A Software Lawyer’s Take on the Linux Foundation’s ‘NEW’ Open Compliance Program
On August 10, 2010 the Linux Foundation announced the Open Compliance Program. So what is this all about and is this bad or good?
Essentially, the Linux Foundation created this program to address a lot of the FUD relating to using open source software with proprietary software. I think this is a noble objective, as there definitely is quite a lot of that FUD out there. So what are the components of the program (from the perspective of a of proprietary Software or SAAS company).
[Note to Self: need to check what OS these run on, as it may not be that useful for us]
- Dependency Checker – checks for dynamic and static links.
- Code Janitor – scans for certain keyword before the code is released.
- Bill of Material Difference Checker – provides the ability to more accurately track components of the software.
- Link to the TOOLS WEBSITE for more details.
2) SELF ASSESSMENT CHECKER
- Here is the checklist. Link
3) SOFTWARE PACKAGE DATA EXCHANGE (SPDX).
[Note to Self: While this sounds good on its face, it sounds like they are trying to lead the industry into disclosing all embedded open source software to (a) customers and (b) partners, etc. in the form of the Bill of Material (not sure this is a good thing or even necessary; sounds like it will mainly add complexity and delay (at least in certain situations))]
- Black Duck Software is deeply involved in this Working Group, so I understand why this benefits them. The more they can force the industry to become transparent about embedded open source, the more software companies will need tools like theirs. I am not say they are bad folks (as I have only heard great things about this company), but I am trying to share my thoughts on the possible motivations and direction the industry may be heading.
- You can read more about this HERE (see page 2 about disclosing this information to third parties).
4) COMPLIANCE DIRECTORY AND RAPID ALERT SYSTEM.
[Note to Self: Sounds like a good idea, as it will help to create a direct link between the open source providers and the open source compliance officers at various companies]
5) TRAINING AND EDUCATION.
[Note to Self: Only good things can come from this] MORE INFO HERE.
Whew. Ok, so if you have a Software or SAAS company, take a read (or have your head of development take a read), especially if you embed open source software in your software.
Disclaimer: This is for informational and educational purposes, and no legal advice is provided. Consult your attorney for legal advice.