<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Georgia;
panose-1:2 4 5 2 5 4 5 2 3 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri",sans-serif;
color:black;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle20
{mso-style-type:personal;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1153794026;
mso-list-type:hybrid;
mso-list-template-ids:560074996 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:?;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:?;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:?;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:?;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:?;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:?;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='font-size:12.0pt'>Responding to Nigel Tzeng's concerns (below) about source and object code:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt'>There is perhaps a smaller risk that someone will make a derivative work of Apache software entirely by accident from the binary alone without looking for the source code (and finding it) posted on the web. But just in case, for that reason and many others, seeking legal review first for a commercial product is a great idea before even attempting <u>any</u> derivative work. <br><br>Important derivative works of software are not accidental.<br><br>Enforcing compliance with licenses and copyright law requires legal review even for FOSS licenses that Apache lists in Category A. I know that because I wrote one of those OSI-approved and Apache-approved and FSF-approved FOSS licenses (AFL 3.0) that imposes important (non-reciprocal) conditions on both copies and derivative work. So do many other FOSS licenses in all Apache's "categories." For both binaries and source code. Caveat emptor. Caveat derivator.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt'>/Larry<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt'>P.S. Nigel is correct. I meant EPL not ECL. I write too fast....<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='margin-left:.5in'><b>From:</b> Tzeng, Nigel H. [mailto:Nigel.Tzeng@jhuapl.edu] <br><b>Sent:</b> Thursday, August 20, 2015 4:36 PM<br><b>To:</b> Lawrence Rosen <lrosen@rosenlaw.com>; license-discuss@opensource.org<br><b>Subject:</b> Re: [License-discuss] Category "B" licenses at Apache<o:p></o:p></p></div></div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'>Larry,<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'>Please note that ECL is an OSI approved license based on Apache and not Eclipse. Using ECL in the same sentence as MPL is mildly confusing even when you (re)define the acronym in the previous paragraph when using EPL would be more clear.<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'>As far as differentiating between source and object code I believe that the Apache statement for category B licenses is correct. The "exposed surface area" at risk IS much lower than if source was available inside the Apache project as a default. You are under license obligation if you cut and paste from these EPL/MPL/etc source files and since the source files are not present you can’t accidentally do so without explicitly getting that source from somewhere. By making that an extra step Apache is reducing the risk of an accidental copyright violation. <o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'>Without the source files you also can't easily modify the MPL/etc work for which the modified source must be provided by you instead of just pointing upstream to some place the original source can be found. <o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'>Whether or not the binary and source are considered the same work under copyright is immaterial…distributing only the binary format reduces the risk of accidental violations for code licensed under some, if not all, weak copyleft licenses by eliminating/reducing some of the most common opportunities for making a mistake.<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'>It strikes me that this is a pragmatic and useful risk reduction strategy in handling weak copyleft code within ALv2 projects that helps protect both maintainers and users of the Apache product.<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'>Apache should probably provide that source separately as a matter of policy for handling category B licensed components rather than just point upstream to a source that could disappear a few years down the road. There’s a bit of orphaned java code out there where the original projects and their repos have disappeared.<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'>Maybe Apache does but it’s not explicitly written in the FAQ to do anything but include the URL to the product’s homepage where presumably the source is available. Maybe I read that part wrong or there is a more exhaustive checklist somewhere else of what the Apache project needs to do when using Category B components.<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'>Regards,<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'>Nigel<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'><o:p> </o:p></span></p></div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='margin-left:.5in'><b><span style='color:black'>From: </span></b><span style='color:black'>License-discuss <<a href="mailto:license-discuss-bounces@opensource.org">license-discuss-bounces@opensource.org</a>> on behalf of Lawrence Rosen <<a href="mailto:lrosen@rosenlaw.com">lrosen@rosenlaw.com</a>><br><b>Reply-To: </b>Lawrence Rosen <<a href="mailto:lrosen@rosenlaw.com">lrosen@rosenlaw.com</a>>, License Discuss <<a href="mailto:license-discuss@opensource.org">license-discuss@opensource.org</a>><br><b>Date: </b>Monday, August 17, 2015 at 3:20 PM<br><b>To: </b>License Discuss <<a href="mailto:license-discuss@opensource.org">license-discuss@opensource.org</a>><br><b>Subject: </b>[License-discuss] Category "B" licenses at Apache<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.5pt;color:black'><o:p> </o:p></span></p></div><div><div><p class=MsoPlainText style='margin-left:.5in'>An Apache member wrote that this ASF license objective is firmly held: To allow our customers to "redistribute with closed-source modifications."<o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'> <o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'>That objective remains completely and always enforceable for ALv2 code. It is not enforceable for Eclipse (ECL) components or MPLv2 components. <o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'> <o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'>These are two different but entirely valid ways to FOSS. Reciprocity is a license condition for some FOSS licenses. There is nothing evil in that. It is always an author's prerogative to choose her FOSS license. <o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'> <o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'>None of the companies in Eclipse Foundation have any objection whatsoever (that I've heard) to the inclusion of ECL and MPLv2 components into Apache aggregations. Indeed, they collectively and enthusiastically create such valuable FOSS components for that very purpose. They include them in their own products.<o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'> <o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'>So is the objective "to redistribute with closed-source modifications" intended to describe an actual Apache concern, or a religious objection to all reciprocal licenses? Certainly not the latter! <o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'> <o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'>According to the current <a href="http://www.apache.org/legal/resolved.html">Apache Third Party License Policy</a>, ASF doesn't really object to these reciprocal FOSS licenses; they are handled as exceptions. In the Policy "t<span style='color:#333333;background:white'>his is colloquially known as the<span class=apple-converted-space> </span><em><span style='font-family:"Calibri",sans-serif'>Category B</span></em><span class=apple-converted-space> </span>list." </span><o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'><span style='font-size:10.5pt;font-family:"Georgia",serif;color:#333333;background:white'> </span><o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'><span style='font-size:10.5pt;font-family:"Georgia",serif;color:#333333;background:white'>But then that Policy makes the following strange explanation for Category B and its enforcement conditions at ASF: <i>"By including only the object/binary form, there is less exposed surface area of the third-party work from which a work might be derived; this addresses the second guiding principle of this policy."</i></span><o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'><span style='font-size:10.5pt;font-family:"Georgia",serif;color:#333333;background:white'> </span><o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'>That "object/binary form" requirement and the reference to "exposed surface area" in the Policy are nonsense. I repeat three statements I made here previously:<o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'> <o:p></o:p></p><p class=MsoPlainText style='margin-left:1.0in;text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span style='font-family:Symbol'><span style='mso-list:Ignore'>?<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]>The binary and source forms of a work are, from a copyright perspective, the exact same work subject to the exact same FOSS license. Stop wasting time trying to distinguish them legally.<o:p></o:p></p><p class=MsoPlainText style='margin-left:1.0in;text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span style='font-family:Symbol'><span style='mso-list:Ignore'>?<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]>Apache is committed to FOSS. For that reason, we should always publish source code. Binaries are a convenience for our customers published by our projects, but never without source code.<o:p></o:p></p><p class=MsoPlainText style='margin-left:1.0in;text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span style='font-family:Symbol'><span style='mso-list:Ignore'>?<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]>Our failure, or our customer's failure, to make that source code available (including of course any ALv2 code) and copies of all relevant licenses, is a probable breach of license and possible copyright infringement. All modern technology companies understand that about FOSS and copyright law.<o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'><span style='font-size:10.5pt;font-family:"Georgia",serif;color:#333333;background:white'> </span><o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'><span style='color:#333333;background:white'>The "second guiding principle" referred to in the current Apache Policy is this:</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.75in;line-height:15.0pt;background:white'><span style='color:#333333'>2. The license must not place restrictions on the distribution of independent works that simply use or contain the covered work.</span><span style='color:black'><o:p></o:p></span></p><p class=MsoPlainText style='margin-left:.5in'>This accurately and precisely refers to "independent works" and not "derivative works." Reciprocity has nothing to do with independent works. Every FOSS license (except perhaps under the GPL "static linking" doctrine) satisfies this second guiding principle. See OSD.<o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'> <o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'>/Larry<o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'> <o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'>P.S. I don't know if this message will survive legal-discuss@ list moderation, so I intend to send it onto other lists. All quotations are from <u>public</u> ASF lists.<o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'> <o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'>Lawrence Rosen<o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'>"If this were legal advice it would have been accompanied by a bill."<o:p></o:p></p><p class=MsoPlainText style='margin-left:.5in'> <o:p></o:p></p></div></div></div></body></html>