Hi! Thank you for your insight. I wouldn't be overtly alarmed by this license issue, however if there is a more free alternative we should use it. I don't mind having inconveniences due to using more free software.
Struggle for our privacy, freedom of speech, and environment is inconvenient, but well worth the investment, however costly. The important framework improvements are "one-way data flow" and the underlying "state machine" (Redux-compatibility). Maybe server-side rendering. Looks like atleast InfernoJS proclaims support for those. Another take on the issue: https://medium.com/@dwalsh.sdlr/react-facebook-and-the-revokable-patent-license-why-its-a-paper-25c40c50b562 OAK ________________________________________ From: koha-devel-boun...@lists.koha-community.org [koha-devel-boun...@lists.koha-community.org] on behalf of Thomas Dukleth [kohade...@agogme.com] Sent: Friday, July 21, 2017 10:29 PM To: koha-devel@lists.koha-community.org Subject: [Koha-devel] ReactJS license problems Recently, people at the Apache Software Foundation have found that software released by Facebook using the Facebook BSD+Patents license, such as ReactJs, has patent terms which are incompatible with patent terms in Apache License version 2 (ALv2). Similar incompatibility seems to exist for patent terms in GPLv3 which Koha uses and GPLv2 which Koha had used previously. Unless Facebook chooses to fix the issue for ReactJS in some satisfactory manner as they have with RocksDB, there seems to be an insurmountable licensing issue preventing the use of ReactJS in Koha which had been proposed for the use with the OPAC. ReactJS alternatives such as Preact, https://preactjs.com/ , and Inferno, https://www.infernojs.org/ , should be investigated. Preact and Inferno use the permissively compatible MIT Athena license: https://github.com/developit/preact/blob/master/LICENSE, https://github.com/infernojs/inferno/blob/master/LICENSE.md . Inferno changed to the MIT Athena license in 2016 after previously using the Mozilla Public License version 2, https://github.com/infernojs/inferno/commit/144f96e8cf55c0ff3a7b27ab151f5d376b1106cc . In general, we need to be somewhat wary of potential licensing issues when using programming libraries. Merely reading the license file is not always sufficient for knowing the license which is applies to the software as in the example of ReactJS detailed further below. The license invocation statements may need to be read or parsed which could include every licensing header of every file. Furthermore, projects may change licenses over time which can introduce license conflicts as happened with ReactJS. REACTJS LICENSE HISTORY. Originally in 2013, Facebook released ReactJS under ALv2, , and required community contributors to submit to a contributors license agreement assigning all their rights to Facebook, https://github.com/facebook/react/commit/75897c2dcd1dd3a6ca46284dd37e13d22b4b16b4 . In 2014, the license terms were changed to Facebook BSD+Patents, https://github.com/facebook/react/commit/dcf415c2b91ce52fd5d4dd02b70875ba9d33290f#diff-6a3371457528722a734f3c51d9238c13 . In 2015, the patent terms were modified with a version 2 for the PATENTS file, https://github.com/facebook/react/commit/b8ba8c83f318b84e42933f6928f231dc0918f864#diff-7373d27f0ea94a5b649f893e20fffeda . FACEBOOK BSD+PATENTS LICENSE. Facebook have been applying a Facebook BSD+Patents license to Facebook Open Source projects generally. The current license terms are invoked with language such as the following from README.md, https://github.com/facebook/react/blob/master/README.md . "React is BSD licensed. We also provide an additional patent grant." The LICENSE file contains a the permissively compatible 3 clause BSD copyright license in LICENSE, https://github.com/facebook/react/blob/master/LICENSE . The patent license in PATENTS is problematic, https://github.com/facebook/react/blob/master/PATENTS . Facebook have an Open Source License FAQ with a few sentences for just a little clarification of their Facebook BSD+Patents license, https://code.facebook.com/pages/850928938376556 . The following question and answer may be confirming the understanding that the breadth of conditions for terminating the Facebook patent grant applies to any Facebook patents which are granted for any and all software which Facebook have released under the Facebook BSD+Patents license, not merely those Facebook patents for one particular program at issue. "Does the additional patent grant in the Facebook BSD+Patents license terminate if Facebook sues me for patent infringement first, and then I respond with a patent counterclaim against Facebook? No, unless your patent counterclaim is related to Facebook's software licensed under the Facebook BSD+Patents license." Facebook patent terms appear to be designed to protect Facebook from patent litigation in a broader and more one sided manner than patent terms in free software licenses such as ALv2 and GPLv3 which do not have such breadth of termination, thus depriving users of patent defences under more circumstances. Roy T Fielding at the Apache Software Foundation has received confirmation from Facebook legal council that the explicit patent grant in the Facebook BSD+Patents license is intended to revoke any implied patent grant from the 3 