Open Source/Proprietary - An Issue of Two Codebases?

g00mba_b0y asks: "For the past year I and a small team of developers have been working on an open source targeted, general business application framework. I say targeted because we have not yet selected a licensing model and placed the code in the public domain (we are working on some specific functional targets). I recently demonstrated the framework to a potential client who liked what they saw, and wants to use the software for their flagship product. In addition, they want to hire me to further the development of the framework as well as participate in the development. The sticking point is the structure of the legal agreement. I'm really interested in two things: the experiences of developers who are doing something like this (how did you address the IP issues); and links to any information on this subject."

"We agree in principle that the framework related development that they will be funding should be available for open source licensing, while code related to their business should remain proprietary. The tough part is coming up with a legalese definition of where the boundary lies, and a means of addressing disagreements when they occur.

I've done my homework and found a ton of information on licensing strategies, motivations for OSS, etc., but nothing so far that addresses how companies, who are funding open source initiatives alongside commercial development efforts, draw the line between the two."

Mozilla

Would this be anything like the difference between mozilla and netscape?

Mozilla is open source, and is what Netscape is/was based on, however Netscape added additional features like AIM.

mysql's approach...

dual licensing. you can obtain a mysql database under gpl, or you can purchase a mysql database license from the company that develops it if the gpl doesnt suit your needs. this also applies for mysql drivers.

Re:mysql's approach...

[connsmythe96]

I don't think this really fits his situation. We're talking about two distinct parts here: an OSS framework and a closed source codebase on top of that. The question is where to draw the boundary. It's not one codebase with 2 licenses; it's 2 codebases that are closely related, each with a different license.

Re:mysql's approach...

[umjaja96]

dual licensin

I think we're missing the point. The question is not how to license the same code in two ways, it's how to differentiate between framework code and application code.

How does one define the difference between a framework (i.e. Jakarta Struts), and an application written with that framework? If there are enhancements made to the framework to satisfy issues related to or which directly impact the employer's application, where does that code lie?

Best Option

[Polarcow]

Curl up in the corner in the fetal position and cry yourself to sleep. It may not get you a job but there's a lot less legal wrangling. :D

Hired or not hired...

Wouldn't it make sense to open source the code that has been developed BEFORE you've been employed by the company? At that point, you own the code.

At the point where they hire you to write MORE code, it is legally theirs, as they paid for it.

Wouldn't that be a reasonable solution to the problem? After all, as a mechanical engineer anything I develop while I work for a company they own. I don't see why software "engineers"... should be any different.

Re:Hired or not hired...

[aridhol]

At the point where they hire you to write MORE code, it is legally theirs, as they paid for it.

This depends on licensing terms. The company may purchase a license to use the software, and possibly a license to modify the software, while the developer still owns the copyright.

Now, if the developer is hired as an employee, the situation may be different; it still depends on the contents of the contract.

After all, as a mechanical engineer anything I develop while I work for a company they own.

Slight nitpick - anything you develop on company time belongs to them. Also, possibly anything related to the company's business. Your own projects, on your own time, still belong to you. This is where the currently existing code fits in this article; new code depends on the contract.

Re:Hired or not hired...

[mangu]

isn't the code written after he's hired derived from the former, where it would also have to be GPL'd?

Not if the code was written by himself. Derived code only needs to be GPL if the code was acquired by GPL in the first place. Look, for instance, on how Trolltech licences Qt: you can get it by GPL, in which case any further development has to be GPL. On the other hand, you can also buy it from Trolltech under a commercial licence, in which case you aren't bound by the GPL.

Dual license

[nuggz]

Just release 2 versions. GPL & Alladin Ghostscript.

As long as you don't have an exclusive agreement with them it isn't really an issue. License one to the customer however they want, license the other however you want to others.

Is it a modular architecture?

[tanguyr]

OBDisc:I don't know anything about your product...

Seems to me that if it's a modular/plugin architecture then the framework and some modules can be OSS whilst other modules are proprietary. As i understand it, this is how the netbeans IDE works. (let's try not to get bogged down flaming SUN's Public License - i'm sure this kind of thing could work under an Apache License as well)

/t

Dual-Licensing

[Doodhwala]

Never forget the power of dual-licensing. If the body of developers is small and you can get everyone to agree, you can always have the same code licensed under two difference licenses (similar to what the Qt people at TrollTech do).

