Language Selection

English French German Italian Portuguese Spanish

Legal

OSI Transparency Reports

Filed under
OSS
Legal
  • October 2019 License-Discuss Summary

    We would like to introduce (and thank!) Amol Meshram, who has joined us here at the OSI to provide monthly summaries of both the License-Discuss and License-Review mailing lists. We hope these reports provide you with a helpful snapshot of the monthly activities on the lists, keeping you up to date with the latest topics, while also providing a reference point for further discussion. Of course all suggestions are welcome as we continue to enhance our reporting. We will try our best to include the feedback from OSI community members to make the summaries as accurate as possible and the discussions lively and fruitful.

  • October 2019 License-Review Summary

    Carlo Piana is not in favour of The Vaccine License and feels it is a trolling exercise. Filli Liberandum suggested to Carlo Paina to read the mailing list code of conduct. In furtherance to it, Filli Liberandum explained why there is a necessity of acknowledging The Vaccine License by OSI board and its members.
    Anand Chowdhary based on his experience of adding privacy compliance under twente open source license pointed out that there are better ways to protect privacy of individuals like local/national/international regulation instead of protecting it through open source license. He is of the opinion that there are better ways to advocate for vaccination and open source license is not the better way to advocate for it.
    Filli Liberandum countered to Anand Chowdhary by citing example of Cryptography Autonomy License of Mr. Lindstrom which ask for some release of data as a condition and head of OSI has publicly accepted this condition. Pamela Chestek brought into notice of Filli Liberandum that OSI did not endorse the view of Simon Phipps (referred head of OSI by Filli) on Cryptography Autonomy License data condition clause. Simon Phipps is member of the board along with others. Simon Phipps views on CAL are personal.
    Filli Liberandum raised a concern with respect to archives as it is stuck in a plaintext mode.
    Simon Phipps suggested to Filli Liberandum to familiarize with License-review process and change the tone of message and requested to leave moderating to the moderators to which Filli agreed and responded that here onwards Filli will directly reach out to concerned members.
    Gil Yehuda responded to Fil that Licenses usually do ask for things in return and appreciated the efforts of Fil in writing The Vaccine License, while considering the OSD. Gil raised an important point of enforceability of The Vaccine License in the real life scenario. Gil is of the opinion that one can right a blog and promote the importance of the idea instead of restricting it with copyright license. To buttress claim, Gil cited article written by Selam G which convinced Gil to support Free Software Movement. The reason behind citing this article is to explore other platforms instead of publishing work under copyright license.

    Carlo Piana responded to Fil that The Vaccine License is discriminatory and non-enforceable in nature. Carlo thinks that vaccination can be achieved through local authorities instead of enforcing it through copyright license. Carlo believes one should provoke reactions rather than genuine attempt of having a license approved.
    Josh Berkus agrees with Carlo on provoking reactions from members on license instead of attempting for approving the license. Josh suggested to take this submission as a use case and put it on opensource.org for future reference.
    Carlo Piana is of the same view that opensource.org should take this submission as a use case for future submissions to avoid duplication of work.
    Bruce Perens is also of the opinion that a direct law on vaccination will be more effective than a license. Similarly, Bruce also wrote two blog posts on the issue of “ethical” licenses wherein Bruce referred the proposed The Vaccine License.
    Grahame Grieve replied to Bruce’s blog post and appreciated the efforts of writing blog post on ethical license and also the basic arguments put forwards by Bruce. But Grahame bothered by the lack of ethics in the Vaccine License, judging vaccine license solely based on enforceability clause. Similarly, Grahame wanted to know whether the lawyers, courts and violators laugh at license and is there any precedent on when someone gives something of value away, on the condition that it not used in a particular way? Bruce Perens replied to all the queries of Graham Grieve. Firstly, Bruce Perens claims blog post argument is based on law instead of license terms. Secondly, Bruce has experience in handling litigation for various reasons and Bruce wants other should not get into litigation for same cause of action. Lastly, Bruce said Lawyers, courts and violators laugh at license and this whole exercise will be term as a ‘‘copyright misuse’’.
    Kevin P. Fleming replied to Graham and pointed that The Vaccine License does not talk about goals instead it focusses on action to be performed which is not in sync with the use of the software. Similarly, Kevin is of the opinion that The Vaccine License violates the OSD 5. To this Grahame Grieve countered by saying if The Vaccine license is applied to health software then in such scenario would Kevin change his opinion.
    Van Lindberg appreciated various aspect of the Vaccine License and efforts put forward by Fil in creating the vaccine license. But Van feels the Vaccine License does not qualify for OSS because it imposes conditions which are logically separate from and wholly unrelated to scope intellectual property rights that are licensed. Similarly, Van attempted to answer the question on what scope of action can be required of a license? Van observed if restrictions are closely related to the exercise of the intellectual property rights granted under license then such restrictions make sense and compatible with OSD.
    Filli Liberandum replied to analysis of Van and requested to reverse engineer the rules from the approved licenses which Fil believe will lead us to conclusion that the Vaccine License attempt is not an accidental in nature.
    Josh Berkus feels that The Vaccine License is very good example for ‘’unrelated conditions’’ license which can be referred in future as a textbook example to differentiate between what kind of licenses OSS supports and what can’t be supported by OSS license.

