LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

All rights reserved

All rights reserved

Posted Jan 16, 2013 22:15 UTC (Wed) by juliank (subscriber, #45896)
In reply to: All rights reserved by corbet
Parent article: A discordant symphony

You also say all rights reserved with a BSD license. It just says that the author reserves those rights (that is, claims copyright on the work), not that the work is not licensed to anyone else. Thus, if there is a license in the file, the license applies.

(Log in to post comments)

All rights reserved

Posted Jan 16, 2013 23:36 UTC (Wed) by mjw (subscriber, #16740) [Link]

So the symphony code is currently distributed under the LGPL by the ASF?
What about those files (the article claims a couple of thousand) that only have that notice and no license statement?

It is at least somewhat confusing. It would be good to have a clear legal statement from the ASF what the status of those files are. It would be great if the work could be freely reused.

All rights reserved

Posted Jan 17, 2013 0:25 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]

Well, if there is a license statement for the codebase as a whole, I would expect that it applies to all the files in the codebase. Specific files in the codebase may grant additional permissions, but unless the overall license statement states that some files are not covered by it, I would expect that you are on solid ground treating all files as if they are covered by that statement. IANAL

All rights reserved

Posted Jan 17, 2013 0:28 UTC (Thu) by corbet (editor, #1) [Link]

For the curious, this is the full text of the README file at the top of the Symphony tree. 

Apache OpenOffice.org Contribution Readme file

Name: IBM Lotus Symphony Contribution to the Apache OpenOffice Project
Contributors: IBM Corporation
License: Apache License Version 2.0
License URL: http://www.apache.org/licenses/LICENSE-2.0.html

This package contains software source code that IBM desires to contribute to 
the Apache Software Foundation under a Software Grant and Corporate Contributor 
License Agreement ("SGA ").  A set of Third Party Library files are provided under 
their existing open source software licenses and a set of Apache OpenOffice v3.4 
file are provided under the Apache v2 license as well.  IBM's contributed files are 
based on the source code of IBM Lotus Symphony v3.0.1.

The files in the contributed package are in four categories:
1) Original Oracle owned files that IBM downloaded from the Oracle Openoffice.org 
website - this includes both unmodified files as well as files that were modified by IBM.  
The IBM owned materials are contributed under the SGA, the Oracle owned materials 
are provided under the Apache v2 license. The total constitutes approximately 56,000 files.
2) IBM owned files.  This constitutes approximately 12000 files.
3) Files downloaded from Apache OpenOffice v3.4 under the Apache v2 license. This 
constitutes approximately  250 files.
4) Third Party Library files that are under an open source license.  This constitutes 
approximately 150 files.
Please refer to the list contained in the Software Grant and Corporate Contributor License 
Agreement for more information.

Note: Files that are created or modified by IBM and contain IBM owned materials include 
file headers of the following form:
/************************************************************************
 *
 * Licensed Materials - Property of IBM.
 * (C) Copyright IBM Corporation 2003, 2012.  All Rights Reserved.
 * U.S. Government Users Restricted Rights:
 * Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
 *
 ************************************************************************/

All rights reserved

Posted Jan 17, 2013 1:00 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]

wow, so you have to go look in the SGA agreement to figure out what's what. Is that document in the tree or somewhere else?

At the very least, this is making it very hard for someone to know what they can and cannot do.

All rights reserved

Posted Jan 17, 2013 17:45 UTC (Thu) by malor (subscriber, #2973) [Link]

Definitely not a lawyer, but my read of that is that the files have been released to the Apache Foundation, and not to me. Unless and until the Apache folks put a license grant in themselves, then I don't see a clear chain of permissions from the original authors to myself.

Since Apache pretty clearly knows that they're distributing the files, I assume there's an implicit transfer and inspection grant there, but I see nothing saying that I can modify those files, or transfer them to anyone else.

My understanding of the GPL is that if I write something, and give it to you under GPL terms, then you have most of the rights that I have, but nobody else does, yet. After the transfer, either of us can now grant rights to someone else (albeit somewhat fewer rights, in your case), but we have to actually do it. If neither of us took the explicit step of granting rights, then someone else who intercepted the transmission wouldn't legally be able to incorporate the code in one of their projects. I see no reason why the Apache license would be different; it grants more rights on an authorized transfer, but transfers must still be authorized.

As far as I can see, that's our present status; we're eavesdroppers on the transfer of code from IBM to Apache, and until Apache explicitly says we can use it, it's strictly their code.

