Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
@listochkin
This talk is not a legal
advice
Talk to your lawyer
Also:
In Ukraine I’m not required
to make this disclaimer
<3 Ruby
8 days total
No Ruby Today
JavaScript
Bash XML
Rust
RustFest 2017 Kyiv
Videos are up!
Software Licensing
OpenSource
Which License to Choose?
MIT
End of Story
GPL
MPL
Apache
Eclipse
ICS
BSD
EU-PL
CDDL
Facebook PATENTS file
Oracle-Google JDK lawsuit
Ubuntu ZFS inclusion
OpenSSL licence change
etc.
Hard stuff!
Walkthrough
US
EU
Ukraine
…
Trade Secret
Trademark
Patent
Copyright
Trade Secret
Between you and your
employer/partner
Trademark
Unregistered™
Registered®
Linux
Come up with the name
Check if it is in use
If not you’re good
® and ™ aren’t required
Patents
Software Patents
de jure illegal in Ukraine
de facto legal in the US
thus de facto legal in Ukraine, too!
WTO
Agreement on Trade-Related
Aspects of Intellectual Property
Rights (TRIPS)
162 WTO countries
Notable exception: Belarus
Software Patents are here
Copyright
Berne Convention
© is not required
Author’s rights
vs
Copyright
You work at X and write code
Ukraine: you are the (co-)author
US: X is an author
© 2010-2016
What’s the deal?
Publication date
defines
Expiry date
Changed file?
New edition
Date is not always current!
E.g. content hasn’t changed
You have no right
to change website copyright year
on January 1st if site content
didn’t change
Licensing
&
Public Domain
Old works transfer to public domain
automatically
Government code can be public
domain automatically
Dedicate to public domain
Can be illegal in many countries
Germany
Unlicense
CC0
Who owns copyright?
WFH
Work-for-hire
US
if no terms are defined in the
contract you give copyright to the
company
Licensing
OpenSource
Free Software Foundation
OpenSource Initiative
Debian, OpenBSD, Apache
Goal?
1. Just share the code
2. Fame and Recognition
3. Guarantee contributions
4. Allow double-licensing
5. Force OpenSource
1. Just Share the Code
WTFPL
Unlicense
CC0
WTFPL
No warranty clause
If your WTFPL code doesn’t
work
I can sue you and WIN
Unlicense
Public Domain dedication
Illegal in some countries
CC0
Falls back from PD to
super-permissive license
NOT OSI-approved
OMG WTF?!
Dual Licensing
CC0 + ISC + Apache2
CC0
ICS: permissive
Apache2: … + patents
What’s up with patents?
Apache
All contributors share patents
Only the ones that they have
Ones that are required
Common defence pool
Don’t own patents?
No risk for you
2. Fame and Recognition
ISC + Apache
ICS ≈ MIT ≈ 2-clause BSD
1. State my name
2. No warranty
Why not BSD?
Too many variants
Why not MIT?
1. Also many variants!
2. “Use” may imply patent
grant
ISC is the new MIT
default on npm
3. Guarantee contributions
LGPL
C/C++ semantics
No equivalence in many
languages
Best to avoid
File Copyleft
MPL2
EPL
CDDL
Big issue:
GPL compatibility
GPLv2
GPLv2 or later
GPLv3
AGPL
AGPL or later
AGPLv3
with Classpath Exception
with Linking Exception
…
MPL2 has it built-in!
CDDL and EPL
are incompatible
MPL2
EPL + LGPL2^ + AGPL3^
4. Dual-Licensing
OpenSource + Commercial
OpenCore
Crippleware
ExtJS
MongoDB
SugarCRM
…
Where is it Deployed?
Client: GPL
Server: AGPL
Client-Server: AGPL + Apache/ISC
Why not GPL for servers?
GPL provisions trigger
on Distribution
20000 engineers write server code
Billions of people use this code
1 company
No distribution
Contractor?
Distribution
Employee at a service
company?
Distribution
Contribution
License
Agreement
You assign copyright to a project
Project decides
on licensing terms
5. Force OpenSource
AGPLv3
GPLv3
GPLv2^
CLA
Do you need a CLA
on your project?
YES and NO
Project license doesn’t
define the license
of contributions!
Inbound != Outbound
GitHub ToS has a “CLA”
D.6.
Employees
US
An employee assignes
copyright to the employer by
default
You may want a CLA-like
Linux: Developer Certificate
of Origin
Berneout Pledge
AUTHORS Certificate
etc.
Other Concerns
License notice in each file
Licences in minified JS
Licenses for all deps
AUTHORS file
CLA/DSO/Pledge
BG // before GitHub
AG // after GitHub
We can do better to ease
the life of others and
reduce legal risks
CC0 + ISC + Apache2
“Yes, patents exist,
we’re all in this together”
“Yes, use it in your
closed-source project”
“Yes, I know you’ll forget to put my
name and license into a final build,
and that’s OK”
Take Actions!
1. StackOverflow MIT
Add CC0/ISC to your profile
2. Read Your Contracts!
3. Don’t be afraid to
dual-licence
1. CC0 + ISC + Apache2
2. ISC + Apache2
3. MPL2
4. …
5. …
Or just use MIT because
nobody cares anymore
Stories:
Facebook PATENTS file
Oracle vs Google
OpenSSL license change
Ubuntu ZFS
Software Licensing:  A Minefield Guide - Andrey Listochkin
Upcoming SlideShare
Loading in …5
×

