[License-discuss] Using opensource in a company not in the software business

FREJAVILLE Etienne etienne.frejaville at coface.com
Thu Dec 1 09:57:03 UTC 2016


Thank you for the link below that I had searched without success.
Moreover this discussion helped me better understand the terminology (still lightly ambiguous, but after all it’s the problem with natural language, no ? ;-))
I see that it can become very tricky with some licences and particular technologies..
I think the best is to start with licences that are clearly permissive for our situation, and have our legal department keep an eye on that. They’ll decide what to do for other situations more subtle.

Best regards.

Etienne

De : License-discuss [mailto:license-discuss-bounces at opensource.org] De la part de Radcliffe, Mark
Envoyé : mardi 29 novembre 2016 19:36
À : license-discuss at opensource.org
Objet : Re: [License-discuss] Using opensource in a company not in the software business

And being compliant is the right thing to do.

From: License-discuss [mailto:license-discuss-bounces at opensource.org] On Behalf Of Ben Tilly
Sent: Tuesday, November 29, 2016 10:32 AM
To: License Discuss
Subject: Re: [License-discuss] Using opensource in a company not in the software business

If you host the software on a server and they hit that API, this does not count as distribution.  But there are licenses, such as the AGPL, that will still cause you problems there.

The exact definition of when linking creates a derivative work has not to my non-lawyerly knowledge been litigated.  Many lawyers think that the GPL FAQ is overly optimistic about how much power the license will have if litigated.  On the other hand staying within its suggestions greatly limits the odds of problems down the road.

In general each open source license aims to allay some fear that the author of the software had.  Some, like the MIT and Apache licenses, protect the authors and otherwise make it easy to use the code as you see fit.  Others, like the GPL, avoid having someone build something cool on your software while refusing to let you see/build on that.

It is likely easiest for you to start with https://en.wikipedia.org/wiki/Comparison_of_free_and_open-source_software_licenses#FOSS_licenses<https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_Comparison-5Fof-5Ffree-5Fand-5Fopen-2Dsource-5Fsoftware-5Flicenses-23FOSS-5Flicenses&d=CwMGaQ&c=3wvJ0zJmnOH4EwE3NZ_dojrpL7MAvp0sk6CwidQglYA&r=jdsm-qkq-Mk027Redh3Cbs2iQvbzFXesOa4hf4yZVks&m=TCa2aR4yZuooZ9ly4VCCQamoHgdZUjTkxjRXc5AWU0I&s=7hP38b5LRT5dyIs80y8_uKD1W7fMJ3ZompMtamxH024&e=>, decide where your comfort level is, and try to only use software on one side of that.  That's a lot easier than staying careful about exactly how you use each piece of software.

Alternately you can decide that you are not in the software business after all, give away all distributed software with source, and charge for access to a service that you maintain.  (And avoid the AGPL!)

On Tue, Nov 29, 2016 at 12:27 AM, FREJAVILLE Etienne <etienne.frejaville at coface.com<mailto:etienne.frejaville at coface.com>> wrote:
Hello,

Thank you for the answers. It seems that we are concerned even though we don't sell the software provided to the customer.
Apparently, the fact that the customer uses the software from the outside of the company counts as a 'distribution'.

I may submit that topic to our lawyers, but before I have more precise questions related, concerning particular uses of licences, to be sure I understand them correctly.
And I agree not to trust 'as is' answers from a mailing list, but it's a good start!

It seems that Apache, BSD, MIT... licences do not cause particular problems in our context (and in general).

Concerning GPL, I have found in the GPL's FAQ that:

"The community expects that all code linked to GPL code will be licensed under the GPL, even if the link is made at runtime using a shared library"

Does it means that in that case we should release publicly under the GPL licence any of our source code that use the open source libraries ?
If true, does indirect usages are also concerned ? Libraries that call libraries that call open source libraries will also have to be licenced under the GPL licence ?

Concerning LGPL, knowing that the user cannot modify our code as it's proprietary, I understand that using Java libraries for example is not possible as he must be able to
(§ 4 of the LGPL V3 : ) "...  recombine or relink the Application with a modified version of the Linked Version to produce a modified Combined Work".

But using Opensource javascript LGPL library without providing source code should be possible if I understand well.
Indeed, if the code using the opensource uses it as a reference to a library on a distant domain, the user can get the benefits of the latest version of the library used by our code if he wants.

