Slashdot Mirror
'Infectious' Open Source Software?
Gavo writes "Law firm Chapmann Tripp advises New Zealand State Services Commission that the New Zealand Government should be wary of using 'infectious' open source software. They claim 'While the use of open source software has many benefits, it brings with it a number of legal risks not posed by proprietary or commercial software.'"
The only legal risks are patent issues, which, I don't think they have in New Zealand. Otherwise, most FOSS software licenses don't kick in unless you redistribute the software. So long as the NZ authorities aren't modifying the code, they'll be fine.
Lawyers are parasites, empowering them expose you to number of legal risks.
Much better.
I am the bastard of base minus 12! Turing was the ejaculate of my complete machine!
From TFA: "Exposure to faults and intellectual property claims.
Relevant to all open source use.
Disclosure of confidential code/ No rights to use.
Relevant where software has been infected by an open source licence."
They talk about it like there aren't IP claims with proprietary source code. I would argue that these "legal issues" are in fact features of open source that are hampered generally in commercial closed-source software. Closed source tends to have more of the issues above by default, right? Sure looks that way to me!
stuff |
"We've noticed a substantial drop in the amount of EULA's being drafted, as well as an air of goodwill and cheer creeping into the normally sour and beligerent computer software industry, leading naturally to a decrease in important economy stimulating litigation.
Time to break out the FUD cakes!"
May the Maths Be with you!
There's more risk of OSS being called on IP violations. YOU CAN SEE THE CODE!!!!!!!!
MS has been sued how many times now for IP violations? - and that's with people having to either "steal" the code or sue to see it.
Unfortunately, I do see more IP challenges to OSS in the future. On the up side I also see those challenges being handled by the OSS community with rapid patches to remove the problem - unless it's something like BT sueing over links.
It's all true!! I set up one little Linux box, and the next morning my phone, toaster, and kitchen sink were all being freely updated and improved by thousands of collaborators all over the world! Insidious stuff, that open-source.
Slashdot Burying Stories About Slashdot Media Owned
Though the article (yes I have RTFA) uses flaming terms like "risks" and "infectious", it's actually a plain HowTo on opensource licenses in goverment environment. It includes guidelines like the following:
Managing open source software risks can be complicated. To help simplify matters, SSC makes the following general recommendations to cover most open source legal risks facing government agencies:
* Using stand-alone, open source applications:
(a) Only use open source licences that have been legally reviewed, including the GPL, LGPL, CAL, MBSD, MIT, which have been reviewed and are recommended by SSC for use in accordance with this guide.
(b) Obtain performance and intellectual property warranties from the supplier of the open source software, where appropriate and available.
* In-house modification or integration of open source software: In addition to the above recommendations:
(a) Choose one of the following distribution strategies for the resulting software:
(i) Closed distribution, i.e. only within the agency's legal entity.
(ii) Limited distribution, i.e. to other legal entities on non-open source terms.
(iii) Open distribution, i.e. on open source terms.
(b) Manage the chosen licence to match the chosen distribution strategy as follows:
Licence Open distribution Limited or closed distribution
GPL: May use Quarantine
LGPL: May use Quarantine or meet LGPL exception
CAL: May use Quarantine or meet CAL exception
MBSD: May use May use
MIT: May use May use
The entire slant of the document is incorrect. There are certainly concerns with the open source licenses, especially for someone unfamiliar with them who is used to using proprietary software, tweaking it, and reselling without every publishing the modifications to their clients or to the authors.
But the use of closed source and proprietary software has a generally greater risk due to risk of copyright violation and patent violation and user agreement violation. Simply reverse-engineering a proprietary protocol in order to get your work done or to fix a serious issue in closed source software can cause serious legal problems which are often far greater, even though they are more familiar. And the closed source tools are far more likely to contain backdoors or to have vital features discarded in new revisions, forcing a painful and expensive upgrade process for both software and its configurations to the new setups, or to simply be discarded and the data or tools permanently lost to users.
The shutdown of companies or their abandonment of products is a real problem in the closed source world.
an increased risk of exposure to faults
More public review, code that tends to be of higher quality, and the ability to fix problems yourself
intellectual property claims
And since when proprietary software was free from litigation?
the risk of forced disclosure of confidential code
"confidential code" -- whose? If yours, you wouldn't even be able to put it there otherwise. And someone has to reread the GPL again -- no one says the gov agency in question has to distribute any source of things they use internally. If the agency in question releases some software itself -- that "confidential code" will be disclosed anyway, just in a form that is harder to read. Back in the days, I learned how to program a particular SVGA chipset by debugging through BIOS code, and my asm skills are low -- are you going to tell me that if the "confidential code" has any real value, no one will get to it anyway?
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
It's not FUD, it is simply "OSS for the uninitiated - be warned that if you're developing software, you might want to actually read the license of anything else you or your contractors plan to use rather than just ignoring it like you usually do". The general tone is "You can use OSS, but be careful".
It's not terribly well written, mainly because it seems to add a load of guff to licenses which are by and large pretty easy to read. And it uses some contentious terminology which is likely to cause concern. ("Infectious", anyone?)
Doubtless a whole boatload of slashbots who didn't RTFA will be a long in a moment to say "yeah but no but it's microsoft FUD ignore it don't give it publicity etc etc" - I'm not going to debate that one. I actually think it's more likely to be an attempt on the part of the law firm to drum up a bit of business. Something along the lines of "Now you've read this article, contact us for further advice!"
What a bunch of baloney. What's this about "risk of forced disclosure of confidential code"? Risk makes it sound like it is some kind of roll of the dice thing where if you're unlucky, and you get busted, you have to disclose the code.
