I am contributing to the module radiologydcm4chee and noticed that the module includes code from 3rd party projects which use different licences than the current OpenMRS (MPLv2+disclaimer)
and reading further I think it means that this file is under MPL 1.1 and could be used under GPL 2.0/LGPL 2.1 if we would like to do so. Would including code with the MPL 1.1 from 3rd parties be ok with the current OpenMRS MPLv2+disclaimer ?
I think any code with compatible licenses can go together. Particularly, now that weāve moved to MPL 2.0, it improves compatibility with a number of other licenses.
For another research, I actually discussed this matter in depth with Akhil Ravindran (original author of the module) and he said that re-licensing this code with the most permissible license is fine with him. But I guess we need a more formal way to do that.
By what I wrote above, I am not suggesting re-licensing the module code. If we keep the code unmodified the way it is and include copyright notice and license header with other tools that are in a compatible license, then we should be good to go. The source code file you mention is released under multiple licenses. LGPL and MPL 1.1 would make it compatible with remaining code. I donāt see any problem, but I am not a lawyer! @michael would know the OpenMRS lawyers
Iām not a lawyer either, but my caveman understanding is that MPL 1.1 doesnāt play well with GPL 2.0, so the licensing of the 3rd party code may already be conflicting with itself.
If heās available, @lrosen might be able to offer some guidance.
FYI ā modules can use any license they choose (it doesnāt have to be MPLv2 + HD).
Iāve been working closely with the IPO lawyer in my company, so Iāve
learned at least her opinion on things (you know, sometimes things are a
big gray area).
When a code is licensed under several licenses, you can pick any of them.
For example, if this code were only GPL, Iād say we couldnāt use. If it was
only LGPL, Iād say we could use as far it was a different jar.
As one of the options is Mozilla, we could use that one as itās the most
permissive.
yes as you mention @cintiadr in the dcm4che2 code it states the code is under MPL 1.1 with the option of choosing GPL 2.0 or LGPL 2.1. Would MPL 1.1 work with MPLv2 + HD ?
and the javascript files use āGPL v2 license or a BSD styleā, does this conflict with MPLv2 + HD ?
@burke thanks for the info that the module could use another license than MPLv2 + HD but than again I wouldnt know which one would fit with the above 3rd party licence mix
I think it would be good to use the MPLv2 + HD in this module and to harmonize licenses. Maybe at a later stage I can remove the javascript libraries from the web part which are used to display a table of studies.
Hi Burke and others, Iām still here but mostly silent.
Among the things I enjoy the least in open source projects are these infernal questions about FOSS license compatibility; Everyone has an opinion and (in my opinion as a lawyer!) only a few are right. I live this topic continually in Apache, and every such compatibility question results in long, boring license discussion email threads there.
I was hoping I wouldnāt relive it here at OpenMRS also. Every person has at least two opinions and Iām tired of hearing them. Sorry, but Iāve done this work as an open source lawyer for too long to pretend to have all the answersā¦
Approved Open Source Licenses for OpenMRS Contributions
OpenMRS relies on the recommendations of Open Source Initiative, the Free Software Foundation, and Creative Commons to determine which free and open source licenses are compatible with the Mozilla Public License 2.0 with Healthcare Disclaimer (MPL 2.0 HD) under which OpenMRS distributes software and documentation.
Some of those licenses may not be compatible with the license requirements of some commercial companies. That is another purpose for the NOTICE file that OpenMRS projects provide with each software distribution. Each downstream modifier and/or distributor of OpenMRS software and documentation is responsible for making such license compatibility determinations for itself.
Rest assured that OpenMRS software and documentation can be used for free by everyone in the world under the open source MPL 2.0 HD license.
So Iāll summarize my indirect answer to your question: Ask Open Source Initiative, the Free Software Foundation, or Creative Commons. Let the experts there advise you about license compatibility with MPL 2.0 HD.
Please donāt allow the OpenMRS project to be consumed by licensing threads.
/Larry Rosen
āIf this were legal advice it would have been accompanied by a bill.ā
An even more direct answer to the initial question asked in this thread::
All of MPL 1.1, GPL 2.0 and LGPL 2.1 code is FOSS! Feel free to accept such works as OpenMRS contributions. If you believe it is not FOSS software, ask Open Source Initiative, Free Software Foundation, or Creative Commons experts. OpenMRS projects must describe all third party FOSS components in the NOTICE file.
If you modify those components, those derivative works must be under their original license. (If there are double or triple licenses, pick the one you like best.). If you donāt know whether you are creating a derivative work, ask a lawyer. OpenMRS projects must describe these derivative works in the NOTICE file.
For those commercial downstream companies that intend to modify or redistribute OpenMRS modules, we tell them to read our NOTICE file. We offer no warranties or promises regarding commercial license compatibility.
Is that an easy way to summarize our own non-attorney analysis of third party licenses?
/Larry
āIf this were legal advice it would have been accompanied by a bill.ā
If you are building a GPL software, you can include compatible licensed libraries and dependencies. Thatās why so many javascript libraries are released as dual licensed GPL and MIT, to cover both GPL and anything else, and make sure no one gets confused. A lot of open source licenses allow sublicensing.
On the other hand, if your code is NOT GPL, you cannot use neither Affero GPL or GPL libraries. At least one of the licenses of the dependency needs to be compatible with your main license. Itās said that GPL and Affero GPL are āviralā, everything that touches GPL will be GPL - except if itās in another process, communication via sockets, and other things like that.
All that said, it would be nice to mention explicitly where the code comes from and keep the license files, to be compliant to the open source license.
Not really. You are exaggerating the effects of GPL licenses. Even FSF doesnāt state things this strongly.
This issue is ONLY whether you create a derivative work. āTouchingā has nothing to do with copyright law. āDependencyā has nothing to do with copyright law. āCommunication via socketsā has nothing to do with copyright law.
If you create a derivative work of some GPL code, then THAT DERIVATIVE WORK must be under the GPL license. If you are not sure whether you create a derivative work ā thatās a good question for a lawyer.
Thatās part of the reason why I suggest, to make your life simpler, you should create what OpenMRS software you need out of FOSS components and let the downstream modifers/re-distributors (if any) do their own analysis based on what you describe in the NOTICE file. We could spend our lifetimes arguing general and hypothetical questions about whether SOME touching, dependencies or sockets lead to problematic derivative works, and the world would end up with less wonderful OpenMRS code.
Remember that, for the USE of OpenMRS software, ALL FOSS LICENSES are good around the world. What OpenMRS does is aggregate code from many contributors. That aggregation is not the same as a derivative work. That aggregation is distributed under the MPL 2.0 HD license. The individual contributions remain available under their own individual FOSS licenses in case anyone wants them.
/Larry
āIf this were legal advice it would have been accompanied by a bill.ā
Note: I keep adding this signature line because I donāt want you to take this as legal advice. However, if you have a lawyer who wants to talk to me more about this, Iāll take some private emailā¦
As many FOSS lawyers will recommend: āMake your own choice.ā Thatās no help at all!
If it were me making the choice, MPL is easiest given that OpenMRS already uses a later and better version of the MPL license (MPL 2.0 HD). A safe recommendation is usually to stick with the same family of licenses if that choice exists.