I am an engineer, not a lawyer, and this post is not professional advice. Legal documents can be complicated and interpretation may depend on jurisdiction, context and domain. You should consult with a lawyer if the risks and consequences are important to you.
Open source software is a concept that enables software development and support to be shared by a typically non-competitive community. An open source project is more than just code, it is also a community motivated by common goals and bound together by the relationships formed by working collaboratively.
Open source projects use one or more forms of intellectual property (IP) rights protection to protect itself against being taken advantage of. These are copyright, trademark and license. Copyright protects ownership of the software source code, trademark protects the project name and image, and a license protects the project community from liability.
Copyright is a legal concept that gives the author of an original work exclusive rights to their work. The copyright for a line of code is generally held by its author (developer), unless it is assigned to someone else. Assignment may be implicit, such as when an employee creates code for an employer (“works for hire”), or explicitly through a formal agreement, such as a Contributor License Agreement (CLA) or Copyright Assignment Agreement (CAA).
Open source projects generally follow one of two options:
- Contributors retain individual copyright to their contribution. Author of have an inherent copyright to the code they write, but to limit liability, some projects require contributors to submit a Contributor License Agreement (CLA), which states they have the legal right to provide their work to the project and any conditions they impose (e.g. the license).
- Contributors assign their copyright to a legal entity used by the project for that purpose, using either a Contributor License Agreement (CLA) or a Copyright Assignment Agreement (CAA).
Open source projects most commonly follow Option 1, in particular ad hoc projects. As a side-effect, it makes re-licensing almost impossible as it would require explicit consent from all copyright owners. Option 2 is most common when the project uses multiple licenses for different users (e.g. an open source license for some and a proprietary license and revenue opportunity for others), or if the project doesn’t want to preclude potential re-licensing in the future.
Trademark law will provide practical protection of the project’s name, so long as the project uses the name in a way that can be trademarked, generally some type of logo. An individual (e.g. the project founder) or a legal organization owns the trademark (which preferably should be registered), and allows for its fair use by creating a Trademark and Logo Policy (e.g. the Drupal Trademark and Logo Policy).
A Trademark and Logo Policy clarifies rights over the use of the project’s identity. Your name and logo are important to your community, and may want to create T-shirts, booth displays at trade shows and conferences, support material for clients, etc., that incorporate the project name and logo. The Trademark and Logo Policy controls their use to the benefit of the project as a whole, and provides a background from which abusers can be legally instructed to stop.
Generally, the simpler the better but some projects use different licenses for different things, such as the GPL for code and a Creative Commons license for documentation.
Use a permissive license (e.g. the BSD, Apache or MIT license) if you want the software to be usable by as many people as possible. Use a copy-left license (e.g. GPL or AGPL) if you want to enforce users giving back. Commercial users may be wary of copy-left code in general, as it requires more thorough consideration to ensure the copy-left license won’t be applied to more code than intended once it is integrated.
1. Include a License and Copyright statement in the project source code (e.g. in a README file), and also state prominently on the project website. State the license for the code, and who owns the copyright. Describe any legal requirements for submissions, such as whether a CLA or CAA must be submitted first, and terms assumed to apply to submissions (such as the same license terms as the project). Explicitly say whether the license covers Plug-ins or other extensions.
The GPL is generally understood to apply to Plug-ins, but being explicit will avoid potential misunderstanding or disagreement, clarify the intent of the project and even encourage development (and save you from having to repeatedly answer the question).
2. Include a Trademark and Logo Policy statement in the project souce code (e.g. in a README file), and also state prominently on the project website. State who owns the trademark and/or logo, whether it is registered, and describe what is, and isn’t, considered fair use.
3. Publish a list of open source dependencies (the open source projects that your project depends on), including the license each uses. Make it easy for potential users to evaluate the implications. Ensure each included project identifies its own license in your repository. If needed, work with subordinate projects to help improve their legal clarity as it will benefit both of you.
Bob Jacobsen had to regain control over the open source model railroad controller software he had written to clear his name professionally. See FLOSS Weekly Episode 117 and Java Model Railroad Interface (JMRI) in Wikipedia.
Roberto Rosario had to develop Mayan EDMS in a way that would permit GPL licensing when he was as an employee of the Porto Rico government, and also had to deal with an early fork that threatened the project’s future. See FLOSS Weekly Episode 253.