How about "agencies should read the licence agreement and abide by it whether open source or not"?
And what about "include an increased risk of exposure to faults". Is that supposed to mean open source has a higher "risk" (there's that word again) of faults, because it is bad quality? Or does it mean you have to make sure you pay for support if you can't support it yourself? Why don't they call a spade a spade?
And what of intellectual property claims? Paying somebody for your software, frankly doesn't guarantee anything. It may give you someone to sue, but when did you last see a goverment department sueing a software house? Uh, it aint going to happen.
It's not as though Chapman Tripp could have been unapprised of how utterly stupid their claims are -- Simpson Grierson tried this FUD on a year or so ago, as well: (see The Fud Buster pages of the New Zealand Open Source Society. )
I hope the New Zealand Serious Fraud Office goes after Chapman Tripp's spreading such lies which bring tangible monetary injury to the New Zealand Open Source community, measurable every time we hear a prospect repeat the utter and unadulterated and deliberate bullshit that these pathetic excuses for "IP Lawyers" are putting out.
It seems that after recent press coverage, that legal staff around the world are trying to cover business risks. Obviously the marketing machines of the software industry are zooming in on some of the mistakes bussiness have made when using f.i. GPL software.
At the edge of a cliff, a step forward is not always progress.
And it gets even more fun when you compare the F/OSS licenses with the common proprietary ones. When our company decided Legal needed to review any F/OSS license used here, I got them to agree to do the same level of review on the proprietary licenses. Not surprisingly, there were *way* more proprietary licenses (the original concern was too many licenses), and the proprietary ones had way more questionable terms that raised the eyebrows of legal.
I'm amused that license terms is the new argument of the proprietary industry - because I *really* think they don't want their customers sending their license terms through legal.
For example, it's not uncommon for proprietary licenses to have terms that effectively say ("we have the right to take over your computer and/or install random crap on it" - from anti-virus-company patches to Skype supernodes). Compared to clauses like that, the GPL's a plesant dream to our legal dept.
May Peace Prevail On Earth
I've given it a quick read through and it's actually a pretty sensible document in most places, with some useful advice. You need to bear in mind that the target audience is other NZ government agencies, so the information presented is specifically written with them in mind. I'll argue that the choice of language could be considered negative or inflamitory, but the actual content of the document is decent enough. For example the table in section 9 and the text in sections 15-17 put the legal requirements for various licences in pretty clear terms. They even define terms such as "library" and "device driver" and how the licences relate to those types of components.
However, section 25 is pretty stupid:
"25 There is a risk that open source software contains functional defects, or breaches a third party's intellectual property rights (e.g. where it contains code misappropriated from proprietary software or functionality in breach of a patent). The absence of warranties and indemnities in most open source licences means the licensee bears this risk. This can be contrasted with the protection usually available under commercial software licences."
I'm not sure what EULAs they've read, but commercial software agreements generally contain similiar indemnification. So whats all this about "protection usually available under commercial software licences."?
If it wern't for that nonsense, it'd be a good document.
But viruses may be the precursors of all life. So if GPL is a virus ... well, draw your own conclusions :-)
The Tao of math: The numbers you can count are not the real numbers.
Perhaps there is some kind of license Anti-Virus app that will stop these 'infectious' licenses from spreading even further!
Just don't create a file called -rf.
How many people and/or companies have been sued for just using F/OSS? I don't know of any. BTW: all the scox-scam lawsuits are over bogus contract violation. Scox has not sued anybody for just using Linux.
Innocent parties have been sued for using proprietary software. The msft/time-line case is one example. How many people have been harassed, or fined, by the BSA, because they couldn't find their certificate of ownership?
These articles always assert that F/OSS is a legal minefield, whereas proprietary is completely. But all logic, and evidence, say otherwise.
Read the actual document, not just the summary. The actual document isn't that bad.
The stuff inside isn't that big a secret to most folks. It mainly boils down to, "Using open source software under licenses we've reviewed is okay, but be careful if you're developing code using open source software that we don't want released to the masses, because under some licenses, we may be obligated to."
In fact, this document is probably a good thing, in spite of a somewhat badly written summary. Check out Chapter 2:
This only makes sense. I can't imagine anyone disagreeing, saying that you should use software with a license we're not familiar with, or to disregard the IP of open source authors.
Also, look just below it. It says that for software development that is for open distribution, it's okay to use open source software. For software that is for limited or closed distribution, don't. Is this new? Am I missing something? If anything, people who are interested in open source software can look at this document as permission to go forward, not as a hinderance!
I mean, I realize that the words "infectious" has negative connotations, but I just don't see this document in and of itself as a bad thing. And even though I'm a strong FOSS advocate, the stuff that's in there is stuff that I would recommend to any company, government or organization to consider in their decision whether to use closed- or open source software.
slashbots who didn't RTFA will be a long in a moment to say "yeah but no but it's microsoft FUD ignore it don't give it publicity etc etc" - I'm not going to debate that one. I actually think it's more likely to be an attempt on the part of the law firm to drum up a bit of business. Something along the lines of "Now you've read this article, contact us for further advice!"
So in other words, it's FUD but not from Microsoft? It really shouldn't be rocket science to figure it out if only someone reads it - or even the first FAQ they can find on google. Sure, some might use the code without paying attention to the license at all, but I presume that's the same kind of business that pass around the one Windows CD.
Live today, because you never know what tomorrow brings
No offense, but these countries are not exactly international economic power-houses.
It has often surprised me how much of the F/OSS v proprietary battle goes on over there.
