'Infectious' Open Source Software? 270
Gavo writes "Law firm Chapmann Tripp advises New Zealand State Services Commission that the New Zealand Government should be wary of using 'infectious' open source software. They claim 'While the use of open source software has many benefits, it brings with it a number of legal risks not posed by proprietary or commercial software.'"
Not really (Score:2)
Re:Not really (Score:2)
So long as they aren't modifying and (as you did mention) the code. They can can modify it as much as they want and not have to release their source code if they just use it internally.
Re:Not really (Score:2)
Re:Not really (Score:2)
Run for the hills NZ: you've been infected!!
Re:Not really (Score:2)
modifying and <redistributing>
instead of:
modifying and redistributing
Re:Not really (Score:2)
OK, I should just stop until I've had some coffee.
Even more fun when you compare to proprietary (Score:2, Interesting)
And it gets even more fun when you compare the F/OSS licenses with the common proprietary ones. When our company decided Legal needed to review any F/OSS license used here, I got them to agree to do the same level of review on the proprietary licenses. Not surprisingly, there were *way* more proprietary licenses (the original concern was too many licenses), and the proprietary ones had way more questionable terms t
Re:Not really (Score:2)
Ofcourse, commercial software is just as vulnerable to patent/copyright infringements as well, and so are it's users since most commercial software includes disclaimers.
The only way a commercial package may be better protected is by "obfuscation"; you can't check the source to see if they stole your code. As such an open source package might be better, since you atleast can verify it's code.
Re:Not really (Score:2)
The GPL also contains such disclaimers; it's extremely rare that a software licence doesn't.
Re:Not really (Score:2)
Re:Not really (Score:2)
According to TFA it does:
Exposure to faults and intellectual property claims
25 There is a risk that open source software contains functional defects, or breaches a third party's intellectual property rights (e.g. where it contains code misappropriated from proprietary software or functionality in breach of a patent). The absence of warranties and indemnities in most open source licences
Re:Not really (Score:2)
Re:Not really (Score:2)
I have to say "infectious" is a bit over the top. He probably only did that to get people to talk about it....and well, here we are.
Re:Not really (Score:2, Insightful)
Whereas, of course, you can legally use closed source a part of your own products all you want.
Re:Not really (Score:2)
If software comes with a license, people should be aware of what it says. That's just common sense. Understand now?
How about... (Score:2, Funny)
Much better.
Re:How about... (Score:2)
I guess by that considered legal opinion it follows that if I compile my software with a microsoft compiler, the generated program belongs to Microsoft.
From TFA: hmm, someone have an agenda? (Score:2)
Relevant to all open source use.
Disclosure of confidential code/ No rights to use.
Relevant where software has been infected by an open source licence."
They talk about it like there aren't IP claims with proprietary source code. I would argue that these "legal issues" are in fact features of open source that are hampered generally in commercial closed-source software. Closed source tends to have more of the issues above by defau
The #1 reason why articles like this are BS... (Score:4, Insightful)
Re:The #1 reason why articles like this are BS... (Score:2)
If you link to a library you have to follow the license as well. And, sadly, this is where many (I'd even say most) developers just don't get it. They don't understand the differences between the varying licenses, or the difference between OSS licensing and commercial licensing. Most developers are familiar with commercial licenses where you buy the code once and you can now link to the library, using the documented
Re:"linking" (Score:2)
If that library is under the GPL and you distribute your executable then you are violating the GPL unless you distribute your source as well.
If the code is under some other license then you can still violate the license by not complying to it -- e.g., if it's under the BSD/MIT license and you don't include the original license text or try to represent the code as your own, original work. That doesn't encumber yo
Re:"linking" (Score:2)
If there's only one library that implements the API you're using and that library is GPL'd, then there's no way to get a working executable without including GPL'd code in it. This means that you have to distribute your code under the GPL. If there's a non-GPL library that implements the same API then you don't have to GPL your code, even if the person you give the source to links it with the GPL'd library.