Software Licensing: A Minefield Guide - Andrey Listochkin

156 views

Published on

Ruby Meditation #15
May 13, 2017
Dnipro, I Coworking Hub

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Software Licensing: A Minefield Guide - Andrey Listochkin

  1. 1. @listochkin
  2. 2. This talk is not a legal advice Talk to your lawyer
  3. 3. Also: In Ukraine I’m not required to make this disclaimer
  4. 4. <3 Ruby
  5. 5. 8 days total
  6. 6. No Ruby Today
  7. 7. JavaScript Bash XML Rust
  8. 8. RustFest 2017 Kyiv
  9. 9. Videos are up!
  10. 10. Software Licensing
  11. 11. OpenSource
  12. 12. Which License to Choose?
  13. 13. MIT
  14. 14. End of Story
  15. 15. GPL MPL Apache Eclipse ICS BSD EU-PL CDDL
  16. 16. Facebook PATENTS file Oracle-Google JDK lawsuit Ubuntu ZFS inclusion OpenSSL licence change etc.
  17. 17. Hard stuff!
  18. 18. Walkthrough
  19. 19. US EU Ukraine …
  20. 20. Trade Secret Trademark Patent Copyright
  21. 21. Trade Secret
  22. 22. Between you and your employer/partner
  23. 23. Trademark
  24. 24. Unregistered™ Registered®
  25. 25. Linux
  26. 26. Come up with the name Check if it is in use If not you’re good ® and ™ aren’t required
  27. 27. Patents
  28. 28. Software Patents
  29. 29. de jure illegal in Ukraine de facto legal in the US thus de facto legal in Ukraine, too!
  30. 30. WTO Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) 162 WTO countries Notable exception: Belarus
  31. 31. Software Patents are here
  32. 32. Copyright
  33. 33. Berne Convention © is not required
  34. 34. Author’s rights vs Copyright
  35. 35. You work at X and write code Ukraine: you are the (co-)author US: X is an author
  36. 36. © 2010-2016 What’s the deal?
  37. 37. Publication date defines Expiry date
  38. 38. Changed file? New edition
  39. 39. Date is not always current! E.g. content hasn’t changed
  40. 40. You have no right to change website copyright year on January 1st if site content didn’t change
  41. 41. Licensing & Public Domain
  42. 42. Old works transfer to public domain automatically Government code can be public domain automatically
  43. 43. Dedicate to public domain Can be illegal in many countries Germany
  44. 44. Unlicense CC0
  45. 45. Who owns copyright?
  46. 46. WFH Work-for-hire
  47. 47. US if no terms are defined in the contract you give copyright to the company
  48. 48. Licensing
  49. 49. OpenSource
  50. 50. Free Software Foundation OpenSource Initiative Debian, OpenBSD, Apache
  51. 51. Goal?
  52. 52. 1. Just share the code 2. Fame and Recognition 3. Guarantee contributions 4. Allow double-licensing 5. Force OpenSource
  53. 53. 1. Just Share the Code
  54. 54. WTFPL Unlicense CC0
  55. 55. WTFPL
  56. 56. No warranty clause
  57. 57. If your WTFPL code doesn’t work I can sue you and WIN
  58. 58. Unlicense
  59. 59. Public Domain dedication Illegal in some countries
  60. 60. CC0
  61. 61. Falls back from PD to super-permissive license NOT OSI-approved
  62. 62. OMG WTF?!
  63. 63. Dual Licensing
  64. 64. CC0 + ISC + Apache2
