open source software: brussels a brief...
TRANSCRIPT
Skadden, Arps, Slate, Meagher & Flom LLP
Open Source Software: A Brief Primer
Stuart D. Levi
PLI - November 2016
Beijing
Boston
Brussels
Chicago
Frankfurt
Hong Kong
Houston
London
Los Angeles
Moscow
Munich
New York
Palo Alto
Paris
San Francisco
São Paulo
Shanghai
Singapore
Sydney
Tokyo
Toronto
Vienna
Washington, D.C.
Wilmington
Technology Primer 101 - Code
Compiler
Source Code Object
Code
Implementation Phase
Write a program (source code)
Compile a program (source code to Object code)
Link a Program ( Object code to Executable code)
Test and Debug the Program (rectify the errors in the program)
Skadden, Arps, Slate, Meagher & Flom LLP 5
Defining “Open Source”
• There is no legal definition
• Open Source (1998) v. Free Software (1985)
– Understanding the origins of the open source/free software
movement is critical to understanding the legal issues that
may arise.
Skadden, Arps, Slate, Meagher & Flom LLP 6
Free Software Foundation
• A program is free software if the program's users
have the following four essential freedoms:
– The freedom to run the program, for any purpose (freedom
0).
– The freedom to study how the program works, and change it
so it does your computing as you wish. Access to the source
code is a precondition for this. (freedom 1).
– The freedom to redistribute copies so you can help your
neighbor (freedom 2).
– The freedom to distribute copies of your modified versions to
others. Access to the source code is a precondition for this.
(freedom 3).
Skadden, Arps, Slate, Meagher & Flom LLP 7
Defining “Open Source”
• The Open Source Initiative (OSI):
– Founded in 1998
– “Based on the sharing and collaborative improvement of
software source code”
– Mission statement:
• protects and promotes open source software, development and
communities, championing software freedom in society through
education, collaboration, and infrastructure, stewarding the
Open Source Definition (OSD), and preventing abuse of the
ideals and ethos inherent to the open source.
– Term “open source” coined at a conference in Palo Alto “to
have a single label that identified this approach and
distinguished it from the philosophically- and politically-
focused label "free software."
Skadden, Arps, Slate, Meagher & Flom LLP 8
Defining Open Source (cont.)
• Open Source Initiative Definition
– Open source doesn't just mean access to the source code.
– Cannot restrict any party from selling or giving away the
software as a component of an aggregate software
distribution containing programs from several different
sources
– Allow derivative works
– The license may restrict source-code from being distributed
in modified form only if the license allows the distribution of
"patch files" with the source code for the purpose of
modifying the program at build time.
– The license cannot be specific to a person or technology and
cannot be specific to a product
Skadden, Arps, Slate, Meagher & Flom LLP 9
Defining Open Source (cont.)
• Free Software Foundation explaining the difference
between open source and free software:
– They convey different ideas/philosophies
• “The fundamental difference between the two movements is in
their values, their ways of looking at the world.”
• “’Free software’ means software that respects users' freedom
and community. Roughly, the users have the freedom to run,
copy, distribute, study, change and improve the software.”
Skadden, Arps, Slate, Meagher & Flom LLP 10
Defining Open Source (cont.)
• Open source is a development methodology; free
software is a social movement. For the free software
movement, free software is an ethical imperative,
because only free software respects the users'
freedom. By contrast, the philosophy of open source
considers issues in terms of how to make software
“better”—in a practical sense only.
• For the Open Source movement, non-free software is
a suboptimal solution. For the Free Software
movement, non-free software is a social problem and
free software is the solution
Skadden, Arps, Slate, Meagher & Flom LLP 11
Defining Open Source (cont.)
• Why does the different in philosophy matter?
– The FSF has written the most commonly
used “open source” license – the GPL,
Lesser GPL, and Affero GPL
• The FSF philosophy shapes much of the
debate in the “open source” community and
the manner in which open source is used
Skadden, Arps, Slate, Meagher & Flom LLP 12
Open Source Paradigm
• Source code (human-readable code) freely available
(hence, “open source”)
• Typically open, community-based software
development
• In many cases, no individual “controls” the evolution
of the software
• Programmers improve the software; fix bugs, etc. and
then send back into the community
• No counter-party to turn to if there are any issues.
Skadden, Arps, Slate, Meagher & Flom LLP 13
Contrast Traditional Software Development
• “Closed” source
• Private development teams and methodology
• Restrictive License Terms
– Limitations on scope of use
– Restrictions on modifications, reverse engineering,
redistribution, etc.
