According to Larry Rosen, "One of the challenges to writing about licensing in a book not specifically written for licensing professionals is to make a very dull subject interesting."

A Complete and Thorough Book

Rosen has met that challenge in his exciting guide to the Open Source licensing zoo. As an extra fillip he offers a set of five Open Source Principles so clear and brief that the Open Source Initiative (OSI) would be well advised to adopt them, plus two new licenses intended to solve not only the weaknesses of some of the current Open Source licenses, but resolve the many problems that revolve around the Free Software Foundation's (FSF) GNU General Public License (GPL) and Lesser General Public License (LGPL).

This clear book spends 314 pages in detailed discussion of more legal issues than this review can touch on. The author has the advantage of having trained and worked as a programmer and so as a lawyer he's not flummoxed by complex technical issues. He's also uniquely qualified by his long tenure at the Open Source Initiative, where he served as general counsel and as executive director, participating in many discussions there on licensing and building a wealth of experience to mine for this book. Everyone involved at all with Open Source software should read the first three chapters of this book as background to understanding the larger issues, and the remainder of it should be mandatory for all people and firms actually producing Open Source software, whether as coders or managers.

The book approaches licenses in chronological fashion, showing early starts and subsequent improvements. To oversimplify, in the beginning, the BSD license imposed no limits on the licensee; the MIT, or X license, added clear copyright language; and the GPL required that code be shared. Subsequent licenses have added patent defense and warranties of code provenance. Over 15 years later we are faced with dozens of licenses and conflicting opinions (none of them judicial) about how software developers and firms are supposed to stitch together code to meet their terms.

The book is quite lucid since Rosen takes the reader through the basics such as the fact that different laws apply to the intellectual property (IP) of software and the to tangible copies of software, that copyright doesn't protect the ideas in software (patents do that), and that there's a difference between a (bare) license and a contract (containing a license). Along the way important points emerge: although a bare license (like the GPL) can be revoked because it's not a contract for which consideration has been received (typically a payment), the law would recognize that the user's dependence on the software substitutes for that consideration, so that in practical terms the license couldn't be revoked (p. 56).

More fascinating for Open Source developers is the discussion of joint works versus collective works: if developers agree among themselves (contract) to undertake a project, then as owners they can each license the entire joint work to others as they individually see fit; if there's no such contract, the work is a collective work (a collection of unmodified pieces), each of which is under its author's respective license. Most Open Source projects are joint works, and generally speaking Rosen sees no reason for the typical project to assign copyrights rather than retain them individually. In the case of a collective work, the collector is the author and can license and distribute it, but only if he has a distribution license from the authors of the constituent pieces.

Neither joint nor collective works are derivative works. A derivative work is a new work that's based on a pre-existing work. The author of a derivative work can license and distribute the derivative work provided he has a license for the pre-existing work that gives him the right to create a derivative work and distribute that derivative work. These distinctions are of crucial importance to Rosen's views on the Free Software Foundation's interpretation of the GPL.

The heart of his book, however, is Rosen's relentless categorization of licenses into types such as template licenses (Apache, BSD, MPL) that can be used by others simply by changing the name and the most important division, academic versus reciprocal licenses. Briefly, academic licenses originated at institutions of higher learning (Berkeley, MIT) and sought to provide the widest possible distribution for the software they cover; there are no real restrictions on its use, rewriting, and dissemination. Reciprocal licenses (most famously the GPL) require that anyone distributing the software offer the source code for the entire work as it's distributed, including all the changes. Rosen regards academic/reciprocal as the heart of the software freedom that is most likely to lead to rapid technological advance and increased productivity for everyone.

• Web 2.0 Journal Book Review: Grown Up Digital by Don Tapscott
• Book Review: Requirements Engineering