The Pitfalls of Open Source Litigation ran a couple of days
ago. It painted a picture of Open Source software as being a
minefield of grumpy litigious geeks who want to cash in with fat
lawsuits, and no clear guidance for how to stay out of trouble.
Oddly, this all seemed to come from a most unlikely source, the
director of the Gnome Foundation, Stormy Peters. Even unlikelier,
it was from her talk at LinuxWorld, which hardly seems a good venue
for spreading misinformation of any kind, let alone old moldy
As usually happens with stories like these, reader comments were
a mixture of "Die evil FUD-sucking scum!!" and "Er, it seems rather
unlikely that Ms. Peters said these things." It always warms my
heart when readers think before reacting, and even do a bit of
research. (Do keep in mind that trade shows are noisy, distracting,
and tiring- mistakes happen.) I think it is the job of ace
journalists to verify the facts, and I was wishing someone would,
and then it hit me- oh yeah, that's me, so I contacted Ms. Peters
and asked if she had been quoted correctly. She said not quite,
gave me a review of the main points of her talk, and kindly sent me
her slides. The title of her talk was "Avoiding Open Source
Lawsuits: Five Steps to Effective Open Source Governance in the
Enterprise." (Note to Ms. Peters: You'll never make it to Jerry
Springer with titles like that. Need to tart it up a bit.) She
"I was very careful to say I was not trying to scare
anyone away from open source and I thought the chances of anyone
getting sued were very unlikely. And I actually said several times
that the SFLC and BusyBox were not trying to make money, they were
trying to get people to comply with the GPL."
Of course the trouble is in the details, and so the five steps
OSS is already in your enterprise, so discover what you're
already using. Ask your people, and there are tools such as
Discovery that find installed open source software.
Have an OSS policy and training so your employees know what
they are allowed to do, and so they understand what OSS is.
Have a formal software approval process.
Enforce license compliance.
Track and audit- avoid surprises.
See anything radical here? Seems pretty common-sense to me, and a
lot friendlier than having to install a licensing server to
calculate how much you will be bled for eleventeen different types
of server, user, CPU, per-node, per-host, per-seat, per-core, and
so on licenses. Or having software that phones home to the
mothership, and is always looking for excuses to not work. Not to
mention giving a green light to the BSA (Business Software
Alliance) to audit you at any time, at your expense, to make sure
you aren't in compliance so they can whack you with massive fines.
Remember Ernie Ball?
"Ball settled for $65,000, plus $35,000 in legal fees.
But by then, the BSA, a trade group that helps enforce copyrights
and licensing provisions for major business software makers, had
put the company on the evening news and featured it in regional ads
warning other businesses to monitor their software licenses...The
BSA had a program back then called "Nail Your Boss," where they
encouraged disgruntled employees to report on their
Litigation is a Last Resort
Ms. Peters discussed some of the recent legal actions taken by the
Software Freedom Law Center against Verizon and BusyBox. Litigation
is always a last resort- the SFLC's goal is to bring companies into
compliance. The SFLC has been very successful at resolving license
violations without going to court. Out of about 50 actions per
year, very few ever go to court. Four recent exceptions are
Verizon, and three different companies that thought they could
ignore Busybox and do what they wanted with BusyBox's code.
Litigation is an everyday business practice in the closed,
proprietary world, not the FOSS world.
Users and Developers
There are different rules for end-users and developers. Most OSS
licenses are liberal towards end-users, and if they have any
restrictions they place them on modification and re-distribution.
She discussed how software stacks also lead to license stacks-
which again, shouldn't trouble users or in-house developers, but
can make it complicated for anyone who wants to modify and
distribute, because they'll have several different OSS licenses to
deal with. (Note: the "beerware" license is not an OSS license, and
some folks have no sense of humor.)
Linux Today readers have already summed up the whole issue
succinctly: "Comply with the licenses and you'll stay out of
So there you have it. Some plain old common-sense and best
practices. I'm sorry it's not all exciting like when the betrayed
white-supremacist bisexual Goth mixed-race transvestites whack each
other with folding chairs on Springer. Well no, actually I'm not
sorry- there are better ways to find some excitement than through