Language Selection

English French German Italian Portuguese Spanish

Legal

FOSS Licensing Debates at OSI and New Open Data From Recursion

Filed under
OSS
Legal
  • April 2019 License-Discuss Summary

    Antoine Thomas asks whether a contributor would be able to revoke/remove their contributions from a project, and how this would affect old versions of a project.

    Kevin Fleming responds that legitimately provided open source licenses are not revocable, but that a project might honor a request out of courtesy.

    Brendan Hickey points out that copyright law may provide special revocation rights, e.g. 17 USC §203. And even without revocation, a contributor could make life difficult for users.

  • April 2019 License-Review Summary

    Van Lindberg submits his Cryptographic Autonomy License (CAL) to the review process. This is a network copyleft license, but with a broader scope than the AGPL. The CAL is motivated by ensuring user autonomy in blockchain-based applications. Lindberg has also written an in-depth blog post that serves as a rationale document. Last month, there had already been preliminary discussion about the license on the license-discuss list (see the summary).

    [...]

    Pamela Chestek provides a careful analysis of unclear language in the license.

    Henrik Ingo is concerned that the anti-DRM provision might not be effective, which leads to some comparisons with the GPLv3 [1,2,3,4].

  • Recursion Releases Open-Source Data from Largest Ever Dataset of Biological Images, Inviting Data Science Community to Develop New and Improved Machine Learning Algorithms for the Life Sciences Industry

Licensing/Legal Facets of FOSS

Filed under
OSS
Legal
  • 5 Best Drag and Drop Builders For WordPress of 2019 [Ed: And proprietary software with "free bait".]

    Depends on your requirements, really. One thing that you need to keep in mind is that the prices are different for different packages, so money is a factor you need to consider before making the decision. For example, Elementor could as well have been the best for beginners had their license not been so restrictive. Also, their Pro version is not GPL.

    Other such drawbacks for other builders make Beaver Builder and Divi clearly the most preferred WordPress page builders. Visual Composer comes very close to these two. So, while there may be a bit of a pocket pinch, you can go for any of these if you want to be on safe hands. Also, while the recent Gutenberg editor holds a lot of promise, it is still going to be a while before it comes anywhere close to any of these powerful builders.

  • Upstream First

    This talk was mostly aimed at managers of engineering teams and projects with fairly little experience in shipping open source, and much less experience in shipping open source through upstream cross vendor projects like the kernel. It goes through all the usual failings and missteps and explains why an upstream first strategy is the right one, but with a twist: Instead of technical reasons, it’s all based on economical considerations of why open source is succeeding. Fundamentally it’s not about the better software, or the cheaper prize, or that the software freedoms are a good thing worth supporting.

    Instead open source is eating the world because it enables a much more competitive software market. And all the best practices around open development are just to enable that highly competitive market. Instead of arguing that open source has open development and strongly favours public discussions because that results in better collaboration and better software we put on the economic lens, and private discussions become insider trading and collusions. And that’s just not considered cool in a competitive market. Similar arguments can be made with everything else going on in open source projects.

  • The sustainability of open source for the long term

    The problem of "sustainability" for open-source software is a common topic of conversation in our community these days. We covered a talk by Bradley Kuhn on sustainability a month ago. Another longtime community member, Luis Villa, gave his take on the problem of making open-source projects sustainable at the 2019 Legal and Licensing Workshop (LLW) in Barcelona. Villa is one of the co-founders of Tidelift, which is a company dedicated to helping close the gap so that the maintainers of open-source projects get paid in order to continue their work.

  • On technological liberty

    In his keynote at the 2019 Legal and Licensing Workshop (LLW), longtime workshop participant Andrew Wilson looked at the past, but he went much further back than, say, the history of free software—or even computers. His talk looked at technological liberty in the context of classical liberal philosophic thinking. He mapped some of that thinking to the world of free and open-source software (FOSS) and to some other areas where our liberties are under attack.

