[License-discuss] Reverse Engineering and Open Source Licenses

Ben Tilly btilly at gmail.com
Thu Mar 5 02:50:50 UTC 2015


Sorry, but this is a ridiculously heavyweight way of thinking about
things.  The problem with thinking in a heavyweight fashion is that it
is easy to lose track of what is going on, and hard for anyone else to
wade through it and point out the error.  However I'll try.

On page 6 you are arguing for a specific interpretation based on your
claim that an alternate one would not achieve the aims of the drafters
of the LGPL.  But you set up a false dichotomy.  There are other
possible interpretations that you have not considered.  And rather
than trying to reason it out from first principles, it is better to
just ask the source.

The intended interpretation of the drafters is made clear at
https://www.gnu.org/licenses/gpl-faq.html#LGPLStaticVsDynamic.  They
distinguish by how the software is distributed.  If you distribute
code that dynamically links to an LGPL library that is already
present, you have not created a Combined Work.  On the other hand if
you distribute the library you will dynamically link to with your
code, you *have* created a Combined Work.  There is a grey area where
you distribute both, but not at the same time.  My suspicion is that
they would at that point distinguish based on whether or not you
intend to link them.

Before you argue against this interpretation, I remind you that your
argument on page 6 rests on the expertise of the drafters of the
license.  In your words, "We know that the inventors of the GNU
licenses and GNU software are very sophisticated experts."  But if you
accept them as experts, you are in no position to argue about what
they say about how their own license is supposed to be interpreted.

For the record, I am not a lawyer.  This is not legal advice.  And in
common law countries, until a legal precedent is set, there is no way
to tell whether the courts will interpret the license in the way that
the drafters hope they will.

On Wed, Mar 4, 2015 at 7:16 AM, Reincke, Karsten <k.reincke at telekom.de> wrote:
> Dear Colleagues;
>
>
>
> In the past I was involved in some full discussions concerning the issue
> ‘reverse engineering and open source licenses’. Although personally
> esteeming and inspiring, such discussions sometimes became a bit explosive:
> If – at least – the LGPL-v2 indeed requires to allow the reverse engineering
> of those programs which use LGPL-v2 licensed components, then companies are
> not able to protect these ‘private’ programs against revealing the embedded
> business relevant secrets, even if they do not distribute the corresponding
> source code. And – as far as I know – at least some companies have therefore
> forbidden to link essential programs against the LGPL-v2.
>
>
>
> I have taken the view that this ‘rule of reverse engineering’ cannot be
> applied  in case of distributing dynamically linkable programs. By arguing
> that way,  I caused astonishment and dissents. But often, I was also asked
> to note down my argumentation, because some of my partners wanted to review
> it in detail.  They had the hope to get a solution for conflict of using
> open source software compliantly and protecting their business relevant
> software.
>
>
>
> During the last two month, I had the pleasure to fulfill this request by
> writing the corresponding article. Now, I am indeed sure that all important
> open source licenses including the LGPL-v2 allow reverse engineering only in
> case of distributing statically linked programs. Moreover: I am definitely
> sure, that none of these open source licenses requires to allow reverse
> engineering in case of distributing dynamically linkable programs and that
> particularly even the LGPL-v2 does not require reverse engineering in case
> of distributing dynamically linkable programs.
>
>
>
> Unfortunately, the deduction of this position had to become more complex
> than initially thought. But fortunately, it could preserve a
> straight-forward argumentation: After having started with a linguistic
> disambiguation and transposing the license statements into a logical
> formula, it derives the results by using logic ways of inferring a
> conclusion. And this method is applied for the LGPL-v2, for the LGPL-v3, and
> for the other most important open source licenses. Hence, for now, I – for
> myself - am indeed sure, that my argumentation is valid and mandatory.
>
>
>
> But subjective certainty is not enough. As long as we do not have a legal
> decision, the best way to become sure is to invoke a discussion (and a
> consensus) by publishing the results. For that purpose, we decided, not only
> to insert the analysis into the OSLiC, but to distribute that chapter also
> as an autonomous article
> (http://opensource.telekom.net/oslic/en/planning/results.html ). Thus, it is
> also licensed under the der CC-BY-SA-3.0. So, feel free to use it, to modify
> it, and/or to share it. The sources of the pdf are part of the OSLiC
> repository (https://github.com/dtag-dbu/oslic/ ).
>
>
>
> We, Deutsche Telekom AG and I, Karsten Reincke, are indeed hoping to having
> contributed something which simplifies the compliant use of open source
> software.
>
>
>
> With best regards any many thanks for all the encouraging discussions -
> especially to Mrs. Karen Copenhaven, Mr. Armin Taldur, and Mr. Claus Peter
> Wiedemann Sincerely Your Karsten Reincke
>
>
>
> ---
>
> Deutsche Telekom Technik GmbH  / Cloud Infrastructure
>
> Karsten Reincke, PMP®, Senior Expert Key Projects - Open Stack Complexity-
> and Compliancemanagement
>
> [display complete signatur:
> http://opensource.telekom.net/kreincke/kr-dtag-sign-en.txt ]
>
>
>
>
> _______________________________________________
> License-discuss mailing list
> License-discuss at opensource.org
> http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
>



More information about the License-discuss mailing list