Comments on: One less open source licence to worry about

By: MJ Ray

MJ Ray — Tue, 19 May 2009 11:46:30 +0000

The Debian process does have lawyers looking at licences, but by referral from the maintainers or managers, rather than routinely (because that would quickly get expensive and/or slow and 99% of licensing problems are obvious application goofs, rather than questions about the actual license).

The OSI process described at http://www.opensource.org/approval and linked pages seems to encourage a lawyer only on the license-advocate side and not require one on the OSI side, unless I missed something? So while that means you’ve almost always got a lawyer involved (good), it means there’s almost always a lawyer on the license-advocate side (bad). I thought that was why OSI has been such a proliferation catalyst for most of its life, because it’s driven by “please approve our cool new licence” open-sourcer egoism rather than “should we accept this licence?” debianer pragmatism.

Anyway, the recent changes are most welcome. Sinner that repenteth and so on.

By: Ross Gardler

Ross Gardler — Mon, 18 May 2009 12:03:51 +0000

MJ Ray, you note that Debian has been categorising licences for some time and I agree this is very useful.

One advantage of the OSI lists is that the licences are scrutinised by Lawyers before they are published. The OSI job is to ensure a “so-called” open source licence is indeed open source (and thus free software). Furthermore, whilst approval of licences is dependent only on their legal status, the categorisation of licenses is based on actual use.

Does the Debian process have lawyers looking at the licences?

I agree that automated tools are not sufficient in IP management processes. They are helpful, sure, but nothing beats an understanding of the licence terms and a proper audit trail and accountability.

OSS Watch are here to help projects based in the education sector manage their IP correctly.

By: MJ Ray

MJ Ray — Fri, 17 Apr 2009 14:51:58 +0000

I think it’s very clever to educate development teams about licensing. It sounds like there’s not much higher-level support for that yet – would that be accurate?

We need to educate developers and education is part of my company’s mission, right there alongside providing IT services, but it seems we’re very unusual about that. Automation is helpful (again, look at things like machine-readable copyright control from the debian project, which are in their infancy but could be useful soon) but no substitute for education and vigilence.

By: Joakim

Joakim — Fri, 17 Apr 2009 14:38:22 +0000

At the end of the day, keeping track of the licenses in a project manually is impractical. My developers do not understand (and some, frankly, do not care) about the nuances of licenses. As a project manager I have had to educate myself and my team about some basic aspects of the licenses. IP management automation (we use IP Analyzer from Protecode and run it weekly) is the only way we can find out what has crept into the repository, and if the license or copyright is ok for us. I expect continuous IP management will become as common (and necessary) as version control practice.

By: MJ Ray

MJ Ray — Fri, 17 Apr 2009 13:17:27 +0000

Since 1999 at least, debian project contributors have been categorising licences as common-licenses as part of the base-files maintenance. The debian list is better than OSI’s because it’s popularly compiled, based on actual use for actual software and not by studying licences in abstract. You can view one version of the list at http://www.uk.debian.org/legal/licenses/

It’s nice that OSI have finally started doing something similar, but they’re rather late to this effort after years of helping license proliferation by approving licences in abstract without regard to whether they’re popular in either sense.