    He began by showing a video of the band "Tears for Fears" playing their 1985 hit song "Everybody wants to rule the world", though audio problems made it impossible to actually hear the song; calls for Wilson to sing it himself were shot down, perhaps sadly, though he and the audience did give the chorus a whirl. In 1985, the band members were young and so was open source, he said. But there were new digital synthesizers available, with an open standard (MIDI) that allowed these instruments to talk to one another. It freed musicians from the need for expensive studio time, since they could write and polish their music anywhere: a great example of technological freedom.

Crowdsourcing license compliance with ClearlyDefined

Filed under
OSS
Legal

Open source use continues to skyrocket, not just in use cases and scenarios but also in volume. It is trivial for a developer to depend on a 1,000 JavaScript packages from a single run of npm install or have thousands of packages in a Docker image. At the same time, there is increased interest in ensuring license compliance.

Without the right license you may not be able to legally use a software component in the way you intend or may have obligations that run counter to your business model. For instance, a JavaScript package could be marked as MIT license, which allows commercial reuse, while one of its dependencies is licensed has a copyleft license that requires you give your software away under the same license. Complying means finding the applicable license(s), and assessing and adhering to the terms, which is not too bad for individual components adn can be daunting for large initiatives.

Read more

GNU and GPL Picks

Filed under
GNU
Legal
  • The decade long wait for Bash 5

    It's a coincidence that the Linux kernel and Bash jumped to version 5.0 at about the same time. While Linus assigns the numbers as he sees fit, Bash changes its version when major adjustments are made. Here's what users can expect in Bash 5.

    My last article about a Bash version change is 10 years old [1]. Version 4 was in the starting blocks at that time, but it took some time for all distributions to switch to this version. Nobody puts their production system at risk without good reason.

    Nevertheless, the change was very attractive for developers of complex scripts, because – thanks to associative arrays – a completely new data structure was introduced. The advantages were more elegant, simpler programs that were also easier to maintain. Other important changes included the coproc command (which supports parallelization) and redirection operators.

  • Stack Clash mitigation in GCC: Why -fstack-check is not the answer

    In our previous article about Stack Clash, we covered the basics of the Stack Clash vulnerability. To summarize, an attacker first uses various means to bring the heap and stack close together. A large stack allocation is then used to “jump the stack guard.” Subsequent stores into the stack may modify objects in the heap or vice versa. This, in turn, can be used by attackers to gain control over applications.

  • Cooperation and freedom for all

    The GPL's "freedom zero" can be applied to more than just open-source software.

    Recently, a discussion came up on one of the mailing lists for a GNU/Linux distribution, on which I feel it is necessary to comment. Because this discussion has a place in world politics today, I am bringing my input to this column.

    I started working for Digital Equipment Corporation (DEC) in 1983. At that time, I had traveled only domestically in the USA, never internationally.

  • Software Freedom Conservancy Announces End to VMware Lawsuit

    Linux developer Christoph Hellwig has announced that he is discontinuing his lawsuit against VMware for non-compliance with the terms of the GPL. Hellwig and the Software Freedom Conservancy accused VMware of including GPLed code associated with vmklinux into VMware's proprietary vSphere product. A German appeals court dismissed the case on February 28. Hellwig and the Software Freedom Conservancy have decided they will not appeal the case further in German courts.

The mysterious history of the MIT License

Filed under
Legal

I say "seemingly straightforward" because the MIT License is one of the most popular licenses used by open source software. The MIT License, Apache License, and BSD license are the main permissive licenses, a term that contrasts with reciprocal licenses like the GPL, which require source code to be made available when software is redistributed.

Given its popularity, you'd think the license's inception would be well-documented. I found various clues that added up to a date in the late 1980s but nothing definitive. However, Keith Packard and Jim Gettys jumped on the thread to offer first-hand accounts of the license's creation. In addition to providing early examples of the license, their help also gave me the context to better understand how the license evolved over time.

Read more

What the new EU copyright law means for open source

Filed under
OSS
Legal

The global open source community was able to breathe a small sigh of relief as the controversial and, at times, bitterly opposed European Union's (EU's) Copyright Directive was finally approved last week. Some last-minute amendments a few weeks before the vote resulted in open source software development being left relatively, but not wholly, unscathed.

