O S ! pen

Transcription

O S ! pen
Respecting
Open Source Licenses !
Open Source in Large Companies
Specific Challenges – Re-usable Solutions
Open Source CompLianCe @ Deutsche Telekom
Karsten Reincke
Challenge for Companies
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
Open Source thinks the other way round:
You ever have to know, what you have to do!
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
“PAYING” BY DOING
2014-10-08
2
Challenge for Companies
Solutions @ Telekom
OSL!
R
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
Open Source thinks the other way round:
You ever have to know, what you have to do!
“Free
Free Redistribution
The license shall not restrict any party from selling or
giving away the software as a component of an aggregate
software distribution containing programs from several
different sources. The license shall not require a royalty or
other fee for such sale.”
sale
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
§1 of the Open Source Definition*
2014-10-08
3
Challenge for Companies
OSL!
R
Free Redistribution
Source Code
Derived Works
Integrity of The Author's
Source Code
5. No Discrimination Against
Persons or Groups
6. No Discrimination Against
Fields of Endeavor
7. Distribution of License
8. License Must Not Be
Specific to a Product
9. License Must Not Restrict
Other Software
10. License Must Be
Technology-Neutral
Solutions @ Telekom
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
Open Source thinks the other way round:
You ever have to know, what you have to do!
Lizenz
Lizenz
License
1.
2.
3.
4.
OSI
Lizenz
Lizenz
OS-Licence
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
~
Lizenz
Lizenz
XYZ-Licence
http://opensource.org/osd
OS-Software
XYZ-Software
2014-10-08
4
Challenge for Companies
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
Open Source Initiative maintains the rules:
You ever have to know, what you have to respect!
The world of software licenses
Open Source Initiative
69 OSI approved licenses
OSI
Licence
Review
Process
Process
declare the used declare the used
+ os components os components +
deliver the
deliver the
CDDL
code of the used
code o thef
EPL
os components
used os
EUPL
+
strong OSI approved weak
compodeliver the
LGPL
copycopyAGPL
core
licenses
nents
code of the
left
MPL
left
on-top
permissive
+
GPL
developMsRL
ment
X
BSDBSD-2CL MIT PgL
+
ApacheApache-2.0 MsPL PHPX
PHP-3.0
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
OSI
Licence
Review
Process
Process
BSDBSD-3CL
declare the used os components + x
open source licenses
http://opensource.org/approval
2014-10-08
5
Challenge for Companies
OSL!
R
69
Solutions @ Telekom
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
Open Source Initiative maintains the rules:
You ever have to know, what you have to respect!
>5
> 345
(with respect to
2012-05-11) OSI
certified
‘use’, ‘modify’, ‘distribute’,
‘modify & distribute’,
‘embed’ as
more or less similar
lists of required
actions as
Open Source
Licenses
Open Source Use
Cases
Fulfilling Task
Lists
* http://www.opensource.org/licenses/alphabetical
2014-10-08
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
6
Challenge for Companies
Solutions @ Telekom
OSL!
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
Open Source thinks the other way round:
R
Respect the rules and you are allowed to use, to modify, and to distribute …
determine
find
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
describe
do
2014-10-08
7
Challenge for Companies
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
Open Source thinks the other way round:
Respect the rules and you are already allowed to use, to modify, and to distribute the results!
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
WHO SHALL DO / ENSURE THAT?
WHY is it a challenge for large Companies?
2014-10-08
8
Challenge for Companies
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
Open Source thinks the other way round:
Respect the rules and you are already allowed to use, to modify, and to distribute the results!
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
the larger the company,
the more products,
the more open source software,
the more compliance aspects
the more cost
& the more complexity in the supply chain
2014-10-08
9
Nature of Open Source
Challenge for Companies
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
Open Source Use Cases and the open source supply chain
You ever have to know, what you have to do!
end user
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
open source area
of the internet
reseller
supplier
2013-12-05
10
Challenge for Companies
Solutions @ Telekom
OSL!
