[License-discuss] open source licenses addressing malicious derivatives

Christopher Sean Morrison brlcad at mac.com
Thu Jun 23 18:14:26 UTC 2016

Hi Charles,

Thanks for the response and apologies in advance on the html-encoding; responding from a web client that doesn't let me recode the message.

Judges are likely to support reasonable contractual terms, but they will evaluate the specific circumstances at hand and have no obligation to blindly agree that something-or-other causes irreparable harm just because a contract says that it does:

The injunction request would stem from someone not adhering to the license / agreement terms, regardless of whether it is causing harm (though it's probably easy to argue that someone not conforming with reasonable terms is causing de facto harm).

1) which existing OSI-approved licenses impose derivative requirements (e.g., such that others must rename, that changes must be itemized, etc) and,

The old BSD license and the zlib license also have mandatory attribution clauses.

Failing to provide attribution isn't the issue.  It's negative association:  changes made that the original author does not want to have associated with them.


Indeed. Beyond that, requiring modified versions to have changes be clearly identified is reasonable and compatible with the OSD. Requiring changes to be announced or made available to the original authors would violate the OSD.

One of the goals is to allow people to modify software to suit themselves. Unless they redistribute the changed versions to external parties, people should have the right to make private changes.

Absolutely.  How to enable and preserve that freedom without negatively affecting the original author.

Releasing software under an Open Source license means that the original author cannot prevent someone from changing that software, even in ways that the original author does not like. This is intentional.

Yes, unquestionably.

Now, if a bad actor does something against the law-- anything from harrassment, wrongful removal of copyright statements, or explicit violations of the Computer Fraud and Abuse Act-- then the author would have valid grounds for requesting damages and/or injunctive relief against the wrongful conduct.

Consider a case that is not necessarily against the law but still damaging (probably politically) in nature.

Maybe I take your software and change the splash screen to a tabloidesque picture of Jesus hugging Muhammad holding a pride flag while sitting on a Balrog's lap and I redistribute.  Maybe I even get my version accepted into the Google Play Store and it makes news headlines.  OSD says I have that right, I do it in a way that I'm not in violation of any terms of service -- but the question at hand is what measures can you as an original author put in place to not make it seem to others like you made that derivative?

I can trademark the product so you at least have to change the name.  CDDL would require me to itemize what I changed.  I believe I've seen bsd-style licensing from NIST that essentially says others are forbidden from using their name and/or logo in any way.

Are there any methods beyond trademarking that would be LGPL/GPL compatible?

The desired effect is disassociation so that if a bad actor does comply, it's clearly not harmful to the original author.  If they do not comply, injunctive relief should be trivial.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20160623/fda1e843/attachment.html>

More information about the License-discuss mailing list