It was prepared by the State Services Commission and therefore presumably carries a stronger imprimatur than if it were just some private law firm making this analysis.
Then again, IANAK (I Am Not A Kiwi), so I may be giving this agency more credit than it is due...
The Busy Coder's Guide to Android Development
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
Any smart software consumer should "zoom in on" the fact that Monoposoft Office (a.k.a. The Enterprise Ready Virus-Development Environment) has cost the entire PLANET billions of dollars in downtime and that over 99% of all viruses are M-Windows viruses.
There is no mistake so dear as using Monoposoft products.
Rich And Stupid is not so bad as Working For Rich And Stupid.
Ehh... sort of. You can still use open-source software: you can develop in emacs on GNU/Linux and write up all the documentation using LyX or OpenOffice or whatever. As long as your product is all your own work that's fine. It's when you start shipping, say... an Integrated Firewall Solution that happens to run on a modified Linux kernel that you might run into GPL issues.
That's the quarrel we generally have with this kind of article: it can confuse the issue between use of GPL software - which you can do freely, even if you don't accept the terms of the GPL itself - and redistribution of GPL software or derived works, which is just plain illegal under standard copyright law unless you do so under the terms of the GPL.
Real Daleks don't climb stairs - they level the building.
Legal risks with using software are a real issue in our world.
That's why it would be in the best interests of all computer users and IT decision makers to explore the issue fully, to look closely at what kinds of risks exist, what kinds of risks tend to occur most often in the real world and what their consequences are.
My experience has been that folks using proprietary software are frequently in the position of bending over backwards (particularly in a large corporate or government environment) to make sure that they have licenses for every piece of software that their employees are running on the their PCs. The IT folks spend some serious time auditing to avoid the even larger risk of a BSA audit.
As for legal risks associated with open source software I have yet to encounter any. All I've seen are press reports of legal actions that show no outcome but to prove they were based on frivolous premises and some PR statements talking about legal indemnification which are excellent marketing strategies for certain vendors of proprietary software keenly afraid of their revenue stream becoming commoditised by free and open source software. About the only genuine risk I've seen with FOSS is for developers that disobey the "Share and share alike" GPL by releasing modified binaries without releasing modified source.
Perhaps I'm missing a serious issue and these folks could show some evidence of real people and real companies that have experienced harm due to lack of vigilance concerning the legal risks of FOSS. And they could explain why my personal experience doesn't reflect reality of serious legal risks with hard statistics concerning how much time and money are lost to risk mitigation and handling legal mishaps with users of FOSS compared to users of proprietary software.
"Provided by the management for your protection."
Some people just prefer the old business model, y'know?
Yes, of course they do. It's called Stockholm Syndrome.
The GPL does not expose a company's source code to competitors unless they choose to incorporate GPL code into their own. This is a choice, a conscious decision. It's a decision you don't even have with proprietary closed-source software.
To claim GPL'd code is somehow inferior to closed-source commercial software because of this is laughable. Simply laughable.
You can make all kinds of flame arguments about GPL vs. BSD vs. MPL vs. . . . well, any of the other open / free licenses. Go on, I dare you.
Microsoft is to software what Budweiser is to beer.
"... leading naturally to a decrease in important economy stimulating litigation."
Well, they are lawyers, and lawyers do generally want more litigation, but who knew they'd be so brazen...
"In order to make an apple pie from scratch, you must first create the universe." -- Carl Sagan, Cosmos
Earnie Ball, for one.
Microsoft is to software what Budweiser is to beer.
It's not FUD, it is simply "OSS for the uninitiated - be warned that if you're developing software, you might want to actually read the license of anything else you or your contractors plan to use rather than just ignoring it like you usually do". The general tone is "You can use OSS, but be careful".
Yes, the actual content is reasonable and sensible. It even specifically identifies the GPL as an appropriate license that has been approved for use in the case where software will either only be distributed internally, or can be distributed in compliance with the license. Which is exactly the advice anyone considering using GPL software needs to hear.
But the use of "infected" is FUD. The deliberately emotive language does create fear, uncertainty, and doubt in the reader's mind: it leaves you in no doubt whatsoever that the authors considered such licenses to be negative. And describing it in terms of "software that has been infected by an open source license", as though the software was just minding its own business when a nasty license crept up and attacked it, when in fact it's "software that the developers have chosen to offer you under an open source license", all out in the open and carefully thought out, is utterly ludicrous.
Great content, horrible language. I only hope the NZ government agencies that read this document employ people who are smart enough to filter out the FUD and benefit from the facts.
The crackberry crowd was using "proprietary software" and still are about to get hung out to dry over patent and IP issues. There almost needs to be a "starre decisis" for technology, an idea of "settled technology" that happens when and IP claim is brought against a company using software that has been marketed for a number of years without complaint. Is there such a thing? I'm thinking an IP holder should have 3 months from the time a technology is widely marketed (a fuzzy term, I know) where they have to crap or get off the pot as far as preventing another entity from continuing to use the technology. This might help eliminate the practice of buying up a patent long after a product possibly using that IP has been used widely and then suing. The attitude at that time should be "Hey, buddy, if you cared so much about this patent, you'd have contacted us years ago." Most of these software patents after mass usage are nothing more than parasitic attempts to benifit from other's work.
I agree with you. Lesser GPL
Here's parts of Section (bold mine):5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.
However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables. When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.
It looks to me that if I link to any library, my code is now a derivative. I'm sorry but the Q&A up on GNU is not a license so it doesn't matter what is said. The license will be what a judge will rule on.
