The FLOW Syllabus (Working Draft)
Under Construction (Version 1.30)
- The FLOW Syllabus is presented on a wiki so that it can be refined and extended through YOUR direct participation. Occasional 'snapshots' of this working draft will be given version numbers and will be posted on the main OSI site at http://www.opensource.org.
- What you are looking at now is a working version of the syllabus that is being edited frequently. There is not yet a 'snapshot' that has completed a round of peer review through the OSI Working Group on Management Education.
- The Working Group Chair, Joseph Potvin, can be reached at jpotvin@opman.ca and 1–819–593–5983.
- The content is provided in a single long page for the time being. Later versions may be separated by session and section onto separate pages, linked through a multi-page table of contents.
- All links that currently expose the URL are in the process of being converted to hyperlinks, each also with a footnote that displays the URL directly at the bottom of the the page. This is done to facilitate offline use.
TABLE OF CONTENTS
- Session: FLOW Business Risk & Value Management - Licensing, Contracting, Trade Secrets
- Session: FLOW Foundations and Their Ways
Session:
Session:
Session:
Artificial Monopolies on Computational Ideas
Session:
Session: FLOW Business Risk & Value Management - Licensing, Contracting, Trade Secrets
Preparatory Reading on License Proliferation http://www.rosenlaw.com/pdf-files/LicenseProliferation.pdf (3.5 pgs)
License Similarities; Differences; Choices; Trends; Linkages to Other Types of Agreements
- "License Haiku" http://www.aaronsw.com/weblog/000360
- GPL, Eclipse, Apache, MIT, etc.
- A Spectrum of FLOW Licenses
- List of Licensing Tools http://wiki.opensource.org/bin/view/Projects/List__of__Licensing__Tools
- Telekom Open Source License Compendium http://dtag-dbu.github.io/oslic/releases/oslic-0.98.1.pdf (About: http://dtag-dbu.github.io/oslic/ )
- Comparing Free/Libre/Open Licenses http://www.tldrlegal.com/browse
- Schematic representation of license directionality http://www.ploscompbiol.org/article/info%3Adoi%2F10.1371%2Fjournal.pcbi.1002598
- Five Permissive Licenses Side-by-Side http://www.projectmanagementhotel.com/attachments/5989/Compare_5PermissiveLicensesPDF.pdf
- Apache License v2.0 and GPL Compatibility http://www.apache.org/licenses/GPL-compatibility.html
— On Indemnification, See Section 9 of the Apache License v2.0
— Indemnification Means Always Having to Say You're Sorry http://www.youtube.com/watch?v=WpYcB-_x9gA - A Practical Guide to GPL Compliance http://www.softwarefreedom.org/resources/2008/compliance-guide.html
- Compliance Guides from The Linux Foundation http://www.linuxfoundation.org/publications/compliance
- The (Telekom) Open Source Compliance Advisor http://opensource.telekom.net/oscad/
- GPL Software Certification Program http://www.fsf.org/licensing/compliancelab.html
— A patent license that is GPL compatible: Firestar Software v. Redhat http://www.redhat.com/f/pdf/blog/patent_settlement_agreement.pdf
— Explanation of the Firestar Software v. Redhat Settlement http://www.groklaw.net/articlebasic.php?story=20080715054748526 - A Guide to the Legal Documentation for Eclipse-Based Content http://www.eclipse.org/legal/guidetolegaldoc.php
— The Eclipse Legal Process www.eclipse.org/legal/EclipseLegalProcessPoster.pdf - Choosing a Software License (In: A Quick Guide to Software Licensing for the Scientist-Programmer) Scroll half-way down in: http://www.ploscompbiol.org/article/info%3Adoi%2F10.1371%2Fjournal.pcbi.1002598
- Proliferation and Standardization (Licenses; Contributor Agreements; Subscriptions)
- License Proliferation http://www.rosenlaw.com/pdf-files/LicenseProliferation.pdf
- Google says no to license proliferation (3-part series) http://www.zdnet.com/blog/burnette/google-says-no-to-license-proliferation/192
- Linux Foundation's Generic Open Source Review Board Contribution Form http://www.linuxfoundation.org/publications/compliance/generic-osrb-contribution-form
- LLVM Developer Policy http://llvm.org/docs/DeveloperPolicy.html
