Tim Boudreau's Blog

When engineers (sort-of) read licenses - a cautionary tale

...the download requires me to accept a non-open-source license that severely restricts what I'm allowed to do. I've heard Sun claim that Netbeans is open source, but that doesn't seem to be true.

So I went to the NetBeans download page, to see what he was talking about. And took a look at the license, and said to myself..."Whoa...this is a major screw-up!" Here was, indeed, this rather scary legal text. It didn't look like an open source license to me either. But it's what you agree to when you download NetBeans builds. Did I scroll down and go through the whole thing with a fine toothed comb? Nope. Neither did anybody else - that's the cautionary part of this tale.

The license text he's referring to is this. It's actually the same text you agree to when you download the JDK. And indeed, it doesn't look anything like an open source license. And I wrote to Elliotte, to mention that,

• I know for a fact that that license agreement is only intended to apply to libraries like javac and JavaHelp that NetBeans links to at runtime, not NetBeans itself, and
• It's the same license agreement that you agree to when you download the JDK, so how could someone be okay with agreeing to that for the JDK but have a huge problem with the same license when it comes to some libraries their IDE uses?

The license agreement is a bit of legal boilerplate. It is the result of a bunch of folks like me complaining that everything you download from Sun had its own unique, slightly different license agreement, and why couldn't we just have a generic agreement for most things and simplify everything. It worked. It got simplified. And it actually was done correctly, as you'll see below. But the document is written so perfectly backwards for an open source site that it's almost impossible to tell that. It definitely means I should be careful what I wish for. Correct doesn't necessarily mean human-readable.

In the meantime, Weiqi Gao picked up on what Elliotte had written, and repeated it, but his blog restated it as fact, saying flatly that NetBeans isn't open source. And that's the danger of this sort of thing - misinformation spreads, and nobody necessarily goes back and checks it. And we were all, myself included, not reading the whole thing. It just smelled bad, and we all said, "Yup, smells bad."

But the license text doesn't look like an open source license at all. In fact it isn't one. How in the world could that be kosher? I asked our legal folks about it, and they replied, in essence, "What's wrong with it? The license specifically mentions what it covers."

How could a lawyer think that it's perfectly clear that this agreement only applies to the libraries that are linked to by NetBeans, and I and everyone else would see something completely different? I put on my thinking cap, and tried to think like a lawyer for a minute. It hurt like hell and I took my thinking cap off. The answer is really an impedance mismatch in the kind of reasoning an engineer uses when he or she says "Let's see how this software is licensed," and the reasoning of a lawyer thinking about a legal agreement. If you're a lawyer, you look for the holes first. So I went back and really read it this time. For the missing piece of the puzzle, you have to scroll way down to section 6, which says:

Sun supports and benefits from the global community of open source developers, and thanks the community for its important contributions and open standards-based technology, which Sun has adopted into many of its products.

Please note that portions of Software may be provided with notices and open source licenses from such communities and third parties that govern the use of those portions, and any licenses granted hereunder do not alter any rights and obligations you may have under such open source licenses, however, the disclaimer of warranty and limitation of liability provisions in this Agreement will apply to all Software in this distribution.

So, here it is in a nutshell: When you download NetBeans, you click through a license. That license says "This license covers everything except the parts that are covered by open source licenses." Which, in this case, happens to be...all of NetBeans. For a lawyer, it is perfectly clear because it says it doesn't supercede the open source stuff - how could anyone read it and not figure that out?

For an engineer downloading software, the first thing you look for isn't what the license says it doesn't cover - and probably nobody expects a license agreement to say "This agreement doesn't apply to a bunch of stuff, and by the way, one of the things it doesn't apply to is the product you're downloading."

The agreement is, as I mentioned, boilerplate. It was created for closed-source software that uses open source components. It applies equally well to both, but I can't blame anyone for misunderstanding it - I did. And it's totally non-intuitive to find that on an open-source project's download page.

