Army lawyers dismiss Apache license indemnification snafu
A clause in the Apache open source license does not in fact violate a government law known as the Antideficiency Act that prevents federal officials from binding agencies in a contractual obligation before Congress has appropriated money for it--at least in one specific case that was considered by Army lawyers earlier this year.
According to defense officials who spoke on condition of anonymity, lawyers at Army Material Command grew concerned after defense contractor Raytheon submitted for acceptance a solution that contains Apache code. Use of Apache web server software is exceedingly common inside and outside the military; according to a survey of 644.27 million websites by U.K.-based Internet services company Netcraft, Apache serves an estimated 57.45 percent of all active websites.
However, a routine lawyerly check of licensing agreements uncovered a clause in the Apache license stipulating that licensees could be required to indemnify contributors to Apache code--a condition that would be unacceptable under the Antideficiency Act, since it would create a possibly unlimited future liability were a lawsuit to arise.
But, a closer examination of the clause revealed that the trigger for indemnifying Apache coders would be activated only should the licensee--Army Material Command in this case--itself extends indemnification to a third party.
Since the likelihood of any government agency agreeing to indemnify a software user is as close to zero as possible, Army lawyers dropped their concern, defense sources say. However, Army lawyers also appear leery of letting their conclusion become the basis for a military-wide conclusions on the irrelevance of indemnification clauses in open source licenses.
Most open source license experts tend to dismiss the indemnification clause as a non-issue for entities that don't themselves commercially transact software--such as the federal government.
- read the Apache license