My point is I will need a lawyer to understand this stuff and make sure I don't violate it. I'm not knocking it or anything, I'm just saying that a PRUDENT organization will understand the license completely - including getting legal advice.
I'm trying to find the article about Stallman's suit against NeXT regarding the Objective-C compiler. That is an example of what happens when you think you understand the GNU licenses.
Saturday is April 1. Slashdot will be shut down. Sorry for the inconvenience.
Yes, if you paste OSS code into your software project, you will need to follow their license. As opposed to copying proprietary source code ... which will merely LAND YOU IN COURT for piracy, hacking &/or theft of trade secrets. See, isn't that a much better option?
Of course it's also more likely to fail from schroedingbugs, because it's more likely that someone actually reads the code and thus finds the bug. :-)
The Tao of math: The numbers you can count are not the real numbers.
part of the problem is that people just talk about Free software and open source software as if they are all under the same licence. I think the guy is right in saying that you need to becareful. Consider the fate of a person who thinks he is using a BSD licenced app as a base for his own stuff only to reliaze it is GPL. Sure they are both open source and financially free, but you are not as free to do what you want with it under the GPL as you are with the BSD licence. It gets even more complicated when you have Mozilla licence, Apache licence, php licence , mysql licence and so on.
The war with islam is a war on the beast
The war on terror is a war for peace
I read it. The FUD is both explicit and implicit. The failure to compare the copyright or patent violation risks of open source software to those of closed source software, where the intellectual property you may be duplicating accidentally is invisible to you, is an implicit FUD. And the indemnification clause is an explicit FUD, since the resolution to most open source copyright violations is simply to publish your modifications to your clients.
The person who wrote this has clearly never examined the history of intellectual property lawsuits in the closed source world, where code theft is harder to discover but tends to be more destructive to the original author's property rights.
My understanding of the GPL was that basically you couldn't plan to distribute just an executable binary. That the person who the software is distributed too can also get the source.
:)
Now if the government is producing code based on GPL products, then typically they will be the only customer. The only one the code would be distributed to would be the NZ goverment itself. So the government would be the only customer that could ask for the source code.
Its going to worry about asking itself?
Just don't ask. Take the position that the product is an in-house development, and is never distributed outside of 'in-house'. No outside distribution, no GPL problem.
About the only thing I can think of that might propose a problem would be if the government produced standard programs for third parties. Like standardized tax preperation programs in lieu of distributing paper forms.
But as that would make sense, I don't think we have to worry much about a government doing it.
Joking aside, if the government doesn't go into the business of distributing software outside itself, this issue is a no-starter.
-- 3 events that reshaped the world in the 20th century: WW1, WW2, and WWW
Let me guess... (peers into crystal ball)... Oh yeah, that law firm represented Microsoft in New Zealand. They even cite Intellectual Property as one of their area of expertise.
Case closed. Move along, folks, nothing to see here.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
That six chapters of nonsense is not worth reading. It's full of the same "get the facts" nonsense you've seen 100 times since Microsoft decided free software was the only remaining threat to market domination. You could read the original licenses or talk to a real lawyer in less time than it takes to read M$ BS. I can only hope the people of New Zealand did not pay for it.
Friends don't help friends install M$ junk.
Regardless of risks of actual litigation and those idiotic software patents (doesn't even apply in NZ), the likelihood that there is copyrighted code in a proprietary application is higher than in an open source one.
Copyrighted code in a closed source app will be far less conspicuous than in an open source app, and therefore the programmer is more likely to think "well, no one will notice, anyway." In open source apps, the risk of being caught is so much higher, and therefore it's more likely to be free of copyrighted code.
> While the use of open source software has many benefits, it brings with it a number of legal risks not posed by proprietary or commercial software.
[F]OSS operates under the same laws as commercial software, and with the possible rare exception gives you more usage rights than commercial software. There shouldn't be any legal problem per se.
However, there is the social problem of people thinking that free(beer) means they can do whatever they want with it, which often isn't the case.
Teach your employees to use [F]OSS just like they would commercial software that they had a license to view, and you won't get in trouble. If your employees want to make use of the additional options made possible by a [F]OSS license, make them get a permit from someone in the company who understands the issues.
(In principle that would be the lawyers, but lawyers have a habit of saying 'no' as a knee-jerk response.)
Sheesh, evil *and* a jerk. -- Jade
Replying to myself, but the content really isn't as great as I thought it would be from the executive summary section.
For example, they assert that the output of GPL programs will be covered by the GPL - a point of view expressedly disavowed by most legal experts and by the authors of the GPL itself! I quote:
The GPL expressly provides that software compiled with the GNU Compiler Collection (GCC) is not infected by the GPL. Presumably the Free Software Foundation considers other GPL compilers will infect the compiled software.
Which is utter BS. The FSF's opinion on the matter is clearly stated here: that not only is program output not covered by the GPL, but that it would probably impossible to arrange for it to be even if you wanted it to be.
Then on the subject of writing GUIs, network clients, and the like, which interact with GPL'd programs without actually deriving any code from them or linking directly to the GPL'd code, the authors of this report say:
It has been argued that if these programs are written with specific open source software in mind, they will be infected by the relevant open source licence . . . The legal position is unsettled.
It "has been argued" by whom, we wonder? No answer is forthcoming. This is classic weaselling. Again, the FSF explicitly state here that the intent of the license is that if two programs are separate executables, the license of the one does not affect the other. So if even the very creators of the GPL do not argue that such programs are "infected", where IS this alleged controversy coming from?
