[License-discuss] [Non-DoD Source] Re: OSI equivalent

Karan, Cem F CIV USARMY RDECOM ARL (US) cem.f.karan.civ at mail.mil
Wed Feb 15 18:35:27 UTC 2017


> -----Original Message-----
> From: License-discuss [mailto:license-discuss-bounces at opensource.org] On Behalf Of Christopher Sean Morrison
> Sent: Wednesday, February 15, 2017 1:06 PM
> To: License Discussion Mailing List <license-discuss at opensource.org>
> Subject: [Non-DoD Source] Re: [License-discuss] OSI equivalent
> 
> 	On Feb 15, 2017, at 11:58 AM, Karan, Cem F CIV USARMY RDECOM ARL (US) <cem.f.karan.civ at mail.mil < Caution-
> mailto:cem.f.karan.civ at mail.mil > > wrote:
> 
> 	Does OSI have a license compatibility chart for the various approved licenses?
> 	Something similar to Caution-https://www.gnu.org/licenses/license-list.html < Caution-https://www.gnu.org/licenses/license-
> list.html >  ?  Our
> 	researchers are pulling in code from all kinds of sources, and we want to keep
> 	them out of legal hot water, and a compatibility chart would be helpful for
> 	this.
> 
> 
> 
> 
> Hi Cem,
> 
> There are a variety out on the web but nothing officially sanctioned because the devil is in the details when you talk about compatibility.
> It depends heavily on whether you are integrating, modifying, or simply using (unmodified) the 3rd party code.  Creating a combined work
> is not necessarily the same as creating a derivative work is not the same as just linking against something.  There are different
> compatibility concerns with each.
> 
> For example, I can create an LGPL program that uses an Apache 2.0 library just fine, and distribute it as a combined work without too
> much concern.  I can also create an Apache 2.0 program that links to an LGPL library, but I’d have to be more careful with how the LGPL
> library is linked (assuming there is no link exception granted) and used — no muddling of the code waters or my program becomes LGPL
> too.  It’s a fair bit more complex with the strongly protective / viral licenses.
> 
> The attached image by Dr. David Wheeler (renowned Mil-OSS security researcher) is a reasonable starting point that you can find readily
> around the web in various forms.  The flow diagram is basically describing code compatibility in the most general terms, about how/where
> code can migrate and/or be relicensed.  E.g., I can’t take an MIT code and distribute it as public domain; but I can take a public domain
> code and distribute it as MIT.  Note it’s NOT referring to simple usage or linking, otherwise it might falsely lead you to think you can’t link
> against an Apache 2.0 library in a GPLv2 work.
> 
> Cheers!
> Sean

I was afraid of that... and so is our Legal department :(.  We want to issue good general guidance to everyone in our workforce, but at the moment that appears to be 'go talk with Legal'.  

As for the image by Dr. Wheeler, it doesn't seem to have come through; can you try resending it?

Thanks,
Cem Karan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6419 bytes
Desc: not available
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20170215/49b4eedd/attachment.p7s>


More information about the License-discuss mailing list