In its earlier iterations, the EU copyright proposal, specifically Article 13, made content-sharing platforms directly liable for copyrighted content that users upload. This, in effect, made it mandatory for software code sharing platforms to monitor all content that users upload for potential copyright infringement. The proposal was primarily aimed at music and video streaming platforms rather than software code but the wording was so broad that software code, and developing and sharing platforms like GitHub, Software Heritage, GitLab, GNU Savannah and SourceForge, would be caught in the net.

With the whole premise of open source software being the free and open sharing of code, the open source community was appalled. Several campaigns were launched to push back. The Free Software Foundation Europe and OpenForumEurope joined forces on a campaign, Savecodeshare.eu, to garner support for opposition to the proposed directive.

Read more

Licensing Tricks and Traps in Fake 'FOSS'

Filed under
OSS
Legal

Linux developer abandons VMware lawsuit

Filed under
Linux
Legal

In August 2006, well-known Linux developer Christopher Helwig spotted Linux source code being used illegally in the VMware ESX bare-metal virtual machine (VM) hypervisor. Helwig, with the aid of the Software Freedom Conservancy, eventually sued VMware, Now, after the German Hamburg Higher Regional Court dismissed Helwig's appeal, he has decided that it would be pointless to appeal the decision.

The heart of the lawsuit had been that Hypervisor vSphere VMware ESXi 5.5.0 violated Linux's copyright. That's because VMware had not licensed a derivative work from Linux under the GNU General Public License (GPL). True, VMware had disclosed the vmklinux component under the GPL, but not the associated hypervisor components.

Read more

James Bottomley: A Roadmap for Eliminating Patents in Open Source

Filed under
OSS
Legal

The realm of Software Patents is often considered to be a fairly new field which isn’t really influenced by anything else that goes on in the legal lansdcape. In particular there’s a very old field of patent law called exhaustion which had, up until a few years ago, never been applied to software patents. This lack of application means that exhaustion is rarely raised as a defence against infringement and thus it is regarded as an untested strategy. Van Lindberg recently did a FOSDEM presentation containing interesting ideas about how exhaustion might apply to software patents in the light of recent court decisions. The intriguing possibility this offers us is that we may be close to an enforceable court decision (at least in the US) that would render all patents in open source owned by community members exhausted and thus unenforceable. The purpose of this blog post is to explain the current landscape and how we might be able to get the necessary missing court decisions to make this hope a reality.

What is Patent Exhaustion?

Patent law is ancient, going back to Greece in around 500BC. However, every legal system has been concerned that patent holders, being an effective monopoly with the legal right to exclude others, did not abuse that monopoly position. This lead to the concept that if you used your monopoly power to profit, you should only be able to do it once for the same item so that absolute property rights couldn’t be clouded by patents. This leads to something called the exhaustion doctrine: so if Alice holds a patent on some item which she sells to Bob and Bob later sells the same item to Charlie, Alice can’t force Bob or Charlie to give her a part of their sale proceeds in exchange for her allowing Charlie to practise the patent on the item. The patent rights are said to be exhausted with the sale from Alice to Bob, so there are no patent rights left to enforce on Charlie. The exhaustion doctrine has since been expanded to any authorized transfer, even if no money changes hands (so if Alice simply gave Bob the item instead of selling it, the patent still exhausts at that transaction and Bob is still free to give or sell the item to Charlie without interference from Alice).

Of course, modern US patent rights have been around now for two centuries and in that time manufacturers have tried many ingenious schemes to get around the exhaustion doctrine profitably, all of which have so far failed in the courts, leading to quite a wealth of case law on the subject. The most interesting recent example (Lexmark v Impression) was over whether a patent holder could use their patent power to enforce any onward conditions at all for which the US Supreme Court came to the conclusive finding: they can’t and goes on to say that all patent rights in the item terminate in the first authorized transfer. That doesn’t mean no post sale conditions can be imposed, they can by contract or licence or other means, it just means post sale conditions can’t be enforced by patent actions. This is the bind for Lexmark: their sales contracts did specify that empty cartridges couldn’t be resold, so their customers violated that contract by selling the cartridges to Impression to refill and resell. However, that contract was between Lexmark and the customer not Lexmark and Impression, so absent patent remedies Lexmark has no contractual case against Impression, only against its own customers.