E.g , if displaydate.js is an open source library released under the LPGP licence, in our code:

<script src="displaydate.js" type="text/javascript">
</script>

would be an incorrect usage, whereas:

<script src="http://www.yahoo.com/displaydate.js<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.yahoo.com_displaydate.js&d=CwMGaQ&c=3wvJ0zJmnOH4EwE3NZ_dojrpL7MAvp0sk6CwidQglYA&r=jdsm-qkq-Mk027Redh3Cbs2iQvbzFXesOa4hf4yZVks&m=TCa2aR4yZuooZ9ly4VCCQamoHgdZUjTkxjRXc5AWU0I&s=OvmN-UgJQOG7J5wcI3Ps85Du8qUqD1FT08vQ7dFsd-8&e=>">
</script>

would be a correct usage.

Is it correct ?

Thank you.

Cordialement, Best regards.

Etienne


De : License-discuss [mailto:license-discuss-bounces at opensource.org<mailto:license-discuss-bounces at opensource.org>] De la part de Radcliffe, Mark
Envoyé : lundi 28 novembre 2016 22:55
À : license-discuss at opensource.org<mailto:license-discuss at opensource.org>
Cc : cooi at theiet.org<mailto:cooi at theiet.org>
Objet : Re: [License-discuss] Using opensource in a company not in the software business

I agree with Ben.  Lawyers with open source experience will dramatically decrease your costs.  You should also consider consulting Heather Meeker’s book: https://www.amazon.com/Open-Source-Business-Practical-Licensing/dp/1511617772/ref=sr_1_1?ie=UTF8&qid=1480369990&sr=8-1&keywords=open+source+for+business+meeker<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.amazon.com_Open-2DSource-2DBusiness-2DPractical-2DLicensing_dp_1511617772_ref-3Dsr-5F1-5F1-3Fie-3DUTF8-26qid-3D1480369990-26sr-3D8-2D1-26keywords-3Dopen-26-2343-3Bsource-26-2343-3Bfor-26-2343-3Bbusiness-26-2343-3Bmeeker&d=CwMGaQ&c=3wvJ0zJmnOH4EwE3NZ_dojrpL7MAvp0sk6CwidQglYA&r=jdsm-qkq-Mk027Redh3Cbs2iQvbzFXesOa4hf4yZVks&m=TCa2aR4yZuooZ9ly4VCCQamoHgdZUjTkxjRXc5AWU0I&s=zrUEvmKneAfJOhfNJUDJC7abUwC3nR1MdWZm0CyITHY&e=>

From: License-discuss [mailto:license-discuss-bounces at opensource.org] On Behalf Of Ben Tilly
Sent: Monday, November 28, 2016 11:44 AM
To: License Discuss
Cc: cooi at theiet.org<mailto:cooi at theiet.org>
Subject: Re: [License-discuss] Using opensource in a company not in the software business

Nigel's list is biased towards paranoia.  Paranoia is a healthy default  But it is OK, for example, to ship useful standalone GPL tools to customers in a zip file that happens to also contain proprietary code of yours that does not use those tools.

As always, if in doubt you should consult a lawyer and the license.  And don't rely on opinions from a mailing list.

One final note, I would recommend that it may be worth your while to find a lawyer with open source experience, and not just familiarity with intellectual property.  Open source licenses are somewhat unusual, and there are common misunderstandings around, for instance, how the GPL works that a general lawyer is likely to spend time working through the first time.  (Is this a contract?  Does it apply if it is not a contract?)  While lawyers are generally happy to research things on your dime, this is not always an efficient use of your money...

On Mon, Nov 28, 2016 at 9:29 AM, Tzeng, Nigel H. <Nigel.Tzeng at jhuapl.edu<mailto:Nigel.Tzeng at jhuapl.edu>> wrote:
Cindy advice is best but the quick and dirty answer for you given the two things you stated:

  *   We do not modify or enhance the open source code of the used libraries.
  *   At last, our code must be kept as proprietary and we don’t consider providing the source code using the opens source libraries.
Good:  Apache, BSD, MIT and other permissively licensed open source code.

Maybe Good:  LGPL, MPL and weak copyleft licensed open source code.

Not Good:  GPL and any strong copyleft licensed open source code.

Review your code base and anything that used GPL source code in an Android/iOS app or Windows/MacOS/Linux program is an issue.  On your internal server if you used any AGPL code it may be an issue.

Your normal lawyer should be able to find you an IP lawyer but you might as well start going over your code base.

Regards,

Nigel

From: License-discuss <license-discuss-bounces at opensource.org<mailto:license-discuss-bounces at opensource.org>> on behalf of Cinly Ooi <cinly.ooi at gmail.com<mailto:cinly.ooi at gmail.com>>
Reply-To: "cooi at theiet.org<mailto:cooi at theiet.org>" <cooi at theiet.org<mailto:cooi at theiet.org>>, License Discuss <license-discuss at opensource.org<mailto:license-discuss at opensource.org>>
Date: Monday, November 28, 2016 at 7:51 AM
To: License Discuss <license-discuss at opensource.org<mailto:license-discuss at opensource.org>>
Subject: Re: [License-discuss] Using opensource in a company not in the software business

You _are_ in the software business.
The correct person to evaluate your case is your lawyer.
As Woolley said, regardless of which the license of the software you choose uses, you still have responsibility under open source license, and your customers have expectations as provided for by the license.

