Download - fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
1/22
gowlings.com
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
The Power of Original Thought
fork() in the Road GPLv3 and the
Cost of Open Source ConsensusOCRI - 45th Circuit
November 6, 2007
Thomas Prowse, Partner
Kanata Technology Law Office
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
2/22
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
Agenda
Open Source Software ("OSS") intro
Pros and Cons of OSS
OSS legal issues overview
10 things you ought to know about GPLv3
A policy based approach to OSS
Q&A
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
3/22
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
What is Open Source Software (OSS)?
1. Free Redistribution
2. Source Code
3. Derived Works
4. Integrity of The Author's Source Code
5. No Discrimination Against Persons or Groups
6. No Discrimination Against Fields of Endeavor
7. Distribution of License
8. License Must Not Be Specific to a Product
9. License Must Not Restrict Other Software
10.License Must Be Technology-Neutral
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
4/22
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
The 2.5 categories of OSS
A fair amount of OSS is permissive
In most cases, the reproduction of the copyright
notice / disclaimer is the only requirement
Examples include BSD, MIT
The other major category of OSS is reciprocal
While the GPL license is the leading example, there
are two subcategories
elastic e.g. Eclipse Public License unified e.g GPLv3 and Affero
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
5/22
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
Pros and Cons of OSS
pros
Solid technology
Familiar technology
Very large ecosystem Peer review
Community support
Access to source code
Faster time to productivity
Reduced time-to-market
Lower development costs
career portability
cons
License Contamination
Product Constraints
Unknown Origins
No WarrantyNo Indemnification
Possible lawsuits/injunctions
Unpredictable evolution
Customer Concerns
No Formal Support
Security Concerns
ALL OBLIGATIONS mustbe met
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
6/22
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
OSS legal issues
OSS is best approached as a Gordian knot of
technical, business, and legal issues
There are a couple of threshold legal issues that
apply to all OSS (and most software) pedigree are you getting what you think you
are getting
Bummer of a birthmark, Hal risks are you
putting your hand up for a lawsuit license to??? have you obtained and fully
assessed the OSS software license
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
7/22
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
OSS legal issues (continued)
The manner in which OSS is to be used has
significant implications
For example, it has been generally accepted that
almost all OSS can be used in a modified form eitherinternally or for delivery of a hosted service without
triggering an obligation to release the modified
source code
Accordingly, you need to focusprimarilyon the
modification (with distribution) of OSS and the
association of OSS with other code
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
8/22
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
10 things you ought to know about GPLv3
10 Dtente in our time
GPLv3 is the by-product of an unprecedented OSS public consultationprocess under which the Free Software Foundation (FSF)established four committees to represent different interests in thelicense
Unlike GPL (1989) and GPLv2 (1991) which written by RichardStallman, the latest version went through several public drafts andrationale documents
While GPLv3 reflects the inherent limitations of a consensusdocument, the consultation process is an important signal ofincreasing acceptance, and a fundamental shift towards dtente (if notpeace), between the OSS and proprietary software communities
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
9/22
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
10 things you ought to know about GPLv3
9 But you forgot to vacuum in the corners.
Several issues under GPLv2 remain open under GPLv3
In particular, the challenge of determining what constitutes a work
based on another work remains essentially unchanged The best view is that the underlying legal test remains a copyright
based determination as to whether a derivative work has beencreated
Since this is the major trigger for the reciprocity obligation under thecopyleft license, this assessment must be made whenever software
covered by the GPLv3 license is associated with other software This assessment, which can only be made on a case-by-case basis
taking into account the factual circumstances of each situation,remains one of the greatest OSS challenges.
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
10/22
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
10 things you ought to know about GPLv3
8 Around the world in 80 days: internationalization agenda
The GPLv2 license was generally considered to be U.S.-centric in itsdrafting
GPLv3 adopts more internationally consistent terminology to addressthis concern
In particular, GPLv3
defines propagate and convey to address some of thelimitations of the GPLv2 term distribute in the internationalcontext
In addition, GPLv3 permits developers to add certain disclaimersthat may be required under local law
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
11/22
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
10 things you ought to know about GPLv3
7 Born free the truly independent contractor
GPLv2 created uncertainty as to whether an independent contractorcould be retained to modify OSS without having the essential
distribution back from the contractor triggering the reciprocityobligations
GPLv3 addressed this issue by making it clear that code can betransferred to an independent contractor in order for them to makeprivate modifications for the exclusive benefit of the user withoutrequiring the release of those modifications
While the contractor must be granted full rights under any publicGPLv3 code, this allows the existing or developed privatemodifications to remain private
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
12/22
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
10 things you ought to know about GPLv3
6 Library card, get your library card here
One important change in GPLv3 is its clarification with respect to thedynamic linking of certain GPLv3 libraries
Where a program has been specifically designed to require the GPLv3library, the obligation to provide the source code for the program istriggered.