Read more

Copyright Threats to FOSS: Copyrights on APIs and Upload Filter (for Code Also)

Filed under
OSS
Legal
  • No Allies for Oracle’s Win Against Google

    The Supreme Court of the United States (SCOTUS) has received over a dozen amicus briefs in support of Google against Oracle in a long-lasting battle for Java API (software interface) usage. Among others, the Electronic Frontier Foundation, Microsoft, Red Hat, Mozilla, Python Software Foundation, Developers Alliance, along with IP scholars, computer scientists, software innovators, start-ups, and investors raised their concerns about the rulings of the Federal Court of Appeals in 2014and 2018.

  • Support for Google mounts as its Oracle petition is considered

    Google’s argument that it used Oracle’s copyright fairly – with $8.8 billion in the balance – finds support as it hopes for US Supreme Court review

    Google’s petition for certiorari at the Supreme Court represents its last effort in a protracted copyright battle with software company Oracle. The near-decade-long conflict centres on Oracle’s Java programming application, which Google admitted to using...

  • Copyright reform: it’s the final countdown

    This Tuesday MEPs will cast the final vote in a long running process to reform the EU’s copyright law. Their decision will define whether consumers will be able to continue enjoying the internet as a place where they can easily share content with friends and family or be at risk of seeing their uploads systematically blocked by automated filters.

  • Swedish MEPs Announce Support For Article 13, Demonstrate Near Total Ignorance Of What It Actually Entails

    As MEPs get ready to vote on the EU Copyright Directive -- and specific amendments concerning Articles 11 and 13 -- many have not yet said how they are going to vote. However, two Swedish MEPs, Jytte Guteland and Marita Ulvskog, who many had believed would vote against the plan, have suddenly switched sides and say they plan to vote for it. In a rather astounding interview with reporter Emanuel Karlsten the MEPs reveal their near total ignorance of what Article 13 does and what it would require.

    Guteland spoke to Karlsten by phone, and he asked all the right questions. It's worth reading the entire conversation, but here are a few snippets with my commentary.

  • New Report: Germany Caved To France On Copyright In A Deal For Russian Gas

    In the hours leading up to the vote in the EU Parliament on the EU Copyright Directive, the German publication FAZ (which has been generally supportive of the Directive) has released quite a bombshell (in German), suggesting that the reason Germany caved to France on its terrible demands concerning copyright was in order to get France's approval of the controversial Nord Stream 2 gas pipeline from Russia.

    If you don't recall, the German delegation had actually pushed back on the more extreme versions of Article 13 -- and, in particular, had demanded that a final version have a clear carve-out for smaller companies, so as not to have them forced out of business by the onerous demands of the law. However, after some back and forth, Germany caved in to France's demands, with many left scratching their heads as to why. However, some noted the "coincidence" in timing, that right after this, France also withdrew its objections to the pipeline which is very controversial in the EU (and the US, which is threatening sanctions).

  • EU Copyright Directive Vote, GNU nano 4.0 Released, Redox OS 0.5.0 Announced, Sailfish OS 3.0.2 "Oulanka" Now Available and Linux Kernel 5.1-rc2 Released

    Members of the European Parliament vote tomorrow on the Directive on Copyright. Those in the EU can go to SaveYourInternet to ask their representatives to vote against Article 17 (previously Article 13). See this Creative Commons blog post for more information. From the post: "The dramatic negative effects of upload filters would be disastrous to the vision Creative Commons cares about as an organisation and global community."

    [...]

