Language Selection

English French German Italian Portuguese Spanish

Legal

Licensing and Development: Patrick McHardy, React's Open Source [sic] Licence, Programming Success

Filed under
Development
Legal
  • Patrick McHardy and copyright profiteering

    Many in the open source community have expressed concern about the activities of Patrick McHardy in enforcing the GNU General Public License (GPL) against Linux distributors. Below are answers to common questions, based on public information related to his activities, and some of the legal principles that underlie open source compliance enforcement.

    Who is Patrick McHardy? McHardy is the former chair of the Netfilter core development team. Netfilter is a utility in the Linux kernel that performs various network functions, such as facilitating Network Address Translation (NAT)—the process of converting an Internet protocol address into another IP address. Controlling network traffic is important to maintain the security of a Linux system.

  • Facebook Refuses to Alter React's Open Source License

    The Apache Foundation recently announced that Facebook's BSD+Patents open source license has been disallowed for inclusion with Apache products. The resulting fallout has caused gnashed teeth and much soul searching for React developers and Facebook has so far refused to reconsider.

  • Users as Co Developers OR The Secret of Programming Success

    And so I inherited popclient. Just as importantly, I inherited popclient’s user base. Users are wonderful things to have, and not just because they demonstrate that you’re serving a need, that you’ve done something right. Properly cultivated, they can become co-developers.

    Another strength of the Unix tradition, one that Linux pushes to a happy extreme, is that a lot of users are hackers too. Because source code is available, they can be effective hackers. This can be tremendously useful for shortening debugging time. Given a bit of encouragement, your users will diagnose problems, suggest fixes, and help improve the code far more quickly than you could unaided.

  • Oracle to open source Java Enterprise Edition (JAVA EE)

    They say that you can never expect a favor from the corporate world without them getting some profit. Oracle seems to be shutting shop on Java Enterprise Edition (Java EE) and has now decided to open source it.  After earning millions from Java EE, now Oracle seems to have realized that it needs to move on.

Facebook won't change React.js license despite Apache developer pain

Filed under
Legal

Facebook's decided to stick with its preferred version of the BSD license despite the Apache Foundation sin-binning it for any future projects.

The Foundation barred use of Facebook's BSD-plus-Patents license in July, placing it in the “Category X” it reserves for “disallowed licenses”.

Facebook's BSD+Patents license earned that black mark because the Foundation felt it “includes a specification of a PATENTS file that passes along risk to downstream consumers of our software imbalanced in favor of the licensor, not the licensee, thereby violating our Apache legal policy of being a universal donor.”

Read more

Mixing Free/Open Source Licenses and Changes at Mir

Filed under
OSS
Legal
  • A Realistic Approach to Mixing Open Source Licenses

    At the upcoming Open Source Summit in Los Angeles, Lars Kurth, director of Open Source Solutions at Citrix and chair of the Advisory Board of the Xen Project at The Linux Foundation, will be delivering a wealth of practical advice in two conference talks.

    The first talk is “Mixed License FOSS Projects: Unintended Consequences, Worked Examples, Best Practices” and the second talk is “Live Patching, Virtual Machine Introspection and Vulnerability Management: A Primer and Practical Guide.”

    Here, Kurth explains more about what he will be covering in these presentations.

  • Mir Relicensed To GPLv2 Or GPLv3

    While we await the Mir 1.0 release with its new target of supporting Wayland clients directly, we noticed there was a re-licensing change this week for the Mir code-base.

    Previously the Mir code was licensed under the GPLv3 for the Mir server and LGPLv3 for the client code. The license has now been updated to reflect GPLv2 or GPLv3 for the Mir server code and LGPLv2 or LGPLv3 for the Mir client code.

Man jailed for role in spreading Linux malware

Filed under
Linux
Legal

A man who helped spread malware that exploited the OpenSSH software to steal login credentials has been jailed for 46 months and will be deported after serving his term.

Read more

Marcus Hutchins and Bruce Perens Sued

Filed under
Security
Legal
  • Slayer of WCry worm charged with creating unrelated banking malware

    Marcus Hutchins, the 23-year-old security professional who accidentally stopped the spread of the virulent WCry ransomware worm in May, has been named in a federal indictment that alleges he was part of a conspiracy that created and distributed a piece of unrelated malware that steals banking credentials from unsuspecting computer users.

    According to the eight-page indictment, the conspiracy involved Hutchins and two other individuals whose names still have not been made public. After Hutchins allegedly created the banking trojan dubbed "Kronos," a video circulated in July 2014 on a publicly available website that demonstrated how the malware worked. A month later, one of the unnamed co-conspirators put the malware up for sale at a price of $3,000. Hutchins and one of the co-conspirators allegedly updated Kronos around February 2015.

  • Linux kernel hardeners Grsecurity sue open source's Bruce Perens

    "As a customer, it’s my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog.

    The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may helped him draft that post, for defamation and business interference.

    [...]

    Linus Torvalds, who oversees the Linux kernel, has called Grsecurity's patches "garbage."

    Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code – a right under the GPLv2 license – will no longer be customers and will lose the right to distribute subsequent versions of the software.

Simon Phipps on Public Domain and Facebook’s React Licence

Filed under
OSS
Legal
  • Public Domain Is Not Open Source

    Open Source and Public Domain are frequently confused. Here’s why it’s a mistake to treat the two terms as synonyms.

    Plenty of people assume that public domain software must be open source. While it may be free software within your specific context, it is incorrect to treat public domain software as open source or indeed as globally free software. That’s not a legal opinion (I’m not a lawyer so only entitled to layman’s opinions) but rather an observation that an open source user or developer cannot safely include public domain source code in a project.

  • 5 Reasons Facebook’s React License Was A Mistake

    In July 2017, the Apache Software Foundation effectively banned the license combination Facebook has been applying to all the projects it has been releasing as open source. They are using the 3-clause BSD license (BSD-3), a widely-used OSI-approved non-reciprocal license, combined with a broad, non-reciprocal patent grant but with equally broad termination rules to frustrate aggressors.

    The combination represents a new open source license, which I’ve termed the “Facebook BSD Plus Patent License” (FB+PL), and to my eyes it bears the hallmarks of an attempt to be compatible with both the GPL v2 and the Apache License v2 at the same time, in circumvention of the alleged imcompatibility of those licenses.

If you were on a desert island, which license would you take with you?

Filed under
OSS
Legal

If I were on a desert island, I probably would not need a license, but let's say I did. I'd stuff the MIT license in one pocket, put the GPLv3 in my backpack, and find a place to tuck the Apache license.

Read more

Apache discontinues use of Facebook code libraries

Filed under
OSS
Legal
  • Apache discontinues use of Facebook code libraries

    San Francisco, July 18 (IANS) US-based open-source community Apache Foundation has said it will not use Facebook’s ‘BSD-licensed’ code for any of its new software projects for legal reasons.

    The foundation banned the use of libraries, frameworks and tools covered by Facebook’s open-source ‘BSD-plus-Patents’ license in any new projects, The Register reported on Tuesday.

    “No new project, sub-project or codebase, which has not used Facebook’s ‘BSD-plus-Patents’ licensed jars are allowed to use them,” Chris Mattmann, Legal Affairs Director, Apache Foundation, was quoted as saying.

  • Apache says 'no' to Facebook code libraries

    The Apache Foundation has declared that none of its new software projects can include Facebook's booby-trapped BSD-licensed code.

    The foundation's legal affairs director, Chris Mattmann, said over the weekend that libraries, frameworks and tools covered by Facebook's open-source-ish BSD-plus-Patents license should not be absorbed into any new projects.

    "No new project, sub-project or codebase, which has not used Facebook BSD+Patents licensed jars (or similar), are allowed to use them," Mattmann wrote. "In other words, if you haven't been using them, you aren't allowed to start. It is Cat‑X."

  • Apache Bans Facebook’s License Combo

Why OSI License Approval Matters

Filed under
OSS
Legal

Does it really matter if a copyright license is OSI Approved or not? Surely if it looks like it meets the benchmark that’s all that matters? I think that’s the wrong answer, and that OSI license approval is the crucial innovation that’s driven the open source revolution.

“Open Source” describes a subset of free software that is made available under a copyright license approved by the Open Source Initiative as conforming with the Open Source Definition. Having a standards body for licenses — one which ratifies the consensus of an open community of license reviewers — saves individuals from needing to each seek out a legal advisor to tell them whether a given license does in fact give them the rights they need to build or deploy the software they want. By providing easy certainty, open source gives people permission in advance to meet their own needs and innovate with technology.

Read more

Defending GPL, Bashing GPL

Filed under
GNU
OSS
BSD
Legal
  • Permissive and Copyleft Are Not Antonyms

    Using the term “permissive” as an antonym to “copyleft” – or “restrictive” as its synonym – are unhelpful framing. Describe license reciprocity instead.

    Some open source licenses implement a clever hack invented by Richard Stallman where, as a condition of the copyright license, anyone creating derived versions has to agree they will license the new version the same way as the original. In a play on words, this concept is called “copyleft” and many open source licenses implement this hack.

    In its strongest form, the “copyleft” idea can place a condition on the licensing of all the other code compiled together to make the eventual binary executable program. Complying with this requirement can prevent use of business models that deny software freedom to the end user; as a consequence, many commercial software developers avoid the strongest forms of copyleft licensing.

    There are less stringent forms of copyleft. Licenses like the MPL (Mozilla Public License) only require individual files that are modified to be licensed under the same license as the original and don’t extend that requirement to other files used to build the executable. The Eclipse Public License (EPL) has a copyleft provision that’s triggered by distribution of the source code. These scope-restricted variants are all described as “weak copyleft.”

    In discussing these licensing approaches with clients, I’ve often found that these terms “strong copyleft” and “weak copyleft” lead to misunderstandings. In particular, developers can incorrectly apply the compliance steps applicable to one “weak” license to code under another license, believing that all such licenses are the same. As a consequence, I prefer to use different terms.