— LLVM comments on "Copyright, License, and Patents" http://llvm.org/docs/DeveloperPolicy.html#copyright-license-patents
— University of Illinois/NCSA Open Source License http://opensource.org/licenses/UoI-NCSA.php
— FSF Comments on the University of Illinois/NCSA Open Source License http://www.gnu.org/licenses/license-list.html#NCSA
— FSF Comments on the Modified (3-clause) BSD License http://www.gnu.org/licenses/license-list.html#ModifiedBSD
- Dual/multi Licensing Options (for commits; for projects)
- Maintaining Permissive-Licensed Files in a GPL-Licensed Project: Guidelines for Developers http://www.softwarefreedom.org/resources/2007/gpl-non-gpl-collaboration.html
- Challenges with Hybrid Protection Models http://www.iprinfo.com/julkaisut/verkkojulkaisut/ipr-series-b/fi_FI/proprietary-softvare-vs-foss-b4-ballardini/_files/88735925433140131/default/B4_Ballardini.pdf
- Understanding GPL Exceptions
— Sample License Notices http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs
— On Selling Exceptions to the GNU GPL http://www.fsf.org/blogs/rms/selling-exceptions
— GCC Runtime Library Exception http://gcc.gnu.org/onlinedocs/libstdc____/manual/license.html
- Contributor agreements
- Project Harmony: Contributor agreements for free and open source software http://www.harmonyagreements.org/
- The trouble with Harmony http://opensource.com/law/11/7/trouble-harmony-part-1 and http://opensource.com/law/11/7/trouble-harmony-part-2
- OpenStack Project Individual Contributor License Agreement https://review.openstack.org/static/cla.html and OpenStack: How To Contribute https://wiki.openstack.org/wiki/How_To_Contribute
- NDA Program Confidential Disclosure Agreement for Contributors, The Linux Foundation http://www.linuxfoundation.org/images/2/2e/NDA_contributors.pdf
- The Subscription Model
- Open Source Procurement: Subscriptions http://blogs.computerworlduk.com/simon-says/2011/03/open-source-procurement-subscriptions/index.htm
- Open Source Business Innovation and the Subscription Model http://stephesblog.blogs.com/my_weblog/2007/08/open-source-bus.html
- Why Subscriptions? http://www.redhat.com/about/whoisredhat/subscriptions.html
- Open source procurement: Indemnity http://opensource.com/law/11/2/open-source-procurement-indemnity
- Indemnification Parameters. In: Open Source Software Issues in Commercial Transactions http://about.bloomberglaw.com/practitioner-contributions/open-source-software-issues/
- Google Glass: Something like a Subscription
- FLOW in Employment Contracts
- Who Owns Copyright at Work? http://zvulony.ca/2010/articles/intellectual-property-law/copyright-law/copyright-at-work/
- Who Owns the Intellectual Property: The Employee or the Employer? http://www.lmlaw.ca/who_owns.pdf
- Sign on the Dotted Line: NDAs and Free and Open Source Software http://faif.us/cast/2011/apr/12/0x0D/ (See slide deck at http://faif.us/cast-media/FaiF_0x0D_NDAs.odp )
- Contracts for people to work on Open Source Software http://andrew.mcmillan.net.nz/foss_friendly_employment_contracts
- Beware Employment Contracts http://developers.slashdot.org/story/02/03/21/0139244/beware-employment-contracts?sdsrc=rel
Session: FLOW Foundations and Their Ways
The Free/Libre/Open Way Part 1: FLOW Governance Concepts
- Governance of Not-for-Profit Organizations
- 20 Questions Directors of Not-for-profit Organizations Should Ask about Governance http://www.cica.ca/focus-on-practice-areas/governance-strategy-and-risk/not-for-profit-director-series/20-questions-series/item12302.pdf
- To Pay or Not To Pay http://asspl.com.au/article/to-pay-or-not-to-pay/
- Governance of Open Source Software Foundations
- A Framework for Evaluating Managerial Styles in Open Source Projects http://flosshub.org/sites/flosshub.org/files/framework%20for%20evaluating%20Mangerial%20Style.pdf
- Governance of Open Source Software Foundations: Who Holds the Power? (See p 41 "Centres of power for all six foundations" and p 42 "Conclusion") http://timreview.ca/sites/default/files/article_PDF/Prattico_TIMReview_December2012.pdf
- Open Source Software Foundations (See "OSSF Effectiveness") http://timreview.ca/article/194
- Tragedy of the FOSS Commons? Investigating the institutional designs of free/libre and open source software projects http://firstmonday.org/ojs/index.php/fm/article/view/1619/1534
Real World Contract Court Cases (what went wrong; reasons for decision)
- Case 1: See Paragraphs 37-42 in: Wayne John Stewart v. Her Majesty The Queen (R. v. Stewart, [1988] 1 S.C.R. 963) http://scc.lexum.org/decisia-scc-csc/scc-csc/scc-csc/en/331/1/document.do
- Case 2: United States of America v. Sergey Aleynikov http://www.ca2.uscourts.gov/decisions/isysquery/ea08355b-8152-43de-ad6f-7299ed2f176f/1/doc/11-1126_complete_opn.pdf#xml=http://www.ca2.uscourts.gov/decisions/isysquery/ea08355b-8152-43de-ad6f-7299ed2f176f/1/hilite/
- Question in Goldman Sachs case: Can open-source software be stolen? http://www.computerworld.com/s/article/9137161/Question_in_Goldman_Sachs_case_Can_open_source_software_be_stolen_
- Unlawful use of secret scientific material and unlawful duplication of computer related material http://blogs.findlaw.com/in_house/2013/05/vance-can-proceed-to-trial-against-former-goldman-sachs-programmer.html
- Trade Secrets
- Behavioural Risk Indicators of Malicious Insider Theft of Intellectual Property
http://www.symantec.com/about/news/release/article.jsp?prid=20111207_01
☏ Audio File (pending): Listen to a Discussion with an Invited Authority on Intellectual Rights Compliance Management and Risk Identification
- Janet Campbell, Director, Intellectual Property, Secretary and Legal Counsel, Eclipse Foundation. Janet is responsible for the review of intellectual property proposed for inclusion in Eclipse open source projects. This review includes examining both the provenance of the intellectual property and license compatibility. She is author of the Eclipse Legal Process and maintains the document on an ongoing basis. She is also co-author of the Eclipse Guide to Legal Documents, which has benefitted from the work of several contributors over the years. In this session, Janet will discuss how the Eclipse Foundation manages contributions of source code to Eclipse projects and undertakes due diligence to reduce and mitigate risks due to parties involved in re-use or re-distribution. http://www.microdoc.com/eclipse-embedded-day-2009-video-managing-open-source-legal-issues-janet-campbell
Software License Risk-Minimization and Value-Maximization in the Organization's Context
- Current Practices
- Concerns and Challenges
- Interests and Opportunities
The Free/Libre/Open Way Part 2: Multi-Entity Team and Organizational Performance
- Concepts, definitions, boundary of application, measurement, feedback
- Multi-Organizational Teams
- Risky Trust: How Multi-entity Teams Develop Trust in a High Risk Endeavor http://www.hbs.edu/research/pdf/11-089.pdf
- Team Scaffolds: How Minimal Team Structures Enable Role-Based Coordination http://www.hbs.edu/research/pdf/12-062.pdf
☏ Audio File (pending): Listen to a Discussion with an Invited Authority on Contract Considerations that Affect Participation in Free/Libre/Open Works
- Amanda Brock is Director at the international technology law firm, Origin, www.origin.co.uk. Prior to joining Origin, she was General Counsel of Canonical for 5 years. She has an LLB (Hons) from the University of Glasgow, a Masters of Comparative Jurisprudence from New York University and an LLM in IP and IT law from Queen Mary, University of London. She is admitted as a solicitor in Scotland and England and Wales. She is author of "E:Business; The Practical Guide to the Laws", and was an editor of the Butterworth's publication Electronic Business Law, and contributed a chapter on commercial agreements in open source to Walden and Shentov, Free and Open Source Software: Policy, Law and Practise, published by Oxford University Press in 2013. Amanda has lectured extensively on IT and commercial law internationally. http://www.origin.co.uk/team/amanda-brock.php
The Free/Libre/Open Way Part 3: Case Analysis
— How does someone become a participant in their projects?
