Language Selection

English French German Italian Portuguese Spanish

Legal

OSI Transparency Reports

Filed under
OSS
Legal
  • October 2019 License-Discuss Summary

    We would like to introduce (and thank!) Amol Meshram, who has joined us here at the OSI to provide monthly summaries of both the License-Discuss and License-Review mailing lists. We hope these reports provide you with a helpful snapshot of the monthly activities on the lists, keeping you up to date with the latest topics, while also providing a reference point for further discussion. Of course all suggestions are welcome as we continue to enhance our reporting. We will try our best to include the feedback from OSI community members to make the summaries as accurate as possible and the discussions lively and fruitful.

  • October 2019 License-Review Summary

    Carlo Piana is not in favour of The Vaccine License and feels it is a trolling exercise. Filli Liberandum suggested to Carlo Paina to read the mailing list code of conduct. In furtherance to it, Filli Liberandum explained why there is a necessity of acknowledging The Vaccine License by OSI board and its members.
    Anand Chowdhary based on his experience of adding privacy compliance under twente open source license pointed out that there are better ways to protect privacy of individuals like local/national/international regulation instead of protecting it through open source license. He is of the opinion that there are better ways to advocate for vaccination and open source license is not the better way to advocate for it.
    Filli Liberandum countered to Anand Chowdhary by citing example of Cryptography Autonomy License of Mr. Lindstrom which ask for some release of data as a condition and head of OSI has publicly accepted this condition. Pamela Chestek brought into notice of Filli Liberandum that OSI did not endorse the view of Simon Phipps (referred head of OSI by Filli) on Cryptography Autonomy License data condition clause. Simon Phipps is member of the board along with others. Simon Phipps views on CAL are personal.
    Filli Liberandum raised a concern with respect to archives as it is stuck in a plaintext mode.
    Simon Phipps suggested to Filli Liberandum to familiarize with License-review process and change the tone of message and requested to leave moderating to the moderators to which Filli agreed and responded that here onwards Filli will directly reach out to concerned members.
    Gil Yehuda responded to Fil that Licenses usually do ask for things in return and appreciated the efforts of Fil in writing The Vaccine License, while considering the OSD. Gil raised an important point of enforceability of The Vaccine License in the real life scenario. Gil is of the opinion that one can right a blog and promote the importance of the idea instead of restricting it with copyright license. To buttress claim, Gil cited article written by Selam G which convinced Gil to support Free Software Movement. The reason behind citing this article is to explore other platforms instead of publishing work under copyright license.

