際際滷

際際滷Share a Scribd company logo

Degrees of Freedom

Johan Thelin
Johan Thelin

This document discusses different models for open source projects including open projects, open source, and open core models. It provides examples of projects that follow each model including XScreenSaver, Android, GCC, Qt, and Linux. It also covers related topics like licenses, contributor license agreements, export restrictions, patents, responsible disclosure, and trademarks.

1 of 35
Download to read offline
Degrees of Freedom A review of open source models
Bio Johan Thelin Co-founder of Kuro Studio Past: Pelagicore, Trolltech, BitSim, Enator QmlBook, Foundations of Qt Development Datormagazin, LinuxJournal, etc foss-gbg / foss-north
Degrees of Freedom
What is Open Source? Free Redistribution Source Code Derived Works Source: https://opensource.org/osd
What is Open Source? Free Redistribution Source Code Derived Works Integrity of the Authors Source Code No Discrimination Against Persons or Groups No Discrimination Against Fields of Endeavour Source: https://opensource.org/osd
What is Open Source? Free Redistribution Source Code Derived Works Integrity of the Authors Source Code No Discrimination Against Persons or Groups No Discrimination Against Fields of Endeavour Distribution of License License Must Not Be Specific to a Product License Must Not Restrict Other Software License Must Be Technology-Neutral Source: https://opensource.org/osd
From Linus Torvalds <> Date Sun, 16 Sep 2018 12:22:43 -0700 Subject Linux 4.19-rc4 released, an apology, and a maintainership note
It is more than just source code!
Degrees of openess Open project Open source Open core
Sharing models Open project Open source Open core Source code
Sharing models Open project Open source Open core Source code Bugs
Sharing models Open project Open source Open core Source code Bugs Planning
Sharing models Open project Open source Open core Source code Governance Bugs Planning
Sharing models Open project Open source Open core Source code Governance Bugs Copyright Planning
Where do we see these models? Open Core + Expensive modules Play Services Gitlab tiers Dual licensing Requires copyright ownership Services Anyone can do it, but you do it best Physical products Phones, etc SaaS Software as a Service Hosting, e.g. Wordpress, mender, AWS, etc Open source is not a business model. Your business model may, however, be affected by your choice of licenses.
Example projects Open project Open source Open core Source code Governance Bugs Copyright Planning
Case Study: XScreenSaver Open project Open source Open core Source code Governance Bugs Copyright Planning https://www.jwz.org/xscreensaver/ Source code is available as a tarball Mix of licenses, MIT, GPLv2+, other permissive licenses Bugs can be reported, but not public issue tracker Run by a single guy at his leisure
Case Study: Android Open project Open source Open core Source code Governance Bugs Copyright Planning https://source.android.com/setup/contribute/index.html Source code is available (AOSP) but not to the services Mix of licenses Has an issue tracker Accepts external contributions Planning and Governance are internal to Google
Case Study: GCC Open project Open source Open core Copyright Source code Governance Bugs Planning Source code is available GPL Has a public issue tracker Has a steering committee for major decisions Recommends copyright assignment (to FSF) https://gcc.gnu.org/
Case Study: Qt Open project Open source Open core Source code Governance Bugs Copyright Planning https://www.qt.io/ Source code is available GPLv3 / LGPLv3, and some commercial add-ons Has a public issue tracker Has an open governance model Required contributors to sign a CLA Has moved from open core towards open projects
Case Study: Linux Open project Open source Open core Copyright Source code Governance Bugs Planning Source code is available Mostly GPLv2 Has a public issue tracker Has an open governance model Good example of herding cats https://www.kernel.org/
Sharing models and licenses A license does not imply a sharing model but it can prevent one. You need to be aware of how licenses depend on each other
Licenses Strong copy-left Weak copy-left Non copy-left MIT Apache BSD GPL Public Domain CC-SA CC-0 CC-BY
Dependency Directions Strong copy-left Weak copy-left Non copy-left
Dependency Directions Strong copy-left Weak copy-left Non copy-left
Dependency Directions Strong copy-left Weak copy-left Non copy-left
Licenses Enables or disables sharing models and business models You need to be aware of them As long as you retain copyright, you can change your mind But not retroactively There is more: licenses trigger at different conditions, e.g. distribution I like https://tldrlegal.com/ and https://opensource.org/ Ask a lawyer!
Degrees of Freedom
Contributor License Agreements Require that each contributor signs a contract Assignment of copyright Guarantee ownership and originality Patents More
Export restrictions Mostly affects exporting crypto software from the US The restrictions have been eased since the 90s Interfers with the open source definition (the no discrimination parts)
Patents Software patents are not discoverable through looking at the source Patents may be enforced retroactively Expensive law suits and potentially expensive license costs Still open to discussion if pure software can be copyrighted Different depending on geography OIN is a patent pool to defend Linux Defensive publications https://www.openinventionnetwork.com/
Responsible Disclosure Contradictory to openess but protects the users Example project: curl Report potential security issues to dedicated mailinglist Limited, trusted, set of people on the list Agree on plans to fix and disclosure time-line Information to distros via distros@openwall Short release cycles (8 weeks) means that fixes are quick Source: https://curl.haxx.se/dev/secprocess.html
Trademarks Restricts who can use a product brand Examples: Arduino, Mozilla, Firefox Helps creating an official configuration, without restricting other freedoms
Trademarks This type of abuse can be stopped suing trademarks Requires a legal entity to own the trademarks Costs money to register and defend https://www.bleepingcomputer.com/news/microsoft/unknown-dev-brings-libreoffice-to-windows-10-via-the-microsoft-store/
Code First!

