[License-discuss] [Non-DoD Source] Re: OSI equivalent

Kevin Fleming kevin+osi at kpfleming.us
Wed Feb 15 19:05:16 UTC 2017


I see the image in his email, so it was indeed sent out by the list server.
It must have been eaten by something on your end, unfortunately. It might
be best to send a URL to where it can be found instead.

On Wed, Feb 15, 2017 at 10:35 AM, Karan, Cem F CIV USARMY RDECOM ARL (US) <
cem.f.karan.civ at mail.mil> wrote:

> > -----Original Message-----
> > From: License-discuss [mailto:license-discuss-bounces at opensource.org]
> On Behalf Of Christopher Sean Morrison
> > Sent: Wednesday, February 15, 2017 1:06 PM
> > To: License Discussion Mailing List <license-discuss at opensource.org>
> > Subject: [Non-DoD Source] Re: [License-discuss] OSI equivalent
> >
> >       On Feb 15, 2017, at 11:58 AM, Karan, Cem F CIV USARMY RDECOM ARL
> (US) <cem.f.karan.civ at mail.mil < Caution-
> > mailto:cem.f.karan.civ at mail.mil > > wrote:
> >
> >       Does OSI have a license compatibility chart for the various
> approved licenses?
> >       Something similar to Caution-https://www.gnu.org/
> licenses/license-list.html < Caution-https://www.gnu.org/licenses/license-
> > list.html >  ?  Our
> >       researchers are pulling in code from all kinds of sources, and we
> want to keep
> >       them out of legal hot water, and a compatibility chart would be
> helpful for
> >       this.
> >
> >
> >
> >
> > Hi Cem,
> >
> > There are a variety out on the web but nothing officially sanctioned
> because the devil is in the details when you talk about compatibility.
> > It depends heavily on whether you are integrating, modifying, or simply
> using (unmodified) the 3rd party code.  Creating a combined work
> > is not necessarily the same as creating a derivative work is not the
> same as just linking against something.  There are different
> > compatibility concerns with each.
> >
> > For example, I can create an LGPL program that uses an Apache 2.0
> library just fine, and distribute it as a combined work without too
> > much concern.  I can also create an Apache 2.0 program that links to an
> LGPL library, but I’d have to be more careful with how the LGPL
> > library is linked (assuming there is no link exception granted) and used
> — no muddling of the code waters or my program becomes LGPL
> > too.  It’s a fair bit more complex with the strongly protective / viral
> licenses.
> >
> > The attached image by Dr. David Wheeler (renowned Mil-OSS security
> researcher) is a reasonable starting point that you can find readily
> > around the web in various forms.  The flow diagram is basically
> describing code compatibility in the most general terms, about how/where
> > code can migrate and/or be relicensed.  E.g., I can’t take an MIT code
> and distribute it as public domain; but I can take a public domain
> > code and distribute it as MIT.  Note it’s NOT referring to simple usage
> or linking, otherwise it might falsely lead you to think you can’t link
> > against an Apache 2.0 library in a GPLv2 work.
> >
> > Cheers!
> > Sean
>
> I was afraid of that... and so is our Legal department :(.  We want to
> issue good general guidance to everyone in our workforce, but at the moment
> that appears to be 'go talk with Legal'.
>
> As for the image by Dr. Wheeler, it doesn't seem to have come through; can
> you try resending it?
>
> Thanks,
> Cem Karan
>
> _______________________________________________
> License-discuss mailing list
> License-discuss at opensource.org
> https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20170215/199bbf84/attachment.html>


More information about the License-discuss mailing list