this post was submitted on 20 Nov 2023
33 points (92.3% liked)

Open Source

31021 readers
465 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

Recently, I was looking into licensing an open-source project I'm creating. My preferred license is the BSD-3, but was given advice that I should seek a license that offers patent protection as well. I saw there is a BSD 2-Clause + Patent option, but not one for the BSD 3-Clause, not that I found through OSI or SPDX. This seems odd to me, because I'm pretty sure the BSD 3-Clause is more commonly used than the BSD 2-Clause. Because of this, I've had to dual license my project as BSD 3-Clause AND BSD 2-Clause+Patent, which is a bit unwieldy, but achieves the same desired results.

This seems like an odd oversight though, I'd be curious if there's a reason the 2-Clause was chosen for the patent protection over the 3-Clause version? I could just add in the patent protection part to the 3-Clause version, but creating arbitrary licenses like that definitely makes me feel a bit... uncomfortable.

Edit: Due to some confusion as to what I meant, I wanted to add some details.

I'm definitely aware that licenses such as the Apache 2.0 exist, I just like the BSD licenses for their simpler language (and also don't have that odd state changes clause from Apache 2.0). I'm more so just curious why the choice was made for only the BSD 2-Clause license to gain the Patent Clause, but not the BSD 3-Clause version. That's what I'm not sure about, and why I'm curious about the logic behind this choice. I'm gonna paste in the content of both licenses below, since they are both short and easy to read and understand.

BSD 2-Clause + Patent

Copyright (c)

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

Subject to the terms and conditions of this license, each copyright holder and contributor hereby grants to those receiving rights under this license a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except for failure to satisfy the conditions of this license) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer this software, where such license applies only to those patent claims, already acquired or hereafter acquired, licensable by such copyright holder or contributor that are necessarily infringed by:

(a) their Contribution(s) (the licensed copyrights of copyright holders and non-copyrightable additions of contributors, in source or binary form) alone; or

(b) combination of their Contribution(s) with the work of authorship to which such Contribution(s) was added by such copyright holder or contributor, if, at the time the Contribution is added, such addition causes such combination to be necessarily infringed. The patent license shall not apply to any other combinations which include the Contribution. Except as expressly stated above, no rights or licenses from any copyright holder or contributor is granted under this license, whether expressly, by implication, estoppel or otherwise.

DISCLAIMER

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

(Fun Fact: A lead developer on the Rust team said they would have chosen the BSD 2-Clause+Patent license if it existed at the time of them first releasing the Rust programming language. Instead, it's why they chose to dual-license under the MIT and Apache 2.0 instead.)

BSD 3-Clause

Copyright (c) .

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

top 28 comments
sorted by: hot top controversial new old
[–] wmassingham@lemmy.world 8 points 11 months ago (1 children)

Nobody is stopping you from copy-pasting the third clause into the two-clause plus patent license.

What are you trying to accomplish with the patent thing? Have you already patented your software?

[–] southernwolf@pawb.social 0 points 11 months ago

Wanted patent protections for myself mostly. I know the Apache 2.0 is best well-known for that, but I tend to prefer the simplicity of the BSD licenses. More so curious why the BSD 2-Clause was chosen for that Patent clause and not the BSD 3-Clause. Just seems odd to me. I updated my original post with more info.

[–] heeplr@feddit.de 6 points 11 months ago* (last edited 11 months ago) (1 children)

NAL but my understanding always was, that you can't patent anything in your name, when it's already published.

That would make any patent related clause void anyway.

[–] 0x4E4F@infosec.pub -3 points 11 months ago (1 children)

Yeah, everyone could just snatch it, reimplement it and say it was their idea 🤷.

[–] heeplr@feddit.de 0 points 11 months ago* (last edited 11 months ago) (1 children)

no, the patent office would find your publication, deem it Prior Art and not grant the patent. If it would miss it (some don't research very well), anyone can notify them to void the patent afterwards anytime.

IANAL, there are lawyers specialized on patents who'll reassure you for free/cheap (relatively, they are friggin expensive). It also depends on legislature. Countries that break/never agreed to the PCT will do what they please.

