Source Code Is Software Made Available Free for Any Third Party to Review and Modify

This guide will give yous a full general overview of the legal complexities that can arise when using open source software.

Objectives

Later on successful completion of this section, you volition be able to:

• Describe various types of Open Source software

• Describe the risks and benefits of using Open Source Software environment

• Draw the differences between Copyright and Copyleft licenses

• List most common Open Source licenses

• Describe key aspects of the Commercial and Open Source Initiative (COSI)

• Describe the roles and responsibilities of the Open Source Review Board (OSRB)

• Describe the roles and responsibilities of the Open Source Software Quango (OSSC)

• Depict Open Source governance and.. high level principles for working with Open Source Software

• Depict the roles and responsibilities of Hardware/Software (HW/SW) Engineers, Product Line Managers (PLMs), and Release Program Managers as they relate to the use of commercial and open source software

This Open up Source guide is based on materials contributed by Cisco.

What is Open Source?

Open Source Software is software provided on terms assuasive user to use, modify, and distribute the source lawmaking. The terms and conditions for using the source code are ready out in an "open source license."

An open source license is dissimilar in several key ways from a traditional license. For instance, an open source license is ever royalty· free. It isn't signed or negotiated between the parties. Well-nigh open source licenses do not provide any warranties, but instead will provide the software "AS IS."

Definitions of Other Popular Terms

• Freeware and Shareware. Don't misfile freeware or shareware with open source software. You might not pay annihilation for the correct to apply freeware or shareware binaries, just that doesn't go far open up source. In the open source world, "free" usually means "freedom to modify' and redistribute source code," rights that practise riot necessarily come with freeware or shareware.

• Public Domain. Sometimes open source software is mistakenly labeled "public; domain." However, open source software is very dissimilar than software in the public domain. If software is in the public domain, this ways that information technology's not owned by anyone -- there is no need for a license. This is dissimilar than open source software, where the copyright owner uses an open source license to requite the user permission to copy, modify, and distribute the software. If the user doesn't follow the requirements in an open source license, this could result in a copyright infringement suit.

Things to consider prior to using open source software.

Open up source software is increasingly of import in the technology industry. Utilizing open up source software can bring meaning benefits. However, it is of import to sympathize that in that location are as well risks associated with using open up source software, and in some circumstances, the risks may outweigh the benefits of using the open up source software. While this analysis of benefits and risks should always be washed in partnership with legal counsel, your agreement of all the problems involved is central to ensuring that hereafter software design decisions do not inadvertently increase risk.

Failure to comply with sure open source license terms may lead to an immediate termination of your right to use open up source software, which includes your right to distribute the open source software. In addition, failure to satisfy license requirements could result in copyright infringement (i.eastward. a violation of the exclusive rights of the copyright owner), with statutory damages of up to $150k per infringement.

Open Source Licenses

Copyright and "Copyleft"

What is a copyright?

A copyright is a gear up of legal rights that grant the author of a work (due east.g. a software program) the exclusive right to copy, distribute, and alter that work. Since the correct is exclusive, this means the copyright holder has the legal right to terminate others from copying, distributing, or modifying the piece of work.

What is a license?

A license is a grant by the copyright holder to a third party of rights to copy, distribute, and alter a work subject to conditions specified in the license. A copyright holder does not relinquish ownership by granting a license to a third party to use the work. The copyright holder may distribute a copyrighted work under unlike licenses to different parties at their discretion.

How are copyrights relevant to open up source?

By distributing software nether an open up source license, the copyright holder is essentially granting yous permission to use the software provided that you follow the rules spelled out in the license. In other words, the permission to utilise the software is revoked upon your failure to comply with the terms of the license.

What is meant by "copyleft"?

The Free Software Foundation coined the term "copyleft" equally a way of contrasting the open source system to the traditional system of of copyright. Copyleft licenses require that yous share any modifications you make to the original code. Usually, these licenses besides crave that you share these modifications under the exact same open source software license as the source lawmaking.

