The Joel on Software Discussion Group (CLOSED)

A place to discuss Joel on Software. Now closed.

This community works best when people use their real names. Please register for a free account.

Other Groups:
Joel on Software
Business of Software
Design of Software (CLOSED)
.NET Questions (CLOSED)
TechInterview.org
CityDesk
FogBugz
Fog Creek Copilot


The Old Forum


Your hosts:
Albert D. Kallal
Li-Fan Chen
Stephen Jones

Why is Open Source Licensing so complex?

I have been trying to find out if I can use JasperReports [http://www.jasperforge.org/jaspersoft/opensource/business_intelligence/jasperreports/] in a commercial product that I wish to develop.

I cannot get a conclusive yes or no anywhere as to whether or not I can use JasperReports in my commercial product without risking any negative side-effects to my licensing! I couldn't find any links to licensing on their website anywhere. I looked up the forums, and there were discussions on what is allowed and what is not. Someone said it was OK to use if the library was downloaded from SourceForge but not OK if downloaded from Jasper's website (which sounds pretty silly).

This problem is not limited to just Jasper, I have seen this across several OSS. Check this out for example
http://itext.ugent.be/library/question.php?id=13

Why can't all OSS answer 1 simple question:
1. Can I use this in commercial products for free, without me having to open source my product? YES/NO
I have a life
Wednesday, June 18, 2008
 
 
BSD, MIT, LGPL and I think Apache: YES
GPL: NO

Try and look to see if a licence is a variation of the above and that's the rough answer (but by no means guaranteed).
Martin Pilkington Send private email
Wednesday, June 18, 2008
 
 
I don't think open source licences are more complex than other licences.

If you are unsure, read the licence. If it's a GNU licence, read the FAQs on the FSF home page.

If you are still unsure, don't distribute other people's software.

As for why software licensing is so complex per se, that's your fault. And mine. The voters vote for people who make the laws. :-(
Andrew Brehm Send private email
Wednesday, June 18, 2008
 
 
What about using OSS as a tool from your product, such as Graphviz?
to_be_defined
Wednesday, June 18, 2008
 
 
I totally disagree with Open Source Licensing being complex.

I personally think it’s great that after reading only one license (GPL) there is lots of software I don't have to read the license any more. All I need to do is read the first few lines of the license document and I know it's GPL
piaskal
Wednesday, June 18, 2008
 
 
>1. Can I use this in commercial products for free, without me having to open source my product? YES/NO

READ THE LICENSE!  If you are too dim to figure it out, consult a lawyer.

Wednesday, June 18, 2008
 
 
"I personally think it’s great that after reading only one license (GPL) there is lots of software I don't have to read the license any more. "

Sure, as long as you have decided that GPL'd software is fine for your product. What about those of us who can't use GPL'd software (like the OP)? It's nice that we can look at the first few lines to rule out a large amount of software. But that still doesn't help us in deciding what is even more important: which software can we actually use?

I totally agree with the OP. In general, nobody bothers to read commercial software licenses. They should but they don't. For example, I've never read the licenses for the .NET Framework/Runtime, Visual Studio, MSSQL, Oracle, or even Java. I've just assumed that there would be no restrictions (that impact me) on how I could use these products. I could be wrong but nobody really worries about it at all. OSS is a completely different story. I've read through the MySQL license several times just trying to interpret whether or not we had to actually buy licenses based on the desired usage of the product in each scenario. And that's just wrong.
dood mcdoogle
Wednesday, June 18, 2008
 
 
"I've read through the MySQL license several times just trying to interpret whether or not we had to actually buy licenses based on the desired usage of the product in each scenario. And that's just wrong."

What's the problem?

Just buy licences from Sun and be done with it.

The fact that they also offer it for free under certain circumstances doesn't complicate matters at all. You can still treat it like Microsoft SQL Server if you want.
Andrew Brehm Send private email
Wednesday, June 18, 2008
 
 
"What's the problem?

Just buy licences from Sun and be done with it."

Because my customers don't want to buy licenses unless they have to. It's the whole mindset of using OSS. People believe that OSS is free and that if you pay for it you are a patsy. If they wanted to pay for software they would use commercial offerings. Regular people don't understand the whole "freedom" aspect of OSS.

