I made a commitment to do some due diligence as it relates to the OpenMRS community’s ability to incorporate content that is registered under licenses different than the MPL 2.0 - HD. My due diligence comes from some of my own research, alongside a fairly lengthy conversation with @lrosen. For those of you who aren’t aware, @lrosen is a lawyer deep with open source expertise, the author of a book called “Open Source Licenses”, and a friend to the OpenMRS community.
I’ve encouraged him to correct what I’ve written below, but I asked to write this note, to ensure I understand what he’s tried to teach me.
For context, I’d like to point people to the following documents, which are good “pre-reads”:
The first and foremost distinction to make about licensing is to understand the distinction between licenses that are placed upon a given source code file, and a license that applies to a software composition.
The OpenMRS community, when working together, defaults to applying the MPL 2.0 with HD to all newly created source code files, and all historical files also carry that license designation. All of these files are copyrighted to OpenMRS, Inc… which simply ensures that the broader community of end-users is held to the standards our contributors expect (as described in the MPL 2.0 license).
When we come together as a community to create a bundling of source code… and compile it into one or more executables, we license that composition under the MPL 2.0 HD as well.
Now… let’s say for example that we want to include a new piece of source code into an anticipated composition, called OpenMRS 4.10. That source code could be copyrighted to a different and distinct holder from OpenMRS, Inc., and it can also be licensed under a different open source license. We then have the legal right to license that composition (which includes the source code from a different copyright holder) underneath the MPL 2.0 HD license.
According to our copyright policy:
OpenMRS Inc. and the OpenMRS community respect all copyrights and copyright licenses. Individual components of OpenMRS software and documentation may also be available to the public under the open licenses chosen by their copyright holders. We disclose information about those components and their licenses in the NOTICE file that accompanies our software.
So, through the use of our NOTICE file, we can disclose those copyright holders, alongside the license expectations that come alongside that source code.
We could also potentially go a step further, and ask the original copyright holder for a license to release some specific set of source code files under the MPL 2.0 HD.
Both of these strategies are ways to ad-mix licenses from separate sources of intellectual property.
If, in the event that a 3rd party misuses that newly incorporated source code, the OpenMRS community and OpenMRS, Inc. would not be responsible for the implications of that breach. Our copyright policy and contribution policy, alongside the additional steps of a NOTICE file declaration make it clear that downstream users carry the responsibility to appropriately use the products we produce.
I hope that makes sense.