Experience the ease of open source contact management software in legal agreements with airSlate SignNow

How to create outlook signature

hello this is Heather Meeker this is an audio and slide presentation of my introduction to open source software licensing I'm a lawyer and a venture capitalist who specializes in open source software I hope this presentation is interesting and informative this presentation will help you understand the basics of open source software licensing please be sure to look at the speaker notes if you would like to read along with the narration if you have questions you can contact your company legal department look at the resources mentioned at the end of the slides or take a look at my book open source for business there is information on how to download it at the end of this presentation so let's get started maybe you are watching this presentation because you have heard that open source is risky but you don't understand why or maybe you just want to know more about what open source software is if you are a programmer of course you already know how much you rely on open source no matter who you are you use open source software every minute it's in your phone it sends your email and it powers the web but a lot of what it does is behind the scenes so you might not know about it if you are not in the tech business these days people like to say that software has eaten the world what they mean is that software now controls almost everything we do it's not just in the technology that supports your workday but the systems that help you drive your car the timer in your oven and even the switch that sets the firmness of your mattress and today people say that open-source has eaten software because most of that software that powers the computing of the world is open-source that means some programmer wrote the software and then gave it to the world for free open-source software powers almost all websites and is in almost all computer systems but from an intellectual property perspective it is the polar opposite of traditionally licensed software so whether you are aware of it or not you use open source software every minute of your day open sources way of Licensing software but more importantly it's a collaborative way of developing software the licenses are meant to enable the development while this slide deck is mostly about the licenses it's important to remember that the license model serves the development model and not vice-versa let's look at the development model so we know what open source is all about the development model is described in the seminal article by Eric Raymond entitled the cathedral and the bazaar proprietary software development is like a cathedral funded by one organization and directed by a master builder open-source software is like the marketplace of ideas anyone can copy or change it and the community decides which version will become the accepted version of the project now let's talk about the licenses you might have heard that there are lots of open-source licenses too many to understand that's not exactly right the Open Source Initiative or OSI is the organization that reviews licenses to certify that they are open source licenses which means they meet the open source definition OSI has approved over 100 licenses but most of them are rarely used the six licenses listed on this slide three are grouped together for reasons explained later are the top licenses used and almost all open source software probably over 99% is under one of these licenses so to understand open source licenses we really need to understand only these six the ones in red are called copyleft licenses we'll learn what that means in a moment there are two categories of open source software licenses permissive and copyleft the feather on this slide is the logo of the Apache foundation which runs many important open-source projects that are made available under permissive licenses the gun oh is the logo of the Free Software Foundation which makes software available mostly under copyleft licenses like the GPL these two types of licenses represent two different but related philosophies free software and open-source software on this slide you can also see the rules for copy left which we will talk about more in a moment permissive licenses like the BSD license are very easy to understand they allow you to do anything you like with the software under only one kind of condition which is that if you distribute the software you must include a copy of the license this copy of the license serves to inform recipients that the software they are getting contains some software under this license but it doesn't limit how you can license a product that contains this software that's why it's called permissive it's a very lightweight requirement and most companies allow use of software under permissive licenses with little or no legal review now let's talk about copyleft all open-source licenses are unrestricted licenses they grant all the rights under copyright law that's one of the requirements of the open source definition however they impose conditions on the exercise of the right proprietary licensing like an end-user license withhold some rights open source licensing doesn't restrict what you can do but if you decide to do certain things you must meet some conditions for copyleft licenses that means you must share changes to the source code you might have heard some people call copyleft licenses viral that word makes people draw legal conclusions that scare them that using GPL software can taint other software this word was coined by proprietary vendors in the 1990s to try to steal the narrative about free software licensing it's outdated inaccurate and misleading let's leave it behind copyleft can be boiled down to two conditions this is the hardest concept and open source licensing once you learn this the rest is easy if you distribute in binary form you must make the corresponding source code available to binary recipients and you can only license that source code on the same copyleft licensing terms this applies to the original copyleft software and any modifications you make to it