-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question about Apache License #124
Comments
I highly encourage US federal government work - especially code to be in public domain, but the notion that all government work is supposed to be in public domain is not true. Most notably - a lot of code today within the US defense sector is still classified and not open source. From a public health perspective though, centers within CDC often do not release their pre-publication or draft codebase for scientific research; and some do, some don't. It really depends. I believe the usage of Apache was decided maybe by @leebrian - who can provide better context. I actually prefer CC0 1.0 - Creative Commons 0 and Apache / MIT / BSD licenses are fairly copyleft licenses that others in the public can use without much restriction. The absence of license is difficult to interpret as well, because it leaves the interpretation up to lawyers as to whether no license means completely free usage. I prefer having a license so that the public understands that the codebase we provide in this organization of cdcgov is highly permissive to allow anybody to use as needed without restriction. |
Allen is on my team and had this question and I encouraged him to post here to add more visibility as this question comes up every once in a while. Let me see if I can remember the details. We worked with a GSA workgroup years ago to develop this default language. First, it's just a default and programs can use whatever license is appropriate. The reason this is the default is that having software in the public domain solely, without a license is more complicated to use because there are questions about compatibility with existing packages. And there's ambiguity because while it's public domain domestically, internationally it is possible to copyright, even though it's pretty rare. So the rationale was to default to Apache as the license and CC0 to make it easier for groups to evaluate if it's possible and to explicitly note that there is no international copyright. I originally worked with general council back in 2012 to evaluate what licenses are appropriate and documented it under CDC's R&D Lab. Most licenses are valid, so it's just a choice of which one fits the particular needs. For Flu, I think most of our projects are Apache and we'll explicitly note it for clarity. Other programs are free to choose the license they like. I think it's still good to keep apache as the default in template as I think it's clearer than the example NIST project which effectively has a custom license. The reason it has both CC0 and Apache is that CC0 is meant to address the copyright and is seems closest to public domain internationally and domestically; while Apache is meant to address the license, warranty, etc. This is a question that comes up as well. It's perfectly legal to have only CC0 or only Apache or only a public domain notice (or nothing at all) so our choice of CC0+Apache is really a usability decision to reduce ambiguity, improve reuse, and make development easier. |
Comically (tragically??) the Federal Source Code website, sourcecode.cio.gov is down and the repo, https://github.com/WhiteHouse/source-code-policy is archived so it's a bit harder to understand how much we align with GSA's overall government wide templates. It was established under the OMB Memo M16-21 but that didn't give much guidance over what license to use, just that agencies should default all projects to open source unless it hits one of the five exceptions. |
I more or less found my answer to this question. What matters is that although the work of the government itself does not have copyright protection, if the work is derived, the copyright protection of the source work needs to be respected. If we use Apache2-licensed code, then the derived work (even if it is carried out by the government) also needs to be a license that is compatible with Apache2. This is because if we use an Apache-licensed library, the library has copyright protection that needs to be respected, and this fact is compatible with the government's lack of copyright protection. So, I think that in the case that we write code does not depend on any copyright-protected material, it would have to be dedicated to the public domain. I went through GitHub repos of various federal agencies, and I think the wording of this project illustrates this concept the best.
|
What type of help do you need?
Please describe how you'd like us to help.
Hello,
I had a question about the Apache license that is included as a template in this repo.
All government work is supposed to be in the public domain (in the United States). So, the CDC does not have copyright protection over its work and by that virtue, would not be able to issue licenses that control/restrict the use of its work (permissive or not). For this reason, is it appropriate to include a license (of any form)?
Using a NIST Open-source project Jarvis, as an example, their LICENSE file contains a notification that the work is under the public domain and does not actually contain a license.
Thanks,
Allen
Other examples:
The text was updated successfully, but these errors were encountered: