Larry,
Please note that ECL is an OSI approved license based on Apache and not
Eclipse. Using ECL in the same sentence as MPL is mildly confusing even when
you (re)define the acronym in the previous paragraph when using EPL would be
more clear.
As far as differentiating between source and object code I believe that the
Apache statement for category B licenses is correct. The exposed surface
area at risk IS much lower than if source was available inside the Apache
project as a default. You are under license obligation if you cut and paste
from these EPL/MPL/etc source files and since the source files are not present
you can’t accidentally do so without explicitly getting that source from
somewhere. By making that an extra step Apache is reducing the risk of an
accidental copyright violation.
Without the source files you also can't easily modify the MPL/etc work for
which the modified source must be provided by you instead of just pointing
upstream to some place the original source can be found.
Whether or not the binary and source are considered the same work under
copyright is immaterial…distributing only the binary format reduces the risk of
accidental violations for code licensed under some, if not all, weak copyleft
licenses by eliminating/reducing some of the most common opportunities for
making a mistake.
It strikes me that this is a pragmatic and useful risk reduction strategy in
handling weak copyleft code within ALv2 projects that helps protect both
maintainers and users of the Apache product.
Apache should probably provide that source separately as a matter of policy for
handling category B licensed components rather than just point upstream to a
source that could disappear a few years down the road. There’s a bit of
orphaned java code out there where the original projects and their repos have
disappeared.
Maybe Apache does but it’s not explicitly written in the FAQ to do anything but
include the URL to the product’s homepage where presumably the source is
available. Maybe I read that part wrong or there is a more exhaustive
checklist somewhere else of what the Apache project needs to do when using
Category B components.
Regards,
Nigel
From: License-discuss
license-discuss-boun...@opensource.orgmailto:license-discuss-boun...@opensource.org
on behalf of Lawrence Rosen lro...@rosenlaw.commailto:lro...@rosenlaw.com
Reply-To: Lawrence Rosen lro...@rosenlaw.commailto:lro...@rosenlaw.com,
License Discuss
license-discuss@opensource.orgmailto:license-discuss@opensource.org
Date: Monday, August 17, 2015 at 3:20 PM
To: License Discuss
license-discuss@opensource.orgmailto:license-discuss@opensource.org
Subject: [License-discuss] Category B licenses at Apache
An Apache member wrote that this ASF license objective is firmly held: To allow
our customers to redistribute with closed-source modifications.
That objective remains completely and always enforceable for ALv2 code. It is
not enforceable for Eclipse (ECL) components or MPLv2 components.
These are two different but entirely valid ways to FOSS. Reciprocity is a
license condition for some FOSS licenses. There is nothing evil in that. It is
always an author's prerogative to choose her FOSS license.
None of the companies in Eclipse Foundation have any objection whatsoever (that
I've heard) to the inclusion of ECL and MPLv2 components into Apache
aggregations. Indeed, they collectively and enthusiastically create such
valuable FOSS components for that very purpose. They include them in their own
products.
So is the objective to redistribute with closed-source modifications intended
to describe an actual Apache concern, or a religious objection to all
reciprocal licenses? Certainly not the latter!
According to the current Apache Third Party License
Policyhttp://www.apache.org/legal/resolved.html, ASF doesn't really object to
these reciprocal FOSS licenses; they are handled as exceptions. In the Policy
this is colloquially known as the Category B list.
But then that Policy makes the following strange explanation for Category B and
its enforcement conditions at ASF: By including only the object/binary form,
there is less exposed surface area of the third-party work from which a work
might be derived; this addresses the second guiding principle of this policy.
That object/binary form requirement and the reference to exposed surface
area in the Policy are nonsense. I repeat three statements I made here
previously:
· The binary and source forms of a work are, from a copyright
perspective, the exact same work subject to the exact same FOSS license. Stop
wasting time trying to distinguish them legally.
· Apache is committed to FOSS. For that reason, we should always publish
source code. Binaries are a convenience for our customers published by our
projects, but never without source code.
· Our failure, or our customer's failure, to make that source code