Sunday, August 8, 2010

"Can I use this open source program?"

I've heard some very weird things about open source of late, with people convincing themselves of mysterious legal dangers that somehow lurk in the open source world but not the proprietary software world, from one person who, head of IT at a major corporation, announced it was OK to "use software under the GPL but not the GNU license" (GNU is a software project, and is licensed under the GPL), to others who are convinced that Android isn't open source because (follow this logic!) the license allows phone manufacturers to make proprietary modifications - which means that they can't do anything unless they ask Google for permission.

Confused? You wouldn't be the first person. (And yes, Android is open source, and Google can not prevent you from doing whatever you want with it.)

Look, here's the deal with open source. You are very, very, unlikely to get into trouble for using open source software. Indeed, the mere act of having open source software installed on your computer, and running these programs, will never get you into trouble. Proprietary software, on the other hand, cannot claim that. You may think it's just a matter of paying for an application, but in fact obscure rules exist in many proprietary software licenses that are easy to trip over entirely unintentionally.

That same corporation that had problems understanding open source licenses? Had to pay several million dollars because it uninstalled a proprietary application it used, and re-installed it on another server, one with more than one CPU. Yes, really.

So why are people confused about open source? And what kind of risks do you take in using open source software?

There are really two issues, and most of my clients will never run into either issue. The first is that open source software normally has some requirements associated with its redistribution. In some cases, the requirements are minor and inconsequential: you might be required to include a notice crediting the authors if you redistribute their work. On the other end of the spectrum, some licenses require that you provide the same rights you received when you got the code to anyone you give a modified version of the program to. That is, if you were to take Linux, for example, and make a change to it and give people copies of your modified Linux, you'd have to make sure the receipients are allowed to change the copies you give them too.

The second problem is that some people are taking out patents on the way programs work, and open source, by its nature, has no major protections against people being sued for using those patented technologies. To be fair, running proprietary software carries risks too, the legal status of so-called software patents is still the subject of much debate (though you should assume they are legal for now), and you can probably imagine that the chances of anyone finding out you are using a patented technology for software you run privately, on your own PC, is slim, but the issue has been raised.

Let's get back to the first point though, about running afoul of an open source license, and let's determine how easy it is to tell whether the issue might affect you. Remember, if it's open source, the chances are that there are less licensing implications for you than there would be if the software was proprietary. Many have learned this the hard way.

So, you're thinking of using a particular open source program, and you want to know if you need to study the license before using it. How do you determine if this will be an issue?

1. Is the program really open source?

This is the first question you should ask. You might not have to pay anything to download a particular application, but that doesn't mean it's open source. Adobe's Acrobat Reader and Apple's Safari are both proprietary programs that are available at no cost, for example.

In order to check whether an application is open source, ensure that it is, in its entirety, licensed under one or more of the licenses approved by the Open Source Initiative, and described as "Free software licenses" by the Free Software Foundation. The lists are here and here respectively.I would avoid any license that isn't considered open source, or free software, by both groups.

Also when checking, be aware that some software packages are distributed in a non-open source form. For example, Sun's (excellent) VirtualBox tool is available in an open source form, but if you want a version you can just install and run, Sun only distributes a closed, proprietary, variant with some unusual restrictions from their website. How unusual are those restrictions? Well, if you want to install it on your PC for your individual use, I believe you can do that, but you can't ask me to install it for you, I'd be violating the license if I did. This is why proprietary software is where the real licensing issues are, it's easy to run afoul of them doing things you'd expect to be perfectly innocent.

If the software really is open source, go to question 2, otherwise go to step 4.

2. Are you going to be selling or distributing software?

If not, you're in the clear. If you're not actually distributing software, you're not going to be distributing the application you're concerned about either, so stop worrying and install the app! Otherwise, go to question 3.

3. How will you be using the software?

OK, we've established you're in the business of distributing software, which means we need to figure out if you're going to be distributing this code directly or indirectly. So, how would you characterize your use of the software?
  • You're going to run the application on your PC for work unrelated to software development or distribution ---> stop worrying and install the app. It's not an issue.
  • You'll be incorporating it into software your organization runs internally, and only internally ---> stop worrying and install the app.  In fairness, there are some exceptions to this rule, but they're relatively obscure and only really apply if you're using a more liberal definition of "organization" than most people would use.
  • You'll be using it to create things you'll be using in something you redistribute, but will not be including anything from the application itself to others. For example, you plan to use the GIMP application to create some graphics for a computer game, or you intend to use GCC to compile your application. ---> Again, stop worrying and install the app. It's not an issue. But make sure that's really what you're doing.
  • You'll be including some or all of the code in something you'll be redistributing to others ---> go to step 4.
4. If you got here, you need to read the license.

If you got here, it means you'll be distributing some part of the open source program to others, or the code was never open source to begin with. If you're going to be distributing open source, you may have some obligations that go with getting the rights you were given. A good place to get a gist of what those requirements may be is to check that FSF licensing page I listed above. The FSF generally describes each license as follows:
  • A "Strong copyleft" is a license that requires you release your changes and additions to the code under the same license.
  • A "Weak copyleft" is a license that requires you release only your changes to the code itself under the same license. If you have added something entirely new, you don't need to license that under the license, you can release it under any license you want, including a proprietary license.
  • Licenses that aren't copyleft generally only require you provide attribution.
These are not the only differences, and some licenses may have somewhat unusual requirements you may also find objectionable, such as allowing a named third party to make modifications to your code without releasing them back. But the above should get you started.

Generally speaking, open source licenses are more liberal and less likely to get you into trouble than proprietary licenses. Much of the confusion has to do with expectations - everyone knows that if you were to redistribute copies of Microsoft Word you made yourself without permission, Microsoft would sue you into the ground. OpenOffice.org, conversely, is open source, so you have the ability to do just that, but the copyright holders do ask, nonetheless, you do something in return. The license will tell you what.

No comments:

Post a Comment