When engineers (sort-of) read licenses - a cautionary tale
My week began with a licensing debate. While those tend to be endless, this one, I hope, can be finite. It started when Elliotte Rusty Harold wrote in his
blog the following:
...the download requires me to accept a non-open-source license that severely restricts what I'm
allowed to do. I've heard Sun claim that Netbeans is open source, but that doesn't seem to be true.
So I went to the NetBeans download page, to see what he was talking about. And took a look at the license, and
said to myself..."Whoa...this is a major screw-up!" Here was, indeed, this rather scary legal text.
It didn't look like an open source license to me either. But it's what you agree to when you download
NetBeans builds. Did I scroll down and go through the whole thing with a fine toothed comb? Nope. Neither did anybody else -
that's the cautionary part of this tale.
The license text he's referring to is this. It's actually the same text you agree to when
you download the JDK. And indeed, it doesn't look anything like an open source license. And I wrote to Elliotte, to mention that,
- I know for a fact that that license agreement is only intended
to apply to
libraries like javac and JavaHelp that NetBeans links to at runtime, not NetBeans itself, and
- It's the same
license agreement that you agree to when you download the JDK, so how could someone be okay with agreeing to that for the JDK but
have a huge problem with the same license when it comes to some libraries their IDE uses?
In other words, nothing fiendish or heinous is going on here, there's no devious plot, at worst it's a screw-up.
The license agreement is a bit of
legal boilerplate. It is the result of a bunch of folks like me complaining that everything
you download from Sun had its own unique, slightly different license agreement, and why couldn't we just
have a generic agreement for most things and simplify everything. It worked.
It got simplified. And it actually was done correctly, as you'll see below.
But the document is written so perfectly backwards for an open source site that it's
almost impossible to tell that.
It definitely means I should be careful what I wish for. Correct doesn't
necessarily mean human-readable.
In the meantime, Weiqi Gao picked up on what
Elliotte had written, and repeated it, but his blog restated it as fact, saying flatly that NetBeans
isn't open source. And that's the danger of this sort of thing - misinformation spreads, and nobody necessarily
goes back and checks it. And we were all, myself included, not reading the whole thing. It just smelled
bad, and we all said, "Yup, smells bad."
But the license text doesn't look like an open source license at all. In fact it isn't one.
How in the world could that be kosher?
I asked our legal folks about
it, and they replied, in essence, "What's wrong with it? The license specifically mentions what it covers."
How could a lawyer think that it's perfectly clear that this agreement only applies to the libraries
that are linked to by NetBeans, and I and everyone else would see something completely different?
I put on my thinking cap, and tried to think like a lawyer for a minute. It hurt like hell and
I took my thinking cap off.
The answer is really an impedance mismatch in the kind of reasoning an engineer uses when
he or she says "Let's see how this software is licensed," and the reasoning of a lawyer thinking about
a legal agreement. If you're a lawyer, you look for the holes first.
So I went back and really read it this time.
For the missing piece of the puzzle, you have to scroll way down to section 6, which says:
Sun supports and benefits from the global community of open source developers, and thanks the
community for its important contributions and open standards-based technology, which Sun
has adopted into many of its products.
Please note that portions of Software may be provided with notices and open source licenses
from such communities and third parties that govern the use of those portions, and any
licenses granted hereunder do not alter any rights and obligations you may have under such
open source licenses, however, the disclaimer of warranty and limitation of liability provisions
in this Agreement will apply to all Software in this distribution.
So, here it is in a nutshell: When you download NetBeans, you click through a license. That license
says "This license covers everything except the parts that are covered by open source licenses."
Which, in this case, happens to be...all of NetBeans. For a lawyer, it is perfectly clear because it
says it doesn't supercede the open source stuff - how could anyone read it and not figure that out?
For an engineer downloading software, the first thing you look for isn't what the license
says it doesn't cover - and probably nobody expects a license agreement to say "This agreement
doesn't apply to a bunch of stuff, and by the way, one of the things it doesn't apply to is the
product you're downloading."
The agreement is, as I mentioned, boilerplate. It was created for closed-source software
that uses open source components. It applies
equally well to both, but I can't blame anyone for misunderstanding it - I did.
And it's totally non-intuitive to find that on an open-source project's download page.
To be fair, I'm not saying that Elliotte is now perfectly happy about the agreement - we
exchanged some emails, and it's clear he doesn't really like the agreement as it applies to Java either. At
the same time, one of the things he objects to is the indemnity clause (4e) - we exchanged some emails about
that, and do you know what? Neither of us noticed that that section is about redistributing
libraries that are part of Java (i.e. the JDK, or JavaHelp, for example). So we were both talking nonsense to
Also to be fair, there are people who will object to the very fact that NetBeans links to
libraries that are not open source, even though they are
all either parts of the JDK or Java standards like JavaHelp or JMI -
even though they are under the same license as Java itself.
So let this be a cautionary tale about what happens when engineers read - or especially, skim -
legal agreements. I had a lengthy, and ultimately useless (my fault) conversation about
the indemnity clause, because neither of us had noticed that it doesn't apply to NetBeans users.
The rumor could have taken on a life of its own and done quite a bit of harm (and nobody here was trying to do harm) - it was already repeated once. It wouldn't have been true, but that doesn't matter with rumors.
Richard Feynman once
about his experience reviewing science textbooks for the state of
California in the 50s. It turned out that the book the group gave
the highest marks to consisted entirely of blank pages. The
publisher couldn't get it done on time, but the law required they
submit a book by the deadline. And the reviewers gave it high marks
because nobody had actually opened it. It's incredibly easy for
debates to get wildly off the mark, especially when they involve
texts that a lot of people don't enjoy reading anyway - like
(unfortunately) a science textbook...or a software license.
Anyway, there's a happy ending here: I don't like that legal agreement either. There's no click through license
on other open source projects when I download them. Why
should NetBeans have to have one? Well, we get our wish. The click through license on the download page will be deleted. Let me repeat that, loudly:
For those who downloaded NetBeans, there's no need to delete it or download it again - as I hope I've made
clear, your copy of NetBeans is covered under the SPL - it always was.
But I'm very happy to see this confusing and unnecessary piece of legalese go.
So, thank you, Elliott and Weiqi, for helping to make that happen.
Now perhaps I'll get to spend some time coding.