[–] 0x4E4F@infosec.pub -1 points 11 months ago (1 children)

no, the patent office would find your publication, deem it Prior Art and not grant the patent.

Yeah, but what if they completely rewrite the code, making it completely indistinguishable from yours. They could claim that they came up with the idea themselves 🤷.

[–] heeplr@feddit.de 1 points 11 months ago (1 children)

not sure why you think that. if it's indistinguishable, it's still prior art. If it's something better or different than your code, it's a new thing.

Patents protect technical principles, not actual sourcecode.

[–] 0x4E4F@infosec.pub 0 points 11 months ago* (last edited 11 months ago) (2 children)

If it's something better or different than your code, it's a new thing.

They might steal the idea. Analyze the source, make some modifications regarding their needs, reimplement it in whatever language they like... that is still stealing, is it not?

[–] heeplr@feddit.de 0 points 11 months ago (1 children)

What are you trying to prevent? You can't release anything (opensource or not) without risking someone stealing the idea without patenting.

No FOSS license will prevent that (quite the opposite, it encourages copying/modifications). Those licenses just prevent someone using your code commercially without releasing the source code again.

[–] 0x4E4F@infosec.pub 1 points 11 months ago* (last edited 11 months ago) (1 children)

I had a particular project in mind, I should have mentioned earlier, Fraunhoffer's FDK-AAC. It's open source, but the license is... tricky...

[–] heeplr@feddit.de 1 points 11 months ago (1 children)

you could check how other FOSS do it. e.g. you externally link it as a library and use another license the user has to agree on just for that.

[–] 0x4E4F@infosec.pub 1 points 11 months ago (1 children)

As far as I'm aware of, the only FOSS project that has an option to use FDK-AAC is Handbrake, and they just let you point to the binary, that's it... you have to compile it yourself.

[–] heeplr@feddit.de 1 points 11 months ago (1 children)

license is probably the reason they're doing it. no way around that without infringing copyright law I guess.

[–] 0x4E4F@infosec.pub 1 points 11 months ago* (last edited 11 months ago)

Of course, that's not tye only project that does this, but they're the only FOSS project, which is what you asked. xrecode can use it as well, but it's not FOSS and l, once again, you have to provide the binary.

My mistake, I just remembered, MeGUI can use it as well (you have to provide the binary), which is a FOSS project as well.

That is why I was asking around... cuz I wanna clone it and make it FOSS, but it seems that no one has done that already, dispite the thing existing for about a decade now, for a reason.

[–] lambalicious@lemmy.sdf.org 0 points 11 months ago (1 children)

steal

No. You are freely providing the source code.

[–] 0x4E4F@infosec.pub 0 points 11 months ago* (last edited 11 months ago) (1 children)

Mhm... OK, in that case, let's say I reimplement Fraunhoffer's FDK-AAC. It's open source, but you can't redistribute binaries of it, you can only compile it for your own personal needs and you can't commercially use it for free. So, let's say my reimplementation is licensed under BSD or GPL and I allow everything, even commercial use for free. That would cut on the profit Fraunhoffer is making from their product, but they can't legally persue me because none of their code is in my reimplementation 🤨? That seems kinda off...

[–] lambalicious@lemmy.sdf.org 0 points 11 months ago* (last edited 11 months ago) (1 children)

Here's two things:

  1. You can not steal an idea. (aka "just because you had an idea doesn't mean it's yours")
  2. You can not steal profits that were never had or intended to be had in the first place (aka: piracy vs "abandonware")

Considering that:

It’s open source, but you can’t redistribute binaries of it you can only compile it for your own personal needs and you can’t commercially use it for free

Then it's not Open Source. So, which is it?

OK, in that case, let’s say I reimplement Fraunhoffer’s FDK-AAC. It’s open source, but you can’t redistribute binaries of it, you can only compile it for your own personal needs and you can’t commercially use it for free.