Different open source licenses take dissimilar levels of copyleft:

• "Permissive," "attribution," or "BSD-like" licenses contain no copyleft requirement at all. These licenses essentially give the license complete discretion on how to distribute improvements and derivatives, or whether to distribute them at all. The licensee is permitted to re-license these derivatives in any fashion, including under a royalty-bearing license.
• "Weak copyleft" licenses usually require only that you share modifications to the original software. These licenses usually require that you share these modifications under the aforementioned license as the original code.
• "Stiff copyleft" or "viral" licenses require that you share modifications, but they also require more than. These licenses require that you share whatsoever source code of software that y'all distribute as part of the aforementioned software program every bit the open up source software. The precise method of determining whether something is part of the aforementioned program oftentimes requires complex assay and is sometimes subject to controversy and debate. For your purposes, it is enough to know that if you lot bring code into your company nether a "potent copyleft" or "viral" license, yous may go obligated to release some of your property source code under the terms of that same license.

Common Open Source Licenses

There are many different open up source licenses, and their terms and conditions vary widely. In this section, we will discuss several well-known and important open source licenses:

GPLv3 and LGPLv3

Published in last form on June 29, 2007, GPLv3 has steadily grown in usage. For case, the Samba project is currently licensed nether GPLv3. Despite this growth, usage of the GPLv3 is however quite small when compared to GPLv2. Many major projects, including the Linux Kernel, have stayed with GPLv2.

GPLv3'due south additional risks and challenges include:

• Patent provisions: terms could require your visitor to grant a patent license covering GPLv3-licensed codebase, even if your simply contribution is very small.
• Complex requirements for consumer products and other "user products."
• In some situations, use of GPLv3 might require your visitor to make public your product say-so keys or other security features.
• If you are using DRM (Digital Rights Management) in your product, use of GPLv3 in that product may limit your ability to have legal action confronting someone who has broken the DRM.

GNU General Public License, Version two (GPL)

Version 2 of the GNU General Public License (GPL) is probably the most commonly used open source software license. The majority of all open up source projects are licensed under GPL version two. It is used to distribute a number of important open source software projects, including the Linux Kernel. As a result, a potent customs of developers have congenital upward around the GPL.

Strong Copyleft

The most important aspect of the GPL is that it is a "strong copyleft" or "viral" license. In very simple terms, the GPL requires you to release the source code of BOTH:

• The open source asset and any changes yous may accept fabricated, AND
• Any source lawmaking that becomes part of the program (this is sometimes called "contaminated" code.)

This is very important to empathise, because if care is not taken, your lawmaking could go "contaminated" and your company could be required to release that confidential code under GPL.

The wording of GPL tin be very confusing, and as a result there has been much discussion and debate in the open up source customs virtually exactly what circumstances crave you to release source code nether this second status in a higher place. However, as a full general rule, the more GPL lawmaking and your company'southward proprietary code look like independent programs in how they function and interact, the lower the contagion risk:

If the interaction above requires a detailed or "intimate cognition" of the inner workings of the GPL code, this also increases the hazard that the visitor's proprietary code will get contaminated with GPL. Static linking, for case, creates a loftier caste of contamination risk. Conversely, using pipes, sockets, or standardized APIs to interact with the GPL code will carry a lower degree of adventure. Please consult the GPL/LGPL preparation department and policies of your visitor.

GNU Bottom General Public License (LGPL)

The GNU Lesser General Public License was originally named the Library Full general Public License. The Lesser GPL replaced the Library GPL in 1999. Other than the name change, the Lesser GPL is substantially the same as the Library GPL. The Lesser GPL (LGPL) is used primarily for software libraries.

The LGPL Is an open up source license published past the Free Software Foundation. It was designed to encourage wider commercial adoption or use of a sure software libraries, e.g., GNU C Library, by imposing weaker copyleft terms than those in GPL.

