http://ayende.comAyende @ RahienCopyright (C) Ayende Rahien 2004 - 2021 (c) 202660"so that an upgraded or path is easier to introduce" should be read as "so that an upgrade or patch is easier to introduce" since, clearly, that is what I meant to say. http://ayende.com/2834/open-source-forking#comment13http://ayende.com/2834/open-source-forking#comment13Sat, 06 Oct 2007 04:26:37 GMT@Orin, @Kevin, @Tanner The Apache license is not a reciprocal license, so there is no requirement that a derivative work be distributed under the same license. However, there is no way to appropriate copyright on the part of the original work retained in the derivative (that's standard copyright law). And Apache does have some special rules if you do make a derivative under the Apache license. The attribution requirement is important. The benchmark for this is probably Sun Microsystem when it distributes LGPL (i.e., OpenOffice.org) code and GLP code (other stuff, Java?). There is always a text file with the binaries that provies attribution to the different but GPL-compatible bits that have been incorporated and/or derived in their work. Lots of BSD and MIT and Apache license code shows up that way (although not so sure about Apache because of the discomfort Stallman has had with that and GPL2). I think attribution is very important. It helps establish the provenance of the code and it might help someone understand whether they should inquire if the original work ends up with a bug or security vulnerability that may have been inherited into the derivative product. For that and other reasons, it is probably best to incorporate the original work and not modify it directly, so that an upgraded or path is easier to introduce. It is even more helpful if somewhere there is identification of the specific version of the original work that has been packaged in the larger work. But now I am talking about seriously polite behavior. By obfuscating the derivative, I'd say they have cut themselves off from some invaluable assistance if they have problems in their code. I agree that this conduct is a serious warning sign about the likely difficulty that might arise in dealings with such a supplier. http://ayende.com/2834/open-source-forking#comment12http://ayende.com/2834/open-source-forking#comment12Sat, 06 Oct 2007 04:24:10 GMTThat get to lawyersomeness that I would rather avoid getting into. But they do distribute it with the castle license. http://ayende.com/2834/open-source-forking#comment11http://ayende.com/2834/open-source-forking#comment11Fri, 05 Oct 2007 16:59:17 GMT"You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions" I'm fairly certain this is interpreted as, they can re-license any modifications they make, but they can't re-license the original Castle portions. Which is a fairly standard clause, read about the current GPL/BSD wireless driver mess for some debate on similar issues on re-licensing. A brief read of the APL says to me that as long as they are distributing it with the APL license text, then they're in the clear. http://ayende.com/2834/open-source-forking#comment10http://ayende.com/2834/open-source-forking#comment10Fri, 05 Oct 2007 16:43:15 GMTI noticed you can by-pass having to register on their site, and get a direct download here; http://dunnchurchill.com/support/downloads/diamondbinding/Dunn%20&%20Churchill%20Diamond%20Binding.msi http://ayende.com/2834/open-source-forking#comment9http://ayende.com/2834/open-source-forking#comment9Fri, 05 Oct 2007 16:42:55 GMTFrom APL section 4. Redistribution, they aren't distributing source, so (b) & (c) are not applicable, we don't have a NOTICE file, so they aren't violating (d). They do distribute the castle license, so that takes care of (a). About the extra conditions: You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions http://ayende.com/2834/open-source-forking#comment8http://ayende.com/2834/open-source-forking#comment8Fri, 05 Oct 2007 15:40:15 GMTYeah, I won't be buying the Dunn & Churchill product. In fact, when given the choice, how many people would pay for the same thing they can get for free? Go ahead and sell it. You might get a few buyers, but not enough to remain viable. Castle AR is free, and people are going to choose free in most cases. Additionally, those of us who know its a rip-off will most likely harbor negative feelings for Dunn & Churchill. http://ayende.com/2834/open-source-forking#comment7http://ayende.com/2834/open-source-forking#comment7Fri, 05 Oct 2007 15:38:53 GMTHaacked, I call it forking because they abandon the original code base. RedHat has its own branch, if you will, of the kernel code, but it is clear what the original was, and what the future holds. Here, nothing is very clear at all. http://ayende.com/2834/open-source-forking#comment6http://ayende.com/2834/open-source-forking#comment6Fri, 05 Oct 2007 15:36:59 GMTThe most important parts of the Apache license in terms of DiamondBinding are not #1, #2, or #3, it is #4 "Redistribution". There are conditions to redistribution of OSS products and Derivative Works, and from what I can tell, they are not meeting these conditions. If I understand it correctly, they are fine if they retain all existing license notices, clearly note what they have changed, and continue to make the product available under the same license. Has anyone downloaded their product and checked it out? Are they releasing under the Apache 2.0 license? If not, it is not legal. I could be wrong - not a lawyer. http://ayende.com/2834/open-source-forking#comment5http://ayende.com/2834/open-source-forking#comment5Fri, 05 Oct 2007 15:10:34 GMTDid they really "fork" it? Are they accepting contributions? Or are they packaging it and continuing to pull updates from the Castle project? There's an important distinction here. The latter case is *done* all the time. Look at Red Hat. http://ayende.com/2834/open-source-forking#comment4http://ayende.com/2834/open-source-forking#comment4Fri, 05 Oct 2007 14:59:11 GMTRik, Naturally, this is not the first time such a thing happened, and likely the same response have been written. This will probably not be the last time. http://ayende.com/2834/open-source-forking#comment3http://ayende.com/2834/open-source-forking#comment3Fri, 05 Oct 2007 11:39:46 GMTI have an incredible sense of déjà vu... this conversation has been repeated and repeated... http://ayende.com/2834/open-source-forking#comment2http://ayende.com/2834/open-source-forking#comment2Fri, 05 Oct 2007 11:35:34 GMTLegal, of course. Ethical, nope. But then that's what you have to put up with to get the benefits of open source. And those who contribute to open source accept that the benefits outweigh the negatives. However, if I was a commercial organisation asked to pay for the work, and then later found out it was a copy of an open source project with a small addition, I would probably be more than a little annoyed, and would probably look to recover my money from the vendor for trading under a false premise. http://ayende.com/2834/open-source-forking#comment1http://ayende.com/2834/open-source-forking#comment1Fri, 05 Oct 2007 11:29:13 GMT