    Carlo Piana responded to Fil that The Vaccine License is discriminatory and non-enforceable in nature. Carlo thinks that vaccination can be achieved through local authorities instead of enforcing it through copyright license. Carlo believes one should provoke reactions rather than genuine attempt of having a license approved.
    Josh Berkus agrees with Carlo on provoking reactions from members on license instead of attempting for approving the license. Josh suggested to take this submission as a use case and put it on opensource.org for future reference.
    Carlo Piana is of the same view that opensource.org should take this submission as a use case for future submissions to avoid duplication of work.
    Bruce Perens is also of the opinion that a direct law on vaccination will be more effective than a license. Similarly, Bruce also wrote two blog posts on the issue of “ethical” licenses wherein Bruce referred the proposed The Vaccine License.
    Grahame Grieve replied to Bruce’s blog post and appreciated the efforts of writing blog post on ethical license and also the basic arguments put forwards by Bruce. But Grahame bothered by the lack of ethics in the Vaccine License, judging vaccine license solely based on enforceability clause. Similarly, Grahame wanted to know whether the lawyers, courts and violators laugh at license and is there any precedent on when someone gives something of value away, on the condition that it not used in a particular way? Bruce Perens replied to all the queries of Graham Grieve. Firstly, Bruce Perens claims blog post argument is based on law instead of license terms. Secondly, Bruce has experience in handling litigation for various reasons and Bruce wants other should not get into litigation for same cause of action. Lastly, Bruce said Lawyers, courts and violators laugh at license and this whole exercise will be term as a ‘‘copyright misuse’’.
    Kevin P. Fleming replied to Graham and pointed that The Vaccine License does not talk about goals instead it focusses on action to be performed which is not in sync with the use of the software. Similarly, Kevin is of the opinion that The Vaccine License violates the OSD 5. To this Grahame Grieve countered by saying if The Vaccine license is applied to health software then in such scenario would Kevin change his opinion.
    Van Lindberg appreciated various aspect of the Vaccine License and efforts put forward by Fil in creating the vaccine license. But Van feels the Vaccine License does not qualify for OSS because it imposes conditions which are logically separate from and wholly unrelated to scope intellectual property rights that are licensed. Similarly, Van attempted to answer the question on what scope of action can be required of a license? Van observed if restrictions are closely related to the exercise of the intellectual property rights granted under license then such restrictions make sense and compatible with OSD.
    Filli Liberandum replied to analysis of Van and requested to reverse engineer the rules from the approved licenses which Fil believe will lead us to conclusion that the Vaccine License attempt is not an accidental in nature.
    Josh Berkus feels that The Vaccine License is very good example for ‘’unrelated conditions’’ license which can be referred in future as a textbook example to differentiate between what kind of licenses OSS supports and what can’t be supported by OSS license.

The Road Towards KF6 & SPDX License Identifiers

Filed under
KDE
Legal

With KF6, I want to see SPDX license identifiers being introduced into KDE frameworks in order to ease the framework re-use in other projects. This follows the same approach e.g. the Linux Kernel took over the last years.

The problem that the SPDX markers address is the following: When publishing source code under an open source license, each source code file shall explicitly state the license it is released with. The usual way this is done is that a developer copies a license header text from the KDE licensing policies wiki, from another source file, or from somewhere else from the internet and puts it at the top of their newly created source code file. Thus the result is that today we have many slightly different license headers all over our frameworks source files (even if they only differ in formatting). Yet, these small differences make it very hard to introduce automatic checks for the source code licenses in terms of static analysis. This problem becomes even more urgent when one wants to check that a library, which consists of several source files with different licenses, does only contain compatible licenses.

The SPDX headers solve this problem by introducing a standardized language that annotates every source code file with license information in the SPDX syntax. This syntax is rich enough to express all of our existing license information and it can also cover more complicated cases like e.g. dual-licensed source files.

Read more

FSFE on Licensing in REUSE Initiative and Racket Moves to Apache 2.0/MIT Licence

Filed under
GNU
Legal
  • The last 12 months in the light of software freedom

    In the last 12 months, we have achieved a lot with the help of our volunteers, through their donations and hard work. Thanks to their support, we were able to successfully continue our PMPC campaign, simplify licensing practices through our REUSE initiative, and stand up for router freedom in Europe. We will be back in 2020 with even more vigour towards our work. Please help us with a donation so that we can continue our successful commitment to Free Software.

  • Racket 7.5 Changes License

    Racket has been updated and is being released under a new, less-restrictive license: either the Apache 2.0 license or the MIT license. The new release also adds a standard JSON MIME type for the Web Server.

    Racket is described as a “full-spectrum programming language” that goes beyond Lisp and Scheme with dialects that support objects, types and laziness. When coding in it, you can link components written in different dialects, and write your own project-specific dialect if you want. The Racket libraries support applications from web servers and databases to GUIs and charts.

    [...]

    Chez Scheme is both a programming language and an implementation of that language, with supporting tools and documentation. It is a superset of the language described in the Revised Report on the Algorithmic Language Scheme (R6RS). Chez Scheme supports all standard features of Scheme, including first-class procedures, proper treatment of tail calls, continuations, user-defined records, libraries, exceptions, and hygienic macro expansion. The Racket team says they expect that Racket CS will be ready for production use by the next release.

