back to article Apache says 'no' to Facebook code libraries

The Apache Foundation has declared that none of its new software projects can include Facebook's booby-trapped BSD-licensed code. The foundation's legal affairs director, Chris Mattmann, said over the weekend that libraries, frameworks and tools covered by Facebook's open-source-ish BSD-plus-Patents license should not be …

  1. elDog

    Bravo for apache - you're either fully open source

    Or not.

    Putting exceptions on the licenses means that someone could pull the whole fuggin rug out from under your development. Remember Oracle and Sun and Java?

    Not to say that some of the alternative licenses are easy to maneuver in a multi-licensed world. But why add a f-buck one to the mix?

    1. Anonymous Coward
      Anonymous Coward

      Re: Bravo for apache - you're either fully open source

      FWIW The RocksDB team (this issue stemmed from a RocksDB dependency) have moved incredibly swiftly to relicense the project. It's now dual-licensed under GLPv2 or ASL2.0, a change they accomplished in a day. Given how much wrangling goes into clearing licenses through The Beast That Is Corporate Legal that is seriously impressive stuff from the Facebook/Rocks gang.

      React really do need to make the same change - the particular kicker there is that it was originally licensed under ASL2.0 and later made more restrictive due to Facebook's hubris. Illustrates perfectly why a project is not truly open source unless it is also under open governance and open ownership.

      The sooner this PATENTS file nonsense dies, the better. What's the point of giving away a license to use the copyright if you try and retain the patent? Sheer vindictive corporate bullshit.

      1. Ian Michael Gumby
        Boffin

        Re: Bravo for apache - you're either fully open source

        This isn't "fully open sourced" or not...

        GPL is fully open sourced however because of how it protects the rights of the authors, its non-compliant for Apache.

        You really need to have a solid understanding of IP rights to understand that under Apache, you relinquish your rights to Apache and agree to indemnify them if they get sued because you claimed rights you didn't have.

        FB's anti-patent wording means that you can't transfer the complete rights to Apache such that they are on the hook, as well as you if there is any question or claims to a patent infringement lawsuit.

        Its Apache protecting themselves and allowing anyone to suck up and license the works as their own and sell support around it. (e.g. Cloudscape / JavaDB) [actually cloudscape is the original code that was donated by IBM...]

      2. Anonymous Coward
        Anonymous Coward

        Re: Bravo for apache - you're either fully open source

        FWIW The RocksDB team (this issue stemmed from a RocksDB dependency) have moved incredibly swiftly to relicense the project. It's now dual-licensed under GLPv2 or ASL2.0, a change they accomplished in a day. Given how much wrangling goes into clearing licenses through The Beast That Is Corporate Legal that is seriously impressive stuff from the Facebook/Rocks gang.

        That alone should be a hint that something is amiss. Remember, this comes from a company that makes money and isn't shy about getting creative to get it.

        We've flagged anything of that origin as tainted - easier, safer and less need for mea culpa afterwards, and it appears the Apache organisation is of a similar opinion.

  2. ecofeco Silver badge

    Good for Apache

    Smart decision Apache. Well done.

  3. Ian Michael Gumby
    Boffin

    This isn't a kudos moment.

    The issue is that there is an incompatibility with the Apache license.

    The terms of the FB code release is that if there is any patent litigation, then the rights to use the code are revoked. That puts FB in the position to blackmail anyone who uses FB code or code derived from FB code. (In theory and that's all it will take to cause Apache to Stuff it.)

    Not a good thing and it means potentially quite a bit of rework to be compliant.

    I wonder what this does to Hadoop (Hive), or Presto....

    Apache is protecting their own arse here so don't thank Apache for doing anyone a favor.

    1. Anonymous Coward
      Anonymous Coward

      Re: This isn't a kudos moment.

      This has nothing to do with compatibility, or otherwise, with the Apache Software License. It's a policy decision of the Apache Software Foundation. Patent grants can be handled outside of the core license - patents being distinct from copyright. It's possible for software to be Apache-compatible Licensed and used by ASF governed projects as long as there are sufficient assurances around the patents.

      And they're doing plenty of other people a favour by putting a stop to this kind of thing. the +PATENTS model FB are using is toxic. It'll spread to huge numbers of derivative works in an uncertain and unpredictable manner. To quote the particularly scary bit..

      "The license granted hereunder will terminate, automatically and without notice, if you (or any of your subsidiaries, corporate affiliates or agents) initiate directly or indirectly, or take a direct financial interest in, any Patent Assertion: against Facebook or any of its subsidiaries or corporate affiliates, ..."

      That's fucking terrifying stuff for both producers and consumers of open source software.

      The impact on the Hadoop ecosystem will be minimal. The main vendors have been required to run full dependency-tree license/patent compliance reports for a few years now in order to meet the terms of their FSI customers. That particular ship was put in order some time ago.

      1. Ian Michael Gumby
        Boffin

        @AC ... Re: This isn't a kudos moment.

        You contradict yourself.

        FB revokes your rights to use the code if you are 'involved' in a patent lawsuit. This means that the rights FB is granting in their code are conditional rights. This is a risk which Apache does not want to accept.

        Essentially FB's poison pill would put Apache at risk.

        As to Hadoop. remember that Hive was donated from FB and its FB's code at its core. Same for Presto.