Exactly just look at the blueberry (Score:2)
Of course it turns out that the patents are no good but if they had been would this lawfirm claim that buying closed source products is a huge risk since you never know if some patent abuser doesn't decide to shut you down?
Lawyers are like nukes. If the other guy has them you got to have them as well but on the whole the world would be a better place without them.
Between The Lines (Score:3, Insightful)
Time to break out the FUD cakes!"
Re:Between The Lines (Score:2)
Of course .... (Score:3, Interesting)
MS has been sued how many times now for IP violations? - and that's with people having to either "steal" the code or sue to see it.
Unfortunately, I do see more IP challenges to OSS in the future. On the up side I also see those challenges being handled by the OSS community with rapid patches to remove the problem - unless it's something like BT sueing over links.
Infectious! (Score:3, Funny)
Recommended Daily Allowance of FUD (Score:3, Insightful)
But the use of closed source and proprietary software has a generally greater risk due to risk of copyright violation and patent violation and user agreement violation. Simply reverse-engineering a proprietary protocol in order to get your work done or to fix a serious issue in closed source software can cause serious legal problems which are often far greater, even though they are more familiar. And the closed source tools are far more likely to contain backdoors or to have vital features discarded in new revisions, forcing a painful and expensive upgrade process for both software and its configurations to the new setups, or to simply be discarded and the data or tools permanently lost to users.
The shutdown of companies or their abandonment of products is a real problem in the closed source world.
Re:Recommended Daily Allowance of FUD (Score:2)
--
Q
Re:Recommended Daily Allowance of FUD (Score:2)
Everything in the public sector is goverened by rules designed to stop people taking risks (like having 'bright ideas' and trying to make things better). Everything is done a
Re:Recommended Daily Allowance of FUD (Score:2)
Re:Recommended Daily Allowance of FUD (Score:2)
>happening. Does software suddenly stop working once the company that
>made it closes down?
If the software requires some sort of activation it will, at least as soon as you need to reinstall it for example. If the software rely on some sort of "calling home" while in normal use it will stop working too of course.
If they stop to simply support the software, you can't get help if you have problems with the software any more or discover a
Nothing but the usual FUD (Score:3, Interesting)
More public review, code that tends to be of higher quality, and the ability to fix problems yourself
intellectual property claims
And since when proprietary software was free from litigation?
the risk of forced disclosure of confidential code
"confidential code" -- whose? If yours, you wouldn't even be able to put it there otherwise. And someone has to reread the GPL again -- no one says the gov agency in question has to distribute any source of things they use internally. If the agency in question releases some software itself -- that "confidential code" will be disclosed anyway, just in a form that is harder to read. Back in the days, I learned how to program a particular SVGA chipset by debugging through BIOS code, and my asm skills are low -- are you going to tell me that if the "confidential code" has any real value, no one will get to it anyway?
Re:Nothing but the usual FUD (Score:2)
Well, as I read the GPL, if said government agency creates a GPLed tool and distributes it internally, then they must also make the source available internally; I see no exceptions allowing you to not provide source to employees on demand. I also see no exceptions allowing you to require that said receiving employees do not distribute the code outside of the agency.
So
Re:Nothing but the usual FUD (Score:2)
Re:Nothing but the usual FUD (Score:2)
Incidentally, congratulations on being the first person to actually answer this point, which I've made a couple of times before...
Re:Nothing but the usual FUD (Score:2)
Thats why you can argue that you dont have to distribute the sourcecode to employees, because they are part of the company entity an
Re:Nothing but the usual FUD (Score:2)
SCO vs. IBM (Score:2)
SCO has shown beyond a shadow of a doubt that starting with proprietary code can be viral and prevent you from having full control of your own "property" in the future. Once that proprietary code touches your, you are no longer the full owner of your software.
Sigh. Another one. (Score:5, Insightful)
It's not terribly well written, mainly because it seems to add a load of guff to licenses which are by and large pretty easy to read. And it uses some contentious terminology which is likely to cause concern. ("Infectious", anyone?)
Doubtless a whole boatload of slashbots who didn't RTFA will be a long in a moment to say "yeah but no but it's microsoft FUD ignore it don't give it publicity etc etc" - I'm not going to debate that one. I actually think it's more likely to be an attempt on the part of the law firm to drum up a bit of business. Something along the lines of "Now you've read this article, contact us for further advice!"
Re:Sigh. Another one. (Score:2)
So in other words, it's FUD but not from Microsoft? It really shouldn't be rocket science to figure it out if only someone reads it - or
Re:Sigh. Another one. (Score:2)
It was prepared by the State Services Commission [ssc.govt.nz] and therefore presumably carries a stronger imprimatur than if it were just some private law firm making this analysis.
Then again, IANAK (I Am Not A Kiwi [wikipedia.org]), so I may be giving this agency more credit than it is due...
Re:Sigh. Another one. (Score:2)
Actually from TFA: "this guide was prepared for the State Services Commission (SSC) by Chapmann Tripp" (my emphasis).
Re:Sigh. Another one. (Score:2)
"This guide was prepared by the State Services Commission (SSC)"
http://www.e.govt.nz/policy/open-source/open-sourc e-legal/chapter1.html [e.govt.nz]
(The previous quote came from http://www.e.govt.nz/policy/open-source/open-sourc e-legal/ [e.govt.nz] )
Re:Sigh. Another one. (Score:2)
And if you browse Chapman-Tripp's website you'll notice a prominent client:
Advising Microsoft Corporation on a number of e-commerce initiatives.
I don't notice any open-source companies in their list of clients, what makes this firm an expert in open source?
Re:Sigh. Another one. (Score:2)
However, the report itself is emblazoned with the SSC logo and, from all appearances, was published by the SSC. Whether in-house counsel or a third party wrote it is immaterial in terms of how credible it will seem.
Re:Sigh. Another one. (Score:2)
Yes, the actual content is reasonable and sensible. It even specifically identifies the GPL as an appropriate license that has been approved for use in the case where software will either only be distributed i
Reading on, there IS a lot of FUD here. (Score:2)
For example, they assert that the output of GPL programs will be covered by the GPL - a point of view expressedly disavowed by most legal experts and by the authors of the GPL itself! I quote:
The GPL expressly provides that software compiled with the GNU Compiler Collection (GCC) is not infected by the GPL. Presumably the Free Software Foundation considers other GPL compilers will infect th
Re:Sigh. Another one. (Score:2)
The person who wrote this has clearly never examined the his
Another Flaming Troll, Complete with Sigh. (Score:2)
That six chapters of nonsense is not worth reading. It's full of th
Re:Another Flaming Troll, Complete with Sigh. (Score:2)
The GPL does have one restriction - which is considered by many commercial organisations to be a pretty damn big restriction. You know, that bit where it says "derivative code must also be GPL'd". Essentially, all the article is saying boils down to "if you are not aware of this, and you don't read the license, such a restriction may come back and bite you".
Well, duh. But seriously, is there anyone in IT today who is completely unaware of the GPL
Yep, truly overstated (Score:2)
Why, I once spent a wild weekend with a couple of computers, installed everything in sight. Played the games. Ran the compilers.
Oh, how we cavorted, without a care in the world.
Turns out that one of those "open source" programs had a past, and gave me one of those "infectious viruses."
Oh, the horror. Splotches on my skin, and had to stay out of the sun.
Should I have been more careful? Sure; practicing safe computing would have prevented the problem entirely.
However, unco
Re:Sigh. Another one. (Score:2)
You deleted the very next paragraph which describes the licenses rules for this "not precisely defined by law" statement:
If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will
Baloney (Score:2)
How about "agencies should read the licence agreement and abide by it whether open source or not"?