But you bring up a good point. The cost of just buying commercial licenses can be less than the cost of trying to figure out if you can use a free version of an OSS product. For example, there was a time when we went back and forth with a customer who balked at spending $1500 for SQL Server Standard. Yet we/he probably spent way more time/money than that going back and forth on whether or not he could use MySQL for free.
dood mcdoogle
Wednesday, June 18, 2008
 
 
To answer the original thread title, isn't it because there's a cloud of confusion generated by commentators on the subject. That cloud comes from a combination of money, politics and ignorance - a heady combination!

Wait till a GPL topic comes on Slashdot for example. Somebody will say, for example, that they license their source code under the GPL, because they don't want anybody exploiting it for any commercial purpose (which isn't what the GPL says).  So you get that kind of ignoramus comment.

Another case is when somebody contradicts themselves.  I've seen a lot of cases (there are quite a few on Codeproject) where somebody says their code is public domain (implying you can do anything), but then adds conditions on its use or claims copyright (contradicting themselves). Another type of ignoramus.

Then you get people with an agenda. I've read articles where lawyers have tried to reinterpret the GPL to mean something other than what it is intended to mean - usually this is based on anti-GPL agenda, but not always.  I've also read articles where a lawyer has tried to reinterpret the 2 and 3 clause BSD license to make the attribution clause recursive, and therefore compatible with the GPL, but incompatible with closed source licenses (which obviously isn't want the BSD licensors intended).


The above aside, there are some difficult edge cases about things like what is linking, derivative works, dynamic vs static linking etc.,

Wednesday, June 18, 2008
 
 
LGPL is the only one that is even mildly complicated.  It is usable commercially if you don't touch the library's code and you dynamically link to it. If you make changes to the library you have to make source(for the library) available, and make sure it " will operate properly with a modified version of the Library that is interface-compatible with the Linked Version."
Brian
Wednesday, June 18, 2008
 
 
Apache-licensed code can be linked against non-open-source code. The Apache licence is basically a variant of the BSD licence with some clauses added (regarding patents, etc.) You can even sub-license an Apache-licensed code under a different, commercial license.

Anyway, if you're interested, then the Wikipedia has more information about FOSS licences:

http://en.wikipedia.org/wiki/Free_software_licence

http://en.wikipedia.org/wiki/Comparison_of_free_software_licences

Regards,

        Shlomi Fish
Shlomi Fish Send private email
Wednesday, June 18, 2008
 
 
Regarding the OP's original question. According to:

http://sourceforge.net/projects/jasperreports/

JasperReports is distributed under the LGPL (= GNU Lesser General Public License). It means you can use it inside a commercial project under any other licence. However, if you modify the LGPLed source and distribute it, you must make the modifications to the source available under the LGPL.

But the LGPLed binaries or sources can be linked against software of any other licence. For more information consult:

http://en.wikipedia.org/wiki/GNU_Lesser_General_Public_License

Regards,

      Shlomi Fish
Shlomi Fish Send private email
Wednesday, June 18, 2008
 
 
Shlomi Fish: *REALLY* appreciate it!
I have a life
Wednesday, June 18, 2008
 
 
"It's the whole mindset of using OSS. People believe that OSS is free and that if you pay for it you are a patsy."

That hasn't been my experience.

In my experience companies have to invest so much money into hardware and expertise (i.e. staff) that licensing costs for software are a relatively minor expense. And Linux admins are often more expensive than Windows admins (probably also because there are fewer incompetent Linux admins).

It's often a technical decision. Some open source software is not cheaper but BETTER than proprietary software.

I am a Mac user myself and not only pay for my operating system but also buy other software. But I like the open source base of Mac OS X because it is part of why Mac OS X is BSD compatible and thus gives me access to many excellent open source tools and applications.

GCC is a good compiler. Emacs is a good editor. Bash is an excellent shell. The GNU tools are excellent shell commands. I have yet to see proprietary equivalents of GNU's replacements for UNIX commands!

FLV is an excellent video player. Whenever QuickTime Player refuses to open a video, I rely on FLV and FLV _always_ works. It's open source and that's probably why it evolved into a video player that plays everything but doesn't look as nice as the QuickTime player. It's not about money at all at that point.
Andrew Brehm Send private email
Wednesday, June 18, 2008
 
 
Shlomi Fish's comments have neglected a significant requirement of the LGPL.

Code that is linked with LGPL code must be distributed in a form that allows users to make modifications to the LGPL code to produce a modified application that uses the modified LGPL code.