    Elsewhere in this release, the Web Server now provides a standard JSON MIME type, including a response/jsexpr form for HTTP responses bearing JSON; and GNU MPFR operations run about three times faster.

Input for the BEREC's guidelines on Router Freedom in Europe

Filed under
Hardware
Legal

Router Freedom is the right of customers of any Internet Service Provider (ISP) to choose and use a private modem and router instead of a router that the ISP forces them to use. The Body of European Regulators for Electronic Communications (BEREC) drafted guidelines for national agencies how to deal with Router Freedom in their countries. The Free Software Foundation Europe (FSFE) provided mixed feedback to an ongoing public consultation.

The status of Router Freedom in Europe differs from country to country as the monitoring by the FSFE shows. The core of the debate is the question of where the Network Termination Point (NTP) is located. This defines where the network of the ISP ends and where the network of the user begins. If the modem and router are considered part of the ISP's infrastructure, a user cannot claim sovereignty of their communication and security.

The patchwork rug of different rules may change soon as BEREC, the Body of European Regulators for Electronic Communications, has been commissioned to create guidelines for the National Regulatory Agencies (NRAs) and help them with implementing European regulation in a harmonised way. BEREC's current draft of the guidelines is up for public consultation until 21 November 2019. We analysed this draft and the EU Directives and Regulations it references, and provided our conclusion in a brief document.

Read more

Java License Fallout Continues Impacting IBM i Shops

Filed under
Development
Legal

Oracle’s decision to restrict the previously free distribution of Java version 8 tools and runtimes is impacting the entire IT industry. In our little neck of the woods, the decision to charge businesses for using Oracle’s Java has forced IBM i shops to take a hard look at the technology platform, and in some cases look for alternative solutions.

Oracle ruffled feathers in the Java community in 2017, when it made substantial changes to its Java roadmap. The company announced that Java Standard Edition (SE) version 8, which is a legacy version of Java but is still in widespread use, “will not be available for business, commercial or production use without a commercial license” after January 2019. Licenses for Java SE 8 could be purchased for $30 per desktop per year or $300 per processor for server licenses.

Oracle’s stated plan for the move was to accelerate the development and release cycle for Java in a bid to keep up today’s fast-paced DevOps environments (and perhaps part of its unstated plan, which was to squeeze Java users for revenue). The tech giant and the Java community hammered out Java SE versions 9 and 10 in quick fashion, in late 2017 and early 2018, respectively.

Read more

Graphics and Standards

Filed under
Graphics/Benchmarks
Web
Legal
  • SHADERed 1.2.3 Released With Support For 3D Textures & Audio Shaders

    SHADERed is the open-source, cross-platform project for creating and testing HLSL/GLSL shaders. While a version number of 1.2.3 may not seem like a big update, some notable additions can be found within this new SHADERed release.

  • Vulkan 1.1.125 Released With SPIR-V 1.4 Support

    Succeeding Vulkan 1.1.124 one week later is now Vulkan 1.1.125 with a lone new extension.

    Vulkan 1.1.125 has its usual clarifications and corrections to this graphics API specification. Meanwhile the new extension introduced in the overnight v1.1.125 release is VK_KHR_spirv_1_4.

  • Making Movies Accessible for Everyone

    For the first time, people who are deaf or hard of hearing will be able to enjoy the Nairobi leg of the Human Rights Watch Film Festival, opening on October 15.

Contributor License Agreement and Developer Certificate of Origin references

Filed under
OSS
Legal

In the last few years I have come across the CLA topic several times. It is and will be a popular topic in automotive the coming years, like in any industry that moves from being an Open Source Producer towards becoming an Open Source Contributor.

In my experience, many organizations take the CLA as a given by looking at the google, microsoft or intels of the world and replicate their model. But more and more organizations are learning about alternatives, even if they do not adopt them.