The Road Towards KF6 & SPDX License Identifiers

Filed under
KDE
Legal

With KF6, I want to see SPDX license identifiers being introduced into KDE frameworks in order to ease the framework re-use in other projects. This follows the same approach e.g. the Linux Kernel took over the last years.

The problem that the SPDX markers address is the following: When publishing source code under an open source license, each source code file shall explicitly state the license it is released with. The usual way this is done is that a developer copies a license header text from the KDE licensing policies wiki, from another source file, or from somewhere else from the internet and puts it at the top of their newly created source code file. Thus the result is that today we have many slightly different license headers all over our frameworks source files (even if they only differ in formatting). Yet, these small differences make it very hard to introduce automatic checks for the source code licenses in terms of static analysis. This problem becomes even more urgent when one wants to check that a library, which consists of several source files with different licenses, does only contain compatible licenses.

The SPDX headers solve this problem by introducing a standardized language that annotates every source code file with license information in the SPDX syntax. This syntax is rich enough to express all of our existing license information and it can also cover more complicated cases like e.g. dual-licensed source files.

Read more

FSFE on Licensing in REUSE Initiative and Racket Moves to Apache 2.0/MIT Licence

Filed under
GNU
Legal
  • The last 12 months in the light of software freedom

    In the last 12 months, we have achieved a lot with the help of our volunteers, through their donations and hard work. Thanks to their support, we were able to successfully continue our PMPC campaign, simplify licensing practices through our REUSE initiative, and stand up for router freedom in Europe. We will be back in 2020 with even more vigour towards our work. Please help us with a donation so that we can continue our successful commitment to Free Software.

  • Racket 7.5 Changes License

    Racket has been updated and is being released under a new, less-restrictive license: either the Apache 2.0 license or the MIT license. The new release also adds a standard JSON MIME type for the Web Server.

    Racket is described as a “full-spectrum programming language” that goes beyond Lisp and Scheme with dialects that support objects, types and laziness. When coding in it, you can link components written in different dialects, and write your own project-specific dialect if you want. The Racket libraries support applications from web servers and databases to GUIs and charts.

    [...]

    Chez Scheme is both a programming language and an implementation of that language, with supporting tools and documentation. It is a superset of the language described in the Revised Report on the Algorithmic Language Scheme (R6RS). Chez Scheme supports all standard features of Scheme, including first-class procedures, proper treatment of tail calls, continuations, user-defined records, libraries, exceptions, and hygienic macro expansion. The Racket team says they expect that Racket CS will be ready for production use by the next release.

    Elsewhere in this release, the Web Server now provides a standard JSON MIME type, including a response/jsexpr form for HTTP responses bearing JSON; and GNU MPFR operations run about three times faster.

Input for the BEREC's guidelines on Router Freedom in Europe

Filed under
Hardware
Legal

Router Freedom is the right of customers of any Internet Service Provider (ISP) to choose and use a private modem and router instead of a router that the ISP forces them to use. The Body of European Regulators for Electronic Communications (BEREC) drafted guidelines for national agencies how to deal with Router Freedom in their countries. The Free Software Foundation Europe (FSFE) provided mixed feedback to an ongoing public consultation.

The status of Router Freedom in Europe differs from country to country as the monitoring by the FSFE shows. The core of the debate is the question of where the Network Termination Point (NTP) is located. This defines where the network of the ISP ends and where the network of the user begins. If the modem and router are considered part of the ISP's infrastructure, a user cannot claim sovereignty of their communication and security.

