Game of Licenses: Facebook vs. Apache

August 31, 2017 David Thompson

Once again, Facebook React’s unusual BSD+Patents open source license is making open source community headlines and causing quite a stir, and this time the Apache Foundation is in the mix.

The latest news is that the Apache Foundation has taken a firm stand and disallowed Facebook’s controversial open source BSD + Patent license in all Apache projects.

The Latest Rumble in the License Jungle

This current kerfuffle started with an ASF JIRA ticket discussing patents: questioning RocksDB’s peculiar BSD + Patent license.  RocksDB is a key-value database engine – and another popular open source project from Facebook. On July 15, after nearly two months of ongoing discussion, the Apache Software Foundation’s director and vice president of legal affairs - Chris A. Mattmann issued an announcement that Facebook’s BSD + Patents license is not compatible with ASF’s policies about dependencies, and that the license was moved to Apache’s “Category X” licensing list of disallowed licenses: effectively banning inclusion of any software under the BSD + Patents license – including Facebook’s open source libraries, frameworks and tools - from Apache projects. Apache’s Category-X refers to "licenses that may not be included within Apache products", and includes a long list of popular open source licenses, like: GNU GPL, GNU LGPL, BCL, BSD-4-Clause, and the Microsoft Limited Public License.

Mattmann wrote in the JIRA ticket that he sent all Apache PMC a notice with the following recommendations:

  • No new project, sub-project or codebase, which has not used Facebook BSD + patents licensed jars (or similar), are allowed to use them. In other words, if you haven't been using them, you aren't allowed to start. It is Cat-X.
  • If you have been using it, and have done so in a *release*, you have a temporary exclusion from the Cat-X classification thru August 31, 2017. At that point in time, ANY and ALL usage of these Facebook BSD + patents licensed artifacts are DISALLOWED. You must either find a suitably licensed replacement, or do without. There will be NO exceptions.
  • Any situation not covered by the above is an implicit DISALLOWAL of usage.

What’s the FOSS About?

Heated discussions and opinions about Facebook’s BSD + Patent license are not new to the open source community. Originally, Facebook open sourced React with a standard Apache License 2.0. About a year and a half later, React replaced this with a 3-clause BSD license and added a separate, PATENTS text file, that provided rights to any Facebook patents relevant to each given project, along with a text file document titled “Additional Grant of Patent Rights” that included a clause stating that the license would be revoked if the software user were to initiate or participate in certain patent infringement lawsuits - including filing a patent lawsuit against Facebook or its affiliates.

Download our free guide – Learn everything about the most common open source licenses

The Open Source Community Reacts

This unconventional clause caused quite a stir in the open source community, with developers concerned that this clause allowed Facebook to initiate patent lawsuits and restricted defensive lawsuits against them. At the time, responding to the open source community’s outcry, Facebook updated the “Additional Grant of Patent Rights” clause that softened the termination provision to say that the React software user would not lose the right to use the software under Facebook patents in the special case in which the licensee brings a patent lawsuit that is a counterclaim against Facebook or its affiliates that is unrelated to React.js.

Still, parts of the open source community stick by their criticism of the patent clause, arguing that the clause is an unnecessary addition to the standard BSD license – which doesn’t leave room for a licensor to successfully sue under patents, anyway; that the language of the agreement is not clear enough; and that the clause actually undermines the original definition of open source.

And now it seems the Apache Foundation shares this sentiment. Jim Jagielski, former president and current board member of the Apache Foundation explained to IT Pro that while the Facebook open source license is very similar to a  BSD license, "The main reason why BSD + Patents isn't compatible is that it is too broad on conditions where it kicks in and provides protection just to Facebook. This basically overrules the patent grant protection of the Apache License version 2, which makes it incompatible."

Will Facebook Budge?

Although the RocksDB software project from Facebook already changed its license to a dual Apache 2 and GPL 2, so that its projects could stay intact, Facebook’s other open source projects are still under the problematic licensing.

Apache's decision is an issue because Facebook's React hugely popular. Many organizations will need to disentangle React from their libraries if they want to stay on the right side of compliance.

Obviously, developers weren’t happy and started a GitHub thread calling for Facebook to change React's license, hoping that it can follow the RocksDB example.

Unfortunately for them, Facebook isn’t budging: after a lot of back and forth on the Github thread, Facebook’s engineering director, Adam Wolff released a statement saying that they are staying with the BSD + Patent license. Wolff asserted that while Facebook is a huge supporter of the open source community, they feel the patent clause is necessary, in order to keep “meritless lawsuits” at bay.

Download Free Guide: A Survival Guide to Using GPL

What Does It Mean for License Compliance Management?

Many developers contend that the Patent clause in Facebook’s open source is grossly unfair to developers working with React and other Facebook open source projects, others contend that there’s nothing to worry about. The truth is – software patent licensing is an extremely touchy subject, and as the discussions about the Facebook license rage on along with speculation about possible legal scenarios, the Apache foundation has chimed in, and reminded us that while open source can be a happy place for developers, it can sometimes be quite the headache for their legal teams.

 

Previous Article
Facebook React Finally Relicensed Under MIT Open Source License
Facebook React Finally Relicensed Under MIT Open Source License

Application developers – stand down: Facebook has finally caved under the pressure from the open source com...

Next Flipbook
The WhiteSource Solution
The WhiteSource Solution