1 of 29

Introduction to Open Source Software Licensing�Heather Meeker

April, 2020

2 of 29

Foundations of Open Source

1

3 of 29

What is Open Source Development?

2

Cathedral

Bazaar

http://www.catb.org/esr/writings/cathedral-bazaar/

4 of 29

RMS v. the Xerox 9700

  • Richard M. Stallman, a staff software programmer at the MIT AI lab, and, had trouble with a printer.
  • The printer was a prototype from Xerox with a tendency to jam. When it jammed, print jobs stacked up.
  • Stallman wanted to insert a software command into the printer software that ordered his computer to check the printer periodically and report back with a message if the printer was jammed.
  • But the software in the printer was only in object code format.
  • Xerox would not share the source code.

And then Mr. Stallman wrote the GPL...

For the full story, see http://www.oreilly.com/openbook/freedom/ch01.html

3

5 of 29

Open Source Is Not New

4

  • Development of UNIX at AT&T Bell Labs
  • Open source release
  • Privatization
  • The search for a UNIX successor

6 of 29

What is Free Software Philosophy?

5

  • A technical and political movement
  • The Four Freedoms:
    • Freedom 0: The freedom to run the program as you wish, for any purpose.
    • Freedom 1: The freedom to study how the program works, and change it so it does your computing as you wish.
    • Freedom 2: The freedom to redistribute copies so you can help others.
    • Freedom 3: The freedom to distribute copies of your modified versions to others.

7 of 29

The Open Source Licenses

6

8 of 29

Two Philosophies: Open Source and Free Software

7

  • Permissive software = MIT, BSD, Apache
    • If you distribute, provide notice
  • Free software = GPL
    • If you distribute, use the same terms
    • If you distribute, provide source code

9 of 29

Many Licenses, and Few

8

  • Open Source Initiative has approved over 100 licenses, but almost all OSS is under these few:
    • GPL
    • LGPL
    • BSD
    • MIT
    • Apache 2.0
    • Eclipse Public License, CDDL, Mozilla Public License

10 of 29

Permissive License: BSD

9

Copyright <YEAR> <COPYRIGHT HOLDER>

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

11 of 29

What is Open Source Licensing?

10

Unrestricted licenses with conditions

You can look, but not eat!

You can eat, but you must share!

12 of 29

Copyleft

11

  • Not a virus!

13 of 29

Copyleft Rules

12

  • GPL -- Strong copyleft
    • If any code in a program is GPL, it must all be GPL (all or none)
    • This means no “linking” to proprietary code
  • LGPL -- Library copyleft
    • If any code in a library is LGPL, it must all be LGPL
    • But you can dynamically link to proprietary code

14 of 29

Derivative Works

13

  • “Derivative work”
    • Mostly a red herring
    • A better rule: All code in a single program must be GPL (or compatible) or not-GPL.
    • What is a program? An executable process.

15 of 29

Linking

14

  • Static v. Dynamic Linking
    • Only matters to LGPL
    • Many languages do not use the concept of linking
    • GPL/LGPL were written for C/C++ programming, i.e. the Linux kernel

16 of 29

Following Company Policy

15

17 of 29

A Typical Policy

16

https://blueoakcouncil.org/company-policy

Go

Caution

Stop

Not Open Source

Any permissive license including Apache 2.0, BSD, MIT (see Blue Oak Council List)

GPL standalone process unmodified not for distribution

All network copyleft licenses (including AGPL)

Freeware

CC-BY

LGPL library unmodified not for distribution

Modified MPL, EPL, CDDL code for distribution

Unmodified MPL, EPL, CDDL

Modified MPL, EPL, CDDL not for distribution

GPL or LGPL code, modified or for distribution

Any non-standard license

18 of 29

Additional Topics

17

19 of 29

Top Questions in Open Source Licensing

18

  • Avoiding claims
  • Audits and due diligence
  • What is distribution?
  • If I release my software under an open source license, what happens to my patents?
  • How do I put notices on my product?
  • What is a “derivative work”?

20 of 29

Avoiding Claims and Managing Risk

19

  • Open source compliance is never perfect but you can avoid claims
  • Prepare a written policy and follow it
  • Train engineers and support/sales to identify claims
  • Publish source code

21 of 29

Audits and Compliance Reviews

20

  • Common in M&A, investments and sales deals
  • Scoping the project
  • Assessing risk
  • Remediation -- before or after closing

22 of 29

Remediation and the 4 Rs

21

  • Remove
  • Rewrite
  • Rebuild
  • Re-license

23 of 29

How to do Notices?

22

  • Use the rules of GPL -- they work for most licenses
  • Notices must be delivered with the product
  • Delivering source code upfront is easiest
  • If not, create a notice file

24 of 29

What is Distribution?

23

  • Distribution is transferring a copy from one legal person to another
  • Most open source licenses impose no conditions absent distribution
  • For most licenses, SAAS is not considered distribution
  • Exceptions:
    • Affero GPL (AGPL)
    • Open Software License
    • Non-Profit Open Source License
    • Academic Free License
    • Artistic 2.0
    • Apple Public Source License
    • RealNetworks Public Source License
    • Reciprocal Public License

25 of 29

What about Patents?

24

  • Some open source licenses include express patent licenses
    • Apache 2.0
    • GPL3
  • Some open source licenses say nothing about patents
    • BSD
    • MIT
    • GPL2

Either way, releasing open source code can limit enforceability of patent rights.

26 of 29

Open Source in Deals

25

  • R/W of “no open source” are divorced from reality
  • The proper reps are:
    • Listing
    • Compliance
  • Scope: Auditing or listing all open source is make-work; only list what is in the product layer
  • Most “anti-copyleft” R/Ws make no sense and are covered by non-infringement R/Ws

27 of 29

Data Licensing

26

28 of 29

For your ample free time...

27

HEATHER MEEKER

Partner

O’Melveny & Myers

Technology Transactions Group

hmeeker@omm.com

510-463-1116

blog at heathermeeker.com

Available in paper or ebook form

29 of 29

Open Source Start-Up Funding

28

Specializing in early stage open source developers

Fund started October 2018

https://oss.capital

See the Commerical Open Source Software Company Index at https://docs.google.com/spreadsheets/d/17nKMpi_Dh5slCqzLSFBoWMxNvWiwt2R-t4e_l7LPLhU/edit#gid=0

HEATHER MEEKER

Portfolio Partner

heather@oss.capital