to create your binaries the modifications are necessary so the source code corresponds to the binaries if you distribute in source code form your job is done this section of the presentation is for those who don't develop software everyday it explains some basic concepts about software that will help you understand open source software licensing each concept relates to a particular aspect of open source licensing if you are a programmer the next four slides will be a review for you if you are not a programmer you may not know what the source of open source refers to source code is the form in which programmers write software but the software you use on your computer everyday is mostly in another format if you click on an icon on your desktop or on your mobile phone you are accessing a program in the form in which your computer can run it which is called executable binary or object code format but the programmer wrote that software in a different form called source code to change a program from source code into executable code the programmer translates the program using a development tool called a compiler why have two different forms computers can run executable form faster than source code but people can't read or change executable software if the software doesn't work you need to access the source code to fix it proprietary products like Microsoft Word and Adobe Acrobat are only available in executable form proprietary vendors won't give you access to their source code and sometimes that's not merely an inconvenience what if there is software in a medical device or a rocket ship and the vendor went out of business or refused to fix it the open source movement was started to make sure that the software that is so important to all our lives is available for all of us to fix and share when you are learning about open source software licensing you may hear about operating systems and applications these are all software but the serve different purposes the operating system is the traffic cop of your computer it runs all the time and boots when you turn on your computer it is the interface between your computer and the real world like through Wi-Fi printers or keyboards an application or app is a program for a specific purpose that runs on top of the operating system applications can't access the hardware of your computer except through the operating system applications have limited permission to effect other applications or the basic systems of the computer for security and reliability reasons therefore applications run in what is called user space a virtual sandbox that is defined by the operating system interface when we say that an application runs on Windows Linux or iOS that means it is written to the specifications for interacting with that operating system this is important to open-source because the most significant piece of open-source software in the world is the Linux kernel an open source operating system licensed under GPL I mentioned that most software runs in executable form but did you know that some of the software you use is only in source code form some software is written in so called high-level languages or scripting languages which include JavaScript Python Ruby HTML and CSS next time you are looking at a web page try right-clicking and selecting the option to view page source you will see some source code probably in HTML or JavaScript the language is used to develop webpages in contrast operating systems and other basic software is in binary form because it needs to run very quickly webpages an application spend most of their time waiting for you the user to respond so they don't need to be quite as fast the implication for open source license thing is that sometimes source code is always available by definition some people are very confused by talk about dynamic and static linking it's a concept that comes up in open source licensing particularly for licenses like GPL and LGPL if you are writing a program you don't write it all from scratch instead you mostly stitch together existing libraries of software much of which may be open-source software when you put your program together you use a build program that tells your computer where to find the libraries it is using the way the libraries are integrated can be called links but don't confuse this with the generic term link or a link on a website called the hyperlink statically linked libraries are baked into the program and load when the program launches but that can make the program slow to load and take up a lot of computing space so an alternative is to dynamically link the library which tells the computer to find load and execute the library only when needed if you have ever used a program on your desktop and seen a DLL error that means your computer was instructed by the build program to look for a dynamically linked library a dll that it could not find that might happen for example if the program installation was incomplete but all you need to know about links for the purpose of open source licensing is that the decision to dynamically or statically link software is based on technical needs and it affects one license called LGPL now let's talk about the best practices your company will want you to use for copyleft software copyleft comes in a few flavours GPL is sometimes called a strong copyleft license because it applies to all the code in a program LGPL is a license that only applies to libraries of code which are parts of programs these rules are simple but they sometimes confuse people for more on why let's see the next slides GPL is strong copyleft which means that if any code in a program is GPL it must all be GPL all-or-none this means there's no linking to proprietary code LGPL is library copyleft if any code in a library is LGPL it must all be LGPL but you can dynamically linked proprietary code because GPL was written to apply to the Linux kernel some of its compliance rules are specific to the kernel the kernel as a whole is covered by GPL version 2 only but the kernel includes hundreds of components under compatible licenses like MIT BSD and LGPL this means that while the whole kernel is available under