Examples
42 To illustrate the recommendations in this guide, this section contains a number of examples of agencies using open source software.
Identifying the Issues
43 When working through any example of open source software use, the following questions will help identify the issues:
|
Issue |
Question |
|
Propagation |
What open source licences apply? |
|
Will the open source software be modified? |
|
|
Will the open source software be used in conjunction with any other software? If so: How will the two be integrated? Will the open source components be easily removable? |
|
|
Risks |
Will the resulting software be distributed outside the agency? If so, to whom? |
|
Will the software help provide a critical business function? |
|
|
Is the software confidential? If so: Who can legitimately use it? What is the impact of unauthorised disclosure? |
|
|
If a vendor is charging a fee for the software? If yes, is the vendor likely to offer: a performance warranty; or an intellectual property warranty/indemnity? |
|
|
Does the vendor provide support to resolve software issues? |
|
|
Alternatives |
Are there commercial software products, which offer the same or similar functionality at an acceptable price? |
|
Would it be difficult or costly for the agency to write its own software to provide the same or similar functionality? |
Example 1: Stand-Alone Use
44 In this example, an agency wishes to license Red Hat's Enterprise Linux AS operating system. The software can be downloaded from Red Hat's website, subject to payment of US$1,500 and agreement to Red Hat's standard Subscription Agreement.
45 The Subscription Agreement says the operating system is licensed under the GPLv2. (Note the US$1,500 charge does not violate the GPLv2 requirement that licensing must be free of charge, because the charge is for product support not licensing.)
46 The operating system will be used by the agency as a stand-alone application. While the agency will run applications on the operating system, the applications will not be derivative of, or contain any part of, the operating system.
47 Applying the recommendations we find:
|
Situation |
Recommendation |
Application |
|
Using |
Read and understand the open source licence. |
GPLv2 used. |
|
Obtain performance and intellectual property protection from the supplier of the open source software, where appropriate and available. |
Subscription Agreement provides support services to rectify faults, and a limited IP warranty. Unlikely to negotiate better terms for the licence fee. |
|
|
Negotiate any other appropriate contractual terms. |
Subscription Agreement reasonably comprehensive. Unlikely to negotiate better terms for the licence fee. |
Example 2: Internal Development and Distribution
48 In this example, an agency's developer wishes to download a secure file transfer tool, free-of-charge, from the Sourceforge website. The tool is available under the Mozilla Public Licence, version 1.1 (MPL), and will be embedded, unmodified, into a new case management system for the agency.
49 The system will contain highly sensitive and personal information. The agency wants to ensure that the system is not widely available, so that hackers cannot legitimately scrutinise the system to find ways of circumventing its security. The agency also wants to licence a limited number of third parties to access the system.
50 Applying the recommendations we find:
|
Situation |
Recommendation |
Application |
|
Using stand-alone, open source applications |
Read and understand the open source licence. |
The MPL is weakly propagating. It only encumbers the original code and modifications. Even where MPL code is embedded, the system is not encumbered. |
|
Obtain performance and intellectual property protection from the supplier of the open source software, where appropriate and available. |
Warranties not expected for free-of-charge code. |
|
|
Negotiate any other appropriate contractual terms. |
Other contractual provisions not expected for free-of-charge code. |
|
|
In-house modification or integration of open source software |
Use freely any open source software that is licensed under a non-propagating licence. |
The MPL is weakly propagating, so can't be used freely. |
|
For other open source licences, choose a distribution strategy. |
The agency will want to license the system on non-open source terms, so it can restrict authorised users from redistributing the system. This is a limited distribution strategy. |
|
|
And implement the software appropriately. |
The open source tool may be embedded in the system without encumbering the rest of the system. |
|
|
Distributing software |
Confirm whether open source licences apply. |
MPL only. |
|
Meet all relevant distribution requirements. |
In accordance with the MPL, where there is no modification, licensees of the system must be given: executable files (or documentation) naming the initial developer source code files for the MPL component, naming the initial developer and containing an MPL licence notice a copy of the MPL licence. The non-MPL components of the system may be distributed on commercial terms. |
Example 3: External Development and Distribution
51 In this example, an external developer wants to use open source components in a secure mail system. The system contains the components illustrated below, which communicate with each other using Unix pipes. The open source components are shaded, and include the IBM Public Licence (IBMPL).
52 The system will be released by the agency on open source terms. The agency is paying market rates for a third party to develop the application. The developer has agreed to provide performance warranties for the system as a whole, but intellectual property warranties only for the software it develops, i.e. not the open source components. The developer also wishes to be able to use the new code for other customers.
53 It may seem unusual that the SPF Module can be licensed under either the GPLv2 or the CAL. Multiple licences are possible because the original owner of the software may release it under whatever licence terms it chooses, including multiple open source licences and commercial terms.
54 Applying the recommendations we find:
|
Situation |
Recommendation |
Application |
|
Using |
Read and understand the open source licence. |
GPLv2 and CAL already read and understood. When reviewed, the IMBPL is found to be weakly propagating. |
|
Obtain performance and intellectual property protection from the supplier of the open source software, where appropriate and available. |
Performance warranties are adequate. Agency accepts, in this case, that the open source components can be excluded from the intellectual property warranty. |
|
|
Negotiate any other appropriate contractual terms. |
All applicable contractual terms have been included in a development agreement between the agency and the developer. |
|
|
In-house modification or integration of open source software |
Use freely any open source software that is licensed under a non-propagating licence. |
All of the software is propagating. |
|
For other open source licences, choose a distribution strategy. |
Open distribution, as the agency wishes to distribute the system on open source terms. |
|
|
And implement the software appropriately. |
For open distribution, the agency need only ensure that software is not encumbered by multiple open source licences. Because the system components communicate by way of Unix pipes, even strongly propagating components are sufficiently constrained from other components. On this basis, the agency is free to use the GPLv2 or the CAL for the SPF Module. |
|
|
Using third party developers |
Ensure developers have obtained the agency's consent to the licence terms before providing the licensed software. |
The agency can approve this use of open source. |
|
Include appropriate provisions in development contracts. |
The contract should: Specify which open source software may be used and what licences apply. Vest all intellectual property rights in new open source code in the developer. License the agency to use the open source code on the applicable open source terms. Include the open source code in the performance warranty, but excludes it from the intellectual property warranty. |
|
|
Distributing software |
Confirm whether open source licences apply. |
The agency is aware of the open source licences that apply. |
|
Meet all relevant distribution requirements. |
When the system is distributed by the agency, it will need to be distributed under multiple open source licences, each covering different parts of the application. |
[ Previous ]
