legal

A man who helped spread malware that exploited the OpenSSH software to steal login credentials has been jailed for 46 months and will be deported after serving his term.

Read more

Marcus Hutchins and Bruce Perens Sued

Filed under
Security
Legal
  • Slayer of WCry worm charged with creating unrelated banking malware

    Marcus Hutchins, the 23-year-old security professional who accidentally stopped the spread of the virulent WCry ransomware worm in May, has been named in a federal indictment that alleges he was part of a conspiracy that created and distributed a piece of unrelated malware that steals banking credentials from unsuspecting computer users.

    According to the eight-page indictment, the conspiracy involved Hutchins and two other individuals whose names still have not been made public. After Hutchins allegedly created the banking trojan dubbed "Kronos," a video circulated in July 2014 on a publicly available website that demonstrated how the malware worked. A month later, one of the unnamed co-conspirators put the malware up for sale at a price of $3,000. Hutchins and one of the co-conspirators allegedly updated Kronos around February 2015.

  • Linux kernel hardeners Grsecurity sue open source's Bruce Perens

    "As a customer, it’s my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog.

    The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may helped him draft that post, for defamation and business interference.

    [...]

    Linus Torvalds, who oversees the Linux kernel, has called Grsecurity's patches "garbage."

    Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code – a right under the GPLv2 license – will no longer be customers and will lose the right to distribute subsequent versions of the software.

Simon Phipps on Public Domain and Facebook’s React Licence

Filed under
OSS
Legal
  • Public Domain Is Not Open Source

    Open Source and Public Domain are frequently confused. Here’s why it’s a mistake to treat the two terms as synonyms.

    Plenty of people assume that public domain software must be open source. While it may be free software within your specific context, it is incorrect to treat public domain software as open source or indeed as globally free software. That’s not a legal opinion (I’m not a lawyer so only entitled to layman’s opinions) but rather an observation that an open source user or developer cannot safely include public domain source code in a project.

  • 5 Reasons Facebook’s React License Was A Mistake

    In July 2017, the Apache Software Foundation effectively banned the license combination Facebook has been applying to all the projects it has been releasing as open source. They are using the 3-clause BSD license (BSD-3), a widely-used OSI-approved non-reciprocal license, combined with a broad, non-reciprocal patent grant but with equally broad termination rules to frustrate aggressors.

    The combination represents a new open source license, which I’ve termed the “Facebook BSD Plus Patent License” (FB+PL), and to my eyes it bears the hallmarks of an attempt to be compatible with both the GPL v2 and the Apache License v2 at the same time, in circumvention of the alleged imcompatibility of those licenses.

If you were on a desert island, which license would you take with you?

Filed under
OSS
Legal

If I were on a desert island, I probably would not need a license, but let's say I did. I'd stuff the MIT license in one pocket, put the GPLv3 in my backpack, and find a place to tuck the Apache license.

Read more

Apache discontinues use of Facebook code libraries

Filed under
OSS
Legal
  • Apache discontinues use of Facebook code libraries

    San Francisco, July 18 (IANS) US-based open-source community Apache Foundation has said it will not use Facebook’s ‘BSD-licensed’ code for any of its new software projects for legal reasons.

    The foundation banned the use of libraries, frameworks and tools covered by Facebook’s open-source ‘BSD-plus-Patents’ license in any new projects, The Register reported on Tuesday.

    “No new project, sub-project or codebase, which has not used Facebook’s ‘BSD-plus-Patents’ licensed jars are allowed to use them,” Chris Mattmann, Legal Affairs Director, Apache Foundation, was quoted as saying.

  • Apache says 'no' to Facebook code libraries

    The Apache Foundation has declared that none of its new software projects can include Facebook's booby-trapped BSD-licensed code.

    The foundation's legal affairs director, Chris Mattmann, said over the weekend that libraries, frameworks and tools covered by Facebook's open-source-ish BSD-plus-Patents license should not be absorbed into any new projects.

    "No new project, sub-project or codebase, which has not used Facebook BSD+Patents licensed jars (or similar), are allowed to use them," Mattmann wrote. "In other words, if you haven't been using them, you aren't allowed to start. It is Cat‑X."

  • Apache Bans Facebook’s License Combo

Why OSI License Approval Matters

Filed under
OSS
Legal

Does it really matter if a copyright license is OSI Approved or not? Surely if it looks like it meets the benchmark that’s all that matters? I think that’s the wrong answer, and that OSI license approval is the crucial innovation that’s driven the open source revolution.

“Open Source” describes a subset of free software that is made available under a copyright license approved by the Open Source Initiative as conforming with the Open Source Definition. Having a standards body for licenses — one which ratifies the consensus of an open community of license reviewers — saves individuals from needing to each seek out a legal advisor to tell them whether a given license does in fact give them the rights they need to build or deploy the software they want. By providing easy certainty, open source gives people permission in advance to meet their own needs and innovate with technology.

