Book Review: Understanding Open Source and Free Software Licensing
Understanding Open Source and Free Software Licensing. By Andrew M. St. Laurent, O'Reilly Media, 2004, 208 pages, ISBN 978-0596005818
The picture on the cover of Understanding Open Source & Free Software Licensing by Andrew M. St. Laurent is a 19th century engraving of a shootout at a railway in the American West. What early conclusions should we draw from that less than innocent image? Leaving aside men with guns in the Wild West, Understanding Open Source is an in-depth study of software licences commonly used with the release of open source or free (as in speech) software. The book is written by a US lawyer but not necessarily for lawyers (though I am certain there are lawyers who would benefit from reading this work) nor just for US citizens (ditto).
There are over fifty approved licences listed by the Open Source Initiative (OSI) , together with a review process for further licences. Clearly, it would be a work of weight (and dare I say not terribly interesting) that examined each one in detail. A quick look at SourceForge.net, home to the largest number of open source software projects , reveals projects to have been licensed under most of the OSI-approved licences with by far the most popular being the GNU General Public License (GPL) (41067 projects), GNU Library or Lesser General Public License (LGPL) (6596 projects), and Berkeley Software Distribution (BSD) License (4271 projects). The Apache Software License, the Artistic License, and MIT License all have in the region of 750-1500 projects each. Following this pattern Understanding Open Source provides a close reading of these together with the Academic Free License and Mozilla Public License.
In addition to the software licences, St. Laurent has included a chapter dedicated to the QT, Artistic and Creative Commons licences and a further chapter on non-OSS licences which incorporate some OSS-like elements. The latter mainly comprise the Sun Community Source licence  and the Microsoft Shared Source Initiative. However, Microsoft's contribution is only discussed briefly and cast aside as, 'it is, at least at this time, little more than a branded extension of Microsoft's current commercial licensing practices' (p.145).
The bulk of the book, therefore, deals with individual licences (four chapters out of seven) with the remaining three chapters providing: a basic overview of copyright, licences in general and the definition of open source; the legal implications of entering into software contracts based on open source/free software; and finally, a chapter dedicated to issues particular to software development.
I approached Understanding Open Source as Co-ordinator of the Research Technologies Service (RTS) , a section which contains a significant number of projects piloting new technologies and which has a commitment to open standards and the appropriate use of open source software. Of course, I should note that the RTS (as are others in a similar position within the UK) are ably assisted by OSS Watch , the JISC-funded open source software advisory service, in our decision-making concerning the development and deployment of open source software. There still remains the need, however, for detailed guidance on single issues, which is what this book aims to do for licensing.
Given that the audience of the book is not necessarily lawyers, I also approached it with three questions which are based on actual cases recently encountered:
- A nationally-funded project states that it will release software outputs as open source. But under which licence? 
- A company producing 'closed source' software wishes to include material from the aforementioned project within one of its products. What does it need to know to make that decision?
- A university computing department selects an open source product for one of its enterprise systems and intends to modify the code for its own needs. What might its obligations be in this regard?
- Oh, and finally, Understanding Open Source & Free Software Licensing is licensed under the Creative Commons Attribution-NoDerivs License 2.0. What does this mean for me the reader?
There are some caveats with this approach. First, as with many such questions the initial answer is always going to be 'it depends'. But at least having an overview of the dependencies is useful. Secondly, even if you do work out an answer, don't always expect absolute truth. Licences, like the Bible, may give the impression of having been God-given but actually they're the work of human hands, attempting to disambiguate language in order to convey common meaning, but often failing. In which circumstance the lawyers will often direct us towards that other semi-divine institution, the judgement of the courts. And it is the court which will ultimately interpret its meaning in law. This applies as much to the use of licences or contracts originally developed in the US (as most open source licences are) - and used within the UK - as it does to licences written with English law in mind.
It is not the purpose of this review to provide the answers to any of the above questions, but rather to give the reader some sense of whether the book under review will help to provide the answers.
Start at the end of the book if you are trying to choose an open source licence. Sections in chapter 6, on the legal impacts, outline some of the issues particular to open source/free software licensing (e.g. Violation of a licence risks nullifying any benefits accrued from improving licensed code; or how to join together material from two or more programs released under different licences). Chapter 7 provides a relatively brief discussion of the issues inherent in open source licences relating to software development, including a section on the risks and opportunities of project forking and an outline of the nature of the choices faced by a project manager or software developer. Perhaps, not unexpectedly (and in keeping with the no-easy-answers theme): the conclusion drawn is that 'while a certain license is the best for a given project, particularly when a substantial amount of work has already been done under that license, such decisions depend largely on circumstance and on the taste of the project developer' (p.176). Elsewhere, it's noted that the taste might not always be pragmatic, 'The thesis is that the licensor's choice to use the GPL license is, in some sense, a political one, and that choice should be protected and defended against encroachment' (p.45 on § 7 of the GPL). However, a deeper consideration of rights management within a software development environment would have been useful at this point.
