Home > Archive > Software Engineering > January 2007 > Protecting open source software
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Protecting open source software
|
|
|
| Hi everybody,
I'm involved in some smaller open-source projects. Recently, the question
came up during a meeting about how OSS can be protected.
To clarify this, I'll give an example: suppose we write an application, and
release it as open-source. It might be based upon another application, or
it may use other open-source projects as it's base.
Now say company X stumbles upon this piece of software, downloads the
source and creates their own application from it.
As far as I can understand, according to open source licences it is allowed
to distribute a new application (and even charge for it), as long as you
include the original source and/or credit the authors. What if company X
decides to pretend that they wrote the source?
Even if you know they copied the code, you would not be able to prove it,
because you don't have their source code. And even if you did, they could
have rewritten the entire code as to no longer resemble the original code.
Not that this is likely to happen with any of the OSS tools I'm involved
in, but it's still a question I/we don't have an answer for.
Could someone please clarify this?
Thanks!
Ikke
| |
| Juha Laiho 2007-01-06, 7:19 pm |
| Ikke <ikke@hier.be> said:
>I'm involved in some smaller open-source projects. Recently, the question
>came up during a meeting about how OSS can be protected.
>
>To clarify this, I'll give an example: suppose we write an application, and
>release it as open-source. It might be based upon another application, or
>it may use other open-source projects as it's base.
>
>Now say company X stumbles upon this piece of software, downloads the
>source and creates their own application from it.
>
>As far as I can understand, according to open source licences it is allowed
>to distribute a new application (and even charge for it), as long as you
>include the original source and/or credit the authors. What if company X
>decides to pretend that they wrote the source?
Well, what is allowed and what is not depends on the license used. There
are different limitations for different open source licenses; for example,
in the BSD license, there is no requirement for redistributing the source.
>Even if you know they copied the code, you would not be able to prove it,
>because you don't have their source code.
This is done via court rooms, if there's a strong enough suspicion. The
copyright owners will have to take the suspected violator to court,
and obtain proofs via court orders.
>And even if you did, they could have rewritten the entire code as to no
>longer resemble the original code.
Well, if they took a piece of open source code, documented what it does,
and wrote a new implementation based on that, where would they commit
a crime? Nowhere, I think. Howevwer, if they took something that
requires re-distribution of the code, and distribute _that_ only in
binary form (perhaps slightly modified, but without a proper rewrite),
that would be a violation.
There has been at least some lawsuits regarding open source license
violations already, so this isn't a new issue. There are even organisations
providing legal services to open source community; see
http://www.softwarefreedom.org/
--
Wolf a.k.a. Juha Laiho Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)
| |
| Pierre Asselin 2007-01-06, 7:19 pm |
| Ikke <ikke@hier.be> wrote:
> [ ... ] suppose we write an application, and release it as open-source.
> [ ... ] Now say company X stumbles upon this piece of software,
> downloads the source and creates their own application from it.
> [ ... ]
> Even if you know they copied the code, you would not be able to prove it,
> because you don't have their source code.
Oh, usually you *can* prove it. Then you have to take them to court.
Google for "GPL violation"
--
pa at panix dot com
| |
|
| Juha Laiho <Juha.Laiho@iki.fi> wrote in
news:enja6b$5dc$3@ichaos2.ichaos-int:
<snip>
>
> Well, if they took a piece of open source code, documented what it
> does, and wrote a new implementation based on that, where would they
> commit a crime? Nowhere, I think. Howevwer, if they took something
> that requires re-distribution of the code, and distribute _that_ only
> in binary form (perhaps slightly modified, but without a proper
> rewrite), that would be a violation.
I'm not talking about a completely new implementation - what I meant by
"rewriting the source code" should be interpreted as a mere search &
replace of variable names, method names, etc...
> There has been at least some lawsuits regarding open source license
> violations already, so this isn't a new issue. There are even
> organisations providing legal services to open source community; see
> http://www.softwarefreedom.org/
Thanks for the information!
Ikke
| |
|
| pa@see.signature.invalid (Pierre Asselin) wrote in
news:enkaqb$qu$1@reader2.panix.com:
> Ikke <ikke@hier.be> wrote:
>
>
>
> Oh, usually you *can* prove it. Then you have to take them to court.
> Google for "GPL violation"
But how can you prove it? Even if you get their source code (via court or
whatever), there is no way to prove that the source is the same - or is
there?
Ikke
| |
| Juha Laiho 2007-01-06, 7:19 pm |
| Ikke <ikke@hier.be> said:
>Juha Laiho <Juha.Laiho@iki.fi> wrote in
>news:enja6b$5dc$3@ichaos2.ichaos-int:
>
><snip>
>
>I'm not talking about a completely new implementation - what I meant by
>"rewriting the source code" should be interpreted as a mere search &
>replace of variable names, method names, etc...
There are ways to build abstract representations of program listings,
which then give away these kinds of mere visual alterations.
Reading http://www.groklaw.net/ has been rather informative regarding
how evidence of source code theft/leakage can be gathered (and on
a number of other matters regarding (the US) IPR legislation as well).
--
Wolf a.k.a. Juha Laiho Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)
| |
| Pierre Asselin 2007-01-06, 7:19 pm |
| Ikke <ikke@hier.be> wrote:
> pa@see.signature.invalid (Pierre Asselin) wrote in
> news:enkaqb$qu$1@reader2.panix.com:
[color=darkred]
> But how can you prove it? Even if you get their source code (via court or
> whatever), there is no way to prove that the source is the same - or is
> there?
You don't need the source. Do try Google and read on.
--
pa at panix dot com
| |
| William 2007-01-09, 7:06 pm |
| "Ikke" <ikke@hier.be> wrote in message
news:Xns98AEAAFCD7887ikkehierbe@195.130.132.70...
> Hi everybody,
>
> I'm involved in some smaller open-source projects. Recently,
> the question came up during a meeting about how OSS can be
> protected.
I think your first question to yourselves should be "How much
time and money are we willing to invest in protecting something
we are giving away?"
I presume if you plan to make money it will be through
ancillary services and products, not from the software
you are putting out as OSS. Therefore, protecting it is
a matter of principle and/or protecting yourselves from
someone who might try to claim it as their own (very
unlikely since anyone stealing it has a high probability
of getting caught if they make noise about it).
When I worked in the game industry I met a lot of people
who were so wrapped up in protecting their ideas that
they never got around to doing anything with them. You
have to remember what your goals really are and don't
sweat the small stuff.
Register your copyright (according to your country's
laws), slap your OSS license of choice on it, and move
on.
-Wm
|
|
|
|
|