What I find interesting about discussing the alternatives is that it brings to the discussion the contributor perspective and not just the company one. This enrichs the debate and, in some cases, leads to a more balanced framework between any organization behind a project and the contriibutor base, which benefits both.

Throughout these years I have read a lot about it but I have never written anything. It is one of those topics I do not feel comfortable enough to write about in public probably because I know lots of people more qualified than I am to do so. What I can do is to provide some articles and links that I like or that have been recommended to me in the past.

Read more

Invasion of The Ethical Licenses

Filed under
OSS
Legal

About 23 years ago, I created the Debian Free Software Guidelines to help the Debian developers decide what software was permissible to include in Debian, which aspired to be 100% Free Software, and what should be consigned to a “non-free” repository upon which Debian would never depend. Nine months later, those guidelines became the Open Source Definition, and I announced Open Source to the world.

                        
                        [...]
                        
                        Despite the seeming impossibility of its enforcement, the Vaccine License is the most professionally constructed of this pack, carefully targeting the approval process of the Open Source Initiative – and IMO missing it. But all three licenses appear to be unlikely to obtain the agreement of a court in enforcement, and scaling their requirements would be a sort of full-employment act for lawyers.

Let’s work through how these licenses would be enforced.

When these licenses are enforced, the copyright holder is the plaintiff, a fancy word for someone who makes a complaint. Their complaint is that the defendant, the licensee, committed a tort, a violation of civil law. The tort is copyright infringement.

The important point here is that the complaint isn’t that the license was violated, the complaint is that the defendant did not have a license at all, and is infringing copyright. The defendant then has to prove that they did have a license, and that they were obeying the license’s terms, or that the court should for some reason not honor those terms.

Licenses are also contracts, and thus the tort can be breach of contract. But contracts require the consent of both parties – the copyright holder, and the licensee. Real consent is indicated by signing the contract, but that doesn’t ever happen with this sort of license. Instead, there is a lesser indication of consent by the action of using, distributing, or modifying the software.

Read more

Digital Restrictions (DRM) Watch

Filed under
Security
Web
Legal
  • One Weird Law That Interferes With Security Research, Remix Culture, and Even Car Repair

    How can a single, ill-conceived law wreak havoc in so many ways? It prevents you from making remix videos. It blocks computer security research. It keeps those with print disabilities from reading ebooks. It makes it illegal to repair people's cars. It makes it harder to compete with tech companies by designing interoperable products. It's even been used in an attempt to block third-party ink cartridges for printers.

    It's hard to believe, but these are just some of the consequences of Section 1201 of the Digital Millennium Copyright Act, which gives legal teeth to "access controls" (like DRM). Courts have mostly interpreted the law as abandoning the traditional limitations on copyright's scope, such as fair use, in favor of a strict regime that penalizes any bypassing of access controls (such as DRM) on a copyrighted work regardless of your noninfringing purpose, regardless of the fact that you own that copy of the work.  

  • One Weird Law That Interferes With Security Research, Remix Culture, and Even Car Repair
  • Spotify is Defective by Design

    I never used Spotify, since it contains DRM. Instead I still buy DRM-free CDs. Most of my audio collection is stored in free formats such as FLAC and Ogg Vorbis, or Red Book in the case of CDs, everything can be played by free players such as VLC or mpd.

    Spotify, which uses a central server, also spies on the listener. Everytime you listen a song, Spotify knows which song you have listened and when and where. By contrast free embedded operating systems such as Rockbox do not phone home. CDs can be baught anonymously and ripped using free software, there is no need for an internet commection.

Trademark Law Against Amazon's (Mis)Use of Elasticsearch

Filed under
OSS
Legal
  • AWS faces Elasticsearch lawsuit for trademark infringement

    Elasticsearch has sued AWS for trademark infringement and false advertising in connection with the cloud giant's recently released version of the widely used Elasticsearch distributed analytics and search engine.