Stauts of these files

Posted Jan 17, 2013 15:38 UTC (Thu) by rcweir (subscriber, #48888) [Link]

The status of those files is that they have been contributed to Apache under an SGA from IBM, with exception for 3rd party files, as noted in the README file in the root:

https://svn.apache.org/repos/asf/openoffice/symphony/trun...

These files have not been published by Apache. When software is published (or as we call it "Released") it must first go through a review stage that involves verifying that the license headers are correct and that any 3rd party code is under a permissive license that conforms to Apache policy and that 3rd party licenses are properly noted in the aggregate LICENSE file and that required 3rd party notices are aggregated into a NOTICE file. Ultimately, a Release occurs when the project completes these reviews and votes to release.

I think it is pretty simple. Until code is released, someone dipping into Subversion for code is on their own. They project does not vouch for its quality, performance, security or license. That is why the release process is so important, and the checks that occur at that time. I think this is one important thing that sets Apache projects apart from others. We take the release process and the IP reviews very seriously. It is that process that puts the imprimatur of the project on the code. Until then it is caveat emptor.

In any case, I consider it rather rude for anyone to be poking around pre-release source code and then complaining about its quality. If you want to help, then help. If you want to wait for the release, then wait for the release. But please temper your expectations if you are going to play with pre-release software, not even beta yet.

Re: Stauts of these files

Posted Jan 18, 2013 1:01 UTC (Fri) by simosx (subscriber, #24338) [Link]

I think it is pretty simple. Until code is released, someone dipping into Subversion for code [of Symphony] is on their own. They project [Apache] does not vouch for its quality, performance, security or license.

I suppose you mean here that The project does not vouch for the Symphony code license with respect to third-party code.

If that is the case, then you should simply state it. That any code owned by IBM (All rights reserved to IBM) is distributed under the Apache License with the exception of any files that mention other copyright holders.

Re: Stauts of these files

Posted Jan 18, 2013 1:21 UTC (Fri) by rcweir (subscriber, #48888) [Link]

Actually, I meant exactly what I wrote.

It is not our process to encourage downstream consumers to dip into pre-release code, source or binary. Although we work transparently, the pre-release code is intended for project participants to work with, not for the general public.

In fact we actively take steps to discourage general use pre-release. For example, we don't send out notes to general user lists advertising developer snapshot builds. We only advertise that on internal project lists.

Remember, we take pride in the full review we give to our releases. This is part of the Apache reputation, the Apache brand. I don't think we should dumb that down and publish to the public "Apache-lite" code that is only-partially reviewed, for the benefit consumers who are impatient to wait for the real release, but also unwilling to help us get there.

Regards,

-Rob

Re: Stauts of these files

Posted Jan 18, 2013 1:52 UTC (Fri) by simosx (subscriber, #24338) [Link]

What you wrote earlier is vague.
Do you not vouch the Apache license even for the Symphony code that is clearly owned by IBM? You said earlier that you do not vouch for the license and leave it open for interpretation.
You gave the impression that LibreOffice takes lots of stuff from Apache Office. This would be a good opportunity for LibreOffice to do the work and not depend on Apache Office.

Re: Stauts of these files

Posted Jan 18, 2013 2:09 UTC (Fri) by rcweir (subscriber, #48888) [Link]

What I vouch for is not the relevant. I'm not a voucher.

The point is that Apache projects do not encourage downstream consumers to dip into SVN to grab unreviewed code. All sorts of issues can occur in such code.

For example, I've seen code, submitted under SGA, that contained a proprietary Microsoft header file. It was an honest mistake, and fixed as soon as found, but it very good that this did not spread to other products, due to the obvious consequences that can come from it. (Anyone remember SCO?).

The fact that other projects may have less concern for basic hygiene and are more willing to accept risk does not mean that we should encourage this. IMHO it would be irresponsible to encourage others to download and consume unreviewed code.

In any case, I truly do appreciate your concern, and your recognition that LibreOffice would greatly benefit from code from Apache OpenOffice. But it would sure be nice to hear it from them, with a real proposal for cooperation, then have it be argued by proxies.

Re: Stauts of these files

Posted Jan 18, 2013 18:16 UTC (Fri) by simosx (subscriber, #24338) [Link]

The fact that other projects may have less concern for basic hygiene and are more willing to accept risk does not mean that we should encourage this. IMHO it would be irresponsible to encourage others to download and consume unreviewed code.

