Why Fedora decided to give the boot to CC0 licensed code

The term “open source” can be tricky. For many people, this means that a particular piece of software is free and they can do whatever they want with it. But the reality is far more complex, and the actual rights granted to you as a user depend entirely on the license under which the developers have chosen to release their code. Open source code can cost money, open source code can put limits on how you use it, and in some cases open source code can even get you in trouble down the line.

This is precisely what the Fedora Project seeks to avoid with its recent decision to reject all code licensed under CC0 “Public Domain Dedication” by Creative Common. It will still be allowed for content such as artwork, and there may even be exceptions for existing packages on a case-by-case basis, but CC0 will soon be removed from the list of accepted code licenses for all new submissions.

Fedora mocking a software license wouldn’t normally be worthy of attention. In fact, there is quite a long list of licenses that the project deems unacceptable for inclusion. The surprising part here is that CC0 was once an accepted license and is being reclassified due to a changing mindset within the broader free and open source community ( FOSS).

So what’s the problem with CC0 that convinced Fedora to distance itself from it, and does that mean you shouldn’t use the license for your own projects?

The right tool for the job

Those familiar with Creative Commons and its family of licenses may find that the most surprising part of this story is that the Fedora project has already accepted CC0 for software. After all, the intention was always to create a series of licenses specifically for creative works. The purpose of the organization and its licensing is literally written in its name.

A successor to the former Open Content Project, Creative Commons was founded in 2001 to “overcome legal barriers to sharing knowledge and creativity” by providing a free framework for individuals and organizations to publish things like music, works of art or teaching materials. . But software was never part of the equation. Why would it be? Flagship software licenses such as the GNU General Public License and the MIT License had already been available for over a decade by then.

To avoid any ambiguity, Creative Commons even addresses the issue in its FAQ, stating that not only are their licenses not a good choice for software, but better options already exist:

The patent trap

If an organization goes out of its way to tell you that what it has developed is not suitable for a particular purpose, it goes without saying that you should probably take their word for it. The Creative Commons FAQ describes several excellent reasons why their licenses should not be used for software, but among them there is one that particularly stands out for users like the Fedora Project – patent rights.

The terms seem simple, but remember the fine print…

This may seem counter-intuitive, since the CC0 license is for public domain works and clearly states that the creator “gives up all rights in the work worldwide under copyright law” by using it. But the problem is that patents are not covered by copyright law. In fact, a look at the full-text version of the license shows that CC0 contains a troubling disclaimer under “Limitations and Disclaimers” that specifically addresses this: “No trademarks or patent rights owned by Affirm are waived, waived, assigned, licensed, or otherwise affected by this document. »

In other words, even though the creator may be willing to relinquish copyright on anything licensed under CC0, they are still free to patent it. More troubling, they still reserve the right to take advantage of this patent as they see fit. Theoretically, this means that the developer who originally released a piece of source code under CC0 could later claim that anyone who used the code infringed their patent and potentially demand royalties.

Play with fire

It’s pretty clear why the Fedora project would care about something like this. Imagine that a piece of CC0-licensed code is merged with one of the system’s core packages and ends up being distributed to millions of users. Suddenly, the original developer emerges from the shadows, claims patent infringement and seeks compensation. Could Fedora’s lawyers, or more likely Red Hat’s, beat such a claim? Maybe. Is using the CC0 code worth the risk to know for sure? No chance.

It should be mentioned that this is by no means a new concern. In fact, the patent clause is what prevented the Open Source Initiative (OSI) Licensing Review Board from being able to determine conclusively whether CC0 actually met its definition of an open license. source in 2012. The committee was unable to reach consensus, as members feared that including such wording in a software license would set a dangerous precedent. Given its tumultuous history, Fedora’s decision to accept CC0 in the first place is even more baffling.

But what does this mean for the individual hacker? Should you use CC0 for your own projects? It depends on what you are looking to accomplish. CC0 is a good choice if you want to donate a creative work (like a song, poem, or artwork) and you are not concerned about what will happen with it in the future, but on your own Creative Common’s documentation, Simply, was not designed with the unique aspects of software licensing in mind.

A better question might be, should you use the CC0 code you find floating around the internet? The answer to that is more nuanced, but considering everything we just said, one has to wonder what kind of developer would still choose to use it. Unless you are prepared to face the consequences of a discovery, I suggest you do nothing.

Comments are closed.