Read more

Defending GPL, Bashing GPL

Filed under
GNU
OSS
BSD
Legal
  • Permissive and Copyleft Are Not Antonyms

    Using the term “permissive” as an antonym to “copyleft” – or “restrictive” as its synonym – are unhelpful framing. Describe license reciprocity instead.

    Some open source licenses implement a clever hack invented by Richard Stallman where, as a condition of the copyright license, anyone creating derived versions has to agree they will license the new version the same way as the original. In a play on words, this concept is called “copyleft” and many open source licenses implement this hack.

    In its strongest form, the “copyleft” idea can place a condition on the licensing of all the other code compiled together to make the eventual binary executable program. Complying with this requirement can prevent use of business models that deny software freedom to the end user; as a consequence, many commercial software developers avoid the strongest forms of copyleft licensing.

    There are less stringent forms of copyleft. Licenses like the MPL (Mozilla Public License) only require individual files that are modified to be licensed under the same license as the original and don’t extend that requirement to other files used to build the executable. The Eclipse Public License (EPL) has a copyleft provision that’s triggered by distribution of the source code. These scope-restricted variants are all described as “weak copyleft.”

    In discussing these licensing approaches with clients, I’ve often found that these terms “strong copyleft” and “weak copyleft” lead to misunderstandings. In particular, developers can incorrectly apply the compliance steps applicable to one “weak” license to code under another license, believing that all such licenses are the same. As a consequence, I prefer to use different terms.

  • Should the Fair License Replace the GPL?

    Read the full license, and if you find yourself thinking, “That sounds impossible to enforce,” you aren’t alone. To me, the Fair Source License looks like another one of the many attempts I’ve seen to come up with something that looks like a free or open source license, but really isn’t.

News and e-press echos after EUPL v1.2 publication

Filed under
OSS
Legal

The publication of the new EUPL v1.2 has been echoed widely across Europe, starting with the official Europa.eu: “The European Commission has released a new version of the European Union Public Licence (EUPL), a tool for publishing any copyrighted work as open source. The licence is legally consistent with the copyright law of all EU countries and is especially well-suited for public administrations sharing IT solutions.”

If the licence is especially suited for public sector, it is also widely used by the private sector. In fact, the majority of the 15.000 EUPL licensed works are distributed by economic actors, developers and enterprises.

In Germany, the announcement was promptly commented by IfrOSS, the German Institute for legal questions on free and open source software (EU-Kommission veröffentlicht neue EUPL-Version). Pro-Linux.de focuses on the extended compatibility of the EUPL (i.e. with the GPL v3) and point out that in various European Member States like The Netherlands, France, Spain etc. the licence has been selected for distributing, when convenient and applicable, software applications made by governments.

Read more

Also: Romania opens new procurement portal for testing

Getting Started with Open Source Licenses

Filed under
OSS
Legal

With proprietary software, it's easy for a developer to know where he or she stands. Unless you or the company for which you're working owns the copyright to the code, it's off limits -- end of story. There's usually not even any temptation to use the code, because the source code is usually not available.

Moving into open source opens up a whole new world that can make things a lot easier. Suddenly, you're not constantly having to reinvent the wheel by writing code for processes where there's code already written and waiting at the ready. In some circumstances, you can even use open source code inside a proprietary project.

Read more

Syndicate content

More in Tux Machines

Android Leftovers

Ryzen 3 Linux Gaming Benchmarks: NVIDIA vs. AMD Radeon

This week I posted some fresh OpenGL vs. Vulkan benchmarks on the AMD Ryzen 3 while for this weekend article are some more Linux gaming benchmarks from the budget-friendly Ryzen 3 1200 and Ryzen 3 1300X processors. On the Ryzen 3 1200 and Ryzen 3 1300X, NVIDIA's GeForce GTX 1050 and GTX 1060 graphics cards were tested while on the Radeon side was the RX 560 and RX 480 graphics cards. The NVIDIA driver release used was the 384.59 driver while on the Radeon side was Linux 4.13 AMDGPU DRM plus Mesa 17.3-dev Git built against LLVM 6.0 SVN using the Padoka PPA. Read more

Some Fresh I/O Scheduler Benchmarks: Linux 4.13 With BFQ, CFQ, Kyber, Deadline

For those curious about the state of I/O schedulers with the in-development Linux 4.13 kernel, here are some fresh disk benchmarks using the 4.13 Git kernel on an Intel laptop/ultrabook and testing the various in-kernel options. Tests were done from a Broadwell era Lenovo ThinkPad X1 Carbon with SSD. In the days ahead I'll have some tests as well from a slower, rotational media system. Read more

Wine 2.15