GPL some of the components are available under more permissive licenses the application of GPL to the kernel also invokes some specific compliance rules applications that run entirely in userspace are not considered part of the same program as the kernel so applications that run on top of Linux can be proprietary even though they link to the kernel via its system libraries such applications must communicate with the kernel via its standard system call interface only and not make deep calls into the kernel such as to manage real-time operations or hardware a Linux distribution includes a lot of software in addition to the kernel a boot loader compiler and so forth these elements are usually open-source but not all of them are subject to GPL there are a few other so-called weak copyleft licenses which were written in a more traditional way than LGPL and are intended to be straightforward to comply with these licenses also applied to libraries these were the ones grouped together in our list of six because the same rules work for all of them the weak copyleft licenses are the Mozilla Public License the eclipse public license and the CD DL they don't have any particular rules about linking as long as you keep proprietary code in a separate file and if you don't modify the code these licenses are easy to comply with just deliver your notices and source code offers and you're done open source licenses impose conditions only if you take certain actions allowed by the license and the main one of those actions is distributing the software so many people want to know what constitutes distribution distribution is one of the rights under US copyright law though the term is not precisely defined we know a lot about what it means for GPL due to broad community practice distribution is transferring a copy from one legal person to another that means if one person within an organization gives a copy to another it is not distribution because both persons are acting as agents of the same legal entity for most licenses software as a service is not considered distribution now there are some edge cases like kiosks rented equipment and some kinds of cloud services deployment where it is unclear whether a tangible copy of the software is being transferred and in software as a service keep in mind that some software is always deployed client-side like HTML and JavaScript that executes on the user's machine those elements are usually considered to be distributed but because they are scripting languages any need to make their source code available under licenses like GPL is not generally a concern the source code is already there a handful of licenses have conditions that might apply even if you do not distribute and most companies will not use software under those licenses because it increased their costs of monitoring compliance those are called Network copyleft licenses and they include a pharoah GPL now let's look at license notices the most important part of open source compliance almost all open-source licenses require a license notice if you distribute the software notices are not complicated but they can be a lot of work the photo shows an example of an open source notice file on a Samsung phone circa 2017 this kind of notice file is necessary if you distribute binaries only notices are baked into source code because they mostly consist of text files that are included in the top-level folder of the source code package your product may include hundreds of open source packages under many licenses so you need a game plan for your notices your notices must be in or with your product notice requirements aren't intellectually challenging but they can be a lot of work to fulfill for some kinds of products notices can be challenging to deliver for IOT products consumer electronics vehicles or other heavy equipment or any product with no UI screen the notice provisions of many of the licenses were written for pre internet on-premises applications so no you can't usually just put the notices on a separate website if your company has given you a specific policy to follow you should take a look at it now the following section of this presentation about most policies but your company's policy might be slightly different if you want to find an example of a corporate open source policy take a look at the blue oak council policy this is a policy that was created by lawyers who specialized in open source software including me this website has two model policies that your company can adopt one for a larger company and one for a smaller company almost all open source policies use a stop go and caution list most companies allow use with few or no approvals for permissively license software an internal use of software under licenses like GPL and LGPL companies that distribute products often require approval in advance for any copyleft software and many companies do not allow use of code under network copy licenses like a GPL at all the most important point about following company policy is that deciding to use software in your products is a technical and a business decision licensing is only one aspect of that decision total cost of ownership matters and sustainability of support and security is paramount most companies want to use the best tool for the job regardless of the license terms here is a sample stop go caution list you can see that it is stratified by license use case and whether the software has been modified these use cases are defined in the policy some company policies might apply different levels of review to development tools which are usually not distributed but might cause runtime libraries to be included in the product being developed some companies apply different use cases for different product lines such as SAS versus distributed software versus distributed devices also policies vary on what go and caution mean sometimes for example go means you don't need legal review but you need approval by your engineering manager sometimes it means no review and you can make the decision to use the software on your own this example puts the version 3 licenses GPL LGPL and a GPL version 3 in a category that prohibits