Mais conteúdo relacionado Semelhante a nexB - FOSS Introduction (20) nexB - FOSS Introduction2. © 2013 nexB Inc.
Introduction to FOSS Licenses
Agenda
• Software License Definitions
• Software License Issues
• About nexB
3. © 2013 nexB Inc.
Introduction to FOSS Licenses
Definitions – FOSS Licenses
• FOSS = Free and Open Source Software
– aka FLOSS = Free/Libre Open Source Software
• Free means you have the right to study, use,
change and redistribute the software
• Open Source means you have access to the
source code
– Open Source also refers to a collaborative software
development approach
• Examples of common FOSS licenses are: BSD,
GPL, LGPL, MIT and MPL
4. © 2013 nexB Inc.
Introduction to FOSS Licenses
Free Software licenses
source code
available
source with
limitations
(Proprietary)
Copyleft
FOSS
Attribution
Binary-only
(Proprietary)
Free
Software
Freeware /
Shareware
many Java
libraries
Microsoft
shared source
Sun
SCSL
GNU GPL
GNU LGPL
MPL
CDDL
BSD MIT
ApacheEPL
Adobe
Reader
5. © 2013 nexB Inc.
Introduction to FOSS Licenses
Definitions - Free Proprietary Licenses
• Free Proprietary software is very important in
many domains especially Java:
– The software is free for your own use AND
– You may be able to redistribute the software, BUT
– You cannot change it AND there may be other
restrictions
• Some examples of free proprietary licenses:
– (Oracle)Sun Binary Code Licenses (esp. for JDK/JRE)
– Adobe Reader EULA and similar
– Oracle Technology Network Development and
Distribution License Terms
6. © 2013 nexB Inc.
Introduction to FOSS Licenses
FOSS License Obligations
Attribution Obligations are typically a
combination of:
• Keeping license and copyright notices in the source code
in the source file headers or in separate text files.
• Acknowledging the use of the software, the license and/or
the copyright in documentation or a product (e.g. Help)
Redistribution Obligations are typically a
combination of:
• Making source code available for the original work, and
• For your changes (derivative works) –
• Possibly Including some of your proprietary code.
7. © 2013 nexB Inc.
Introduction to FOSS Licenses
FOSS – Permissive / Attribution Licenses
Licenses with Attribution obligations only
• Apache 1.1 and 2.0
• BSD – Original, Modified and Simplified
• MIT / X11
• Creative Commons Attribution
• OpenSSL-SSLeay
• W3C
• Zlib
and, of course, Beerware
8. © 2013 nexB Inc.
Introduction to FOSS Licenses
FOSS – Copyleft Licenses
Copyleft licenses have Attribution and Redistribution
obligations
• Copyleft Licenses (“strong”)
– GNU General Public License (GPL)
– Affero GPL
• Limited Copyleft Licenses (“weak”)
– GNU Lesser (or Library) General Public License (LGPL)
– Artistic License
– Common Development and Distribution License (CDDL)
– Common Public License (CPL)
– Eclipse Public License (EPL)
– Mozilla Public License (MPL)
9. © 2013 nexB Inc.
Introduction to FOSS Licenses
FOSS License Violation Risks
• “Copyleft” licenses require you to redistribute source code
and may force you to release proprietary software as
open source or rewrite your software to avoid that
obligation
• Some FOSS activists (e.g. Busybox) are raising litigation
stakes to “encourage” compliance with GPL
• Even “business-friendly” licenses (Apache, etc.) require
you to identify and protect copyright owner rights and may
impact your patent portfolio
• Negative reaction from OSS community may impair your
brand
10. © 2013 nexB Inc.
Introduction to FOSS Licenses
Proprietary License Violation Risks
• Violation of a free proprietary software license may require
you to acquire a commercial license and/or change your
code:
– Most prominent example is misuse of Sun JDK/JRE in violation of
the field-of-use restrictions (general purpose computer only)
– Oracle is aggressively looking for revenue from the Java products it
acquired
– Including compensation for violations in the past
• Violation of a commercial software license may expose you
to significant financial penalties and/or litigation
11. © 2013 nexB Inc.
Introduction to FOSS Licenses
About nexB
• Our mission is to enable a robust software component-
based supply chain
• Our current focus is:
– Analysing software provenance (origin and license) and
– Providing a complete software inventory/BOM
– DejaCode Enterprise, a product suite that helps you better
manage open source, third-party, and original components
throughout the software development lifecycle
• Expertise in software IP analysis across all languages and
environments
• Software audit services for acquisitions, software products
and internal (IT) systems
• Active open source developers - lead committers and
contributors to public projects
12. © 2013 nexB Inc.
Introduction to FOSS Licenses
Contact us
Contact person:
Pierre Lapointe, Customer Care Manager
plapointe@nexb.com
+ 1 415 287-7643
More information:
http://www.nexb.com
http://www.dejacode.com/