It is the same whether it is open source license or close source license
Your lawyer will look at each license you need to use and apply it to see whether it meets your business objective.

Another good place to start is to see is there any local people who can talk you through it for the price of a coffee. However, your lawyer has the final say.


Best Regards,
Cinly

*****
“There should not be an over-emphasis on what computers tell you, because they only tell you what you tell them to tell you,” -- Joe Sutter, Boeing 747 Chief Engineer.

On 28 November 2016 at 10:23, FREJAVILLE Etienne <etienne.frejaville at coface.com<mailto:etienne.frejaville at coface.com>> wrote:
Hello,

I'm sorry for asking a question that has probably been answered in the past, but I couldn't find a clear and precise answer on the subject on your website or any web resource.

We are a private company and we wonder how to deal with developments using open source.

First of all we are not a software company, and therefore we just provide software applications to our customers, so that they can use our services/buy our products.

We develop with code that may use opensource, both:

- 1. Pure internal software
- 2. Software for our customers provided as Web applications (that obviously interacts with a part of our internal software).
- 3. Software for our customers provided as mobile applications (IOS&Android apps) that interacts with a part of our internal software.

The usage we make of opensource, is either use the opensource products as standalone products (e.g Maven, Kados..), or use them ‘as is’ as libraries (most java or javascript) (e.g POI, jQuery...).
We do not modify or enhance the open source code of the used libraries.
At last, our code must be kept as proprietary and we don’t consider providing the source code using the opens source libraries.

I have read quite a few pages on the opensource.org<https://urldefense.proofpoint.com/v2/url?u=http-3A__opensource.org&d=CwMGaQ&c=3wvJ0zJmnOH4EwE3NZ_dojrpL7MAvp0sk6CwidQglYA&r=jdsm-qkq-Mk027Redh3Cbs2iQvbzFXesOa4hf4yZVks&m=mb6Xv_IQ0-9vyxXoreSfoPx986ZZ17jIvvSEeZzr_m0&s=cW_7dVP6ausJzvov6lbFHOGhMdXgxspnB24JX4mlUFU&e=> website, the FAQ and other external papers, but it seems that the licences discussions and restrictions, concern most of the time the usage of the open source in commercial products, or concern the distribution of open sources modifications.

First of all, I would like to know if a software provided to our customers in our case, is considered in the open source terminology as a 'customer product'.
Second, I would like to understand what 'distribution' stands for. Is distributing a web application or mobile application considered 'distribution' ?
We provide some binary code that may contain usages of open source libraries, to some of our subsidiaries. Is it also considered as 'distribution' ?

The idea behind these questions is to know if in fact we have to care about using Open source software or not in our situation..

If indeed we provide a commercial product and we are considering distributing software that may require the usage of opensource libraries for being able to work, indeed, I guess we are concerned by Open source usage.
If it's the case, I will have more precise questions regarding the usage we make of these libraries, to understand what licences we may use and what we may not.

Thank you.
**********************************************************************
Le groupe Coface, un leader mondial de l'assurance-crédit, propose aux entreprises du monde entier des solutions pour les protéger contre le risque de défaillance financière de leurs clients. Ses 4 400 collaborateurs assurent un service de proximité dans 67 pays.

The Coface Group, a worldwide leader in credit insurance, offers companies around the globe solutions to protect them against the risk of financial default of their clients. 4 400 staff in 67 countries provide a local service worldwide.


Confidentialité/Internet disclaimer

Ce message ainsi que les fichiers attachés sont exclusivement adressés aux destinataires désignés et peuvent contenir des informations à caractère confidentiel. Si vous n'êtes pas le destinataire désigné, merci de prendre contact avec l'expéditeur et de détruire ce message, sans en faire un quelconque usage ni en prendre aucune copie.
Les messages électroniques sur Internet peuvent être interceptés, modifiés, altérés, détruits, ou contenir des virus. L'expéditeur ne pourra être tenu responsable des erreurs ou omissions qui résulteraient de la transmission par voie électronique.

