OFBiz Licensing

> Hi All,
> I'm having difficulty understanding the Apache license which is applied to
> OFBiz. I'm a system integrator and one of my clients has a CRM solution
> based on OFBiz, which was customised by a third party. This third party
> charged ALOT of money ($50k+) to develop these customisations, and is
> charging extortive rates to do any kind of work on the software, including
> bug fixes in the areas they customised.
>
> My client wants to use someone else to continue work on developing OFBiz for
> numerous reasons. The developer is witholding source code, saying that it
> belongs to them, and that any further work on the system must be done
> through them. My argument was they took someone elses code and passed it off
> as their own for profit (They never told the client it was OFBiz, and gave
> no credit to Apache).
>
> By my understanding of Open Source, Free Software, etc. etc., I thought that
> it was wrong to take software licensed under FSF/Apache licenses, then make
> a few changes, and do a binary-only sale to a customer, prohibiting them
> from making changes as they see fit. Kind of defeats the purpose in my mind,
> i.e. Free as in Freedom, and all that jazz.
>
> Is a developer, in this circumstance, required to provide the source code
> for the OFBiz customisations, along with binaries to the end-user? Are they
> exploiting the free software philosophy and breaching the license, or have I
> got it all wrong?
>
> Or am I asking this question in the wrong place....
> Really appreciate any input on this. Thanks!

> This may help:
> http://apache.org/foundation/licence-FAQ.html#WhatDoesItMEAN
>
> Assuming the third party owns the customizations then they are free to license it however they like.  I would get a lawyer involved to help find out who does actually own the code that was written.
>
> Regards
> Scott
>
> HotWax Media
> http://www.hotwaxmedia.com
> 801.657.2909
>
> ----- Original Message -----
> From: "mcat" <[hidden email]>
> To: [hidden email]
> Sent: Monday, June 15, 2009 12:49:06 PM (GMT+1000) Auto-Detected
> Subject: OFBiz Licensing
>
>
> Hi All,
> I'm having difficulty understanding the Apache license which is applied to
> OFBiz. I'm a system integrator and one of my clients has a CRM solution
> based on OFBiz, which was customised by a third party. This third party
> charged ALOT of money ($50k+) to develop these customisations, and is
> charging extortive rates to do any kind of work on the software, including
> bug fixes in the areas they customised.
>
> My client wants to use someone else to continue work on developing OFBiz for
> numerous reasons. The developer is witholding source code, saying that it
> belongs to them, and that any further work on the system must be done
> through them. My argument was they took someone elses code and passed it off
> as their own for profit (They never told the client it was OFBiz, and gave
> no credit to Apache).
>
> By my understanding of Open Source, Free Software, etc. etc., I thought that
> it was wrong to take software licensed under FSF/Apache licenses, then make
> a few changes, and do a binary-only sale to a customer, prohibiting them
> from making changes as they see fit. Kind of defeats the purpose in my mind,
> i.e. Free as in Freedom, and all that jazz.
>
> Is a developer, in this circumstance, required to provide the source code
> for the OFBiz customisations, along with binaries to the end-user? Are they
> exploiting the free software philosophy and breaching the license, or have I
> got it all wrong?
>
> Or am I asking this question in the wrong place....
> Really appreciate any input on this. Thanks!

>
> Hi All,
> I'm having difficulty understanding the Apache license which is  
> applied to
> OFBiz. I'm a system integrator and one of my clients has a CRM  
> solution
> based on OFBiz, which was customised by a third party. This third  
> party
> charged ALOT of money ($50k+) to develop these customisations, and is
> charging extortive rates to do any kind of work on the software,  
> including
> bug fixes in the areas they customised.
>
> My client wants to use someone else to continue work on developing  
> OFBiz for
> numerous reasons. The developer is witholding source code, saying  
> that it
> belongs to them, and that any further work on the system must be done
> through them. My argument was they took someone elses code and  
> passed it off
> as their own for profit (They never told the client it was OFBiz,  
> and gave
> no credit to Apache).