– Vendor as sole source for maintenance and support
• But, a defined counter-party to turn to if there is an
issue
Skadden, Arps, Slate, Meagher & Flom LLP 14
Open Source Licenses
• In many ways, open source is defined by the
license under which it is offered
• There are scores of available licenses that vary
in their approach to how the software may be
used.
• These licenses can, very broadly speaking, be
divided into two buckets
Skadden, Arps, Slate, Meagher & Flom LLP 15
Open Source Licenses
• “Copyleft” licenses require licensee to license
specific developments (if they are not
restricted to internal use) to anyone under the
original license.
• “Permissive” or “Attribution” licenses
enable the licensee to license his modifications
to the original software as either Open Source
software or "proprietary" software
Skadden, Arps, Slate, Meagher & Flom LLP 16
Copyleft: Strong vs. Weak
Strong Copyleft Weak Copyleft
• License provisions are imposed on all derived works
– GPLv2
– GPLv3
– AGPLv3 (network service)
• Many, but not all, derived works inherit the copyleft license
– LGPL
– Mozilla Public License(s) [MPL]
– Eclipse Public License [EPL]
– Microsoft Reciprocal License [MS-RL]
– Common Development and Distribution License [CDDL]
Skadden, Arps, Slate, Meagher & Flom LLP 17
GPL Family of Licenses
• License that Linux is licensed under
• Arguably, the strictest of all licenses in preserving the
“purity” of open source
• The most complex of all licenses
• Goal is to ensure that any derivatives of open source
are themselves open source
• Raises concerns of open source “infecting” any
proprietary code with which it is integrated, and
rendering the proprietary code open source
Skadden, Arps, Slate, Meagher & Flom LLP 18
GPL Family of Licenses
• GPL Version 3 –
– The most commonly used GPL license – strong copyleft
protection.
– “The licenses for most software and other practical works are
designed to take away your freedom to share and change the
works. By contrast, the GNU General Public License is intended
to guarantee your freedom to share and change all versions of a
program--to make sure it remains free software for all its users.
– Ensures that modified versions of the code it covers remain free
and open source
– Attempts to preserve copyleft status by mandating the use of the
GPL v3 for distributed adaptations of GPL v3-licensed code
Skadden, Arps, Slate, Meagher & Flom LLP 19
GPL Family of Licenses
• GPL Version 3 –
– “You may make, run and propagate covered works that you do
not convey, without conditions so long as your license otherwise
remains in force.”
• To “propagate” a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on
a computer or modifying a private copy. Propagation includes
copying, distribution (with or without modification), making
available to the public, and in some countries other activities as well
• To “convey” a work means any kind of propagation that enables
other parties to make or receive copies. Mere interaction with a user
through a computer network, with no transfer of a copy, is not
conveying
Skadden, Arps, Slate, Meagher & Flom LLP 20
GPL Family of Licenses
• GPL Version 3 –
– Charging a fee - You may charge any price or no price for each
copy that you convey, and you may offer support or warranty
protection for a fee
– Using “contractors” - You may convey covered works to others
for the sole purpose of having them make modifications
exclusively for you, or provide you with facilities for running
those works, provided that you comply with the terms of this
License in conveying all material for which you do not control
copyright.
Skadden, Arps, Slate, Meagher & Flom LLP 21
GPL Family of Licenses
• GPL Version 3 –
– When distributing modified works:
• The work must carry prominent notices stating that you modified it, and
giving a relevant date.
• You must license the entire work, as a whole, under this License to anyone
who comes into possession of a copy. This License will therefore apply to
the whole of the work, and all its parts, regardless of how they are packaged.
Skadden, Arps, Slate, Meagher & Flom LLP 22
GPL Family of Licenses
• GPL Version 3 –
– Anti-circumvention - When you convey a covered work, you
waive any legal power to forbid circumvention of technological
measures . . . and you disclaim any intention to limit operation
or modification of the work as a means of enforcing, against the
work's users, your or third parties' legal rights to forbid
circumvention of technological measures.
Derivation or Mere Aggregation?
What is a Derivative Work?
17 U.S.C. § 101: A “derivative work” is a work based upon one or more pre-existing
works, such as a translation, musical arrangement, dramatization, fictionalization,
motion picture version, sound recording, art reproduction, abridgment,
condensation, or any other form in which a work may be recast, transformed, or
adapted. A work consisting of editorial revisions, annotations, elaborations, or other
modifications which, as a whole, represent an original work of authorship, is a
“derivative work”.