More Related Content

Degrees of Freedom

  • 1. Degrees of Freedom A review of open source models
  • 2. Bio Johan Thelin Co-founder of Kuro Studio Past: Pelagicore, Trolltech, BitSim, Enator QmlBook, Foundations of Qt Development Datormagazin, LinuxJournal, etc foss-gbg / foss-north
  • 4. What is Open Source? Free Redistribution Source Code Derived Works Source: https://opensource.org/osd
  • 5. What is Open Source? Free Redistribution Source Code Derived Works Integrity of the Authors Source Code No Discrimination Against Persons or Groups No Discrimination Against Fields of Endeavour Source: https://opensource.org/osd
  • 6. What is Open Source? Free Redistribution Source Code Derived Works Integrity of the Authors Source Code No Discrimination Against Persons or Groups No Discrimination Against Fields of Endeavour Distribution of License License Must Not Be Specific to a Product License Must Not Restrict Other Software License Must Be Technology-Neutral Source: https://opensource.org/osd
  • 7. From Linus Torvalds <> Date Sun, 16 Sep 2018 12:22:43 -0700 Subject Linux 4.19-rc4 released, an apology, and a maintainership note
  • 8. It is more than just source code!
  • 9. Degrees of openess Open project Open source Open core
  • 10. Sharing models Open project Open source Open core Source code
  • 11. Sharing models Open project Open source Open core Source code Bugs
  • 12. Sharing models Open project Open source Open core Source code Bugs Planning
  • 13. Sharing models Open project Open source Open core Source code Governance Bugs Planning
  • 14. Sharing models Open project Open source Open core Source code Governance Bugs Copyright Planning
  • 15. Where do we see these models? Open Core + Expensive modules Play Services Gitlab tiers Dual licensing Requires copyright ownership Services Anyone can do it, but you do it best Physical products Phones, etc SaaS Software as a Service Hosting, e.g. Wordpress, mender, AWS, etc Open source is not a business model. Your business model may, however, be affected by your choice of licenses.
  • 16. Example projects Open project Open source Open core Source code Governance Bugs Copyright Planning
  • 17. Case Study: XScreenSaver Open project Open source Open core Source code Governance Bugs Copyright Planning https://www.jwz.org/xscreensaver/ Source code is available as a tarball Mix of licenses, MIT, GPLv2+, other permissive licenses Bugs can be reported, but not public issue tracker Run by a single guy at his leisure
  • 18. Case Study: Android Open project Open source Open core Source code Governance Bugs Copyright Planning https://source.android.com/setup/contribute/index.html Source code is available (AOSP) but not to the services Mix of licenses Has an issue tracker Accepts external contributions Planning and Governance are internal to Google
  • 19. Case Study: GCC Open project Open source Open core Copyright Source code Governance Bugs Planning Source code is available GPL Has a public issue tracker Has a steering committee for major decisions Recommends copyright assignment (to FSF) https://gcc.gnu.org/
  • 20. Case Study: Qt Open project Open source Open core Source code Governance Bugs Copyright Planning https://www.qt.io/ Source code is available GPLv3 / LGPLv3, and some commercial add-ons Has a public issue tracker Has an open governance model Required contributors to sign a CLA Has moved from open core towards open projects
  • 21. Case Study: Linux Open project Open source Open core Copyright Source code Governance Bugs Planning Source code is available Mostly GPLv2 Has a public issue tracker Has an open governance model Good example of herding cats https://www.kernel.org/
  • 22. Sharing models and licenses A license does not imply a sharing model but it can prevent one. You need to be aware of how licenses depend on each other
  • 23. Licenses Strong copy-left Weak copy-left Non copy-left MIT Apache BSD GPL Public Domain CC-SA CC-0 CC-BY
  • 27. Licenses Enables or disables sharing models and business models You need to be aware of them As long as you retain copyright, you can change your mind But not retroactively There is more: licenses trigger at different conditions, e.g. distribution I like https://tldrlegal.com/ and https://opensource.org/ Ask a lawyer!
  • 29. Contributor License Agreements Require that each contributor signs a contract Assignment of copyright Guarantee ownership and originality Patents More
  • 30. Export restrictions Mostly affects exporting crypto software from the US The restrictions have been eased since the 90s Interfers with the open source definition (the no discrimination parts)
  • 31. Patents Software patents are not discoverable through looking at the source Patents may be enforced retroactively Expensive law suits and potentially expensive license costs Still open to discussion if pure software can be copyrighted Different depending on geography OIN is a patent pool to defend Linux Defensive publications https://www.openinventionnetwork.com/
  • 32. Responsible Disclosure Contradictory to openess but protects the users Example project: curl Report potential security issues to dedicated mailinglist Limited, trusted, set of people on the list Agree on plans to fix and disclosure time-line Information to distros via distros@openwall Short release cycles (8 weeks) means that fixes are quick Source: https://curl.haxx.se/dev/secprocess.html
  • 33. Trademarks Restricts who can use a product brand Examples: Arduino, Mozilla, Firefox Helps creating an official configuration, without restricting other freedoms
  • 34. Trademarks This type of abuse can be stopped suing trademarks Requires a legal entity to own the trademarks Costs money to register and defend https://www.bleepingcomputer.com/news/microsoft/unknown-dev-brings-libreoffice-to-windows-10-via-the-microsoft-store/