SlideShare a Scribd company logo

Exploring Open Source Licensing

Stefano Fago
Stefano Fago

Open source licensing can be complicated for laypeople to understand. The document discusses some key concepts around open source licensing including: - Open source licenses like the GPL require sharing source code modifications, while permissive licenses like MIT do not. - Choosing an open source license has legal implications for how software can be used and modified. Strong copyleft licenses like GPL require any changes be shared. - Understanding license compatibility and how licenses apply to derivatives is important, as mixing licenses could require releasing entire works under more restrictive terms.

Software
1 of 49
Download to read offline
Exploring Open Source Licensing ...Moving between the legal concepts of open software and open source licensing compliance by a layman... STEFANO FAGO
2 Warning ● I am not a lawyer ● An exhaustive discussion will not be made ● No personal consideration ● This is a work based on a personal research ● It is always better to consult with experts if in doubt
3 Open Source, Society, Morality << … For better or worse, software developers are building the fabric of tomorrow's world. So, they need to realize that many of the things they do have ethical, social, and political implications.... >> << … How open source software, shared purpose and cross sector collaboration are creating a new template for Corporate Social Responsability in the form of social innovation.... >> https://www.computer.org/csdl/magazine/so/2017/02/mso2017020004/13rRUy2YLWt The Social Responsibility of Software Development https://jaxenter.com/technology-for-good-173276.html Technology as a Source for Good
4 Open Source, Society, Morality • << … We can build... cyberspace to protect values that we believe are fundamental. Or we can build... cyberspace to allow those values to disappear. There is no middle ground. There is no choice that does not include some kind of building. Code is never found; it is only ever made, and only ever made by us... >> • https://www.youtube.com/watch?v=sJpXhVD18-c Free Software: It's not about the license
5 The Open Source Definition • Free redistribution. • Source Code Included in Licensed Software. • Grant of modification to derivative works. • Integrity of the source code. • No discrimination against individuals or groups. • No discrimination of sectors of society and development. • Distribution of the license to all recipients of the same. • The license does not have to be specific to a product. • The license must not restrict other software. • The license must be technology independent https://opensource.org/osd
6 Open Source Compliance
7 The risks of Open Source Open source is free of acquisition costs but is not without management costs or risks. A company using open source must confirm initially and on an ongoing basis that: • the way in which open source is used complies with related open source licenses. • the open source you use does not contain any known security vulnerabilities. A real challenge arises in managing these risks on a corporate scale and pace. https://www.synopsys.com/blogs/software-security/open-source-audit-data/
8 Open Source Compliance : A Book https://www.linuxfoundation.org/compliance-and-security/2018/12/ope n-source-compliance-in-the-enterprise/
9 Open Source Compliance : Example Process https://www.linuxfoundation.org/resources/open-source-guides/usi ng-open-source-code/
10 License Compliance : Example Architecture http://turingmachine.org/~dmg/papers/dmg2012_softwareKenen.pdf
11 License Compliance : Bosch Architecture https://www.youtube.com/watch?v=_3r4XfMJBUA
12 Open Source Licence Idemnification The commercial use of open source leads, among others, to the concept of Idemnification for inappropriate use in the relationship between Vendor and Customer. Idemnification can be offered by the Vendor who uses open source artifacts to increase the added value of their products, thus also increasing their credibility and reputation. https://www.activestate.com/blog/open-source-indemnification-why-you-should-care
13 Open Source : too much Terms!
14 What is Intellectual Property The term Intellectual Property indicates a system of legal protection of intangible assets resulting from the creative and inventive activity of man (artistic and literary works, industrial inventions and utility models, design and trademarks, ...) Forms of intellectual property are: • Copyright • Patent • Trademark • Trade Secret
15 Is Copyright the default? In most jurisdictions, any code or content is automatically copyrighted by the author, with all rights reserved, unless otherwise stated. While it is a good idea to state the author and copyright date in the header of any code or document, failing to do so does not mean that the author have no rights.
16 Is Copyright the default? (Italy) (Italian law) Acquires the status of author, the creator of the work, this being a particular expression of intellectual work. Therefore, the owner of the copyright (dual nature, moral and economic) is always the creator of the work, from the moment of its conception. The author of a work is guaranteed the exclusive right to publish it, to economically use the work in any form and way, to reproduce it, to disseminate it, to distribute it and put it into circulation, to publish it in collections and to modify it, to rent it and to lend it. The right of economic use of the work lasts for the entire life of the author, up to the seventieth year after his death.
17 Copyright Vs Copyleft The Copyleft, unlike the Copyright, is the Author Permit that is managed thanks to a Licensing System: this implies that the Copyleft is a subcategory of Copyright (conceptually there is no copyleft without copyright) Copyleft can be applied to a multitude of works, ranging from software, to scientific discoveries, to documents and art.
18 Copyleft applied to IT (base concept) In IT, the Copyleft regime is supported by a main condition that obliges, in the case of distribution of the modified work, to do so under the same legal regime (and the same license). In this way, the copyleft regime, and the whole set of freedom deriving from it, are always guaranteed at each release.
19 What Copyleft implies? Copyleft implies license conditions whereby: If I distribute via source, no particular action to take If I have a binary distribution, it must be accompanied by the sources, bearing the copyleft license and its conditions The conditions are to be considered applied both to the original software and to the binary distribution and to any changes implemented and distributed.
20 Open Souce Licenses https://arstechnica.com/gadgets/2020/02/how-to-choose-an-open-source-license/
21 Open Source, Development and Licensing Open source is simultaneously: • a licensing model • a development model where the former is at the service of the latter
22 What is a License? A License is an official permission to use, modify or own a given thing. As for the software, it can be defined as the granting of rights by those who produce the software to those who wish to use it, on how it can be used and shared. This is a set of guidelines on the obligations and responsibilities associated with the use and distribution of the software program. https://tldrlegal.com/
23 Types of Open Source Licenses Permissive License: allows you to perform any action on the software in compliance with a single type of condition, that is, the distribution of the software involves reporting the license CopyLeft License: allows you to act on the software but if a change is made it is necessary to share the source code http://www.vinayiyengar.com/2020/09/09/apache-combinator/
