Slashdot Mirror
Your License Is Your Interface
dp619 writes "License-free software has become a thing. Only 14.9% of repositories on GitHub have a license, according to recent Software Freedom Law Center research. Red Monk has observed that this trend is occurring principally among younger software developers. Outercurve Foundation technical evangelist Eric Schultz has offered up his opinion, saying, 'As an active developer I want to add a slightly different perspective on the dangers of releasing unlicensed software. My perspective is based on a simple phrase: "Your License Is Your Interface."' He adds, 'A license similarly defines the interaction between the software, or more precisely the creators of the software, and users. Just like an interface, a license defines intended behavior of users of the software, such as the four essential freedoms or the ten pillars of the Open Source Definition. Just like an interface, a license prevents unintended behavior of users of the software, which depending on the open source license, may disclaim the original author of liability for use of the software, prohibit redistribution without recognizing the original author or prohibit distribution of derivatives under a more restrictive license. When it comes to legal use and distribution of your software, your license IS your interface.'"
it always misleads with picking "GNU GPL" or "Creative Commons" but not actually representing the said license in the work itself. I've seen a few of these on Sourceforge that only exploited the service only to provide redistribution of non-Free materials contrary to their license.
Eric Schultz appears to underestimate the ability of programmers to not give shit about licensing.
Lawyers want to wheedle their ways into all our lives. Ignore them, they won't go away, but it will simplify your life.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
"different perspective on the dangers of releasing unlicensed software. "
Technically, you cannot release unlicensed software. Sure, go ahead and post it to a public repository, but without an explicit license, copyright law forbids anyone else to make use of it. So you haven't really released it, just posted it out there to tease people.
If you don't want to pick one and you don't care, at least say something like "released to the public domain" to make it explicit. (This option isn't available in all countries, though.)
Most creative commons requires attribution. If you really "don't care", you should explicitly state that your software is CC0
If you're a zombie and you know it, bite your friend!
Here's what GitHub says in their terms of service:
We claim no intellectual property rights over the material you provide to the Service. Your profile and materials uploaded remain yours. However, by setting your pages to be viewed publicly, you agree to allow others to view your Content. By setting your repositories to be viewed publicly, you agree to allow others to view and fork your repositories.
That creates some interesting issues. When someone "forks" something, what rights do they have?
I suspect that many people not specifying a license for what they put on GitHub just assume GitHub owns everything.
3-clause BSD for small utilities, library function or scripts that are pretty much feature complete. It has the disclaimers and lets others used the code as they see fit without worrying about disclosing their source code.
GPL v.3 for code that are meant for open-source projects. It keeps the source code available and encourages others to contribute. I find that people are less likely to contribute if there is even a slight chance that someone else could make a commercial product out of it and keep the modifications to themselves.
The overwhelming bulk of my code is public-domain due to work requirements.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
Default: public domain
not in any jurisdictions that are party to the Berne Convention.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Software without a license is like a poison for everyone else. There's typically no legal risk to a developer in releasing their software, since it's likely he has the copyright. But it creates a legal minefield for anyone else who uses or modifies the software, either directly or by using software that stupidly embeds such things. At any time the developer, or his employer, could sue, and there's nothing the user could do.
Ignoring lawyers does not simplify your life. Sure, it'll simplify your life today, but only by creating potential disasters in the future. You need to think about other people, and whole lifetimes, not just think about yourself today.
If you think that copyright should only apply to software if it's marked, then work to get the law changed. It used to be that way before 1976. But it's not 1976. I suspect that the law won't get changed, really. But intentionally creating dangers for other people is a terrible, nasty thing to do.
- David A. Wheeler (see my Secure Programming HOWTO)
Except that without a license, no one can do anything with it!
At least slap a CC0 on it, or a WTFPL.
If that is your wish, release under BSD
Legally the default is all rights reserved, so putting no license means that nobody can legally distribute or derive from your code
Snowden and Manning are heroes.
Here's the other thing: without a license I can't use a copy. All software is copyrighted by default, unless there's an explicit dedication to the public domain. Absent a license, only the author of the software may make and distribute copies of it. So with no license on the software I'm OK looking at it on Github of the like, but making a copy of it onto my machine to build, use and redistribute as part of my own software is right out. I have no license from the copyright holder to make and distribute those copies. So if your software doesn't include a license? I can't safely touch it nor can I use it.
If you want to put no restrictions on reuse of your code, put it under something like the BSD or Apache license. But if you don't put it under some license, it's automatically under a license that says "You may not copy or redistribute this work, nor may you make and distribute works based on or derived from this work.".
Nope, not legally. Code is automatically copyrighted in any Berne signatory country. You can not relicense a work that you do not hold the copyright to.
Speaking of danger, when someone sues you because your software crashed their airplane into a nuclear reactor, you're going to be wishing you'd picked a more restrictive license.
Specifically, one with a "no warranty" provision.
There's no -1 for "I don't get it."
If you don't want to use a real license, just use the DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE. It's one of the more permissive licenses...
