Merge pull request #6040 from geekpi/master

translated
This commit is contained in:
geekpi 2017-09-07 08:38:22 +08:00 committed by GitHub
commit 978ebaba1e
2 changed files with 63 additions and 64 deletions

View File

@ -1,64 +0,0 @@
translating----geekpi
An economically efficient model for open source software license compliance
============================================================
### Using open source the way it was intended benefits your bottom line and the open source ecosystem.
![An economically efficient model for open source software license compliance](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/LAW_EvidencedBasedIP_520x292_CS.png?itok=mmhCWuZR "An economically efficient model for open source software license compliance")
Image by : opensource.com
"The Compliance Industrial Complex" is a term that evokes dystopian imagery of organizations engaging in elaborate and highly expensive processes to comply with open source license terms. As life often imitates art, many organizations engage in this practice, sadly robbing them of the many benefits of the open source model. This article presents an economically efficient approach to open source software license compliance.
Open source licenses generally impose three requirements on a distributor of code licensed from a third party:
1. Provide a copy of the open source license(s)
2. Include copyright notices
3. For copyleft licenses (like GPL), make the corresponding source code available to the distributees
_(As with any general statement, there may be exceptions, so it is always advised to review license terms and, if necessary, seek the advice of an attorney.)_
Because the source code (and any associated files, e.g. license/README) generally contains all of this information, the easiest way to comply is to simply provide the source code along with your binary/executable application.
The alternative is more difficult and expensive, because, in most situations, you are still required to provide a copy of the open source licenses and retain copyright notices. Extracting this information to accompany your binary/executable release is not trivial. You need processes, systems, and people to copy this information out of the sources and associated files and insert them into a separate text file or document.
The amount of time and expense to create this file is not to be underestimated. Although there are software tools that may be used to partially automate the process, these tools often require resources (e.g., engineers, quality managers, release managers) to prepare code for scan and to review the results for accuracy (no tool is perfect and review is almost always required). Your organization has finite resources, and diverting them to this activity leads to opportunity costs. Compounding this expense, each subsequent release—major or minor—will require a new analysis and revision.
There are also other costs resulting from not choosing to release sources that are not well recognized. These stem from not releasing source code back to the original authors and/or maintainers of the open source project, an activity known as upstreaming. Upstreaming alone seldom meets the requirements of most open source licenses, which is why this article advocates releasing sources along with your binary/executable; however, both upstreaming and providing the source code along with your binary/executable affords additional economic benefits. This is because your organization will no longer be required to keep a private fork of your code changes that must be internally merged with the open source bits upon every release—an increasingly costly and messy endeavor as your internal code base diverges from the community project. Upstreaming also enhances the open source ecosystem, which encourages further innovations from the community from which your organization may benefit.
So why do a significant number of organizations not release source code for their products to simplify their compliance efforts? In many cases, this is because they are under the belief that it may reveal information that gives them a competitive edge. This belief may be misplaced in many situations, considering that substantial amounts of code in these proprietary products are likely direct copies of open source code to enable functions such as WiFi or cloud services, foundational features of most contemporary products.
Even if changes are made to these open source works to adapt them for proprietary offerings, such changes are often de minimis and contain little new copyright expression or patentable content. As such, any organization should look at its code through this lens, as it may discover that an overwhelming percentage of its code base is open source, with only a small percentage truly proprietary and enabling differentiation from its competitors. So why then not distribute and upstream the source to those non-differentiating bits?
Consider rejecting the Compliance Industrial Complex mindset to lower your cost and drastically simplify compliance. Use open source the way it was intended and experience the joy of releasing your source code to benefit your bottom line and the open source ecosystem from which you will continue to reap increasing benefits.
------------------------
作者简介
Jeffrey Robert Kaufman - Jeffrey R. Kaufman is an Open Source IP Attorney for Red Hat, Inc., the worlds leading provider of open source software solutions. Jeffrey also serves as an adjunct professor at the Thomas Jefferson School of Law. Previous to Red Hat, Jeffrey served as Patent Counsel at Qualcomm Incorporated providing open source counsel to the Office of the Chief Scientist. Jeffrey holds multiple patents in RFID, barcoding, image processing, and printing technologies.[More about me][2]
--------------------------------------------------------------------------------
via: https://opensource.com/article/17/9/economically-efficient-model
作者:[ Jeffrey Robert Kaufman ][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://opensource.com/users/jkaufman
[1]:https://opensource.com/article/17/9/economically-efficient-model?rate=0SO3DeFAxtgLdmZxE2ZZQyTRTTbu2OOlksFZSUXmjJk
[2]:https://opensource.com/users/jkaufman
[3]:https://opensource.com/user/74461/feed
[4]:https://opensource.com/users/jkaufman
[5]:https://opensource.com/users/jkaufman
[6]:https://opensource.com/users/jkaufman
[7]:https://opensource.com/tags/law
[8]:https://opensource.com/tags/licensing
[9]:https://opensource.com/participate

