O S ! pen

Transcription

O S ! pen

Respecting
Open Source Licenses !
Open Source in Large Companies
Specific Challenges – Re-usable Solutions
Open Source CompLianCe @ Deutsche Telekom
Karsten Reincke
Challenge for Companies
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Xtra Challenge: Maven
Xtra Challenge: AGPL
Summary
Open Source thinks the other way round:
You ever have to know, what you have to do!
(c) K. Reincke, Deutsche Telekom AG - punlished under CC
CC-BY-ND
Nature of Open Source
“PAYING” BY DOING
2014-10-08
2
Solutions @ Telekom
OSL!
R
Xtra Challenge: JS
Summary
“Free
Free Redistribution
The license shall not restrict any party from selling or
giving away the software as a component of an aggregate
software distribution containing programs from several
different sources. The license shall not require a royalty or
other fee for such sale.”
sale
CC-BY-ND
§1 of the Open Source Definition*
2014-10-08
3
OSL!
R
Free Redistribution
Source Code
Derived Works
Integrity of The Author's
Source Code
5. No Discrimination Against
Persons or Groups
6. No Discrimination Against
Fields of Endeavor
7. Distribution of License
8. License Must Not Be
Specific to a Product
9. License Must Not Restrict
Other Software
10. License Must Be
Technology-Neutral
Solutions @ Telekom
Xtra Challenge: JS
Summary
Lizenz
Lizenz
License
1.
2.
3.
4.
OSI
Lizenz
Lizenz
OS-Licence
CC-BY-ND
~
Lizenz
Lizenz
XYZ-Licence
http://opensource.org/osd
OS-Software
XYZ-Software
2014-10-08
4
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Summary
Open Source Initiative maintains the rules:
You ever have to know, what you have to respect!
The world of software licenses
Open Source Initiative
69 OSI approved licenses
OSI
Licence
Review
Process
Process
declare the used declare the used
+ os components os components +
deliver the
deliver the
CDDL
code of the used
code o thef
EPL
os components
used os
EUPL
+
strong OSI approved weak
compodeliver the
LGPL
copycopyAGPL
core
licenses
nents
code of the
left
MPL
left
on-top
permissive
+
GPL
developMsRL
ment
X
BSDBSD-2CL MIT PgL
+
ApacheApache-2.0 MsPL PHPX
PHP-3.0
CC-BY-ND
OSI
Licence
Review
Process
Process
BSDBSD-3CL
declare the used os components + x
open source licenses
http://opensource.org/approval
2014-10-08
5
OSL!
R
69
Solutions @ Telekom
Xtra Challenge: JS
Summary
Open Source Initiative maintains the rules:
You ever have to know, what you have to respect!
>5
> 345
(with respect to
2012-05-11) OSI
certified
‘use’, ‘modify’, ‘distribute’,
‘modify & distribute’,
‘embed’ as
more or less similar
lists of required
actions as
Open Source
Licenses
Open Source Use
Cases
Fulfilling Task
Lists
* http://www.opensource.org/licenses/alphabetical
2014-10-08
CC-BY-ND
6
Solutions @ Telekom
OSL!
Xtra Challenge: JS
Summary
R
Respect the rules and you are allowed to use, to modify, and to distribute …
determine
find
CC-BY-ND
describe
do
2014-10-08
7
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Summary
Respect the rules and you are already allowed to use, to modify, and to distribute the results!
CC-BY-ND
WHO SHALL DO / ENSURE THAT?
WHY is it a challenge for large Companies?
2014-10-08
8
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Summary
Respect the rules and you are already allowed to use, to modify, and to distribute the results!
CC-BY-ND
the larger the company,
the more products,
the more open source software,
the more compliance aspects
the more cost
& the more complexity in the supply chain
2014-10-08
9
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Summary
Open Source Use Cases and the open source supply chain
end user
CC-BY-ND