The patchwork rug of different rules may change soon as BEREC, the Body of European Regulators for Electronic Communications, has been commissioned to create guidelines for the National Regulatory Agencies (NRAs) and help them with implementing European regulation in a harmonised way. BEREC's current draft of the guidelines is up for public consultation until 21 November 2019. We analysed this draft and the EU Directives and Regulations it references, and provided our conclusion in a brief document.

Read more

Java License Fallout Continues Impacting IBM i Shops

Filed under
Development
Legal

Oracle’s decision to restrict the previously free distribution of Java version 8 tools and runtimes is impacting the entire IT industry. In our little neck of the woods, the decision to charge businesses for using Oracle’s Java has forced IBM i shops to take a hard look at the technology platform, and in some cases look for alternative solutions.

Oracle ruffled feathers in the Java community in 2017, when it made substantial changes to its Java roadmap. The company announced that Java Standard Edition (SE) version 8, which is a legacy version of Java but is still in widespread use, “will not be available for business, commercial or production use without a commercial license” after January 2019. Licenses for Java SE 8 could be purchased for $30 per desktop per year or $300 per processor for server licenses.

Oracle’s stated plan for the move was to accelerate the development and release cycle for Java in a bid to keep up today’s fast-paced DevOps environments (and perhaps part of its unstated plan, which was to squeeze Java users for revenue). The tech giant and the Java community hammered out Java SE versions 9 and 10 in quick fashion, in late 2017 and early 2018, respectively.

Read more

Graphics and Standards

Filed under
Graphics/Benchmarks
Web
Legal
  • SHADERed 1.2.3 Released With Support For 3D Textures & Audio Shaders

    SHADERed is the open-source, cross-platform project for creating and testing HLSL/GLSL shaders. While a version number of 1.2.3 may not seem like a big update, some notable additions can be found within this new SHADERed release.

  • Vulkan 1.1.125 Released With SPIR-V 1.4 Support

    Succeeding Vulkan 1.1.124 one week later is now Vulkan 1.1.125 with a lone new extension.

    Vulkan 1.1.125 has its usual clarifications and corrections to this graphics API specification. Meanwhile the new extension introduced in the overnight v1.1.125 release is VK_KHR_spirv_1_4.

  • Making Movies Accessible for Everyone

    For the first time, people who are deaf or hard of hearing will be able to enjoy the Nairobi leg of the Human Rights Watch Film Festival, opening on October 15.

Contributor License Agreement and Developer Certificate of Origin references

Filed under
OSS
Legal

In the last few years I have come across the CLA topic several times. It is and will be a popular topic in automotive the coming years, like in any industry that moves from being an Open Source Producer towards becoming an Open Source Contributor.

In my experience, many organizations take the CLA as a given by looking at the google, microsoft or intels of the world and replicate their model. But more and more organizations are learning about alternatives, even if they do not adopt them.

What I find interesting about discussing the alternatives is that it brings to the discussion the contributor perspective and not just the company one. This enrichs the debate and, in some cases, leads to a more balanced framework between any organization behind a project and the contriibutor base, which benefits both.

Throughout these years I have read a lot about it but I have never written anything. It is one of those topics I do not feel comfortable enough to write about in public probably because I know lots of people more qualified than I am to do so. What I can do is to provide some articles and links that I like or that have been recommended to me in the past.

Read more

Invasion of The Ethical Licenses

Filed under
OSS
Legal

About 23 years ago, I created the Debian Free Software Guidelines to help the Debian developers decide what software was permissible to include in Debian, which aspired to be 100% Free Software, and what should be consigned to a “non-free” repository upon which Debian would never depend. Nine months later, those guidelines became the Open Source Definition, and I announced Open Source to the world.

                        
                        [...]
                        
                        Despite the seeming impossibility of its enforcement, the Vaccine License is the most professionally constructed of this pack, carefully targeting the approval process of the Open Source Initiative – and IMO missing it. But all three licenses appear to be unlikely to obtain the agreement of a court in enforcement, and scaling their requirements would be a sort of full-employment act for lawyers.

Let’s work through how these licenses would be enforced.

When these licenses are enforced, the copyright holder is the plaintiff, a fancy word for someone who makes a complaint. Their complaint is that the defendant, the licensee, committed a tort, a violation of civil law. The tort is copyright infringement.

The important point here is that the complaint isn’t that the license was violated, the complaint is that the defendant did not have a license at all, and is infringing copyright. The defendant then has to prove that they did have a license, and that they were obeying the license’s terms, or that the court should for some reason not honor those terms.