24 Different Source Licenses Permissive License (MIT, BSD-2-Clause, BSD-3-Clause, Apache-2.0) Weak Copyleft License Lesser GNU Public License (LGPL-2.0, LGPL-2.1 or LGPL-3.0), Mozilla Public Licenses (MPL-1.0, MPL-1.1 or MPL-2.0), Eclipse Public License (EPL- 1.0 or EPL-2.0), Common Development and Distribution License (CDDL-1.0 or CDDL-1.1) String Copyleft License: GNU General Public Licenses (GPL-2.0 and GPL-3.0), Affero General Public License (AGPL-3.0) https://www.slideshare.net/marceldvries/b est-practices-for-using-open-source-softw are-in-the-enterprise
25 Comparison of Open Source Licenses https://moqod.com/understanding-open-source-and-free-software-licensing/
26 Comparison of Open Source Licenses https://www.compact.nl/articles/the-risks-of-open-source-software-for-corporate-use/
27 Other types of Open Source License Public Domain • A work in the public domain is not copyrighted and unlicensed. • It can be used by anyone for any purpose for free. • Getting software into the public domain is a tricky business. https://creativecommons.org/about/downloads/
28 Other types of Open Source License Source Available An emerging license type, intended to be applied to code that cannot be distributed As Service. This type of license is referred to in response to Cloud Provider, as Amazon, implementing packaging, rebranding and profits from open source projects deployed on their cloud platform. Popular examples include the Redis'Source Available License (RSAL), MongoDB's Server Side Public License (SSPL), the Cockroach Community License (CCL), or licenses to which the Commons clause has been added.
29 Other types of Open Source License Dual Licensing • It can be a problematic choice • The defined code must be compatible with both licenses • It does not necessarily imply that the user must comply with yours and both licenses but can choose which one they want to comply with https://jaxenter.com/dual-licensing-tricky-business-111606.html
30 Licenses Compatibility https://timreview.ca/article/416
31 How many licenses are there? It is possible to find out about some reference sites: • https://spdx.org/licenses/ • https://www.gnu.org/licenses/license-list.html • https://opensource.org/licenses • https://creativecommons.org
32 ... but Copyleft & Derivative Works? ...
33 Let's understand the consequences of a license... Let's see with a practical example what are the consequences on a project in adopting artifacts subject to a given open source license, passing from permissive to copyleft. The idea comes from the work of Jim Jagielski currently UBER's Technical Staff Manager Open Source Office https://www.youtube.com/watch?v=mb9ZmxbXVZ8 https://www.youtube.com/watch?v=Vu_x8wrmHtA
34 Let's understand the consequences of a license... Suppose a company wants to make biscuits and has a recipe for the cream in the biscuit, licensed in a proprietary manner. Let's see what happens when assembling the biscuit by changing the license of the recipe to make the solid part. Solid Part License ????? Cream Proprietary License
35 Let's understand the consequences of a license... Suppose that the recipe of the solid part is of the permissive type (eg MIT). If it is decided to alter the recipe, the company does not have to do anything. The cream is under proprietary license as well as the biscuit and must only be shown on the biscuit packaging from which the original recipe of the solid part derives Solid Part MIT License Cream Proprietary License Proprietary License
36 Let's understand the consequences of a license... Suppose that the solid part recipe is of the weak copyleft type (eg MPL). If it is decided to alter the recipe, the company must share the changes made to the original recipe. The cream is under proprietary license as well as the biscuit and must be shown on the biscuit packaging from which the original recipe of the solid part derives Solid Part MPL License Cream Proprietary License Proprietary License
37 Let's understand the consequences of a license... Suppose that the solid part recipe is of the strong copyleft type (eg GPL). If it is decided to alter the recipe, the company must share the changes made to the original recipe and, despite the fact that the cream is under proprietary license, the whole biscuit is fired under the copyleft regime, thus losing the industrial secret on the recipe of the cream. Solid Part GPL License Cream Proprietary License GPL License
38 Contributions?
39 Contribute to an Open Source Project Employee Contribution Policies : In a Company, It may be necessary to develop a company policy that specifies how employees contribute to open source projects. A clear policy will reduce confusion among employees and help them contribute to open source projects in the best interest of the company, both as part of their work and in their spare time.
40 Open Source Program/Project The spread of Open Source has led to two relevant phenomenologies: • many developers create their own side projects to work • companies can decide to define an Open Source Program, supervised by a specific office, in order to create a stronger development culture and better quality of artifacts, while respecting and contributing to the values and activities of the Open Source world. In both situations, legal support is essential to avoid problems for both the company and the employee. https://todogroup.org/
41 Contributor License Agreement Why a contribution agreement? • To force contributors to accept the terms of the contribution • For the developers to declare that every activity they do is authorized • The project uses an open source license which does not include an explicit patent grant (such as MIT) and needs a patent grant from all contributors • The project is under a copyleft license, but you also want to distribute a proprietary version of the project • The project may need to change licenses over the course of its life, and contributors are expected to accept these changes in advance https://en.wikipedia.org/wiki/Cont ributor_License_Agreement https://ben.balter.com/2018/01/02 /why-you-probably-shouldnt-add-a -cla-to-your-open-source-project/
42 Licensing is really complicated!...
43 Better viral or monetizable? https://www.youtube.com/watch?v=DDx6gjwU0K8
44 ... Do you have any doubts? Try with ... Free usable sites can help you understand the type of licenses in place or the situation of an artifact: https://tldrlegal.com/ allows you to search for the most popular licenses and neither offers a summary https://choosealicense.com/ supports you in choosing a license for your project, looking at the surrounding conditions https://clearlydefined.io proposes an assessment of the clarity of the artifacts / projects highlighting their licenses, correlations and defects in the metadata accompanying them
45 Initiatives related to the Licensing topic Open Source Initiative for OSI Approved License List ( https://opensource.org/licenses/category) SPDX initiative dedicated to the definition of a standard format for the provision of license information in open source software ( https://spdx.dev/ and https://spdx.org/licenses/ ) Open Chain initiative dedicated to the definition of a standard process for Software Compliance ( https://www.openchainproject.org/ )
46 Initiatives related to the Licensing topic REUSE initiative dedicated to the definition of tools and processes to create open source software with the correct license files ( https://reuse.software/ ) Blue Oak Council initiative dedicated to supporting understanding of licenses and compliant use of open source software ( https://blueoakcouncil.org/ )
47 Licensing Compliance: Open Source Projects https://github.com/nexB/scancode-toolkit https://github.com/oss-review-toolkit/ort https://www.fossology.org/ https://github.com/github/licensed https://github.com/licensee/licensee https://github.com/pivotal/LicenseFinder https://github.com/eclipse/antenna (only Java and Node.js)
48 ...but What about API Licensing
49 THANKS FOR YOUR TIME!