This means that a commercial application using LGPL code must either link dynamically to the LGPL code, or if the LGPL code is statically linked, then the application must be distributed in a form that allows users to re-link the application with a modified version of the LGPL code: this would at mimimum mean distributing the compiled application in object form (as object and/or library files).
Stephen C. Steel Send private email
Wednesday, June 18, 2008
 
 
"LGPL is the only one that is even mildly complicated"

LGPL is pretty tricky. Even if you link dynamically, you still have to be compatible with its license. So you can't for example restrict reverse engineering anywhere in your product. This becomes a problem since there's probably some other library you're using that restricts that, so now you have a problem that requires two teams of lawyers no negotiate for 17 years to resolve.

Dynamically linking itself can be a huge problem. Install version 1.73 of that LGPL library. Then, some other software overwrites your install with version 0.98 or version 3.01 and now your software is broken and it is your job to debug the problem for the customer.

Better to statically link so you know what version you are  using for sure. And now you have to open up your code.

General rule: If it's not BSD like, I don't touch it. If "GPL" appears anywhere, I stay far far away.
Tony Chang
Wednesday, June 18, 2008
 
 
->"I have a Life": you're welcome. Always happy to be of help.
Shlomi Fish Send private email
Wednesday, June 18, 2008
 
 
I should note that licensing complexity is not limited to open-source code. For example, a lot of shareware or freeware has restrictions, like preventing commercial use or use in non-eductional/non-private contexts, or preventing reverse-engineering, or modifying the code, or non-compete clauses, or preventing military use, etc. etc.

See for example:

http://www.joelonsoftware.com/articles/fog0000000026.html

At least you can know that all free-and-open-source software (FOSS) fulfills the following criteria:

http://www.gnu.org/philosophy/free-sw.html

Which makes them very usable in most contexts.

I personally am not a big fan of LGPL-style and especially GPL-style licences. I find them too much trouble to be worth. That's why I place the vast majority of my contributions to FOSS under public domain-like-licences. If I hack on software that is licenced differently, I usually disclaim any ownership of the code, which allows the original owners to re-license the code in the future as they please.

See:

http://www.shlomifish.org/open-source/

Regards,

        Shlomi Fish
Shlomi Fish Send private email
Wednesday, June 18, 2008
 
 
Stephen C. Steel and Tony Chang - thanks for your comments.
Shlomi Fish Send private email
Wednesday, June 18, 2008
 
 
One of the things about legal contracts is that their subtleties and complexity are proportional to O((number of words in contract / k)!), with ! being factorial.

So, a BSD like license that says something like:

"This code is copyright Joe Blow, but it may be used freely for any purpose, as long as you agree that I am not responsible for it, for you, or your product, and my name is kept out of all this except somewhere in your docs you post a copy of this paragraph and the words 'XYZ library licensed from Joe Blow, copyright etc'.

I can handle something like that. As soon as it starts going into subtleties about what sort of license the rest of the code may or may not have, it's too complex to understand. You might say "Well, I am smart, you must be dumb if you don't understand it" but the reverse is more likely the case - very few people who aren't lawyers can imagine all the subtle possibilities of any contract that is more than a paragraph or two long. Lots of things can be hidden accidentally or intentionally through word choice, omissions, inclusions, my god there is so much that can go wrong with a contract. With consumer software and some web sites people have to agree to dumb 150 page long contracts, but in practice it's not going to affect them since ebay can't go after all 10 million people foolish enough to agree to their insane terms. With software licensing, the other party may be very interested in making sure you comply with their terms, so there's a lot higher risk than going along with click thrus (not that I think any one should, the epidemic of byzantine click thrus are a blight and consumers in any sane society should not be required to agree with all this nonsense just to engage in ordinary commerce.)
Tony Chang
Wednesday, June 18, 2008
 
 
Use it, dont think so much.

We are developing banking applications with jasper, trust me.
UseJasper
Wednesday, June 18, 2008
 
 
In the JasperReports datasheet link, the PDF specifies JasperReports is LGPL. Like any good open source project, the license is in the JasperReports download, too. The LGPL is an example of a "non-viral" license, as it specifies that if you just use the library, you do not need to open source the code that uses the library. If you make changes to JasperReports code, then you need to open source those changes.