Seriously, either New Zealand law is very different from US law and the GPL has a very different meaning in New Zealand, or this is FUD, or it's merely poorly researched. But my opinion of this report is falling fast the more of it I read.
It's a legitimate concern. At many companies where I've worked, they do use open source and free software, but they are careful when it comes to the license as they don't want to inadvertantly make all of thier work go under the GPL if it's distributed.
All the document is saying is to evaluate each piece of software by it's merits on an individual basis. Further, it says that there is "no reason why open source should not be considered on the same basis as commercial software" but that there could be some licensing concerns.
All in all, it's a sound and reasonable policy.
GJC
Gregory Casamento
## Chief Maintainer for GNUstep
> It was prepared by the State Services Commission
Actually from TFA: "this guide was prepared for the State Services Commission (SSC) by Chapmann Tripp" (my emphasis).
Great, read the fine license, that's a fine idea. Read every one of the hundreds of pages behind every "I agree" or "I submit" buttons. Read every page of every SDK use license you use. Read the back of every bill you pay to a non free software company, it's likely to change every month. I hate doing that, so I no longer use non free software.
I've read the GPL and the FSF license summary pages. It took about an hour, once. Apt-get has never sent me an "I agree" button, so I've never had to read any of those. It's really easy because they say what they mean then mean what they say. The license stays the same for a decade.
Friends don't help friends install M$ junk.
Of course it turns out that the patents are no good but if they had been would this lawfirm claim that buying closed source products is a huge risk since you never know if some patent abuser doesn't decide to shut you down?
Lawyers are like nukes. If the other guy has them you got to have them as well but on the whole the world would be a better place without them.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Then again:
c e-legal/chapter1.html
c e-legal/ )
"This guide was prepared by the State Services Commission (SSC)"
http://www.e.govt.nz/policy/open-source/open-sour
(The previous quote came from http://www.e.govt.nz/policy/open-source/open-sour
Alert: Companies must ensure they do not use the evil open source software.
The use of this software will clearly open you up to legal attacks, hence the word 'open' in it's name.
Instead, We advise that companies use commercial and non-open technology including:
1. Blackberry
2. Microsoft Products
3. Mp3 and MPEG
4. JPEG and GIF
By using these products, you ensure that you will never be stuck in the middle of a patent dispute, and that your product will not be recalled, modified, or discontinued.
Big ones, small ones, some as big as yer 'ead!
Give 'em a twist, a flick o' the wrist...
Comments about the pejorative connotation of "infectious" as used in this article should be read in light of why the authors say they use that word. They reference this paper as justification for their terminology. Seems reasonable to me; that document is informative and useful, as is the one from down under.
As others have already said, this is boilerplate advice in the software development world. I work at a large tech company and our legal department maintains a list of FOSS licenses which we can use, and for anything else you have to submit a request for approval.
... yeah, not so good :). We're supposed to clear all shareware/etc with them as well, but plenty of people don't.
It's a pain in the ass, but it makes sense. We're trained to ignore EULAs and licenses by years of just clicking "ok" but when it boils down to it, a company can lose substantial IP by the actions of a single developer who does that.
The funny part is we still have problems; they're just ignored. If a developer does some work using a nifty shareware text editor he's downloaded, and the license says something like "free for non-commercial use, costs one billion dollars for commercial use"
Not representing or approved by my company or anybody else.
Almost every single objection to OSS: lack of warranty, inability to distribute without following the license, left in the cold if the publisher goes belly-up, and others are exactly the same when applied to closed source, or worse.
It's just completely surreal that anyone listens to these people.
If corporations are people, aren't stockholders guilty of slavery?
Actually from TFA: "this guide was prepared for the State Services Commission (SSC) by Chapmann Tripp" (my emphasis).
And if you browse Chapman-Tripp's website you'll notice a prominent client:
Advising Microsoft Corporation on a number of e-commerce initiatives.
I don't notice any open-source companies in their list of clients, what makes this firm an expert in open source?
Enigma
that puts stipulations on USE. Hell there is absolutely no EULA in most OSS. Because the license does not in any way matter to someone simply using the software...
However, read a real EULA in commercial software....
The phrase "more better" is acceptable English. suck it grammar Nazis
Wow, I didn't know that applying political pressure in order to make someone obey a contract was illegal! Does the RIAA know this?
You are reading a copy of my copyrighted post.
Yep, this lot is a disgrace to honest trolls.
Exposure to faults
Wouldn't happen in MS products!
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
"The GPL is not entirely clear on the degree or methods of separation necessary to prevent the GPL "
Umm... Yes it is the GPL is based on copyright, if you don't include anything copyrightable then you are separated from the GPLed code/application.
The GPL isn't an EULA in the classic sense it's just a bunch of copy restrictions.
thank God the internet isn't a human right.
It's truly overstating the risks.
Why, I once spent a wild weekend with a couple of computers, installed everything in sight. Played the games. Ran the compilers.
Oh, how we cavorted, without a care in the world.
Turns out that one of those "open source" programs had a past, and gave me one of those "infectious viruses."
Oh, the horror. Splotches on my skin, and had to stay out of the sun.
Should I have been more careful? Sure; practicing safe computing would have prevented the problem entirely.
However, uncomfortable as it made me, a couple of shots of antibiotics made me good as new.
So be careful out there, but its not the end of the world if something goes wrong . . .
hawk
How can referencing someone else's library, regardless of their license, encumber my source code?
If I write, "call function SuperSecretMicrosoftThing in library MsftWinXYZ" how could that prevent me from putting my code under whatever license I want? I'm not distributing MsftWinXYZ, I'm just referencing it.
