The Fedora Project has announced that it will no longer permit Creative Commons ‘No Rights Reserved’ aka CC0-licensed code in its Linux distro or the Fedora Registry.
Fedora is a Linux distribution, developed and maintained by the Fedora Project, with sponsorship support from Red Hat and other parties.
The decision to ditch CC0-licensed open source software stems from the fact it could, in the future, pose patent issues.
Devs shipping CC0-licensed code retain patent rights
The Fedora Project will no longer allow CC0-licensed software aka code with ‘No Rights Reserved’ to be distributed on the Fedora Registry, or as part of the Fedora Linux distribution.
And, the organization admits this “fairly unusual change” may impact a small number of Fedora packages.
“CC0 has been listed by Fedora as a ‘good‘ license for code and content (corresponding to allowed and allowed-content under the new system). We plan to classify CC0 as allowed-content only, so that CC0 would no longer be allowed for code,” announced Richard Fontana, Senior Commercial Counsel at Red Hat via a mailing list this week.
“This is a fairly unusual change and may have an impact on a nontrivial number of Fedora packages (that is not clear to me right now), and we may grant a carveout for existing packages that include CC0-covered code.”
The reason for the policy change is simply this—while Creative Commons’ CC0 license allows content creators including software developers to waive copyright to their work, it has no bearing on the patent or trademark rights that the creators continue to retain.
One particular clause of CC0, shown below, is what prompted Fedora’s decision to ditch the license:
“No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document.” (The trademark side of that clause is nonproblematic from a
FOSS licensing norms standpoint.) The regular Creative Commons licenses have similar clauses.
Existing Fedora packages bearing the CC0 license may be grandfathered in, but that is something the Project has not affirmatively decided yet.
Why does it matter?
Open source software usage is ubiquitous, including by large corporations. Consuming and distributing free and open source (FOSS) software that continues to retain patent restrictions could become problematic in the future in the event of a legal dispute.
In a statement to The Register, Bradley M. Kuhn, policy fellow at the Software Freedom Conservancy (SFC) explained, “Patents that [apply to] software are a constant threat to the rights of users and redistributors of FOSS — particularly those that deploy FOSS commercially. That’s why SFC opposes the patenting of software entirely.”
Kuhn, commenting from a policy rather than a legal perspective, further stressed, often times copyleft licenses like GPLv2 contain “very strong” patent licenses, whether implicitly or explicitly.
An excerpt from the GPL v2 license seen by BleepingComputer does attest to the fact:
“Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone’s free use or not licensed at all.”
“We are aware that large patent-holding companies — Oracle in particular, but others as well — have urged FOSS developers to choose licenses such as CC0 that explicitly withhold granting of patent licenses,” said Kuhn.
The expert further suggests that software developers are better off adopting transparent licenses like GPL or copyleft-next, as opposed to CC0 where patent rights are not waived or licenses with ambiguous patent clauses.
Artist and hacker Rhea Myers also suggested how an organization like Red Hat, an IBM subsidiary supporting Fedora wouldn’t want to land in legal hot waters over future patent issues.
Yes CC0 does what it is meant to for cultural works but software from any sizeable organization is a patent minefield. Fedora is a large-scale collaborative software development project, so their/IBM’s lawyers don’t want to step into that minefield.
— Rhea Myers (@rheaplex) July 26, 2022
Interestingly, technology blogger Diego Elio Pettenò aka FlameEyes points out how in the past, Fedora had recommended the use of CC0 when juxtaposing it with ‘Unlicense,’ whereas Google, over time, moved towards rejecting software patches licensed under either CC0 or Unlicense.