Saturday, May 9, 2015

Lessons learned: The dangers of hidden licensing requirements

There was quite a kerfuffle this morning, and I won't say that it wasn't at least partly my fault for escalating it before the true nature of the request that was being made was made clear.

The nice folks (and there is no sarcasm there - they really are nice) at AdaFruit wrote me this morning to request that I license the use of their USB VID/PID for the USB ┬ÁISP. Their request caught me quite off guard, as I was using the source code not from AdaFruit's site, but from the original developer, Dick Streefland. I could never recall any mention anywhere on either AdaFruit's site, or on Dick's that said that the USB VID/PID was anything other than free. In fact, the license for the source code is the GPL 2. It seemed to me at the time as if what was going on was that this was a hidden licensing trap, and that put me very much on the defensive.

Since then, things have become much more clear. AdaFruit has put a prominent notice on their site that while the source code for the USBTiny is open source, that does not convey a license to use their VID/PID without permission. And, at the present (and at the risk of speaking for them), it appears that their permission is relatively easy to get. And I do believe that those who have been allocated USB VIDs (and IEEE MAC address blocks, PCI vendor IDs and similar allocated identifiers) do and should have the right to govern how their identifier space is used.

For my own part, the lesson is that even code under an open source license can have licensing surprises in it. I think it's particularly incumbent on both rights holders to make their requirements clear to everyone so that there are no surprises, and on those who release open source software to insure that everything in their source code is covered by the rights their license grant implies.

1 comment:

  1. Hmmm. I bet Stallman would have a thing or two to say here. Either the code is GPL or it isn't.

    You can't pick and choose what is covered and what isn't covered as it suits you, what difference does it make if the code in question is a number defined in a constant, or a function. "Oh if you want to use THAT bit of the code you got in the GPL licensed source, you must license it from us", no, sorry Adafruit, I don't think that's how the GPL works.

    It should be pointed out also that sub licensing (selling) of PID is not generally permitted under the agreement entered into when one obtains a VID (wasn't always the case but is these days).

    Not to mention, that it's a (pair of) number, there is no LEGAL mechanism for you to be forced to stop using the number if you are not saying your device is USB compliant, if you are, then you are licensed by USB-IF and have your own numbers anyway. Moral or ethical reasons to do so, well that's a personal matter.