Licenses are also contracts, and thus the tort can be breach of contract. But contracts require the consent of both parties – the copyright holder, and the licensee. Real consent is indicated by signing the contract, but that doesn’t ever happen with this sort of license. Instead, there is a lesser indication of consent by the action of using, distributing, or modifying the software.

Read more

Digital Restrictions (DRM) Watch

Filed under
Security
Web
Legal
  • One Weird Law That Interferes With Security Research, Remix Culture, and Even Car Repair

    How can a single, ill-conceived law wreak havoc in so many ways? It prevents you from making remix videos. It blocks computer security research. It keeps those with print disabilities from reading ebooks. It makes it illegal to repair people's cars. It makes it harder to compete with tech companies by designing interoperable products. It's even been used in an attempt to block third-party ink cartridges for printers.

    It's hard to believe, but these are just some of the consequences of Section 1201 of the Digital Millennium Copyright Act, which gives legal teeth to "access controls" (like DRM). Courts have mostly interpreted the law as abandoning the traditional limitations on copyright's scope, such as fair use, in favor of a strict regime that penalizes any bypassing of access controls (such as DRM) on a copyrighted work regardless of your noninfringing purpose, regardless of the fact that you own that copy of the work.  

  • One Weird Law That Interferes With Security Research, Remix Culture, and Even Car Repair
  • Spotify is Defective by Design

    I never used Spotify, since it contains DRM. Instead I still buy DRM-free CDs. Most of my audio collection is stored in free formats such as FLAC and Ogg Vorbis, or Red Book in the case of CDs, everything can be played by free players such as VLC or mpd.

    Spotify, which uses a central server, also spies on the listener. Everytime you listen a song, Spotify knows which song you have listened and when and where. By contrast free embedded operating systems such as Rockbox do not phone home. CDs can be baught anonymously and ripped using free software, there is no need for an internet commection.

Trademark Law Against Amazon's (Mis)Use of Elasticsearch

Filed under
OSS
Legal
  • AWS faces Elasticsearch lawsuit for trademark infringement

    Elasticsearch has sued AWS for trademark infringement and false advertising in connection with the cloud giant's recently released version of the widely used Elasticsearch distributed analytics and search engine.

    Elasticsearch Inc., or Elastic, is based on the open-source Lucene project and Elastic serves as originator and primary maintainer. Tensions flared in March when AWS, along with Expedia and Netflix, launched Open Distro for Elasticsearch. The release is fully open source compared with Elastic's version and was actually prompted by Elastic's weaving too much proprietary code into the main line over time, according to AWS.

  • Open Source Search Firm Accuses Amazon of Trademark Infringement

    O'Melveny & Myers is representing search engine Elasticsearch in a complaint that alleges Amazon is willfully infringing its mark by promoting competing search and analytics products.

Syndicate content

More in Tux Machines

today's howtos

Migrating the MAAS UI from AngularJS to React

MAAS (metal as a service), is a Canonical product which allows for very fast server provisioning and data centre management. Around 2014, work began to build a rich UI for MAAS, primarily using the AngularJS JavaScript framework from Google. AngularJS today is in long term support (LTS) and due to reach end-of-life in 2021. This year we began the work of transitioning away from AngularJS in anticipation of this impending EOL to more contemporary tooling. Evaluating Angular vs React Google’s recommended upgrade path for applications built in AngularJS is to transition to the Angular framework. Despite the similarity in naming, Angular is very different from AngularJS architecturally, and the migration process is non-trivial. While components (allowing for the now ubiquitous uni-directional data architectural pattern) were later backported from Angular to AngularJS, most of MAAS UI predated this and consequently migration to Angular would require significant app-wide refactoring. Since the inception of the MAAS UI, a number of other products had been built at Canonical using React. As we had developed significant experience using React, and tooling in the surrounding ecosystem, ultimately it made more sense to invest in transitioning the MAAS UI to React rather than Angular. This choice conferred additional benefits, such as standardising our build and testing infrastructure, and allows for component reuse across products. We also just generally enjoy working with React, and feel that the most significant developments in web UI technology are happening within the React ecosystem (hooks, concurrent mode, suspense, CRA). Read more