>
> By my understanding of Open Source, Free Software, etc. etc., I  
> thought that
> it was wrong to take software licensed under FSF/Apache licenses,  
> then make
> a few changes, and do a binary-only sale to a customer, prohibiting  
> them
> from making changes as they see fit. Kind of defeats the purpose in  
> my mind,
> i.e. Free as in Freedom, and all that jazz.
>
> Is a developer, in this circumstance, required to provide the source  
> code
> for the OFBiz customisations, along with binaries to the end-user?  
> Are they
> exploiting the free software philosophy and breaching the license,  
> or have I
> got it all wrong?
>
> Or am I asking this question in the wrong place....
> Really appreciate any input on this. Thanks!
> --
> View this message in context: http://www.nabble.com/OFBiz-Licensing-tp24028119p24028119.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
>

>
> Thanks very much for your thorough explanation. I think the main  
> point to
> take home here is to check and double check contracts with tech  
> consultants,
> not just lawyers. This particular client is dealing with a developer  
> of
> similar business size, and did scrutinize the contract but it seems  
> both
> management and legal misunderstood the potential 'technical' rights  
> they
> gave up (without knowing it) and future, unforseen technical/
> business issues
> they may have had. The reality is they needed a consultant (who  
> didn't stand
> to benefit from approval of the project!) to look at it all and  
> raise a red
> flag before proceeding. That is where I am now, pointing out milk  
> that's
> already been spilt.
>
> Thanks to all for helping me understand this. I did review the Apache
> license but the specific information I was looking for didn't jump  
> out at
> me. Much appreciated!
>
>
> David E Jones-4 wrote:
>>
>>
>> It's really unfortunate that your client is getting locked in by a
>> service provider. While that is very common in the commercial  
>> software
>> world, it is not as common in the open source world. However, there  
>> is
>> nothing in any open source license that can do anything about that  
>> and
>> it certainly happens sometimes.
>>
>> With the Apache/BSD/MIT/etc style license changes to the source code
>> are usually not encumbered at all, or are encumbered very little. In
>> other words, people who change or extend the code can pretty much do
>> whatever they want with their changes or extensions.
>>
>> With GPL style licenses things are a lot more complicated. The main
>> restriction of the license is that if some changes the code or writes
>> code that uses the GPL licensed code then they must make those  
>> changes
>> or that new code available under the GPL (or compatible) license, but
>> only if the code is "performed publicly". What that means is subject
>> to interpretation, but basically for your client it means either the
>> custom code (including code that may reveal trade secrets or
>> copyrighted information, etc... which is why customizing GPL code is
>> sometimes like playing Russian Roulette since it can be hard to
>> determine the risks and proper course of action in advance) must be
>> made available under the GPL license or if not publicly performed  
>> then
>> there is no licensing restriction. In other words, on the one hand
>> your client is required to open source (under the GPL) everything
>> developed for them, and on the other hand the service provider can do
>> whatever they want, within the bounds of the contract between the
>> service provider and the client.
>>
>> Anyway (just as Scott wrote), whatever open source or commercial
>> license is involved for tools or software libraries used the  
>> ownership
>> and allowed use of the customized code is totally determined by the
>> agreement between the service provider and the client, which may or
>> may not be subject to restrictions by licensing terms of tools and
>> libraries (like OFBiz).
>>
>> It's unfortunate that some service providers choose to do business
>> this way, but it is their choice. The is something for ALL end-users
>> to be aware of when they are working with a service provider, with
>> OFBiz or any other software. Service providers certainly can do
>> business this way, and there may be valid reasons for doing so... but
>> it is "slimy" to not make it clear to the client, and usually if a
>> service provider does business this way they will charge less than a
>> comparable service provider who does not do it this way (because the
>> result is of less value to the client).
>>
>> On the other hand, if there was a contract and the client didn't read
>> or understand it (including the terms related to who owns the work
>> product and what use is allowed), then they may be in a situation  
>> that
>> they were both unaware of AND that they can't do anything about.
>>
>> For most contracts of this size (it's really fairly small, depending
>> on which country you are in) chances are there wasn't a super-formal
>> agreement or contract written and even if there was it could cost WAY
>> more than $50k for the client to enforce the contract and make the
>> service provider give up the source code, and not just a lot of money
>> but a lot of time too.