Recommended

Open Source and Open Data
Open Source and Open DataOpen Source and Open Data
Open Source and Open Data
Bart Hanssens
 
Open source movement and much more
Open source movement and much moreOpen source movement and much more
Open source movement and much more
Michael Kalika
 
Understanding Free/Open Source Software (FOSS) and the Benefit to E-Commerce
Understanding Free/Open Source Software (FOSS) and the Benefit to E-CommerceUnderstanding Free/Open Source Software (FOSS) and the Benefit to E-Commerce
Understanding Free/Open Source Software (FOSS) and the Benefit to E-Commerce
Ir. Dr. R.Badlishah Ahmad
 
Open Source Software Presentation
Open Source Software PresentationOpen Source Software Presentation
Open Source Software Presentation
Henry Briggs
 
Open source software, commercial software, freeware software, shareware softw...
Open source software, commercial software, freeware software, shareware softw...Open source software, commercial software, freeware software, shareware softw...
Open source software, commercial software, freeware software, shareware softw...
Muhammad Haroon
 
Open Source vs Proprietary
Open Source vs ProprietaryOpen Source vs Proprietary
Open Source vs Proprietary
M. Antoinette Jerom
 
Open Source Software Storyboard Ver9
Open Source Software Storyboard Ver9Open Source Software Storyboard Ver9
Open Source Software Storyboard Ver9
Henry Briggs
 
FOSS & Society
FOSS & SocietyFOSS & Society
FOSS & Society
Mathias Klang
 

Recommended

Open Source and Open Data
Open Source and Open DataOpen Source and Open Data
Open Source and Open Data
Bart Hanssens
 
Open source movement and much more
Open source movement and much moreOpen source movement and much more
Open source movement and much more
Michael Kalika
 
Understanding Free/Open Source Software (FOSS) and the Benefit to E-Commerce
Understanding Free/Open Source Software (FOSS) and the Benefit to E-CommerceUnderstanding Free/Open Source Software (FOSS) and the Benefit to E-Commerce
Understanding Free/Open Source Software (FOSS) and the Benefit to E-Commerce
Ir. Dr. R.Badlishah Ahmad
 
Open Source Software Presentation
Open Source Software PresentationOpen Source Software Presentation
Open Source Software Presentation
Henry Briggs
 
Open source software, commercial software, freeware software, shareware softw...
Open source software, commercial software, freeware software, shareware softw...Open source software, commercial software, freeware software, shareware softw...
Open source software, commercial software, freeware software, shareware softw...
Muhammad Haroon
 