This message and the attachments are exclusively addressed to their designated addresses. If you are not the intended recipient, please contact the sender and delete the message without making any use or copying it.
E-Mail transmissions could be intercepted, corrupted, lost, destroyed or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission.
**********************************************************************

_______________________________________________
License-discuss mailing list
License-discuss at opensource.org<mailto:License-discuss at opensource.org>
https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.opensource.org_cgi-2Dbin_mailman_listinfo_license-2Ddiscuss&d=CwMGaQ&c=3wvJ0zJmnOH4EwE3NZ_dojrpL7MAvp0sk6CwidQglYA&r=jdsm-qkq-Mk027Redh3Cbs2iQvbzFXesOa4hf4yZVks&m=mb6Xv_IQ0-9vyxXoreSfoPx986ZZ17jIvvSEeZzr_m0&s=OQ2JBElTCY-xLYUEDNIEGPMqzktuIhVn_Ymm_-H2Qio&e=>


_______________________________________________
License-discuss mailing list
License-discuss at opensource.org<mailto:License-discuss at opensource.org>
https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.opensource.org_cgi-2Dbin_mailman_listinfo_license-2Ddiscuss&d=CwMGaQ&c=3wvJ0zJmnOH4EwE3NZ_dojrpL7MAvp0sk6CwidQglYA&r=jdsm-qkq-Mk027Redh3Cbs2iQvbzFXesOa4hf4yZVks&m=mb6Xv_IQ0-9vyxXoreSfoPx986ZZ17jIvvSEeZzr_m0&s=OQ2JBElTCY-xLYUEDNIEGPMqzktuIhVn_Ymm_-H2Qio&e=>

Please consider the environment before printing this email.

The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster at dlapiper.com<mailto:postmaster at dlapiper.com>. Thank you.
**********************************************************************
Le groupe Coface, un leader mondial de l'assurance-crédit, propose aux entreprises du monde entier des solutions pour les protéger contre le risque de défaillance financière de leurs clients. Ses 4 400 collaborateurs assurent un service de proximité dans 67 pays.

The Coface Group, a worldwide leader in credit insurance, offers companies around the globe solutions to protect them against the risk of financial default of their clients. 4 400 staff in 67 countries provide a local service worldwide.


Confidentialité/Internet disclaimer

Ce message ainsi que les fichiers attachés sont exclusivement adressés aux destinataires désignés et peuvent contenir des informations à caractère confidentiel. Si vous n'êtes pas le destinataire désigné, merci de prendre contact avec l'expéditeur et de détruire ce message, sans en faire un quelconque usage ni en prendre aucune copie.
Les messages électroniques sur Internet peuvent être interceptés, modifiés, altérés, détruits, ou contenir des virus. L'expéditeur ne pourra être tenu responsable des erreurs ou omissions qui résulteraient de la transmission par voie électronique.

This message and the attachments are exclusively addressed to their designated addresses. If you are not the intended recipient, please contact the sender and delete the message without making any use or copying it.
E-Mail transmissions could be intercepted, corrupted, lost, destroyed or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission.
**********************************************************************

_______________________________________________
License-discuss mailing list
License-discuss at opensource.org<mailto:License-discuss at opensource.org>
https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.opensource.org_cgi-2Dbin_mailman_listinfo_license-2Ddiscuss&d=CwMGaQ&c=3wvJ0zJmnOH4EwE3NZ_dojrpL7MAvp0sk6CwidQglYA&r=jdsm-qkq-Mk027Redh3Cbs2iQvbzFXesOa4hf4yZVks&m=TCa2aR4yZuooZ9ly4VCCQamoHgdZUjTkxjRXc5AWU0I&s=hRSeiFXCcxMJf5dTk6oFpw_cwF-dzeXhnNlGRWb0RTQ&e=>

Please consider the environment before printing this email.

The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster at dlapiper.com<mailto:postmaster at dlapiper.com>. Thank you.

**********************************************************************
Le groupe Coface, un leader mondial de l'assurance-crédit, propose aux  entreprises du monde entier des solutions pour les protéger contre le risque de défaillance financière de leurs clients. Ses 4 400 collaborateurs assurent un service de proximité dans 67 pays.

The Coface Group, a worldwide leader in credit insurance, offers companies around the globe solutions to protect them against the risk of financial default of their clients. 4 400 staff in 67 countries provide a local service worldwide. 


Confidentialité/Internet disclaimer

Ce message ainsi que les fichiers attachés sont exclusivement adressés aux destinataires désignés et peuvent contenir des informations à caractère confidentiel. Si vous n'êtes pas le destinataire désigné, merci de prendre contact avec l'expéditeur et de détruire ce message, sans en faire un quelconque usage ni en prendre aucune copie.
Les messages électroniques sur Internet peuvent être interceptés, modifiés, altérés, détruits, ou contenir des virus. L'expéditeur ne pourra être tenu responsable des erreurs ou omissions qui résulteraient de la transmission par voie électronique.

This message and the attachments are exclusively addressed to their designated addresses. If you are not the intended recipient, please contact the sender and delete the message without making any use or copying it.
E-Mail transmissions could be intercepted, corrupted, lost, destroyed or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission.
**********************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20161201/aaa2666f/attachment.html>


More information about the License-discuss mailing list