And what about "include an increased risk of exposure to faults". Is that supposed to mean open source has a higher "risk" (there's that word again) of faults, because it is bad q
Re:Baloney (Score:2)
"First think we do, let's kill all the lawyers" especially ones who can't read, don't understand, and use FUD to get business.
Justin.
Re:Baloney (Score:2)
As much as you and the parent poster would like it to be, its not a cut-and-dried issue.
If, for example, I write a page in PHP that uses a javascript menu-building library which is GPL (because the author didn't think enough about it to make it LGPL and clear up the whole issue), do I have to give out the PHP code that I wrote to anyone who asks for it? Is what I wrote a derivative work of that library, or does this merely count a
Re:Baloney (Score:2)
You could equally well licence some proprietary code and then come up with edge cases, eg SCO claiming duplication of 'methods and concepts' is not covered by their UnixWare licence to IB
Re:Baloney (Score:2)
I don't see how you're justifying this offhand as an edge case. The internet is exploding with activity, and all kinds of little scripts are being used all over the place. This is a classic example of som
Re:Baloney (Score:2)
Simpson Grierson tried this nonsense too in NZ (Score:2)
It's not as though Chapman Tripp could have been unapprised of how utterly stupid their claims are -- Simpson Grierson tried this FUD on a year or so ago, as well: (see The Fud Buster pages of the New Zealand Open Source Society. )
I hope the New Zealand Serious Fraud Office goes after Chapman Tripp's spreading such lies which bring tangible monetary injury to the New Zealand Open Source community, measurable every time we hear a prospect repeat the utter and unadulterated and deliberate bullshit th
Re:Simpson Grierson tried this nonsense too in NZ (Score:2)
Communication about OS licencing needs improvement (Score:2, Interesting)
Re:Communication about OS licencing needs improvem (Score:2)
Any smart software consumer should "zoom in on" the fact that Monoposoft Office (a.k.a. The Enterprise Ready Virus-Development Environment) has cost the entire PLANET billions of dollars in downtime and that over 99% of all viruses are M-Windows viruses.
There is no mistake so dear as using Monoposoft products.
Looks like a fault: (Score:2)
Correct me if I'm wrong, but I don't know any OSI licenses that enforce (d). See
Re:Looks like a fault: (Score:2)
Re:Looks like a fault: (Score:2)
In reality, proprietary software is more dangerous (Score:2)
Innocent parties have been sued for using proprietary software. The msft/time-line case is one example. How many people have been harassed, or fined, by the BSA, because they couldn't find their certificate of ownership?
These articles always assert that F/OSS is a legal minefield, whereas proprietary is co
Many have been fined by BSA (Score:2)
RTF Document (Score:5, Informative)
Read the actual document [e.govt.nz], not just the summary. The actual document isn't that bad.
The stuff inside isn't that big a secret to most folks. It mainly boils down to, "Using open source software under licenses we've reviewed is okay, but be careful if you're developing code using open source software that we don't want released to the masses, because under some licenses, we may be obligated to."
In fact, this document is probably a good thing, in spite of a somewhat badly written summary. Check out Chapter 2 [e.govt.nz]:
This only makes sense. I can't imagine anyone disagreeing, saying that you should use software with a license we're not familiar with, or to disregard the IP of open source authors.
Also, look just below it. It says that for software development that is for open distribution, it's okay to use open source software. For software that is for limited or closed distribution, don't. Is this new? Am I missing something? If anything, people who are interested in open source software can look at this document as permission to go forward, not as a hinderance!
I mean, I realize that the words "infectious" has negative connotations, but I just don't see this document in and of itself as a bad thing. And even though I'm a strong FOSS advocate, the stuff that's in there is stuff that I would recommend to any company, government or organization to consider in their decision whether to use closed- or open source software.
