License to kill. License to use
Famous James Bond 007 had a license to kill; the "00" designation in his code number meant he had a sanction to apply a deadly force. In order to use any software you also need a license. Let me repeat, *any* software, even one which you can download free of charge with a couple of mouse clicks.
When accepting a license you become bounded by a legal agreement that the software is available under. Tell me honestly, how many of you and how often do you read the license agreement shown during install screen that makes you select a radio-button "Yes, I accept this license" before clicking Next? I bet very few, and I’m not a role model either ;-).
The fact that you can freely download some software does not imply you can use it and distribute your software based on it at your own wish. The most famous example is GPL'ed software (General Public License) which is known to be 'viral', i.e. making your own software GPL'ed. This at least applies to GPL version 2; version 3 comes with some more sophisticated terms which I did not fully study yet.
So, what about Open CASCADE license ? Among most important aspects, I'd underline that it's quite permissive and allows you to use OCC in your project (open or closed source, free of charge or for a fee), that can be distributed under your own proprietary license. Like most other Open Source licenses it requires that you include a copy of the license into your distribution. All modifications to Open CASCADE software you might make must be made available in source code, under the same license to anyone.
The summary on the site says it is "LGPL-like". I must confess this was my own suggested wording which we put with the web team, when I worked at Open CASCADE. We put that note to contrast it with GPL. It was based on my then knowledge of the subject. Working at Intel, where licensing issues are explained as part of mandatory trainings I now view this is not exactly the case. LGPL is still quite viral (though much less than GPL) and is not too welcomed in commercial applications. The OCC Public license has quite different focuses.
I believe the OCC license is somewhat weird and should better be changed. There are several existing widely recognized and adopted Open Source licenses. Any time the company comes out with its own 'open source' or 'public' license, it creates a headache for potential users and company's lawyers to read it and to understand implied rights and obligations. For average people (even native English speakers), juridical vocabulary is Greek. Take the Tax Code of your country, open it and start reading on an arbitrary page. I bet you will have to re-read each paragraph several times before you get an idea of what it is about, not saying a word about tiny details where, as we know, the evil is. So, if you really want to give your software into the Open Source world, you better choose something existing.
In this regard, Intel's move in 2005 was very symbolic to discontinue its own (and, by the way, recognized and approved) Open Source license. Motivation ? Exactly that, stop license proliferation and ease Intel’s software adoption. Look what other successful people or companies do – learn and do the same ;-).
So, my modest suggestion to the Open CASCADE company is to consider favoring some well recognized Open Source license and to migrate to it. This will ease OCC adoption and will benefit all parties.
We can continue discussion in comments. So feel free to throw in your ideas !
9 comments
Roman, your own software cannot be 'infected' by the GPL. A quick Google search on "GPL viral" links to http://www.technewsworld.com/story/33968.html which explains this very well.
ReplyDeleteThat said, I fully agree with you, license proliferation is a pain.
Hi Denis! Thanks for support and ideas. Thanks also for the link to the article, I have read it with interest. Though I found it understating GPL implications for software. Let's highlight a few risks that developers/managers often oversee.
ReplyDeleteBut before doing so, let's underline that this relates to GPL, not Open CASCADE license which is much more permissive.
GPL 'virus' appears as soon as you start distributing your software, that means outside of your organization. There is no risk to use GPL'ed software for internal purposes. But as soon as you start distribution of your program which is either a derivative work of GPL-ed software (e.g. modified version thereof) or is just based on such software then it becomes GPL'ed. That's the copyleft principle. Literally, when you #include a GPL header, your software starts containing GPL code. If you cut and pasted a code from a GPL library, you infected your code with GPL. Well, there are certain exceptions to Linux kernel headers but let's omit them here.
At the same time, GPL does not limit you from charging fees for your software, consider paying Linux distributions for example.
So basically, GPL is fine as long as you understand obligations that it may cause.
If your software is not GPLed but inadvertantly contains some GPLed code, there is no 'contamination', your software does not become GPLed automatically.
