[License-discuss] Category "B" licenses at Apache

[Tzeng, Nigel H.]

On 8/26/15, 3:14 AM, "License-discuss on behalf of David Woolley"
<license-discuss-bounces at opensource.org on behalf of
forums at david-woolley.me.uk> wrote:


>On 26/08/15 01:45, Tzeng, Nigel H. wrote:
>> Larry,
>>
>> Scenario A:   I¹m looking for an example in my codebase on how to do Foo
>> (of course) and I find a code snippet to do roughly what I want.  I cut
>> and paste it into where I need it, modify it slightly and move on.
>>   Developers do this all the time.
>
>The purpose of open source is to allow them to do this legally.  Coders
>who do this all the time on published code that doesn't have an open
>source type licence are continually infringing copyright.

>One of the main reasons for the GPL is to ensure a large pool of code
>that cane be re-used and re-purposed, whilst, at the same time ensuring
>that the resulting code goes back into the pool.

Which is great except we are discussing Apache policy and not GPL.  The
point is that once you do this your code is now potentially subject to the
terms of the weak copyleft Category B license without you being aware of
this.

I believe this is the reason that Apache explicitly does not include
source with their Category B components.

>> Scenario B:  I am debugging some code and find a spot where an if test
>> should be <= bar rather than < bar.  I fix it while inside the debugger
>
>That change is going to have insufficient creative content to have any
>copyright associated with it.  So all you have demonstrated there is
>that your organisation's configuration control procedures are broken and
>their ISO 9000 status may need revoking.  In any case, typical copyleft
>licences permit the use of modified versions within an organisation.

I think most folks will understand that if the example above is
insufficient to trigger copyright the point is still clear.  At some point
a (more significant) change could result in an unintentional violation if
the source code is present.

And everyone makes mistakes ISO 9001 or not.  The key is too minimize
avoidable errors through policy/procedures, training and selective use of
3rd party libraries and licenses.  Apache products are generally
considered safe(r) and require less oversight in terms of copyright
issues.   A policy change at Apache to make this less true is probably not
desired by many of its users.

Thank you for your concern regarding our AS9100/ISO 9001:2000 status.
While I am speaking only as an individual on this list and not as a
representative of our organization, we do review our software development
practices quite often to identify weaknesses and areas to improve.
Certification is less important to us than quality development practices.
 
Perhaps it should be general policy or a best practice suggestion not to
include weak copyright source code in projects but only the compiled
binaries even if it makes development and debugging slightly more
annoying.  I may suggest this after thinking about it more or put it up
for discussion on our internal software development list.

Despite my disagreement with Larry the risks ARE relatively low so perhaps
sufficient training/awareness will be sufficient.  But our situation is
different than that of Apache.

>> without realizing that it was in the Category B module.  Since I¹m
>> modifying the Apache product quite a bit anyway was not immediately
>> obvious that when I checked my changes into the local repo for the
>> Apache product that I made a change in the Category B module.  Maybe I
>> simply never knew or had forgotten that I had to be aware there was a
>> category B module.
>
>I believe another intent of the GPL Is that people should be able to
>debug and repair the code that they possess.

And this would be great if the discussion was about GPL but not everyone
wants to use GPL, hence Apache.

Was the title or topic somehow unclear?  Or do you believe members of this
mailing list are unaware of the advantages and disadvantages of the
different types of open source licenses?

Regards,

Nigel