Page | 1
Open Source Software Licensing: Software
And it’s Components
Sean M. Kenefick
Department of Software Engineering
University of Wisconsin – Platteville
Abstract
Proper management of software licensing is vital to maintaining control of your code. In this seminar we will look at how open source licensing both from the perspective of an open source developer and a professional developer. As open source developers we will examine how to properly copyright programs with open source licenses to fit your needs. As professional developers we will examine how we can utilize open source materials without exposing your company to legal risks. There are also many common misconceptions that go along with open source software which will be addressed.
Introduction
Software licensing is an important design decision in developing software. Open source software provides a wide range of solutions and tools which can be incorporated into solving problems. There are also many ways open source products can be utilized, we will be looking at: using open source products, open source libraries, modifying existing open source programs, and using pieces of source code.
Most companies will have their own rules pertaining to software licensing that’s been set with legal advice. In the professional world your businesses standing procedures should always be considered, but having an understanding of software licensing can help guide you away from risks that may not be covered in current company policy.
History
When trying to understand the open source licenses, it’s important to have knowledge of how open source software began. It’s important to note that open source is derived from a concept of sharing technological information which has existed since long before computing.
The Open Source Initiative (OSI) was a rebranding effort which came out of the Free Software Initiative in February 1998 in an attempt to move away from the confusion caused by the term free. Upon the launch of this new initiative the Open Source Definition (OSD) was released based on the Debian Free Software Guidelines. The initiative saw such success that within the next year OSI published a formal list of approved licenses which is commonly referred to by governments and other standards bodies.
Open Source Licenses
Open source licenses come with a wide variety of rights, but they are all built on the OSD. OSD by design leaves quite a bit of room for licenses to be individualized, while still guaranteeing basic freedoms. By examining a variety of licenses we can observe some main differences that can be examined and used to categorize the licenses. In Figure 1 we see that eight licenses hold over 75% of open source licenses, but within this set of licenses is a large variety of traits. [5]
Figure 1: Most Common Open Source Licenses
Examining the Open Source Definition
Contrary to what comes to mind when you hear the term Open Source Software, the OSD does a lot more than just allow access to software’s source code. We will look at these points to determine how they each effect open source software.Not every point of the OSD will be examined. For example, we will not be discussing “No Discrimination against Persons or Groups”, “License Must Not Be Specific to a Product”, “License Must Not Restrict Other Software” and “License Must Be Technology-Neutral.” These points serve to prevent discriminatory or malice licenses, but are not that interesting in this context.
Free Redistribution
The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license shall not require a royalty or other fee for such sale. [1]
The word Free in Free Redistribution does not refer to price, rather the ability or right to redistribute open source software in any way you wish. This allows the author to charge for their software, but consequently also allows anyone who receives the software to give it away or sell it for their personal profit.
Source Code
The program must include source code, and must allow distribution in source code as well as compiled form. Where some form of a product is not distributed with source code, there must be a well-publicized means of obtaining the source code for no more than a reasonable reproduction cost preferably, downloading via the Internet without charge. The source code must be the preferred form in which a programmer would modify the program. Deliberately obfuscated source code is not allowed. Intermediate forms such as the output of a preprocessor or translator are not allowed.[1]
This gives anyone who receives a copy of open source software full access to the source code at no additional charge, although the source code is not required to be distributed with the software. The source merely has to be available and publicized to anyone who receives the software.
Derived Works
The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software. [1]
All open source software is allowed to be modified in any way and releases under the same license, but licenses are allowed to require any derivative works to be released under the same license. The open source community commonly refers to this style of license as being “copyleft”. This is one of the most important things to know about an open source license when choosing or working with open source software.
Integrity of The Author’s Source Code
The license may restrict source-code from being distributed in modified form only if the license allows the distribution of "patch files" with the source code for the purpose of modifying the program at build time. The license must explicitly permit distribution of software built from modified source code. The license may require derived works to carry a different name or version number from the original software. [1]
Some open source licenses require that modified versions be distributed with the author’s original source code. This point can also allow developers to require modifications to be release under a different name or version number.
No Discrimination against Fields of Endeavor
The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research. [1]
This offers freedom of use that goes back to the Free Software Initiative. Anyone who uses the software must be allowed to do so in any way they wish. This most notably guarantees the right of users or companies to utilize the software in for profit activities.
Distribution of License
The rights attached to the program must apply to all to whom the program is redistributed without the need for execution of an additional license by those parties. [1]
When an open source program is distributed, it’s required to be distributed with a copy of the license. The second part of this point prevents open source licensed software from being blanketed by non-disclosure agreements or other closed-source licenses on distribution.
Major Categories
Although all open source licenses must follow the definition provided by the OSI to be considered a true open source license, there are a few areas that have been left open to be set by the particular license; we can use these differences to categorize the licenses. There are also many subtle differences in licensing that will not be addressed in this paper.