— How are decisions arrived at?
— Does the license type seem to influence any aspect of governance?
— How does each address copyright ownership?
— How does each address patent non-aggression?
— What unwritten expectations should you keep in mind?
- Linux Foundation http://www.linuxfoundation.org/about/bylaws
— A Guide to the Kernel Development Process https://www.kernel.org/doc/Documentation/development-process/1.Intro
— Open Source Compliance Publications http://www.linuxfoundation.org/publications/compliance
- OpenStack Foundation https://wiki.openstack.org/wiki/Governance/Foundation/Bylaws
— Contribute to OpenStack / Community https://wiki.openstack.org/wiki/Main_Page
— http://www.openstack.org/legal/
- Eclipse Foundation http://www.eclipse.org/org/documents/
— Eclipse Development Process http://www.eclipse.org/projects/dev_process/development_process_2011.php
- Apache Foundation http://www.apache.org/foundation/
— Open Source Software Peer Review Practices: A Case Study of the Apache Server http://faculty.salisbury.edu/~xswang/research/papers/serelated/testing/p541-rigby.pdf
- LLVM (not a foundation but still interesting for us)
— LLVM Developer Policy http://llvm.org/docs/DeveloperPolicy.html
— Life of an Instruction in LLVM http://eli.thegreenplace.net/2012/11/24/life-of-an-instruction-in-llvm/
- R Foundation http://www.r-project.org/foundation/Rfoundation-statutes.pdf
— Model of Rigorous FLOW Control at CRAN (Comprehensive R Archive Network)
- GNOME Foundation http://www.gnome.org/wp-content/uploads/2012/02/bylaws.pdf
- Open Cloud Principles http://www.opencloudinitiative.org/principles
- OpenDaylight http://www.opendaylight.org/resources/faq#3m
— http://www.networkworld.com/news/2013/041913-ibm-opendaylight-268912.html
- OpenFlow http://www.openflow.org/wp/openflow-components/
— Why Apache is important to Openflow http://www.projectfloodlight.org/blog/2012/01/30/why-apache-is-important-to-openflow/
Preparation for the Session: Audio File (pending): Listen to a Discussion with an Invited Authority on "Best Practices in Organizing and running a FOSS Foundation")
- Mark Radcliffe is a senior partner at DLA Piper who practices corporate securities and intellectual property law. He has worked with many software companies, in particular open source companies and is Chair of the Open Source Industry Group at the firm. He assisted Sun Microsystems in open sourcing the Solaris operating system and drafting the "Common Development and Distribution License" (CDDL). He has represented eBay, Accenture, Adobe, Palm, Sony, Siemens Venture Capital, and SugarCRM (the first venture backed open source applications company). On a pro bono basis, he serves as outside General Counsel for the Open Source Initiative and on the Legal Committee of the Apache Software Foundation. He was the Chair of Committee C for the Free Software Foundation in reviewing GPLv3 and was the lead drafter for Project Harmony. In 2012, he became outside general counsel of the Open Stack Foundation. http://www.openstack.org/foundation/staff
Review, Integration, Operational Implications
- The next two weeks
- The next two months
- The next two years
Resources
Validos: The Validos initiative helps businesses engage with Free Software. The primary focus of Validos is package level compliance and clear reporting to facilitate simple redistribution of code. With its format of cooperative information sharing among corporate and legal stakeholders, Validos provides a way to increase compliance fidelity and streamline code management activities. It is a Finnish registered association with thirteen members, and has a modest annual fee for participation. Website: http://www.validos.org
Binary Analysis Tool: The Binary Analysis Tool (BAT) is a modular framework that uses the same approach applied by gpl-violations.org to discover issues in consumer electronics. It can open many types of firmware, detect Linux and BusyBox issues, and report outcomes in XML format. It also features knowledge-base support to allow high fidelity customization for advanced users. BAT is available for free under the Apache license so that everyone can use, study, share and improve it. The project frequently adds new features.
