Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Software License That's Libre But Not Gratis?

Posted by kdawson on from the give-the-customer-what-he-wants dept.

duncan bayne writes "My company is developing some software using Ruby. It's proprietary software — decidedly not free-as-in-beer — but I don't want to tie my customers down with the usual prohibitions on reverse engineering, modification, etc. After all, they're licensing the product from us, so I think they should be able to use it as they see fit. Does anyone know of an existing license that could be used in this case? Something that gives the customer the freedom to modify the product as they want, but prohibits them from creating derivative works, or redistributing it in any fashion?"

24 of 246 comments (clear)

  1. No license necessary by morbiuswilters · · Score: 3, Informative

    IANAL, but if you are not imposing a EULA, you shouldn't need any kind of license. End-user licenses restrict what can be done with the copy of the software that is owned. Licenses like the GPL restrict what can be done when redistributing the software, but impose nothing on the end-users. If you are not wanting to permit your end-users to redistribute, simple copyright is enough to protect your rights without the need for an additional license. If the software is not being redistributed and you aren't requiring a EULA, then the end-users are free to modify the software as they see fit (or do anything with it, except redistribute) under existing copyright law. So it seems copyright law as-is protects you from redistribution and permits your users the ability to modify the software, without the need of any license.

    --
    I have come here to chew memory and kick ass... and malloc() is returning a null pointer.
    1. Re:No license necessary by gnick · · Score: 3, Informative

      Officially I think you're right. I deal with several vendors who license their stuff to us. We are often trying to work beyond what their out-of-the-box COTS customers want, so we often ask for a little bit of flexibility (APIs for developing our own aps - nothing fancy). They usually ask for a NDA, which may be a good idea in this case too, but nothing fancy.

      IANAL.

      --
      He's getting rather old, but he's a good mouse.
    2. Re:No license necessary by DustyShadow · · Score: 5, Interesting

      IANAL, but if you are not imposing a EULA, you shouldn't need any kind of license. End-user licenses restrict what can be done with the copy of the software that is owned. Licenses like the GPL restrict what can be done when redistributing the software, but impose nothing on the end-users. If you are not wanting to permit your end-users to redistribute, simple copyright is enough to protect your rights without the need for an additional licenseIf the software is not being redistributed and you aren't requiring a EULA, then the end-users are free to modify the software as they see fit (or do anything with it, except redistribute) under existing copyright law. So it seems copyright law as-is protects you from redistribution and permits your users the ability to modify the software, without the need of any license.

      This is 100% incorrect. Copyright law does not allow some to create a derivative work without the consent of the copyright owner. And when I say derivative, I mean modification. The author of the summary is confused because he or she does not understand that a modification is a derivative work (assuming modification uses the original aspects of the work that the original author created himself.) You are assuming that copyright protects only from redistribution. That is wrong. Here is what the statute says:

      15 USC 106. Exclusive rights in copyrighted works
      Subject to sections 107 through 122, the owner of copyright under this title has the exclusive rights to do and to authorize any of the following:
      (1) to reproduce the copyrighted work in copies or phonorecords;
      (2) to prepare derivative works based upon the copyrighted work;
      (3) to distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending;
      (4) in the case of literary, musical, dramatic, and choreographic works, pantomimes, and motion pictures and other audiovisual works, to perform the copyrighted work publicly;
      (5) in the case of literary, musical, dramatic, and choreographic works, pantomimes, and pictorial, graphic, or sculptural works, including the individual images of a motion picture or other audiovisual work, to display the copyrighted work publicly; and
      (6) in the case of sound recordings, to perform the copyrighted work publicly by means of a digital audio transmission.

      http://www.copyright.gov/title17/92chap1.html#106

      As you can see, derivative and distribution are two separate rights granted to the copyright holder.

    3. Re:No license necessary by sowth · · Score: 3, Insightful

      Since you're a developer you (should) know that everything gets copied everywhere a zillion times in the natural execution of the application code.

      How is this different than people use textbooks? People "copy" them into not only their notes, but their brain, "a zillion times." Or music? Any CD player which has skip protection copies the data to a RAM buffer to carry out its function. Any MP3 player copies the data to a decoder chip which probably also is copied to a RAM buffer before it is copied to the D/A converter. I could go on, but if you don't get it at this point, you are either screwing with me or are really stupid.

