Source Code Is Software Made Available Free for Any Third Party to Review and Modify

This guide will give you a general overview of the legal complexities that tin can ascend when using open source software.

Objectives

After successful completion of this section, you will be able to:

• Draw various types of Open Source software

• Describe the risks and benefits of using Open Source Software surround

• Depict the differences between Copyright and Copyleft licenses

• Listing well-nigh common Open Source licenses

• Draw key aspects of the Commercial and Open Source Initiative (COSI)

• Depict the roles and responsibilities of the Open Source Review Board (OSRB)

• Describe the roles and responsibilities of the Open Source Software Council (OSSC)

• Describe Open Source governance and.. high level principles for working with Open up Source Software

• Draw the roles and responsibilities of Hardware/Software (HW/SW) Engineers, Product Line Managers (PLMs), and Release Plan Managers every bit they chronicle to the employ of commercial and open source software

This Open Source guide is based on materials contributed by Cisco.

What is Open Source?

Open Source Software is software provided on terms allowing user to utilise, change, and distribute the source code. The terms and conditions for using the source code are set out in an "open source license."

An open up source license is different in several key ways from a traditional license. For example, an open source license is ever royalty· free. Information technology isn't signed or negotiated between the parties. Most open source licenses do non provide any warranties, merely instead volition provide the software "As IS."

Definitions of Other Popular Terms

• Freeware and Shareware. Don't misfile freeware or shareware with open source software. Yous might non pay anything for the right to use freeware or shareware binaries, but that doesn't make it open source. In the open source world, "free" usually means "freedom to modify' and redistribute source code," rights that do anarchism necessarily come with freeware or shareware.

• Public Domain. Sometimes open source software is mistakenly labeled "public; domain." However, open up source software is very different than software in the public domain. If software is in the public domain, this means that information technology's non endemic by anyone -- there is no need for a license. This is different than open source software, where the copyright owner uses an open source license to requite the user permission to copy, change, and distribute the software. If the user doesn't follow the requirements in an open source license, this could event in a copyright infringement suit.

Things to consider prior to using open source software.

Open source software is increasingly of import in the technology manufacture. Utilizing open source software tin bring significant benefits. Withal, it is of import to sympathise that there are as well risks associated with using open source software, and in some circumstances, the risks may outweigh the benefits of using the open source software. While this analysis of benefits and risks should ever be done in partnership with legal counsel, your agreement of all the issues involved is fundamental to ensuring that hereafter software blueprint decisions practice not inadvertently increase risk.

Failure to comply with certain open up source license terms may atomic number 82 to an immediate termination of your correct to use open source software, which includes your right to distribute the open up source software. In add-on, failure to satisfy license requirements could result in copyright infringement (i.eastward. a violation of the exclusive rights of the copyright owner), with statutory damages of upward to $150k per infringement.

Open up Source Licenses

Copyright and "Copyleft"

What is a copyright?

A copyright is a set of legal rights that grant the author of a work (e.yard. a software program) the sectional right to copy, distribute, and change that work. Since the right is sectional, this ways the copyright holder has the legal correct to stop others from copying, distributing, or modifying the work.

What is a license?

A license is a grant by the copyright holder to a tertiary party of rights to copy, distribute, and modify a work subject field to conditions specified in the license. A copyright holder does non relinquish ownership by granting a license to a 3rd political party to use the piece of work. The copyright holder may distribute a copyrighted piece of work under dissimilar licenses to different parties at their discretion.

How are copyrights relevant to open source?

By distributing software nether an open source license, the copyright holder is essentially granting you permission to apply the software provided that you lot follow the rules spelled out in the license. In other words, the permission to use the software is revoked upon your failure to comply with the terms of the license.

What is meant past "copyleft"?

The Free Software Foundation coined the term "copyleft" as a way of contrasting the open source organisation to the traditional system of of copyright. Copyleft licenses require that y'all share any modifications yous brand to the original lawmaking. Ordinarily, these licenses besides require that you lot share these modifications under the exact same open source software license as the source code.