'It looks to me that if I link to any library, my code is now a derivative.'
Your work is only a derived work if you include anything that can be copyrighted (interfaces cannot be copyrighted!), so a statically linked binary will include the copyrighted library so the work is derived, a dynamically linked binary contants no copyrightable part of the library it was linked against (innlines in the headers are copyrightable so watch out) and isn't a derived work.
From the GPL:
0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law : that is to say, a work containing the Program or a portion of it , either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you".
It has been argued that the GPL cannot prevent dynamic linking, e.g. I linked against ATI's opengl implementation and then used MESA when I ran the application since the GPL cannot infect ATI's opengl then how can it infect my application? or something to that effect...
For more info lookup Abstraction, Filtration, Comparison
thank God the internet isn't a human right.
Damn ... this shyte is the best they can come up with?
If you think imaginary property and real property are the same, when does your house become public domain?
Okay, so I'm just curious. Exactly how many people have been exposed to legal loss from violating an open source license? I'm sure somewhat at some point in time must have, but I vaguely remember seeing once somewhere that nobody had ever shelled out any money over a GPL violation (and the GPL is at least the most widely used license).
But you can infringe the copyrights on on commercial closed-source software just as well as open source software, and I'm willing to bet that BSA audits and fines create much more loss and hassle than open source software *ever* has.
Come on. Your business might get in trouble for having unlicensed copies of WinXP or Office floating around, but it's damned unlikely that it will get in trouble for violating the GPL internally (not that I think you should, just trying to inject some reality into the conversation) -- plus, the GPL is a *hell* of a lot more lenient that just about any closed-source license that I can think of. The average user has little interested in violating the GPL, but the average user can *easily* infringe on closed-source software and has incentive to do so.
Consider how many unlicensed shareware products get used on a typical Windows desktop, then consider how much illegal software is on a typical Linux desktop (probably not much).
I mean, warning about the risks of OSS, when the risks of closed source software are far greater, is just silly.
Any program relying on (nontrivial) preemptive multithreading will be buggy.
The irony reaches unbearable levels when one reads, in its vision statement,
Open source eliminates those divisions. By definition, proprietary software creates and perpetuates them.
Perhaps a concerned New Zealand citizen should call them on the contradiction between the paid lies and propaganda and E-government's stated vision.
you had me at #!
Infected? Nooo, if the distribution has been altered, md5sum will give a different hash back.
NAME
md5sum - compute and check MD5 message digest
SYNOPSIS
md5sum [OPTION] [FILE]...
md5sum [OPTION] --check [FILE]
(relax, it's a joke)
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
I suppose there COULD be a problem with patent infringement. But the same holds true for any product. For the moment, it looks like Blackberry has more trouble with patents than the entire OSS world combined. I am not a lawyer, but somehow I suspect most of the patent infringement action (if it ever happens) will be against the authors of software, not the customers. Given the distributed/international nature of OSS development, patent enforcement might be futile. In some ways, it would be like the IRS trying to get Osama bin Laden indicted for tax evasion -- lotsa luck. I'll admit it's an unpredictable situation, but the closed-source alternative is not an automatic solution.
Then we have copyright infringment. Take any organization with more than a handful of PCs, and you have a fulltime job of license management. The more closed-source applications you have, the more license terms you can be noncompliant with. Users download and install all kinds of things they shouldn't. I doubt there is a single corporation in America that could get through a BSA audit unscathed.
Now, time for simple evaulation of the risks. Total number of BSA audits and total "fines" assessed for copyright infringement vs. total number of software patent lawsuits against OSS end users and damages paid to settle those cases. Both closed source and open source have been around for quite a while, so there should be plenty of real data to give the hypesters a day off. Based on ACTUAL PAYOUTS, which is the bigger risk? You decide.
However, the report itself is emblazoned with the SSC logo and, from all appearances, was published by the SSC. Whether in-house counsel or a third party wrote it is immaterial in terms of how credible it will seem.
The Busy Coder's Guide to Android Development
Remember IBM is not being sued by SCO for illegally using OSS. IBM is being sued by SCO for illegally using proprietary code. (whether they did that or not)
SCO has shown beyond a shadow of a doubt that starting with proprietary code can be viral and prevent you from having full control of your own "property" in the future. Once that proprietary code touches your, you are no longer the full owner of your software.
Dear Mr. Carruthers:
Your firm's recent dissemination of information with regards to Open Source legal issues needs some serious revision.
To get a sense of what the IT community is saying, please read the comments that ensue from the article: Slashdot Article
Using an inflammatory term like 'infectious' to describe open source software will only serve to alienate the millions of contributors who give portions of their lives to developping alternatives to commercial software.
We all use both proprietary and open source software in our day-to-day lives. Your position paper only serves to make the NZ government look foolish for hiring your firm.
*** Don't be dull.***
One of the most prominent cases where there is a threat to ongoing software availability in recent years is the NTP vs RIM patent suit. SCO vs The World may have had more publicity back in the day, but there was never a serious legal threat, whereas with NTP and RIM, an injunction blocking the use of RIM software was sought and hearings were held.
Is RIM's software Open Source? No. So is this letter from these lawyers pure bullshit? Yes.
... still have a section forbiding the use of the compilers to create a product that competes with a Microsoft product?
In all cases, care needs to be taken with reviewing software. Because code is openly available for open source, governments must make due diligence in reviewing the code themselves to be sure that it is safe for their purpose, no matter who advocates the software. This is a separate discussion from whether the software feature set supports what they need to do vs what commercial software will do. Commercial software does not allow for this, so F/OSS has an advantage here.