      In fact, "copyright" law should have been named distribution rights law because that is what it does. It doesn't really try to enforce copying like you claim it does. It enforces the authors right to control redistributing the material so he or she can make a profit off of his / her work as if that work were a real physical object. If someone copies a work they purchased for their use (as long as they have the material in their possession), that is within the spirit of copyright law. If someone gives (distributes) a copy to someone else while not assigning them the original copy they procured, this is breaking the spirit of copyright law.

      ...and file formats and APIs don't really complicate anything, at least with US law. (Your jurisdiction my vary) Last time I checked the US Copyright Office site, it said names, recipes, numbers and the results of math and the like were not copyrightable. Computer algorithms are the same as "math." Function names and calling them would apply to this category, would they not?

      Obviously anyone can claim what copyright is supposed to be, but this is the way I see it.

      I would also like to point out the constant asinine claims where many "businessmen" say they can micromanage, demand payment, and otherwise control something they have sold to another are an affront to the basic concept of property. Once you sell something, it isn't yours to control!

    4. Re:No license necessary by belmolis · · Score: 4, Informative

      This isn't really accurate. Although it is true that copyright law appears to prohibit the mere creation of a derivative work whether or not it is distributed, in fact some kinds of derivative work are not considered infringing so long as they are not published. If your interpretation were correct, annotating your own copy of a copyrighted book would constitute copyright infringement, which is not the case. You are perfectly free to annotate your books - you are not free to publish your own annotated edition of someone else's book. Similarly, it is infringing to publish a translation of a copyrighted work, but you may make your own translation and keep it for your own use.

    5. Re:No license necessary by scientus · · Score: 3, Informative

      thats specifically not what the poster wants, the creator wants to ensure getting paid, therefore the licence within firefox and truecrypt that permits copying (under certain restrictions) is not acceptable in this case.

      Also trademark stuff is valid for all software or anything even without copyright law even if things are in the public domain. Firefox etc all do more which is to copyleft it, making sure that people have to let each next user also view the original source, AND the contributions that any other developer makes, if they distrobute it.

    6. Re:No license necessary by j0nb0y · · Score: 3, Interesting

      And this is why it's not a good idea to get legal advice on slashdot...

      let's review:

      The exclusive rights granted in copyright law are detailed in 17 USC S 106:

      17 USC S 106 Subject to sections 107 through 122, the owner of copyright under this title has the exclusive rights to do and to authorize any of the following: ... (2) to prepare derivative works based upon the copyrighted work;

      The statute uses the word prepare. You will be in violation even if you don't distribute your derivative work. For a case dealing with this specific subject, see Walt Disney Productions v Filmation Associates, at 628 F.Supp. 871. Unfortunately I can't seem to find a copy of it online.

      IANAL

      --
      If you had super powers, would you use them for good, or for awesome?
    7. Re:No license necessary by The+Snowman · · Score: 4, Informative

      Not only is specialized software with restricted access to the source, but the person selling the software needs to have an actual contract in place, not rely on copyright law. My company does this: we develop highly specialized software, and our customers have the option of either using it in binary form, or having access to the source so they can customize it on their own (this costs more). Either way we have contracts in place written by our corporate lawyers that basically say "whatever you do, you are not allowed to sell it, redistribute it, etc." and the contract is specific to that business relationship. It names the two companies and the specific terms of the sale that is occurring, and the terms of the contract.

      Relying on copyright law would likely not work very well in this case, as it is ambiguous enough that to this day people are arguing about it in court.

      --
      24 beers in a case, 24 hours in a day. Coincidence? I think not!
  2. Re:And your asking slashdot why? by Toonol · · Score: 5, Insightful

    If it is an interesting question, more than just the poster can benefit from the answer.

  3. slashdot legal advice? by drDugan · · Score: 5, Informative

    um, like, hire a real lawyer. really, dude.

    1. Re:slashdot legal advice? by Cadallin · · Score: 3, Interesting

      um, like, hire a real lawyer. really, dude.

      ^ ^ That. Seriously. But secondly, You're asking about EULAs. The GPL is not a EULA. None of the libre/Open Source licenses are EULAs.

      What you want is purely the domain of contract law. The conditions under which you license software you own are between you and the licensee. Plus whatever court has jurisdiction if either of you decides to sue. Hire a lawyer if you're not confident on what provisions are likely to hold up under a judges scrutiny.