clause BSD license, https://issues.apache.org/jira/browse/LEGAL-303?focusedCommentId=16046579 . Revocation of the implied patent grant is sufficient for incompatibility with the ALv2 and the Facebook BSD+Patents license . Accordingly, the Apache Software Foundation have required Apache Software Foundation projects to not incorporate software with the Facebook BSD+Patents License, https://www.apache.org/legal/resolved#category-x . Those Apache Software Foundation projects which have already included software with the Facebook BSD+Patents license are required to remove the covered Facebook software from their projects. Revocation of the implied patent grant also seems to be sufficient for incompatibility with the GPL. GPLv3 has the following language to protect patent defenses in section 11 Patents. "Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law." GPLv2 had other language to the same effect. Some discussion of the issue at the Apache Software Foundation for ReactJS specifically can be found at https://issues.apache.org/jira/browse/LEGAL-319 . Aaron Williamson writing under the username copiesofcopies has the best description of the complexities of patent relationships involved in the Facebook patent terms, https://github.com/facebook/react/issues/10191#issuecomment-316380810 . [I have consulted Aaron in the past for Koha when he was a lawyer at the Software Freedom Law Center.] REQUESTING REACTJS LICENSE CHANGE. Recently, people at Facebook conceded to change the license for RocksDB to the choice of ALv2 or GPLv2 only https://github.com/facebook/rocksdb/commit/3c327ac2d0fd50bbd82fe1f1af5de909dad769e6 . [Remember that ALv2 is compatible with GPLv3.] There is an effort to encourage people at Facebook to similarly change the license for ReactJS, https://github.com/facebook/react/issues/10191 . WHO WORRIES ABOUT PATENTS? Patents reading on software may not be a problem in your jurisdiction currently. A copyright license without any implied patent grant may seem good enough for you and never mind the incompatibility of software licenses if the incompatible terms are only about patents. Even in the US where the problem of patents reading on software originated, the US Supreme Court seems to be eroding the problem as some cases emerge. However, the problem of patents being read to cover software is not going away any time soon and the hazard may have merely been temporarily constrained a little in the US while patent lawyers work around newer constraints. The patent problem will remain for software in the US without either the unlikely event of a court case in which can only be concluded by excluding software from the scope of patents or the US Congress passing legislation to that effect. Even if tomorrow software would be found out of scope for patents in the US, the problem would still remain in many other jurisdictions where the US trade representative has worked tirelessly over years to export an overly broad scope for patents by hook or by crook in local laws, treaties, or wherever the application of patents can be added. People pursuing the interests of businesses, such as many large corporations, which use patents to suppress innovation and competition will also continually try to lobby governments to broaden the scope of patents to cover software even in jurisdictions where the breadth of patents has continually been restricted to exclude software. Some states in the US have legislative mandates for the state universities to pursue patents. Some of these universities may have an interest in using Koha. Using Koha should not expose any user to greater patent litigation risks than using some other software. Even if you or your organisation do not exercise patents, any jurisdiction in which patent infringement lawsuits can be brought exposes everyone in that jurisdiction to the hazard of possibly needing to defend against patent litigation or pay protection money to anyone posing a credible threat of such litigation. News reports about patent lawsuits mostly refer to those who create or distribute whatever may be covered by patents at issue, however, users who do not create or distribute but who are perceived as having sufficient resources to pay enough are targeted privately with the mere threat of patent lawsuits and coerced into paying protection money. ADDITIONAL REACTJS LICENSE PROBLEMS. Even if people at Facebook would relicense ReactJS again under a suitable GPLv3 compatible license, there are still other license problems about which to be wary. Facebook does not grant any license to redistribute code from code examples provided in the ReactJS documention or elsewhere, https://github.com/facebook/react/blob/master/LICENSE-examples . In my experience, Facebook are an outlier in their treatment of their own code examples so differently from the license for their own software project. License policies for Facebook Open Source should be expected to protect the interests of Facebook but there is a need for enough common ground to trust including software in Koha even without anything from code examples. Thomas Dukleth Agogme 109 E 9th Street, 3D New York, NY 10003 USA http://www.agogme.com +1 212-674-3783 _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/ _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
