Open Source IPR Database

The Drjava project’s primary license is identified in the source distribution as the BSD License (with Rice University as the licensor). Our source code audit of the project identified one issue relating to icons. Several, if not all, of the icons distributed together with Drjava are licensed under a proprietary Sun license that allows for redistributions but not modifications. Thus Drjava is not fully modifiable by licensees.

In conclusion, due to the icon licensing issue, Drjava is a moderate IPR risk distribution.

According to Audacity project’s website, its code is licensed under the GPL license. Based on our analysis, we can conclude that this is to a large extent true also as regards Audacity’s sub-components, as virtually all of the code is clearly licensed either under the GPL or LGPL (which allows relicensing under the GPL). Several files are licensed under various types of permissive licenses which are compatible with the GPL, therefore posing no issues given that their specific obligations regarding copyright notices are fulfilled by a source code disclosure.

A serious concern is raised by the xlisp files, which are licensed under a non-commercial license. Unless the files are removed, Audacity cannot be used in any commercial product and is thus a significant IPR risk for any commercial company.

JUnit’s main license is listed on SourceForge as the Common Public License version 1 (CPL). Our source code audit confirmed that virtually all subcomponents are also licensed under the same license, or in case of some, a permissive BSD license.

In conclusion, JUnit’s licensing management is excellent and there are no IPR risks inherent in distributing and using JUnit.

The SNARE project’s primary license is identified in Sourceforge as the GPL. Our source code audit confirmed that most of the code is indeed licensed under the GPL, but the MD5 files fall under the RSA  Security License which potentially conflicts with the GPL.

The problematic nature of the RSA Security License has been recognised by RSA as well, who in 2000 confirmed that its MD5 implementation can be distributed “without license.” (see http://www.ietf.org/ietf-ftp/IPR/RSA-MD-all). However, in this case Intersect Alliance is attempting to distribute it under the RSA license which means that it is conflict with the main GPL license. We would recommend that any party intending to use Snare would request Intersect to modify the MD5 files to reflect RSA’ commitment to let anyone use the code freely.

In conclusion, given the problems caused by the RSA Security License, we consider SNARE a moderate IPR risk component. The risk can be minimized if the solution recommend above is adopted.

According to the project, its’ main license is the Apache Software Foundation license version 2, or in the alternative, the Python license version 2.2.2.

Based on our review of the code, most of the sub-components are also licensed under the same, or similar BSD or MIT-style licences, thereby being entirely compatible with the main license. However, the Ensymble tools included as part of the package, are licensed under the GNU General Public License, which is not compatible with the main license when used only as a sub-component license.

In addition, certain files, such as profile.py are licensed with an otherwise MIT-style license, but with the following restriction “This permission is  explicitly restricted to the copying and modification of the software to remain in Python, compiled Python, or other languages (such as C) wherein the modified or derived code is exclusively imported into a Python module.” Such a restriction renders the license in question a non-open source license, and creates an additional incompatibility with the project’s main licenses as well as the GPL license.

Finally, despite the distribution being a modified version of Python, we were not able to identify a clear list of changes made to Python as required by the Python license under which the project obtained the Python files necessary for the development of Python for S60. In our view, the readme file is insufficient for this purpose.

In conclusion, our audit identified several issues that render the use and distribution of Python for S60 a high-risk endeavour.

The project’s primary license is identified on Zenoss’ website as the GPL. Our audit identified a plethora of sub-components licensed mainly under permissive licenses compatible with the GPL, or dual-licenses where one of the licenses was compatible with the GPL. We did, however, identify the following issues:

Several files were licensed under GPL version 3, which is incompatible with the project’s primary license. This means that distributing the code under GPL version 2 is highly likely to be illegal, unless Zenoss provides a clarification on why GPL v3′ copyleft effect does not create an incompatibility. This is possible with proper engineering planning that isolate the GPL v3 components, but we have not found any evidence that would show Zenoss considered the issue.

We also found several files licensed only for non-commercial use. After consulting with the author of several of these, we received his confirmation that they are licensed under the Python license. Zenoss, however, claims they are licensed under the ZPL. The situation remains unclear but we would advise use of the Python license given that the copyright holder has indicated this to be the right license. Several other files, however,seem to indeed be licensed a non-commercial license. These are mainly demo script files meaning that their removal is advisable as it resolves the licensing issue but does not break Zenoss.

We have attempted to engage in dialogue with Zenoss regarding the identified issues, but they stopped dialogue after initial discussions.

In conclusion, we consider Zenoss’s licensing to be mediocre, and the IPR risk moderate.

The Usermin project’s primary license is, based on the license file in the distribution, the BSD license. However, our source code audit revealed that some of the sub-components are licensed under incompatible licenses.

The JTA26.jar is licensed under the GPL, which is incompatible with the BSD license in cases where the BSD is the primary license. The files relating to the Crystal Project on the other hand are licensed under the LGPL, and because there is no indication in this case that dynamic linking has been used, the use of LGPL prevents the use of BSD as the primary license.

In conclusion, this is a high IPR risk component. We advise against distributing it.