Like the GPL, the LGPL requires you to distribute the source code of the open source asset and whatever changes you may have made to it. Yet, unlike the the LGPL allows yous to link your proprietary code with the LGPL lawmaking without causing your proprietary code to go subject to the copyleft terms, i.e., the requirement to distribute the source code of your proprietary code.

The LGPL does not require yous to distribute the source code of your proprietary software that is linked dynamically with the LGPL lawmaking. On the other hand, if you static.marry llnk any proprietary code with the LGPL lawmaking, this does trigger a certain copyleft requirement. Under the LGPL, y'all must allow, with respect to the proprietary code, "modification for the customer'due south own use and contrary engineering for debugging such modifications. The Free Software Foundation's stated position Is that this requirement obligates you to allow customers to reverse engineer and modify your proprietary software for limited purposes.

Mozilla Public License (MPL)

The Mozilla Foundation ls the custodian of the Mozilla Public Ucense (MPL). The MPL has a limited corporeality of copyleft terms, more the BSD family of licenses, but fewer than the LPGL or the GPL.Under the MPL, the copyleft terms apply to any modifications you make to an MPL file or any file that contains any part of the original MPL code. However, different the GPL/LPGL, but linking your proprietary code with the MPL lawmaking does non in itself require you to disembalm the source code of your proprietary code.

The MPL does, however, require you to expressly grant patent license with respect to your modifications to the MPL code. The MPL besides includes what is known equally a "patent peace" clause designed to discourage patent infringement claims. These clauses .substantially act to punish a company for bringing a patent claim against another company. In the case of the MPL, the patent peace provision is extremely broad. Nether the MPL, if you file a patent infringement lawsuit confronting the "Initial Developer" or a "Contributor" (both are divers terms in the MPL) for "any software, hardware, or device," the license to apply and distribute the MPL lawmaking granted by such Initial Developer or Correspondent will be terminated.

Eclipse Public License (EPL)

The Eclipse Public License (EPL) is an open source software license used by Eclipse Foundation for its software. Prior to 2004, the Eclipse community used the Mutual Public License (CPL) as the open source license for near of the open source software made bachelor past Eclipse.org. Afterward the establishment of the independent Eclipse Foundation in 2004, the customs migrated to the Eclipse Public License. The significant difference between CPL and EPL is that EPL narrowed the scope of the patent provision in the CPL from any "patent applicative software" to the "Program" (defined term in the EPL) licensed under the EPL. Currently, all Eclipse projects are using EPL.

The EPL is viewed by many as a business friendly open source software license, featuring weak copyleft provisions. The EPL requires that the source code of your modifications to the EPL code be fabricated available and distributed nether the EPL terms. However, merely linking your proprietary code with the EPL code does not in itself require you to disclose the source code of your proprietary lawmaking. Likewise, the EPL permits yous to redistribute the binaries under your ain license terms (ex: end user license terms), every bit long every bit the source lawmaking of the covered code (ex: the original EPL code and your modifications thereto) is distributed under the terms of the EPL.

Common Public License (CPL)

The Mutual Public License, version ane.0 (CPL) is a license created by IBM. Information technology has been used past IBM and other companies (including Microsoft) to release source lawmaking. IBM created the license to encourage collaboration, while ensuring that there is some additional responsibleness on the shoulders of the contributors. For instance, contributions may not be made anonymously under the CPL - instead, a contributor must identify itself and the modifications it makes to the CPL code.

CPL permits the utilize, modification, and distribution of software in source and binary forms. The CPL is a copyleft license, which ways that source code of the licensee's modifications must be distributed nether the CPL. However, with a bow to commercial needs, the CPL permits the licensee to redistribute binaries of the modified CPL code under a separate, more restrictive binary agreement, as long as the binary license meets certain standards, and as long as you provide the public with access to the modified source code via the CPL license.

