[OpenLayers-Dev] XMLHttpRequest.js license

christopher.schmidt at nokia.com christopher.schmidt at nokia.com
Wed Apr 21 10:31:21 EDT 2010 

On Apr 21, 2010, at 10:08 AM, ext Mark Williams wrote:
> But you /do/ provide the full source of XMLHttpRequest.js, together
> with a means of recombining it with your application (you provide the
> full source, and a build mechanism for openlayers). Anyone could
> substitute their own modified (or later version) of XMLHttpRequest.js,
> and create a modified OpenLayers based on that.

What OpenLayers-the-project does, and what people using OpenLayers do, is two different things.

In almost all situations, OpenLayers-the-project would be doing something that would not be negatively impacted by an LGPL licensed piece of code. We're providing an Open Source project, full source code, etc. etc. However, the people who are actually using OpenLayers are affected differently than the project itself. 

Many proprietary organizations use OpenLayers. In general, in these case, OpenLayers is an underlying library -- the source code is not provided explicitly. In some cases, the source code may not be available in the "machine readable source" form -- it may be compressed with packer, or some other compression tool which makes the source code equally difficult to see/edit. 

The things that the LGPL requires that might matter to these companies:

 * If they distribute their proprietary app code with OL, they would have to allow for their application to be reverse engineered. (If you can't think of any corporation that could be frustrated by this, just imagine that Google Maps used OpenLayers internally, and see how that would work.)
 * If they include LGPL code *inside* the library (as OL does for XMLHttpRequest), they have to provide full source code any time they provide the library. The practical requirements that this places on web/javascript applications are pretty significant in my opinion: I have to provide the source code link any time I use the code, etc. etc. It's certainly a restriction or affect on OpenLayers-using applications if we were to include LGPL code in the library. Additionally, any proprietary stuff they built would have to be published as well.
 * If they use the LGPL code via a 'suitable shared library linking mechanism' (such as via external <script> tag), you'd still have to provide the full source to every library any time you provide the code.

These restrictions are not particularly heinous -- at least, the last one isn't. (The first is something that could be discussed; I think it would make more people uncomfortable, even if it didn't actually affect people, given that OL has taken a very non-limiting approach in the past.) However, it would require anyone who uses OL (or uses it with XMLHttpRequest) to change their process to provide source code access anytime they use OpenLayers, which would be a change. (At the very least, this would have the affect of having people need to acknowledge they're actually *using* Open Source -- at least some companies would probably be uncomfortable with that.)

So, in short:

 * If we were to use via <script> tag, any OL apps would be *required* to be reverse engineerable, including any pieces which were proprietary. (The limitation of 'for the purpose of changing how the library is used' seems like one that nobody would want to argue in court.)
 * If we were to use via <script> tag, any OL app would have to provide the access to the source code of the library any time they use OL. The practical effect of this would be significant, in my opinion, but in any case, it would be a change.  
 * If we were to use via building it in (as we do now), users would have to provide their entire source code, the same way that they would under the GPL -- this would essentially be making OL a GPL library, so far as I can tell. That would certainly be well beyond what OL is looking to do.

Note that even the GPL doesn't affect OL as distributed by OpenLayers.org. (Well, our examples would have to change -- they don't provide links to the source code of OpenLayers in the HTML pages, but.) We're totally open, so we don't get affected by license restrictions as such. However, for users of OpenLayers creating proprietary apps, this could potentially be much more problematic.

If any of this is still unclear, feel free to ask for clarification.

Best Regards,
-- 
Christopher Schmidt
Nokia

More information about the Dev mailing list