The topic of licensing might not be the sexiest thing about the free and open-source software industry. But it is one of the most important issues, since the license governs exactly what companies and developers can and cannot do with their software.
The legal implications of software licenses may also not seem important to many nontechnical business executives. But the license essentially dictates what the company can do with its software going forward, which code it can or cannot be mingled with, and what patent and other protections are afforded to the user.
So it is not surprising that there has already been much debate within the free and open-source community over the first discussion draft of the GNU GPL (General Public License) Version 3, which was written by Richard Stallman, the founder of the Free Software Foundation, and Eben Moglen, the foundations general counsel. The draft was released in January.
The fact that each provision and term and the very wording of the proposed new license are coming under such scrutiny underscores just how importantly the community views this draft. After all, this is the first revision in 15 years of the GPL 2 license, which governs more free and open-source software than any other license. The final version of the license is expected to be released in January 2007.
And it is not just developers, but also business people, who should care about the license and its terms, because those terms define the parameters in which companies can utilize open source, said John Brockland, a partner in the Technology Transactions Group of law firm Cooley Godward, in Palo Alto, Calif. The firm helps companies maximize their strategic relationships and the return on their intellectual property investments.
Brockland said a company needs to know, for example, whether code that it wants to use is under a license such as the GPL—which may require release of the companys own source code—or whether it is licensed under an academic-style license such as BSD (Berkeley Software Distribution), which does not.
“A companys potential investors and any potential buyer will very likely investigate the companys use of open source to find out if the company is in compliance with the licenses and if there is a risk that code the company wants to keep binary-only must be released in source code form,” Brockland said.
On the flip side, a company considering the release of some of its code as open source needs to consider which license best furthers its business goals—whether those goals include achieving maximum adoption, facilitating further development by a community, limiting the ability of others to use the companys open source in proprietary, closed-source projects or others, Brockland said.
Licensing is also very important to the future of technology development, Brockland said, as this is one of the principal vehicles by which companies commercialize their developments. Licensing is also how companies share technology and take advantage of the innovations of others, he said.
“I believe open-source-style licensing is continuing to gain in importance as companies seek to take advantage of open-source technologies and platforms, such as the Linux operating system, Apache Web server, and MySQL database, and as companies find ways to use open-source licensing models to further their business interests,” Brockland said.
Examples of this include dual-licensing models such as those employed by mobile open-source software company Funambol, of Redwood Shores, Calif.; Trolltech, in Oslo, Norway, which provides developer tools and libraries; and MySQL, the Swedish database company.
There also have been releases of code under open-source models by larger companies, such as Sun Microsystems, of Santa Clara, Calif., and its Solaris operating system, Brockland said.
Jonathan Schwartz, CEO and president of Sun, said he completely agrees with Brockland, and that the company is actively engaged with regard to the evolution of open-source licenses. “We think these are absolutely central to the future of technology,” Schwartz said.
But many business executives seem to forget that open-source code is subject to many of the same legal and licensing challenges as proprietary software, said Jason Wacha, vice president of corporate affairs and general counsel at Monta-Vista Software, of Sunnyvale, Calif.
MontaVista provides an open-source platform allowing system designers to innovate across a wide range of interconnected intelligent devices and communications infrastructure.
“Its computer source code that can be compiled into binaries, written by a human, automatically subject to copyright and other laws, in most cases subject to a license agreement of some sort by which the copyright holder/licensor transfers or forgoes certain rights, and, in many cases, also subject to a commercial agreement, which provides for a transfer of money, additional protections [warranties, indemnities and so forth] and more,” Wacha said.
A shifting GPL and
an infinite number of licensing agreements.”>
The licensing agreement also can take an infinite number of forms. It can resemble a Microsoft license; it can resemble the BSD license; it might resemble thousands of other proprietary licenses; it might also resemble a form drafted by some guys back East who decided to call their form of license the “GNU General Public License”; or it could be a whole new form that the licensor crafted from scratch, Wacha said.
“If this is my own, original, nonderivative work, then I can license it any way I choose, including in different ways to different people,” Wacha said. “If this is someone elses work, I must license it to others only according to the permissions granted to me by my licensor.
“Aside from these legal questions, of course, the commercial distributor must address questions such as, Does the distribution Im planning—or the distribution Im allowed by my licensor—fit my business model?” Wacha said.
Some companies, such as open-source vendor SugarCRM, are moving to a dual-licensing model. Earlier this year, the company became the first outside party to offer its software under the quasi-open-source Shared Source Microsoft Community License, as well as under the SugarCRM Public License Version 1.1.3, which is the MPL (Mozilla Public License) Version 1.1, modified to be specific to SugarCRM.
That move allows customers to choose which licensed distribution they want to run on their Linux and Windows servers.
David Schmidgall, an IT manager for Superior Industries, a manufacturer of conveying systems and components in Morris, Minn., said he welcomes the move. Superior has been running its business on Microsoft software and Sugar Professional for some time, and Schmidgall said he expects this collaboration to improve his business back-end database integration and streamline its system administration.
On the other side, Shaun Connolly, vice president of product management for open-source vendor JBoss—which last September started working to broaden interoperability between JEMS (JBoss Enterprise Middleware System) and Microsoft Windows Server—said he is not hearing requests for a distribution designed for mutual customers and that uses a Microsoft Shared Source license. (JBoss was recently acquired by Red Hat.)
Dan Kusnetzky, executive vice president of marketing at Open-Xchange, of Tarrytown, N.Y., stressed that company executives and developers should be aware of what a software license allows and also disallows, even if they do not currently plan to use their software in that way.
Developers, on the other hand, should be very aware of what license protects a piece of code and what happens when code from several sources, protected under several different licenses, is combined to create a product for resale, Kusnetzky said.
According to Kusnetzky, the lack of clarity in this area has allowed suppliers that oppose the open-source software movement to create fear, uncertainty and doubt. He said it has also offered opportunities to companies such as Black Duck Software and Palamida, whose services allow customers to learn more about what software is actually in use, what licenses are protecting that code and what it means to the organization when they are combined to create a solution.
“It would be very wise, in my opinion, to understand why a supplier of open-source software would choose a license other than the GPL from the Free Software Foundation,” Kusnetzky said.
A new set of businesses also have sprung up to help enterprises deal with this issue. Doug Levin, president and CEO at Black Duck Software, of Waltham, Mass., which supplies software compliance management products and services, said he believes licensing questions will go away in the long term because technology companies and enterprises will implement solutions such as those offered by Black Duck Software to manage their software licensing compliance.
But open-source licensing is going to be unsettled for the next year. This is in part because of the process around the rewriting of the GPL, which is currently under way, and in part because software developers are “recklessly” proliferating licenses, Levin said.
Peter Yared, CEO at ActiveGrid, in San Francisco, agreed, saying that fewer licenses are needed, not more.
“And we definitely dont need open-source licenses with company names in them. These custom open-source licenses are in the interests of the publishers rather than their communities,” Yared said, referring to the SugarCRM Public License, among others.