A licensing problem has been found which may affect many open source BSD-derived distributions, including the highly-secure OpenBSD. The problem does not affect Linux, which has a similar kernel but which was re-written from scratch rather than being derived from the BSD code.
The problem relates to the change in the BSD licence in 1999 to remove the advertising clause. Minor software contributors should have been tracked down to sign off on the licensing change but were not.
There are two typical approaches to overcoming such a licensing problem. The first is to track down the original contributors and get them to sign off on the change. This is likely to be largely an exercise in paperwork: trawling through old version control changes and checking mailing lists for contributed patches. The second is to re-write the problematic sections of code. I’m not familiar enough with the BSD kernels to know how much effort this is likely to involve, but it could be the matter of hours, or a matter of years.
In this specific case it may also be possible to follow the advertising clause (which was removed in the relicensing), but this is incompatible with the GPL, leading to a new set of problems for some software which links against GPL code (which the relicensing was meant to solve).
Most end-users of BSD-derived distributions should be able to switch relatively easily to Linux if this problem becomes a significant drama.
I’m reassured that this problem was found using internal checks, it suggests that at least some people in the open source world are doing due diligence.
This is just *SO* stupid. Not the article it points to, but this one. “Most end-users of BSD-derived distributions should be able to switch relatively easily to Linux if this problem becomes a significant drama.”
There is *NO* problem for BSDs to have a 4-clause lib here and there if the worst-case scenario would be true, it would be exactly as in 1999, before UCB took back the problematic clause. Noone died before 1999 so noone will die now either.
Indeed, as you point out, the BSDs can include 4-clause libraries.
There is, however, a significantly worse worse-case scenario than discovering that a number of libraries that were previously thought to be 3-clause libraries are actually 4-clause libraries (for which a list of credits must thus be kept and displayed).
The worst-case scenario is that other developers have attempted to do similar things to Diego Pettenò without being as diligent in checking the licences. This could easily lead to libraries or applications apparently licensed under 3-clause licences which should be licensed under 4-clause licences which are also linked against non-system GPL licensed code, thus breaking compliance with the GPL. Such libraries would have to be removed from any distribution (Linux of BSD), as I understand it.
I’m not particularly familiar with the nitty-gritty details of which parts of the NetBSD/OpenBSD/FreeBSD kernels and runtimes are licenced under which licences. I had assumed (perhaps incorrectly) that because the 4-clause licence is still active use in the BSD communities (particularly NetBSD) and because the BSDs have stronger historic links to 4-clause licensed code that such issues were most likely to arise either within the BSD communities or at the boundary between the BSD communities and the Linux community (which is what happened with Diego Pettenò).
The point I was trying to make (not particularly successfully it seems) is that even if a distribution (or a key part of a distribution) is found to be undistributable for licencing reasons, there are other distributions which are unlikely to be effected, which could be used as alternatives. I (perhaps foolishly) illustrated my point with BSD users migrating to Linux, but Linux users could easily move to BSD just as easily.
My original article was thoughtlessly and unnecessarily biased against the BSDs, for which I whole-heartedly apologise.