lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On 11/7/2016 11:27 AM, Russell Haley wrote:
> On Mon, Nov 7, 2016 at 3:37 AM, Ahmed Charles <acharles@outlook.com> wrote:
>> On 11/3/2016 10:21 AM, Russell Haley wrote:
>>> I don't think there was any emotional charge there? Everyone who wants
>>> your MIT licensed software portrayed as a legal risk please contact me
>>> and I will retract my statement.
>>>
>>> Russ
>>
>> If you've ever had to deal with copyright lawyers at large companies,
>> you'll know that all third party software has legal risk, whatever the
>> license is, unless you have been indemnified of that risk. If that
>> wasn't clear to you before, I'd encourage you to either do research or
>> engage a lawyer about it. It's entirely a non-trivial topic that you are
>> attempting to trivialize.
>>
>> Note, I'm not suggesting that the MIT license has an issue or that Lua
>> specifically has an issue, but the law is a complex space and you can
>> never simply state that something has no risk.
> 
> So for starters, I retract my original statement. I was hoping to wave
> the MIT License flag against FUD, but the outcome has been much
> different.
> 
> Thank you Ahmed for the correction. You're absolutely right as they
> provide indemnity services for OEM licensing and this statement is
> specifically in the section outlining OEM Re-distribution licenses
> (perhaps Jeff could have chimmed in on Thursday about this? lolz).
> Limiting liability in software is not a trivial matter. I wrote an
> entire email agreeing with you but then read their statement again:
> 
>>From http://www.activestate.com/lua ->
> 
> TURN-KEY LUA REDISTRIBUTION RIGHTS
> 
> "...ActiveLua OEM Edition takes the complexity out of open source
> licensing by guaranteeing assurance and eliminating legal risk that
> goes along with distributing Lua in commercial applications."
> 
> In the above mentioned statement "and" implies that the action of
> eliminating legal risk is directly related to the subject of open
> source licensing (correct me if I am wrong). If either " takes the
> complexity out of open source licensing by guaranteeing assurance" or
> "...eliminating legal risk that goes along with distributing Lua in
> commercial applications" was in it's own sentence I would agree with
> Ahmed. If they spelled out that external liability is mitigated due to
> indemnification services, I would agree with Ahmed. However, the
> statement implies a direct correlation between open source licensing,
> legal risk, and distributing Lua. It is my personal opinion that
> ActiveState had either unknowingly or willfully mischaracterized Lua
> and MIT licensed software as carrying "legal risk" similar to that of
> GPL licensed software through implying all open source software
> carries the same license characteristics.
> 
> So, let me try this again:
> 
> Due to the broad (but not complete) use of permissive licensing on the
> vast majority of libraries available from the Lua community, I would
> like to see ActiveState separate the two phrases in the above
> statement and specify what legal risk is eliminated through OEM
> licenses, or to clarify the permissiveness of Lua licensing.  More to
> my very original point, I think they should specify use of permissive
> licensing within Lua as it is - in my opinion - a strong case for why
> to use Lua over other languages.
> 
> And for the record, I have no problem being corrected. I simply wanted
> to point out where I think they are being disingenuous[1] (apparently
> I'm the only one not okay with that).
> 
> [1] From  http://www.thefreedictionary.com/disingenuous
> 
> Disingenuous -
> 1. Not straightforward or candid; insincere or calculating:
> "Increasingly, the question of immigration has become adisingenuous
> stalking-horse for race and racial hostility" (Tyler Stovall).
> 2. Pretending to be unaware or unsophisticated; faux-naïf.
> 3. Usage Problem Unaware or uninformed; naive.
> 
> These expressions and opinions are my own and should not be associated
> with others on the Lua Mailint list. I have no further comment on the
> subject.
> 
> Thanks!
> Russ

I was hoping to avoid going too deep into the legal aspect of this, but
well, why not? :P

The risk you seem to think is being implied is that of GPL-like licenses
and therefore, is against the code that the company writes becoming open
source itself. It turns out that isn't likely to be a risk that someone
can indemnify you from, so it's not really what's being talked about in
this instance. Companies usually have to ensure that their own engineers
know to not include code that they don't write and that's sufficient to
cover GPL concerns, i.e. you just ignore that the GPL and all the code
under it doesn't exist.

The risk that is being talked about is more vague, so I'll try just
giving a single example. Let's say someone claims that the garbage
collector used in Lua is a direct copy of a one written by them and
therefore, they want royalties for it's use. One way to get that is to
sue a specific redistributor (likely the one with the most money) and
either settle or win a court case.

In that scenario, indemnification would result in all suits going to the
party providing indemnification, rather than the other parties who paid
for the license agreement.

In other words, it has nothing to do with the permissiveness of the
license. And I don't actually know what ActiveState actually indemnifies
licensees from or whether it's worth it, but that's something they
discuss with their customers. As far as I can tell, if you one
understands the legal landscape well enough, their wording makes
complete sense and doesn't seem disingenuous at all.