Use a more permissive license

[redchair123]

As per the Microsoft Office Extensible File License (which is what you appear to use):

(F) Platform Limitation- The licenses granted in sections 2(A) & 2(B) extend only to the software or derivative works that (1) are run on a Microsoft Windows operating system product, and (2) are not Excluded Products.

This means the rights do not extend when the script is used on a platform that does not run Microsoft Windows (including the Apple iPhone, Android, OSX, Linux, and many other oft-used non-Microsoft operating systems). Even a simple HTML5 demo which allows you to click-drag a file and analyze it would not be acceptable, given that it would be possible for a person on an iPhone to haplessly stumble upon the demo.

Given the ambiguity, would it be possible to release the code under a more permissive license? For example, an MIT license would unequivocally resolve licensing issues.

[stephen-hardy]

Hello Niggler,

I share your concern, and we've had multiple discussions about this subject internally, but unfortunately the MIT and other open source licenses would not sufficiently protect Microsoft's patents and IP in this area. Thank you for opening the issue, as we will keep this in mind if the matter is ever reconsidered.

Stephen

[Spaceghost]

Evidently IP and patents include ISO standards these days. Wonderful world we live in, isn't it?

[stephen-hardy]

I'm a developer, not a lawyer. I'm just passing along what I've heard.

[redchair123]

@stephen-hardy I'm viewing this from a mac right now. Wouldn't that mean the grants wouldn't extend to your script, rendering you in violation of the license?

Yes I realize you aren't a lawyer, but any IP lawyer should have picked up on this incongruity

[Spaceghost]

It would behoove me to know and understand the legal ramifications of the code I write and distribute on a platform known for its open source love, as well as any code I write. :frowning:

But, given the source of the legal advice, I'm more inclined to write this off as a lovely waste of disk space, bandwidth, and time.

Cheers.

[stephen-hardy]

@Niggler Unfortunately, I cannot comment on your question.

@Spaceghost Knowing and understanding the legal ramifications is different than commenting and making a legal statement. I have my opinions and concerns, but Microsoft owns the code and needs to defend their property as the legal team sees best. I developed the code while working for them, and they graciously decided to provide it to the community in it's current form. Regardless of what I know and understand, and regardless of my opinions and concerns, I am not in a position to make any legal statement.

If you cannot use or learn from the code with the current license, please move along without trolling what I am unable to change. However, there are those that believe they can use and learn from the code. I'm happy that those people have found some benefit in this library.

[isaacs]

Not trying to jump into the fray here, and I'm certainly not opinionated in any particular direction wrt this project. I'm seriously not trolling.

Did you suggest Apache2 to the legal powers that be in this case? It contains a very similar patent clause as the license on this project, and is OSI approved and compatible to use with other liberal licenses. (I can understand why MIT or BSD are not appropriate in this case, if protecting patents is a concern.)

The only real sticking point (and the primary way in which this deviates from Apache2) is the last line:

 (F) Platform Limitation- The licenses granted in sections 2(A) & 2(B) extend only
to the software or derivative works that (1) are run on a Microsoft Windows operating
system product, and (2) are not Excluded Products.

For an open source JavaScript program, that just doesn't make sense. The whole point of writing something in JS is platform portability.

However, there are those that believe they can use and learn from the code.

Well, actually, according to the license, you can't "learn from the code" if you then turn around and apply your learnings to a program that runs on a non-windows OS. That'd be a violation of patent and copyright. If someone wants to write a cross-platform xlsx parser, then they'd be better off reverse engineering the files without the benefit of your code or your advice. The minute they even see your code, they're in a legal quagmire.

You've mentioned several times that this was the requirement of lawyers at Microsoft. I understand that you cannot change it arbitrarily. But surely you know some lawyer at Microsoft that you can communicate with in some way. Have you tried pointing out the fact that this line in the license prevents it from being "open source" in any relevant way, and is a landmine for any potential users?

Microsoft does have quite a bit of open source love these days. They're one of the biggest contributors to Node.js, and have done a lot of work with other open source projects. Of course, I know, at a company of that size, the Office team and the Platform team might as well be in different countries, but it might be worth pointing out that the license here is preventing Node users from interacting with XLSX files.

