Re: [License-discuss] Category B licenses at Apache

[Richard Eckart de Castilho]

Hi Larry,

On 17.08.2015, at 21:20, Lawrence Rosen lro...@rosenlaw.com wrote:

 snip
 
 But then that Policy makes the following strange explanation for Category B 
 and its enforcement conditions at ASF: By including only the object/binary 
 form, there is less exposed surface area of the third-party work from which a 
 work might be derived; this addresses the second guiding principle of this 
 policy.
  
 That object/binary form requirement and the reference to exposed surface 
 area in the Policy are nonsense. I repeat three statements I made here 
 previously:
  
 ·   The binary and source forms of a work are, from a copyright 
 perspective, the exact same work subject to the exact same FOSS license. Stop 
 wasting time trying to distinguish them legally.
 ·   Apache is committed to FOSS. For that reason, we should always 
 publish source code. Binaries are a convenience for our customers published 
 by our projects, but never without source code.
 ·   Our failure, or our customer's failure, to make that source code 
 available (including of course any ALv2 code) and copies of all relevant 
 licenses, is a probable breach of license and possible copyright 
 infringement. All modern technology companies understand that about FOSS and 
 copyright law.
  
 The second guiding principle referred to in the current Apache Policy is 
 this:
 2.  The license must not place restrictions on the distribution of 
 independent works that simply use or contain the covered work.
 This accurately and precisely refers to independent works and not 
 derivative works.  Reciprocity has nothing to do with independent works. 
 Every FOSS license (except perhaps under the GPL static linking doctrine) 
 satisfies this second guiding principle. See OSD.
 
 snip

What you call nonsense makes a lot of sense from the point of view of a 
software developer.

The problem with reciprocal licenses in the lines of EPL and MPL is not so much 
in being used as:

a) a *library* or as
b) a clearly *separate piece of code* (that resides in a repository outside the 
ASF)

but rather in *accepting patches* for at least two reasons:

1) it is tedious to *maintain per-line license* information in a source file
2) it seriously *limits the ability to perform refactoring* of code

Of course, 1 and 2 become somewhat irrelevant if a project under license X that
accepts patches under EPL/MPL simply states that all source files are licensed 
under EPL/MPL and *contain parts licensed under X*. 

But then *X becomes irrelevant* because it is hard to impossible to tell which
parts of the project are actually licensed under X and which parts are under 
EPL/MPL.

Thus, if the developers of the project wish that their project remains under
license X, accepting *patches* under EPL/MPL is simple *not desirable*.

Cheers,

-- Richard

___
License-discuss mailing list
License-discuss@opensource.org
https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss

Re: [License-discuss] Category B licenses at Apache

[Tzeng, Nigel H.]

Larry,

Please note that ECL is an OSI approved license based on Apache and not 
Eclipse.  Using ECL in the same sentence as MPL is mildly confusing even when 
you (re)define the acronym in the previous paragraph when using EPL would be 
more clear.

As far as differentiating between source and object code I believe that the 
Apache statement for category B licenses is correct.  The exposed surface 
area at risk IS much lower than if source was available inside the Apache 
project as a default.  You are under license obligation if you cut and paste 
from these EPL/MPL/etc source files and since the source files are not present 
you can’t accidentally do so without explicitly getting that source from 
somewhere.  By making that an extra step Apache is reducing the risk of an 
accidental copyright violation.

Without the source files you also can't easily modify the MPL/etc work for 
which the modified source must be provided by you instead of just pointing 
upstream to some place the original source can be found.

Whether or not the binary and source are considered the same work under 
copyright is immaterial…distributing only the binary format reduces the risk of 
accidental violations for code licensed under some, if not all, weak copyleft 
licenses by eliminating/reducing some of the most common opportunities for 
making a mistake.

It strikes me that this is a pragmatic and useful risk reduction strategy in 
handling weak copyleft code within ALv2 projects that helps protect both 
maintainers and users of the Apache product.

Apache should probably provide that source separately as a matter of policy for 
handling category B licensed components rather than just point upstream to a 
source that could disappear a few years down the road.  There’s a bit of 
orphaned java code out there where the original projects and their repos have 
disappeared.

Maybe Apache does but it’s not explicitly written in the FAQ to do anything but 
include the URL to the product’s homepage where presumably the source is 
available.  Maybe I read that part wrong or there is a more exhaustive 
checklist somewhere else of what the Apache project needs to do when using 
Category B components.

Regards,

Nigel


From: License-discuss 
license-discuss-boun...@opensource.orgmailto:license-discuss-boun...@opensource.org
 on behalf of Lawrence Rosen lro...@rosenlaw.commailto:lro...@rosenlaw.com
Reply-To: Lawrence Rosen lro...@rosenlaw.commailto:lro...@rosenlaw.com, 
License Discuss 
license-discuss@opensource.orgmailto:license-discuss@opensource.org
Date: Monday, August 17, 2015 at 3:20 PM
To: License Discuss 
license-discuss@opensource.orgmailto:license-discuss@opensource.org
Subject: [License-discuss] Category B licenses at Apache


An Apache member wrote that this ASF license objective is firmly held: To allow 
our customers to redistribute with closed-source modifications.



That objective remains completely and always enforceable for ALv2 code. It is 
not enforceable for Eclipse (ECL) components or MPLv2 components.



These are two different but entirely valid ways to FOSS. Reciprocity is a 
license condition for some FOSS licenses. There is nothing evil in that. It is 
always an author's prerogative to choose her FOSS license.



None of the companies in Eclipse Foundation have any objection whatsoever (that 
I've heard) to the inclusion of ECL and MPLv2 components into Apache 
aggregations. Indeed, they collectively and enthusiastically create such 
valuable FOSS components for that very purpose. They include them in their own 
products.



So is the objective to redistribute with closed-source modifications intended 
to describe an actual Apache concern, or a religious objection to all 
reciprocal licenses? Certainly not the latter!



According to the current Apache Third Party License 
Policyhttp://www.apache.org/legal/resolved.html, ASF doesn't really object to 
these reciprocal FOSS licenses; they are handled as exceptions. In the Policy 
this is colloquially known as the Category B list.



But then that Policy makes the following strange explanation for Category B and 
its enforcement conditions at ASF: By including only the object/binary form, 
there is less exposed surface area of the third-party work from which a work 
might be derived; this addresses the second guiding principle of this policy.



That object/binary form requirement and the reference to exposed surface 
area in the Policy are nonsense. I repeat three statements I made here 
previously:



·   The binary and source forms of a work are, from a copyright 
perspective, the exact same work subject to the exact same FOSS license. Stop 
wasting time trying to distinguish them legally.

·   Apache is committed to FOSS. For that reason, we should always publish 
source code. Binaries are a convenience for our customers published by our 
projects, but never without source code.

·   Our failure, or our customer's failure, to make that source code