  65. 65. CC0 ICS: permissive Apache2: … + patents
  66. 66. What’s up with patents?
  67. 67. Apache All contributors share patents Only the ones that they have Ones that are required Common defence pool
  68. 68. Don’t own patents? No risk for you
  69. 69. 2. Fame and Recognition
  70. 70. ISC + Apache
  71. 71. ICS ≈ MIT ≈ 2-clause BSD
  72. 72. 1. State my name 2. No warranty
  73. 73. Why not BSD? Too many variants
  74. 74. Why not MIT? 1. Also many variants! 2. “Use” may imply patent grant
  75. 75. ISC is the new MIT default on npm
  76. 76. 3. Guarantee contributions
  77. 77. LGPL
  78. 78. C/C++ semantics No equivalence in many languages Best to avoid
  79. 79. File Copyleft
  80. 80. MPL2 EPL CDDL
  81. 81. Big issue: GPL compatibility
  82. 82. GPLv2 GPLv2 or later GPLv3 AGPL AGPL or later AGPLv3 with Classpath Exception with Linking Exception …
  83. 83. MPL2 has it built-in!
  84. 84. CDDL and EPL are incompatible
  85. 85. MPL2 EPL + LGPL2^ + AGPL3^
  86. 86. 4. Dual-Licensing
  87. 87. OpenSource + Commercial
  88. 88. OpenCore Crippleware
  89. 89. ExtJS MongoDB SugarCRM …
  90. 90. Where is it Deployed?
  91. 91. Client: GPL Server: AGPL Client-Server: AGPL + Apache/ISC
  92. 92. Why not GPL for servers?
  93. 93. GPL provisions trigger on Distribution
  94. 94. 20000 engineers write server code Billions of people use this code 1 company No distribution
  95. 95. Contractor? Distribution
  96. 96. Employee at a service company? Distribution
  97. 97. Contribution License Agreement
  98. 98. You assign copyright to a project Project decides on licensing terms
  99. 99. 5. Force OpenSource
  100. 100. AGPLv3 GPLv3 GPLv2^
  101. 101. CLA
  102. 102. Do you need a CLA on your project?
  103. 103. YES and NO
  104. 104. Project license doesn’t define the license of contributions!
  105. 105. Inbound != Outbound
  106. 106. GitHub ToS has a “CLA” D.6.
  107. 107. Employees
  108. 108. US An employee assignes copyright to the employer by default
  109. 109. You may want a CLA-like
  110. 110. Linux: Developer Certificate of Origin Berneout Pledge AUTHORS Certificate etc.
  111. 111. Other Concerns
  112. 112. License notice in each file Licences in minified JS Licenses for all deps AUTHORS file CLA/DSO/Pledge
  113. 113. BG // before GitHub AG // after GitHub
  114. 114. We can do better to ease the life of others and reduce legal risks
  115. 115. CC0 + ISC + Apache2
  116. 116. “Yes, patents exist, we’re all in this together”
  117. 117. “Yes, use it in your closed-source project”
  118. 118. “Yes, I know you’ll forget to put my name and license into a final build, and that’s OK”
  119. 119. Take Actions!
  120. 120. 1. StackOverflow MIT Add CC0/ISC to your profile
  121. 121. 2. Read Your Contracts!
  122. 122. 3. Don’t be afraid to dual-licence
  123. 123. 1. CC0 + ISC + Apache2 2. ISC + Apache2 3. MPL2 4. … 5. …
  124. 124. Or just use MIT because nobody cares anymore
  125. 125. Stories: Facebook PATENTS file Oracle vs Google OpenSSL license change Ubuntu ZFS

×