[stephen-hardy]

Hello isaacs,

Yes, I have tried to point out the concerns expressed in this thread. My legal contact and I have had several discussions on this topic, dating back to early this year. While we differ in opinion, I respect his position and appreciate how helpful he was in getting this published. Threads like this may influence future decisions regarding the licensing of this and other libraries, but in the meantime I believe it is more beneficial to have the library published under this license than to not have it published at all. I know there are those that disagree with that opinion - that's fine. @Niggler pointed out that most people assume GitHub projects are published under OSI-approved licenses, and I agreed that we will take steps to clarify the licensing situation. However, what I believe to be incontrovertible is that there are those that believe they can use and learn from this library. Whether their legal assumptions for that belief are correct or incorrect is not my responsibility. It is quite possible to be developing for a scenario that is compliant with the license - Node can run on Windows, for example. I am happy to do what I can to reduce misunderstanding, but I will not punish those who claim to comply with the license because there are those who are too lazy to read and comply with it. Nobody is forcing people to use this library. If you are not sure you can use it and be compliant with the license, I would suggest you search for another solution - similar to if the library were never published.

Thank you, @isaacs and @Niggler, for your concern and respectful participation - it increases the possibility of future changes.

Stephen

[redchair123]

@stephen-hardy your code could be used in-browser, which would be problematic because it would force all developers using the file to put a filter restricting access to people using Windows (just to make it clear, in this case the software in question would be running in the browser, and if the computer using the browser happens to be a Mac running OSX then the developer is not covered under the aforementioned clause).

I will not punish those who claim to comply with the license because there are those who are too lazy to read and comply with it.

Unfortunately there is no assertion in the code or in the license that you are the contributor. Without that, it's possible that someone else in your organization could claim to have contributed (rendering your statement useless). Even if that were the case, I suspect nothing short of a notarized document would be sufficient.

Somehow OpenOffice (a free editor that supports xls/xlsx) and Apache POI (a set of Java libraries for interacting with MS Office files) are distributed under licenses that somehow allow for development and deployment on non-Windows platforms. There is some concern there too (surrounding the Open Specifications Promise) but I wonder how that team was able to obtain a license that did not include the Windows requirement ...

[stephen-hardy]

@Niggler My apologies for the confusion regarding my statement, which you quoted above. I was not absolving anyone of legal responsibility, commenting on who would or could be prosecuted, or making any type of a legal statement. What I meant to say was that I would/will not punish those who claim to comply with the license, by never publishing the library in the first place or taking it down now, because there are those who are too lazy to read or comply with it. I understand that there are those who cannot benefit from the library under it's current license. That is unfortunate. But, while they are no better off than if it were never published, there are those who have benefited from its public existence. Given the above context, I would not penalize the latter group for the convenience of the former.

Being that Microsoft did not pay to develop OpenOffice and Apache POI, I don't imagine Microsoft's legal team was consulted in the matter.

[redchair123]

A cursory read of http://opensource.org/node/351 would suggest that Microsoft is involved in the development AND they managed to work with the legal team to obtain clarifications. It mentions two Microsft employees by name, Sam Ramji and Robert Duffner. They may or may not currently work with Microsoft, seeing as how the post was penned in 2008.

[isaacs]

@Niggler Congratulations. You've just discovered that Microsoft, like any large organization, does absurdly contradictory things, all the time ;)

[redchair123]

@isaacs I was replying to @stephen-hardy commenting that "I don't imagine Microsoft's legal team was consulted in the matter."

[isaacs]

@Niggler Sure, but I mean, even saying "Microsoft's Legal Team" is absurdly vague. It's like saying "Microsoft's Programming Team".

[wwahammy]

@stephen-hardy I'm a little confused as to what patent or IP protections you'd need. XLSX is based upon an open standard. There's nothing to protect.

[redchair123]

@ericschultz I don't recall where I found it, but there was a patent declaration associated with ECMA-376: https://www.dropbox.com/s/al723ot5vtedfgh/ECMA-376%20Edition%202%20Microsoft%20Patent%20Declaration.pdf

The problem is that this only covers material under the ECMA spec. It's possible that @stephen-hardy used information from sources with other licensing terms (e.g. http://msdn.microsoft.com/en-us/library/cc313154(v=office.12).aspx) which would be covered under the Microsoft Open Specifications Promise) or without any sort of protection (reverse-engineering or actually peeking at the Excel source code -- his profile does say that he is a microsoft employee)

[wwahammy]

Well I don't see how xlsx.js could use http://msdn.microsoft.com/en-us/library/cc313154(v=office.12).aspx as that deals with binary XLS files. Either way the patents are licensed free of charge for conforming code. I don't have any reason to think this code doesn't conform with the standard. If Apache, who has lots of legal concerns, feels the patents issues are clear enough to implement their own libraries, then I have a tough time seeing why this is an issue. I also guarantee Microsoft's legal team was consulted on Apache's questions on the open specification promise, it was a big deal when it happened.

@stephen-hardy could clarify but I'm almost 100% sure he did not look at the Excel source code. He works with a different division; it's not like every in MS has access to all the source in the company.