>>
>> The good news that this doesn't happen a whole lot with open source
>> software, but that doesn't really help your client. If your client
>> were using commercial software this would be the EXPECTED way for
>> things to work. With most commercial software as a user you typically
>> get very few rights, sometimes few rights to your customizations too
>> (and of course your customizations are worthless without the
>> commercial software to run them on), and it is normal for the  
>> software
>> vendor and/or customizer to be way larger than the end-user and to
>> push them around a lot, and really the only choice the end-user has  
>> is
>> to purchase the software or not (or sometimes negotiate alternate
>> licensing terms, but only if they are offering the vendor a really  
>> BIG
>> deal).
>>
>> -David
>>
>>
>> On Jun 14, 2009, at 8:49 PM, mcat wrote:
>>
>>>
>>> Hi All,
>>> I'm having difficulty understanding the Apache license which is
>>> applied to
>>> OFBiz. I'm a system integrator and one of my clients has a CRM
>>> solution
>>> based on OFBiz, which was customised by a third party. This third
>>> party
>>> charged ALOT of money ($50k+) to develop these customisations, and  
>>> is
>>> charging extortive rates to do any kind of work on the software,
>>> including
>>> bug fixes in the areas they customised.
>>>
>>> My client wants to use someone else to continue work on developing
>>> OFBiz for
>>> numerous reasons. The developer is witholding source code, saying
>>> that it
>>> belongs to them, and that any further work on the system must be  
>>> done
>>> through them. My argument was they took someone elses code and
>>> passed it off
>>> as their own for profit (They never told the client it was OFBiz,
>>> and gave
>>> no credit to Apache).
>>>
>>> By my understanding of Open Source, Free Software, etc. etc., I
>>> thought that
>>> it was wrong to take software licensed under FSF/Apache licenses,
>>> then make
>>> a few changes, and do a binary-only sale to a customer, prohibiting
>>> them
>>> from making changes as they see fit. Kind of defeats the purpose in
>>> my mind,
>>> i.e. Free as in Freedom, and all that jazz.
>>>
>>> Is a developer, in this circumstance, required to provide the source
>>> code
>>> for the OFBiz customisations, along with binaries to the end-user?
>>> Are they
>>> exploiting the free software philosophy and breaching the license,
>>> or have I
>>> got it all wrong?
>>>
>>> Or am I asking this question in the wrong place....
>>> Really appreciate any input on this. Thanks!
>>> --
>>> View this message in context:
>>> http://www.nabble.com/OFBiz-Licensing-tp24028119p24028119.html
>>> Sent from the OFBiz - User mailing list archive at Nabble.com.
>>>
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/OFBiz-Licensing-tp24028119p24028786.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
>

> From: David E Jones <[hidden email]>
> Subject: Re: OFBiz Licensing
> To: [hidden email]
> Date: Sunday, June 14, 2009, 10:21 PM
>
> Personally I wouldn't trust most software consultants to
> make the call... maybe to recommend some things to watch out
> for, but probably not much more. Most lawyers familiar with
> software and/or intellectual property would be VERY aware of
> these sorts of factors. Even lawyers not familiar with these
> things general get the idea. Questions about who owns the
> work product and who is allowed to do what with the work
> product is most of what the contract is all about, so it is
> surprising that anyone reviewing a contract would miss it.
>
> In other words, if a contract said something like "Provider
> retains ownership of all intellectual property produced,
> including copyrights and patents as applicable, and hereby
> grants Client license to use software produced in binary
> form only or through deployed instance on a server
> controller by Provider", wouldn't that raise some red flags
> for anyone reading it? Maybe not, but it is pretty
> suspicious.
>
> If it's worth it to the client they should have a good IP
> and contracting attorney take a look at the contract and see
> if anything can be done. They may get lucky, or it may be
> they can't do anything, or it may be that they can but
> unless the provider gets scared by a letter from the lawyer
> (for a few hundred dollars) the only other option may be to
> spend tens of thousands of dollars on a lawsuit to resolve
> it.