The definition of obfuscation is to confuse, bewilder, or stupefy, or to make obscure or unclear.
In security, the normal rule is that the algorithm chosen should still be secure _even if the attacker knows what it is_.
On the other hand, passwords, crypto keys, etc. are all pieces of data that are secrets. This is a very different thing from obscure.
If GitHub made your personal interpretation a requirement for using its site at no charge, that might work. But GitHub's terms don't really make sense for what people are trying to do on it. GitHub only allows you to "view" and "fork".
Are users allowed to run the code? The answer appears to be "no". That's because under most countries' law, including the US, by default users have NO rights unless they are granted somehow. Heck, as far, as I can tell, users aren't even allowed to modify it, because you can make a fork without modifying it, and only "forks" are allowed. Now we have to dance on what a "fork" means, and the LAWYERS, not the programmers get to decide.
If you want to release software, and collaborate, great! Posting stuff without a license is not a release, it's a legal minefield.
If don't include a license, the LAWYERS decide what is allowed... not the programmers. You probably won't like what the lawyers decide.
- David A. Wheeler (see my Secure Programming HOWTO)
The tort law, under the standard of strict liability, applied to product liability. By deleting the customer's files you would be guilty of negligence. This negligence is proven first by showing that you had a duty to care for the customer's files, because you were aware that makefile commands could delete them and thus would have such a duty under the precedent of MacPherson v. Buick Motor Co.. You breached your duty by putting an rm command in the makefile. This breach will have been the cause of the plaintiff's lost data, and will have caused quantifiable damages such as loss of intellectual property, work stoppages, and whatever else the prosecutor can invent. So yes, you would indeed be liable. You might argue that the code was used without a license, but you'd need an expensive lawyer to make such an argument for you. You'd also need to travel to plaintiff's jurisdiction and live there for the duration of the trial. Can you afford all that? I didn't think so.
Great points, but a minor correction: He hasn't open sourced anything. To release something as open source, it has be released so others can LEGALLY read, use, modify, and distribute it. That's typically done by a license.
- David A. Wheeler (see my Secure Programming HOWTO)
Indeed. And in fact you indirectly raise another issue - if the "original" author is so ignorant of copyright law that they "share" their code without any licensing information, then there's a fair chance that they have themselves incorporated other people's code into their work without regard to copyright restrictions, so you may be opening yourself up to legal liability for having GPLed, "shared source", or other restrictively licensed code incorporated into your software without realising it.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
And we all do this.
No, no we don't. Just because you do, doesn't mean everyone else does as well.
Who said that the person who downloaded my code (whether licensed without a disclaimer of warranty clause, or unlicensed) is a customer of mine anyway?
Give me any case law where liability could be assumed where software is the specific cause of the issue.
I see people like you argue that I have assumed liability for publishing software without a disclaimer of warranty. But then I go and read those Wikipedia articles, and it appears to not matter for physical items. So why would it matter for software?
I.e. I think you, and everyone else who argues similarly, don't know what you're talking about.
HELP MY ACCOUNT HAS BEEN HACKED BY AN ILLIBERAL ART STUDENT SET TO DESTROY THE INTERWEBZ!
If you release it with no license at all, I don't know what the hell to do with the code. Can I have it for my program? Does your copyright trump everything. Absolutely no license is pretty much all rights reserved by default I'd suppose. No license is as bad as GPL. I don't really know what my obligations or permissions are, so I actually forego using the code. If I don't have legal right to use your code, I do not have legal right to use the code. If you don't expressly say I can, I may not be allowed to.
Using a more liberal license than GPL is great, I always do it. But, TFA says "no license" and that's a piece of crap, upload a BSD code fragment for goodness sakes, or oddly enough you completely own the code and I have no right to it at all.
It is no longer uncommon to be uncommon.
Please don't license software under the Creative Commons licenses. They're not GPL compatible, and Creative Commons themselves don't recommend it. (CC0, their public domain dedication, is still OK.)
That's an interesting take but I don't understand how that will protect the programmer. You can still be sued for patent infringement no matter what license your code uses, right? Seams unlikely that you can protect yourself from being sued by releasing your code under a particular license.
Mortenson vs Timberline is the most well-known case pertaining to EULA liability disclaimers. In the case the Mortenson company failed to win a construction contract due to a "bug" in the Timberline software it was using, and sued for damages. The court ruled that the liability disclaimer in the EULA shielded Timberline from liability for these damages. Because of this case and because most software is licensed and includes liability disclaimers in the license, we no longer have lawsuits claiming damages due to buggy software. If we did, prices of software would have become astronomical due to the need to carry liability insurance.
The Supreme Court. See the case I linked to in my original post where a customer purchased a car from a dealer and was nevertheless able to sue the manufacturer even though he was not a direct customer. In your case, github would be in the role of a dealer due to its terms of use stipulating that you agree to allow anyone to download any code you publish on the site. So even though you did not directly sell your code, the people downloading it are your customers through github, and you are liable for their damages.