If your business sells software, including software-as-a-service (SAAS), odds are good that you have used one or more open source packages in the course of development. In some fields, open source modules are fairly ubiquitous. Software companies that are working with computer vision might use the open source library OpenCV, which is offered under a license called Apache 2. AI companies might use TensorFlow (Google) or PyTorch (Facebook). TensorFlow is also offered under the Apache 2 license, while PyTorch is offered under a BSD license.
Apache 2 and BSD are so-called “permissive” or “lax” licenses. Both of these licenses require a future user/copier to provide a copy of the license and a copyright notice with their software. Beyond that, both licenses require relatively little of a future user, and largely serve simply to shield the open source licensor from liability.
But many open source libraries are not licensed under such permissive terms. The term “copyleft” is applied to attempts to reduce the restrictions imposed by copyright on copying and sharing. Licenses such as GNU GPLv3 and the Eclipse Public License include “copyleft” requirements, such as the requirement to make source code publicly available. For a company that wants to keep its innovations secret, this can mean jeopardizing trade secrets.
An even more difficult issue is license incompatibility. Many copyleft licenses require that any source code that is using or is a derivative of the licensed code must be licensed on the same terms. This can be fine if all of the licensed source code is subject to the same copyleft license. But where a software project mixes code from multiple sources under different copyleft licenses, the provisions of the underlying copyleft licenses are generally incompatible with each other.
In other words, if I write software incorporating open source code licensed under both GNU GPLv3 and the Eclipse Public License, my new software would have to be offered under both licenses – but that can’t happen, because the GNU GPLv3 and Eclipse Public Licenses each have different requirements. My only recourse is to eliminate one of the two sources of source code from my project, or ask the licensor to change their license.
If you need help reviewing your software licenses, or choosing an open source license for your own project, please get in touch!
Meet the Authors:
Paul Banwatt | Lawyer
© 2020, Gilbert’s LLP. All rights reserved. This post is provided for general information purposes only and does not constitute legal advice or opinion of any kind. Gilbert’s LLP does not warrant or guarantee the quality, accuracy, or completeness of any information in this post. This post is current as of its date of publication. It should not be relied upon as accurate, time, or fit for any particular purpose.