open source area
of the internet
reseller
supplier
2013-12-05
10
Solutions @ Telekom
OSL!
Open
Source
Review
Board
process
Summary
Solution 1: Centralize an internal team of experts
R
the
Telekom
internal
Xtra Challenge: JS
named the (Telekom) Open Source Review Board
The 6 Steps of Handling an Open Source License Support Request
CaseCase-Analysis
documented
anyone
Support
Request
OSRB
Sponsor
Selection
sponsor
experts
Sponsor
Analysis
fast
Informal
Support
Request
Solution
documented
Open
Discussion
OSRB
Final
Discussion
CC-BY-ND
sponsor
Solution
Transfer
thoroughly
Preliminary
Solution
Statement
Final
Solution
Statement
2014-10-08
11
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Summary
Solution 2: Develop an Open Source License Compendium …
… for enabling the employees to manage the standard cases independently
The free
•
•
•
•
is commonly developable because of its LaTeX/BibTex nature
is publicly hosted as a GitHub project: https://github.com/dtag-dbu/oslic
is licensed under CC BY-SA 3.0 DE
is open to be collaboratively developed together with the community
http://opensource.telekom.net/oslic
oslic
2014-10-08
12
CC-BY-ND
Open Source License
Compendium
Li
Solutions @ Telekom
OSL!
Xtra Challenge: JS
Summary
Solution 3: additionally develop an interactive version
R
… to facilitate the use of the complex rules
The sibling of OSLiC, the
•
•
•
•
is commonly developable: a php / pythonweb application
is publicly hosted as a GitHub project: https://github.com/dtag-dbu/oscad
is licensed under AGPL
is open to be collaboratively developed together with the community
http://opensource.telekom.net/oscad
oscad
demo or die!
2014-10-08
13
CC-BY-ND
Open Source Compliance Advisor
Ad
Solutions @ Telekom
Xtra Challenge: JS
OSL!
Summary
Be invited, be welcome!
R
We want to collaborate.
http://opensource.telekom.net
net/
net
CC-BY-ND
2014-10-08
14
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Summary
Be patient, be realistic!
Sometimes, there is no best way – even in the world of open source software.
CC-BY-ND
Tragedy
what ever you do, it is wrong!
2014-10-08
15
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Summary
Be patient, be realistic!
Sometimes, you have to manage unsolvable challenges
CC-BY-ND
… so, manage your risk!
2014-10-08
16
OSL!
Xtra Challenge: JS
Summary
The tragedy of java script!
An unsolvable challenge and the second best solution.
“jQuery is a fast, small, and feature-rich JavaScript library.
CC-BY-ND
R
Solutions @ Telekom
It makes things like HTML document traversal and manipulation, event
handling, animation, and Ajax much simpler with an easy-to-use API that works
across a multitude of browsers.”
http://jquery.com/
2014-10-08
17
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Summary
CC-BY-ND
2014-10-08
18
Solutions @ Telekom
OSL!
Xtra Challenge: JS
Summary
R
CC-BY-ND
http://jquery.com/download/
compressed (production)
uncompressed (development)
2014-10-08
19
Solutions @ Telekom
OSL!
R
Xtra Challenge: JS
Summary
https://jquery.org/license/
CC-BY-ND
„ […] The above copyright notice and this permission notice
shall be included in all copies or substantial portions of the
Software. […]”
http://opensource.org/licenses/MIT
2014-10-08
20
Solutions @ Telekom
Xtra Challenge: JS
OSL!
Summary
R
CC-BY-ND
no
permission
note !
http://code.jquery.com/jquery-2.1.1.min.js
compressed (production)
http://code.jquery.com/jquery-2.1.1.js
uncompressed (development)
2014-10-08
21
Solutions @ Telekom
OSL!
Xtra Challenge: JS
Summary
R
•
•
Use the libs as they are delivered by the authors
•
Advantage: No unnecessary modification
•
Disadvantage: incompliant use