Copyleft vs. Permissive Software
“Copyleft” in a term coined by the Free Software Foundation in reference to the licensing terms of the General Public License(GPL) addressing derivative works. [2] These licenses require that any new versions or derivative works be published under the same license. This is used for works that authors wish to keep strictly as open source.
On the other hand, permissive licenses allow the software to be re-licensed under any license. This moves away from the freedoms wanted by the Free Software Foundation and opens up the possibility of companies making changes to the code and re-releasing the work under a proprietary license. Consequently, it has been found that a majority of software projects that are released under a permissive license are more likely to be for the benefit of developers, rather than an end product in itself. [3]
There is also a middle ground between strict copyleft and permissive licenses. The most notable of these is the Lesser GNU Public License (LGPL), which was first known as the Library GNU Public License. [4] Under this license, proprietary applications can link dynamically to an unmodified version of the LGPL licenses library without needing to release source code with the application binary upon distribution. However, if the LGPL library is modified then the modified library source code must be distributed with the application’s binary. As long as your program only interacts with the LGPL code as a library, then you will not be required to release your program’s source code. The ideology behind this is that the library will remain available to the public as an open source library. This can also give companies incentive to help maintain libraries that they use which gives back to the community.
Viral Licenses
Where copyleft licenses required new derivative works to be released under the same license, commonly thought of as being applied in the “vertical” progression of software, viral licenses require works in the “horizontal” progression to also be released under the license. Reciprocal licenses code, commonly referred to as “viral”, applies itself to your entire application as soon as you incorporate the viral licensed code in any way. The GNU GPL is the most popular license in this category.
Utilizing Open Source
Now that we have a solid understanding of the different open source license components we can start to discuss applying this to professional software development. To keep this interesting we won’t be discussing permissive software licensing, we will instead focus on the more restrictive style of licenses. Intended use of the resultant software will play a large role in how each of the licenses are applied along with how the code is utilized in the program. The two licenses that we will be examining in each stage are the GPL and LGPL licenses as they characterize two levels of restrictive licenses.
DistributedCommercial Applications
When it comes to using GPL code in commercial programs, there is no way to do this without making your whole application open source. The industry best practice for this is to avoid GPL code in programs for external use. LGPL on the other hand can be used if you take some steps to properly manage the risk of open source code.
LGPL code, when utilized in professional applications, should be referenced as a library, even if this means rewriting parts of the LGPL code to make it function more properly as such. That way you will only have to release that small part of your program. This is where good software design principles are applied to ensure that the interface between the library and the rest of the application are as low on coupling as possible.
Non-Distributed Commercial Applications
Internal use business applications can more effectively make use of open source software. This is because of the technicality of how “distributed” software is legally defined.Depending on how your company plans to make use of the application that is developed using open source pieces, it may not matter if the whole application becomes infected by the GPL.
Software Distribution Defined
Colloquially, to "distribute" a program means to give someone else a copy of its code — either its source code, or its binary (executable) code, or both. Merely allowing people to invoke a program on your server, for example via networked API calls, does not constitute distribution of the program as generally understood. [1]
When an employee of a company uses their workstation to operate a company developed application, they are not having the program specifically distributed to them. This may seem confusing, but think about a work computer which has windows installed on it. If you are assigned to this workstation, who does the license of windows belong to? Your employer, same with open source software running on your workstation.
Keeping Open Source Code Internal
Because internal use company software is not distributed in the legal sense, companies can develop entire open source applications under GPL and not release any of their code to the public if properly managed. Remember, the OSD grants you the freedom to distribute your software, not duty to distribute.
These are your legal rights with open source software, but what is legal is not necessarily ethical. Consider the history of the OSI and Free Software. Sure it guarantees you the right to use the software as you deem appropriate, but its aim was also to facilitate sharing of source code so that we as a software community can grow stronger.
Conclusion
Open source licensing is a complex legal matter that is commonly not covered in class materials. The goal of this paper was to establish a base understand of licensing issues you may encounter so that you may make informed decisions, but this knowledge should not be used as a substitute for legal counsel or company standing procedures on the issue. The amount of open source code available is only going to continue to grow, so knowing the basics of open source licensing will help you avoid long term legal battles.
References
[1]The Open Source Initiative. (n.d.). The Open Source Initiative. Retrieved October 29, 2013, from
[2] Meeker, H. J. (2008). The open source alternative: understanding risks and leveraging opportunities. Hoboken, NJ: Wiley & Sons.
[3] Lerner, J., & Tirole, J. (2002). The scope of open source licensing. Cambridge, Mass.: National Bureau of Economic Research.
[4] Lindberg, V. (2008). Intellectual property and open source: a practical guide to protecting code (1. ed.). Beijing [u.a.: O'Reilly.
[5] Top 20 Open Source Licenses. (n.d.). Black Duck. Retrieved October 29, 2013, from