Different open source licenses have different levels of copyleft:

• "Permissive," "attribution," or "BSD-like" licenses contain no copyleft requirement at all. These licenses essentially give the license consummate discretion on how to distribute improvements and derivatives, or whether to distribute them at all. The licensee is permitted to re-license these derivatives in whatsoever manner, including under a royalty-bearing license.
• "Weak copyleft" licenses usually require merely that yous share modifications to the original software. These licenses normally require that you share these modifications nether the same license every bit the original code.
• "Strong copyleft" or "viral" licenses require that you share modifications, merely they also require more. These licenses require that you share any source lawmaking of software that you distribute as part of the same software programme every bit the open source software. The precise method of determining whether something is part of the aforementioned program often requires complex analysis and is sometimes subject field to controversy and debate. For your purposes, it is enough to know that if you bring code into your company under a "potent copyleft" or "viral" license, you may become obligated to release some of your property source code under the terms of that same license.

Common Open Source Licenses

There are many different open up source licenses, and their terms and conditions vary widely. In this department, we will discuss several well-known and important open source licenses:

GPLv3 and LGPLv3

Published in final form on June 29, 2007, GPLv3 has steadily grown in usage. For case, the Samba project is currently licensed under GPLv3. Despite this growth, usage of the GPLv3 is still quite minor when compared to GPLv2. Many major projects, including the Linux Kernel, have stayed with GPLv2.

GPLv3'south additional risks and challenges include:

• Patent provisions: terms could crave your company to grant a patent license roofing GPLv3-licensed codebase, even if your only contribution is very pocket-size.
• Complex requirements for consumer products and other "user products."
• In some situations, use of GPLv3 might require your visitor to make public your production authority keys or other security features.
• If you are using DRM (Digital Rights Management) in your production, use of GPLv3 in that production may limit your ability to have legal action against someone who has broken the DRM.

GNU Full general Public License, Version ii (GPL)

Version two of the GNU General Public License (GPL) is probably the most commonly used open up source software license. The majority of all open source projects are licensed under GPL version 2. It is used to distribute a number of of import open source software projects, including the Linux Kernel. As a outcome, a strong community of developers take built upwardly around the GPL.

Stiff Copyleft

The most important aspect of the GPL is that it is a "strong copyleft" or "viral" license. In very uncomplicated terms, the GPL requires you to release the source code of BOTH:

• The open source asset and any changes you may accept fabricated, AND
• Whatsoever source code that becomes office of the program (this is sometimes chosen "contaminated" code.)

This is very important to sympathise, because if intendance is not taken, your code could become "contaminated" and your company could be required to release that confidential code nether GPL.

The wording of GPL tin be very confusing, and as a result there has been much discussion and debate in the open up source community nearly exactly what circumstances require yous to release source code under this second condition above. However, equally a general rule, the more than GPL code and your company'south proprietary code look like contained programs in how they function and interact, the lower the contagion risk:

If the interaction above requires a detailed or "intimate knowledge" of the inner workings of the GPL code, this besides increases the risk that the company's proprietary code will become contaminated with GPL. Static linking, for example, creates a high degree of contamination risk. Conversely, using pipes, sockets, or standardized APIs to interact with the GPL lawmaking will bear a lower degree of risk. Please consult the GPL/LGPL training section and policies of your company.

GNU Lesser General Public License (LGPL)

The GNU Bottom Full general Public License was originally named the Library General Public License. The Lesser GPL replaced the Library GPL in 1999. Other than the proper name alter, the Lesser GPL is substantially the aforementioned as the Library GPL. The Lesser GPL (LGPL) is used primarily for software libraries.

The LGPL Is an open source license published by the Gratuitous Software Foundation. It was designed to encourage wider commercial adoption or employ of a certain software libraries, e.g., GNU C Library, past imposing weaker copyleft terms than those in GPL.

