[License-discuss] [Non-DoD Source] Re: US Army Research Laboratory Open Source License proposal

Mon Jul 25 12:46:55 UTC 2016

> -----Original Message-----
> From: License-discuss [mailto:license-discuss-bounces at opensource.org] On 
> Behalf Of Gervase Markham
> Sent: Saturday, July 23, 2016 5:09 AM
> To: license-discuss at opensource.org
> Subject: [Non-DoD Source] Re: [License-discuss] US Army Research Laboratory 
> Open Source License proposal

> On 22/07/16 22:01, Karan, Cem F CIV USARMY RDECOM ARL (US) wrote:
> > Unfortunately, we cannot directly use the Apache 2 license for all of
> > our code.  Most of our researchers work for the US Federal Government
> > and under US copyright law any works they produce during the course of
> > their duties do not have copyright attached, so we have to rely on
> > contract law as a protection mechanism within the USA.
>
> Is there not a large problem here, as you have turned what is currently a 
> license into a contract, and yet it is still titled "license"?
>
> Does the OSI approve contracts?
>
> And am I about to get various opinionated lawyers telling me that the 
> license/contract distinction is bogus? :-)

I'm not a lawyer, I have no idea, and I'm NOT going to go there! :)

> Also, another question for Cem: what do you mean by "a protection 
> mechanism"? If you are trying to release something under liberal
> open source terms like Apache, and it turns out that the USG doesn't hold 
> copyright in the thing anyway, isn't that "job done"? What
> needs "protecting"? Things like misrepresentation are surely already illegal 
> without you needing to say so in an agreed document.
>
> Gerv

There are several things we're trying to do.

1) Put out a notice to the world that the code covered under the license is 
'AS-IS'; the whole 'no warranty' part in the Apache 2.0 license.  This needs 
to cover not only the USG, but also any contributors.  The USG is (in my 
opinion) well-funded and capable of defending itself.  Persons or entities 
that are charitable enough to contribute to our projects may not be; I 
personally would consider it to be poor form to leave them unprotected after 
they've been kind enough to help with our projects.  Notifying anyone that 
downloads the code that there is no warranty helps protect against liability.

2) Prevent misrepresentation.  Since USG works don't have copyright 
protection, we're somewhat limited in how we can stop others from distributing 
derivative works that are claimed to be the originals, especially if those 
derivatives turn out to be malicious in some manner.  Trademark law is one way 
we can stop such activity, and is one of the few proactive methods we can use, 
where we don't have to prove a crime has occurred, but merely have to show 
that our trademarks are being misused.

3) Preventing trolling.  A personal concern I have is if someone maliciously 
contributes material with the intent of suing anyone that downloads it for 
patent or copyright infringement.  Once again, the USG is (in my opinion) 
well-funded and quite capable of defending itself.  However, not everyone that 
downloads projects we've sponsored or distributed are as capable.  Preventing 
patent trolls/copyright trolls/other types of IP trolls from using our 
projects as launching points for an attack protects not only the USG's 
reputation, but also protects innocent users of our projects.  In short, in my 
opinion, it is the right thing to do.

I hope that answers your questions.

Thanks,
Cem Karan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5559 bytes
Desc: not available
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20160725/46c819c1/attachment.p7s>