However, if you ever accept patches from the general body of developers, you will have to make sure that author of the patch agrees to both licenses or redo the patch yourself.

Strange that no one has mentioned...

[Frothy+Walrus]

the BSD License.

Re:Once it's in the public domain its there for ke

[Uber+Banker]

Well, the public domain is owned by the public, it can be seen by all, openly scrutinised, is inherintly more secure etc. Good job.

The IP is an interesting issue. Once released into the public domain, the public will own it... that's what the GPL, BSD licence and SCO say. You no longer have exclusive rights over it...

Someone else could do what the hell they like with it because the GPL has never stood up in court, and the BSD licence allows it. Like the IP-stack in BSD... everyone knows it was invented by Linux Torwaldis in 1974, but because the GPL has never stood up in court, BSD corporation (under orders from SCO IMHO) relinced it and claims it as theirs because their licence is better.

So, never release something in a public form. Infact, encrypt all your code... even when distributed... it should be decrypted every time it is run, and every time there should be an online fee paid to M$ and the RIAA for using their 16-bit secure coding system. That, my firend, is the only way to secure your code.

Dual licensing

[bigjocker]

You can dual license your code if you are the copyright owner. You can release your framework to the world using the GPL and use a different license for your clients.

You must be careful with the license you offer to your clients, can they change your framework's code? can they make derivative products? Depending on the ammount of freedom you want to give them you may need to create your own license for your clients.

Eclipse solved the same problem...

[GrayArea]

Have a look at Eclipse web site. IBM develops and sells WSAD and uses the open-source Eclipse framework for base functionality. FAQ's have a few scenarios under which you can use Common Public License (roughly the same as MPL) with commercial software.

Open source != Public Domain

[Shenkerian]

I say targeted because we have not yet selected a licensing model and placed the code in the public domain (we are working on some specific functional targets).

Repeat after me: placing IP into the public domain precludes any sort of licensing agreement.

Public domain means you have no claim of ownership.

You probably DON'T want to make it public domain

[Eric+Smith]

If it's public domain, there's no copyright on it, and you can't enforce any license. Public domain means that there are no restrictions on it at all.

IANAL

[sterno]

I Am Not A Lawyer... You need a lawyer. Hire one and ask him, not Slashdot.

Re:IANAL

[Aapje]

I Am Not A Lawyer... You need a lawyer. Hire one and ask him, not Slashdot.

That's true, but he still needs to know what to ask the lawyer. It's very helpful to have some idea of the basic solution (and have the lawyer work out the ugly details).

I have five points of advice:

1. Make sure that there is a clear division between the open source code and the custom glue. You might want to state in your standard contract that closed code must always be in seperate files* (not intermixed with open source) and that your framework can function 'properly' without those files (you need a lawyer to write that down in legalese). This will prevent contamination of your open source framework and will help avert/settle disputes ("I won't pay for that plug-in architecture", "It's much cheaper if we just [awful hack], do that.").
   
   *It's even better to place all custom code in a single package/library per client. That way, you can very easily argue what is theirs and what is yours.
2. Choose a standard license for the open source part (if possible). Reading custom licenses sucks and a potential user will have to ask a lawyer for advice. Because of this, a non-standard license will decrease the appeal of your open source solution significantly. The LGPL is a good option if you fear that someone else will close your framework and push you out of the market. It will also enforce the seperation between closed and open source code. The BSD license will increase the appeal of your code. The GPL doesn't seem suitable in your case (because it doesn't allow closed source libraries).
3. Only accept contributions when the copyright is turned over to you. This will simplify IP issues immensly (changing open source licenses, for instance). Of course, the same goes for your client. You probably should give them the copyright for their custom code though.
4. Make sure that the client understands not just the legal implications of the contract, but also the reasons for having an open source framework. If they don't understand open source, they may ask you to close all the code developed under the contract or to do other silly things. Invest in some preliminary client education.
5. Don't skimp on a lawyer. You will regret it later if you don't seek proper legal advice from a smart IP lawyer.

