BOSTON -- The Linux community is generally behind a new open source licensing compliance program proposed by the Linux Foundation. The Open Compliance Program aims to make it simpler for developers to distribute infringement-free open source software code.
Attendees at LinuxCon here Monday said it is important to make it easier to attain open source licensing compliance -- making sure that distributed software code does not run afoul of licensing requirements -- but some weren’t sure about the execution of the program itself.
Open source licensing has been a hot issue with recent copyright infringement suits, including one against consumer electronics companies Samsung, JVC and others. That suit, filed in December, alleges that the companies used an open source code component for their products without allowing public access to it, a no-no under the GNU Public License version 2.
The goal of the new program is to “get everyone on the same page … which is ‘comply with the licenses, please,’” said Jim Zemlin, executive director of The Linux Foundation. “We wanted a holistic solution that would put the misunderstanding behind open source licensing behind us.”
The Open Compliance Program includes training, tools and a self-checklist designed to help a company ensure that it complies with free software licensing requirements.
Compliance is fine, but not enough
Leon Shiman, CEO of Shiman Associates and a co-founder of the open source X.Org Server, said the Foundation’s concern with open source licensing is important, but would like to see more actual input from the open source community -- the foundation of anything Linux -- into the initiative.
“There may be more effective ways to implement the program than [Jim Zemlin] has outlined so far,” said Shiman. “The opening up of greater opportunity for grassroots open development is most important.”
From a marketing standpoint, LinuxCon attendees wanted more. Rich Sands, Principal of RSands Consulting, said it’s good for The Linux Foundation to push licensing awareness, but the group may sap some of the enthusiasm around open source software.
“Compliance -- it’s a tough sell to market. It’s very costly, it takes time and it slows down development. While they’re doing a great thing, I’d like to see The Linux Foundation take a broader role with the use and consumption of FOSS,” noted Sands. “If you focus on compliance, you’re going to turn off the developers who are excited about open source.”
Others who were happy about the project were just happy to have something that brought attention to compliance -- they didn’t care about the execution. Armijn Hemel, Lead Engineer for gpl-violations.org, a site that brings awareness to GNU General Public License violations, said that while what The Linux Foundation didn’t reinvent the wheel with its announcement, it has simplified companies’ lives.
“Most of the information was already out there, but now you’ve got a one-stop shop regarding compliance,” Hemel noted. “You don’t have to search around all day.”
Hemel also noted the need for such a program was completely warranted.
“It’s just not on some companies’ agenda to check for open source issues,” said Hemel. “They are trusting that their suppliers have taken care of all of it, and it’s not. It can be a nightmare.”
Robert Stankey, Jr., principal engineer with LSI Corp., particularly liked the idea of compliance directory that will be part of the program. The directory houses a list of compliance officers at companies using Linux/open source software in their commercial products so that information on licenses is readily available.
“One of the biggest problems is that there’s no way to know if the code has been patented by someone else,” said Stankey, who is new to the open source development arena. “I like the compliance directory. It’s nice to be able to go to one place and get the contact list when issues come up.”
Ryan Arsenault is the assistant editor for SearchEnterpriseLinux.com.