[License-discuss] [Non-DoD Source] Re: OSI equivalent

Karan, Cem F CIV USARMY RDECOM ARL (US) cem.f.karan.civ at mail.mil
Wed Feb 15 19:58:03 UTC 2017


Got it.  Thank you!  The URL will be helpful in this case then.

Thanks,
Cem Karan

> -----Original Message-----
> From: License-discuss [mailto:license-discuss-bounces at opensource.org] On Behalf Of Kevin Fleming
> Sent: Wednesday, February 15, 2017 2:05 PM
> To: license-discuss at opensource.org
> Subject: Re: [License-discuss] [Non-DoD Source] Re: OSI equivalent
> 
> All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links
> contained within the message prior to copying and pasting the address to a Web browser.
> 
> 
> ________________________________
> 
> 
> 
> I see the image in his email, so it was indeed sent out by the list server. It must have been eaten by something on your end, unfortunately.
> It might be best to send a URL to where it can be found instead.
> 
> 
> On Wed, Feb 15, 2017 at 10:35 AM, Karan, Cem F CIV USARMY RDECOM ARL (US) <cem.f.karan.civ at mail.mil < Caution-
> mailto:cem.f.karan.civ at mail.mil > > wrote:
> 
> 
> 	> -----Original Message-----
> 	> From: License-discuss [Caution-mailto:license-discuss-bounces at opensource.org < Caution-mailto:license-discuss-
> bounces at opensource.org > ] On Behalf Of Christopher Sean Morrison
> 	> Sent: Wednesday, February 15, 2017 1:06 PM
> 	> To: License Discussion Mailing List <license-discuss at opensource.org < Caution-mailto:license-discuss at opensource.org > >
> 	> Subject: [Non-DoD Source] Re: [License-discuss] OSI equivalent
> 	>
> 	>       On Feb 15, 2017, at 11:58 AM, Karan, Cem F CIV USARMY RDECOM ARL (US) <cem.f.karan.civ at mail.mil < Caution-
> mailto:cem.f.karan.civ at mail.mil >  < Caution-
> 	> Caution-mailto:cem.f.karan.civ at mail.mil < Caution-mailto:cem.f.karan.civ at mail.mil >  > > wrote:
> 	>
> 	>       Does OSI have a license compatibility chart for the various approved licenses?
> 	>       Something similar to Caution-Caution-https://www.gnu.org/licenses/license-list.html < Caution-
> https://www.gnu.org/licenses/license-list.html >  < Caution-Caution-https://www.gnu.org/licenses/license- < Caution-
> https://www.gnu.org/licenses/license- >
> 	> list.html >  ?  Our
> 	>       researchers are pulling in code from all kinds of sources, and we want to keep
> 	>       them out of legal hot water, and a compatibility chart would be helpful for
> 	>       this.
> 	>
> 	>
> 	>
> 	>
> 	> Hi Cem,
> 	>
> 	> There are a variety out on the web but nothing officially sanctioned because the devil is in the details when you talk about
> compatibility.
> 	> It depends heavily on whether you are integrating, modifying, or simply using (unmodified) the 3rd party code.  Creating a
> combined work
> 	> is not necessarily the same as creating a derivative work is not the same as just linking against something.  There are different
> 	> compatibility concerns with each.
> 	>
> 	> For example, I can create an LGPL program that uses an Apache 2.0 library just fine, and distribute it as a combined work
> without too
> 	> much concern.  I can also create an Apache 2.0 program that links to an LGPL library, but I’d have to be more careful with how
> the LGPL
> 	> library is linked (assuming there is no link exception granted) and used — no muddling of the code waters or my program
> becomes LGPL
> 	> too.  It’s a fair bit more complex with the strongly protective / viral licenses.
> 	>
> 	> The attached image by Dr. David Wheeler (renowned Mil-OSS security researcher) is a reasonable starting point that you can
> find readily
> 	> around the web in various forms.  The flow diagram is basically describing code compatibility in the most general terms, about
> how/where
> 	> code can migrate and/or be relicensed.  E.g., I can’t take an MIT code and distribute it as public domain; but I can take a public
> domain
> 	> code and distribute it as MIT.  Note it’s NOT referring to simple usage or linking, otherwise it might falsely lead you to think you
> can’t link
> 	> against an Apache 2.0 library in a GPLv2 work.
> 	>
> 	> Cheers!
> 	> Sean
> 
> 	I was afraid of that... and so is our Legal department :(.  We want to issue good general guidance to everyone in our workforce,
> but at the moment that appears to be 'go talk with Legal'.
> 
> 	As for the image by Dr. Wheeler, it doesn't seem to have come through; can you try resending it?
> 
> 	Thanks,
> 	Cem Karan
> 
> 	_______________________________________________
> 	License-discuss mailing list
> 	License-discuss at opensource.org < Caution-mailto:License-discuss at opensource.org >
> 	Caution-https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss < Caution-https://lists.opensource.org/cgi-
> bin/mailman/listinfo/license-discuss >
> 
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6419 bytes
Desc: not available
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20170215/918af897/attachment.p7s>


More information about the License-discuss mailing list