Be careful with 'public domain'.

[Chmarr]

Be really careful with using the term 'public domain'. If you put something into 'the public domain', then all licenses and copyright notices you attach to the program are for naught. 'Public domain' means something very specific in legal terms; it means that anyone can do anything they want, whatsoever, to your code, which includes removing copyright notices.

Close it up

[The+Bungi]

And laugh all the way to the bank. The very fact that you submitted this shows that you're thinking about it, but remember this: idealism does not a car payment make.

Asking the people who read Slashdot about these things is like asking Martha Stewart about investment advice. What do you think you're going to hear? I doubt you'll get a lot of useful legal advice on how to handle licensing and negotiations. But you're sure to get advice on how to give away your work more efficiently.

Close it up. Make a killing. That is also a freedom.

(hope you read at -1)

Re:Close it up

[afreniere]

And laugh all the way to the bank. The very fact that you submitted this shows that you're thinking about it, but remember this: idealism does not a car payment make.

I beg to differ. I think mixed licensing is the way software is going in the long term: Robust, well-debugged, open-source frameworks (e.g. Darwin) with closed-source, well-researched, well-marketed apps on top of them (e.g. Aqua). Open-source and closed source have different strengths, and if you can take advantage of both then your proprietary product will be that much better off. Every case will be different though. Without knowing what this particular application is, it's hard to say which license he should go with. Seems like he thinks OSS is best for the framework though, which is consistent with its strengths, IMHO.

-Ansel.

Copyright and Open Source license

[JohnGrahamCumming]

I assume from what you've written that the problem is that the person who wants to employ you does not want the source code to become open and you'd like to see an open source version of the code.

The key thing to clear up is who owns the copyright on the code. If you own the copyright then you can choose how and when you release the code (open or closed). But it's vital that you keep control of the copyright since it gives you the maximum flexibility. (This is achieved in my project, POPFile, through the POPFile License Agreement).

Specifically,

1. You should make clear to the employer that you hold the copyright and that the code is valuable property which you are willing to license to them in exchange for X.

X could be a job with them, or it could be $$$ or royalties. Exactly what depends on what you want out of the agreement.

2. The license to the company needs to be non-exclusive (giving you the freedom to license to someone else), or exclusive with an exception for an open source version of the code.

3. Once the agreement is in place release the code under the GPL. This will help protect the company's investment because anyone else using the code will be forced to release their code lowering the likelihood that someone else will try to make money off it.

4. When you get contributions from the community who are using the GPL code make sure that you get signed agreements from the contributors transferring copyright to you so that your source base is not contaminated and you maintain control of the copyright. (I've included the text of the agreement we use for POPFile below for reference).

5. Make clear in your contract with the company who owns copyright on the changes that they make or that you make while employed by them. The best solution is that you keep the copyright for yourself.

6. You should expect that the open source version of the code will make the company lower what they are willing to pay (they are after all sharing the code with someone else). You need to argue back that in fact you will be leveraging the open source community to improve the product free of charge to them.

The FSF has a page covering copyright issues here: http://www.fsf.org/licenses/gpl-faq.html
and here: http://www.fsf.org/licenses/why-assign.html

John.

Here's what we use for POPFile...

[snip]

POPFILE LICENSE AGREEMENT

CONTRIBUTION DESCRIPTION:

John Graham-Cumming ("jgc") acknowledges, with many thanks, the receipt by jgc
from Licensee of the above-described Contribution ("Contribution") to the
POPFile software and its related documentation.

Licensee confirms to jgc that, to the best of Licensee's knowledge and belief,
the Contribution is free of any claims of parties other than Licensee under
copyright, patent or other rights or interests ("claims"). To the extent that
Licensee has any such claims, Licensee hereby grants to jgc a nonexclusive,
irrevocable, royalty-free, worldwide license to reproduce, distribute, perform
and/or display publicly, prepare derivative versions, and otherwise use the
Contribution as part of the POPFile software and its related documentation, or
any derivative versions thereof, at no cost to jgc or its licensed users and
without any accounting obligation to Licensee of any kind, and to authorize
others to do so.