The only midly-relevant question here becomes: did you use their source code to implement yours, or did you use public knowledge of the algorith etc (up to and including "white boarding") to reimplement it? If the former, if the software is actually Open Source at best I could see a case for misrepresentation, but not for theft, because the source code is made available openly, you are not breaking that (that's what "steal" is).

Second, if your implementation is better than theirs, including eg.: because of having a better license, then the rules of the market apply: the better product wins (that's the same argument corps would use to try and break you if the case went the other way around, so it's only fair you can also use that; at least, law's supposed to be blind to order-of-parties). You are also not stealing profits because, besides the fact that potential profits by definition can not be stolen, you are also aiming at a different market eg.: people who wouldn't have bought Fraunhoffer's in the first place because of the license etc. If you are selling cheese sandwiches, you can not sue "stolen profits" from someone who is selling bacon sandwiches just because their clients asked you for bacon sandwiches and you said no.

[–] 0x4E4F@infosec.pub 1 points 11 months ago

Then it's not Open Source. So, which is it?

It is open source, you can find the source on GitHub and other git repos (their repos, not clones made by others).

The only midly-relevant question here becomes: did you use their source code to implement yours, or did you use public knowledge of the algorith etc (up to and including "white boarding") to reimplement it?

Yes, I would use their source code as a reference, as in, study it and try to replicate what they have done, but in the process, deliberately doing things differently (sometimes it may be more efficient, other times it may not) so I would avoid legal consiquences.

Basically, their license says "Here's the source, do whatever you want with it for your own personal use. You can not share binaries of it with anyone, individuals or companies. You can not use it for commercial use for free, you have to pay an implementation license. You can use our source to make sources for other OSes (their source is meant to be used in Android), but the same license has to apply to your implementation, and you can't redistribute binaries, just the source."

If you are selling cheese sandwiches, you can not sue "stolen profits" from someone who is selling bacon sandwiches just because their clients asked you for bacon sandwiches and you said no.

Basically, I'm giving away free bacon sandwiches, while the guy at the stand next to me is selling them. They're not exactly the same, but the end result is the same, mine feed the people just as much as his do.

[–] il3fm9@sh.itjust.works 5 points 11 months ago (1 children)

I'm confused with some of the comments here - isn't OP asking why the BSD 3-Clause doesn't include a clause preventing patent treachery, which would be a good clause to have?

In any case, this is why the FSF recommends the Apache 2.0 license over other permissive licenses: https://www.gnu.org/licenses/license-list.html#apache2

[–] southernwolf@pawb.social 3 points 11 months ago

You are correct, yeah. I updated my post with more info on what I was asking about, plus the text of the two licenses.

[–] SlikPikker@lemmy.ca 2 points 11 months ago (1 children)

In part, perhaps it's because patents are inherently unethical and anti-open.

[–] Kaldo@kbin.social 2 points 11 months ago (1 children)

I can still see the value in owning it in this shitty climate however - maybe I want to keep the patent just so I can distribute it freely instead of someone else staking their claim on it and then charging people for the same thing?

[–] SlikPikker@lemmy.ca 0 points 11 months ago

Just publish prior art openly.

[–] Gooey0210@sh.itjust.works -1 points 11 months ago (1 children)

Maybe just use WTFPL? 🤔

[–] hansl@lemmy.world 4 points 11 months ago (2 children)

No. Don’t do that. WTFPL is not a license. It’s a legal pandora box.

[–] Gooey0210@sh.itjust.works 0 points 11 months ago

He-he-he, you're right 😄

[–] lambalicious@lemmy.sdf.org 0 points 11 months ago (1 children)

I mean that's its whole point, yes?

[–] hansl@lemmy.world 2 points 11 months ago

And that can create unexpected situations, like corporations stealing your patents or patenting all usages of your work, and prior art might be damned, and in some cases even sue you for you own work. There are examples of this for people who didn’t patent or license their work, this is not some weird hypothetical. WTFPL is not a license, it is not clear that it protects you or not.

In the real world, WTFPL has no reasons to exist. If you want to protect your work but want to make it available, there are good permissive open source licenses. Slap an Apache, or CC0 or GPL license.