        1. Anonymous Coward
          Anonymous Coward

          Re: @AC ... This isn't a kudos moment.

          Not even close. The ASF are more than happy with conditional rights. A license is after all conditional by its very nature. In fact the ASL2.0 even contains its own patent license and revocation clause, not entirely dissimilar to the one in the Facebook+PATENTS license. You should try reading the ASL2.0 some time. It's a good read.

          The policy issue for the ASF (which, again, is distinct from compatibility with the ASL) is that the scope of the conditions in Facebook's patents clauses is global, potentially covering all interactions between all users of the software in all the ways they may interact with Facebook, rather than being solely limited to the material being licensed. Likewise the fact that exposure is inherited by all users, contributors and derivatives (and all their affiliates, agents and so on) is unacceptable.

          To put this in simpler terms, it means that if I am incorporating code from a project that depends on this PATENTS exemption and that parent project (over which I have no control) violates the exemption, the chain of inheritance is broken and I am now exposed. No other license does this.

          There is no FB code at Hive's core. It is an Apache project. The code is the property of the Apache Software Foundation. It ceased to be FB's the second it took the Apache name (not that there's any of it left, anyway). Presto? Not so much, but the lack of open governance is one of the key reasons it hasn't seen widespread commercial adoption.

  4. Anonymous Coward
    Anonymous Coward

    Facebook code libraries

    Is this an example of the viral un-american commie code that Bill Gates was always warning us about ?

    1. Steve Davies 3 Silver badge

      Re: un-american commie code

      From Facebook, an American (As in apple pie) Company?

      to me it is like

      "here have some code but beware, it bites back if you try to sue us for bugs in the code"

      Either way it is IMHO, a 'Do not touch even with a 40ft barge pole".

  5. Anonymous Coward
    Anonymous Coward

    >Facebook has insisted that the license was not written to stop any software from competing with its own

    So if Facebook slaps an icecream cone out of my hand they'll probably say "Flailing my arms at you was NOT meant to slap the icecream out of your hand". Yeah, just because you say you didn't do something doesn't mean you didn't do it.

    This is actually really good advice, my startup company already Cat-X's GPL code, I think I'll put Facebook's stuff on that list, too.

    1. Ian Michael Gumby
      Boffin

      This is actually really good advice, my startup company already Cat-X's GPL code, I think I'll put Facebook's stuff on that list, too.

      GPL code is FOSS but it protects the rights of the original authors. Apache, you sign away all rights and anyone can use , modify, even charge for your code.

      If your startup used GPL'd code you have to follow their license requirements and that has some implications. TANSTAAFL

      1. Anonymous Coward
        Anonymous Coward

        If your startup *uses* open source software, you're much better off with BSD / Apache, because you have maximum rights as to what you can do with it.

        If your startup *sells* open source software, you're much better off with GPL - because the GPL gives the author more control, and the user fewer rights.

        1. Raumkraut

          If your startup *uses* open source software, you're much better off with BSD / Apache

          ...

          If your startup *sells* open source software, you're much better off with GPL

          Err, I think you got that the wrong way round.

          Copy-left (eg. the GPL) is all about ensuring freedom for the user of the software (to use, study, modify, and re-distribute), whereas permissive licenses (eg. BSD, Apache) are about maximising freedom for the developer - including the freedom to put limitations on the use of the software.

          1. Anonymous Coward
            Anonymous Coward

            @Raumkraut

            You've got it the wrong way round. GPL imposes a host of restrictions on the licensee that the ASL does not. Specifically the GPL restricts me from relicensing derivative works under anything other than the GPL. That is intended to protect the licensor against people consuming and deriving from their work without having to contribute back.

        2. barbara.hudson

          You seem to be confuse. BSD allows you to sell the modified code without giving away the source. Sony uses it. Microsoft uses it. Apple uses it. Even linux uses bsd code.

  6. Sgt_Oddball

    Stick To yer' guns

    The nature of this licence is such that someone else not in apache can get the licence revoked stuffing everyone else further up the chain.

    It's like having a nice rum punch only to have an uninvited guest turn up and demand you remove the rum because they take issue with you using the same rum as they've got at home.

  7. Will Godfrey Silver badge
    Unhappy

    No winner here

    I'm not keen on the Apache license, because of the loss of rights, but the facebook one is seriously toxic. The way it's worded, someone way down the software chain can effectively revoke your license without you even being aware of it until the vultures descend.

    1. Anonymous Coward
      Anonymous Coward

      Re: No winner here

      What loss of rights are you referring to?

      1. Will Godfrey Silver badge

        Re: No winner here

        Read the terms of the Apache license.

  8. Milton

    Let's not be too lazy

    Notwithstanding I've always espoused the "don't reinvent the wheel" approach—generally, don't bother figuring out the code for a problem when you can do a search and find that a thousand people already did it before you—the truth is that competent coders can always find ways to do things. It may save you a few days now to simply use these or those few hundred lines from a library, but you *are* being paid for your brains and skill: sometimes it's best to do it fresh, stay away from the corporate greedmongers and their legal jackals, and get a good night's sleep.

    And I personally find it a little crazy that a 1,000-line/15kB project can suddenly become a 75,000-line/3MB bloat-fest just because we wanted to include a few handy library functions.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like