>
> From my experience working with clients on these issues
> things never go to court. For small things a letter is sent
> here and there or a lawsuit filed and settled at the drop of
> a hat. For big things (like multi-million dollar contracts)
> there is just a lot of legal maneuvering and posturing to
> see how serious the other side is and it all comes down to
> what the client can get the provider to agree to, or
> vice-versa. In the real world it is just the unfortunate
> fact that both clients and providers can get away with quite
> a lot, but only a few times before others doing business
> with them walk away. For large clients and providers it
> often has more to do with an individual in the company than
> the company itself, and in those cases you're lucky because
> you can appeal to others in the company and likely get the
> issue resolved. For smaller companies... they usually get
> away with stuff for a while and eventually go out of
> business.
>
> Anyway, sorry for the long thoughts. I've run into this
> countless times over the years and in the end it's a natural
> risk of this sort of business, but there are things both
> clients and providers can do to help things work more
> smoothly. In my opinion these things very rarely have
> anything to do with contracts but rather things like getting
> paid partially in advance and giving clients access to the
> source repository or even using a source repository on the
> client's server (both of which should be mentioned in a
> contract, but it is doing them and not the fact that they
> are in the contract that makes a difference).
>
> -David
>
>
> On Jun 14, 2009, at 10:49 PM, mcat wrote:
>
> >
> > Thanks very much for your thorough explanation. I
> think the main point to
> > take home here is to check and double check contracts
> with tech consultants,
> > not just lawyers. This particular client is dealing
> with a developer of
> > similar business size, and did scrutinize the contract
> but it seems both
> > management and legal misunderstood the potential
> 'technical' rights they
> > gave up (without knowing it) and future, unforseen
> technical/business issues
> > they may have had. The reality is they needed a
> consultant (who didn't stand
> > to benefit from approval of the project!) to look at
> it all and raise a red
> > flag before proceeding. That is where I am now,
> pointing out milk that's
> > already been spilt.
> >
> > Thanks to all for helping me understand this. I did
> review the Apache
> > license but the specific information I was looking for
> didn't jump out at
> > me. Much appreciated!
> >
> >
> > David E Jones-4 wrote:
> >>
> >>
> >> It's really unfortunate that your client is
> getting locked in by a
> >> service provider. While that is very common in the
> commercial software
> >> world, it is not as common in the open source
> world. However, there is
> >> nothing in any open source license that can do
> anything about that and
> >> it certainly happens sometimes.
> >>
> >> With the Apache/BSD/MIT/etc style license changes
> to the source code
> >> are usually not encumbered at all, or are
> encumbered very little. In
> >> other words, people who change or extend the code
> can pretty much do
> >> whatever they want with their changes or
> extensions.
> >>
> >> With GPL style licenses things are a lot more
> complicated. The main
> >> restriction of the license is that if some changes
> the code or writes
> >> code that uses the GPL licensed code then they
> must make those changes
> >> or that new code available under the GPL (or
> compatible) license, but
> >> only if the code is "performed publicly". What
> that means is subject
> >> to interpretation, but basically for your client
> it means either the
> >> custom code (including code that may reveal trade
> secrets or
> >> copyrighted information, etc... which is why
> customizing GPL code is
> >> sometimes like playing Russian Roulette since it
> can be hard to
> >> determine the risks and proper course of action in
> advance) must be
> >> made available under the GPL license or if not
> publicly performed then
> >> there is no licensing restriction. In other words,
> on the one hand
> >> your client is required to open source (under the
> GPL) everything
> >> developed for them, and on the other hand the
> service provider can do
> >> whatever they want, within the bounds of the
> contract between the
> >> service provider and the client.
> >>
> >> Anyway (just as Scott wrote), whatever open source
> or commercial
> >> license is involved for tools or software
> libraries used the ownership
> >> and allowed use of the customized code is totally
> determined by the
> >> agreement between the service provider and the
> client, which may or
> >> may not be subject to restrictions by licensing
> terms of tools and
> >> libraries (like OFBiz).