The CPL includes what's known equally a "patent peace" clause designed to discourage patent infringement claims. These clauses substantially human activity to punish a company for brining a patent claim confronting some other company. In the instance of CPL, the patent peace clause is extremely broad. Nether the CPL, if a company were to bring a software patent infringement claim of any kind (even not relating to the CPL code) against a Company, so every patent license granted by the Company to another company would any CPL license would automatically finish. If the patent infringement claims relates to CPL lawmaking, then all of the company's patent licenses granted by whatsoever patent holder nether the CPL could terminate (this includes licenses received by companies that are not involved in the lawsuit).

Common Development and Distribution License (CDDL)

The Common Development and Distribution License (CDDL) is a copyleft license with its roots in the Mozilla Public License (MPL). The CDDL requires that the source code of modifications to the CDDL code be redistributed under its terms. The CDDL permits you to redistribute the binaries under different terms, as long as the source code is distributed nether CDDL.

Contributions to CDDL projects may non be made anonymously. The license requires that the contributor identify the contribution. Proper documentation of modifications is always important in the open up source development, but it is especially of import when the license is CDDL.

The CDDL contains an express patent license, with a patent peace provision designed to discourage patent litigation. If you utilise software under the CDDL and you bring a patent infringement claim confronting any contributor of code to that particular CDDL awarding relating to his or her contribution, you may lose all of your patent rights granted by all contributors to that CDDL code unless you withdraw the claim. The CDDL'south patent peace provision is i of the major distinctions betwixt CDDL and MPL. In many respects, CDDL and MPL are similar. Nonetheless, the MPL patent peace provision is much broader, being triggered fifty-fifty if the patent lawsuit does not relate to the open source applied science in any manner. Because of this more than target patent peace provision, the CDDL is sometimes idea to be a "safer" license than its cousin the MPL.

MIT License

Equally with the BSD license, the MIT license is a common license of the "permissive" or "attribution" variety. The MIT license is essentially a broad, permissive license, with no restrictions other than a requirement to provide a re-create of the license when the software is redistributed. The MIT license contains no copyleft provisions, so modifications to the MIT code need not be shared.

As with all other major open source licenses, software is provided under this license to the licensee "Equally IS" without any warranty.

BSD License

The BSD license is i of the most common versions of the "permissive" or "attribution" blazon of open source license. The license essentially permits the user to utilize, copy, modify, and redistribute the licensed software. There are no weather on the use of software provided nether this license, other than a simple requirement to provide a copy of the license when the software is redistributed (this is common to all open source licenses), and a provision prohibiting the licensee from using the licensor'south name to endorse a derivative production. The BSD license contains no copyleft provisions, and then neither the original source nor any modification need exist shared with the public.

The simplicity of the BSD license makes it very popular in the open source community. However, because of its lack of any "copyleft" provisions requiring licenses to share their modifications, it is sometimes criticized for encouraging forking of technology. Every bit with other major open source licenses, software is provided nether this license to the licensee "As IS" without whatever warranty.

An earlier version of the BSD license had an boosted clause in it requiring that the original license writer (UC Berkeley) receive credit in company advert. The license nosotros talk over hither, sometimes called "New BSD" or "3-clause BSD" does not have this clause.

Responsibilities of HW/SW Engineers, PLMs, and Release Program Managers

For every product, release, rebuild that you postal service or ship:

• Register all the tertiary party (open source and commercial) software assets in it
• Get approval for the open source avails
• Comply with license obligations: constraints, source publication/archive, documentation

Open Source Software Principles

Loftier Level Principles

The high level principles that direct the company's efforts with respect to Open up Source Software are as follows:

• the company must ensure that its use of third party software in its products is consistent with its business needs.
• the business must ensure that its release of source code to whatsoever open source customs is consistent with its business needs.
• the visitor will meet its approved third party license obligations.
• use of 3rd party software in products must be recorded and approved.
• the visitor will exist a trustworthy collaborator in any open source customs in which it chooses to participate.

pagelowleackted.blogspot.com

Source: https://www.legal.io/articles/5170736/Open-Source-Software-a-legal-guide

Share this post