Free Software is So Much Easier. (Score:2)
Great, read the fine license, that's a fine idea. Read every one of the hundreds of pages behind every "I agree" or "I submit" buttons. Read every page of every SDK use license you use. Read the back of every bill you pay to a non free software company, it's likely to change every month. I hate doing that, so I no longer use
Re:Free Software is So Much Easier. (Score:2)
I don't think you can claim that you did your due diligence if you don't. A lot of companies have a review process of the license of any piece of software before they will use it. Those who do not are running on a hope and a prayer.
Re:RTF Document (Score:2)
(a) As the standard contractual position, prohibit use of open source software in all development contracts.
It goes on to say if you REALLY REALLY REALLY need the developer to use open source software, I guess that's OK.
I don't understand why you would necessarily have a default position of prohibiting contractors from using open source software. Worse, I think
Re:RTF Document (Score:2)
Re:RTF Document (Score:5, Insightful)
You might think that, with your head screwed on properly. However the pointy hairs who read this document are going to go apeshit when they read the emotional words "infectious" and "quarantine".
This document is written for pointy hairs, not engineers. It's designed to scare them into submission, make them freak out and think that open source is going to steal all their company patents, intellectual propery, their baby, and kick their dog too.
Why so much out of New Zealand and Australia? (Score:2)
It has often surprised me how much of the F/OSS v proprietary battle goes on over there.
Good Point (Score:3, Interesting)
Legal risks with using software are a real issue in our world.
That's why it would be in the best interests of all computer users and IT decision makers to explore the issue fully, to look closely at what kinds of risks exist, what kinds of risks tend to occur most often in the real world and what their consequences are.
My experience has been that folks using proprietary software are frequently in the position of bending over backwards (particularly in a large corporate or government environment) to make sure that they have licenses for every piece of software that their employees are running on the their PCs. The IT folks spend some serious time auditing to avoid the even larger risk of a BSA audit.
As for legal risks associated with open source software I have yet to encounter any. All I've seen are press reports of legal actions that show no outcome but to prove they were based on frivolous premises and some PR statements talking about legal indemnification which are excellent marketing strategies for certain vendors of proprietary software keenly afraid of their revenue stream becoming commoditised by free and open source software. About the only genuine risk I've seen with FOSS is for developers that disobey the "Share and share alike" GPL by releasing modified binaries without releasing modified source.
Perhaps I'm missing a serious issue and these folks could show some evidence of real people and real companies that have experienced harm due to lack of vigilance concerning the legal risks of FOSS. And they could explain why my personal experience doesn't reflect reality of serious legal risks with hard statistics concerning how much time and money are lost to risk mitigation and handling legal mishaps with users of FOSS compared to users of proprietary software.
free software (Score:2)
Just Don't Ask (Score:2)
Now if the government is producing code based on GPL products, then typically they will be the only customer. The only one the code would be distributed to would be the NZ goverment itself. So the government would be the only customer that could ask for the source code.
Its going to worry about asking itself?
Just don't ask. T
Amazing, isn't it? (Score:2)
Case closed. Move along, folks, nothing to see here.
Actually, it's the other way round (Score:2, Interesting)
Regardless of risks of actual litigation and those idiotic software patents (doesn't even apply in NZ), the likelihood that there is copyrighted code in a proprietary application is higher than in an open source one.
Copyrighted code in a closed source app will be far less conspicuous than in an open source app, and therefore the programmer is more likely to think "well, no one will notice, anyway." In open source apps, the risk of being caught is so much higher, and therefore it's more likely to be free o
Social problem, not legal (Score:2)
[F]OSS operates under the same laws as commercial software, and with the possible rare exception gives you more usage rights than commercial software. There shouldn't be any legal problem per se.
However, there is the social problem of people thinking that free(beer) means they can do whatever they want with it, which often isn't the case.