"Beware of he who would deny you access to information, for in his heart, he dreams himself your master."
Way to go with the selective quoting. Bravo.
You deleted the very next paragraph which describes the licenses rules for this "not precisely defined by law" statement:
If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)
And you deleted the very next paragraph, which says that all this is only describing things where the LGPL is totally irrelevant because it is not a copyright violation. Otherwise the LGPL is explicitly granting you rights to violate the copyright:
Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.
You also deleted all of "section 6" which describes how you can distribute without source code.
Now personally I think this section has some nasty problems in that RMS claims the end user should be able to change the library and relink, which is seriously out of touch with how modern software works, it would only be possible by distributing (perhaps obfuscated) source code to your program, making the difference between the LGPL and GPL nearly meaningless. I add an exception to my LGPL code to explicitly state that static linking, or any other use of the code that does not modify the code itself, it allowed. Adding such an exception is very common and I wish there was an official version of this, or the LGPL was fixed in this way.
I read the full report. Damn near every single section in the report would have been equal or "worse" had it been written about non-opensource software. Non-opensource copyright is at a minium equally "infectious", and generally vastly more "infectious". Any government agency should be critically aware of the severe legal risks of modifying or redistributing non-opensource software. Any government agency should be critically aware of the severe legal risks of using non-opensource software which generaly have extensive and complex licenses with a limitess variability of arbitrary contract terms. Any government agency should be critically aware non-opensource software generally has an army of lawyers on retainer to legally prosecute any perceived infringment or terms violation.
Had this exact same sort of report been written about non-opensource it would have to horrifyingly portray the vastly greater legal risks, pitfalls, and liabilites of such software. A fair legal assessment would be that any government should avoid touching any externally generated non-opensource software, except in extrodinarily narrow circumstances.
Virtually the only circumstance where you would need to take the heavy legal risk of using non-opensource software is when you want to externally redistribute that outside code while imposing a legal stricture on the receiver not to further redistribute it. It can only after obtaining carefully crafted licensing terms from the rightsholder of that non-opensource software, and should only be attempted under the strict advice of a lawyer reviewing such terms. And even after getting that expert legal review of contractual terms for such a project, it still remains a minefield of potential legal problems.
Sure my comments about using non-opensource are deathly overdramatic. However it is all an entirely fair comparison to this New Zealand report. Non-opensource legal issues really are far more hazardous than non-opensource issues. The report is misleading at best and blatantly fraudulent at worst, laying out the "dangers" of opensource while silently implying that non-opensource is safer.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Additionaly if your software contains routine you view as confidential, just leave them out and replace them with stubs. If I think my fancy security module is proprietarey, I can replace them with plain modules from the GPL community. How many packages are distributed with a file like conf-dist.php rather than the conf.php which contains proprietary data?
Apocalypse Cancelled, Sorry, No Ticket Refunds
No your company is a bunch of idiots who have bought the FUD from Microsoft.
they don't want to inadvertantly make all of thier work go under the GPL if it's distributed
This is WRONG. It DOES NOT HAPPEN, it is a lie from Microsoft and one of the biggest and hardest to eradicate.
If you distribute without obeying the GPL, you are VIOLATING COPYRIGHT. You are then required to cease distribution, and you may be liable for monetary damages. You are NOT "forced to give away your source code". In fact even if you put every piece of source code you have in the public domain, it does not mean you did not violate copyright, so you are still liable. So not only are you not forced to give away the code, doing so does not get you out of anything, so this lie is doubly untrue!
Think hard. If the NY Tiimes was accused of plagarism, would this cause all their articles to now be the property of the person who wrote the one copied article?
There were a few areas I took exception to, for example the idea that the risk was high for internal line of business tools but low for public distribution.
But the basic point of the article was to manage the development of open source software with a team that included lawyers for license review. Which should happen for all development, IMO.
LedgerSMB: Open source Accounting/ERP
just pull the plug
This piece tells you that if you don't read the license agreement, you might get stung. For example, if you pull code from a GPLed program, you may have to state that on your product.
If the author were not a lying weasel, he would admit that proprietary software has the same problems. For example, did you know that on many Microsoft license agreements, they used to put that you could not use that software to compete with Microsoft? Unilt the anti-trust litigation started, you could not use MS Windows to test a competitor to MS office.
Andy Out!
Reading the article I am struck by the fact that in tables it repeatedly shows that the BSD-derived licenses are not infectious, but never references this in any discussions of the problems or the solutions. Given that government agencies may wish to share software developed with other agencies, concern for the infectious provisions of GPL are a valid concern. A law enforcement agency may be willing to share its added code with other law enforcement agencies, but not with the general public. Since a different state's law enforcement agency is not the same entity this is a valid concern. But doing customization from a proprietary base is not going to be any more accomodating.
The article is crap, pure and utter FUD. It was prepared by a New Zealand corporate law firm, Chapman Tripp. Anyone want to take a bet that they have business ties to Microsoft and whatever big proprietary software firms are currently feeding of the government trough in New Zealand?
The bottom line reality is that for virtually any government agency, using GPL'd software would be a far better choice than proprietary--the agency has FULL RIGHTS to USE the GPL'd software however they choose, to modify it to meet their needs, and to benefit from improvements others make, all at no cost to the taxpayer. Using proprietary, closed-source licences is the real risk, turning over essential government operations and data to the whims of a private company, suffering from inevitable vendor-lock-in and intentionally incompatibility, and paying for the privilage.