Open Source vs Proprietary
Open Source vs ProprietaryOpen Source vs Proprietary
Open Source vs Proprietary
M. Antoinette Jerom
 
Open Source Software Storyboard Ver9
Open Source Software Storyboard Ver9Open Source Software Storyboard Ver9
Open Source Software Storyboard Ver9
Henry Briggs
 
FOSS & Society
FOSS & SocietyFOSS & Society
FOSS & Society
Mathias Klang
 
Open source
Open sourceOpen source
Open source
arun nalam
 
Proprietary &amp; open source software
Proprietary &amp; open source softwareProprietary &amp; open source software
Proprietary &amp; open source software
yanti aryani khalil
 
Open source software licenses
Open source software licensesOpen source software licenses
Open source software licenses
DrexelELC
 
Open source softwares, 2011
Open source softwares, 2011Open source softwares, 2011
Open source softwares, 2011
Florent Renucci
 
Open source software: The infrastructure impact
Open source software: The infrastructure impactOpen source software: The infrastructure impact
Open source software: The infrastructure impact
Rogue Wave Software
 
Open Source & Open Development
Open Source & Open Development Open Source & Open Development
Open Source & Open Development
Sander van der Waal
 
Software Open Source in ambito industriale
Software Open Source in ambito industrialeSoftware Open Source in ambito industriale
Software Open Source in ambito industriale
Better Software
 
Opensource Powerpoint Review.Ppt
Opensource Powerpoint Review.PptOpensource Powerpoint Review.Ppt
Opensource Powerpoint Review.Ppt
Viet NguyenHoang
 
Licensing,Ppt
Licensing,PptLicensing,Ppt
Licensing,Ppt
Viet NguyenHoang
 
Advantages & Disadvantages (Open-Source vs. Proprietary Software)
Advantages & Disadvantages (Open-Source vs. Proprietary Software)Advantages & Disadvantages (Open-Source vs. Proprietary Software)
Advantages & Disadvantages (Open-Source vs. Proprietary Software)
Fleurati
 
Power Point Presentation on Open Source Software
Power Point Presentation on Open Source Software Power Point Presentation on Open Source Software
Power Point Presentation on Open Source Software
opensourceacademy
 
Open Source Developer by Binary Semantics
Open Source Developer by Binary SemanticsOpen Source Developer by Binary Semantics
Open Source Developer by Binary Semantics
Binary Semantics
 
Mis full
Mis fullMis full
Mis full
Asif Hemon
 
PROPRIETARY AND OPEN SOURCE SOFTWARE
PROPRIETARY AND OPEN SOURCE SOFTWARE PROPRIETARY AND OPEN SOURCE SOFTWARE
PROPRIETARY AND OPEN SOURCE SOFTWARE
Kak Yong
 
Open source technology
Open source technologyOpen source technology
Open source technology
aparnaz1
 
open source technology
open source technologyopen source technology
open source technology
Lila Ram Yadav
 
Ijcet 06 08_001
Ijcet 06 08_001Ijcet 06 08_001
Ijcet 06 08_001
IAEME Publication
 
Open source software
Open source software Open source software
Open source software
MuhamadHajMousa
 
Legitimacy of Open Source Softwares
Legitimacy of Open Source SoftwaresLegitimacy of Open Source Softwares
Legitimacy of Open Source Softwares
Antara Rastogi
 
Introduction to Open Source License and Business Model
Introduction to Open Source License and Business ModelIntroduction to Open Source License and Business Model
Introduction to Open Source License and Business Model
Mohd Izhar Firdaus Ismail
 
Open Source Presentation To Portal Partners2
Open Source Presentation To Portal Partners2Open Source Presentation To Portal Partners2
Open Source Presentation To Portal Partners2
Viet NguyenHoang
 
Open source software vs proprietary software
Open source software vs proprietary softwareOpen source software vs proprietary software
Open source software vs proprietary software
Lavan1997
 

More Related Content

What's hot

Software Open Source in ambito industriale
Software Open Source in ambito industrialeSoftware Open Source in ambito industriale
Software Open Source in ambito industriale
Better Software
 
Opensource Powerpoint Review.Ppt
Opensource Powerpoint Review.PptOpensource Powerpoint Review.Ppt
Opensource Powerpoint Review.Ppt
Viet NguyenHoang
 
PROPRIETARY AND OPEN SOURCE SOFTWARE
PROPRIETARY AND OPEN SOURCE SOFTWARE PROPRIETARY AND OPEN SOURCE SOFTWARE
PROPRIETARY AND OPEN SOURCE SOFTWARE
Kak Yong
 
Open source technology
Open source technologyOpen source technology
Open source technology
aparnaz1
 
open source technology
open source technologyopen source technology
open source technology
Lila Ram Yadav
 

What's hot (19)

Open source
Open sourceOpen source
Open source
 
Proprietary &amp; open source software
Proprietary &amp; open source softwareProprietary &amp; open source software
Proprietary &amp; open source software
 
Open source software licenses
Open source software licensesOpen source software licenses
Open source software licenses
 
Open source softwares, 2011
Open source softwares, 2011Open source softwares, 2011
Open source softwares, 2011
 
Open source software: The infrastructure impact
Open source software: The infrastructure impactOpen source software: The infrastructure impact
Open source software: The infrastructure impact
 
