Language Selection

English French German Italian Portuguese Spanish

Legal

Man jailed for role in spreading Linux malware

Filed under
Linux
Legal

A man who helped spread malware that exploited the OpenSSH software to steal login credentials has been jailed for 46 months and will be deported after serving his term.

Read more

Marcus Hutchins and Bruce Perens Sued

Filed under
Security
Legal
  • Slayer of WCry worm charged with creating unrelated banking malware

    Marcus Hutchins, the 23-year-old security professional who accidentally stopped the spread of the virulent WCry ransomware worm in May, has been named in a federal indictment that alleges he was part of a conspiracy that created and distributed a piece of unrelated malware that steals banking credentials from unsuspecting computer users.

    According to the eight-page indictment, the conspiracy involved Hutchins and two other individuals whose names still have not been made public. After Hutchins allegedly created the banking trojan dubbed "Kronos," a video circulated in July 2014 on a publicly available website that demonstrated how the malware worked. A month later, one of the unnamed co-conspirators put the malware up for sale at a price of $3,000. Hutchins and one of the co-conspirators allegedly updated Kronos around February 2015.

  • Linux kernel hardeners Grsecurity sue open source's Bruce Perens

    "As a customer, it’s my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog.

    The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may helped him draft that post, for defamation and business interference.

    [...]

    Linus Torvalds, who oversees the Linux kernel, has called Grsecurity's patches "garbage."

    Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code – a right under the GPLv2 license – will no longer be customers and will lose the right to distribute subsequent versions of the software.

Simon Phipps on Public Domain and Facebook’s React Licence

Filed under
OSS
Legal
  • Public Domain Is Not Open Source

    Open Source and Public Domain are frequently confused. Here’s why it’s a mistake to treat the two terms as synonyms.

    Plenty of people assume that public domain software must be open source. While it may be free software within your specific context, it is incorrect to treat public domain software as open source or indeed as globally free software. That’s not a legal opinion (I’m not a lawyer so only entitled to layman’s opinions) but rather an observation that an open source user or developer cannot safely include public domain source code in a project.

  • 5 Reasons Facebook’s React License Was A Mistake

    In July 2017, the Apache Software Foundation effectively banned the license combination Facebook has been applying to all the projects it has been releasing as open source. They are using the 3-clause BSD license (BSD-3), a widely-used OSI-approved non-reciprocal license, combined with a broad, non-reciprocal patent grant but with equally broad termination rules to frustrate aggressors.

    The combination represents a new open source license, which I’ve termed the “Facebook BSD Plus Patent License” (FB+PL), and to my eyes it bears the hallmarks of an attempt to be compatible with both the GPL v2 and the Apache License v2 at the same time, in circumvention of the alleged imcompatibility of those licenses.

If you were on a desert island, which license would you take with you?

Filed under
OSS
Legal

If I were on a desert island, I probably would not need a license, but let's say I did. I'd stuff the MIT license in one pocket, put the GPLv3 in my backpack, and find a place to tuck the Apache license.

Read more

Apache discontinues use of Facebook code libraries

Filed under
OSS
Legal
  • Apache discontinues use of Facebook code libraries

    San Francisco, July 18 (IANS) US-based open-source community Apache Foundation has said it will not use Facebook’s ‘BSD-licensed’ code for any of its new software projects for legal reasons.

    The foundation banned the use of libraries, frameworks and tools covered by Facebook’s open-source ‘BSD-plus-Patents’ license in any new projects, The Register reported on Tuesday.

    “No new project, sub-project or codebase, which has not used Facebook’s ‘BSD-plus-Patents’ licensed jars are allowed to use them,” Chris Mattmann, Legal Affairs Director, Apache Foundation, was quoted as saying.

  • Apache says 'no' to Facebook code libraries

    The Apache Foundation has declared that none of its new software projects can include Facebook's booby-trapped BSD-licensed code.

