Contributing to or Starting an OS Project What’s in it for your client, and How can you help? Michael Atlass Sr. Director, Legal Counsel Qualcomm Presented at Spring Meeting for AIPLA, Minneapolis. 1
Disclaimer The content of this presentation is for educational purposes, and is provided to the AIPLA for such purposes for the Spring Meeting in Minneapolis in May of The material presented does not reflect the opinion or position of the employer of the presenter. Any perceived or actual overlap is unintentional. -Michael Atlass 2
Agenda Why your client might want to give away code The environment for OS Projects License and Community Considerations Enabling effective use of OS Projects 3
Why give away code? Establish a lead in or creating a new needed software infrastructure for an expanding market. AllSeen, IoTivity, etc., for the IOT Enabling Client products to function using API’s or adapting existing OS Project’s code base to Client’s product or service Linux Kernel – corporate contributions to enable kernel operation on proprietary hardware Creating a shared resource to provide customers with a platform to access your Client’s product or service Chrome to enable easy access to search service, connecting advertisers to users 4
What do Independent Developers get by contributing? If associated with a strong project: Project specific knowledge and skills Marketability Participation in Meritocracy A public persona associated with good works Maintainer status and control? Employability Ability to work with other programmers long distance Connection to a group of like minded individuals with similar skills and worldviews 5
Is it needed in the context of an SDO? Standards Development Organizations are finding that it is useful to include code in their Specifications It is also useful for certification and test code, and reference examples Consider whether the code needs to be Copyleft licensed to encourage contribution back, or can be available under FRAND or other proprietary copyright terms – then chose the OS or proprietary license compatible with those objectives 6
Types of OS Projects Community, Individual, Corporate Sponsored? License? GPL, Apache, ISC, BSD… Supporting a Standard? 6 Section on OS Environment
Common Licenses 8
Merely similar definitions of OS licenses Open Source Initiative web site: Free Software Foundation: sw.html. Red Hat: Wikipedia: Does the OS license have a requirement to license patents Consider the scope. (definition of “Work” or other scope limitations) Also consider whether there is conflict with SDO FRAND policy or corporate goal of exercising control over its patent rights If an OS license has no patent license clause, this is an indication that no license is granted Provides enabling space for explicit clarification. 9
OSI definition of OS license (10 criteria) License must grant royalty free rights to sell or give away in an aggregate distribution, and must include source Must allow modification and distribution of derivatives and may require authors source code to be identified, but may not require execution of any additional license License terms must not discriminate – against persons or groups, fields of endeavor, and cannot be product specific, and must be technology neutral. May not restrict other software “distributed along with” the OS licensed software. 10
FSF Definition of OS Software Short form: users have the freedom to run, copy, distribute, study, change and improve the software Is the right to run the software a patent grant term (execute = use?) 11
Let’s see an example: BSD – 3 Clause Copyright (c), All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 12
There are projects that add patent clauses to the license Three examples, first from the BSD, second the ISC, stating that no patent rights are granted by the permissive SW license, and a third to a BSD, which has a strong patent termination clause associated with it. 1. The above license is used as a license under copyright only. Please refer to the IPR Policy for any applicable patent licensing terms. 2. Except as otherwise expressly stated in the ISC license, the Alliance does not grant any licenses or other rights to any copyrights, patents or other intellectual property for Alliance Code. 3. hereby grants to each recipient of … a royalty free patent license … will terminate if you initiate… any Patent Assertion against, … any party if such Patent Assertion arises from any software, technology, product or service of, or any party relating to the Software…. 13
Apache 2 – OS license example with patent license Considered not compatible with major open source licenses GPLv2 (Linux) and LGPLv2.1, but popular Adds complexity if committed to a option to exercise patent rights IP rights holders must guard against contributing IPR exercised by their code contribution, or they license it for free Apache projects typically have a corresponding CLA Apache’s patent retaliation provision (any patent suit v. the Work or any Contribution discontinues all other’s patent licenses to You) What is a “Work”? And how does it apply to limited contributions? See the Apache CLA, any project in the Foundation? 14
Consider an Apache project Consider also the definition of Work, and Patent grant scope in Apache, and also the related CLA’s definition of Work 15 Foundation Project 1Project 2 Project 1 Component A Project 1 Component B Branch X Branch X.1 File AlphaFile Beta Mod to File Alpha, v1.0
Questions raised by the diagram 16 Under Apache 2, Contributors grant patent rights to their Contribution - and combinations of the Contribution with the Work - but the scope of Work is ambiguous. If one modifies File Alpha (see red box below), what is the “Work”? Is it all code in Project 1? Is it designed to work with another project or branch? What if Project 1 is designed to be compiled with Project 2? (is it combined?) Is all code related and Foundation-managed projects that are licensed under Apache 2? Possibly Not. What if there are different branches are targeted at different platforms? Is it only the one file that was actually modified by the Contribution, or did it necessitate modifications across files? Additional issues: Future versions? As the Work gets modified, to what extent do patent obligations carry forward, especially if an Apache Foundation CLA is used? As it moves from one build to another, do changes in code interconnections matter?