Licensee hereby acknowledges that jgc may, at his sole discretion, decide
whether or not to incorporate the Contribution in the POPFile software and its
related documentation.

EXCEPT AS OTHERWISE PROVIDED HEREIN, LICENSEE MAKES NO REPRESENTATIONS OR
WARRANTIES, EXPRESS OR IMPLIED, WITH RESPECT TO THE ABOVE-DESCRIBED
CONTRIBUTION. BY WAY OF EXAMPLE, BUT NOT LIMITATION, LICENSEE MAKES NO AND
DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY
PARTICULAR PURPOSE. IN NO EVENT SHALL LICENSEE BE LIABLE TO USERS OF THE
CONTRIBUTION FOR ANY INCIDENTAL, SPECIAL OR CO

Here's a few links that may help you.

[vaderhelmet]

Various Licenses [both free and non-free]

Google Directory [Software >> Licensing]

I personally have no experiance, or legal expertise. However, I'd say, to figure out your borders of open/closed source... If your code will run without the business software you're writing, then it's officially open source framework. It's it's "extra" and related to that business software, then that code is closed source. Just an idea. Good luck!

Hate to Sound Like a Broken Record, BUT ...

[Compulawyer]

... you REALLY need to consult with an intellectual property lawyer who can properly advise you. Any advice you get based on the limited information in your post (other than "here's a souce for general information you can access to educate yourself as to some of the issues") is worthless.

IP legal problems, like any legal problem, are highly fact-dependent. Yes, it may cost you some money to get a legal opinion. I guarantee it will cost you MUCH more if you don't and have a disagreement later. According to the latest AIPLA (American Intellectual Property Law Association) survey (2001), an IP dispute with $1-3 Million at stake will cost approximately $500,000 to litigate. On the other hand, you can probably get a decent legal opinion for about $10,000 depending on the complexity of the issues.

Recap: $10K for an opinion that minimizes the risk later vs. $500,000 to litigate plus all the headaches / publicity / business interruptions of litigation. You decide.

Missing The Point

The author is developing a framework, which is to be OSS (of some sort). He's also (potentially) developing another body of code, which is specific to one company and closed.

The question is how to separate the two. The GPL is almost certainly inappropriate, as its purpose in life is to infect the "linked" code and force it to be released under GPL as well.

The LGPL exists precisely for this reason. It does not require the linked code to be released under GPL (or LGPL). If you can separate the framework and the app, then this may be the way to go.

(If you can't separate the framework and the app, then it's not really a framework! Maybe a bit of redesign would be needed to keep the separation between modules clean.)

Dual licensing doesn't really solve the problem. Or, rather, it only solves it for one single customer and one single release. You could craft a license for this user that allows them to keep their code, while also releasing the framework under, say, GPL. But then when the customer wants an update, they can't just go and grab the GPL version of 1.1 and use it without GPL'ing their code. And their original license wouldn't apply to any updates. Rather than try to track every customer and every release so that you can keep reissuing special licenses, it would seem to make more sense to adopt a license without the "viral" quality of GPL in the first place.

If you're willing to allow one customer to use the framework in a proprietary product, then it would seem that you don't have a major ideological free-software axe to grind, and thus don't need the GPL stick to go with your software carrot. So it seems you might as well be willing to allow anyone to use that framework in their code. In which case, any of the simpler and "really free" licenses such as BSD would do.

If you do want just this one company to have special access to the framework -- perhaps as some sort of competitive advantage, since they employ you, or the reverse, in an attempt to have a reason for them not to fire you -- then dual licensing with the public license being GPL (to try to shut down other commercial competition) might be the way to go.

negotiation and specification

[hormiga]

We have done this sort of thing for several years, and never found an acceptable broad license and contract provision to cover it. The only things that has worked well is to base the agreements on specifications, saying "implementations of interfaces marked A are ours, implementations of interfaces marked B are yours". Of course, the specification always changes (evolves, matures), so there is a constant review and negotiation process. So you end up saying (in the agreement) something like "the parties will from time to time meet and confer to extend the specification, and set the licensing for new or modified interfaces in the same manner as has been done already in Exhibit 1".