  • Should the Fair License Replace the GPL?

    Read the full license, and if you find yourself thinking, “That sounds impossible to enforce,” you aren’t alone. To me, the Fair Source License looks like another one of the many attempts I’ve seen to come up with something that looks like a free or open source license, but really isn’t.

Syndicate content

More in Tux Machines

Today in Techrights

today's leftovers

Debian and Ubuntu Leftovers

  • Listing and loading of Debian repositories: now live on Software Heritage
    Software Heritage is the project for which I’ve been working during the past two and a half years now. The grand vision of the project is to build the universal software archive, which will collect, preserve and share the Software Commons. Today, we’ve announced that Software Heritage is archiving the contents of Debian daily. I’m reposting this article on my blog as it will probably be of interest to readers of Planet Debian. TL;DR: Software Heritage now archives all source packages of Debian as well as its security archive daily. Everything is ready for archival of other Debian derivatives as well. Keep on reading to get details of the work that made this possible.
  • Canonical announces Ubuntu Core across Rigado’s IoT gateways
  • Collecting user data while protecting user privacy
    Lots of companies want to collect data about their users. This is a good thing, generally; being data-driven is important, and it’s jolly hard to know where best to focus your efforts if you don’t know what your people are like. However, this sort of data collection also gives people a sense of disquiet; what are you going to do with that data about me? How do I get you to stop using it? What conclusions are you drawing from it? I’ve spoken about this sense of disquiet in the past, and you can watch (or read) that talk for a lot more detail about how and why people don’t like it. So, what can we do about it? As I said, being data-driven is a good thing, and you can’t be data-driven if you haven’t got any data to be driven by. How do we enable people to collect data about you without compromising your privacy? Well, there are some ways. Before I dive into them, though, a couple of brief asides: there are some people who believe that you shouldn’t be allowed to collect any data on your users whatsoever; that the mere act of wanting to do so is in itself a compromise of privacy. This is not addressed to those people. What I want is a way that both sides can get what they want: companies and projects can be data-driven, and users don’t get their privacy compromised. If what you want is that companies are banned from collecting anything… this is not for you. Most people are basically OK with the idea of data collection, they just don’t want to be victimised by it, now or in the future, and it’s that property that we want to protect. Similarly, if you’re a company who wants to know everything about each individual one of your users so you can sell that data for money, or exploit it on a user-by-user basis, this isn’t for you either. Stop doing that.

OSS Leftovers

  • QMO: Firefox 59 Beta 10 Testday Results
    As you may already know, last Friday – February 16nd – we held a new Testday event, for Firefox 59 Beta 10. Thank you Mohammed Adam, Abhishek Haridass,  Fahima Zulfath A. and  Surentharan.R.A. from  India QA Community team for helping us make Mozilla a better place.
  • Bugzilla Triage Helper
    There are an awful lot of bugs filed against Firefox and all it's components in the course of a release. Keeping on top of that is hard and some teams have adopted some policies to help with that (for example see: design-decision-needed). Having a consistent approach to bugs across the organisation makes it a little easier for everyone to get a feel for what's going.
  • Alfresco Founder: Commercial Open Source is more than Old Stuff for Free
    February sees Open Source turn 20 years old. Or the OSI definition at least. According to the OSI, the term was coined in Palo Alto by nanotechnologist Christine Peterson during a meeting on February 3rd, 1998 shortly after the announcement of the release of Netscape’s source code.
  • EOH and LSD Information Technology partner to lead open source in Africa
    By identifying global trends and local needs, EOH is able to proactively source and secure capabilities that will assist with the adoption of the digital revolution. LSD’s offerings across Linux, automation, devops and containers is a great technology fit for EOH to lead open source in the market.
  • Choosing a tool to track and mitigate open source security vulnerabilities
    Continuously tracking your application’s dependencies for vulnerabilities and efficiently addressing them is no simple feat. In addition, this is a problem shared by all, and is not an area most companies would consider their core competency. Therefore, it is a great opportunity for the right set of tools to help tackle this concern.
  • Open source software: to be celebrated or cursed?
    The use of Open Source Software (OSS) has become widespread. The latest statistics show that 78% of companies run OSS, and a number of mainstream software and hardware products are based on the OSS model – for example Android, Skype [sic], Firefox, Amazon Kindle, Tivo and BT Home Hub.
  • Marshall Students Use Open Source Data to Help Stop Sex Trafficking Cases
    The work involved sex trafficking cases in Latin America, the Caribbean and Southeast Asia. Select students in Marshall’s Open Source Intelligence Exchange program worked to provide open source intelligence collection and analysis for law enforcement and other clients. Open source refers to data collection from publicly available sources.
  • Stanford scholar celebrates Western culture’s open-access tradition
    The move toward “open access” to research and scholarship, far from being a modern digital-age creation, has roots in the West that date back to medieval times, writes a Stanford education scholar. John Willinsky’s new book explains how learning has long benefited from efforts to increase its circulation.