MinIO, provider of cloud software, has claimed that Weka, provider of more cloud software, is violating the terms of the Apache-2.0 license of their (MinIO’s) open source code. Both blog statements contain a surprising number of confusions about how open source licensing work.
MinIO writes: “As a result of the open source license violations, MinIO revokes Weka’s license to any and all MinIO software, effective immediately. All customers of Weka that are using the offending software are now doing so without a license.”
This is not the common interpretation. If Weka did not comply with the Apache-2.0 license, it never received the rights grant, and there is no license to revoke. Also, while not explicit in the Apache license (but others) the users (i.e. Weka’s customers) can still keep using the open source code: The issue is between MinIO and Weka, not between MinIO and Weka’s customers.
Weka writes: “Accordingly, we provide the following copyright notice to all WEKA customers and partners […] In addition to making this notice publicly accessible on our website, we also reference it in WEKA’s software end-user license agreement (EULA), in the WEKA software graphical user interface (GUI), in the WEKA command line interface (CLI), and in our WEKA customer support web portal […]
From Weka’s statement it is not clear whether they are compliant or not. The issue is the weasel word “provide”. For Weka to be compliant, its customers need to be given a copy, as part of the distributed code, of the proper legal notices (license texts, copyright notices, etc.). Referencing legal notices somewhere on the web is not sufficient.
If you don’t want to end up in quarrels like this, I recommend our upcoming seminar on streamlining open source license compliance (the LCD seminar).