|
|
| SFLC Analysis of Microsoft's OSP: No Assurance for Developers |
 |
|
Wednesday, March 12 2008 @ 03:58 PM EDT
|
This is a significant development. The Software Freedom Law Center has now published an analysis of Microsoft's Open Specification Promise that it attaches to OOXML, and it finds that the promise provides no assurance for FOSS developers. One reason is because it can be revoked for future versions of specifications. It's also inconsistent with the GPL and other Free Software licenses, and the promise is limited in scope, SFLC states. Hence, SFLC urges that OOXML not be approved as an ISO standard. It also "cautions GPL implementers not to rely on the OSP." It's not that the OSP is incompatible with the GPL in the sense that the terms and the GPL's terms directly conflict. It's that the OSP is inconsistent with the freedoms that the GPL guarantees. The part about the promise's limitation is particularly interesting: The OSP covers any of the Covered Specifications, and Microsoft's promise applies to “full or partial implementation,” according to its FAQ, but Microsoft also states:
The OSP does not apply to any work that you do beyond the scope of the covered specification(s).
This statement clarifies the qualification in the very first sentence of the OSP that the promise applies only “to the extent it conforms to a Covered Specification.” The OSP will apply to implementations of the specifications, but only to the extent that such code is used to implement the specification. Any code that implements the specification may also do other things in other contexts, so in effect the OSP does not cover any actual code, only some uses of code. Free software is software that all users have a right to copy, modify and redistribute, and as Microsoft points out in the OSP, there is no sublicensing of rights under it. So any code written in reliance on the OSP is covered by the promise only so long as it is not copied into a program that does something other than implement the specification. This is true even if the code has not otherwise been modified, and code that conforms to the specification cannot be modified if the resulting modified code does not conform. Therefore the OSP doesn't permit free software implementation: it permits implementation under free software licenses so long as the resulting code isn't used freely. In other words, I read that as saying that Microsoft says you can use it, but only in a very limited field of use defined by Microsoft, and only as long as you don't use it the way Microsoft knows FOSS developers use code. Like their lawyers didn't realize. Hardy har. So, if and when Microsoft/Ecma/supporters try to tell you NBs any different, now you have this paper to rely upon. Please ask yourselves, if FOSS developers can't use OOXML, in what way can it be called a standard? A standard Microsoft's number one competition can't safely use?
[ Update: Microsoft's Gray Knoulton responds on his blog. I'd describe it as confirming SFLC's analysis, while asserting it doesn't matter. I think it does.] Here's the SFLC's press release, followed by the analysis:
**********************
FOR IMMEDIATE RELEASE
Software Freedom Law Center Publishes Analysis of Microsoft's Open Specification
Promise
Nonprofit Group Says Microsoft Promise Provides No Assurance for Developers
NEW YORK, March 12, 2008 -- The Software Freedom Law Center (SFLC),
provider of pro-bono legal services to protect and advance free and
open source software, today published a paper that considers
the legal implications of Microsoft's Open Specification Promise (OSP)
and explains why it should not be relied upon by developers concerned
about patent risk.
SFLC published the paper in response to questions from its clients and
the community about the OSP and its compatibility with the GNU General
Public License (GPL). The paper says that the promise should not be
relied upon because of Microsoft's ability to revoke the promise for
future versions of specifications, the promise's limited scope, and
its incompatibility with free software licenses, including the GPL.
Microsoft issued the OSP to address the issue of patent liability for
implementors of Microsoft's Open Office XML (OOXML) file format. The
International Organization for Standardization (ISO) is currently
considering whether to make OOXML an ISO standard, and it will decide
by the end of March.
"Based on our review of the OSP, we do not recommend that free
software developers rely on it for assurance," said Karen Sandler,
SFLC Counsel. "Because free software developers cannot implement OOXML
freely, we urge that it not be approved as an ISO standard."
The paper is available on SFLC's Web site.
About the Software Freedom Law Center
The Software Freedom Law Center -- directed by Eben Moglen, one of the
world's leading experts on copyright law as applied to software --
provides legal representation and other law-related services to
protect and advance Free and Open Source Software. The Law Center is
dedicated to assisting non-profit open source developers and projects.
Visit SFLC at http://www.softwarefreedom.org.