The GPL is an example of a "viral" license, so if you use a GPL licensed library, your code has to be open sourced.

Within the broad categorization of viral vs non-viral open source licenses, there are many variations that aim to protect branding (Mozilla Public License - MPL), have patent poison pills (Common Public License - CPL) etc. In most open source projects, there are a variety of components with different licenses and implications. You need to be aware of the implications of these licenses for your situation, beyond the viral issue.


Sherman Wood
Director, Business Intelligence
JasperSoft
Sherman Wood Send private email
Wednesday, June 18, 2008
 
 
"Why is Open Source Licensing so complex?"

Because OSS is really not as open as people would like to believe.

In my book one of the few TRULY OPEN open source projects around is wxWidgets.  You can use them as you like for hobby code, academic code, for-profit corporate code, etc, etc. and NOT pay anyone one dime!  Now that is TRUE OPEN SOURCE!

IMHO, a lot of people are hood winked into contributing to so called OSS where a handful of founders still make money off the project and everyone else is duped into building their product for free.
RealityCheck
Wednesday, June 18, 2008
 
 
Because OSS licences need to protect the rights of the people that will eventually use it - most licences are only to protect the people that wrote it.

The wxWidget licence is simply LGPL with the option to statically link.
Martin Send private email
Thursday, June 19, 2008
 
 
>Because OSS licences need to protect the
>rights of the people that will eventually use it

Remember that OSS is now being used in big time commercial projects, and so there is sometimes big money if a vendor can break the terms of a license.

A lot of libraries, especially in things like video playback, would cost much money, and, maybe more important, take lots of time, to duplicate closed source.
frustrated
Thursday, June 19, 2008
 
 
> Because OSS licences need to protect the rights of the people that will eventually use it - most licences are only to protect the people that wrote it.

That's a B.S. reason for complexity

If an author wants to grant maximal rights to users, he could simply say something like:  "As the author and copyright holder of this software, to the maximum extent permissible under law, I irrevocably grant all persons and entities, a license to se, run, distribute, copy, modify, and create derivative works of the software, for any purpose whatsoever."

Thursday, June 19, 2008
 
 
> If an author wants to grant maximal rights to users ...

Some licenses do. But imagine for example that the software in question is some data-analysis software for some domain ... and, I and other researchers in my domain use this software for our research, develop it based on our findings, adapt it for our needs, and peer-review each others' contributions: forking that software into a closed-source project wouldn't serve our (the users') interests.
Christopher Wells Send private email
Thursday, June 19, 2008
 
 
> forking that software into a closed-source project wouldn't serve our (the users') interests.


You're talking about the original author asserting some degree of control of modifications and derivatives.

Of course the original author may do that if he wishes, but let's not pretend that by keeping some control, he is actually granting the maximal rights that he could.

Put it this way:

Granting maximal rights = giving permission for people to do things, even things you don't like.

So if the author only gives permission for things he does like, and not for things that he doesn't like, that is obviously less than the maximal grant of rights possible.

Thursday, June 19, 2008
 
 
> let's not pretend he is actually granting the maximal rights that he could

I guess he's saying to other developers, "You can use this ... you can develop it ... and someone else won't be able to take away from you what all y'all have contributed, and use it to compete against you."

You could see it as his sharing his own copyright with everyone, instead of renouncing copyright altogether. Some users (other open source developers) might (and apparently do) see that 'shared copyright' as *more* valuable than the original author's having abdicated copyright.
Christopher Wells Send private email
Thursday, June 19, 2008
 
 
Most open source licenses are complex for the same reason that most licenses are complex - the legal system itself is complex.

Now regarding the motivations for some licenses.  For the GPL (and to a lesser extent the LGPL), the motivation is not to give the original author author of a work the ability to maintain control, nor is it to provide 'maximal rights' to a developer who wishes to use the code in a derivative work.

The motivation for the GPL is to provide *users* of the software with rights.  It provides the *users* rights to the source code so they can modify the software they *use* to enhance it or fix problems according to the *users* needs.  Remember that one of the events that drove Stallman to create the GPL was the that he was unable to fix a problem in the driver for a printer (I think) because the driver source code was withheld from him.
mwb
Thursday, June 19, 2008
 
 
If an OSS license does not allow me to use the code for both non-profit personal use and for-profit use then it is NOT open.  All of this game playing is total BS when you break some (many?) of these licenses down to what they really mean.

