Software Licensing: A Minefield Guide

Software Licensing: A Minefield Guide

Transcript

  1. None
  2. @listochkin

  3. This talk is not a legal advice Talk to your

    lawyer
  4. Also: In Ukraine I’m not required to make this disclaimer

  5. <3 Ruby

  6. 8 days total

  7. No Ruby Today

  8. JavaScript Bash XML Rust

  9. RustFest 2017 Kyiv

  10. Videos are up!

  11. Software Licensing

  12. OpenSource

  13. Which License to Choose?

  14. MIT

  15. End of Story

  16. GPL MPL Apache Eclipse ICS BSD EU-PL CDDL

  17. Facebook PATENTS file Oracle-Google JDK lawsuit Ubuntu ZFS inclusion OpenSSL

    licence change etc.
  18. Hard stuff!

  19. Walkthrough

  20. US EU Ukraine …

  21. Trade Secret Trademark Patent Copyright

  22. Trade Secret

  23. Between you and your employer/partner

  24. Trademark

  25. Unregistered™ Registered®

  26. Linux

  27. Come up with the name Check if it is in

    use If not you’re good ® and ™ aren’t required
  28. Patents

  29. Software Patents

  30. de jure illegal in Ukraine de facto legal in the

    US thus de facto legal in Ukraine, too!
  31. WTO Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS)

    162 WTO countries Notable exception: Belarus
  32. Software Patents are here

  33. Copyright

  34. Berne Convention © is not required

  35. Author’s rights vs Copyright

  36. You work at X and write code Ukraine: you are

    the (co-)author US: X is an author
  37. © 2010-2016 What’s the deal?

  38. Publication date defines Expiry date

  39. Changed file? New edition

  40. Date is not always current! E.g. content hasn’t changed

  41. You have no right to change website copyright year on

    January 1st if site content didn’t change
  42. Licensing & Public Domain

  43. Old works transfer to public domain automatically Government code can

    be public domain automatically
  44. Dedicate to public domain Can be illegal in many countries

    Germany
  45. Unlicense CC0

  46. Who owns copyright?

  47. WFH Work-for-hire

  48. US if no terms are defined in the contract you

    give copyright to the company
  49. Licensing

  50. OpenSource

  51. Free Software Foundation OpenSource Initiative Debian, OpenBSD, Apache

  52. Goal?

  53. 1. Just share the code 2. Fame and Recognition 3.

    Guarantee contributions 4. Allow double-licensing 5. Force OpenSource
  54. 1. Just Share the Code

  55. WTFPL Unlicense CC0

  56. WTFPL

  57. No warranty clause

  58. If your WTFPL code doesn’t work I can sue you

    and WIN
  59. Unlicense

  60. Public Domain dedication Illegal in some countries

  61. CC0

  62. Falls back from PD to super-permissive license NOT OSI-approved

  63. OMG WTF?!

  64. Dual Licensing

  65. CC0 + ISC + Apache2

  66. CC0 ICS: permissive Apache2: … + patents

  67. What’s up with patents?

  68. Apache All contributors share patents Only the ones that they

    have Ones that are required Common defence pool
  69. Don’t own patents? No risk for you

  70. 2. Fame and Recognition

  71. ISC + Apache

  72. ICS ≈ MIT ≈ 2-clause BSD

  73. 1. State my name 2. No warranty

  74. Why not BSD? Too many variants

  75. Why not MIT? 1. Also many variants! 2. “Use” may

    imply patent grant
  76. ISC is the new MIT default on npm

  77. 3. Guarantee contributions

  78. LGPL

  79. C/C++ semantics No equivalence in many languages Best to avoid

  80. File Copyleft

  81. MPL2 EPL CDDL

  82. Big issue: GPL compatibility

  83. GPLv2 GPLv2 or later GPLv3 AGPL AGPL or later AGPLv3

    with Classpath Exception with Linking Exception …
  84. MPL2 has it built-in!

  85. CDDL and EPL are incompatible

  86. MPL2 EPL + LGPL2^ + AGPL3^

  87. 4. Dual-Licensing

  88. OpenSource + Commercial

  89. OpenCore Crippleware

  90. ExtJS MongoDB SugarCRM …

  91. Where is it Deployed?

  92. Client: GPL Server: AGPL Client-Server: AGPL + Apache/ISC

  93. Why not GPL for servers?

  94. GPL provisions trigger on Distribution

  95. 20000 engineers write server code Billions of people use this

    code 1 company No distribution
  96. Contractor? Distribution

  97. Employee at a service company? Distribution

  98. Contribution License Agreement

  99. You assign copyright to a project Project decides on licensing

    terms
  100. 5. Force OpenSource

  101. AGPLv3 GPLv3 GPLv2^

  102. CLA

  103. Do you need a CLA on your project?

  104. YES and NO

  105. Project license doesn’t define the license of contributions!

  106. Inbound != Outbound

  107. GitHub ToS has a “CLA” D.6.

  108. Employees

  109. US An employee assignes copyright to the employer by default

  110. You may want a CLA-like

  111. Linux: Developer Certificate of Origin Berneout Pledge AUTHORS Certificate etc.

  112. Other Concerns

  113. License notice in each file Licences in minified JS Licenses

    for all deps AUTHORS file CLA/DSO/Pledge
  114. BG // before GitHub AG // after GitHub

  115. We can do better to ease the life of others

    and reduce legal risks
  116. CC0 + ISC + Apache2

  117. “Yes, patents exist, we’re all in this together”

  118. “Yes, use it in your closed-source project”

  119. “Yes, I know you’ll forget to put my name and

    license into a final build, and that’s OK”
  120. Take Actions!

  121. 1. StackOverflow MIT Add CC0/ISC to your profile

  122. 2. Read Your Contracts!

  123. 3. Don’t be afraid to dual-licence

  124. 1. CC0 + ISC + Apache2 2. ISC + Apache2

    3. MPL2 4. … 5. …
  125. Or just use MIT because nobody cares anymore

  126. Stories: Facebook PATENTS file Oracle vs Google OpenSSL license change

    Ubuntu ZFS