Open Source & Open Development
Open Source & Open Development Open Source & Open Development
Open Source & Open Development
 
Software Open Source in ambito industriale
Software Open Source in ambito industrialeSoftware Open Source in ambito industriale
Software Open Source in ambito industriale
 
Opensource Powerpoint Review.Ppt
Opensource Powerpoint Review.PptOpensource Powerpoint Review.Ppt
Opensource Powerpoint Review.Ppt
 
Licensing,Ppt
Licensing,PptLicensing,Ppt
Licensing,Ppt
 
Advantages & Disadvantages (Open-Source vs. Proprietary Software)
Advantages & Disadvantages (Open-Source vs. Proprietary Software)Advantages & Disadvantages (Open-Source vs. Proprietary Software)
Advantages & Disadvantages (Open-Source vs. Proprietary Software)
 
Power Point Presentation on Open Source Software
Power Point Presentation on Open Source Software Power Point Presentation on Open Source Software
Power Point Presentation on Open Source Software
 
Open Source Developer by Binary Semantics
Open Source Developer by Binary SemanticsOpen Source Developer by Binary Semantics
Open Source Developer by Binary Semantics
 
Mis full
Mis fullMis full
Mis full
 
PROPRIETARY AND OPEN SOURCE SOFTWARE
PROPRIETARY AND OPEN SOURCE SOFTWARE PROPRIETARY AND OPEN SOURCE SOFTWARE
PROPRIETARY AND OPEN SOURCE SOFTWARE
 
Open source technology
Open source technologyOpen source technology
Open source technology
 
open source technology
open source technologyopen source technology
open source technology
 
Ijcet 06 08_001
Ijcet 06 08_001Ijcet 06 08_001
Ijcet 06 08_001
 
Open source software
Open source software Open source software
Open source software
 
Legitimacy of Open Source Softwares
Legitimacy of Open Source SoftwaresLegitimacy of Open Source Softwares
Legitimacy of Open Source Softwares
 

Similar to Exploring Open Source Licensing

Open Source Presentation To Portal Partners2
Open Source Presentation To Portal Partners2Open Source Presentation To Portal Partners2
Open Source Presentation To Portal Partners2
Viet NguyenHoang
 
Open source software vs proprietary software
Open source software vs proprietary softwareOpen source software vs proprietary software
Open source software vs proprietary software
Lavan1997
 
Open soucre(cut shrt)
Open soucre(cut shrt)Open soucre(cut shrt)
Open soucre(cut shrt)
Shivani Rai
 

Similar to Exploring Open Source Licensing (20)

Introduction to Open Source License and Business Model
Introduction to Open Source License and Business ModelIntroduction to Open Source License and Business Model
Introduction to Open Source License and Business Model
 
Open Source Presentation To Portal Partners2
Open Source Presentation To Portal Partners2Open Source Presentation To Portal Partners2
Open Source Presentation To Portal Partners2
 
Open source software vs proprietary software
Open source software vs proprietary softwareOpen source software vs proprietary software
Open source software vs proprietary software
 
Ijetr042189
Ijetr042189Ijetr042189
Ijetr042189
 
1 Open Source Business
1 Open Source Business1 Open Source Business
1 Open Source Business
 
Asf icfoss-mentoring
Asf icfoss-mentoringAsf icfoss-mentoring
Asf icfoss-mentoring
 
Open source technologies
Open source technologiesOpen source technologies
Open source technologies
 
Open source technologies
Open source technologiesOpen source technologies
Open source technologies
 
Open Source Licences
Open Source LicencesOpen Source Licences
Open Source Licences
 
Commemorating 20 years of open source successes in building awareness and ado...
Commemorating 20 years of open source successes in building awareness and ado...Commemorating 20 years of open source successes in building awareness and ado...
Commemorating 20 years of open source successes in building awareness and ado...
 
Understanding and implementation of open source ecosystems final
Understanding and implementation of open source ecosystems finalUnderstanding and implementation of open source ecosystems final
Understanding and implementation of open source ecosystems final
 
Software Licensing.pptx
Software Licensing.pptxSoftware Licensing.pptx
Software Licensing.pptx
 
GDSC - Software Licensing.pdf
GDSC - Software Licensing.pdfGDSC - Software Licensing.pdf
GDSC - Software Licensing.pdf
 
Copyright or Copy left by manoranjan, glc, tvpm
Copyright or Copy left by manoranjan, glc, tvpmCopyright or Copy left by manoranjan, glc, tvpm
Copyright or Copy left by manoranjan, glc, tvpm
 
Understanding Open Source
Understanding Open SourceUnderstanding Open Source
Understanding Open Source
 
Open Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementOpen Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk Management
 
Overview of basic open-source licenses
Overview of basic open-source licensesOverview of basic open-source licenses
Overview of basic open-source licenses
 
Open soucre(cut shrt)
Open soucre(cut shrt)Open soucre(cut shrt)
Open soucre(cut shrt)
 
OPS Ecosystem and Engineering.pptx
OPS Ecosystem and Engineering.pptxOPS Ecosystem and Engineering.pptx
OPS Ecosystem and Engineering.pptx
 
What does open source mean for the institutional web manager?
What does open source mean for the institutional web manager?What does open source mean for the institutional web manager?
What does open source mean for the institutional web manager?
 

