Software Licensing: A Minefield Guide

Transcript

1. None

2. @listochkin

3. This talk is not a legal advice Talk to your

   lawyer

4. Also: In Ukraine I’m not required to make this disclaimer

5. <3 Ruby

6. 8 days total

7. No Ruby Today

8. JavaScript Bash XML Rust

9. RustFest 2017 Kyiv

10. Videos are up!

11. Software Licensing

12. OpenSource

13. Which License to Choose?

14. MIT

15. End of Story

16. GPL MPL Apache Eclipse ICS BSD EU-PL CDDL

17. Facebook PATENTS file Oracle-Google JDK lawsuit Ubuntu ZFS inclusion OpenSSL

    licence change etc.

18. Hard stuff!

19. Walkthrough

20. US EU Ukraine …

21. Trade Secret Trademark Patent Copyright

22. Trade Secret

23. Between you and your employer/partner

24. Trademark

25. Unregistered™ Registered®

26. Linux

27. Come up with the name Check if it is in

    use If not you’re good ® and ™ aren’t required

28. Patents

29. Software Patents

30. de jure illegal in Ukraine de facto legal in the

    US thus de facto legal in Ukraine, too!

31. WTO Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS)

    162 WTO countries Notable exception: Belarus

32. Software Patents are here

33. Copyright

34. Berne Convention © is not required

35. Author’s rights vs Copyright

36. You work at X and write code Ukraine: you are

    the (co-)author US: X is an author

37. © 2010-2016 What’s the deal?

38. Publication date defines Expiry date

39. Changed file? New edition

40. Date is not always current! E.g. content hasn’t changed

41. You have no right to change website copyright year on

    January 1st if site content didn’t change

42. Licensing & Public Domain

43. Old works transfer to public domain automatically Government code can

    be public domain automatically

44. Dedicate to public domain Can be illegal in many countries

    Germany

45. Unlicense CC0

46. Who owns copyright?

47. WFH Work-for-hire

48. US if no terms are defined in the contract you

    give copyright to the company

49. Licensing

50. OpenSource

51. Free Software Foundation OpenSource Initiative Debian, OpenBSD, Apache

52. Goal?

53. 1. Just share the code 2. Fame and Recognition 3.

    Guarantee contributions 4. Allow double-licensing 5. Force OpenSource

54. 1. Just Share the Code

55. WTFPL Unlicense CC0

56. WTFPL

57. No warranty clause

58. If your WTFPL code doesn’t work I can sue you

    and WIN

59. Unlicense

60. Public Domain dedication Illegal in some countries

61. CC0

62. Falls back from PD to super-permissive license NOT OSI-approved

63. OMG WTF?!

64. Dual Licensing

65. CC0 + ISC + Apache2

66. CC0 ICS: permissive Apache2: … + patents

67. What’s up with patents?

68. Apache All contributors share patents Only the ones that they

    have Ones that are required Common defence pool

69. Don’t own patents? No risk for you

70. 2. Fame and Recognition

71. ISC + Apache

72. ICS ≈ MIT ≈ 2-clause BSD

73. 1. State my name 2. No warranty

74. Why not BSD? Too many variants

75. Why not MIT? 1. Also many variants! 2. “Use” may

    imply patent grant

76. ISC is the new MIT default on npm

77. 3. Guarantee contributions

78. LGPL

79. C/C++ semantics No equivalence in many languages Best to avoid

80. File Copyleft

81. MPL2 EPL CDDL

82. Big issue: GPL compatibility

83. GPLv2 GPLv2 or later GPLv3 AGPL AGPL or later AGPLv3

    with Classpath Exception with Linking Exception …

84. MPL2 has it built-in!

85. CDDL and EPL are incompatible

86. MPL2 EPL + LGPL2^ + AGPL3^

87. 4. Dual-Licensing

88. OpenSource + Commercial

89. OpenCore Crippleware

90. ExtJS MongoDB SugarCRM …

91. Where is it Deployed?

92. Client: GPL Server: AGPL Client-Server: AGPL + Apache/ISC

93. Why not GPL for servers?

94. GPL provisions trigger on Distribution

95. 20000 engineers write server code Billions of people use this

    code 1 company No distribution

96. Contractor? Distribution

97. Employee at a service company? Distribution

98. Contribution License Agreement

99. You assign copyright to a project Project decides on licensing

    terms

100. 5. Force OpenSource

101. AGPLv3 GPLv3 GPLv2^

102. CLA

103. Do you need a CLA on your project?

104. YES and NO

105. Project license doesn’t define the license of contributions!

106. Inbound != Outbound

107. GitHub ToS has a “CLA” D.6.

108. Employees

109. US An employee assignes copyright to the employer by default

110. You may want a CLA-like

111. Linux: Developer Certificate of Origin Berneout Pledge AUTHORS Certificate etc.

112. Other Concerns

113. License notice in each file Licences in minified JS Licenses

     for all deps AUTHORS file CLA/DSO/Pledge

114. BG // before GitHub AG // after GitHub

115. We can do better to ease the life of others

     and reduce legal risks

116. CC0 + ISC + Apache2

117. “Yes, patents exist, we’re all in this together”

118. “Yes, use it in your closed-source project”

119. “Yes, I know you’ll forget to put my name and

     license into a final build, and that’s OK”

120. Take Actions!

121. 1. StackOverflow MIT Add CC0/ISC to your profile

122. 2. Read Your Contracts!

123. 3. Don’t be afraid to dual-licence

124. 1. CC0 + ISC + Apache2 2. ISC + Apache2

     3. MPL2 4. … 5. …

125. Or just use MIT because nobody cares anymore

126. Stories: Facebook PATENTS file Oracle vs Google OpenSSL license change

     Ubuntu ZFS