[License-discuss] open source licenses addressing malicious derivatives

Christopher Sean Morrison brlcad at mac.com
Wed Jun 22 20:40:05 UTC 2016


Is there any OSI-approved license that provides injunctive relief to an original author in the situation of a bad actor creating a damaging derivative?  To figure this out, I’ve been researching and trying to sort out:

1) which existing OSI-approved licenses impose derivative requirements (e.g., such that others must rename, that changes must be itemized, etc) and,

2) whether such a requirement makes the license de facto GPL/LGPL-incompatible?

For #1, I know CDDL has a required notice of authorship of modifications but didn’t see anything else at least amongst the popular licenses.  I know that license+trademark protection is the primary method for several notable open source products (e.g., Firefox), but getting an injunction solely on failing to announce modifications seems weak. 

I think the answer to #2 is “probably”, as anything that would hold up in court would likely be an additional requirement, forbidden by the GNUs, but would appreciate any insights.

The backdrop for this is an author reasonably going to court and obtaining injunctive relief should some bad actor distribute a derivative that was specifically designed to cause some surreptitious harm to the original author.  Not just a hypothetical case.

Consider governmental actors where the outcome is political or newsworthy in nature.  State Agency embraces open source, releases “State Agency's Super Something Yellow”.  Bad actor modifies and gets a bad SASSY into the marketplace.  Is there anything outside of trademark registration that would help State Agency save face and/or get injunctive relief more easily?

Cheers!
Sean

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20160622/538e2977/attachment.html>


More information about the License-discuss mailing list