More from Stefano Fago

What drives Innovation? Innovations And Technological Solutions for the Distr...
What drives Innovation? Innovations And Technological Solutions for the Distr...What drives Innovation? Innovations And Technological Solutions for the Distr...
What drives Innovation? Innovations And Technological Solutions for the Distr...
Stefano Fago
 
... thinking about Microformats!
... thinking about Microformats!... thinking about Microformats!
... thinking about Microformats!
Stefano Fago
 

More from Stefano Fago (13)

Non solo Microservizi: API, Prodotti e Piattaforme
Non solo Microservizi: API, Prodotti e PiattaformeNon solo Microservizi: API, Prodotti e Piattaforme
Non solo Microservizi: API, Prodotti e Piattaforme
 
Api and Fluency
Api and FluencyApi and Fluency
Api and Fluency
 
Don’t give up, You can... Cache!
Don’t give up, You can... Cache!Don’t give up, You can... Cache!
Don’t give up, You can... Cache!
 
Resisting to The Shocks
Resisting to The ShocksResisting to The Shocks
Resisting to The Shocks
 
Gamification - Introduzione e Idee di un NON GIOCATORE
Gamification - Introduzione e Idee di un NON GIOCATOREGamification - Introduzione e Idee di un NON GIOCATORE
Gamification - Introduzione e Idee di un NON GIOCATORE
 
Quale IT nel futuro delle Banche?
Quale IT nel futuro delle Banche?Quale IT nel futuro delle Banche?
Quale IT nel futuro delle Banche?
 
Microservices & Bento
Microservices & BentoMicroservices & Bento
Microservices & Bento
 
Giochi in Azienda
Giochi in AziendaGiochi in Azienda
Giochi in Azienda
 
What drives Innovation? Innovations And Technological Solutions for the Distr...
What drives Innovation? Innovations And Technological Solutions for the Distr...What drives Innovation? Innovations And Technological Solutions for the Distr...
What drives Innovation? Innovations And Technological Solutions for the Distr...
 
Reasoning about QRCode
Reasoning about QRCodeReasoning about QRCode
Reasoning about QRCode
 
... thinking about Microformats!
... thinking about Microformats!... thinking about Microformats!
... thinking about Microformats!
 
Uncommon Design Patterns
Uncommon Design PatternsUncommon Design Patterns
Uncommon Design Patterns
 
Riuso Object Oriented
Riuso Object OrientedRiuso Object Oriented
Riuso Object Oriented
 

Recently uploaded

%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
chiefasafspells
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 

Recently uploaded (20)

WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 

Exploring Open Source Licensing

  • 1. Exploring Open Source Licensing ...Moving between the legal concepts of open software and open source licensing compliance by a layman... STEFANO FAGO
  • 2. 2 Warning ● I am not a lawyer ● An exhaustive discussion will not be made ● No personal consideration ● This is a work based on a personal research ● It is always better to consult with experts if in doubt
  • 3. 3 Open Source, Society, Morality << … For better or worse, software developers are building the fabric of tomorrow's world. So, they need to realize that many of the things they do have ethical, social, and political implications.... >> << … How open source software, shared purpose and cross sector collaboration are creating a new template for Corporate Social Responsability in the form of social innovation.... >> https://www.computer.org/csdl/magazine/so/2017/02/mso2017020004/13rRUy2YLWt The Social Responsibility of Software Development https://jaxenter.com/technology-for-good-173276.html Technology as a Source for Good
  • 4. 4 Open Source, Society, Morality • << … We can build... cyberspace to protect values that we believe are fundamental. Or we can build... cyberspace to allow those values to disappear. There is no middle ground. There is no choice that does not include some kind of building. Code is never found; it is only ever made, and only ever made by us... >> • https://www.youtube.com/watch?v=sJpXhVD18-c Free Software: It's not about the license
  • 5. 5 The Open Source Definition • Free redistribution. • Source Code Included in Licensed Software. • Grant of modification to derivative works. • Integrity of the source code. • No discrimination against individuals or groups. • No discrimination of sectors of society and development. • Distribution of the license to all recipients of the same. • The license does not have to be specific to a product. • The license must not restrict other software. • The license must be technology independent https://opensource.org/osd
  • 7. 7 The risks of Open Source Open source is free of acquisition costs but is not without management costs or risks. A company using open source must confirm initially and on an ongoing basis that: • the way in which open source is used complies with related open source licenses. • the open source you use does not contain any known security vulnerabilities. A real challenge arises in managing these risks on a corporate scale and pace. https://www.synopsys.com/blogs/software-security/open-source-audit-data/
  • 8. 8 Open Source Compliance : A Book https://www.linuxfoundation.org/compliance-and-security/2018/12/ope n-source-compliance-in-the-enterprise/
  • 9. 9 Open Source Compliance : Example Process https://www.linuxfoundation.org/resources/open-source-guides/usi ng-open-source-code/
  • 10. 10 License Compliance : Example Architecture http://turingmachine.org/~dmg/papers/dmg2012_softwareKenen.pdf
  • 11. 11 License Compliance : Bosch Architecture https://www.youtube.com/watch?v=_3r4XfMJBUA
  • 12. 12 Open Source Licence Idemnification The commercial use of open source leads, among others, to the concept of Idemnification for inappropriate use in the relationship between Vendor and Customer. Idemnification can be offered by the Vendor who uses open source artifacts to increase the added value of their products, thus also increasing their credibility and reputation. https://www.activestate.com/blog/open-source-indemnification-why-you-should-care
  • 13. 13 Open Source : too much Terms!
  • 14. 14 What is Intellectual Property The term Intellectual Property indicates a system of legal protection of intangible assets resulting from the creative and inventive activity of man (artistic and literary works, industrial inventions and utility models, design and trademarks, ...) Forms of intellectual property are: • Copyright • Patent • Trademark • Trade Secret
  • 15. 15 Is Copyright the default? In most jurisdictions, any code or content is automatically copyrighted by the author, with all rights reserved, unless otherwise stated. While it is a good idea to state the author and copyright date in the header of any code or document, failing to do so does not mean that the author have no rights.
  • 16. 16 Is Copyright the default? (Italy) (Italian law) Acquires the status of author, the creator of the work, this being a particular expression of intellectual work. Therefore, the owner of the copyright (dual nature, moral and economic) is always the creator of the work, from the moment of its conception. The author of a work is guaranteed the exclusive right to publish it, to economically use the work in any form and way, to reproduce it, to disseminate it, to distribute it and put it into circulation, to publish it in collections and to modify it, to rent it and to lend it. The right of economic use of the work lasts for the entire life of the author, up to the seventieth year after his death.
  • 17. 17 Copyright Vs Copyleft The Copyleft, unlike the Copyright, is the Author Permit that is managed thanks to a Licensing System: this implies that the Copyleft is a subcategory of Copyright (conceptually there is no copyleft without copyright) Copyleft can be applied to a multitude of works, ranging from software, to scientific discoveries, to documents and art.
  • 18. 18 Copyleft applied to IT (base concept) In IT, the Copyleft regime is supported by a main condition that obliges, in the case of distribution of the modified work, to do so under the same legal regime (and the same license). In this way, the copyleft regime, and the whole set of freedom deriving from it, are always guaranteed at each release.
  • 19. 19 What Copyleft implies? Copyleft implies license conditions whereby: If I distribute via source, no particular action to take If I have a binary distribution, it must be accompanied by the sources, bearing the copyleft license and its conditions The conditions are to be considered applied both to the original software and to the binary distribution and to any changes implemented and distributed.
  • 21. 21 Open Source, Development and Licensing Open source is simultaneously: • a licensing model • a development model where the former is at the service of the latter
  • 22. 22 What is a License? A License is an official permission to use, modify or own a given thing. As for the software, it can be defined as the granting of rights by those who produce the software to those who wish to use it, on how it can be used and shared. This is a set of guidelines on the obligations and responsibilities associated with the use and distribution of the software program. https://tldrlegal.com/
  • 23. 23 Types of Open Source Licenses Permissive License: allows you to perform any action on the software in compliance with a single type of condition, that is, the distribution of the software involves reporting the license CopyLeft License: allows you to act on the software but if a change is made it is necessary to share the source code http://www.vinayiyengar.com/2020/09/09/apache-combinator/
  • 24. 24 Different Source Licenses Permissive License (MIT, BSD-2-Clause, BSD-3-Clause, Apache-2.0) Weak Copyleft License Lesser GNU Public License (LGPL-2.0, LGPL-2.1 or LGPL-3.0), Mozilla Public Licenses (MPL-1.0, MPL-1.1 or MPL-2.0), Eclipse Public License (EPL- 1.0 or EPL-2.0), Common Development and Distribution License (CDDL-1.0 or CDDL-1.1) String Copyleft License: GNU General Public Licenses (GPL-2.0 and GPL-3.0), Affero General Public License (AGPL-3.0) https://www.slideshare.net/marceldvries/b est-practices-for-using-open-source-softw are-in-the-enterprise
