News

Open-source licenses

• By Dwight Deugo
• October 21, 2003

You just found some great open-source software that is exactly what you need. But where can you use the software? Can it be part of your own home-grown application? Can it be a part of the software you intend to distribute freely? Can it be part of an application you intend to make money from? An even better question: Are you legally permitted to do any of the above?

At this point, I have to provide the appropriate warning and disclaimer. My comments are my own interpretation of a particular open-source license agreement. For precise interpretations, see your lawyer. My goal is to make you aware of some of the contents of one such license and get you to read it for yourself.

Let’s start at the beginning. If you have software you want to distribute as open-source software, you can find approved open-source licenses at www.opensource.org/licenses/index.php. By my count, there are more than 40 different license agreements. The idea behind providing them is that if you distribute your software using one of them, you can then state that your software is “OSI Certified Open Source Software.” As mentioned on the OSI Web site:

“If you can, use one of the already-approved licenses for distributing your software. But be sure that you read and understand the license terms completely. We encourage you to select a license that is consistent with your business model. And consult with your own attorney, because OSI does not provide legal advice.”

If you don’t like one of the existing licenses, you can create your own. I don’t want to go into the process here, but if you are interested check out www.opensource.org/docs/certification_mark.php#marking. There you will find all of the details for creating your own licenses. Keep in mind that your new open-source license must conform to the Open Source Definition, must go through public scrutiny and must be approved by the Open Source Initiative (OSI). My bet is that there is an agreement that already meets your needs, so before creating your own, check out the OSI Web site.

Now, suppose you download software that has an open-source license. What do you need to know? First, read the agreement. As an example, let’s take Eclipse (http://eclipse.org). It comes with a Common Public License (CPL), which is the subsequent version of IBM’s Public License (IPL), its first open-source license. The CPL generalized the terms in the IPL so that any open-source originator could use them. The latest version of CPL, Version 1.0, was approved in June 2002. To understand this agreement, you need to know the five main definitions in the CPL. Loosely stated, the definitions are as follows:

1. Contribution -- the initial code and documentation, any changes or any additions to a Program.

2. Contributor -- anything that distributes the Program.

3. Licensed Patents -- “patent claims licensable by a Contributor which are necessarily infringed by the use or sale of its Contribution alone or when combined with the Program” (www.opensource.org/licenses/cpl.php).

4. Program -- any contribution provided with the CPL.

5. Recipient -- the person receiving the Program under the CPL.

Now for the good news, the grants of rights. First, under the CPL and generally speaking, you are given the right to reproduce, make derivative works, display, distribute and sublicense the Contribution in source code and object code form. Moreover, you are provided a royalty-free patent license to “make, use, sell, offer to sell, import and otherwise transfer the Contribution … in source code and object code form.”

So where is the catch? It’s not really a catch, but under the CPL you have to understand that as a Recipient there are no assurances given to you that the software you have received does not violate some other patent or property rights of another entity. Therefore, you must assume full responsibility to get all the rights you need to use the software. In most cases, you don’t have to worry about this because the software is yours to use. As part of the CPL, each Contributor must acknowledge that they have the copyrights to the software. However, you must always remember to check. Even with the best intentions, things can get mixed up.

Sometimes open-source software contributors may decide to distribute their new software using their own license agreement in either source code or object code form. This is OK. However, any new agreement must comply with the original software’s CPL and, if it is in source code form, the CPL must be included with the source. Other conditions must also be met for object code distribution. These you can, and should, read on your own. In my opinion, it should be the source that is always distributed. After all, it is open-source code.

Let’s say you want to make a commercial product using someone else’s open-source software. This is not a problem, but under the CPL you should be aware of a few things. First, you must not “create potential liability for other Contributors.” Second, as stated in the CPL, you must agree to:

“defend and indemnify every other Contributor (“Indemnified Contributor”) against any losses, damages and costs (collectively “Losses”) arising from claims, lawsuits and other legal actions brought by a third party against the Indemnified Contributor to the extent caused by the acts or omissions of such Commercial Contributor in connection with its distribution of the Program in a commercial product offering” (http://opensource.org/licenses/cpl.php)

In short, if you make any claims about the resulting product you sell it is your responsibility -- and your responsibility alone -- to defend them in court. And if any compensation is required, it is your responsibility to pay.

Like buying a second-hand car, under the CPL you have to realize that you take the software as-is and without any warranty. It is up to you to decide if the software is OK to use and distribute. You assume all the risk. As always, he who takes the risk can also reap the biggest rewards. There are numerous examples of excellent open-source software being used in many different products. Just think of all the time and money that has been saved by not having to develop a Web server or a Servlet engine from scratch. However, just make sure to do your homework before using someone else’s software. The responsibility lies with you.

Hopefully, I have stimulated your interest in open-source licenses. While not the only one, the CPL is a good place to start your exploration. For a list of frequently asked questions about the CPL, check out www-106.ibm.com/developerworks/library/os-cplfaq.html. While this link will not necessarily be able to answer all of your questions about the CPL, it does have the answer to the following question: “You didn’t have the answer to my question. How can I get my question answered?”

Knowledge is power, and understanding open-source licenses will help you to understand exactly how powerful open-source software can be.