    2. Re:slashdot legal advice? by seanadams.com · · Score: 5, Interesting

      um, like, hire a real lawyer. really, dude.

      That's real brilliant advice, but the problem is there are astonishingly few lawyers who will have the slightest clue how to answer this question.

      I would suggest that a techie's best bet is to get as informed as possible before taking this to a lawyer, because it's really treading new ground. Can you tell I've been there?

      Slim Devices, and subsequently Logitech, wanted to pursue this kind of license for our firmware, so that we could allow customers to have certain benefits of open source, without enabling competitors to make knock-offs of our hardware products with no effort beyond soldering down the parts.

      Ages ago I came up with the Slim Devices Public Source License, which later got rolled into the Logitech Public Source License. Only recently did we actually ship a major firmware product based on it, which is the SqueezeOS platform that underlies the (imminently hackable, linux based) Squeezebox Controller. Customers can see the source code, learn how it works, customize it to their needs, etc, but they are not allow to redistribute without permission. It's not "Open Source" by the official definition, but it's a great compromise IMHO which met our business constraints.

      I searched far and wide for lawyers who understood these technicalities, and even at a major multi-B corporation with an awesome legal team, this was new ground. So educate yourself and check out as many examples as possible, and then find a good IP specialist to help you craft a license, but be prepared to prescribe exactly what you want that license to do.

  4. An incorrect foundation by dyfet · · Score: 3, Interesting

    Like many people, you seem to assume incorrectly that copyright law, as defined historically, can be used to artificially control what people do with something they have received and use in their own privacy in the first place. You actually do not have to do anything outside of existing copyright law as it is historically understood and intended to accomplish what you desire. This is why the GNU General Public License, as a copyright license, has to explicitly offer the right to sub-license (distribute) original or derivative works.

    Now some evil companies try to attach additional restrictions using common contract law to claim additional rights they do not actually have under copyright to deprive people of their existing and even constitutional rights (and what can in many situations be considered contracts of adhesion), and the results of these bastardizations are what is often called things like eula's.

    1. Re:An incorrect foundation by Brian+Gordon · · Score: 4, Insightful

      as it is historically understood

      Why is it that you couldn't just say "as it is currently understood"? Obviously because it's not understood that way anymore. Copyright today bears very little resemblance to old copyright law. IANAL, but I read a book once.

  5. this sounds like "Shared Source" by Anonymous Coward · · Score: 5, Informative

    which was the name of Microsoft's family of "not quite open source" licenses a few years back. Several products allowed you to examine the source code but do little else. I don't think they even allowed you to modify and recompile it in those days, but they've since replaced it (IIRC) with the "Microsoft Permissive License" which might be less restrictive.

    One product I remember was Rotor, a sample implementation of the .Net Common Language Runtime (similar to Mono but not as comprehensive). Another was the WTL Win32 GUI framework, which was an alternative to MFC based on ATL (Active Template Library).

    Slashdot was even more heavily anti-MS a few years ago and there used to be withering sarcasm at any mention of "Shared Source"... not so sure about today.

  6. Not much needed by Zerth · · Score: 3, Insightful

    Slap a big "You can't distribute our code or your modifications" on it.

    Seriously, though, you don't need much of license to cover "hack it, don't share it". It is the copyright/patent crazies that add the "can't decompile, modify, etc". The default state of copyright is you buy it, you can bang on it, you can set fire to it, but you just can't make copies or derivative works.

    All you really need to make clear is that you consider patches, mods, etc to be derivative works and remind them that they can't share them.

    That will last until somebody makes the first User Group list, but at least you tried. Make sure you get enough money up front, because your consulting money will dry up after enough users feel overcharged that one gets into the fixit business.

  7. Terms & Contracts by logicnazi · · Score: 3, Insightful

    I don't remember the exact definitions but I seem to remember that any modified copy of the product that your customers create, even if it is never distributed, counts as a derived work.

    Now if you are really going to be selling this software as a commercial product I think it's a mistake to do so without getting some legal advice. The fact that you are selling your product (instead of giving it away) may very well create implied rights of action, e.g., state or federal law may allow customers to sue you for damages if your product causes data loss or otherwise fails to live up to expectations. Therefore failing to get legal advice might open you up to liability.