Like the GPL, the LGPL requires you to distribute the source lawmaking of the open source asset and any changes you may have fabricated to it. However, unlike the the LGPL allows you to link your proprietary code with the LGPL code without causing your proprietary code to go subject to the copyleft terms, i.east., the requirement to distribute the source code of your proprietary code.

The LGPL does non require you to distribute the source code of your proprietary software that is linked dynamically with the LGPL lawmaking. On the other hand, if yous static.ally llnk any proprietary code with the LGPL code, this does trigger a certain copyleft requirement. Nether the LGPL, you must allow, with respect to the proprietary code, "modification for the customer'south own use and opposite engineering for debugging such modifications. The Free Software Foundation's stated position Is that this requirement obligates you to allow customers to reverse engineer and modify your proprietary software for limited purposes.

Mozilla Public License (MPL)

The Mozilla Foundation ls the custodian of the Mozilla Public Ucense (MPL). The MPL has a limited amount of copyleft terms, more than the BSD family of licenses, but fewer than the LPGL or the GPL.Under the MPL, the copyleft terms apply to any modifications you lot make to an MPL file or any file that contains any office of the original MPL code. Notwithstanding, different the GPL/LPGL, but linking your proprietary code with the MPL code does non in itself crave you to disembalm the source code of your proprietary lawmaking.

The MPL does, however, require y'all to expressly grant patent license with respect to your modifications to the MPL code. The MPL also includes what is known as a "patent peace" clause designed to discourage patent infringement claims. These clauses .essentially human activity to punish a company for bringing a patent claim confronting another company. In the case of the MPL, the patent peace provision is extremely broad. Under the MPL, if you file a patent infringement lawsuit against the "Initial Programmer" or a "Contributor" (both are defined terms in the MPL) for "whatsoever software, hardware, or device," the license to utilise and distribute the MPL code granted by such Initial Programmer or Contributor will be terminated.

Eclipse Public License (EPL)

The Eclipse Public License (EPL) is an open source software license used by Eclipse Foundation for its software. Prior to 2004, the Eclipse community used the Common Public License (CPL) as the open up source license for most of the open source software fabricated available by Eclipse.org. Subsequently the establishment of the independent Eclipse Foundation in 2004, the customs migrated to the Eclipse Public License. The significant difference between CPL and EPL is that EPL narrowed the telescopic of the patent provision in the CPL from any "patent applicable software" to the "Programme" (defined term in the EPL) licensed under the EPL. Currently, all Eclipse projects are using EPL.

The EPL is viewed by many as a business friendly open source software license, featuring weak copyleft provisions. The EPL requires that the source code of your modifications to the EPL code be made available and distributed under the EPL terms. However, merely linking your proprietary code with the EPL code does not in itself require you lot to disclose the source lawmaking of your proprietary code. Also, the EPL permits you to redistribute the binaries under your ain license terms (ex: finish user license terms), as long every bit the source code of the covered code (ex: the original EPL lawmaking and your modifications thereto) is distributed nether the terms of the EPL.

Common Public License (CPL)

The Common Public License, version one.0 (CPL) is a license created by IBM. It has been used by IBM and other companies (including Microsoft) to release source code. IBM created the license to encourage collaboration, while ensuring that there is some additional responsibility on the shoulders of the contributors. For instance, contributions may not be made anonymously under the CPL - instead, a contributor must place itself and the modifications it makes to the CPL code.

CPL permits the use, modification, and distribution of software in source and binary forms. The CPL is a copyleft license, which means that source lawmaking of the licensee'due south modifications must exist distributed under the CPL. However, with a bow to commercial needs, the CPL permits the licensee to redistribute binaries of the modified CPL code under a separate, more than restrictive binary agreement, equally long as the binary license meets certain standards, and as long as you lot provide the public with access to the modified source lawmaking via the CPL license.