Open
Source
Review
Board
process
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
Solution 1: Centralize an internal team of experts
R
the
Telekom
internal
Xtra Challenge: JS
named the (Telekom) Open Source Review Board
The 6 Steps of Handling an Open Source License Support Request
CaseCase-Analysis
documented
anyone
Support
Request
OSRB
Sponsor
Selection
sponsor
experts
Sponsor
Analysis
fast
Informal
Support
Request
Solution
documented
Open
Discussion
OSRB
Final
Discussion
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
sponsor
Solution
Transfer
thoroughly
Preliminary
Solution
Statement
Final
Solution
Statement
2014-10-08
11
Nature of Open Source
Challenge for Companies
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
Solution 2: Develop an Open Source License Compendium …
… for enabling the employees to manage the standard cases independently
The free
•
•
•
•
is commonly developable because of its LaTeX/BibTex nature
is publicly hosted as a GitHub project: https://github.com/dtag-dbu/oslic
is licensed under CC BY-SA 3.0 DE
is open to be collaboratively developed together with the community
http://opensource.telekom.net/oslic
oslic
2014-10-08
12
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Open Source License
Compendium
Li
Nature of Open Source
Challenge for Companies
Solutions @ Telekom
OSL!
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
Solution 3: additionally develop an interactive version
R
… to facilitate the use of the complex rules
The sibling of OSLiC, the
•
•
•
•
is commonly developable: a php / pythonweb application
is publicly hosted as a GitHub project: https://github.com/dtag-dbu/oscad
is licensed under AGPL
is open to be collaboratively developed together with the community
http://opensource.telekom.net/oscad
oscad
demo or die!
2014-10-08
13
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Open Source Compliance Advisor
Ad
Challenge for Companies
Solutions @ Telekom
Xtra Challenge: JS
Xtra Challenge: Maven
OSL!
Xtra Challenge: AGPL
Summary
Be invited, be welcome!
R
We want to collaborate.
http://opensource.telekom.net
net/
net
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
2014-10-08
14
Nature of Open Source
Challenge for Companies
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
Be patient, be realistic!
Sometimes, there is no best way – even in the world of open source software.
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Tragedy
what ever you do, it is wrong!
2014-10-08
15
Challenge for Companies
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
Be patient, be realistic!
Sometimes, you have to manage unsolvable challenges
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
… so, manage your risk!
2014-10-08
16
Nature of Open Source
Challenge for Companies
OSL!
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
The tragedy of java script!
An unsolvable challenge and the second best solution.
“jQuery is a fast, small, and feature-rich JavaScript library.
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
R
Solutions @ Telekom
It makes things like HTML document traversal and manipulation, event
handling, animation, and Ajax much simpler with an easy-to-use API that works
across a multitude of browsers.”
http://jquery.com/
2014-10-08
17
Challenge for Companies
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
The tragedy of java script!
An unsolvable challenge and the second best solution.
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
2014-10-08
18
Nature of Open Source
Challenge for Companies
Solutions @ Telekom
OSL!
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
The tragedy of java script!
R
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
An unsolvable challenge and the second best solution.
http://jquery.com/download/
compressed (production)
uncompressed (development)
2014-10-08
19
Challenge for Companies
Solutions @ Telekom
OSL!
R
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
The tragedy of java script!
An unsolvable challenge and the second best solution.
https://jquery.org/license/
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
„ […] The above copyright notice and this permission notice
shall be included in all copies or substantial portions of the
Software. […]”
http://opensource.org/licenses/MIT
2014-10-08
20
Challenge for Companies
Solutions @ Telekom
Xtra Challenge: JS
OSL!
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
The tragedy of java script!
R
An unsolvable challenge and the second best solution.
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
no
permission
note !
http://code.jquery.com/jquery-2.1.1.min.js
compressed (production)
http://code.jquery.com/jquery-2.1.1.js
uncompressed (development)
2014-10-08
21
Challenge for Companies
Solutions @ Telekom
OSL!
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
The tragedy of java script!
R
An unsolvable challenge and the second best solution.
