Subject: Re: Admin burden of proprietary licenses.
From: Brian Behlendorf <brian@hyperreal.org>
Date: Thu, 30 Apr 1998 19:35:30 -0700

At 07:12 PM 4/30/98 -0300, Bob Young wrote:
>The issue I'd appreciate some feedback on is the simple administrative 
>burden of anything but unrestricted free redistribution of the code type 
>licenses.

This is why the Apache developers have always favored the BSD-style license
over the GNU license.  Several of the folks who started the project did so
because they wanted to use the software for a business purpose, and they
didn't want to close the door to at some point selling a derivative of the
software.  The only real requirement in the Apache license is the
advertising one; I don't know if that meets your concept of "unrestricted".
 There have been some companies who have abused the spirit of this loose
license, and built derivative products (in particular, a port to the Mac)
without contributing *anything* back to Apache.  Most others play fair,
though.

No, in my experience, the biggest headache by far is not the license
itself, it's the copyright issue.  Apache has never had a contract that its
contributors must sign before we incorporate a contribution.  We've just
never had the wherewithall or the organization to do this.  Morally,
everything is clear - we've never incorporated a fix that wasn't given *to*
the project, other than integrating some libraries of code (like the regex
package) which had licenses which clearly allowed this.  But legally, any
of the 100 or so external contributors to Apache (there are 98 different
email addresses in the CHANGES file) could, in theory, sue for copyright
violation, or even potentially their employers could sue.  

This is an issue both for companies wishing to base products on Apache, and
also for large institutional users, who don't want to wake up one morning
to an email notifying them that the software they used was in jeopardy.  

Is Apache unique in this space?  I've heard the FSF mandates that
contributors sign certain documents.  I think were this to ever go to a
judge, the judge would grant us some leniency so long as we removed and
replaced any offending code.  But that's just speculation, IANAL.

Patents are a second big rats nest, but I won't go into that now.

One related note: in a recent audit of Apache, one company found that there
was a snippet of code which was lifted from one package (xinetd, a BSD-ish
license) which was previously lifted from another (the "sio" i/o library,
also BSD-ish license) but whose original source is the old "GNU libc-4.7.2"
package.  The tar file for "libc-4.7.5" that I pulled down from
tsx-11.mit.edu had *NO* copyright statement in it - no "COPYING" file,  not
even a mention in a README or something.  Various files had an assortment
of copyrights on them, but not the code that was lifted.  Of course, the
lifted code has gone through at least 2 generations of rework since it was
in libc.  Does anyone know what the "right thing" to do in this situation
is?  Rewrite the code?  It's some pretty nasty pointer arithmetic and
string converstion code, not something anyone would look forward to doing!  :)

	Brian


--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
pure chewing satisfaction                                  brian@apache.org
                                                        brian@hyperreal.org