OS licenses can be compatible with strong patent rights Deciding which license to use or accept for a project your client wants to create or support is a business decision Consider what Open Source is to help make that choice Open Source is best described as: (pick one?) a licensing model a cultural model for collaboration a body of software compatible with proprietary software models Incompatible with proprietary software models compatible with FRAND incompatible with FRAND useful only for reference implementations, but not SSO Specifications 17 Section Summary and Quiz
Getting the most from OS Projects Consider the costs and constraints imposed by practical and legal choices, as well as the underlying reason your client chooses it. 18
What is Needed to Support OS Development? A repository for the code Rules for contributions (DCO/SoB or CLA) (i.e., choose: Contributor License Agreement or Developer Certificate of Origin + Signed-off-By statement, or nothing?) A shared and compatible outbound license Shared Ownership? (Who can enforce Copyright rights?) Maintainers, Developers, tools and other infrastructure, security, and associated costs Community may not be willing to share these costs, but other corporate sponsors may 18 Practical Considerations
Making the most of OS projects For Client project Help client decide what the purpose of the project will be Begin with the goal To enable customer use of their proprietary hardware? To be a leader in a new greenfield market? To create an infrastructure platform that needs community support to connect customers to the client’s services or products? Consider the OS license legal requirements, the costs of compliance, the likelihood of success, and what success looks like, and whether losing control over the project is a good thing for the client 20
How to manage contributions to OS projects To your client company’s own projects Responsibility to manage other’s contributions Maintainers to ensure integrity Client employees? Independent developers? Credibility of the maintainers with the community? Project direction? (related to a Standard – led by Specification or does Spec follow code?) Open repository (fees, structural choices) Specify CLA or COA +SoB for all contributions Use code scanning tools too? Choose license wisely to achieve goals for project 21
Managing contributions to OS projects Contributions from client company to someone else’s projects Origination tools (software scanning) Ensure license compatibility with project - and against copyright infringement or misuse of others rights in code Repository maintenance and structure: Git and Gerrit Policy, training, enforcement, support teams, communication channels open, escalation channels Supervisory legal team to support escalations; help resolve internal disputes Community Support (OpenChain, SPDX, community dialog on wikis or ) 22
Your corporate client needs an OS Policy To protect the client when its employees contribute to OS projects or sign CLA’s that jeopardize corporate resources. Suggestion: enable a safety valve and ensure obligation to review terms of use, CLA’s and project licenses requires education, alignment and consistent repeated communications with engineering staff to work To ensure consistent interface with the OS community so that the community sees your client as a reliable contributor To ensure opportunity for due consideration of any outbound code and the license obligations that attach to it And intelligent decision making regarding such considerations 23
Summary Your client might want to give away code to improve its business by connecting customers and suppliers using OS infrastructure it initiates, contributing to enabling OS projects that allow its hardware or service to work effectively, or to support a standard or community project that allows it to integrate into a community of services or products. The environment for OS Projects is crowded with OS License, Community interaction, and practical choices. Enabling effective use of OS Projects demands thoughtful perspective and a useful OS policy. 24
The End 25