International In-house Counsel Journal Vol. 10, No. 38, Winter 2017, 1 Open Source Software: Compliance and Risk Mitigation SHILPI SNEHA In-house Counsel, India 1. Introduction – a brief history of where it all began The proprietorship of software was not a familiar concept in the 50’s and 60’s. The hardware and software were seen as an inseparable “system” and the cost for the operating system or any associated software used to be included in the price of the hardware. The human readable form of software i.e. source code were distributed along with the hardware to ensure that the user can make their own changes or modification for smooth running of the hardware. Users generally distributed the software, bug-fixes and any modification with each other freely as there were no strict licensing terms and even if there were few organisations who included license terms, enforcement of such terms was not usual. With the increase in many organisations and corporations who invested time and resources for development and betterment of software and the industry itself, software became the source of revenue opening a huge consumer market and protection of the software or its source code became the need for these corporations to survive beneficially. Upon being adequately famous and having dependable customer base, in the 1980s, AT&T stopped the free distribution and started charging for patches. One can also refer to the famous open-letter written by Bill Gates to the “hobbyist” (as the earlier free distributors or contributors were known as) in 1976 wherein he clearly mentioned the discontent on the free distribution of Microsoft’s proprietary software in as many words as possible. To a great extent it made sense that the people who have invested so much of resources and have taken up the development of software as a career should be able to reap the commercial benefits arising out of the software as a “reward”. It’s only but natural for every ideology to have a counter-ideology. While commercial organisations were more interested in protecting the benefits of their investment and hard work, the “hobbyist” or the “hackers” wanted the freedom to use, distribute, modify the software as per their own requirement which would also have included the option of fixing the bugs themselves or through a free or economical alternate. It is very much possible that a group of people like Richard Stallman would have faced similar problem, who wanted to fix a printer but could not because he was not allowed to access the source code of the software. Richard went on to launch GNU Project in 1983 and the first version of GNU GPL in 1989. The GNU Project was launched with the objective of developing an operating system and the other complimentary software required for functioning of a computer to be freely available to the users for use, modification, distribution and contribution. The first free operating system Linux came into being when Linus B. Trovald developed Linux kernel and released it under GNU GPL v2.0 in 1991. The intent of this paper is to understand the basics of open source, the evolution of industry from being OSS phobic to being OSS supportive through citation of example (and some important recent contributions to OSS by giant players in the industry), OSS as a beneficial business model and also to emphasize why it is important for every organisation to have OSS management and what risk mitigation steps can be taken for better protection. International In-house Counsel Journal ISSN 1754-0607 print/ISSN 1754-0607 online 2 Shilpi Sneha 2. Free Software, Open Source Software and Freeware: a general understanding a. Free Software: The Free Software Foundation was established by Richard Stallman. The philosophy of the foundation was that the software to be “free”, not of cost, but of restrictions. Hence, a free software does not necessarily mean that the programmer will not be able charge for a copy of the software but the programmer will have to give freedom to users to use the software for purposes such as studying of how the program works, freedom to modify the program, redistribute the copies of original program along with source code and redistribute the modification of the program to other users. It is critical to note that the programmer redistributing the program or the modification can charge the user for such redistribution or modification. However, such modification will have to be distributed under the same terms and conditions as the original software and it cannot be distributed under a proprietary or restrictive license terms and conditions. b. Open Source Software (“OSS”): The term OSS was coined in 1998 in order to come up with a term which is less ambiguous than “free” software and which makes it clear that the commercialisation of so called free software is not barred or restricted. It is important to clarify that while free and Open Source Software has been separately mentioned in this paper, the reason to do so is to historically document the usage of the different terms. The Free Software Foundation was founded earlier than Open Source Initiative (“OSI”) and hence the term Open Source Software is more recent than free software though they have overlapping philosophy. The reason for coining the new term was discomfort of people industry wide in using a confusing term “free” (which generally associated it to cost rather than freedom) and a slight change in the philosophy over a period of time. The term free software and Open Source Software are used inter-changeably and the official website of OSI enlists all the OSS that has been mentioned in this paper. Under the OSS licenses the users get same freedom to use, study, modify and redistribute the original software and modification with or without charge. Under the OSI initiative there are multiple licenses which are not copyleft and hence don’t require the modification or derivative work to be contributed back under the same terms and conditions. The programmer for the modification can choose to redistribute the modification under restrictive proprietary license terms and conditions. c. Freeware: The term Freeware refers to the software which are actually made available to the users “free” of cost but the governing licenses may be restrictive and thereby the access to source code might not have been allowed (let alone modification or redistribution of such modification). Some of the best example of such Freeware is Adobe and different kind of games that are available on the Android or iOS to the user free of cost though the source code is never made available to the user. 3. Types of Open Source Software: The OSI has its own license review process to ensure that the licenses comply with the objective of the initiative. Some of the famous licenses have been used across the industry has been mentioned below: a. GPL (General Public License), LGPL (Lesser General Public License) and AGPL (Affero General Public License): the copyleft or viral ones GNU GPL is a copyleft license whereby the freedom of use, modification or distribution is granted on the conditions that anything derived from the original software shall also be governed by the same terms and conditions. The preamble of the license reads as follows which clarifies the very objective and intent of releasing source code under these terms and conditions: Compliance and Risk Mitigation 3 “To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others.” The object of the license is to ensure that all the users enjoy same rights and responsibilities and give back to the community rather than monopolising or commercialising the original software or any further contributions. GPL, however, does provide a linking exception, an example of which is GNU Classpath, which allows the proprietary software to be linked to code under GPL without being subject to the terms and conditions of original GPL terms and conditions. The wording of this exception may vary for each software libraries and few of the examples can be drawn from GNU Classpath, GNU Guile and release of Java SE and Java EE with same linking exception as GNU Classpath. While LGPL and AGPL are also extension of the same philosophy, LGPL is applicable for libraries and AGPL is applicable for software that could be shared over a network. LGPL does provide the similar linking exception as mentioned above for GPL with an additional requirement that reverse engineering of the library that is used must be allowed for debugging of the modification. b. MIT, BSD and Apache – the permissive ones: These are the more permissive licenses which allow the user to distribute the modification under proprietary or other licenses provided the user complies with the copyright notice and other applicable terms and conditions. The 4-clause version of the BSD was incompatible with GPL, however Modified (3- clasue) and Free (2-clause) BSD version are very much compatible with GPL. Apache v2.0 and GPL v3.0 are compatible with each other. Any other version of Apache and GPL are incompatible with each other. Incompatibility of different OSS terms with each other: The incompatibility of the licenses means that if different component of the software are licensed under different OSS or proprietary license, the inherent terms and conditions might conflict and it becomes unclear as to what terms and conditions will govern. For example: since GPL requires the contribution of any modification back to the public under same license terms, a proprietary license term obviously conflicts with the terms of GPL and it is needless to say that the whole proprietary software will become OSS in certain cases of combination of these two different software.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages8 Page
-
File Size-