CC-BY-ND
Expand the code by the parts required by the MIT license
•
Advantage: compliant use
•
Disadvantage: unnecessary modification & traffic load
2014-10-08
22
Solutions @ Telekom
OSL!
Xtra Challenge: JS
Summary
R
We asked the OSI mailing list for guidance
(http://projects.opensource.org/pipermail/licensediscuss/2014-January/001418.html).
CC-BY-ND
We got an answer by Mr. Sullivan, director of the FSF
(http://projects.opensource.org/pipermail/licensediscuss/2014-January/001423.html), stating
•
that even RMS discussed this issue (java script trap) &
•
that even the FSF votes for a link based solution : the
license text is not directly included into the package but
delivered by an extra request..
2014-10-08
23
Solutions @ Telekom
Xtra Challenge: JS
OSL!
Summary
R
We asked the OSI mailing list for guidance [….]
Therefore all pages of
CC-BY-ND
http://opensource.telekom.net/ [ oslic | oscad ]
should contain a link to a page describing the used FLOSS
components and the required information
2014-10-08
24
OSL!
Xtra Challenge: JS
Summary
The tragedy of maven!
“Apache Maven is a software project management and
comprehension tool [for Java development tasks].
CC-BY-ND
R
Solutions @ Telekom
Based on the concept of a project object model (POM), Maven can manage a
project's build, reporting and documentation from a central piece of
information.”
http://maven.apache.org/
2014-10-08
25
Solutions @ Telekom
OSL!
Xtra Challenge: JS
Summary
R
CC-BY-ND
maven pom file
“POM stands for “Project Object Model”. It is an XML
representation of a Maven project held in a file named
pom.xml. [… It] contains configuration files, as well as […]
the project’s dependencies […]” http://maven.apache.org/pom.html
2014-10-08
26
Solutions @ Telekom
Xtra Challenge: JS
OSL!
Summary
R
CC-BY-ND
clean
…
install
Internet
maven pom file
2014-10-08
27
Solutions @ Telekom
OSL!
Xtra Challenge: JS
Summary
R
But then you do not know / consider
•
•
•
from where the packages you use come
their level of quality concerning the OS compliance
their licenses (may be embedded strong copyleft?
2014-10-08
28
CC-BY-ND
Solutions @ Telekom
OSL!
Xtra Challenge: JS
Summary
R
•
Distribute only your source code and the maven pom files
•
•
•
Use maven as it is intended to be used
•
•
•
Advantage: The user has to fulfill the licenses
Disadvantage: not very customer friendly
CC-BY-ND
Advantage: Maven does what otherwise you have to do
Disadvantage: probably incompliant distribution
Close the repository,
repository synch the pom file to the gathered
versions, in all gathered packages add / improve all parts
with respect to the needs of the license
•
•
Disadvantage: you are using maven in the spirit of ant
2014-10-08
29
Solutions @ Telekom
OSL!
Xtra Challenge: JS
Summary
R
•
Distribute only our source code and the maven pom files
•
•
•
•
Advantage:
Advantage The user has to fulfill the licenses
Disadvantage: not very customer friendly
Acceptable: in case of real developer releases (git)
CC-BY-ND
Close our repository, synch our pom file to the gathered
versions, repair all gathered packages that do not fulfill
their own license requirements
•
•
•
Disadvantage: you are using maven in the spirit of ant
Acceptable [?]:
[?]: in case of rarely published binary versions
2014-10-08
30
OSL!
Xtra Challenge: JS
Summary
The tragedy of the AGPL!
The GNU Affero General Public License is the open
source license for cloud software
CC-BY-ND
R
Solutions @ Telekom
It contains nearly the same text like the GPL-3 - except §13, the “Remote
Network Interaction”:
“[…] if you modify the Program, your modified version must prominently offer all