    Elasticsearch Inc., or Elastic, is based on the open-source Lucene project and Elastic serves as originator and primary maintainer. Tensions flared in March when AWS, along with Expedia and Netflix, launched Open Distro for Elasticsearch. The release is fully open source compared with Elastic's version and was actually prompted by Elastic's weaving too much proprietary code into the main line over time, according to AWS.

  • Open Source Search Firm Accuses Amazon of Trademark Infringement

    O'Melveny & Myers is representing search engine Elasticsearch in a complaint that alleges Amazon is willfully infringing its mark by promoting competing search and analytics products.

Syndicate content

More in Tux Machines

today's howtos

Ubuntu: AWS, Podcast, Robotics and Snapcraft

  • Ubuntu Blog: Introducing the Ubuntu AWS Rolling Kernel

    The linux-aws 4.15 based kernel, which is the default kernel in the Ubuntu 18.04 LTS AMIs, is moving to a rolling kernel model. [...] The Ubuntu rolling kernel model provides the latest upstream bug fixes and performance improvements around task scheduling, I/O scheduling, networking, hypervisor guests and containers to our users. Canonical has been following this model in other cloud environments for some time now, and have found it to be an excellent way to deliver these benefits while continuing to provide LTS level stability.

  • Ubuntu Podcast from the UK LoCo: S12E35 – Feud

    This week we’ve been talking to the BBC about Thinkpads and Ubuntu goes Pro. We round up the news from the Ubuntu community and discuss our picks from the wider tech news. It’s Season 12 Episode 35 of the Ubuntu Podcast! Alan Pope and Martin Wimpress are connected and speaking to your brain.

  • The State of Robotics – November 2019

    November, for robotics, was a good month. We’re seeing new things develop, current projects finish and more cute animals in our future. So who can complain? The news we’re covering here are things that have crossed our path and that we’ve found interesting. If you have suggestions for next months post or your own projects you would like us to highlight, don’t hesitate to get in touch. Send an email and a brief summary to robotics.community@canonical.com and we can start the discussion. As ever we want this to be a highlight reel for cool robot stuff because we like cool robot stuff. Happy December everyone.

  • Simplifying hardware management during Linux development

    Every few months we release a Snapcraft update, with improvements to both Linux development, and snap user experience. Last week, we released Snapcraft 3.9, and this blog post will focus on the remote build feature that is now a fully accessible preview. Let’s dig deeper into why you need to try remote build, and how you can use it today.

Security: Cyber Security Today, Opportunistic Wireless Encryption (OWE) and Latest Patches

  • Cyber Security Today – An email gift card scam, please stop re-using passwords and more open data found on Amazon storage

    Welcome to Cyber Security Today. It’s Friday December 6th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.

  • NetworkManager Adds Support For Enhanced Open / Opportunistic Wireless Encryption

    Opportunistic Wireless Encryption (OWE) provides a means of encrypting wireless data transfers without having any secret/key. Opportunistic Wireless Encryption is advertised as Wi-Fi Certified Enhanced Open. This OWE / "Enhanced Open" standard is now supported by NetworkManager for allowing supported devices connecting to Linux systems to make use of this means of opportunistic encryption. The Wi-Fi CERTIFIED Enhanced Open has been around just since summer of 2018 to better secure open WiFi networks. More details on the standard can be found via Wi-Fi.org.

  • Security updates for Friday

    Security updates have been issued by Debian (libav), Fedora (kernel, libuv, and nodejs), Oracle (firefox), Red Hat (firefox and java-1.7.1-ibm), SUSE (clamav, cloud-init, dnsmasq, dpdk, ffmpeg, munge, opencv, and permissions), and Ubuntu (librabbitmq).

Nordic Semi nRF52832 Powered PineTime Dev Kit is Now Available for $24.99

PineTime was announced as a $25 smartwatch & companion for PinePhone Linux smartphone which itself sells for $150. Read more