    The foundation's legal affairs director, Chris Mattmann, said over the weekend that libraries, frameworks and tools covered by Facebook's open-source-ish BSD-plus-Patents license should not be absorbed into any new projects.

    "No new project, sub-project or codebase, which has not used Facebook BSD+Patents licensed jars (or similar), are allowed to use them," Mattmann wrote. "In other words, if you haven't been using them, you aren't allowed to start. It is Cat‑X."

  • Apache Bans Facebook’s License Combo

Why OSI License Approval Matters

Filed under
OSS
Legal

Does it really matter if a copyright license is OSI Approved or not? Surely if it looks like it meets the benchmark that’s all that matters? I think that’s the wrong answer, and that OSI license approval is the crucial innovation that’s driven the open source revolution.

“Open Source” describes a subset of free software that is made available under a copyright license approved by the Open Source Initiative as conforming with the Open Source Definition. Having a standards body for licenses — one which ratifies the consensus of an open community of license reviewers — saves individuals from needing to each seek out a legal advisor to tell them whether a given license does in fact give them the rights they need to build or deploy the software they want. By providing easy certainty, open source gives people permission in advance to meet their own needs and innovate with technology.

Read more

Defending GPL, Bashing GPL

Filed under
GNU
OSS
BSD
Legal
  • Permissive and Copyleft Are Not Antonyms

    Using the term “permissive” as an antonym to “copyleft” – or “restrictive” as its synonym – are unhelpful framing. Describe license reciprocity instead.

    Some open source licenses implement a clever hack invented by Richard Stallman where, as a condition of the copyright license, anyone creating derived versions has to agree they will license the new version the same way as the original. In a play on words, this concept is called “copyleft” and many open source licenses implement this hack.

    In its strongest form, the “copyleft” idea can place a condition on the licensing of all the other code compiled together to make the eventual binary executable program. Complying with this requirement can prevent use of business models that deny software freedom to the end user; as a consequence, many commercial software developers avoid the strongest forms of copyleft licensing.

    There are less stringent forms of copyleft. Licenses like the MPL (Mozilla Public License) only require individual files that are modified to be licensed under the same license as the original and don’t extend that requirement to other files used to build the executable. The Eclipse Public License (EPL) has a copyleft provision that’s triggered by distribution of the source code. These scope-restricted variants are all described as “weak copyleft.”

    In discussing these licensing approaches with clients, I’ve often found that these terms “strong copyleft” and “weak copyleft” lead to misunderstandings. In particular, developers can incorrectly apply the compliance steps applicable to one “weak” license to code under another license, believing that all such licenses are the same. As a consequence, I prefer to use different terms.

  • Should the Fair License Replace the GPL?

    Read the full license, and if you find yourself thinking, “That sounds impossible to enforce,” you aren’t alone. To me, the Fair Source License looks like another one of the many attempts I’ve seen to come up with something that looks like a free or open source license, but really isn’t.

News and e-press echos after EUPL v1.2 publication

Filed under
OSS
Legal

The publication of the new EUPL v1.2 has been echoed widely across Europe, starting with the official Europa.eu: “The European Commission has released a new version of the European Union Public Licence (EUPL), a tool for publishing any copyrighted work as open source. The licence is legally consistent with the copyright law of all EU countries and is especially well-suited for public administrations sharing IT solutions.”

If the licence is especially suited for public sector, it is also widely used by the private sector. In fact, the majority of the 15.000 EUPL licensed works are distributed by economic actors, developers and enterprises.

In Germany, the announcement was promptly commented by IfrOSS, the German Institute for legal questions on free and open source software (EU-Kommission veröffentlicht neue EUPL-Version). Pro-Linux.de focuses on the extended compatibility of the EUPL (i.e. with the GPL v3) and point out that in various European Member States like The Netherlands, France, Spain etc. the licence has been selected for distributing, when convenient and applicable, software applications made by governments.

