Editor's Note: Open Source Is Not Going To Sue You

Aug 08, 2008, 23:00 (7 Talkback[s])
(Other stories by Carla Schroder)

by Carla Schroder
Managing Editor

The Pitfalls of Open Source Litigation ran a couple of days ago. It painted a picture of Open Source software as being a minefield of grumpy litigious geeks who want to cash in with fat lawsuits, and no clear guidance for how to stay out of trouble. Oddly, this all seemed to come from a most unlikely source, the director of the Gnome Foundation, Stormy Peters. Even unlikelier, it was from her talk at LinuxWorld, which hardly seems a good venue for spreading misinformation of any kind, let alone old moldy misinformation.

As usually happens with stories like these, reader comments were a mixture of "Die evil FUD-sucking scum!!" and "Er, it seems rather unlikely that Ms. Peters said these things." It always warms my heart when readers think before reacting, and even do a bit of research. (Do keep in mind that trade shows are noisy, distracting, and tiring- mistakes happen.) I think it is the job of ace journalists to verify the facts, and I was wishing someone would, and then it hit me- oh yeah, that's me, so I contacted Ms. Peters and asked if she had been quoted correctly. She said not quite, gave me a review of the main points of her talk, and kindly sent me her slides. The title of her talk was "Avoiding Open Source Lawsuits: Five Steps to Effective Open Source Governance in the Enterprise." (Note to Ms. Peters: You'll never make it to Jerry Springer with titles like that. Need to tart it up a bit.) She explained:

"I was very careful to say I was not trying to scare anyone away from open source and I thought the chances of anyone getting sued were very unlikely. And I actually said several times that the SFLC and BusyBox were not trying to make money, they were trying to get people to comply with the GPL."

Of course the trouble is in the details, and so the five steps are:

• OSS is already in your enterprise, so discover what you're already using. Ask your people, and there are tools such as OSS Discovery that find installed open source software.
• Have an OSS policy and training so your employees know what they are allowed to do, and so they understand what OSS is.
• Have a formal software approval process.
• Enforce license compliance.
• Track and audit- avoid surprises.

See anything radical here? Seems pretty common-sense to me, and a lot friendlier than having to install a licensing server to calculate how much you will be bled for eleventeen different types of server, user, CPU, per-node, per-host, per-seat, per-core, and so on licenses. Or having software that phones home to the mothership, and is always looking for excuses to not work. Not to mention giving a green light to the BSA (Business Software Alliance) to audit you at any time, at your expense, to make sure you aren't in compliance so they can whack you with massive fines. Remember Ernie Ball?

"Ball settled for $65,000, plus $35,000 in legal fees. But by then, the BSA, a trade group that helps enforce copyrights and licensing provisions for major business software makers, had put the company on the evening news and featured it in regional ads warning other businesses to monitor their software licenses...The BSA had a program back then called "Nail Your Boss," where they encouraged disgruntled employees to report on their company"

Litigation is a Last Resort

Ms. Peters discussed some of the recent legal actions taken by the Software Freedom Law Center against Verizon and BusyBox. Litigation is always a last resort- the SFLC's goal is to bring companies into compliance. The SFLC has been very successful at resolving license violations without going to court. Out of about 50 actions per year, very few ever go to court. Four recent exceptions are Verizon, and three different companies that thought they could ignore Busybox and do what they wanted with BusyBox's code. Litigation is an everyday business practice in the closed, proprietary world, not the FOSS world.

Users and Developers

There are different rules for end-users and developers. Most OSS licenses are liberal towards end-users, and if they have any restrictions they place them on modification and re-distribution. She discussed how software stacks also lead to license stacks- which again, shouldn't trouble users or in-house developers, but can make it complicated for anyone who wants to modify and distribute, because they'll have several different OSS licenses to deal with. (Note: the "beerware" license is not an OSS license, and some folks have no sense of humor.)

Linux Today readers have already summed up the whole issue succinctly: "Comply with the licenses and you'll stay out of court."

So there you have it. Some plain old common-sense and best practices. I'm sorry it's not all exciting like when the betrayed white-supremacist bisexual Goth mixed-race transvestites whack each other with folding chairs on Springer. Well no, actually I'm not sorry- there are better ways to find some excitement than through fake conflicts.

References

Related Stories:

• SFLC Keeps on the GPL Case: Sues Extreme Networks(Jul 22, 2008)
• Violate the GPL at Your Own Risk(Jun 11, 2008)
• Law.com Article Spins Old Confusions into New "Danger"(Jun 10, 2008)
• Finding the Right Open-Source Savvy Lawyer(Apr 08, 2008)
• SFLC Announces a For-Profit, Open-Source Law Firm(Mar 28, 2008)
• Another GPL Lawsuit is Settled(Mar 07, 2008)
• Inside the SFLC's Guide to Legal Management of FOSS Projects(Mar 02, 2008)
• The Experts' Legal Guide on Free Software(Feb 15, 2008)
• Are You Violating BusyBox's GPL Code?(Dec 24, 2007)
• BusyBox Developers File GPL Infringement Lawsuit Against Verizon Communications(Dec 07, 2007)
• In Defense of The GPL(Nov 28, 2007)
• BusyBox Developers and Monsoon Multimedia Agree to Dismiss GPL Lawsuit(Oct 31, 2007)