•
•
Use the libs as they are delivered by the authors
•
Advantage: No unnecessary modification
•
Disadvantage: incompliant use
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
Expand the code by the parts required by the MIT license
•
Advantage: compliant use
•
Disadvantage: unnecessary modification & traffic load
2014-10-08
22
Challenge for Companies
Solutions @ Telekom
OSL!
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
The tragedy of java script!
R
An unsolvable challenge and the second best solution.
We asked the OSI mailing list for guidance
(http://projects.opensource.org/pipermail/licensediscuss/2014-January/001418.html).
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
We got an answer by Mr. Sullivan, director of the FSF
(http://projects.opensource.org/pipermail/licensediscuss/2014-January/001423.html), stating
•
that even RMS discussed this issue (java script trap) &
•
that even the FSF votes for a link based solution : the
license text is not directly included into the package but
delivered by an extra request..
2014-10-08
23
Challenge for Companies
Solutions @ Telekom
Xtra Challenge: JS
OSL!
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
The tragedy of java script!
R
An unsolvable challenge and the second best solution.
We asked the OSI mailing list for guidance [….]
Therefore all pages of
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
http://opensource.telekom.net/ [ oslic | oscad ]
should contain a link to a page describing the used FLOSS
components and the required information
2014-10-08
24
Nature of Open Source
Challenge for Companies
OSL!
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
The tragedy of maven!
An unsolvable challenge and the second best solution.
“Apache Maven is a software project management and
comprehension tool [for Java development tasks].
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
R
Solutions @ Telekom
Based on the concept of a project object model (POM), Maven can manage a
project's build, reporting and documentation from a central piece of
information.”
http://maven.apache.org/
2014-10-08
25
Challenge for Companies
Solutions @ Telekom
OSL!
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
The tragedy of maven!
R
An unsolvable challenge and the second best solution.
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
maven pom file
“POM stands for “Project Object Model”. It is an XML
representation of a Maven project held in a file named
pom.xml. [… It] contains configuration files, as well as […]
the project’s dependencies […]” http://maven.apache.org/pom.html
2014-10-08
26
Challenge for Companies
Solutions @ Telekom
Xtra Challenge: JS
OSL!
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
The tragedy of maven!
R
An unsolvable challenge and the second best solution.
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
clean
…
install
Internet
maven pom file
2014-10-08
27
Challenge for Companies
Solutions @ Telekom
OSL!
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
The tragedy of maven!
R
An unsolvable challenge and the second best solution.
But then you do not know / consider
•
•
•
from where the packages you use come
their level of quality concerning the OS compliance
their licenses (may be embedded strong copyleft?
2014-10-08
28
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
Challenge for Companies
Solutions @ Telekom
OSL!
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
The tragedy of maven!
R
An unsolvable challenge and the second best solution.
•
Distribute only your source code and the maven pom files
•
•
•
Use maven as it is intended to be used
•
•
•
Advantage: The user has to fulfill the licenses
Disadvantage: not very customer friendly
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
Advantage: Maven does what otherwise you have to do
Disadvantage: probably incompliant distribution
Close the repository,
repository synch the pom file to the gathered
versions, in all gathered packages add / improve all parts
with respect to the needs of the license
•
•
Advantage: compliant use
Disadvantage: you are using maven in the spirit of ant
2014-10-08
29
Challenge for Companies
Solutions @ Telekom
OSL!
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
The tragedy of maven!
R
An unsolvable challenge and the second best solution.
•
Distribute only our source code and the maven pom files
•
•
•
•
Advantage:
Advantage The user has to fulfill the licenses
Disadvantage: not very customer friendly
Acceptable: in case of real developer releases (git)
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
Close our repository, synch our pom file to the gathered
versions, repair all gathered packages that do not fulfill
their own license requirements
•
•
•
Advantage: compliant use
Disadvantage: you are using maven in the spirit of ant
Acceptable [?]:
[?]: in case of rarely published binary versions
2014-10-08
30
Nature of Open Source
Challenge for Companies
OSL!
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
The tragedy of the AGPL!