********************************
Microsoft's Open Specification Promise: No Assurance for GPL
March 12, 2008
There has been much discussion in the free software community and in
the press about the inadequacy of Microsoft's Office Open XML (OOXML)
as a standard, including good analysis of some of the shortcomings of
Microsoft's Open Specification Promise (OSP), a promise that is
supposed to protect projects from patent risk. Nonetheless, following the
close of the ISO-BRM meeting in Geneva, SFLC's clients and colleagues
have continued to express uncertainty as to whether the OSP would
adequately apply to implementations licensed under the GNU General
Public License (GPL). In response to these requests for
clarification, we publicly conclude that the OSP provides no assurance
to GPL developers and that it is unsafe to rely upon the OSP for any
free software implementation, whether under the GPL or another free
software license.
Irrevocable but Only for Now
Microsoft makes its promise “irrevocably,” but upon
careful reading of the entire OSP, this promise is weakened
considerably in the definition of Covered Specifications. In that
provision, Microsoft clarifies that:
New versions of previously covered specifications will be separately
considered for addition to the list.
Because of this narrow definition of the covered specifications, no
future versions of any of the specifications are guaranteed to be
covered under the OSP. Each new version is subject to Microsoft's
ongoing discretion on a case by case basis. In other words, every
time a specification changes, Microsoft can effectively revoke the OSP
as it had applied to previous versions of that same specification.
Microsoft states that it will commit to renewal of the promise for
future versions of specifications subject to standardizing activity
“to the extent that Microsoft is participating in those
efforts,” which means that Microsoft reserves the right to
cancel the promise with respect even to standardized specifications,
by merely withdrawing from the relevant standard-setting workgroup or
activity. While technically an irrevocable promise, in practice the
OSP is good only for today.
The OSP Covers Specifications, Not Code
The OSP covers any of the Covered Specifications, and Microsoft's
promise applies to “full or partial implementation,”
according to its FAQ, but Microsoft also states:
The OSP does not apply to any work that you do beyond the scope of
the covered specification(s).
This statement clarifies the qualification in the very first
sentence of the OSP that the promise applies only “to the extent
it conforms to a Covered Specification.” The OSP will apply to
implementations of the specifications, but only to the extent that
such code is used to implement the specification. Any code that
implements the specification may also do other things in other
contexts, so in effect the OSP does not cover any actual code, only
some uses of code. Free software is software that all users have a
right to copy, modify and redistribute, and as Microsoft points out in
the OSP, there is no sublicensing of rights under it. So any code
written in reliance on the OSP is covered by the promise only so long
as it is not copied into a program that does something other than
implement the specification. This is true even if the code has not
otherwise been modified, and code that conforms to the specification
cannot be modified if the resulting modified code does not conform.
Therefore the OSP doesn't permit free software implementation: it
permits implementation under free software licenses so long as the
resulting code isn't used freely.
No Consistency with the GPL
The OSP cannot be relied upon by GPL developers for their
implementations not because its provisions conflict with GPL, but
because it does not provide the freedom that the GPL requires.
Relying on the OSP is unsafe because new versions of specifications
could be excluded from the OSP and because the resulting code could
not safely be used outside a very limited field of use defined by
Microsoft. GPL developers, with their special sensitivity to issues
of preserving downstream freedom, will be unable to rely on the OSP
with confidence.
In its FAQ regarding the OSP, Microsoft confuses the issue further,
saying:
Because the General Public License (GPL) is not universally
interpreted the same way by everyone, we can't give anyone a legal
opinion about how our language relates to the GPL or other OSS
licenses, but based on feedback from the open source community we
believe that a broad audience of developers can implement the
specification(s).
While not attempting to clarify the text of the OSP to indicate
compatibility with the GPL or provide a safe harbor through its
guidance materials, Microsoft wrongly blames the free software legal
community for Microsoft's failure to present a promise that satisfies
the requirements of the GPL. It is true that a broad audience of
developers could implement the specifications, but they would be
unable to be certain that implementations based on the latest versions
of the specifications would be safe from attack. They would also be
unable to distribute their code for any type of use, as is integral to
the GPL and to all free software.
As the final period for consideration of OOXML by ISO elapses, SFLC
recommends against the establishment of OOXML as an international
standard and cautions GPL implementers not to rely on the
OSP.
SFLC's
analysis of the OpenDocument Format, written in an opinion letter on
behalf of our client Apache, is available on our website at
http://www.softwarefreedom.org/resources/2006/OpenDocument.html
|
|
|
|
| Authored by: Anonymous on Wednesday, March 12 2008 @ 04:10 PM EDT |
Ho Ho ho! Just before the various members change their vote, this is a rather
serious blow to Microsoft. This is Moglen and his crew's opinion and not
something to be scoffed at.[ Reply to This | # ]
|
| |
| Authored by: DaveJakeman on Wednesday, March 12 2008 @ 04:14 PM EDT |
Lickable clinks are tasty.
---
Monopolistic Ignominious Corporation Requiring Office $tandard Only For
Themselves[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Wednesday, March 12 2008 @ 04:15 PM EDT |
I cant believe the number of people who think that this promise or those
surrounding Mono is anything other than a smoke screen. Mono is undermining one
of two great desktops available on Linux because is a legal minefield. Lets
face it, MS won't pursue this until most distros are shipping it. Then MS will
have the ammo to go after both the distros themselves, but more importantly
enterprises who have started putting linux in the server room. The only thing
better than ridding the world of Linux in their eyes is making sure they get
paid when people use Linux just like their own OS.[ Reply to This | # ]
|
| |
| Authored by: artp on Wednesday, March 12 2008 @ 04:31 PM EDT |
Put a summary in the Title block.
xxx -> yyy
---
Userfriendly on WGA server outage:
When you're chained to an oar you don't think you should go down when the galley
sinks ?[ Reply to This | # ]
|
| |
| Authored by: artp on Wednesday, March 12 2008 @ 04:34 PM EDT |
Title of News Pick article referenced, too, please.
Clicky if you want to make it easy for those who can't find the NewsPick. ;-)
---
Userfriendly on WGA server outage:
When you're chained to an oar you don't think you should go down when the galley
sinks ?[ Reply to This | # ]
|
| |
| Authored by: tiger99 on Wednesday, March 12 2008 @ 07:49 PM EDT |
| One thing, and only one thing, is good about the Monopoly. They are very
consistent in their behaviour, unethical, obnoxious, sometimes illegal, and
thoroughly rotten that it is. Oh, and I should add, totally technically
incompetent.... It would have been truly alarming if it had not been so,
because we would all be smelling a rat, and wondering what their next vile move
would be. Still, I am sure that Neelie Kroes is fully aware of what is going
on. I think that M$ really are incapable of learning anything, and will get
at least another few hammerings by the EU. I don't think PJ is going to run out
of work here on Groklaw just yet, not at least till the Monopoly are in Chapter
7, although it would be nice if things did go quiet for a while so she could
have a good, long rest. People did not believe that the Berlin Wall would ever
come down, yet the end was very quick. It was built on a very shaky and corrupt
political and economic foundation. There are some similarities to M$, and if
they do have to borrow to fund the acquisition of Yahoo, it may be the very
thing that triggers the implosion of their vile empire. But they will still be
playing dirty tricks as they are dragged into BK court, just like their puppet
SCO. [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Wednesday, March 12 2008 @ 07:59 PM EDT |
and see the most obvious flaw in their statement?
To me it was classic MSFT trick and so obvious and stupid that I expected
everyone to jump on it right away. I failed to comment on it at the time
because it was so obvious. Then I failed to comment because I started thinking
that it is so obvious that I must be wrong about seeing what I saw there. Surely
someone more experienced on legal issues than me would see it.
I mean it is absolutely in clear language in the OOXML IP commitment.
But now we have even SFLC analysis of the agreement which as far as I can see
fails to see the most obvious trap. Either I am missing some legal detail or a
lot of people seem to not actually read what is actually written.
MSFT IP (intellectual property in the widest sense of words i.e. patents,
copyrights, trademarks etc.) guarantee states that they give ***NO rights to any
of their IP*** that is not necessary to implement to minimal *mandatory* part of
the standard. In particular, they give no rights to anyone just because a legacy
formats are REFERRED in the standard.
The more stuff BRM moved to appendices or relegated to legacy status or optional
parts of the standard, the happier MSFT was. Only they can ever implement the
standard in full!!!!!!!!!!!!!!!!!