On the other hand, where a program has been designed to work with anumber of different libraries (typically through a standard API orinterface), the use of that program with a GPLv3 library does not
appear to trigger the reciprocity obligation While this clarity around the use of GPLv3 libraries is welcome, it
potentially impacts any organizations that have relied on the static vs.dynamic linking distinction and that should now shift to the betterderivative work of copyright determination approach
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
13/22
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
10 things you ought to know about GPLv3
5 User serviceable parts inside: DRM & consumer devices
GPLv3 adopts a number of Digital Rights Management (DRM) relatedprovisions
In general terms, DRM is the use of technical means to prevent access,modification, or reproduction of certain works
The first branch of the GPLv3 DRM provisions, prohibits the use of GPLv3programs as part of a DRM (through a waiver of statutory circumventionprohibition rights)
Under the second branch, a user of a consumer device has the right to modifyGPLv3 code on, and re-load the modified code to, that device as well as the
right to obtain associated installation information While this second branch has a number of reasonable limitations concerning
consumer devices incapable of being updated, warranty waivers formodifications, and network access denial options, these provisions will be ofgreat interest and importance to companies in the consumer device space
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
14/22
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
10 things you ought to know about GPLv3
4 Whats yours is now ours Patents under GPLv3
Unlike the implied license under GPLv2, GPLv3 has explicit patent license provisions
There are 3 main branches to these rather complex provisions
Distributors of modified GPLv3 code grant a license to all recipients of the codeunder any patent claims, under the distributors control, that read on thedistributed code (note: mere distribution of unmodified code does not trigger thispatent license)
The mandatory extension of all licenses granted under patents (including patentsnot controlled by the distributor) with respect to a particular GPLv3 work to allrecipients of that work
Certain third party arrangements, that indirectly grant a user a patent license, are
prohibited Certain OSS activities can easily result in inadvertent patent licensing and this risk
may, in fact, be most acute in a smaller technology company with a targeted patentportfolio that could easily be licensed in the absence of a close alignment of its OSSactivities with its strategic business plan.
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
15/22
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
10 things you ought to know about GPLv3
3 A house divided against itself . fork() #1
One fascinating aspect of the GPLv3 initiative was the disagreement between
the FSF and the Linux kernel OSS community over issues like DRM
As a result of this disagreement, the Linux kernel community, and a number ofOSS projects, has elected to remain at GPLv2 (GPLv2 only code)
The new restriction introduced in GPLv3 have made that license incompatible
with GPLv2
As a result, there is new complexity around GPL (and LGPL code) with respect
to the respective versions and issue of license compatibility
While these are still early days for GPLv3, there is a significant risk that the
OSS community may elect to fork between GPLv3 and GPLv2 resulting in two
somewhat isolated and incompatible OSS ecosystems
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
16/22
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
10 things you ought to know about GPLv3
2 But I really wanted to be your host. fork() #2
It is evident, from the record of the public consultation process, that theOSS community was divided with respect to the hosting exemption under
GPLv3 Under this hosting exemption, users are free to modify and use OSS codeto provide a hosted service without any obligation to release the modifiedcode to the OSS community
While GPLv3 elected to preserve the hosting exemption, it does makereference to the GNU Affero General Public License
The most significant legacy of GPLv3 may well be found in the legitimacythat it provides to the Affero license
While these are still early days for both Affero (the latest version) andGPLv3, there is a significant risk that the OSS community may elect to forkbetween GPLv3 and Affero on the hosting exemption resulting in twosomewhat isolated and incompatible OSS sub-ecosystems
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
17/22
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
10 things you ought to know about GPLv3
1 Invite (and assign seats) carefully for the party fork() #3
The most significant GPLv3 change, and challenge, is in the area of licensecompatibility and analysis
GPLv3 has added flexibility to adopt specified terms in order to ensurecompatibility with certain other OSS licenses such as the Apache and MITlicenses
This pursuit of license compatibility is, however, at the expense of theuniformity of the GPLv3 license itself since a wide permutation of addedprovisions may cause many GPLv3 licenses to be somewhat unique
This uniqueness can further compound the challenge of license compatibility
and analysis in a mixed software environment There is, accordingly, a serious risk that that license compatibility provisions in
GPLv3 may drive the community towards the formation of distinct andincompatible sub-systems of OSS code thereby undercutting the stated goal oflicense compatibility itself
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
18/22
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
A Policy-based approach
Your organization needs to have a policy in place to address its
use of OSS
This OSS policy should ensure that the pedigree, risk, and
license assessment steps are consistently followed and that the
license information and the OSS code are properly archived
For the reasons set out above, the policy needs to focus
primarily on the modification (with distribution) of OSS and the
combination of OSS with other code
Applicable procedures and processes should be put in place to
ensure that all obligations are fully understood and fullycomplied with
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
19/22
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
A Policy-based approach (continued)
In many instances, the OSS policy will provide a framework
for good up-front and well informed architectural decisions
that will adequately address the situation
In other cases, more sophisticated approaches (such as the
creation of a middle-ware layer) will need to be adopted tofully implement your organizations OSS policy
Given the complexity of the OSS licenses, your organization
will need to ensure that it has the resources necessary to
support its OSS policy in making these critical assessments
Your organization will also need to put monitoring processesin place to ensure full compliance with any adopted policies,
procedures, and approaches
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
20/22
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
Summary
The use of OSS by your organization gives rise to a
Gordian knot of technical, business, and legal
issues
GPLv3 affords your organization new answers, newquestions, and new and old challenges in the OSS
arena
A policy based approach to OSS will enable your
organization to balance the tensions among
competing legal, business, and technicalconsiderations and to steer its way through the
complexities of OSS on its journey to success
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
21/22
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
Wrap-up
Q & A
-
8/9/2019 fork ( ) in the Road - GPLv3 and the Cost of Open Source Consensus - OCRI 45th Circuit Nov 2007
22/22
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
Thomas Prowse
613.783-8988
Thank You
Montral | Ottawa | Kanata | Toronto | Hamilton | Waterloo Region | Calgary | Vancouver | Moscow
gowlings.com
The Power of Original Thought