An unsolvable challenge and the second best solution.
The GNU Affero General Public License is the open
source license for cloud software
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
R
Solutions @ Telekom
It contains nearly the same text like the GPL-3 - except §13, the “Remote
Network Interaction”:
“[…] if you modify the Program, your modified version must prominently offer all
users interacting with it remotely through a computer network […] an
opportunity to receive the Corresponding Source of your version by providing
access to the Corresponding Source from a network server at no charge […]
http://www.gnu.org/licenses/agpl.html §13
2014-10-08
31
Nature of Open Source
Challenge for Companies
OSL!
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
The tragedy of the AGPL!
An unsolvable challenge and the second best solution.
(Un)Fortunately, the AGPL3 and the GPL3 are very clear
when they talk about the “Corresponding Source” :
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
R
Solutions @ Telekom
“The ‘Corresponding Source’ for a work […] means all the source code needed
to generate, install, and (for an executable work) run the object code and to
modify the work, including scripts to control those activities.
However, it does not include the work's System Libraries, or general-purpose
tools or generally available free programs which are used unmodified in
performing those activities but which are not part of the work”.
http://www.gnu.org/licenses/agpl.html §1
2014-10-08
32
Challenge for Companies
Solutions @ Telekom
Xtra Challenge: JS
OSL!
Xtra Challenge: AGPL
Summary
The tragedy of the AGPL!
R
PYTHON LIB
Xtra Challenge: Maven
An unsolvable challenge and the second best solution.
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
Corresponding
Source
generally available free programs which are
used unmodified in performing those
activities but which are not part of the work
System Libraries & general-purpose tools
2014-10-08
33
Challenge for Companies
Solutions @ Telekom
Xtra Challenge: JS
OSL!
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
The tragedy of the AGPL!
R
An unsolvable challenge and the second best solution.
•
•
Deliver OSCAd and a complete python distribution
•
Advantage: compliant use
•
Disadvantage: impracticable scope
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
Deliver only OSCAd
•
Advantage: a practicable scope
•
Disadvantage: incompliant use
2014-10-08
34
Challenge for Companies
Solutions @ Telekom
Xtra Challenge: JS
OSL!
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
The tragedy of the AGPL!
R
An unsolvable challenge and the second best solution.
•
We declared that in OSCAd 2.0 the AGPL does not cover
the (basic) python script libraries
•
We could do that because we are
•
the initial authors
•
the copyright owners
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
2014-10-08
35
Challenge for Companies
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
Tragedies of Open Source …
… can nevertheless be managed.
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
2014-10-08
36
Nature of Open Source
Challenge for Companies
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
Be invited, be welcome!
We want to collaborate.
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Many thanks for your time and attention!
k.reincke@telekom.de
http://www.oslic.org/
2014-10-08
37
Challenge for Companies
OSL!
R
•
•
•
•
•
•
•
Solutions @ Telekom
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
references!
for using elements compliantly.
pictures of owls (public domain):
• https://openclipart.org/detail/168873/owl-with-ebook-reader-by-bocian
• https://openclipart.org/detail/168877/owl-with-notebook-by-bocian
• https://openclipart.org/detail/168872/owl-with-derby-by-bocian
parthenon icon (public domain): http://www.clker.com/clipart-250347.html
tragedy mask (public domain):
• https://openclipart.org/detail/181406/tragic-mask-by-liftarn-181406
• https://openclipart.org/detail/184850/comedy-and-tragedy-by-arvin61r58-184850
computer icons (public domain):
• https://openclipart.org/detail/171422/server---linux-by-cyberscooty-171422
• https://openclipart.org/detail/166823/modern-desktop-by-gsagri
• https://openclipart.org/detail/198693/mono_text_block-by-dannya
• https://openclipart.org/detail/197312/mono_javascript-by-dannya
MIT license logo :- http://opensourcetoday.org/wp-content/uploads/2014/02/256px-License_icon-mit.svg_.png
File icons(public domain):
• https://openclipart.org/detail/25559/JAVA-by-Andy
g
2014-10-08
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
38