close search bar

Sorry, not available in this language yet

close language selection
 

Bob Saget and open source license compliance

Unique open source licenses provide amusement for developers but they create extra work for legal teams overseeing a company’s IP.

open source license compliance | Synopsys

Several of my open source friends had the same reaction when they heard of the death of Bob Saget. Sadly, the actor/comedian passed away last week at a relatively young age, and with him went an increment of open source license risk. Wait… what?

Yes, it’s true. I was only vaguely aware of Saget when he was at his most famous as the father on the 1980s/90s sitcom Full House. At the time I was too busy with my career and filling my own house to watch a lot of TV. His role in the popular series was rather wholesome and a stark contrast to his fairly raunchy standup act. But the flame of his fame achieved a little extra glow in the open source world in 2012 with the publication of QRToad.

About QRToad

QRToad is a ColdFusion interface for the itext library. ColdFusion is an Adobe web app development platform, and itext is a library for pdf processing. Who wouldn’t want such an interface? The developer Timothy Cunningham properly included licensing information with a readme file in the GitHub repo. He selected the MIT license for the code, but prohibited licensing to Bob Saget. The license reads as follows:

***********************************************************************
****** Licensed under the MIT – No Bob Saget Open Source License ****** *************** Copyright (c) 2012 Timothy Cunningham ****************
***********************************************************************
Permission is hereby granted, free of charge, to any person (except for Bob Saget) obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. Under no circumstances shall Bob Saget be granted use of this software, source code, documentation or other related material. Persons dealing in the Software agree not to knowingly distribute these materials or any derivative works to Bob Saget.  

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
**************************************************************************************

Most likely he had nothing against Bob Saget per se—just a quirky sense of humor. He presumably picked the name from popular culture of the least likely person in the world to whom one might want license the library. And thus, Cunningham created a little moment of amusement for fellow developers who might avail themselves of the code. But he also created a minor headache for the attorneys looking after their organization’s intellectual property. They now needed to decide whether to make an issue of it or live with the risk that somehow, someone might send some code to Bob Saget. A silver lining to Saget’s sad passing is that the risk has gone away.

Other unique open source licenses

The QRToad license is not the only one where the somber topic of death bears on the risk assessment. Another example of an odd, one-off license is the Death and Repudiation license (look it up) which includes the following clause:

This software may not be used directly by any living being. ANY use of this software (even perfectly legitimate and non-commercial uses) until after death is explicitly restricted.  Any living being using (or attempting to use) this software will be punished to the fullest extent of the law.

Black Duck Knowledgebase™ includes thousands of licenses. A huge percentage of the open source in the world is covered by the top 10 or 20. And then there’s a long, long, long tail of one-offs. Many, like the Death and Repudiation license, include a small twist on a standard license. Another example is the JSON license, which includes the clause “The Software shall be used for Good, not Evil.” The Apache Foundation expunged all code under that license from its projects a few years ago. Most in the open source community discourage developers getting legally creative. It’s a copyright-holder’s right to create whatever license they want, but there are plenty of standard licenses out there to fit any shape and size.

Such frivolity in these licenses (and others, such as the Beer license or the Chicken Dance license) is amusing, but it doesn’t encourage the use of one’s software. And it creates friction and extra work for attorneys. Best practice for developers is to stick with the more common licenses and let Bob rest in peace.

What lawyers need to know about open source licensing management | Synopsys

 
Phil Odence

Posted by

Phil Odence

Phil Odence

Phil is General Manager, Black Duck On-Demand. He works closely with Black Duck’s law firm partners and the open source community. A frequent speaker at industry events, Phil chairs the Linux Foundation's Software Package Data Exchange (SPDX) working group. With over 20 years’ software industry experience, Phil came to Black Duck from Empirix where he served as Vice President of Business Development and in other senior management positions, and was a pioneer in VoIP testing and monitoring. Prior to Empirix, Phil was a partner and ran consulting at High Performance Systems, a startup computer simulation modeling firm. He began his career with Teradyne's electronic design and test automation (EDA) software group in product, sales and marketing management roles. Phil has an AB in Engineering Science and an MS in System Simulation from the Thayer School of Engineering at Dartmouth College.


More from Security news and research