No one else has any rights to even try to implement any of the functionality
that is not spelled out in the mandatory parts of the standard in full. Note
that any part that is not spelled out in detail is MSFT property and they
agreement gives you no rights to even ask them how their various binary formats
work or how MS workd 95 formats a list of items or whatever other thing that is
defined by reference to how piece of software XXX works. The binary file formats
are not essential part of the standard and even trying to reverse engineer them
becomes even more illegal under many jurisdictions in Europe where many of MSFT
most abusive behaviour was curtailed in small degree under certain protections
w.r.t. rights to reverse engineer or reimplement things independently. Note that
the legal status of MSFT binary format changes in each and every jurisdiction
quite unpredictabibly if OOXML becomes law.
Of course MSFT could eliminate this obstacle to acceptance to OOXML by simply
giving blanket license, right to sublicense and agreement not to sue anyone for
any implemenetatons of the OOXML standard.
But then again, that would defeat their purpose of trying to make OOXML a
standard....
Remember, all the law applies all the time and I actually see OOXML giving MSFT
more protections in some jurisdictions within EU that they never had
before!!!!!!
Am I really missing something or are legally minded people missing the big log
in our common eye because of the forest of trivial detail?
(Signature FFAQ98)
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Wednesday, March 12 2008 @ 09:23 PM EDT |
...that organizations like the Software Freedom Law Center are cutting
through the legalese, and rendering a clear reading that people can
understand.
I wish there had been more shining lights like this in the
early era of 'EULA's, which were a lot more restrictive that most people ever
realized. [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Thursday, March 13 2008 @ 05:28 AM EDT |
Useless piece of (insert favorite explective here, except, keep in mind you
don't want to insult your explective. Even cow manure is useful when properly
applied.)
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Thursday, March 13 2008 @ 10:54 AM EDT |
The OSP covers code conforming to the standard. Office 2007 does not (fully)
conform. (And if you believe it ever will I have a bridge you might want to
buy.)
Therefore, code that fully interoperates with Office 2007 is not covered.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Thursday, March 13 2008 @ 03:45 PM EDT |
Sorry to disappoint you all but all these accusations have been shot down
earlier. Well, it's easy to do it again. Just see:
http://blogs.technet.com/gray_knowlton/archive/2008/03/13/a-disappointing-surpri
se-from-the-sflc.aspx
Really, the rules should be the same for everyone.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Friday, March 14 2008 @ 05:11 AM EDT |
I'm skeptical about this, because IBM's
promise
for its specifications has the same alleged problems.
[ Reply to This | # ]
|
- No it doesn't - Authored by: Anonymous on Friday, March 14 2008 @ 06:02 AM EDT
- No it doesn't - Authored by: Anonymous on Friday, March 14 2008 @ 02:58 PM EDT
| |
| Authored by: Anonymous on Friday, March 14 2008 @ 06:07 PM EDT |
At the bottom of SFLC's statement
expressing reservations about OOXML use under GPL, SFLC thoughtfully linked a letter
from Eben Moglen saying essentially that ODF is fine. Mr. Moglen
writes:
"On the factual basis described, and subject to reservations,
it is our opinion that ODF, as standardized and licensed by the Organization for
the Advancement of Structured Information (OASIS), is free of legal encumbrances
that would prevent its use in free and open source software, as distributed
under licenses authored by Apache and the FSF."
His letter examines
a number of specifics, then concludes essentially the same thing, going out of
his way to note specifically that Sun's non-assert
covenant is compatible with Apache licensing and is not in conflict with
Section 7 or any other part of GPL.
OSP is a non-assert covenant, very
similar to the one Sun issued. Some observations about Sun's
covenant:
- Sun reserves the right to stop participating in the ODF
spec, and in so doing, remove covenant protections for versions of the spec in
which Sun does not participate.
- Sun's covenant specifies "any
implementation of the Open Document Format" (...) which arguably leaves room for
them to sue things that are not specifically (or only) implementations of
ODF.
- Sun does not even attempt to parse GPL and guarantee that in all
cases, their non-assert covenant is compatible.
These are three
objections SFLC raised against the MS OSP in reference to OOXML. Yet after
careful consideration, they do not feel the same objections should be raised
against Sun in reference to ODF. Why not? [ Reply to This | # ]
|
|
|
|
|
