[Fedora-legal-list] a java license puzzler (not a fedora package though)

Richard Fontana rfontana at redhat.com
Thu Nov 11 03:17:51 UTC 2010 

On Wed, Nov 10, 2010 at 06:27:36PM -0800, Julius Davies wrote:
> What got me excited was the "All Rights Reserved" which strikes me as
> profoundly incompatible with any open source license.

"All rights reserved" is commonly used in copyright notices even in
FLOSS or (I guess a lot less commonly) open content settings, largely
for historical reasons. Today, except in some fairly unusual fact
patterns (which I always forget, but I think one of them involves
things published in the Dominican Republic), it is superfluous. I
don't like it in a FLOSS/open content setting in particular because
has the appearance of being contradictory, though it really
isn't. (Sometimes "all rights reserved" is used to signal that an
ordinary default understanding of free licensing is not
applicable. But I'm sure that wasn't the case here.)

I advise Red Hat developers not to use "all rights reserved", but they
don't always listen to me. :)

> Maybe LICENSE.TXT trumps the "All Rights Reserved" since the "All
> Rights Reserved" is such a common mistake in open source copyright
> statements?  

It's not really a mistake. In the DES.java file you provided, it
seemed to me that the copyright notices with "all rights reserved"
indicated that the copyright holder was acting "on behalf of" the
Cryptix project (which itself is strange, but that's a whole nother
issue). To me that suggests that those copyright holders assumed that
the license of the Cryptix project would apply to their
contributions. So LICENSE.TXT helps you give a reasonable
interpretation to those copyright notices.

It's an art, not a science. :-)

> And then the BSD4 clauses in this case trump the
> LICENSE.TXT ?

Yes, but that's because we're dealing with what we can assume is an
atomic unit of source code and the only way to make sense of the mix
of licenses is to assume that a licensee must comply with the most
restrictive license applying to some or all of the code as well as
less restrictive ones. 

- RF



> 
> 
> 
> 
> On Wed, Nov 10, 2010 at 6:13 PM, Richard Fontana <rfontana at redhat.com> wrote:
> > On Wed, Nov 10, 2010 at 05:07:40PM -0800, Julius Davies wrote:
> >> Cryptix32 is a very old java project.  I think development stopped
> >> back in 2000.  Nonetheless it's a real challenge for our license
> >> detection tools.  I'm curious what you guys think, but don't waste
> >> time on it if you're busy.  Here is the source file that's tripping up
> >> our tool.  I've also included the project LICENSE.TXT for reference:
> >>
> >> http://juliusdavies.ca/cryptix-3.2.0/src/cryptix/provider/cipher/DES.java
> >>
> >> http://juliusdavies.ca/cryptix-3.2.0/LICENCE.TXT
> >>
> >>
> >> At the very bottom of the DES.java file I see a variation of BSD4
> >> appearing for two different copyright holders (1995 and 1996),
> >> although it's missing the "non-endorsement" clause.
> >>
> >> Meanwhile interspersed in the code I see "Copyright 1997 All Rights
> >> Reserved" with no license and with again different copyright holders.
> >>
> >> Finally, the "LICENSE.TXT" that the project ships is BSD2 and shows
> >> yet again another copyright holder.
> >>
> >>
> >>
> >> If I go by Spot's "cascading licensing rules" tips on the wiki, I
> >> guess I would conclude it is the least open-source-compatible license
> >> possible, since 1997 is the latest date in the source file!
> >>
> >>
> >> 1997 - All Rights Reserved
> >>
> >>
> >>
> >> And yet all these mixed messages make me suspect the license is truly
> >> BSD2 as specified in LICENSE.TXT, just poorly specified.  So I have
> >> three academic questions for the experts:
> >>
> >>
> >> 1.  Without contacting the copyright holders, what would you conclude?
> >>  BSD4 without non-endorsement?   Or BSD2?   Or just "All rights
> >> reserved" ?
> >
> > I don't think this one is as cryptic (pardon the pun) as you're
> > suggesting. I'd conclude (just based on this one source file and the
> > LICENSE.TXT file you've provided) that what we have is a mixture of
> > different permissive licenses, with the most restrictive ones being
> > the Eric Young-type licenses at the end (which might be notated BSD4
> > in Fedora convention, I'm not sure, though as you note it's not
> > exactly the same as the classic 4-clause BSD license).  It seems
> > reasonable to assume that the named copyright holders in the file that
> > don't state a license intended to apply the license of the Cryptix
> > project, based on how those copyright notices are worded.
> >
> >> 2.  Is this the kind of situation where contacting the copyright
> >> holders for clarification is necessary?
> >
> > I wouldn't consider this case to be one of the ones that require such
> > clarification.
> >
> >> 3.  And, hypothetical question, what if contacting the copyright
> >> holders was impossible?
> >
> > In this case, or generally? In this case I don't think it's a real
> > problem.
> >
> >  - RF
> >
> 
> 
> 
> -- 
> yours,
> 
> Julius Davies
> 250-592-2284 (Home)
> 
> $ sudo apt-get install cowsay
> $ echo "Moo." | cowsay | cowsay -n | cowsay -n
> http://juliusdavies.ca/cowsay/

More information about the legal mailing list