Teach your employees
What they're worried about is legit... (Score:2)
All the document is saying is to evaluate each piece of software by it's merits on an individual basis. Further, it says that there is "no reason why open source should not be considered on the same basis as commercial software" but that there could be so
Ya, Open source is teh bad! (Score:2)
The use of this software will clearly open you up to legal attacks, hence the word 'open' in it's name.
Instead, We advise that companies use commercial and non-open technology including:
1. Blackberry
2. Microsoft Products
3. Mp3 and MPEG
4. JPEG and GIF
By using these products, you ensure that you will never be stuck in the middle of a patent dispute, and that your product will not be recalled, modified, or discontinued.
Why they call it infectious (Score:2)
Nothing to see here (Score:2)
It's a pain in the ass, but it makes sense. We're trained to ignore EULAs and licenses by years of just clicking "ok" but when it boils down to it, a company can lose substantial IP by the actions of a single developer who does that.
The funny part
Unfounded Crap (Score:2)
If staff downloads and installs random OSS code from the net ... err, OSS or not, if end-users are downloading and installing random code from the net, you don't have an OSS problem: you have a systems/network policy/configuration problem. Nuthin' to do with OSS.
Oh, yes, let's think about this (Score:2)
But you can infringe the copyrights on on commercial closed-source software just as well as open source software, and I'm willing to bet that BSA audits and fines create muc
Not just FUD - it violates E-govt's stated vision (Score:2)
They're going to have a hard time doing that if they deprecate open source.
The irony reaches unbearable levels when one reads, in its vision statement [e.govt.nz],
Just use MD5SUM to avoid infections! (Score:2)
NAME
md5sum - compute and check MD5 message digest
SYNOPSIS
md5sum [OPTION] [FILE]...
md5sum [OPTION] --check [FILE]
(relax, it's a joke)
Two choices -- each with risk (Score:2)
What about RIM ? (Score:2)
Is RIM's software Open Source? No. So is this letter from these lawyers pure bullshit? Yes.
Does the Microsoft compiler product EULA... (Score:2)
Re:Of course, GPL _is_ a problem. (Score:2)
Re:and GPL v3 makes this problem worse (Score:5, Insightful)
Ehh... sort of. You can still use open-source software: you can develop in emacs on GNU/Linux and write up all the documentation using LyX or OpenOffice or whatever. As long as your product is all your own work that's fine. It's when you start shipping, say... an Integrated Firewall Solution that happens to run on a modified Linux kernel that you might run into GPL issues.
That's the quarrel we generally have with this kind of article: it can confuse the issue between use of GPL software - which you can do freely, even if you don't accept the terms of the GPL itself - and redistribution of GPL software or derived works, which is just plain illegal under standard copyright law unless you do so under the terms of the GPL.
Of course they do (Score:2)
Yes, of course they do. It's called Stockholm Syndrome [wikipedia.org].
The GPL does not expose a company's source code to competitors unless they choose to incorporate GPL code into their own. This is a choice, a conscious decision. It's a decision you don't even have with proprietary closed-source software.
To claim GPL'd code is somehow inferior to closed-source commercial software because of this is laughable. Simply laughable.
You can make all kinds of flame argument
Re:CommonSense-based (Score:2)
The GPL is not entirely clear (Score:2)
Umm... Yes it is the GPL is based on copyright, if you don't include anything copyrightable then you are separated from the GPLed code/application.
The GPL isn't an EULA in the classic sense it's just a bunch of copy restrictions.
Re:CommonSense-based (Score:2)
Story about "Netscape Engineers Are Weenies" backdoor of M$' FrontPage got quite much publicity.
As to add to FLOSS fame, the first computer worm ever used sendmail backdoor normally provisioned for debugging purposes solely.
IOW,
Re:Yes, because... (Score:2)
Yep, this lot is a disgrace to honest trolls.
Exposure to faults
Wouldn't happen in MS products!
Re:Open source is open (Score:2)