Relax, Open-Source Lawyers Aren't About to Sue You

by Reuven Lerner - Aug. 06, 2008Comments (9) | Trackback URL

In an article headlined "The Pitfalls of Open Source Litigation", published today at InternetNews.com, Richard Adhikari claims that "enterprises using open source are being sued for not complying with the multitude of licenses the software comes with," He suggests that businesses should think twice before using open-source software, lest they find themselves on the receiving end of a lawsuit themselves. Fortunately for the open-source community, his claims don't hold much water.

The key to open-source software is the license under which each program is released. The Open Source Initiative (OSI) has approved about two dozen different licenses that may officially carry the "open source" label. All of these licenses allow the end user to modify and redistribute the program's source code without restriction, for free or (if they want) for a price.

The trickiest open-source license for businesses to understand, the GNU Public License, or GPL, is also one of the most popular, and leads to the greatest confusion. (There are actually several versions of the GPL, but the similarities are more important than the differences.) The GPL guarantees that anyone who receives the program may modify its source code -- and that modified versions of a GPL'ed program fall under the GPL as well. If you don't distribute the software, or if it stays hidden behind a Web site, then you don't have to disclose the source code.

But if you write a program that uses GPL-licensed code, you must release the source code to your entire program. Several companies were sued in the last year for failing to provide the source code to their programs, which incorporated the BusyBox library.

But it is only one license (the GPL) that has this issue, and for which there is an active legal defense team. If BusyBox had been released under a BSD license, then there would have been no violation, and the lawyers would not have had a legitimate case.

Moreover, these violations never apply to the end users of open-source software. Rather, they apply only to those people who modified and then redistributed the open-source code. If you merely use a program distributed under the GPL, or if you redistribute it in unmodified form, then you are in no danger whatsoever.

While you might believe that open-source lawsuits are a common occurrence, Only a handful of cases have even been filed over the years. The Software Freedom Law Center prefers to work quietly and behind the scenes, in order to educate and help violating companies rather than flog them in public.

Adhikari argues that there is a very large number of open-source licenses, and that their terms can be "wild and wacky." As an example, he points to "Beerware," a license that states "users should buy the authors a beer or drink a beer in their honor if they meet." The problem with this example is that (a) Beerware is not an approved OSI license, and is in use on a very small number of programs, and (b) it only calls upon users to buy the author a beer if the user finds the software useful, and if he or she meets the author in person. This may be "wild and wacky," but it is not representative of normative open-source licenses. Nor is a lawsuit likely as a result of violating the Beerware license.

I'm not trying to say that businesses should ignore the licenses that come with open-source software. Especially in the open-source world, licenses are important; they guarantee that we will have the freedom to modify and redistribute the software at little or no cost. But the number of legal threats, let alone lawsuits, made against users of open-source software represents a dozen or so cases cases over the last decade -- which, when you consider that there are more than 130,000 projects on SourceForge, and that this is far from a comprehensive listing.

So, should you worry about being sued over open-source software violations? Yes, if you are modifying and redistributing GPL-derived software without providing users with the source code. In any other case, you can almost certainly worry about more pressing issues.


Browse Blog

Randy Clark uses OStatic to support Open Source, ask and answer questions and stay informed. What about you?

9 Comments
 

The comment is full of statements attributed to Stormy Peters, executive director of the Gnome Foundation. Ms. Peters has been around open source for quite some time, so I rather doubt she painted the doom-and-gloom scenario that the Internet News author elected to portray. I never had a chance to interact with her back in my CollabNet days, but all reports indicate she "gets it" waaaaaaaaay better than your average executive.

0 Votes

Interesting article. There are still way too many licenses, mostly trying to achieve the same thing. The community really needs to focus on a few and consolidate them. I mean, what the are CORE, fundamental distinctions between a lot? Very little.

0 Votes

Dick Adhikari is a dick. Don't be a dick, Dick.

0 Votes

Flame-bait! InternetNews, thanks for adding nothing more than FUD. Did M$ pay for the report?

0 Votes

Is this some sort of short-sightedness or ignorance of a stupendous kind? I don't see why licenses should be a problem as every user of every OS has software from different sources, each with its own EULA or license. Each which has to be agreed to in order to use the software. So where is the difference?

0 Votes

This statement "But if you write a program that uses GPL-licensed code, you must release the source code to your entire program. Several companies were sued in the last year for failing to provide the source code to their programs, which incorporated the BusyBox library." is incoreect.

That paragraph should have been:

If you write a program which is derived from a GPL program and redistribute that program, then you must accompany the binary with the source code. Which known as the reciprocity clause.

The success of GNU/Linux and the other GPL projects is because of that clause. It is very clear and people who like to take and but don't to give are the ones who ignore that clause.

ypslinux

0 Votes

> If you merely use a program distributed > under the GPL, or if you redistribute it in > unmodified form, then you are in no > danger whatsoever.

The middle part of this sentence, "if you redistribute it in unmodified form", is quite wrong.

If you redistribute code licensed under the GNU GPL you must make the source code available to anyone who you distributed to. This is so even if you ship unmodified binaries for which the source is available elsewhere on the web.

Basically *you* by your act of distribution agree to met the terms of the GNU GPL. One of those terms is that, if you did not provide source at the point of distribution, you must provide a means to get the source for at least three years.

Unless you contract a third party to provide the source then the obligation is yours.

0 Votes

"...these violations never apply to the end users of open-source software."

This sentence needs to be highlighted, underlined, in bold, and tattooed onto every exec's forehead who doesn't get it. This especially holds true to Richard Adhikari who would state something silly like, "enterprises _using_ open source are being sued..."

DUH!

0 Votes

The key to open-source software is the license under which each program is released. The Open Source Initiative (OSI) has approved about two dozen different licenses that may officially carry the "open source" label. All of these licenses allow the end user to modify and redistribute the program's source code without restriction, for free or (if they want) for a price.

lawyertime

0 Votes
Share Your Comments

If you are a member, to have your comment attributed to you. If you are not yet a member, Join OStatic and help the Open Source community by sharing your thoughts, answering user questions and providing reviews and alternatives for projects.

Trackback URL
Please use the following URL to add a trackback to this article.
http://ostatic.com/trackback/170796