The so-called "infectiousness" (a clever linquistic escalation; I guess "viral" wasn't testing negatively enough in the focus groups) is a non-issue; how many government agencys are DISTRIBUTING software at all as opposed to USING it? To those few that might be distributing software, how many are distributing PROPRIETARY software? If any are, they shouldn't be.
The GPLs share-and-share-alike requirements which this article tries to depict as frightening and "infectious" only come into effect when you are DISTRIBUTING software, not USING it. The only people who need to worry about that are crooks who want to sell Free Software (written by other people) as their own, without sharing the the source as they agreed to.
The truth is, the real risk for governments, legally and economically, is the unwarranted use of proprietary, closed souce software, often entailing bizare or extreme restrictions in USE (forget about distribution, no sharing allowed), foisted on agencys by clever salespeople backed up by lobbiests with thick wallets. Open source is the safer type of licence for governments and should be the preferred choice.
This study was done for a tax collecting government. The product of government programmers should all be open source. It is produced with tax money after all! They, most of all, should want to use infectious licensing. I am at a loss trying to figure out what software they would need to protect.
Who wouldda thunk freedom was infectious?
and describing it in terms of "software that has been infected by an open source license", as though the software was just minding its own business when a nasty license crept up and attacked it
Yeah, sort of like some REAL viruses are? "Yes Doctor, there I was minding more own business, when this nasty HIV virus crept up and attacked me! I wasn't doing anything!"
A Government Is a Body of People, Usually Notably Ungoverned
Thank you!
I wish people would realise that share-alike open source licences are 'infectious' or 'viral' in exactly the same way that all copyright licences are.
If I merge GPL/CC-BY-SA licenced material into my work, the derivative work is not entirely under my control any more. I can still use and propagate the derivative work, but the original licence 'infects' my code with its terms.
But if I merge a standard copyright file into my work, suddenly - depending on the exact licence terms - I may have no rights to do *anything* with the derivative work at all, and instantly become a criminal. Or I may be restricted in all sorts of weird ways - perhaps I am not allowed to write a competing product, perhaps I have to pay royalties. Perhaps the original contract I signed will be purchased by a whole chain of corporate entities who have different views as to what my obligations are, and will come back to me in ten years time looking for half of my profits.
See the SCO lawsuit for how this works.
In any case, as soon as I merge any copyrighted material into a derivative work, my work is 'infected' by the original's licencing terms. This is the nature of copyright.
You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
I think it's a real shame that whoever wrote their guidelines was more interested in spreading FUD than in giving unbiased information. But it's pretty clear to me that that person is a minority.
According to http://www.chapmantripp.co.nz/track_record/track_r ecord.asp?id=112, Chapman Tripp's roles include:
"Advising Microsoft Corporation on digital copyright, parallel
importation and copyright enforcement issues, including submissions to
the Ministry of Economic Development and the select committee."
"Acting as general counsel for Microsoft Corporation on its anti-piracy
campaign in New Zealand, including conducting copyright infringement
litigation generally."
Of course he won't have any bias towards OSS.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
If that isn't FUD-for-food, I don't know what is. Furthermore, the document itself does not stand up to scrutiny. It's the usual diet of carefully phrased lies and bogus insinuations. As zcat on Groklaw pointed out, you can't even get past the introduction without finding several unsupportable insinuations:
you had me at #!
I think this a slight misinterpretation of the GPL. All the 1st agency needs to do is release the code to the recipient of the software, under the terms of the GPL. If the recipient has no interest in distribution then the code stops there.
-- Free software on every PC on every desk
IIRC they cannot be printed and only are visible for a few fleeting seconds during the beginning of the install process. I've tried to get MS enthusiasts in IT departments to cough up a license, but all they can get out of MS HQ (their real bosses) are reams and reams of happy horse shit about the licenses, never any actual license.
I am curious as to how you actually did it, assuming your shop hasn't actually long since moved beyond MS.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
As PJ from Groklaw says:
Interesting, no? Or should we blindly accept any old document from any old law firm who work for the opposition?insecurity asks the wrong question irritation gives the wrong answer
Having had a look through this site; here is a good link: http://www.e.govt.nz/policy/open-source/open-sourc e-200303/chapter1.html which goes into explaining OpenSource.
People look at the original legal text, and they're assuming that you already know all the ups and downs of closed source software, and their legal ramafications, so hence, if we look at it from our perspective it sounds like an OpenSource bash, when in reality, its on the side of caution; its more, "before you use opensource, look at all the facts that make up the arguments for and against".
That's self evident by the use of the word infectious. I've never heard anyone other than Microsoft refer to licenses being infectious.
Anyway is this guy implying that I can redistribute derrivative works of Microsoft software. Some how I think MS Legal would have something to say about that.
What could be better than a jet powered motorcycle? http://www.youtube.com/watch?v=u8l6GTHLSWE
RTS,
This Argument seems to be reversing the case. reading further, He says that you should never modify open source software, and that it's better to go with proprietry (sic, it's too late at night to spell good) software, so that you can modify it (what!?).
It also states that the output of a GPL program is derived work, which is stated specifically not to be the case in the GPL.
One thing I have to argue though is that the FSF says that communicating through sockets is linking, which I think is BS, that's like saying because two books are both written in the same language, that they are derived works.
What could be better than a jet powered motorcycle? http://www.youtube.com/watch?v=u8l6GTHLSWE
Check out what wikipedia has to say about FUD http://en.wikipedia.org/wiki/FUD#Non-computer_uses
Groklaw later posted a story on it, btw, pointing out the conflict of interest. Or at least, paid propaganda masquerading as a guide in the public interest. Disgusting really.
you had me at #!