  • 25. 25 Comparison of Open Source Licenses https://moqod.com/understanding-open-source-and-free-software-licensing/
  • 26. 26 Comparison of Open Source Licenses https://www.compact.nl/articles/the-risks-of-open-source-software-for-corporate-use/
  • 27. 27 Other types of Open Source License Public Domain • A work in the public domain is not copyrighted and unlicensed. • It can be used by anyone for any purpose for free. • Getting software into the public domain is a tricky business. https://creativecommons.org/about/downloads/
  • 28. 28 Other types of Open Source License Source Available An emerging license type, intended to be applied to code that cannot be distributed As Service. This type of license is referred to in response to Cloud Provider, as Amazon, implementing packaging, rebranding and profits from open source projects deployed on their cloud platform. Popular examples include the Redis'Source Available License (RSAL), MongoDB's Server Side Public License (SSPL), the Cockroach Community License (CCL), or licenses to which the Commons clause has been added.
  • 29. 29 Other types of Open Source License Dual Licensing • It can be a problematic choice • The defined code must be compatible with both licenses • It does not necessarily imply that the user must comply with yours and both licenses but can choose which one they want to comply with https://jaxenter.com/dual-licensing-tricky-business-111606.html
  • 31. 31 How many licenses are there? It is possible to find out about some reference sites: • https://spdx.org/licenses/ • https://www.gnu.org/licenses/license-list.html • https://opensource.org/licenses • https://creativecommons.org
  • 32. 32 ... but Copyleft & Derivative Works? ...
  • 33. 33 Let's understand the consequences of a license... Let's see with a practical example what are the consequences on a project in adopting artifacts subject to a given open source license, passing from permissive to copyleft. The idea comes from the work of Jim Jagielski currently UBER's Technical Staff Manager Open Source Office https://www.youtube.com/watch?v=mb9ZmxbXVZ8 https://www.youtube.com/watch?v=Vu_x8wrmHtA
  • 34. 34 Let's understand the consequences of a license... Suppose a company wants to make biscuits and has a recipe for the cream in the biscuit, licensed in a proprietary manner. Let's see what happens when assembling the biscuit by changing the license of the recipe to make the solid part. Solid Part License ????? Cream Proprietary License
  • 35. 35 Let's understand the consequences of a license... Suppose that the recipe of the solid part is of the permissive type (eg MIT). If it is decided to alter the recipe, the company does not have to do anything. The cream is under proprietary license as well as the biscuit and must only be shown on the biscuit packaging from which the original recipe of the solid part derives Solid Part MIT License Cream Proprietary License Proprietary License
  • 36. 36 Let's understand the consequences of a license... Suppose that the solid part recipe is of the weak copyleft type (eg MPL). If it is decided to alter the recipe, the company must share the changes made to the original recipe. The cream is under proprietary license as well as the biscuit and must be shown on the biscuit packaging from which the original recipe of the solid part derives Solid Part MPL License Cream Proprietary License Proprietary License
  • 37. 37 Let's understand the consequences of a license... Suppose that the solid part recipe is of the strong copyleft type (eg GPL). If it is decided to alter the recipe, the company must share the changes made to the original recipe and, despite the fact that the cream is under proprietary license, the whole biscuit is fired under the copyleft regime, thus losing the industrial secret on the recipe of the cream. Solid Part GPL License Cream Proprietary License GPL License
  • 39. 39 Contribute to an Open Source Project Employee Contribution Policies : In a Company, It may be necessary to develop a company policy that specifies how employees contribute to open source projects. A clear policy will reduce confusion among employees and help them contribute to open source projects in the best interest of the company, both as part of their work and in their spare time.
  • 40. 40 Open Source Program/Project The spread of Open Source has led to two relevant phenomenologies: • many developers create their own side projects to work • companies can decide to define an Open Source Program, supervised by a specific office, in order to create a stronger development culture and better quality of artifacts, while respecting and contributing to the values and activities of the Open Source world. In both situations, legal support is essential to avoid problems for both the company and the employee. https://todogroup.org/
  • 41. 41 Contributor License Agreement Why a contribution agreement? • To force contributors to accept the terms of the contribution • For the developers to declare that every activity they do is authorized • The project uses an open source license which does not include an explicit patent grant (such as MIT) and needs a patent grant from all contributors • The project is under a copyleft license, but you also want to distribute a proprietary version of the project • The project may need to change licenses over the course of its life, and contributors are expected to accept these changes in advance https://en.wikipedia.org/wiki/Cont ributor_License_Agreement https://ben.balter.com/2018/01/02 /why-you-probably-shouldnt-add-a -cla-to-your-open-source-project/
  • 42. 42 Licensing is really complicated!...
  • 43. 43 Better viral or monetizable? https://www.youtube.com/watch?v=DDx6gjwU0K8
  • 44. 44 ... Do you have any doubts? Try with ... Free usable sites can help you understand the type of licenses in place or the situation of an artifact: https://tldrlegal.com/ allows you to search for the most popular licenses and neither offers a summary https://choosealicense.com/ supports you in choosing a license for your project, looking at the surrounding conditions https://clearlydefined.io proposes an assessment of the clarity of the artifacts / projects highlighting their licenses, correlations and defects in the metadata accompanying them
  • 45. 45 Initiatives related to the Licensing topic Open Source Initiative for OSI Approved License List ( https://opensource.org/licenses/category) SPDX initiative dedicated to the definition of a standard format for the provision of license information in open source software ( https://spdx.dev/ and https://spdx.org/licenses/ ) Open Chain initiative dedicated to the definition of a standard process for Software Compliance ( https://www.openchainproject.org/ )
  • 46. 46 Initiatives related to the Licensing topic REUSE initiative dedicated to the definition of tools and processes to create open source software with the correct license files ( https://reuse.software/ ) Blue Oak Council initiative dedicated to supporting understanding of licenses and compliant use of open source software ( https://blueoakcouncil.org/ )
  • 47. 47 Licensing Compliance: Open Source Projects https://github.com/nexB/scancode-toolkit https://github.com/oss-review-toolkit/ort https://www.fossology.org/ https://github.com/github/licensed https://github.com/licensee/licensee https://github.com/pivotal/LicenseFinder https://github.com/eclipse/antenna (only Java and Node.js)
  • 48. 48 ...but What about API Licensing