users interacting with it remotely through a computer network […] an
opportunity to receive the Corresponding Source of your version by providing
access to the Corresponding Source from a network server at no charge […]
http://www.gnu.org/licenses/agpl.html §13
2014-10-08
31
OSL!
Xtra Challenge: JS
Summary
(Un)Fortunately, the AGPL3 and the GPL3 are very clear
when they talk about the “Corresponding Source” :
CC-BY-ND
R
Solutions @ Telekom
“The ‘Corresponding Source’ for a work […] means all the source code needed
to generate, install, and (for an executable work) run the object code and to
modify the work, including scripts to control those activities.
However, it does not include the work's System Libraries, or general-purpose
tools or generally available free programs which are used unmodified in
performing those activities but which are not part of the work”.
http://www.gnu.org/licenses/agpl.html §1
2014-10-08
32
Solutions @ Telekom
Xtra Challenge: JS
OSL!
Summary
R
PYTHON LIB
CC-BY-ND
Corresponding
Source
generally available free programs which are
used unmodified in performing those
activities but which are not part of the work
System Libraries & general-purpose tools
2014-10-08
33
Solutions @ Telekom
Xtra Challenge: JS
OSL!
Summary
R
•
•
Deliver OSCAd and a complete python distribution
•
•
Disadvantage: impracticable scope
CC-BY-ND
Deliver only OSCAd
•
Advantage: a practicable scope
•
Disadvantage: incompliant use
2014-10-08
34
Solutions @ Telekom
Xtra Challenge: JS
OSL!
Summary
R
•
We declared that in OSCAd 2.0 the AGPL does not cover
the (basic) python script libraries
•
We could do that because we are
•
the initial authors
•
the copyright owners
CC-BY-ND
2014-10-08
35
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Summary
Tragedies of Open Source …
… can nevertheless be managed.
CC-BY-ND
2014-10-08
36
OSL!
R
Solutions @ Telekom
Xtra Challenge: JS
Summary
Be invited, be welcome!
We want to collaborate.
CC-BY-ND
Many thanks for your time and attention!
[email protected]
http://www.oslic.org/
2014-10-08
37
OSL!
R
•
•
•
•
•
•
•
Solutions @ Telekom
Xtra Challenge: JS
Summary
references!
for using elements compliantly.
pictures of owls (public domain):
• https://openclipart.org/detail/168873/owl-with-ebook-reader-by-bocian
• https://openclipart.org/detail/168877/owl-with-notebook-by-bocian
• https://openclipart.org/detail/168872/owl-with-derby-by-bocian
parthenon icon (public domain): http://www.clker.com/clipart-250347.html
tragedy mask (public domain):
• https://openclipart.org/detail/181406/tragic-mask-by-liftarn-181406
• https://openclipart.org/detail/184850/comedy-and-tragedy-by-arvin61r58-184850
computer icons (public domain):
• https://openclipart.org/detail/171422/server---linux-by-cyberscooty-171422
• https://openclipart.org/detail/166823/modern-desktop-by-gsagri
• https://openclipart.org/detail/198693/mono_text_block-by-dannya
• https://openclipart.org/detail/197312/mono_javascript-by-dannya
MIT license logo :- http://opensourcetoday.org/wp-content/uploads/2014/02/256px-License_icon-mit.svg_.png
File icons(public domain):
• https://openclipart.org/detail/25559/JAVA-by-Andy
g
2014-10-08
CC-BY-ND
38

O S ! pen

Transcription

Similar documents

May 2015 - The Ulysses Club of New Zealand

Letter supporting Manukau petition re. Cell Phone Towers

ThyssenKrupp Aufzüge: Reference Galeria Mokotów, Warsaw

TOPS newsletter - May09

Huawei D51 Discovery Expedition

SMARTMEDIC XTRA + SMARTMEDIC ENHANCER

Lesbian love story gone very, very wrong | Daily Xtra

Account partner Inđija, Stara Pazova, Nova Pazova

Plant Hire Insurance Advert

December 2013 Newsletter