I agree that wxWidgets (and other similar projects) are the best example of "true open source".

OSS is either open or it is not.
Lano
Thursday, June 19, 2008
 
 
What would happen if you used an LGPL library, but then the licence to that library was changed to GPL v3 (say). Would that change apply to work that had been created previously?
Wants to know
Thursday, June 19, 2008
 
 
Wants to know: regarding an LGPL->GPLv3 conversion: the previous versions of the LGPLed library that you or any one downloaded will remain under the LGPL. So if you, or anyone else, are unhappy with the re-licensing of the library by the copyright owner, you can always continue working on your own LGPLed fork of the original code.

This applies to non-FOSS software too, so for example, there's this distribution of the Microsoft core fonts, which were since pulled off the Net:

http://corefonts.sourceforge.net/

The UCITA wanted to change that:

http://en.wikipedia.org/wiki/UCITA
Shlomi Fish Send private email
Friday, June 20, 2008
 
 
"If an OSS license does not allow me to use the code for both non-profit personal use and for-profit use then it is NOT open."

In my home city there once was a "open museum night" where all museums were open to the public, for free.

I had the freedom to walk into the museums and look at everything, but I didn't have the freedom to modify those rules for the museum I decided to honour with my visit.

Apparently "open museum night" wasn't really "open" after all, since the freedom to use the museum did not include the freedom to ban other people from using it too.

Turns out I just had to live with everyone being allowed to use the museums like I was. My alternative was not to participate in the open night.

I actually decided not to go because I figured it would be very crowded. But I did not find the terms too complicated and nor did I find the terms too "closed".
Andrew Brehm Send private email
Monday, June 23, 2008
 
 
Andrew Brehm: well, it depends what you mean by commercial use. You are allowed to use GPLed software in your commercial infra-structure. For example, BitKeeper ( http://better-scm.berlios.de/bk/ ) said they were using the gcc compiler, which is GPLed, to compile their non-free C programs on all UNIX platforms, because they found it to be superior to the proprietary solutions. And you can edit non-free code using GPLed editors (such as Emacs), or make use of GPLed software in your commercial web-site, whose source code won't be published ( http://www.shlomifish.org/lecture/LAMP/slides/legal-notes/gpl.html ).

All of these are valid uses of GPLed software.

What you cannot do with GPLed software is link against it and distribute the software under a non-free (and non-GPL-compatible) licence. You may not like it but it's life - copyright law allows the originator of the software to dictate such a restriction, and a lot of non-free software has much worse things.

Just for the record, I licence my software under a completely-non-restrictive Public-Domain/BSD licence, for many reasons that are important to me. But I respect the right of originators to chooses a licence - free or non-free. That's part of software freedom.
Shlomi Fish Send private email
Wednesday, June 25, 2008
 
 
{{{{{{{{{{{{{{{{
Because OSS is really not as open as people would like to believe.

In my book one of the few TRULY OPEN open source projects around is wxWidgets.  You can use them as you like for hobby code, academic code, for-profit corporate code, etc, etc. and NOT pay anyone one dime!  Now that is TRUE OPEN SOURCE!

IMHO, a lot of people are hood winked into contributing to so called OSS where a handful of founders still make money off the project and everyone else is duped into building their product for free.
}}}}}}}}}}}}}}}}}}

What makes an open-source project "open" is its licence. As long as the licence complies with http://www.gnu.org/philosophy/free-sw.html , it is free and open-source. Of course, the free-soft def gives enough room to impose many clauses, including http://en.wikipedia.org/wiki/Beerware .

If a free program is usable, then you can always fork it, enhance it, and freely use it as a standalone program. What you can't do with some of it (but certainly not all) is use it as part of a greater non-free application.

That put aside, there is a lot of BSD-style software out there: X11, PostgreSQL, the almost entire *BSD operating systems, BIND, SQLite, Apache and related projects, etc. etc. With such projects not only can you incorporate them into non-free programs, but you can also sub-license them under different licences.

With software by Microsoft and other proprietary software, you are not allowed to modify it (including not to change bugs), or to re-distribute it, or even freely use it without paying a price. Given a choice between a GPLed program and a commercial, proprietary one, I'll pick the GPLed one anytime.

Hope it clarified things.
Shlomi Fish Send private email
Wednesday, June 25, 2008
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz