[License-discuss] open source licenses addressing malicious derivatives

Christopher Sean Morrison brlcad at mac.com
Fri Jul 15 17:02:29 UTC 2016 

Hi Henrik,

Thanks for the inputs.  I have been trying to make the case that trademark is adequate to address injunctive relief needs, but needed to survey the landscape of alternative possibilities (and their downsides).  As it is, the best defensive argument is looking to be license compatibility.

As far as I know, there are few OSI licenses not based on copyright (e.g., NOSA and the new FPL).  For Gov’t authors lacking US copyright protection, the question may end up being whether one of the existing is adequate or whether a new one must be drafted for OSI consideration.  For major codes needing indemnification protection, that minority could rely on trademark.

Cheers!
Sean


> On Jun 23, 2016, at 2:27 PM, Henrik Ingo <henrik.ingo at avoinelama.fi> wrote:
> 
> Hi Christopher
> 
> You might want to read up on Mozilla for this topic. They run an unusually thight trademark enforcement regime, precisely for this reason. Basically, the source code is open source, but you cannot leave any user visible traces of their trademark if you add even the smallest change.
> 
> Red Hat Enterprise Linux has a similarly thight trademark policy for commercial reasons. You can copy it, but trademark must be removed. (So for example, even in documentation, CentOS might refer pseudonymously to "upstream vendor".)
> 
> In short, trademark is commonly used for this purpose, while licensing not so much. Since trademark rights are quite independent of copyrights, this is also GPL, etc... compatible, since there are no restrictions on the code, you're just protecting your name and reputation.
> 
> henrik
> 
> On Wed, Jun 22, 2016 at 11:40 PM, Christopher Sean Morrison <brlcad at mac.com <mailto:brlcad at mac.com>> wrote:
> Is there any OSI-approved license that provides injunctive relief to an original author in the situation of a bad actor creating a damaging derivative?  To figure this out, I’ve been researching and trying to sort out:
> 
> 1) which existing OSI-approved licenses impose derivative requirements (e.g., such that others must rename, that changes must be itemized, etc) and,
> 
> 2) whether such a requirement makes the license de facto GPL/LGPL-incompatible?
> 
> For #1, I know CDDL has a required notice of authorship of modifications but didn’t see anything else at least amongst the popular licenses.  I know that license+trademark protection is the primary method for several notable open source products (e.g., Firefox), but getting an injunction solely on failing to announce modifications seems weak. 
> 
> I think the answer to #2 is “probably”, as anything that would hold up in court would likely be an additional requirement, forbidden by the GNUs, but would appreciate any insights.
> 
> The backdrop for this is an author reasonably going to court and obtaining injunctive relief should some bad actor distribute a derivative that was specifically designed to cause some surreptitious harm to the original author.  Not just a hypothetical case.
> 
> Consider governmental actors where the outcome is political or newsworthy in nature.  State Agency embraces open source, releases “State Agency's Super Something Yellow”.  Bad actor modifies and gets a bad SASSY into the marketplace.  Is there anything outside of trademark registration that would help State Agency save face and/or get injunctive relief more easily?
> 
> Cheers!
> Sean
> 
> 
> _______________________________________________
> License-discuss mailing list
> License-discuss at opensource.org <mailto:License-discuss at opensource.org>
> https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss <https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss>
> 
> 
> 
> 
> -- 
> henrik.ingo at avoinelama.fi <mailto:henrik.ingo at avoinelama.fi>
> +358-40-5697354        skype: henrik.ingo            irc: hingo
> www.openlife.cc <http://www.openlife.cc/>
> 
> My LinkedIn profile: http://fi.linkedin.com/pub/henrik-ingo/3/232/8a7 <http://fi.linkedin.com/pub/henrik-ingo/3/232/8a7>_______________________________________________
> License-discuss mailing list
> License-discuss at opensource.org
> https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20160715/862f812c/attachment.html>

More information about the License-discuss mailing list