The CPL includes what'southward known as a "patent peace" clause designed to discourage patent infringement claims. These clauses essentially human activity to punish a company for brining a patent merits against another visitor. In the case of CPL, the patent peace clause is extremely broad. Under the CPL, if a company were to bring a software patent infringement merits of any kind (fifty-fifty not relating to the CPL code) against a Company, then every patent license granted by the Company to another visitor would whatever CPL license would automatically end. If the patent infringement claims relates to CPL code, then all of the visitor'due south patent licenses granted by any patent holder under the CPL could finish (this includes licenses received by companies that are not involved in the lawsuit).

Common Development and Distribution License (CDDL)

The Common Development and Distribution License (CDDL) is a copyleft license with its roots in the Mozilla Public License (MPL). The CDDL requires that the source code of modifications to the CDDL lawmaking be redistributed nether its terms. The CDDL permits you to redistribute the binaries nether different terms, as long as the source code is distributed nether CDDL.

Contributions to CDDL projects may non be made anonymously. The license requires that the correspondent identify the contribution. Proper documentation of modifications is always important in the open source evolution, but it is particularly important when the license is CDDL.

The CDDL contains an express patent license, with a patent peace provision designed to discourage patent litigation. If you lot utilize software under the CDDL and y'all bring a patent infringement claim against whatever contributor of lawmaking to that particular CDDL awarding relating to his or her contribution, you may lose all of your patent rights granted by all contributors to that CDDL code unless y'all withdraw the claim. The CDDL'south patent peace provision is 1 of the major distinctions between CDDL and MPL. In many respects, CDDL and MPL are similar. However, the MPL patent peace provision is much broader, being triggered even if the patent lawsuit does not relate to the open up source engineering science in any way. Because of this more target patent peace provision, the CDDL is sometimes thought to be a "safer" license than its cousin the MPL.

MIT License

Equally with the BSD license, the MIT license is a common license of the "permissive" or "attribution" diverseness. The MIT license is essentially a wide, permissive license, with no restrictions other than a requirement to provide a copy of the license when the software is redistributed. The MIT license contains no copyleft provisions, and so modifications to the MIT lawmaking need not be shared.

Every bit with all other major open source licenses, software is provided under this license to the licensee "AS IS" without any warranty.

BSD License

The BSD license is i of the most common versions of the "permissive" or "attribution" type of open up source license. The license essentially permits the user to use, copy, modify, and redistribute the licensed software. There are no atmospheric condition on the utilise of software provided under this license, other than a simple requirement to provide a re-create of the license when the software is redistributed (this is common to all open source licenses), and a provision prohibiting the licensee from using the licensor's name to endorse a derivative product. The BSD license contains no copyleft provisions, and then neither the original source nor any modification need be shared with the public.

The simplicity of the BSD license makes information technology very popular in the open source community. However, because of its lack of whatsoever "copyleft" provisions requiring licenses to share their modifications, it is sometimes criticized for encouraging forking of engineering. As with other major open source licenses, software is provided under this license to the licensee "Equally IS" without any warranty.

An before version of the BSD license had an additional clause in information technology requiring that the original license writer (UC Berkeley) receive credit in company advertising. The license we discuss here, sometimes called "New BSD" or "three-clause BSD" does non have this clause.

Responsibilities of HW/SW Engineers, PLMs, and Release Plan Managers

For every product, release, rebuild that y'all post or ship:

• Register all the third party (open up source and commercial) software assets in information technology
• Go approval for the open up source avails
• Comply with license obligations: constraints, source publication/annal, documentation

Open Source Software Principles

High Level Principles

The loftier level principles that direct the company's efforts with respect to Open Source Software are as follows:

• the visitor must ensure that its use of tertiary party software in its products is consequent with its business needs.
• the business must ensure that its release of source lawmaking to whatsoever open source community is consistent with its business organisation needs.
• the company will meet its approved 3rd political party license obligations.
• utilize of third political party software in products must exist recorded and approved.
• the company will exist a trustworthy collaborator in whatsoever open source community in which information technology chooses to participate.

cartercaget1989.blogspot.com

Source: https://www.legal.io/articles/5170736/Open-Source-Software-a-legal-guide

Share this post