Having to proceed to the end of the book is a symptom of the book's format which does not lend itself to such linear decision-making. The detailed commentary on each of the selected licences is useful if you already have an idea of which licence you wish to employ for your own software (or have modified and plan to distribute an already-existing open source application) and wish to understand the implications of a particular clause. However, if you are still at an earlier point in the decision-making process then the inclusion of a flowchart would have been helpful in order that a project, for example, might determine answers to some of the more basic questions, e.g. Who actually owns the software in whole or part -- you, your employer, a consortium? Are you sure you know? Is the software wholly original or derivative in part or whole? Do you care if others modify and re-distribute the software under a different licence, even a closed licence? What disclaimers of liability or warranty do you want or are permitted to include? How much of this would you be prepared to stand up and claim in court? Having answers to starter questions such as these are crucial to both the development of software in an open source context or the modification and distribution of someone else's open source software.
Commentary on complex and often misunderstood licences like the GPL and LGPL, for example, is as clear as one could expect. As with many attempts to explain legal clauses for the general reader there is always a risk that one over-burdened sentence is replaced by a paragraph equally weighty in meaning. Whilst some of the commentary suffers from not enough re-writing in simple terms, the author himself, fortunately, does not hold back from drawing attention to inconsistencies or ambiguity within a licence. For example, on the Academic Free License, 'There are problems with this first sentence. First, it is not immediately clear that the licensor intends that the provisions of this license also govern the derivative works created by the licensee and derivative works created by the licensee's licensees and so forth' (p.27). Or, concerning the LGPL, 'This bar on the creation of derivative works other than libraries from LGPL-licensed works makes the LGPL essentially useless as a license for such works. Creators of such works should look to the GPL or another open source license' (p.53). Or, finally, the Mozilla Public License 1.1, 'As with many provisions of this license, its [§3.4(c)] legal effects are unclear at best' (p.72).
Knowing the substantial differences between the licensing models helps to answer the second question relating to inclusion of material from open source software within a 'closed' or proprietary package. Clearly the company needs to read the terms of the licence. For example, what may be permitted in the BSD and Apache licences (so long as the copyright notices are reproduced) becomes somewhat more complicated in the GPL or LGPL where the meaning of 'to include material' is crucial (perhaps it's actually 'mere aggregation' or a 'linked' software library). The author is also eager to dispel myths on this subject, 'Contrary to the beliefs of some, the GPL does not require that software running on a GPL-licensed operating system be licensed under the GPL' (p.82). (As he notes elsewhere, the GPL is not contagious like a cold. Software doesn't catch it by mere proximity - it needs to derived from or integrated with GPL-licensed code.)
Finally, there is a section within the book which discusses the Creative Commons licences which although not intended for software, certainly draw upon the open source way of life . By comparison, the Creative Commons licences are models of clarity (and also probably the only open source-like licence to have a version adapted for UK usage ). It happens that the entire Understanding Open Source & Free Software Licensing is licensed under the Creative Commons Attribution-NoDerivs License. The commentary in the body of the book relates to the 'Attribution-ShareAlike' 1.0/2.0 version of the licence. However, the 'Attribution-NoDeriv[ative]s' version is reproduced as an appendix. As you may imagine this neatly answers my final question and clarifies the rights I have:
- to copy, distribute, display and perform the work
- to make commercial use of the work
- but not to alter, transform or build upon the work
while at all times giving the original author credit and making clear the terms of the licence in any subsequent distribution.
Understanding Open Source is a text-rich work. There are no attempts to visualise the issues through any other means than writing about it. The use of comparative tables, flowcharts and other illustrations would have helped mitigate the risk of missing an important observation simply because it was buried in the discussion of section 2.1(b) of a licence in which you assumed you had no interest. Having said that, making the effort to read the book in a linear fashion before using it as a reference work certainly increased my understanding of the practical implications of the freedoms and benefits granted under open source/free licences. I can certainly recommend this book to anyone who has a responsibility for reading software licence agreements whether prior to clicking 'I accept' on an installer, or as part of the process of creating, building on and distributing open source software. I am sure institutional legal services or technology-transfer units will find the book to be of interest, especially if the queries about open source software are only now beginning to arrive in their inbox.
And if you want to write your own open source software licence? Read the book and then consult a lawyer.
- Open Source Initiative (OSI) http://www.opensource.org/
- SourceForge.net: OSI-approved open source http://sourceforge.net/softwaremap/trove_list.php?form_cat=14
- The OSI has recently approved an open source licence submitted by Sun Microsystems, the Common Development and Distribution licence (CDDL) based on the Mozilla Public License 1.1. Solaris 10, Sun's operating system, is being released as an open source product. See further http://www.sun.com/cddl/
- Research Technologies Service http://www.oucs.ox.ac.uk/rts/
- OSS Watch - the JISC-funded open source software advisory service http://www.oss-watch.ac.uk/
- See further "Government policy on the use of Open Source Software within the UK government"(2.0) which includes the principle, "Publicly funded R&D projects which aim to produce software outputs shall specify a proposed software exploitation route at the start of the project. At the completion of the project, the software shall be exploited either commercially or within an academic community or as OSS". http://www.govtalk.gov.uk/policydocs/consult_subject_document.asp?docnum...
- Creative Commons: choose license. http://creativecommons.org/license/
- Creative Commons Worldwide: United Kingdom. http://creativecommons.org/worldwide/uk/