As we covered earlier today, Facebook has released a big chunk of its platform code as open source - using the CPAL (Common Public Attribution License) for their main license. If you haven't been closely following the proliferation of open source licenses, this is probably a new one to you. As with any open source code, it's smart to understand your rights before you start depending on the new platform - especially since some of the provisions of the CPAL may surprise you.
The CPAL was initially developed by social enterprise wiki company Socialtext, and approved by the OSI last year. Since then it has not seen wide adoption, although it is used by several prominent open-source projects, including the xTuple ERP applications and the Mule ESB. It's based on the familiar Mozilla Public License (used by Firefox, among other high-profile pieces of software) with two key modifications.
First, the CPAL includes an attribution requirement. Software licensed under the CPAL may include an exhibit with information about the original developer. This exhibit specifies
that each time an Executable and Source Code or a Larger Work
is launched or run, a prominent display of the Original Developer's Attribution Notice (as definedbelow) must occur on the graphic user interface (which may include display on a splash screen)
In the case of Facebook's open source code, the CPAL requires the display of this information:
Attribution Copyright Notice: Copyright © 2006-2008 Facebook, Inc.
Attribution Phrase (not exceeding 10 words): Based on Facebook Open Platform
Attribution URL: http://developers.facebook.com/fbopen
Graphic Image as provided in the Covered Code: http://developers.facebook.com/fbopen/image/logo.png
While this seems reasonable to recognize the work of the Facebook developers, it does act as a sort of "poison pill" to prevent others from simply cloning Facebook on to their own sites - at least, others who don't want to give prominent credit to a rival.
The other difference between the MPL and the CPAL is in section 15, which closes the ASP loophole:Â
The term 'External Deployment' means the use, distribution, or communication of the Original Code or Modifications in any way such that the Original Code or Modifications may be used by anyone other than You, whether those works are distributed or communicated to those persons or made available as an application intended for use over a network.
In other words, if someone builds a web site based on the Facebook code, they must make the source code of their modifications available as soon as they let users into the site - whether or not they ship their own site code as a separate product.
One further note about the CPAL: because it's based on the MPL, it is not compatible with the GPL. Facebook does not appear to have availed itself of the dual-licensing provisions of the CPAL, meaning that any of Facebook's CPAL-licensed code cannot legally be linked with GPL code.
Comments
Add CommentBy deadbeef on Jun. 02, 2008
It will be interesting to see if they have a model where you can pay a fee and get a different license ala MySQL. While that is not their business, I can easily see people wishing to use parts of their code easily, without code-share requirements for hosted apps.
They've made it about as restrictive as you possibly can. Most competitors would use GPL based CMS systems to build out their apps and would never "legally" be able to use Facebook...Right? This whole OSI licensing is a little too complicated for me!
By Andydread on Jun. 03, 2008
WARNING!! Avoid this and other license like the plague. The CPAL is known as "fake open source" aka BadgeWare. The OSI has failed the open source mission. The CPAL does not allow you to fork the program. One of the fundamental rights of open source. Many of the most popular "open source" web platforms use this type or something similar badgeware license. Some include Zimbra, Sugar CRM. (suger just switch to GPL3) good for them. These types of licenses are a poison and should be revoked from the OSI. If all projects used this type of license open source would be DEAD as we know it . What is really incredible is that many of these badgeware projects are built upon code licensed with real open source license such as Zimbra. It comes with postfix, amavis, apache, etc all underneath and if any of those projects required attribution with big ugly logos. then Zimbra could not exist. There would be no space on the app because it would be covered in logos and clauses.
By eMBee on Jun. 03, 2008
Andydread: which provision in the license prevents forking?
greetings, eMBee.
By Andydread on Jun. 03, 2008
Lets take Zimbra for example. It has a logo on the login page and on every page of the application. Under the CPAL this logo cannot be removed, resized, or obstructed in any way and must remain in place on every single user facing page in the application. This removed the practicality of forking it because as you add your logo along with the zimbra logo there is less screen space for the actual app and. In other words the thing would end up looking like a nascar loaded with logos. Not forkable. Also if you install in your business you are forbidden from replacing the logo with your own company logo even if the only people seeing the app are your internal employees. Not good.
CPAL?? Just when I was starting to get my head around GNU, GPL, GPL v3, BSD, etc. etc. etc., there's yet another license to worry about. Can't we just have 2 options - Open Source and Closed Source :) I guess that's simplifying the problem, but I agree with the other posts - this doesn't sound like "Open Source"
The CPAL is neither good nor bad. It is what it is. An agreement to honor certain usage terms. You don't like it you don't use it.
@Andydread: What is the OSI mission? How does the CPAL fail that mission and why does that matter? Sometimes Zealotry becomes the mission. Just because someone wants something for free does not mean someone HAS to provide it.
By Suraj Singh on Jun. 18, 2008
Interesting guys... So what is it that makes you so defensive of CPAL khurt? Fair point, but defensive nonetheless...
Share Your Comments
Trackback URL
http://ostatic.com/trackback/163756