Common Public Attribution License - An Overview
by Rowan Wilson on 14 April 2008, last updated
The Common Public Attribution License (CPAL) was approved by the Open Source Initiative on 30 July 2007. It is an example of a category of licence that has come to be known as ‘badgeware’. Licences of this type mandate attribution of the original licensor in some specific way. The licence itself can be read at opensource.org.
History of the CPAL
During 2007 the issue of whether ‘badgeware’ requirements in licences were in tune with the principles of open source software licensing came to a head. Projects such as the open source customer relationship management (CRM) application SugarCRM and the open source content management system Alfresco had attracted criticism from the community for their use of adapted versions of the Mozilla Public License that had not received approval from the Open Source Initiative. In both cases, the licences obliged users and developers to ensure that any interface screens generated by the software (or adaptations of the software) carried a logo and link back to the site of the software’s original authors.
Now the requirement to attribute code to its original authors is not a novel one in free and open source software licensing; for example, the GNU General Public License v2 stipulates that where a piece of software displays information when starting up, it must show an appropriate copyright notice, a notice that there is no warranty and a reference to the licence. Licensors who chose to add ‘badgeware’ stipulations to their otherwise OSI-approved licences argued that the additonal requirements were small and that they deserved the increased attention and credit that display of the ‘badge’ was designed to bring. Opponents of ‘badgeware’ pointed out that the additional responsibilities could become onerous if code from many ‘badgeware’ projects were to be intermingled, and that the responsibilities would hang over in projects where only a small amount of the original licensor’s code remained after adaptation.
Finally, in June 2007, Socialtext, an enterprise wiki provider, drafted the Common Public Attribution License, another variation on the Mozilla Public License that again added an attribution clause, and submitted it to the Open Source Initiative for approval. It was approved, as noted above, on 30 July 2007. Both Alfresco and SugarCRM abandoned their ‘badgeware’ licences before the approval in favour of, respectively, versions 2 and 3 of the GNU General Public License. Currently, the Community Edition of Sugar is available under the GNU Affero General Public License v3, whereas the open source version of Alfresco is released under LGPL v3.
Main Features of the CPAL
The Common Public Attribution License is an adaptation of the Mozilla Public License (MPL). The unadapted MPL stipulates that adapted versions of files released under the MPL covers must be distributed under the MPL if distrubuted at all. However, it does permit the creation of what it calls a ‘Larger Work’, which can be formed of MPL-licensed code and newly-created code. In this case, the portion of the codebase that is newly created can bear any licence that its author chooses - open source or not. For more details please see the OSS Watch document The Mozilla Public License v 1.1 - An Overview.
In addition to the standard terms of the MPL, the CPAL adds two further terms. Firstly, it allows the original author to require that in derived versions, when the program is initially run (or when a user begins a new session with an already-running instance of the program), some kind of attribution be displayed. The definition of what precise form this attribution will take is inserted into a separate appendix of the licence by the licensor. However, CPAL limits the extent of the attribution to the following elements:
- (a) a copyright notice including the name of the Original Developer;
- (b) a word or one phrase (not exceeding 10 words);
- (c) one graphic image provided by the Original Developer;
- (d) a URL
Secondly, the CPAL contains an additional term - borrowed in fact from the OSI-approved Open Software License 3.0 - which governs use of the software’s functionality over a network. Essentially this term seeks to define the deployment of the software in a network-accessible fashion as a kind of distribution. This ensures that any individual or organisation that uses the software as part of a network-accessible service - like a website for example - must make source code to the software available as though they were actually distributing the software. The intention is to release back into the community useful work and adaptation which the owners of such a network-accessible service might otherwise be tempted to keep private. (Another license that contains this feature is the GNU Affero GPL license).
What makes the CPAL different?
These bullet points are intended to summarise what is distinct about the CPAL. They are not intended as a full description of its features. The Common Public Attribution License:
- allows the original author to require that an attribution of their role as the originator of the work be displayed on the software’s user interface, and to specify what form this should take
- requires users and adapters who run the software in-house but make its functionality available over a network to distrubute the source to the software
- is otherwise substantially identical to the Mozilla Public License v1.1 Some examples of software available under the CPAL are Mule, the service-oriented architecture platform, Openproj the project-management application, and, of course, the wiki software Socialtext. More recently Reddit was released under CPAL.
OSS Watch has produced a document that highlights the main legal issues to consider when Making your code available under an open source licence.
- The Open Software License 3.0 [http://www.opensource.org/licenses/osl-3.0.php]
- SugarCRM’s Sugar Community Edition License [http://www.sugarcrm.com/crm/gplv3-faq.html]
- Alfresco Software Ltd. Licensing Policy [http://wiki.alfresco.com/wiki/Open_Source_Licensing]
- Socialtext [http://www.socialtext.com/]
- Open Source Initiative [http://www.opensource.org/]
- Mule [http://www.mulesoft.com/]
- Openproj [http://openproj.org/]
- Reddit on Github [https://github.com/reddit/reddit]
Related information from OSS Watch: