News Stay informed about the latest enterprise technology news and product updates.

Golden's rules: Licensing from the CA perspective

Columnist Bernard Golden sizes up Computer Associates' proposed solution to the problem of open source license proliferation.

One of the real challenges facing users of open source is the seemingly-endless number of open source licenses. Far worse is the fact that the number of licenses is still increasing. This growth has been driven by commercial software providers converting formerly proprietary products to open source.

One example of this trend is Sun's recent conversion of Solaris into OpenSolaris, freely available under the new Common Development and Distribution License, also known as the CDDL and pronounced as the heart-warming phrase, "Cuddle." A second example is Computer Associates International's CA Trusted Open Source License (CATOSL), for which there is no clever, heart-warming phrase.

Sun modeled its license upon the Mozilla license. There are other licenses that are not even "modeled" upon another, merely copied with words changed to reflect the entity promulgating the license.

For many users of open source, all of this license proliferation is not much of a problem. Whether their open source components run under one license, or a dozen, makes no difference to them. However, two types of organizations are very concerned about license proliferation.

The first type is comprised of organizations that take a very structured approach to the use of open source. Many companies want to be sure that they're aware of all the requirements of the various open source products they use, and want to avoid even the appearance of infringing upon any open source license to which they need to adhere.

The second type is commercial software vendors that want to release a product under open source, or incorporate open source into their proprietary product. Having different licenses contained in their product is a nightmare of tracking, documenting and notifying.

In a presentation at last week's Open Source Business Conference in San Francisco, Sam Greenblatt, CA's open source point man, noted a couple of problems his company faced in this respect when releasing Ingres as open source.

First, the product contains components available under several different open source licenses. As open source licenses currently apply, the resulting product is under different strictures regarding distribution rights, attribution of source and so forth. Second, if someone suspected Ingres as infringing on their copyright, it's not clear how they would determine which part of the product to go after; in other words, the licenses are commingled, in effect.

So, as more commercial vendors release open source products with licensing headaches that are used by organizations with structured licensing processes, you have a recipe for lawyer heaven. All of which gets in the way of open source's purpose: freely available software with low barriers to create and use.

While the Open Source Initiative, which approves open source licenses, has called for trimming the outstanding number of licenses, merely reducing the number won't solve these problems.

Greenblatt proposed what I think is an excellent approach to licenses. Instead of everyone doing a slightly different bespoke license, why not separate licenses into two sections: one with general terms and conditions, and a second fill-in section that each licenser would enter organizational- or individual-specific information like name and contact details.

The problem of identifying which part of the product infringes when there are multiple copyright holders would be addressed by having the licenses attached to individual files. This would allow easy identification of what parts of a complete product are infringing when it is made up of a number of components.

This approach would bring open source licenses into compliance with most commercial contracts that have a boilerplate section that is consistent across all contracts from a given organization, and an addendum section that contains details specific to the individual contract.

Given that there are -- broadly speaking -- two types of open source licenses (GPL with imposed reciprocity rights, and Berkeley with redistribution freedom), it seems that moving to this approach would not be impossible.

Interestingly, in another OSBC session I attended, an attorney for NASA described the agency's license drafting efforts and how it ended up with a "fill in the blanks" license that could be used by any federal government agency. The NASA experience shows that a customizable license can be created and used.

As a measure of how serious CA is about pursuing this style of license, Greenblatt offered to withdraw the CATOSL in favor of this new type of license. Given that CA spent several million dollars on CATOSL, the offer is quite impressive.

Golden's rule

Overall, licensing is a mess. Having one's own open source license almost seems to be a status symbol these days. Finding a way to rationalize the situation would be great and would let us get back to the real business at hand -- using and creating open source to make our lives better.

Dig Deeper on Linux servers

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.