To be fair, I'm not saying that Elliotte is now perfectly happy about the agreement - we exchanged some emails, and it's clear he doesn't really like the agreement as it applies to Java either. At the same time, one of the things he objects to is the indemnity clause (4e) - we exchanged some emails about that, and do you know what? Neither of us noticed that that section is about redistributing libraries that are part of Java (i.e. the JDK, or JavaHelp, for example). So we were both talking nonsense to each other.

Also to be fair, there are people who will object to the very fact that NetBeans links to libraries that are not open source, even though they are all either parts of the JDK or Java standards like JavaHelp or JMI - even though they are under the same license as Java itself.

So let this be a cautionary tale about what happens when engineers read - or especially, skim - legal agreements. I had a lengthy, and ultimately useless (my fault) conversation about the indemnity clause, because neither of us had noticed that it doesn't apply to NetBeans users. The rumor could have taken on a life of its own and done quite a bit of harm (and nobody here was trying to do harm) - it was already repeated once. It wouldn't have been true, but that doesn't matter with rumors.

Richard Feynman once wrote about his experience reviewing science textbooks for the state of California in the 50s. It turned out that the book the group gave the highest marks to consisted entirely of blank pages. The publisher couldn't get it done on time, but the law required they submit a book by the deadline. And the reviewers gave it high marks because nobody had actually opened it. It's incredibly easy for debates to get wildly off the mark, especially when they involve texts that a lot of people don't enjoy reading anyway - like (unfortunately) a science textbook...or a software license.

Anyway, there's a happy ending here: I don't like that legal agreement either. There's no click through license on other open source projects when I download them. Why should NetBeans have to have one? Well, we get our wish. The click through license on the download page will be deleted. Let me repeat that, loudly:

For those who downloaded NetBeans, there's no need to delete it or download it again - as I hope I've made clear, your copy of NetBeans is covered under the SPL - it always was. But I'm very happy to see this confusing and unnecessary piece of legalese go.

So, thank you, Elliott and Weiqi, for helping to make that happen.

Now perhaps I'll get to spend some time coding.

Comments

• This here is why I am of the firm belief that there has to be a better way of showing licenses to people. Personally, I'm a big fan of the Creative Commons summery pages, which are available in both human and machine readable formats, and I would like to see some concerted effort made to translate, and promote use of other licenses to this format. To prove that its possible, CC have created a human readable summery of the GPL 2.0 and the LGPL 2.1.

  Posted by: aidan_walsh on July 29, 2005 at 02:15 AM

• Something similar needs to be done (and fast) for the license agreement popups that kill a developer building netbeans.
  the -Dnetbeans.no.pre.unscramble=true ant flag doesn't help either. PLEASE get these zillion legal agreement popups outa the way when netbeans is built. Let there be a single human readable agreement for the whole build process.

  Posted by: bharathch on July 29, 2005 at 02:39 AM

• As you point out this is backwards. I'm asked to give consent to a broad license agreement, and then hidden somewhere in it is a clause you claim says this agreement doesn't apply to the pieces inside. (Actually, I'm not as convinced it actually says that as you are, even if that was the intent. Judges do funny things sometimes; but let's assume that is indeed what it says for the moment.)

  
  My concern is thatI have to agree to this license with no indication of which parts of the download will and will not later be excluded from the agreement. When I negotiate a real contract, there are often several pages of amendments and additions to the standard contract that was originally offered. I do not first sign the standard contract and only then begin negotiating all the amendments and additions that will substantially change the total deal. Instead myself and the other party (and our lawyers, and our agents, and so forth) haggle over almost every paragraph and sentence in the entire thing, both contract and amendments and additions until we've got something we can all agree to.

  
  Eliminating this license completely is certainly good; but if that only means it shows up later in a popup screen in the installer or something it hasn't really helped. What's needed is two fold. First, a complete list of which terms apply to what that is included as part of the agreement. Second, a download that includes only the open source parts and does not include questionable parts like the Sun VM or compiler.

