Open Source License Compliance in the Cloud
Posted by Lacey Thoms on Fri, Aug 05, 2011 @ 08:44 AM
The last post discussed how many cloud applications do not fall under many of the obligations associated with copyleft licenses. Let’s take a look at the obligations of copyleft licenses as well as public domain and permissive licenses.
The variety of licenses currently governing the use of open source software is very large, but about 80 or so are recognized by the Open Source Initiative (OSI) and in reality less than two dozen are widely used. Almost all open source licenses can be widely categorized into three varieties.
• Copyleft licenses have more or less protective (also referred to as restrictive) terms associated with them.
- Weak copyleft licenses include Eclipse Public License (EPL) and Mozilla Public License (MPL). They both allow modification and mixing of the open source code with proprietary code, as long as you make the non-modified open source code available somewhere on line and point to it in the documentation. LGPL (Lesser GPL) license is strongest in this category since it requires modified code to be also released in the source form unless the application only links to the open source LGPL code and does not statically include it in the application.
- Strong copyleft licenses, such as GPL version 2 and version 3, impact software that is distributed. Almost all of these licenses require that any software using all or part of a copyleft open source software to be also released under copyleft obligations (hence the term viral used for these licenses). Another key obligation is that any proprietary code that is a modified version of the GPL code must be made available in source form. Also, GPLv3 specifically disallows use in its entirety or modified form in any DRM applications.
• Public domain licenses are basically free-for-all licenses; you can do anything with them except suing the author.
• Permissive licenses (such as MIT, BSD and Apache licenses) on are very popular, as they can be modified and used in any open source or proprietary application as long as the attributions (copyright comments and the names of original authors/organizations) are not deleted.
Next week I’ll discuss the licensing requirements of using the AGPL license in cloud applications.