It is a good idea to specify the general principles by which the code will be covered by this license or that, but the explicit division with a list of interfaces (or modules or components) should override the general principles. You can always amend the agreement later. If the relationship has broken down to the extent that you can't amend the agreement, then there is probably no point anyway to amending it. Then, at least what you have done up to that point is covered by the explicit decisions already made. Just don't go too long without a review and decision process. (It's good engineering anyway to review the specifications and agreements periodically, so that the customer gets what he wants and you have a consistent, considered design.)

In the end, if you don't have a good relationship, all the contract language in the world won't necessarily save you from grief.

Keep the code bases separate. There should never be any doubt what you claim belongs in one category or the other. Put a clause in the agreement that has the customer waive rights to protest the decision if he hasn't done so within some specific period of time from having become aware of the way you have classified things. Of course, during the review period you can't release any of the code to the public (or GPL or whatever), in case it turns out your decision was inappropriate, else you will have released your customer's proprietary code which might be a breach of contract or trade secret law.

How we handled this exact situation.

[davesag]

I was asked to build a commercial b2b exchange a few years back and simultaneously to that I had been devoting a lot of energy to thinking about building a better app-server based around xml, jini and javaspaces. So when approached I said yes - as long as I can pick the development team and get cut in on the deal. In retrospect I would have not gone for the equity but that's a political issue not a technical one.

I put together a small team of people I knew who were also interested in the same general thing, and who were all fleeing like lemmings from the boo.com meltdown, and we thrashed out a rough design and worked out a budget and, issues of funding and business admin aside - sheesh startups - we built a bespoke sattelite reinsurance exchange based on cocoon, tomcat, apache server, outrigger and the jini1.0 stuff. we built it in three layers. the first, as the end result was to be a web app, was in retrospect not dissimilar to apache struts but tied cocoon to the javaspace (you can see more detail on this at O'Reilly's OnJava site) and used xsl to render the pages. The little bit of bespoke code we wrote to shuffle objects between cocoon and the space we dubbed Crudlet and declared it to be open source targeted, and registered crudlet.org. The package name was org.crudlet. The next layer provided the generic b2b exchange and negotiation layer. We called it tennis because it represented a series of exchanges across a net. It too provided very generic functions and so was also open source targeted as org.curdlet.tennis as it builds on crudlet. The final layer contains the actual business knowledge - What is an offer of capacity on M$300 worth of Ariane 5 launch. What's the launch schedule for the next few years etc etc. What's a reinsurer? These things all went into a com.risk2risk package that extended the classes in tennis and crudlet and was considered to be proprietary to the company.

We recruited developers from the various OSS projects we used when we could, and made ot very clear to new recurits how the code layers were structured. We also got complete approval from the Board of Directors to pursue this strategy. The fact that I was one of three like-minded technical directors also helped of course. But we were well outnumbered by the suits who were very sceptical at first. A further project grew out of the team - a kind of javasapce backed version of hibernate or castor - called javastore but it never really went anywhere.

Much of what we open sourced was rapidly superceeded by things like Struts and Hibernate and Karajan (which grew out of crudlet) and when the whole reinsurance industry melted down post Sept 11 2001 and the whole project was put on ice by the investors, the only code that was really iced was the proprietary layer. The developers showed incredible loyalty, committing bug fixes on their very last day of work that kind of thing, and I still keep in touch with many of them.

The business arguments were all around costs. OSS == cheaper. Developers will work for less if they get to keep their code after the project is done. Developers can be excited by things other than money. As long as the basic rate is comfortable for them, and that's always a subjective matter. Sure there are other good reasons for OSS, security, corporate tranparancy and accounability, due dilligence etc, but the bottom line with investors is always the bottom line. Anything else is just woolly for most of these people. Also the ethos of open source permeated the team - everyone worked on the inside of a huge oval shaped ring of desks. lots of power mac g4s running osx, a nice rack with some great hardware in it, a groovy office in soho, cvs servers, a network admin who loved his job. and everyone being paid to write code 90% of which they would get to keep afterwards.