  Posted by: elharo on July 29, 2005 at 05:46 AM

• I agree completely. All of the stuff should be itemized - and will be.

  Re the split download - I'm for that with caveats: I want to make sure we do that in a way that someone who is looking to download a working IDE won't actually download one piece of that and wonder why what they've got doesn't do anything. And it ought to be set up so that a developer who is adding a library they use doesn't have to do an ungodly amount of work to get the itemized list and split download updated, because that puts a damper on innovation.

  BTW, most/all of this stuff is not relevant to the NetBeans platform, which doesn't contain a java compiler or the servlet API (JavaHelp is there but easy to pull out).

  Posted by: timboudreau on July 29, 2005 at 09:31 AM

• 
  Summery

  Of, intended for, or suggesting summer.

  Posted by: applebanana8 on July 30, 2005 at 03:02 AM

• Human-readable licenses are not exactly the speciality of Sun's legal team. The JCP license for individuals is a ten page botch job. The SCA which you need on top of that for Mustang contributions is only on page, but contains such pearls like:

  You hereby grant to Sun, and to any party who receives Your Contribution, a perpetual, non-exclusive, worldwide,
  no-charge, royalty-free, patent license to make, have made, use, sell, offer to sell, import and otherwise transfer Your
  Contribution, where such license applies only to those patent claims licensable by You that are infringed by Your
  Contribution alone or by combination of Your Contribution with the work to which such Contributions were submitted.
  No patent license is granted: (a) for any code that a licensee has deleted from Your Contribution; or (b) for infringements
  caused by either: (i) third party modifications of Your Contribution, or (ii) the combination of Your Contribution with
  other software or other devices if such combination causes the infringement.

  Sure yes, excuse me while I finish my law studies before I sign this? And do you want my first-born with it? And while we are at it, let me quickly sign the JRL, JDL, and JIUL, just for good measure. One never knows. Oh, I almost forgot the CDDL, no wait, that one is for whatever else but not Java. But the BCLA is a must, or isn't it? Of course with SLTs including a License to Distribute Redistributables? Argh!

  What Sun lawyers probably haven't got is that their audience does not only consist of lawyers, but primarily of software developers and end users without a law degree and no access to (or no wilingness to spend money on) a lawyer specialized in contract law, interlectual property rights and international copyright law. For many of these software developers English isn't even their first language. Ok, ok, it is obvious that English is also not Sun layers' first language :-)

  Misunderstandings as the one reported in this blog will continue as long as Sun doesn't fix the real problems. The amount of licenses and the language in which they are written.

  Posted by: ewin on July 30, 2005 at 09:34 AM

• Cool, Tim! Score one more point for the engineers in the engineers vs. legal team ping-pong match :)

  Posted by: richunger on July 31, 2005 at 09:31 PM

• Thanks Tim, I mentioned this a couple of times already on javalobby and here, glad someone else pointed this out as well.
  I actually do read the whole license of just about everything I download; and consequently never got to download netbeans as I don't want to spent time on something I can't redistribute after maybe fixing things.
  So; I'll wait for the page to be actually removed, and then for the first time in my life; I might even get a look at what this netbeans things really is. :)

  Posted by: zander on August 02, 2005 at 03:46 AM

• Having been forced to learn a little about legalities of things, I should also point out that it doesn't actually matter too much what the license says. The website clearly states that Netbeans is open source, the intention for it to be open source is clear, and if the license said it wasn't and it went to court, the license would be found to be incorrect (alternatively, Sun would be liable to a huge class action lawsuit for deliberately misleading anyone who ever downloaded Netbeans).

  I can agree to a license that says I am not a human being - it doesn't make it so, not even as a legal nicety.