[redchair123]

@ericschultz I ended up writing a version based off of the ECMA spec: http://niggler.github.io/js-xlsx/ -- at this stage, I don't think the license will be changed (I raised the issue on December 3 2012)

On Mon, Jul 1, 2013 at 12:30 PM, Eric Schultz notifications@github.comwrote:

Well I don't see how xlsx.js could use http://msdn.microsoft.com/en-us/library/cc313154(v=office.12).aspx as that deals with binary XLS files. Either way the patents are licensed free of charge for conforming code. I don't have any reason to think this code doesn't conform with the standard. If Apache, who has lots of legal concerns, feels the patents issues are clear enough to implement their own libraries, then I have a tough time seeing why this is an issue. I also guarantee Microsoft's legal team was consulted on Apache's questions on the open specification promise, it was a big deal when it happened.

@stephen-hardy https://github.com/stephen-hardy could clarify but I'm almost 100% sure he did not look at the Excel source code. He works with a different division; it's not like every in MS has access to all the source in the company.

— Reply to this email directly or view it on GitHubhttps://github.com/stephen-hardy/xlsx.js/issues/8#issuecomment-20293281 .

[Spaceghost]

On Jul 1, 2013 12:43 PM, "Niggler" notifications@github.com wrote:

@ericschultz I ended up writing a version based off of the ECMA spec: http://niggler.github.io/js-xlsx/ -- at this stage, I don't think the license will be changed (I raised the issue on December 3 2012)

This seems to be true. I wasted my resources using @niggler's project and couldn't be happier.

On Mon, Jul 1, 2013 at 12:30 PM, Eric Schultz notifications@github.comwrote:

Well I don't see how xlsx.js could use http://msdn.microsoft.com/en-us/library/cc313154(v=office.12).aspx as that deals with binary XLS files. Either way the patents are licensed free of charge for conforming code. I don't have any reason to think this code doesn't conform with the standard. If Apache, who has lots of legal concerns, feels the patents issues are clear enough to implement their own libraries, then I have a tough time seeing why this is an issue. I also guarantee Microsoft's legal team was consulted on Apache's questions on the open specification promise, it was a big deal when it happened.

@stephen-hardy https://github.com/stephen-hardy could clarify but I'm almost 100% sure he did not look at the Excel source code. He works with a different division; it's not like every in MS has access to all the source in the company.

— Reply to this email directly or view it on GitHub< https://github.com/stephen-hardy/xlsx.js/issues/8#issuecomment-20293281> .

— Reply to this email directly or view it on GitHub.

[dugokontov]

Licence says:

(1) are run on a Microsoft Windows operating system product

What this says is that you can use this library for creating files that can be run on Microsoft Windows OS product. One that product is MS Excel. So, as long as you crate Excel files, you can use this lib. Where this file will be opened, and on what platform will you create Excel files is not restricted by this licence.

[redchair123]

@dugokontov Microsoft Excel for Windows is a Microsoft Windows operating system product. Microsoft Excel for Mac is not a Microsoft Windows operating system product.

[dugokontov]

@Niggler Right. But you create file for Microsoft Excel for Windows.

[redchair123]

@dugokontov read the words carefully:

The licenses granted in sections 2(A) & 2(B) extend only to the software or derivative works that (1) are run on a Microsoft Windows operating system product, and (2) are not Excluded Products.

So the question is: what happens if I run this project on a Mac? Imagine that there was an xlsx.js version of http://niggler.github.io/js-xlsx/

The license terms would not apply because the software would be running on Mac OS X (which is not a Microsoft Windows operating system product)

[dugokontov]

It would apply, because it is not stated that you cannot run it on Microsoft Windows operating system, but it says that it can be used to create something that is run only on Microsoft Windows os product. MS Excel is a MS Win OS product.

Please consult your layer if you need more details/clarifications.

[redchair123]

If you spoke to a lawyer, you'd get my exact response (that's because I spoke with a lawyer before raising this issue :)

The use of the word only means that the license doesn't apply elsewhere. The software is not the xlsx files being read or written; it is the javascript code that uses xlsx.js.

So consider a web app that uses xlsx.js on the client side. If someone accesses the site from a Mac, the software will not have been run on a Microsoft Windows operating system product, in which case the license does not apply.

It's possible that your confusion is that you are parsing the sentence as "Microsoft Windows operating system" product, but its actually "Microsoft Windows operating system product". In that particular clause, if they intended to refer to products that run on a Microsoft Windows operating system, they would have said so.

@dugokontov there are professionals who have spent many years analyzing issues surrounding software licenses. I recommend you talk with one or a few before making conclusions that will blow up in your face later.

[wwahammy]

Because this software is unreasonably limited due to license, just use @Niggler's open-sourced version at https://github.com/Niggler/js-xlsx.