Read more

Also: Romania opens new procurement portal for testing

Getting Started with Open Source Licenses

Filed under
OSS
Legal

With proprietary software, it's easy for a developer to know where he or she stands. Unless you or the company for which you're working owns the copyright to the code, it's off limits -- end of story. There's usually not even any temptation to use the code, because the source code is usually not available.

Moving into open source opens up a whole new world that can make things a lot easier. Suddenly, you're not constantly having to reinvent the wheel by writing code for processes where there's code already written and waiting at the ready. In some circumstances, you can even use open source code inside a proprietary project.

Read more

GPL Win in Court Explained

Filed under
GNU
Legal
  • US Court Upholds Enforceability Of GNU GPL As Both A License And A Contract

    Free software dominates modern computing, from smartphones to supercomputers -- only the desktop remains a stronghold of proprietary code. Most of that free software has the Linux kernel at its heart, and a key element in the success of Linux -- and of thousands of other coding projects -- is the GNU General Public License. Although the first version of the GNU GPL was released by Richard Stallman back in 1989, and version 3 was issued in 2007, there have been surprisingly few court cases examining it and other open source licenses, and whether they are legally watertight.

    A key case is Jacobsen v. Katzer from 2008. As a detailed Groklaw post at the time explained, the US appeals court held that open source license conditions are enforceable as a copyright condition. Now we have another important judgment, Artifex v. Hancom, that clarifies further the legal basis of open source licenses. It concerns the well-known Ghostscript interpreter for the PostScript language, written originally by L. Peter Deutsch, and sold by the company he founded, Artifex Software. Artifex was a pioneer in adopting a dual-licensing approach for Ghostscript. That is, you could either use the software under the GNU GPL, or you could avoid copyleft's redistribution requirements by taking out a conventional proprietary license.

  • The GNU GPL Is An Enforceable Contract At Last [Ed: Misleading headline; it was always valid and enforceable, tested in US courts too.]
  • Artifex Software v Hancom: Guidance from US District Court on enforcement of open source software licences

    Open source software is regularly used as a way of leveraging the collective knowledge of the software development community by allowing anyone to improve and contribute to the code, provided they ‘pay it forward’ and allow their improved code to be used by the community. Open source software is often incorporated into proprietary software to avoid ‘reinventing the wheel’ – why develop from scratch what has already been prepared and improved upon by the collective wisdom of developers worldwide? This can, however, create a risk of “infection” (requiring the proprietary software to be released on open source terms) – the risk varies based on the terms of the open source licence under which the software is released.

Syndicate content

More in Tux Machines

What Is DNF Package Manager And How To Use It

​A package file is an archive which contains the binaries and other resources that make software and the pre and post installation scripts. They also provide the information regarding dependencies and other packages required for the installation and running of the software. Read
more

FSFE: ‘German public sector a digital laggard’

With their lacklustre approach to free software, German public services remain behind other European member states, says the Free Software Foundation Europe (FSFE). When asked, the current governing parties’ say they support free software, but their statements are contradicted by the lack of action, the advocacy group says. In early September, the FSFE published its analysis of the free software policies put forward by the main political parties on the ballot, in preparation for Germany’s parliamentary elections on 24 September. This analysis (in German) is far more detailed than an earlier report generated by the Digital-O-Mat, a web portal set up to focus on political parties’ positions on 12 digital topics. Read more New release: ISA² interoperability test bed software v1.1.0

PocketBeagle: An Ultra-tiny, Open-source, Linux-powered Development Board

BeagleBoard.org has revealed its latest development board named PocketBeagle. It’s an ultra-tiny and open source USB-key-fob computer that’s crafted for DIYers, hobbyists, and educators. PocketBeagle is based on Octavo Systems OSD3358-SM 21mm x 21mm system-in-package, which gives it 512MB DDR3 RAM, 1-GHz ARM Cortex-A8 CPU, and 2x 200-MHz PRUs. It comes with integrated power/battery management as well. Read more

Security: SEC Breach, DNSSEC, FinFisher, CCleaner and CIA