  Posted by: jacksjpt on August 03, 2005 at 05:56 AM

• I guess when you read license agreements, you have to think like a hacker instead of an engineer ;-)

  Posted by: splante on August 05, 2005 at 07:50 AM

• I just have to say it, yet another reason to make JDK truly open source, being able to see the code and send in fixes is not a open source model no matter how much SUN wants us to think that it is.

  Another big reason for Open Sourcing JAVA is the Native compilation problem, even thou you can use GCJ with SWT, and AWT, there is no way to fully compile a real world Swing application to native Win32, Linux, or *NIX. At least allow for partial library distribution, like SWT.

  My advice to SUN since you are going to give software for Free and charge for Service, and since Solaris is already (partially) Open Source and to me Solaris is the most important SUN product... Heck, GO FOR IT, The Full Monty and Open Source all the way, but use one of the OSI approved licenses like the Apache license or the BSD license and fire all your layers (or have them do service contracts).

  As an investor I do not have a problem with this, you are making no money out of Java/JDK per se, and you wore making money out of Solaris and made it Open Source, what is the big deal about open sourcing JAVA?

  
  The current model “See but don't Touch” is simple not working, not working for us the developers, and not working for SUN, that sometimes is playing catch-up to a much more recent platform that is .NET because they are doing stuff that the Open Source community very well could do for them.
  

  Posted by: danielmd on August 06, 2005 at 12:40 AM

• Any news on the removal? There is still a license page...

  Posted by: zander on August 14, 2005 at 09:43 AM

• Turns out we have to do something or other for all the historical releases as well, so we've been iterating with the lawyers on clear, unambiguous text for those. I know that sounds Dilbert-esque, but lawyers are paid to be paranoid.

  I made a committment, and what I said will happen will happen. I will post a follow-up here as soon as it does.

  Posted by: timboudreau on August 14, 2005 at 10:20 AM

• Good luck with the lawyers, Tim.
  Various people have gone with fine combs through Sun Microsystem's BCL and derivatives (the NetBeans license you link to seems to be a relative of the BCL), and found it poorly worded, ambiguous, and too broad for their taste. See various discussions regarding that sort of licenses in Debian and other distributions.
  cheers,
  dalibor topic
  

  Posted by: robilad on August 18, 2005 at 02:35 PM

• danielmd: as for natively compiling swing apps on OS X and Win32 using gcj, here is a bit of good news: a new set of peers just entered GNU Classpath last week, built on Qt4. Qt4 is available on all major desktop platforms.
  cheers,
  dalibor topic

  Posted by: robilad on August 18, 2005 at 02:37 PM

• danielmd: As for Sun Microsystems firing all their lawyers ... If the lawyers are drafting the licenses according to the management's wishes, then the problem are the people telling them to draft such nonsensical licenses. Those are the people you'd have to lay off as an investor to fix the problem. Good luck.

  cheers,
  dalibor topic

  Posted by: robilad on August 18, 2005 at 02:53 PM

• alarm beyonce lyric ring
  bad credit debt consolidation
  angel locsin
  billy gilman
  debt consolidation
  famous daves
  gold digger
  golds gym
  chell rell
  bob esponja
  consolidation federal loan student
  bobs furniture
  insurance lead
  consolidation loan
  corporate gift basket
  jennifer beals
  katrina halili
  kelly ripa
  bounty dog hunter
  bridge fergie london lyric
  brinkley christie
  bronx zoo
  corporate gift idea
  lead mlm
  lead mortgage
  pepsi cola
  acid battery lead sealed
  power ranger spd
  private voyeur
  rolex replica
  credit card consolidation
  brookfield zoo
  chris daughtry
  daisy fuentes
  ronnie coleman
  snow patrol lyric
  term life insurance quote
  tony matterhorn
  weider
  dannii minogue
  destinys child
  dierks bentley
  

  Posted by: skwer on January 12, 2007 at 03:14 PM

This work is licensed under a Creative Commons License.