Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus.
The nfoCentrale Blog Conclave
nfoCentrale Associated Sites
Technorati Tags: Facebook, open-source licensing, attribution of software dependencies, software development, trustworthiness, cybersmith
If you choose to distribute open-source code, or create software that relies on licensed code of others, you'll have to deal with two issues:
These are interdependent considerations. Here I focus mainly on the first case because an useful example has come up.
Facebook has open-sourced a big chunk of its platform using CPAL, the Common Public Attribution License. This is an OSI-approved open-source license. Mike Gunderloy has opined that the attribution requirement that Facebook has specified in the license is onerous and designed to prevent others using the code because it requires that
where the specific attribution to be carried into derivative code is
quoting from the Facebook version of the CPAL license. Gunderloy makes the observation that
Gunderloy seems to forget that one can always negotiate a different license with Facebook. He does point out that Facebook did not make use of the CPAL dual-license provision and the license as used is GPL-incompatible because CPAL is a derivative of the GPL-incompatible Mozilla license.
Dare Obasanjo has posted his "Thoughts on Facebook's usage of the CPAL as a 'Poison Pill' and Other Such Nonsense." Obasanjo does not think the attribution requirement is all that onerous, and I agree, although I think the requirement of prominent advertising is a bit heavy-handed.
I would not use CPAL-licensed code simply because the license is too bloody long and complicated. It also appears to be a reciprocal license, although I am not going to dive in close enough to be certain. I pretty-consistently avoid making derivative works of reciprocally-licensed code although I can imagine conditions where I would be willing.
One of my principle concerns in choosing an open-source license is that the license be dirt simple. I want recipients to easily determine and be very clear on what they are permitted to do, with simple conditions on compliance. I prefer something that can be fronted by a statement as simple as a Creative Commons Attribution Deed.
Obasanjo notes that the BSD license requires attribution too (you must carry forward a copy of the original notice). This has not bothered open-source efforts that use BSD code, even if under some GPL version. Sun pretty much has the practice down pat in its open-source efforts and closed-source ones too, with the THIRDPARTYLICENSEREADME that is commonly found in directories of programs such as OpenOffice.org.
When the extreme anarcho-libertarian wing of the open-source folk overcome their fear of being taken advantage of , they might notice another very important reason to provide accurate attribution. It provides an account of the provenance of their code and can be important in determining whether it might carry a later-discovered security exposure or bug reported in the original version. Attributions are an important feature of accountability, which is why I provide attributions whether or not they are required by licensed code that I incorporate or make derivatives of.
I am not interested in going overboard on the "prominent display" aspect. I think provision in conjunction with a Help | About ... menu item is fine. That's good enough for my attribution concerns. And, meanwhile, the standard rules apply: if you don't like the license, don't use the licensed work in ways where the unpleasant terms come to bear.
If you are wary of signing your own work and of providing attributions of your sources, that's fine. There is apparently a large community of like-minded folk who fear some sort of liability around simply being accountable. I will decline to let your code anywhere near any effort of mine, however. I'm also that way if the license for your code is not one I am willing to work under. It's simple, really.
I would normally have made this a simple comment on Obasanjo's blog, except some sort of Web 2.0-ish updates to the blog has my commenting-effort fail. There are some annoying pop-ups that I don't understand but that I can't dismiss, even though the site remembers my profile information and allows me to enter a comment. I just can't submit it because there is some sort of coComment failure every time I try. I'll have to hunt down Dare's e-mail address and let him know that this is a mess. Meanwhile, I've fleshed this out as an appropriate cybersmith topic.
What sort of errors you did get when submitting the comment ?
Dare Obasanjo: if you turn it on again, we could investigate and fix the issues.
You can contact me or our integration team to plan this: christophe _AT_ cocomment.com or integration _AT_ cocomment.com
|You are navigating Orcmid's Lair.|