Website: http://www.binaryanalysis.org
Code Janitor Tool: The Code Janitor is a tool released by the Linux Foundation that helps to search source code to make sure that developers did not leave comments that might reveal future products, product code names or discuss competitors and their products. It maintains a database of keywords to scan for, and can be customized as necessary. It is available without charge. Website: http://www.linuxfoundation.org/programs/legal/compliance/tools
Dependency Checker Tool: The Dependency Checker is a tool released by the Linux Foundation that helps identify source code combinations that will lead to dynamic and static linking, and in the context of a license policy framework can create a list of items that need to be flagged before products are released. Website: http://www.linuxfoundation.org/programs/legal/compliance/tools
FOSSology: FOSSology started as an internal project at HP to support governance processes. It is a tool that analyses all the files in a project and reports on the licenses used, basing its results on license declarations and tell-tale phrases. It also has the ability to scan for copyright notices, email addresses and URLs, allowing users to create custom reports. The project is hosted by the Linux Foundation, is available as Free Software, and is maintained in both English and German by developers from HP and other organizations. Website: http://fossology.org
Ninka: Ninka is a lightweight license identification tool for source code. It is sentence-based, and provides a simple way to identify open source licenses in a source code file. It is capable of identifying several dozen different licenses (and their variations). It has been designed to be lightweight, fast and to avoid making errors. It is available under a Free Software license. Website: http://ninka.turingmachine.org
OSS Discovery: OSS Discovery is a Free Software tool that helps scan for software inside a business network. It searches for both source code and binary instances of software, and is intended to help create an inventory of deployed applications across servers and desktops. Website: http://www.openlogic.com/products/scanners.php#oss-discovery
Black Duck Suite: The Black Duck Suite helps companies automate the management, governance and use of Free Software. It consists of various commercial products, including the Black Duck Code Center, Export and Protex. The Code Center supports the selecton of Free Software components, as well as the ongoing monitoring of the components in use. Protex and Export assist with the validation of code before deployment. The tools are powered by the Black Duck KnowledgeBase, which includes over 230,000 projects from more than 4,500 sites. Website: http://www.blackducksoftware.com/black-duck-suite
OSS Deep Discovery: OSS Deep Discovery scans source and binary code to identify Free Software, even when the code in question has been copied or modified. It uses noise-reduction techniques to reduce false positives, and reduces the amount of time and personnel resources required to analyse scan results. It is targeted towards product distribution and M&A activities in the enterprises market. Website: http://www.openlogic.com/products/scanners.php#oss-deep-discovery
Palamida Application Security Compliance Edition: Palamida Compliance Edition is an application security solution designed to help companies managed Free Software license obligations. It identifies, assesses, and manages Free Software obligations in customized code with a focus on risk management.
Website: http://www.palamida.com/products/complianceedition
Protecode System 4: Protecode System 4 scans code to analyze Free Software licenses according to customized policies. It is designed to fit into existing processes and provide a simple way to understand what is in an enterprise code portfolio. While having a small footprint, it is designed to scale into organizations with up to 20,000 developers, and works in conjunction with the Protecode IP Signatures Database to monitor 450,000 public software projects. Website: http://www.protecode.com/system4overview.php
FOSS Governance Fundamentals https://fossbazaar.org/openSourceGovernanceFundamentals
FOSS Policies and Guidelines https://fossbazaar.org/content/foss-policies-and-guidelines
A Practical Guide to GPL Compliance http://softwarefreedom.org/resources/2008/compliance-guide.html
Maintaining Permissive-Licensed Files in a GPL-Licensed Project: Guidelines for Developers http://softwarefreedom.org/resources/2007/gpl-non-gpl-collaboration.html
Useful Compliance Tips For Vendors http://fsfe.org/projects/ftf/useful-tips-for-vendors
Reporting and Fixing License Violations http://fsfe.org/projects/ftf/reporting-fixing-violations