[License-discuss] open source licenses addressing malicious derivatives

Henrik Ingo henrik.ingo at avoinelama.fi
Thu Jun 23 18:27:47 UTC 2016

Hi Christopher

You might want to read up on Mozilla for this topic. They run an unusually
thight trademark enforcement regime, precisely for this reason. Basically,
the source code is open source, but you cannot leave any user visible
traces of their trademark if you add even the smallest change.

Red Hat Enterprise Linux has a similarly thight trademark policy for
commercial reasons. You can copy it, but trademark must be removed. (So for
example, even in documentation, CentOS might refer pseudonymously to
"upstream vendor".)

In short, trademark is commonly used for this purpose, while licensing not
so much. Since trademark rights are quite independent of copyrights, this
is also GPL, etc... compatible, since there are no restrictions on the
code, you're just protecting your name and reputation.


On Wed, Jun 22, 2016 at 11:40 PM, Christopher Sean Morrison <brlcad at mac.com>

> Is there any OSI-approved license that provides injunctive relief to an
> original author in the situation of a bad actor creating a damaging
> derivative?  To figure this out, I’ve been researching and trying to sort
> out:
> 1) which existing OSI-approved licenses impose derivative requirements
> (e.g., such that others must rename, that changes must be itemized, etc)
> and,
> 2) whether such a requirement makes the license de facto
> GPL/LGPL-incompatible?
> For #1, I know CDDL has a required notice of authorship of modifications
> but didn’t see anything else at least amongst the popular licenses.  I know
> that license+trademark protection is the primary method for several notable
> open source products (e.g., Firefox), but getting an injunction solely on
> failing to announce modifications seems weak.
> I think the answer to #2 is “probably”, as anything that would hold up in
> court would likely be an additional requirement, forbidden by the GNUs, but
> would appreciate any insights.
> The backdrop for this is an author reasonably going to court and obtaining
> injunctive relief should some bad actor distribute a derivative that was
> specifically designed to cause some surreptitious harm to the original
> author.  Not just a hypothetical case.
> Consider governmental actors where the outcome is political or newsworthy
> in nature.  State Agency embraces open source, releases “State Agency's
> Super Something Yellow”.  Bad actor modifies and gets a bad SASSY into the
> marketplace.  Is there anything outside of trademark registration that
> would help State Agency save face and/or get injunctive relief more easily?
> Cheers!
> Sean
> _______________________________________________
> License-discuss mailing list
> License-discuss at opensource.org
> https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss

henrik.ingo at avoinelama.fi
+358-40-5697354        skype: henrik.ingo            irc: hingo

My LinkedIn profile: http://fi.linkedin.com/pub/henrik-ingo/3/232/8a7
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20160623/5bcdf341/attachment.html>

More information about the License-discuss mailing list