Criteria Based License Evaluation - UrbanOS-Examples/TechnicalWorkingGroup GitHub Wiki

Draft

Table of Contents

Purpose
Evaluation
Analysis
Recommendations

Purpose

The purpose of this document is to:

  • Evaluate the licenses cited in the License Models wiki page based on criteria defined in the Open Source Licensing Criteria wiki page. The initial target for license evaluation is the application software. As required, additional licensing needs for data, libraries, development tools, configurations, documentation and data will be addressed separately.
  • Analyze the pros and the cons of the licenses that meet the TWG criteria preferences.
  • Make Recommendations for the application open source license

Evaluation

In this section we evaluate popular and potentially useful licenses based on criteria defined in the Open Source Licensing Criteria wiki page , including Apache v2, GPL v3, LGPL and MIT.

Criteria Based License Evaluation

Analysis

Based on the fact that the TWG has a strong preference for Permissive licenses versus Copyleft and weak Copyleft licenses, GPLv3 and LGPLv3 can be taken out of consideration for the application, leaving the Apache 2.0 and the MIT licenses. Set forth below are pros and cons of these licenses remaining in contention.

Apache 2.0

Pros

  • Developed by the Apache Software Foundation
  • Used by most ASF projects, so well established
  • Fastest rate of adoption, second in projects only to MIT
  • permissive, and free software approved
  • Compatible with LGPLv3, GPLv3 and Affero GPLv3
  • Explicitly covers patent grant in embedded CLA

Cons

  • More complex than MIT due to additional restrictions and protections (although some, such as patent grant are required)
  • Not as compatible with other open source licenses as MIT
  • Requires that unmodified parts in derived works keep the Apache License.
  • A modification notice must be made for every licensed file change
  • Conflict with license if trademark grant was required

MIT

Pros

  • Most liberal license, virtually no restrictions
  • Used by Ruby, and very popular within that community
  • Most compatible for combining code with other open source libraries
  • Most commonly used license (although Apache is gaining on it)

Cons

  • Does not explicitly cover patent grant (question for legal whether implicit coverage is good enough)
  • Would not cover trademark restrictions if required
  • There are no rules on distribution. For example, someone could distribute the entire unmodified Smart Columbus OS work under a different license. The Apache license allows redistributing a derivative work under a different license, but not the original.

Alignment with TWG criteria preferences

Patent Grant

  • The TWG strong preference is that a patent grant is included to allow users to contribute software that is under patent for anyone to use and to prevent users from initiating litigation over patent infringement.
  • The Apache 2.0 license provides these patent grant protections in both the license and the individual and corporate Contributor License Agreement (CLA).
  • MIT does not include a patent grant. There are a couple of options that might put MIT on the right side of this issue:
    • There is a legal question of whether or not the MIT license's lack of restrictions implies and gives express license inferring a patent grant. However, even if this was upheld in US courts, what would the legal outcome be in other countries?
    • Facebook moved from the BSD+Patent license to the MIT license in 2018 for the React project (and others) but the Facebook CLA requires contributors to provide a patent grant using the same language as the Apache 2.0 license. Perhaps adding a patent grant to the CLA would suffice.

Trademark Grant

  • A trademark grant allows the use of trademarks associated with the licensed code or its contributors by a licensee. At this point, we have not been able to determine the TWG preference for this criteria.
  • The Apache 2.0 license restricts the use of trademarks, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
    • For example, if you use some code in the SmartColumbus OS published under an Apache license in your product, you don’t have permission to pass your project as a “SmartColumbus” product (under its trademark). However, you might be able to say "powered by SmartColumbus".
  • The MIT license has no such restrictions.

Recommendations

Apache 2.0 and MIT are the most widely used open source licenses. Both are permissive which is a stated requirement from the TWG. There are, however, terms and conditions issues around patent and trademark grant making it difficult to easily choose one license over the other. There are also policy questions that need to be answered around these and other matters. Two alternatives are presented below.

Track 1 Recommendation

The Apache 2.0 license is the strongest in terms of laying out grants and restrictions and thus far is an acceptable application software license to the TWG. This track focuses on determining whether the Apache 2.0 license, Apache trademark policy, and Apache Contributor License Agreements (CLAs) are compatible with the policies of the projects sponsors, e.g., the City of Columbus and USDOT, and if so, implementing that license. This track should continue in parallel with Track 2 if that path is chosen.

Track 2 Recommendation

The plan for this track would be to initially use the MIT license. The MIT license is compatible with nearly all licenses and the SmartColumbusOS work could be relicensed under Apache 2.0 or another license when the terms and conditions are understood. If that route is taken, it is also suggested to consider including the patent grant in the Individual and Corporate CLAs which would ensure that open source contributors provided a patent grant for their contribution. Note that the Apache template for the CLAs could be used in conjunction with the MIT license. This track can go in parallel to the Track 1 activities, but not dependent on them except in the case of the CLA questions. A potential advantage of this track is that it may allow a more expedient route to license the OS code while analysis continues on the trademark issue.

Clarifying Questions

Below are specific questions that need to be answered to make determinations supporting the recommendations. These questions are not exhaustive and will likely lead to additional questions:

  1. Is the Apache Trademark policy compatible with the city of Columbus Smart Columbus Trademark business policy?
  2. Is section 6 (Trademarks) of the Apache 2.0 License compatible with the city of Columbus Smart Columbus Trademark business policy?
  3. Is the Apache Individual CLA compatible with the policies of the City of Columbus and the USDOT's Grant? What are the PII requirements of collecting such information?
  4. Is the Apache Corporate CLA compatible with the policies of the City of Columbus and the USDOT's Grant? What are the PII requirements of collecting such information? What are the policies for City Employee and Contractor corporate contributions for the use of a corporate CLA?