use in consumer electronics that is because those licenses contain a so called anti TiVo ization provision that requires a distributor to share the codes and information necessary to reinstall modified software on consumer devices many companies are concerned that doing this will cause support or security problems for their products but of course the policy that your company is going to use is going to depend on what kind of company it is consumer electronics companies usually apply the most conservative policies because they distribute all their products companies with significant patent portfolios also tend to apply conservative policies because many of the open source licenses have broad patent licenses in them and the companies are concerned that they want to properly steward their patent rights larger companies tend to leave approvals for use of open source software to engineering managers and smaller companies involve legal more in approvals company policy tends to differ on how to keep track of open source use such as with automated tool and how to deliver notices but basically open source policies for companies require you to do a few things first you need to apply the stop go and caution list and then based on that you need to get whatever approvals you need either from your engineering manager or the legal department and then very importantly you need to keep track of your use if you're going to use open source software properly and if you're going to maintain a professional product you need to know what's in that product so most companies will have some automated way of keeping track of the open source they're using in their products your company will also want you to follow its rules about contributing to open source projects run by others or releasing company code under open source licenses it's important to follow your company's rules so you are not giving away company resources without proper authorization most employees don't have authority to give away company developed software for free if you contribute without proper authorization that's bad not only for your company but for recipients who might not get the license rights they expected most companies understandably require a business justification for giving away software they developed at their own expense some people ask if open-source software licences are ever really enforced they are but public lawsuits are only the tip of the iceberg most enforcement is done by community organizations like software freedom Conservancy or the Linux Foundation these organizations are focused on compliance with licenses so they try to work with violators to become compliant before bringing lawsuits but there are other kinds of enforcers as well and their actions are much more difficult to predict strategic enforcers are companies that enforce their licenses against their competitors for strategic business advantage or companies that offer their open-source software under dual licenses that enforce against those who are violating the open-source license and need to buy a commercial license instead last there is at least one copyright troll who operates primarily in Germany and brings lawsuits for the purpose of seeking monetary damages but the risks to violating open-source licenses go beyond lawsuits compliance actions are embarrassing and can result in bad publicity and trouble with recruiting and reputation plus compliance is the right thing to do the authors who made their source code available freely under the open-source licenses deserve to get the benefit of the license terms they applied to their software if there is not a lot of litigation over open-source licenses why bother to comply well first you need to understand what is in your products most open-source compliance failures happen because developers don't know the components they are using the software Bill of Materials for their product that's just not good engineering practice open-source license compliance issues go hand in hand with security issues that result from poor Bill of Materials management also your investors or acquirers will likely require you to certify your compliance before giving you capital to run your company they may even conduct an audit before they will close your deal your customers will also want your assurances that you are not handing them a non-compliant product they don't want your headaches to become their headaches and finally understanding open source compliance is a signal that your company is technically expert and will help you attract the best and brightest engineers that's it for this short presentation on the basics of open source licensing if you would like to look at more resources and find out more about how open source licensing works you can check out the following the blue oak council which I mentioned before has lots of great resources on open source licensing including a list of permissive licenses the open source initiative which I also mentioned before has a list of the current approved open source licenses you might also want to take a look at a couple of other things ASP DX is a standard format for delivering information about embedded open source within supply chains you might find this useful when you're dealing with your supply chain or with your customers and open chain is a standard for open source compliance adopted by many top companies we've been talking today about using an open source policy and that's one of the requirements of open chain you also might have remembered that I have a book called open source for business and you can get a copy of this book if you'd like to learn more about open source licensing just go to my website at .mataharicourse.com since I mentioned that I'm also a venture capitalist and I'm part of a fund that specializes in early stage open source investing so I'm very interested in building sustainable businesses using open source take a look at the open source company index at the link on this page and you'll see what great businesses open source companies can be well that's it I hope you've enjoyed this presentation about open source software licensing this is Heather Meeker signing off