Have I derived, or simply aggregated? Not always an easy
question with software. But the answer matters.
Requires thinking about how software is created, and how
software communicates.
Skadden, Arps, Slate, Meagher & Flom LLP 24
“Combinations” Under the GPL
• A compilation of a covered work with other separate
and independent works, which are not by their nature
extensions of the covered work, and which are not
combined with it such as to form a larger program, in
or on a volume of a storage or distribution medium, is
called an “aggregate” if the compilation and its
resulting copyright are not used to limit the access or
legal rights of the compilation's users beyond what the
individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to
the other parts of the aggregate
Skadden, Arps, Slate, Meagher & Flom LLP 25
“Combinations” Under the GPL
• Where's the line between two separate programs, and one program with
two parts?
– This is a legal question, which ultimately judges will decide.
– We believe that a proper criterion depends both on the mechanism of
communication (exec, pipes, rpc, function calls within a shared address
space, etc.) and the semantics of the communication (what kinds of
information are interchanged).
– If the modules are included in the same executable file, they are definitely
combined in one program.
– If modules are designed to run linked together in a shared address space, that
almost surely means combining them into one program.
– Pipes, sockets and command-line arguments are communication
mechanisms normally used between two separate programs. So when they
are used for communication, the modules normally are separate programs.
But if the semantics of the communication are intimate enough, exchanging
complex internal data structures, that too could be a basis to consider the
two parts as combined into a larger
Static Linking
Static linking = traditional method to combine a core program with other object code-based functionality
routines, functions and variables are resolved at compile-time and copied into a target application
Static Linking 101
Linker
Program.o
Yellow.o
Green.o
Red.o
Let’s Link the Modules…
Linker
Into a Single Executable Program
program.exe
Dynamic Linking
Dynamic linking does not copy the various distinct bits of object code together into a single executable program.
Instead, perform linking when the program is actually run, and load object code into memory on an as-needed basis.
Dynamic Linking 101
program.exe
Yellow.dll
Green.dll
Red.dll
Dynamic Linking – Runtime Behavior
program.exe
Yellow.dll
Green.dll
Red.dll
Skadden, Arps, Slate, Meagher & Flom LLP 33
Distribution
• Arises under both copyleft and permissive licenses
– For example, the BSD requires attribution and notices to be
included when the work is “redistributed.”
• When is a work deemed “distributed” today?
– Many SaaS applications have a robust “client side” especially
in cases of html5; javascript; and flash
– Is a SaaS program distributed if the client side includes
nontrivial code?
Distribution Trigger
Answers may vary depending on jurisdiction
Generally, providing a copy to another person = distribution
From a technical perspective sending bits to someone else
Shiny gold disk
Via App Store
Code sent to web browser cache
Not SaaS / Cloud
Skadden, Arps, Slate, Meagher & Flom LLP 35
GPL Family of Licenses
• LGPL (“Lesser” GPL) –
– Often used for “shared libraries”
– Considered a compromise between the GPL and permissive
licenses like the BSD.
– Allows a work to be linked with (or in the case of a library,
'used by') another program, regardless of whether it is free
software or proprietary software.
– The non-LGPLed program can be distributed under any
terms if it is not a derivative work.
Skadden, Arps, Slate, Meagher & Flom LLP 36
GPL Family of Licenses
• Affero GPL
– If you run the program on a server and let other users
communicate with it, your server must also allow users to
download the source code corresponding to the program that
is running
– Originally designed to protect open source developers against
a case where the next developer modifies the software but
then only offers it on an ASP-type basis (thereby keeping
their modifications out of the open source community).
– Recommended by the FSF for any software that will run over
a network.
– Given a “version 3” designation to match up with the GPL
Skadden, Arps, Slate, Meagher & Flom LLP 37
BSD-License (“Attribution Licenses”)
• BSD-style (originally used for BSD Unix)
– Most popular alternative to the GPL
– Considered a “permissive” license”
– No limits on integration with proprietary code
– No obligation to disclose modifications
– Basically allows the user to do anything if they provide credit
• Apache License (Apache Software Foundation)
• Form of BSD License
• Preserve attribution and any IP notices
• “as is” disclaimer
Skadden, Arps, Slate, Meagher & Flom LLP 38
Questions or comments?
Stuart Levi
(212) 735-2750