ReplyDeleteWhat happens then is that you cannot distribute your code until you make it GPL or replace the GPLed parts.
So there is absolutely no risk, you still retain full copyright on your own work.
Absolutely!
ReplyDeleteI read that GPL v3 contains some provisions regarding such 'inadvertent' inclusions (but don't know any details).
By the way, copyright is always retained (regardless of the license you may be forced to use in the end of the day) until you expressly disclaim it or pass on to someone else.
Reposted a comment by Pawel K from the forum:
ReplyDeleteThere is another issue about the licenses. The impact of the license is directly affected by the applicable laws. An example: in the European Union you must make the user read/understand/accept the license before he/she acquires the product (commercial or not). According to this, if you allow a user to download a software and then - during the installation - show the "license acceptance dialog" the user is not bounded by the presented license agreement (at least that's what I was told by a lawyer).
So if a user in the UE downloads a GPL'ed software but without having the license accepted before he/she downloads... there's a problem...
Is there a lawyer out there??
Very interesting comment, and I would like to hear a real lawyer's reply (as I don't buy it *as is*, sorry ;-) ).
The requirement that a user has read and understood the license agreement is virtually not enforceable (I bet an average user has much difficulties to *understand* the license). Acceptance is verified by a check box (or radio-button) the user is obliged to check before proceeding.
The fact that software vendor did not ask for a license acceptance before downloading and there proprietary license, GPL (or whatever) requirements become void because of that represent a lame excuse and would make any vendor too vulnerable. And by the way what about software available on CD's when download is not involved ?
Anyway, I recall an Intel's practice called "click-to-accept-before-download" that ensures that the user is shown a screen with a checkbox before he/she proceeds to download. So there are probably some connections with your reference.
Nonetheless, you point to a very valid comment which is that applicable laws may vary from country to country. Eventually everything is in hands of judge(s) that would resolve the lawsuit. So, to protect yourself you better understand what you may and may not do with the software, by the letter and the spirit of its license.
Hi Roman, I am posting here so that the post on OCC forum keep focused on OCTPL; can you please explain or give a pointer to an explanation why LGPL forbids static linking at your opinion? This vaguely reminds me something, but I do not remember where we already had this discussion, and I am quite surprised by your statement, I wonder whether you mean GPL instead of LGPL here.
ReplyDeleteHi Denis,
ReplyDeleteI'd suggest that for very detailed explanation of this you rather seek FSF/OSI or other more focused forums. The logic is quite simple - LGPL requires that the user must be able to substitute an LGPL'd library with its newer version (e.g. containing his/her own modifications) and keep on working. Static linking makes that impossible. Another requirement - reverse engineering enabling (discussed above) - which cannot be met (to my understanding) in the case of static linking. Though LGPL 2.1 does not expressly speak of dynamic(shared) vs static linking, its part 5 sounds as if any injection of the source code (except for minor data structures, macros, etc) infects the user code and makes it LGPL'd. Given that I assume that creation of a single library (or executable) that unites user code and library object code will make user code LGPL'ed. That is why LGPL should also be treated with much care, as one inattentive step can expose your code to unnecessary risk.
Again, this is better to be discussed in specialized forums.
Take care.
Thanks Roman, I see your point now about LGPL and static linking. Found nothing at the FSF site, but interesting infos here, especially the link to FLTK license which is LGPL plus exceptions for static linking.
ReplyDeleteI realize that I am way late in this discussion, but I would really like to post my opinion on this issue. I really do understand that the idea of the license is generally in good spirit, and that sending changes back is meant as a prevention from developing this software closed. However... This sets of a net of red flags for the open source community. The problem is that you fail on Debian's "The Desert Island test" where it basicly says that you should be able to enjoy freedom without having to upload stuff back onto the web. This is in compliance 4th requirement of the open source definition. Since this fails, the license (and as such also the software) can not be considered open source or free. In addition it should also be noticed that in order to download from your site you have to sign up to your "open source community" which means that the software also fails debian's "The Dissident test" which basicly says that you should be able to enjoy freedom anonymously.
ReplyDelete