View File

@ -0,0 +1,63 @@
开源软件许可证合规的经济有效的模式
============================================================
### 使用开源的方式有利于你的底线以及开源生态系统。
![An economically efficient model for open source software license compliance](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/LAW_EvidencedBasedIP_520x292_CS.png?itok=mmhCWuZR "An economically efficient model for open source software license compliance")
图片来源 opensource.com
“合规性工业联合体” 是一个术语,它会唤起那些经历精心设计并且花费昂贵流程的组织的反乌托邦意象, 以遵守开源许可条款
。由于生活经常模仿艺术,许多组织使用这种做法,可惜的是它们剥夺了许多开源模型的好处。本文介绍了一种经济有效的开源软件许可证合规性方法。
开源许可证通常对从第三方许可的代码分发者有三个要求:
1. 提供开源许可证的副本
2. 包括版权声明
3. 对于 copyleft 许可证(如 GPL将相应的源代码提供给接受者。
_与任何一般性声明一样可能会有例外情况因此始终建议审查许可条款如有需要请咨询律师的意见。_
因为源代码(以及任何相关的文件,例如:许可证/README通常都包含所有这些信息所以遵循的最简单的方法就是随着二进制/可执行程序一起提供源代码。
替代方案更加困难并且昂贵,因为在大多数情况下,你仍然需要提供开源许可证的副本并保留版权声明。提取这些信息来结合你的二进制/可执行版本并不简单。你需要流程、系统和人员从源代码和相关文件中复制此信息,并将其插入到单独的文本文件或文档中。
不要低估创建此文件的时间和费用。虽然有工具也许可以自动化部分流程,但这些工具通常需要资源(例如工程师、质量经理、发布经理)来准备扫描代码并对结果进行评估(没有完美的工具,几乎总是需要审查)。你的组织资源有限,将其转移到此活动会增加机会成本。加上这笔费用,每个后续版本 - 主要或次要 - 将需要一个新的分析和修订。
选择不发布不能被很好识别的源码还会增加其他的成本。这些根源在于不向开源项目的原始作者和/或维护者发布源代码, 这一活动称为上游化。独自上游化很少满足大多数开源许可证的要求,这就是为什么这篇文章主张与你的二进制/可执行文件一起发布源代码。然而,上游化和提供源代码以及二进制/可执行文件都能提供额外的经济效益。这是因为你的组织不再需要保留随着每次发布合并开源代码修改的私有分支 - 由于你的内部代码库与社区项目不同,这将是越来越消耗和凌乱的工作。上游化还增强了开源生态系统,它会鼓励社区创新,从中你的组织或许也会收益。
那么为什么大量的组织不会为其产品发布源代码来简化其合规性工作?在许多情况下,这是因为他们认为这可能会暴露他们竞争优势的信息。考虑到这些专有产品中的大量代码可能是开源代码的直接副本,以支持诸如 WiFi 或云服务这些当代产品的基础功能,这种信念可能是错误的。
即使对这些开源作品进行了修改来适配其专有产品,这些更改也往往是微不足道的,并包含了很少的新的版权或可用来专利的内容。因此,任何组织都应该通过这种方式来查看其代码,因为它可能会发现其代码库中绝大部分是开源的,只有一小部分是真正专有的,并且能够与竞争对手区分开来。那么为什么不分发并向上游提交这些没有差别的代码呢?
考虑拒绝遵从工业联合体的思维方式, 以降低成本并大大简化合规性。使用开源的方式,并体验发布你的源代码的乐趣,以造福于你的底线和开源生态系统,从中你将继续收获更多的利益。
------------------------
作者简介
Jeffrey Robert Kaufman - Jeffrey R. Kaufman 是全球领先的开源软件解决方案提供商红帽公司的开源知识产权律师。Jeffrey 还担任着 Thomas Jefferson 法学院的兼职教授。 在加入红帽前Jeffrey 在高通担任专利法律顾问,为首席科学家办公室提供开源顾问。 Jeffrey 在 RFID、条形码、图像处理和打印技术方面拥有多项专利。[更多关于我][2]
--------------------------------------------------------------------------------
via: https://opensource.com/article/17/9/economically-efficient-model
作者:[ Jeffrey Robert Kaufman ][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://opensource.com/users/jkaufman
[1]:https://opensource.com/article/17/9/economically-efficient-model?rate=0SO3DeFAxtgLdmZxE2ZZQyTRTTbu2OOlksFZSUXmjJk
[2]:https://opensource.com/users/jkaufman
[3]:https://opensource.com/user/74461/feed
[4]:https://opensource.com/users/jkaufman
[5]:https://opensource.com/users/jkaufman
[6]:https://opensource.com/users/jkaufman
[7]:https://opensource.com/tags/law
[8]:https://opensource.com/tags/licensing
[9]:https://opensource.com/participate