> >>
> >> It's unfortunate that some service providers
> choose to do business
> >> this way, but it is their choice. The is something
> for ALL end-users
> >> to be aware of when they are working with a
> service provider, with
> >> OFBiz or any other software. Service providers
> certainly can do
> >> business this way, and there may be valid reasons
> for doing so... but
> >> it is "slimy" to not make it clear to the client,
> and usually if a
> >> service provider does business this way they will
> charge less than a
> >> comparable service provider who does not do it
> this way (because the
> >> result is of less value to the client).
> >>
> >> On the other hand, if there was a contract and the
> client didn't read
> >> or understand it (including the terms related to
> who owns the work
> >> product and what use is allowed), then they may be
> in a situation that
> >> they were both unaware of AND that they can't do
> anything about.
> >>
> >> For most contracts of this size (it's really
> fairly small, depending
> >> on which country you are in) chances are there
> wasn't a super-formal
> >> agreement or contract written and even if there
> was it could cost WAY
> >> more than $50k for the client to enforce the
> contract and make the
> >> service provider give up the source code, and not
> just a lot of money
> >> but a lot of time too.
> >>
> >> The good news that this doesn't happen a whole lot
> with open source
> >> software, but that doesn't really help your
> client. If your client
> >> were using commercial software this would be the
> EXPECTED way for
> >> things to work. With most commercial software as a
> user you typically
> >> get very few rights, sometimes few rights to your
> customizations too
> >> (and of course your customizations are worthless
> without the
> >> commercial software to run them on), and it is
> normal for the software
> >> vendor and/or customizer to be way larger than the
> end-user and to
> >> push them around a lot, and really the only choice
> the end-user has is
> >> to purchase the software or not (or sometimes
> negotiate alternate
> >> licensing terms, but only if they are offering the
> vendor a really BIG
> >> deal).
> >>
> >> -David
> >>
> >>
> >> On Jun 14, 2009, at 8:49 PM, mcat wrote:
> >>
> >>>
> >>> Hi All,
> >>> I'm having difficulty understanding the Apache
> license which is
> >>> applied to
> >>> OFBiz. I'm a system integrator and one of my
> clients has a CRM
> >>> solution
> >>> based on OFBiz, which was customised by a
> third party. This third
> >>> party
> >>> charged ALOT of money ($50k+) to develop these
> customisations, and is
> >>> charging extortive rates to do any kind of
> work on the software,
> >>> including
> >>> bug fixes in the areas they customised.
> >>>
> >>> My client wants to use someone else to
> continue work on developing
> >>> OFBiz for
> >>> numerous reasons. The developer is witholding
> source code, saying
> >>> that it
> >>> belongs to them, and that any further work on
> the system must be done
> >>> through them. My argument was they took
> someone elses code and
> >>> passed it off
> >>> as their own for profit (They never told the
> client it was OFBiz,
> >>> and gave
> >>> no credit to Apache).
> >>>
> >>> By my understanding of Open Source, Free
> Software, etc. etc., I
> >>> thought that
> >>> it was wrong to take software licensed under
> FSF/Apache licenses,
> >>> then make
> >>> a few changes, and do a binary-only sale to a
> customer, prohibiting
> >>> them
> >>> from making changes as they see fit. Kind of
> defeats the purpose in
> >>> my mind,
> >>> i.e. Free as in Freedom, and all that jazz.
> >>>
> >>> Is a developer, in this circumstance, required
> to provide the source
> >>> code
> >>> for the OFBiz customisations, along with
> binaries to the end-user?
> >>> Are they
> >>> exploiting the free software philosophy and
> breaching the license,
> >>> or have I
> >>> got it all wrong?
> >>>
> >>> Or am I asking this question in the wrong
> place....
> >>> Really appreciate any input on this. Thanks!
> >>> --View this message in context:
> >>> http://www.nabble.com/OFBiz-Licensing-tp24028119p24028119.html
> >>> Sent from the OFBiz - User mailing list
> archive at Nabble.com.
> >>>
> >>
> >>
> >>
> >
> > --View this message in context: http://www.nabble.com/OFBiz-Licensing-tp24028119p24028786.html
> > Sent from the OFBiz - User mailing list archive at
> Nabble.com.
> >
>
>