    Of course there are probably generic software licensces that are prewritten but the genericity usually comes from the fact that they cover your ass by restricting the customer's rights as much as possible. Still, if you look you might find something.

    What you really seem to want is a licenses that give the customer the rights to use the work and create derivative works as they see fit but not to redistribute the work or any derived works. Since you should be getting legal advice anyway this would be trivial for a lawyer to arrange.

    --

    If you liked this thought maybe you would find my blog nice too:

  8. Wait, what? by Timothy+Brownawell · · Score: 4, Informative

    gives the customer the freedom to modify the product as they want, but prohibits them from creating derivative works

    Modifying the product is creating a derivative work.

    My company is developing some software using Ruby. It's proprietary software â" decidedly not free-as-in-beer â" but I don't want to tie my customers down with the usual prohibitions on reverse engineering, modification, etc. After all, they're licensing the product from us, so I think they should be able to use it as they see fit.

    Look into selling them a copy of your software, instead of a license to use a copy of your software. US copyright law does permit people who actually own a copy of software to make certain kinds of modifications (don't recall what exactly), make the needed copies to actually use it (disk -> ram, etc), and such.

  9. immunity by Deanalator · · Score: 3, Interesting

    You might want to check out Immunity.

    http://www.immunitysec.com/

    They sell CANVAS, an exploitation framework. A subscription is pretty expensive (that is, dirt cheap compared to core impact), but it comes complete with python source code, and the licence they use gives full rights to modify any of the code as you need to (sort of a requirement for exploit frameworks).

  10. Re:And your asking slashdot why? by Anonymous Coward · · Score: 4, Funny

    A basic search will turn up a lot of licenses, how can you be so lazy that you can't type something into Google but are able to submit a Slashdot story?

    It's not laziness. We just love seeing you get your knickers in a twist.

  11. You are looking for a non-libre license. by pthisis · · Score: 3, Informative

    Something that gives the customer the freedom to modify the product as they want, but prohibits them from creating derivative works, or redistributing it in any fashion?"

    This question shows a total lack of understanding for what "libre" software is.

    A license along those lines would not be "libre but not gratis". Being freely redistributable and allowing derived works are core parts of "libre" software.

    All the common definitions of "libre" software (OSF, DFSG, etc) include statements like:

    "Free Redistribution

    The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license shall not require a royalty or other fee for such sale."

    and:

    "The license must allow modifications and derived works"

    --
    rage, rage against the dying of the light
  12. Re:And your asking slashdot why? by hdon · · Score: 4, Insightful

    A basic search will turn up a lot of licenses, how can you be so lazy that you can't type something into Google but are able to submit a Slashdot story?

    Why read Slashdot at all? Just Google the news, like I do. Just type "What is <current-date> like?" into Google and let'er rip.

    Google provides search results, not dialog.

    Slashdot used to provide editing, too, but for a while now that's been more of a nuisance than a feature.

    *ducks*

  13. Re:And your asking slashdot why? by duncan+bayne · · Score: 4, Funny

    Because it's not about helping, it's about feeling better about himself by proving his intellectual superiority in a public forum.

    Just like I did right there ;-)

  14. Re:I've seen a few companies do this by ADRA · · Score: 4, Interesting

    > important to keep the source code super secret

    The reason will most likely be listed below:

    1. End users making their own changes but still complaining about error that may or may not be a result of their unauthorized modifications

    2. Afraid that other competitors will 'leverage' your investment in development using legal or illegal means.

    3. They don't want anyone to know that they 'leveraged' your investment in development to further their own product using legal or illegal means.

    4. They didn't bother to patent anything and they're relying on being hidden to keep their trade secrets safe.

    5. They license another developer's code which has the exact same limitation, and instead of negotiating with the upstream dev for source distribution rights or reimplementing the needed functionality themselves, they just choose to do nothing.

    Anyways, many development environments/frameworks allow for source distribution because customers want to know why an obscure function 3 stack steps into your API routine is throwing ugly errors at you. With clear-and-open source, a developer could use a debugger and realize that they screwed something up before having to contact support with an obvious (to the original dev) problem.

    Outside development libraries/frameworks and free products, a full source dump of any given product is pretty rare, at least from my experience.

    --
    Bye!