Haiku almost-monthly activity report - October and November 2019

The last two months have been quite busy for me and I had no time to write up a report. Remember that everyone is welcome to contribute to the website and if you wand to write the report from time to time, this would be much appreciated, by me because I wouldn’t need to do it, and by others because they will enjoy reading things written with a different style and perspective. Anyway, let’s look at what’s going on! Let’s start with the non-technical side of things. The months of october and november are traditionally quite active in Haiku (matching with our autumn-themed logo, of course). There was no BeGeistert this year, but I attended Alchimie and Capitole du Libre with mmu_man, while Korli, scottmc and Hy Che went to the GSoC mentor summit, which was in Germany this year. These events are an opportunity to advertise Haiku a bit, share ideas and projects with other alternative operating systems such as MorphOS, ReactOS, FreeBSD, or RTEMS, and overall meet other people working on open source software. All while managing this, we also had to get ready for Google Code-In, which is celebrating its 10th year. We are the only project with enough contributors and ideas to be able to participate every year since the contest was established, and look forward to what our contestants will accomplish this year. The first patches are already getting to our Gerrit code review. Read more Also: BeOS-Inspired Haiku Continues Working On 64-bit ARM, Other Hardware Improvements

Linux-Capable and Linux-Ready Hardware

  • Rugged Versalogic board expands upon Intel Apollo Lake

    Versalogic’s rugged, Linux-ready “Owl” SBC has an Intel Apollo Lake SoC with up to 8GB soldered ECC RAM, 8GB to 32GB eMMC, 2x GbE, 5x USB, 4x serial, and 2x mini-PCIe, plus SATA, LVDS, and mini-DP++. Versalogic announced a Linux-friendly SBC due in 1Q 2020 that continues its line of rugged, double-board Embedded Processing Unit (EPU) products built around Intel’s Apollo Lake Atom SoCs. The Owl will come out around the same time as the recently announced, avionics oriented Harrier, which followed a similar Osprey boardset from 2016.

  • Versalogic Owl Small Form Factor Apollo Lake Embedded Computer Targets Military & Industrial Applications

    VersaLogic Owl VL-EPU-4012 Embedded System Computer In October 2019 we reported on the VersaLogic Harrier computer that was slightly bigger than a credit card.

  • Tiny USB bridge board helps tame I2C traffic

    Excamera has gone to Crowd Supply to launch a tiny, open source “I2CMini” USB-to-I2C bridge board for controlling and monitoring I2C traffic. The $17 device has a Qwiic connector, a 4-pin header, and a micro-USB port. A year ago, Excamera Labs launched a $29 I2CDriver I2C debugging board. Now the company has returned to Crowd Supply to pitch a simpler, $17 I2CMini USB-to-I2C bridge device that is similarly designed to plug into a Linux, Mac, or Windows computer via a micro-USB port.

  • Edge AI motherboard combines Coffee Lake with MXM-linked Nvidia GPU cards

    Ibase unveiled a Linux-supported “MT800M-P” motherboard for AI applications with an 8th Gen Coffee Lake CPU and an MXM slot for Nvidia GPU cards. Other features include 4x GbE, 2x DP, PCIe, M.2, and mini-PCIe. After watching the embedded industry squeeze and shrink their products for power- and space-efficient IoT devices, we’ve lately seen a modest trend towards giganticism as systems bulk up to support full-size GPU boards for edge AI applications. The latest is Ibase’s 270 x 220mm Intel Coffee Lake based MT800M-P SBC, which supports AI services such as speech recognition, image analysis, and visual search and media processing in the retail, banking and transportation industries.

  • Rikomagic MK25 Amlogic S922X TV Box Supports Digital Signage Features
  • Marlin 2.0 Open Source 3D Printer Firmware Finally Released

    Back in June, we wrote about Marlin 2.0 firmware supporting ESP32 3D printer board, but at the time the firmware was still in RC1 (Release for Comment) phase.

  • Qualcomm Unveils Snapdragon 865, 765, and 765G 5G Mobile Platforms
  • NVIDIA Looks To Have Some Sort Of Open-Source Driver Announcement For 2020

    We were tipped off by a Phoronix reader to this GTC session for GTC 2020 by NVIDIA engineer John Hubbard. It's about "Open Source, Linux Kernel, and NVIDIA." The talk abstract is: "We'll report up-to-the-minute developments on NVIDIA's status and activities, and possibly (depending on last-minute developments) a few future plans and directions, regarding our contributions to Linux kernel; supporting Nouveau (the open source kernel driver for NVIDIA GPUs, that is in the Linux kernel), including signed firmware behavior, documentation, and patches; and NVIDIA kernel drivers." Color us surprised and damn excited, as long as their announcement is substantive.