Recent Items
 
DMware: ODMA's Dark Matter
 
Cybersmith: No-friction Bits and Pieces
 
VC++ Novice: Is Native C++ a Dead Language?
 
nfoWorks: What Are those Harmony Principles, Agai...
 
nfoWorks: Tracking OOXML DIS 29500 into the Blue
 
nfoWorks: The ISO/IEC Harmonization Opportunity
 
nfoWorks: In Search of Initiative
 
nfoWorks: The Harmony Get-Ready
 
DMware: Documents as Evidence
 
VC++ Novice: DreamSpark for Students

The nfoCentrale Blog Conclave
 
Millennia Antica: The Kiln Sitter's Diary
 
nfoWorks: Pursuing Harmony
 
Numbering Peano
 
Orcmid's Lair
 
Orcmid's Live Hideout
 
Prof. von Clueless in the Blunder Dome
 
Spanner Wingnut's Muddleware Lab (experimental)

nfoCentrale Associated Sites
 
DMA: The Document Management Alliance
 
DMware: Document Management Interoperability Exchange
 
Millennia Antica Pottery
 
The Miser Project
 
nfoCentrale: the Anchor Site
 
nfoWare: Information Processing Technology
 
nfoWorks: Tools for Document Interoperability
 
NuovoDoc: Design for Document System Interoperability
 
ODMA Interoperability Exchange
 
Orcmid's Lair
 
TROST: Open-System Trustworthiness

Cybersmith: Attributions for Code You Use

If you choose to distribute open-source code, or create software that relies on licensed code of others, you'll have to deal with two issues:

1. what licenses you are willing to agree to for code that you rely on, and how you provide attribution to the third-party works that your software depends on
     
2. What license you will offer to others and how you want others to be able to understand your license requirements

These are interdependent considerations.  Here I focus mainly on the first case because an useful example has come up.

Facebook has open-sourced a big chunk of its platform using CPAL, the Common Public Attribution License.  This is an OSI-approved open-source license.  Mike Gunderloy has opined that the attribution requirement that Facebook has specified in the license is onerous and designed to prevent others using the code because it requires that

"each time an Executable and Source Code or a Larger Work is launched or run, a prominent display of the Original Developer's Attribution Notice (as defined below) must occur on the graphic user interface (which may include display on a splash screen)"

where the specific attribution to be carried into derivative code is

"Attribution Copyright Notice: Copyright © 2006-2008 Facebook, Inc.
Attribution Phrase (not exceeding 10 words): Based on Facebook Open Platform
Attribution URL: http://developers.facebook.com/fbopen
Graphic Image as provided in the Covered Code: http://developers.facebook.com/fbopen/image/logo.png"

quoting from the Facebook version of the CPAL license.  Gunderloy makes the observation that

"While this seems reasonable to recognize the work of the Facebook developers, it does act as a sort of 'poison pill' to prevent others from simply cloning Facebook on to their own sites - at least, others who don't want to give prominent credit to a rival."

Gunderloy seems to forget that one can always negotiate a different license with Facebook.  He does point out that Facebook did not make use of the CPAL dual-license provision and the license as used is GPL-incompatible because CPAL is a derivative of the GPL-incompatible Mozilla license.

Dare Obasanjo has posted his "Thoughts on Facebook's usage of the CPAL as a 'Poison Pill' and Other Such Nonsense."  Obasanjo does not think the attribution requirement is all that onerous, and I agree, although I think the requirement of prominent advertising is a bit heavy-handed. 

I would not use CPAL-licensed code simply because the license is too bloody long and complicated.  It also appears to be a reciprocal license, although I am not going to dive in close enough to be certain.  I pretty-consistently avoid making derivative works of reciprocally-licensed code although I can imagine conditions where I would be willing. 

One of my principle concerns in choosing an open-source license is that the license be dirt simple.  I want recipients to easily determine and be very clear on what they are permitted to do, with simple conditions on compliance.  I prefer something that can be fronted by a statement as simple as a Creative Commons Attribution Deed. 

Obasanjo notes that the BSD license requires attribution too (you must carry forward a copy of the original notice).  This has not bothered open-source efforts that use BSD code, even if under some GPL version. Sun pretty much has the practice down pat in its open-source efforts and closed-source ones too, with the THIRDPARTYLICENSEREADME that is commonly found in directories of programs such as OpenOffice.org.

When the extreme anarcho-libertarian wing of the open-source folk overcome their fear of being taken advantage of , they might notice another very important reason to provide accurate attribution. It provides an account of the provenance of their code and can be important in determining whether it might carry a later-discovered security exposure or bug reported in the original version. Attributions are an important feature of accountability, which is why I provide attributions whether or not they are required by licensed code that I incorporate or make derivatives of.

I am not interested in going overboard on the "prominent display" aspect.  I think provision in conjunction with a Help | About ... menu item is fine.  That's good enough for my attribution concerns.  And, meanwhile, the standard rules apply: if you don't like the license, don't use the licensed work in ways where the unpleasant terms come to bear. 

If you are wary of signing your own work and of providing attributions of your sources, that's fine.  There is apparently a large community of like-minded folk who fear some sort of liability around simply being accountable.  I will decline to let your code anywhere near any effort of mine, however.   I'm also that way if the license for your code is not one I am willing to work under.  It's simple, really.

I would normally have made this a simple comment on Obasanjo's blog, except some sort of Web 2.0-ish updates to the blog has my commenting-effort fail.  There are some annoying pop-ups that I don't understand but that I can't dismiss, even though the site remembers my profile information and allows me to enter a comment.  I just can't submit it because there is some sort of coComment failure every time I try.  I'll have to hunt down Dare's e-mail address and let him know that this is a mess.  Meanwhile, I've fleshed this out as an appropriate cybersmith topic.

¶ posted by orcmid at 6/06/2008 11:31:00 AM

Create a Link -  Post a Comment - 

 
I turned of CoComment on my blog.

¶ posted by  Dare Obasanjo: 06 June, 2008 12:22    

 

 
Hi.

What sort of errors you did get when submitting the comment ?
I can see that coComment have been disabled on that blog now, but there are still some JavaScript errors on the page that could have caused the failure.
Dare Obasanjo: if you turn it on again, we could investigate and fix the issues.
You can contact me or our integration team to plan this: christophe _AT_ cocomment.com or integration _AT_ cocomment.com

¶ posted by  christophe: 07 June, 2008 00:15    

 

  <$BlogBacklinkTitle$>  

<$BlogBacklinkSnippet$>
posted by <$BlogBacklinkAuthor$> at <$BlogBacklinkDateTime$>