    Sailfish OS 3.0.2 "Oulanka" is now available. Named after the Oulanka national park in Lapland and the Northern Ostrobothnia regions of Finland, this new version fixes more than 44 bugs. In addition, "With this new update you will find that the Top Menu has a new switch for silencing ringtones and there's a new battery saving mode to make the most out of low battery in those moments you need to stretch productivity. Email app supports now sending read receipts to inform that you have read the senders' email. Connectivity was improved in terms of firewall and global proxy. As for the user interface, home screen had memory optimizations for handling wallpapers, freeing memory for running other apps."

  • Inside GitHub’s fight to protect devs from EU’s disastrous Copyright Reform [Ed: Microsoft is a patent and copyright maximalist, this time it just doesn't suit one site.]
  • European Parliament to vote on EU Copyright Directive
  • How #Article13 is like the Inquisition: John Milton Against the EU #CopyrightDirective

    Fundamentally, policing of speech can happen at one of two points: before content disseminates, or after. Policing content after it disseminates involves human agents seeing and reporting content and taking action or requesting action. This can happen on a huge scale or a tiny one: Facebook’s content flagging system, obscenity law in much of the EU and USA, parents who object to books assigned in schools, and China’s 50 Cent Army of two million internet censors, all these act to silence content after it disseminates.

  • The EU votes on a confusing new copyright law Tuesday

    Both provisions are maddeningly vague—laying out broad goals without providing much detail about how those goals can be achieved. This is partly because the EU's lawmaking system occurs in two stages. First, EU-wide institutions pass a broad directive indicating how the law should be changed. Then each of the EU's member nations translates the directive into specific laws. This process leaves EU-wide legislators significant latitude to declare general policy goals and leave the details to individual countries.

    Still, if the legislation's goals are incoherent or contradictory, then something is going to have to give. And critics warn that the package could wind up damaging the Internet's openness by forcing the adoption of upload filters and new limits on linking to news stories.

  • Music Labels Forgot Their ‘Secret’ Article 13 Weapon, So Dan Bull Used it Against Them

    Music is widely acknowledged as one of the most potent and emotive ways to tell a story and send a message. Yet, inexplicably, no major artists in favor of Article 13 have used their talent to tell the world why it should pass. In that silence, UK rapper Dan Bull (with support from Grandayy and PewDiePie) has now seized the day - to explain why it shouldn't.

  • EU backs controversial copyright law

    The European parliament has backed controversial copyright laws which critics say could change the nature of the internet.

  • Even after today's EU Parliament vote, we can still kill Article 13 through pressure on German government to prevent formal adoption by EU Council

    Under normal circumstances, today's outcome of the European Parliament's plenary vote would mean we lost the fight against Article 13 ("upload filters") definitively because a 348-274 majority adopted the bill without amendments after an incredibly narrow 317-312 majority disallowed votes on individual amendments. The latter result indicates a majority against Article 13 was in striking distance, given that no amendment had nearly as much as momentum as the one that would have deleted Article 13 (now named Article 17). Some folks may have given up prematurely, but that's another story.

    If we organize another and even bigger round of street protests in Germany, work with opposition parties, and put maximum pressure on Merkel's junior partner (the Social Democratic Party of Germany, SPD), we may be able to prevent Germany from allowing the directive to pass into law. But we only have two weeks to make it happen. Let me explain step by step.

  • EU’s Parliament Signs Off on Disastrous Internet Law: What Happens Next?

    In a stunning rejection of the will five million online petitioners, and over 100,000 protestors this weekend, the European Parliament has abandoned common-sense and the advice of academics, technologists, and UN human rights experts, and approved the Copyright in the Digital Single Market Directive in its entirety.

    There’s now little that can stop these provisions from becoming the law of the land across Europe. It’s theoretically possible that the final text will fail to gain a majority of member states’ approval when the European Council meets later this month, but this would require at least one key country to change its mind. Toward that end, German and Polish activists are already re-doubling their efforts to shift their government’s key votes.

    If that attempt fails, the results will be drawn-out, and chaotic. Unlike EU Regulations like the GDPR, which become law on passage by the central EU institutions, EU Directives have to be transposed: written into each member country’s national law. Countries have until 2021 to transpose the Copyright Directive, but EU rarely keeps its members to that deadline, so it could take even longer.

Syndicate content