conferences | speakers | series

What did I just agree to?

home

What did I just agree to?
FOSDEM 2019

Understanding FOSS licenses are indisputably an important part of the process for contracting for IT services ranging from software agreements, professional services to create or support software, and to cloud solutions.

It’s not uncommon to find carve outs in those agreements saying that “Some Third-Party Content may be provided to you under a separate license, such as the Apache License, Version 2.0, or other open source license.” What does that mean? Are there any surprising terms to be found in those “other open source licenses”.

This presentation will briefly review the terms of some of the less commonly discussed licenses approved by OSI as “open source.” What are some of the interesting properties of these less common licenses? And do we really want to keep agreeing to use them in our contracts?

There are 83 licenses listed as approved “Open source” licenses on the Open source initiatives website. Most of the time when developers, lawyers, and FOSS compliance experts talk about “open source” licenses the permissions and obligations of the nine licenses listed on OSI’s “popular licenses” list are front and center. Occasionally a few other licenses like the AGPL and the Creative Commons licenses are considered as well. But what about the other 70 licences? Do the generalizations and expectations many of us have based on the popular licenses hold up when we start to consider the other OSI approved licenses?

This presentation will argue that many the spoken and unspoken expectations of open source licenses do not generalize well when we consider the full list of licenses approved by OSI. This can be a challenge when IT policies and contractuals are written about “open source” licenses generally. Do organizations that are comfortable working with and using open source software and licenses really want to bound by all of the obligations in every free software license? Are the generalizations we make about open source licenses really true for every license? Do we need to be more careful in crafting policies and contracts then treating all open source licenses the same?

This presentation will review attributes found in the un-”popular licenses” that have been approved by OSI that differ from the unique and common attributes found in the popular licenses.

For example not all of them are classified as free by the Free Software Foundation and some appear to not be acceptable for inclusion in Debian. We will look at the public rationale for Debian and the Free Software Foundation refusing to include those licenses. We will also look at other unexpected properties of other licenses that may challenge many of our internal models for open source licenses.

We will also look at which licenses have the unusual attributes such as: * Choice of Venue Clauses * Choice of Law clauses * Unusual distribution clauses such as - requirements to secure assent to the agreements and licenses - Mandatory Public publication requirements for specified periods of time - Grant of third party beneficiary rights for recipients * Retaliation clauses with broad scopes (terminating all rights for unrelated litigation) * Licenses that have restrictions or contingent obligations that trigger on use * Exclusion of patent rights * Restrictions on selling copies of software

We will pay particular attention to licenses that impose obligations on individuals for merely using the software even if they don’t modify the software such as: * requirements distribution when software is used and the various ways use triggers: * distribution and to whom distribution is required under those circumstances. such as the several licenses that require sharing source code when you use it or let others use it. * Indemnification of authors of the source code

Speakers: Marc Jones