Policy for attribution

Philippe Verdy verdy_p at wanadoo.fr
Wed Jul 12 02:27:09 UTC 2006

From: "Matthew Seth Flaschen" <superm40 at comcast.net>
> Russ Nelson wrote:
>> I think we need to develop a policy for attribution, e.g. "Based on
>> TrueCrypt, freely available at http://www.truecrypt.org/".  This is
>> just one example of many.  I don't see community consensus surrounding
>> attribution.  Please discuss.
> This is essentially the "The BSD License Problem" 
> (http://www.gnu.org/philosophy/bsd.html), but worse because some 
> licenses are requiring attribution within the problem.  The best choice 
> would be to state simply that no attribution requirements besides 
> complete reproduction of the copyright statement and license(s) are 
> acceptable.  Obviously, this conflicts with certain existing licenses, 
> including the "EU DataGrid Software License", "Entessa Public License 
> Version. 1.0", and many others.

Do you know that any media without a clear attribution of its author is illegal in many countries, because it's impossible to assert if the licencing terms are valid, or to contact the true authors to see if the publication was authorized and not simply stolen?

I don't see why attribution is bad, as it really helps protecting the licencing terms of an open-source program, and making sure that others will benefir of the same licencing terms; not reproducing the attribution notices is simply stealing the content, possibly by someone who will then decide to apply his own terms, under a different juridiction, where it will be difficult to decide later who's right in the conflicting licences and who will decide in case of conflict, and ultimately who will have to pay in case of infringement.

And finally, not having a clear attribution penalizes the software users because they can't get a clear agreement about the validity of the software they will reuse, modify or redistribute.

But may be we disagree about what is "attribution". For me it's a clear indication of the authors (either initial or contributors) that accepted to licence the content; this indication requires a few things:
* a clear product name (protected along with the content it designates)
* a summary description (of the role of the software, to describe the area of protection of the name and of the content itself)
* a date of first publication
* a clear author name, and a way of contacting him, valid at least at the time of first publication (and preferably during at least 6 months)
* the name of other contributors if they want to be listed and did not simply donated all their rights to the initial author

This takes the form of a legal copyright notice, which should also indicate the existence of licencing terms, and where to find them ; this is exactly what the (L)GPL requires, except that the (L)GPL also requires a denial of warranty, something that should not be needed always as this assistance may be offered separately and decided by each sublicensor, or sold separately as a non-transferable service, possibly by multiple competing service providers, including, but not limited to: training, (un)installation assistance, modification and problem solving when using the software or adapting it to a particular environment, providing financial insurance in case of future patent claims, to cover the cost of this claim, or the defence in courts, or the cost of replacing the affected software, or if the use of the software caused directly or indirectly some physical or financial damage to some people, building or infrastructure, or caused a temporary cessation of public or contractual service.

But may be, this separation of the open licencing terms and of the non-transferable warranty service is what is really meant in the (L)GPL. However, in some juridictions, the complete denial of warranty is illegal because each licensor has some obligations face to his licensees simply because he provides a service and interacts with them, even when they did not pay to get the service

For example, in France, if you get a open-source program from someone that asserts this is open-source and can be used freely, he guarantees to the licensees that he has no knowledge of any patent infringement, and that he did not steal the program. The licensor also publishes indications (considered advertising) which should not be false (false advertizing is condamned in commercial courts, including for services provided at no charge); the rule there is based on a fair trust relation between the licensor and the licensees that must both be honest to each other, even when there's no money transfered!

So the licensor must also not lie about his true identity, and this requires to know the valid licensor contact name, and the attributed authors (if authors can't be determined, then the licensor will assume all responsabilities resulting from a patent infringement, and all other legal responsabilities, but if there's another author, he could immediately complain face to a court that the licensor stole the attribution which not only transfered illegitimately the resposabilities but also some advantages accorded by law or by public reputation to authors, including the right to give different licencing terms or stopping to give more free licences themselves and instead start to work on a commercial version of their program or integrating it in a commercial application)

Without the attribution of authors, it's all the licencing scheme that collapse: why would then a licence be needed, if it's not to protect authors and users of open-source programs? Without attributions or contracts, there's simply NO intellectual property, and in fact NO property at all.

More information about the License-discuss mailing list