In any case, I truly do appreciate your concern, and your recognition that LibreOffice would greatly benefit from code from Apache OpenOffice. But it would sure be nice to hear it from them, with a real proposal for cooperation, then(sic) have it be argued by proxies.

Ouch, Rob, ouch!

Having read this, it feels quite toxic to approach the Apache Foundation.

What is your definition of real proposal for cooperation? You should blog about this. I highly doubt that you would accept any proposal unless you write it yourself.

Does the Apache Foundation have a process to deal with the polarization from the OpenOffice.org case? If not, I suggest to get someone be the contact point for the Apache Foundation in trying to resolve the issue.

Re: Stauts of these files

Posted Jan 18, 2013 18:36 UTC (Fri) by rcweir (subscriber, #48888) [Link]

If you want to ask a question of the Apache OpenOffice project you can send it to: dev@openoffice.apache.org

That's where we do business, openly and transparently on publicly-archived mailing lists. We don't resolve issues behind pay-walls.

As for cooperation, we (IBM) have reached out to the companies who do the vast majority of the LibreOffice coding, and offered to help them with the Symphony code, especially in the areas of accessibility and Microsoft interoperability. They said they were not interested.

So I suggest we try to leave hypothetically behind, and if anyone who actually has the ability and desire to do something with this code has a genuine question, then they can take to the Apache mailing list. But hypothetical from bystanders are not really interesting to me.

Re: Stauts of these files

Posted Jan 19, 2013 16:34 UTC (Sat) by nix (subscriber, #2304) [Link]

We don't resolve issues behind pay-walls.
What paywall? Anybody can contribute to this thread, paying subscriber or no, and articles in the weekly edition can be sent to anyone via the prominently displayed subscriber link at the bottom of the article. No articles stay behind a paywall for longer than a week in any case.

If this is a paywall, it's a totally ineffective one.

Re: Stauts of these files

Posted Jan 19, 2013 22:46 UTC (Sat) by simosx (subscriber, #24338) [Link]

Rob, you are toxic. In every reply you add a snide remark or two.

LWN a paywal? In four days the article will be public and people will see what kind of bully you are.

You say that you are only interested in coders?
If you are trying to build a community, then you are doing it wrong.

You end up being a liability to the Apache Foundation.

Re: Stauts of these files

Posted Jan 19, 2013 23:36 UTC (Sat) by rcweir (subscriber, #48888) [Link]

Well, yes. When discussing code I am mainly interested in talking to coders who actually want to make use of the code, not bystanders who are just looking for debating practice. Seems kind of obvious. Or at least I would have thought.

As for building a community, I think we're doing fine. 50 new QA volunteers in the last two weeks, based on a promotion that I took the lead on. Coders will be next.

In any case, don't feel that you absolutely need to respond unless you have a comment on the article. I'm happy to answer questions on those topics. But I'm not going to waste time engaging in meta-arguments, i.e., arguments about the argument, by those who have nothing useful to say about the main points of the article.

-Rob

Re: Stauts of these files

Posted Jan 20, 2013 21:59 UTC (Sun) by simosx (subscriber, #24338) [Link]

Rob, you are a bully. You are playing the bully game and at the same time, by association, you make Apache Office look like a dirty project.

Your bullying trick now is to divert the discussion and make it personal.

What do you think the Apache Office community will feel if they see your comments? Do you object if I take the issue to the Apache Foundation?

Re: Stauts of these files

Posted Jan 19, 2013 16:32 UTC (Sat) by nix (subscriber, #2304) [Link]

I hasten to add that most Apache projects are not remotely this bad. Rob is very definitely an outlier. The SpamAssassin people are charming and helpful, for instance, as are the HTTP server guys. I'm afraid that 'charming and helpful' is not at all a decsription I could apply to Rob in this thread.

Stauts of these files

Posted Jan 19, 2013 16:30 UTC (Sat) by nix (subscriber, #2304) [Link]

These files have not been published by Apache.
I note that people on the apache-legal mailing list were saying the precise opposite of this only two days ago, that anything in SVN counts as being distributed as long as anyone at all can download it. You even followed up and agreed with that statement. All very unclear.

Stauts of these files

Posted Jan 19, 2013 17:00 UTC (Sat) by rcweir (subscriber, #48888) [Link]

Distribution != publication. See, for example, the MIT License where these are called out as separate rights.

AS Roy explained in a response:

"The dev subversion repo is not a means of distributing to the
"general public". It distributes to our self-selected development
teams that are expected to be aware of the state of the code being
distributed.

When we distribute to the "general public", it is called a release."

-Rob

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds