Forgot your password?
typodupeerror
Businesses Software IT Linux

FOSS License Proliferation Adding Complexity 201

Posted by kdawson
from the do-what-i-say-no-me dept.
E5Rebel writes "Business is embracing open source like never before, but the effective demise of SCO's claims against Linux doesn't mean an end to licensing problems, an analyst warns. The debate on Slashdot seems to focus on the GPL and its virtues, but there are 1,000-plus open source licenses (according to analyst Saugatuck), and businesses face having to manage multiple licenses within a single open source product. What can be done to minimize multiple-license pain for corporate open source adopters?"
This discussion has been archived. No new comments can be posted.

FOSS License Proliferation Adding Complexity

Comments Filter:
  • by Anonymous Coward on Friday August 24, 2007 @04:54PM (#20348075)
    Open source has a long ways to go to match the number of different closed source licenses and eulas. Amateurs....
    • by Tuoqui (1091447)
      You sure I thought all the closed source licenses and EULA's were cookie cutter fill in the blank ones that basically say 'We can do whatever we want and you cant sue us'.
  • by Tyger (126248) on Friday August 24, 2007 @04:55PM (#20348085)
    Why does the large number of licenses have to be a management problem? Most the proliferation in business is the usage, not the development of open source, and a bulk of the open source licenses say you can use it however you want, it's only when you distribute it (Modified or unmodified) that you have to start worrying about exactly what is in the license.
    • I'm still not seeing why the OSI hasn't developed a CHART where each license is placed based upon what it allows and what it restricts.

      No, this doesn't have to be a 2 dimensional line.

      Then, any gaps would be easily seen and a line could be drawn saying "all licenses below this point are compatible with the GPL v2" or whatever license you're looking at.

      Then there wouldn't be a question of which license to use. Just look for which one meets your minimal requirements.
    • Because everyone draws lines different places and threatens legal action if you cross those lines.

      The cardinal rule of *business* relating to intellectual property law is that the licene means what the licensor says it means unless and untill it becomes worth fighting in court. I run a business. IANAL.

      I actually see this complexity to be a good thing. It forces licenses to compete. And it raises the likelihood of lawsuits relating to the limits of each open source license. Lawsuits (as long as I am not
  • 1000+ ??? (Score:5, Insightful)

    by someone1234 (830754) on Friday August 24, 2007 @04:59PM (#20348131)
    I'm pretty sure there are no 1000+ OSI approved licenses.
    10 OSI approved licenses probably cover 90% of all open source.
  • Can you say FUD? (Score:3, Informative)

    by morgan_greywolf (835522) on Friday August 24, 2007 @05:01PM (#20348165) Homepage Journal
    Yeah, I knew you could. The average Linux distribution doesn't have anything close to a 1000 licenses in it. Stop being ridiculous. There is pretty much BSD/MIT/X11, GPL, LGPL, Mozilla, Artistic, and maybe a couple of others, depending on what apps are installed.

    And in the end -- so what? FOSS licenses break down into two categories: BSD-type and GPL-type. That's it. They're all pretty much the same, especially ones that conform to the Open Source Definition, so who cares?
    • Re: (Score:3, Insightful)

      by Ant P. (974313)
      A quick check (ls -1 /usr/portage/licenses | wc -l) gives me 861. Not over 1000, but not exactly nowhere close either.
      • Re:Can you say FUD? (Score:5, Interesting)

        by LiquidFire_HK (952632) on Friday August 24, 2007 @06:27PM (#20348907)
        I wrote a quick script to find the most-used licenses (this is from Gentoo's packages, which is a fairly representative sample, with nearly 12 000 packages).

        $ eix -v | grep License | awk '{print $2}' | perl -e 'while(<>){ chomp; $licenses{$_}=0 unless $licenses{$_}; $licenses{$_}++ } for (sort {$licenses{$b} <=> $licenses{$a}} keys %licenses) { print "$_ $licenses{$_}\n" }' | head
        GPL-2 6710
        BSD 711
        as-is 579
        LGPL-2.1 511
        || 428
        Artistic 344
        MIT 259
        LGPL-2 229
        public-domain 138
        PHP 124
        You can see the full list here [rafb.net]. As you can see, a huge amount of the packages (85%+) use GPL or one of the other very popular licenses. "||" means multi-licensed, and most of those are Artistic/GPL. You'll notice that after the top 30 licenses, none are used in more than 10 packages. Of the 863 licenses, 729 are used in 5 or less packages, and 629 of them are used in only one package. Many of the one-ofs are fonts or closed-source licenses.

        So while I agree there are many licenses, the vast majority of projects use one of the popular licenses.
      • Who care's how many licences are in your distro, it's the distro's problem; my problem is how many licences are in my app, there is three GPL v2, BSD, and PHP, that's not unmanageable.
    • Well, yes and no. (Score:5, Interesting)

      by jd (1658) <<moc.oohay> <ta> <kapimi>> on Friday August 24, 2007 @05:53PM (#20348607) Homepage Journal
      Yes, you're absolutely right that there are only a few "core" licenses that others are derived from. NASA's Open Source license is based on the GPL, for example. However, there ARE a lot of licenses out there. It would be far, far better if there was some sort of inheritance mechanism for licenses. That way, it would be clear what had borrowed what from what, lawyers would be dealing with change sets (which they're familiar with) rather than re-written texts, and instead of a long linear list, we would have a much more compact tree.

      Would this reduce the number of licenses? Initially, no. You'd simply reorganize them into a structure. Would it improve understanding of the licenses? Yes. Understanding would increase exponentially, rather than linearly, as a person worked their way through. Would it eventually lead to a reduction in the number of licenses? Yes. A lot of them have trivial or insignificant change sets and making this obvious to all would create pressure to consolidate where appropriate.

      Ok, but doesn't the sheer number also create pressure? Yes, but it may NOT always be appropriate, and there may be unexpected and undesirable results. Make thing clear FIRST, and THEN make changes, not the other way round.

      • This is actually a workable, or at least functional, idea you have. It's not trying to artificially limit the number of licenses, nor would it actually limit the number of licenses, but it would certainly narrow down most usage to those licenses that are commonly used, and discourage trivial proliferation.
    • rock? Because when it comes right down to it I think that's all this poor analyst was looking for. Just admit it, you want to rock? You know Linus knows how to rock. John Hall looks fresh out of a Greatful Dead concert (although I was thinking more along the lines of AC/DC, but whatever man). Linux totally has the license to rock.
  • by CaffeineAddict2001 (518485) on Friday August 24, 2007 @05:02PM (#20348169)
    Ignore it.
  • At some point, it will become clear that enforcing all this licensing bullshit with courts and lawyers is just a big waste of time that drains everyone dry, and they'll drop the foundational laws upon which both open and closed source licensing agreements rely.

    Then the problem will go away.

    I mean, it's a problem of our own making... it's like hitting yourself in the head, all you have to do is stop.
  • number of licenses (Score:2, Informative)

    by mattb112885 (1122739)
    Its no different for proprietary software, in which the number of licenses is basically equal to the number of pieces of software you have ordered.
  • Strawman (Score:5, Interesting)

    by fishthegeek (943099) on Friday August 24, 2007 @05:07PM (#20348231) Journal
    Check out Microsofts License-o-rama! [microsoft.com] If Microsoft as a corporation can't stick to even a few licenses what on earth makes anyone think that thousands of FLOSS programmers will share enough commonality among them that they would be willing to use fewer licenses.

    Microsofts licensing site doesn't even address the individual EULA's for products. Each MS product has a license that is nearly always unique to that product. So I say let those that do the work decide on how they would like or not like to share it.
    • by einhverfr (238914)
      The problem is that many of the FOSS licenses purport to extend the terms of those licenses to any software that interacts in a close manner (such as linking). IANAL, but this standard seems really suspect to me (it would mean that Microsoft could release a new version of Windows and declare that no open source software could be developed for it).

      Again, when you are in business, it doesn't matter whether the FSF is wrong or not. You follow their terms even if you believe that they have no case because it
    • by Blakey Rat (99501)
      Ah, the standard Slashdot reply:

      "Well, Linux might be bad, but Microsoft is worse!!!"
      • That isn't what I'm saying. I'm saying that the number of FOSS licenses is not something that exists in a vacuum, and when you look at the larger picture (what software company is larger than MS?) there is little if any difference between Floss and Proprietary software if all you look at is the number of licenses out there. Gheesh. Feeling a little defensive aren't you?
  • Why not take a note from actual software development and give licenses an inheritance hierarchy? I've always thought it was stupid that EULAs aren't standardized to a certain extent. If everyone knew a general EULA quite well, then companies could just state where their EULA differs from this common-knowledge EULA, instead of blindly clicking ok, consequences be damned. Same process could be applied to middleware licenses. One could even develope a license format whereby you could compile the various licens
    • by nuzak (959558)
      > Why not take a note from actual software development and give licenses an inheritance hierarchy?

      The lesson of software development is that people reinvent things rather than use base classes that don't entirely meet their needs.

      I bet a few dozen of those licenses are just BSD 3-clause with the name of the copyright holder changed. And besides, licensing commercial software for redistribution is even more fraught with peril. No one is educated or swayed by this filler piece of an article. Licenses ar
  • The un-problem (Score:5, Interesting)

    by MisterBad (40316) on Friday August 24, 2007 @05:10PM (#20348277) Homepage
    The vast majority of businesses will never trigger _any_ of the provisions of the licenses for their Open Source software because they will not publicly re-distribute the software in verbatim or modified form.

    For those businesses that do, it is highly unlikely that they'll deal with more than the GPL or BSD licenses. Other licenses are important only for a single package or cluster of packages (e.g. the MPL, the Artistic License, or the Apache license), and companies that deal with these packages tend to be specialists in that area.

    This just really isn't a practical problem for most businesses. It's an issue that software aggregators like distros or SourceForge need to deal with, but not your normal everyday business.

    • Hey, aren't you the fellow who wrote the (net http) module for guile? Do you still have that code? If so, I'll give you an email address if you don't mind sending it to me.
  • by leuk_he (194174) on Friday August 24, 2007 @05:10PM (#20348279) Homepage Journal
    If you use open source software, and not redistribute it you can mostly ignore the open source license. You can use it on as many computers as you like with many strange license combinations. For closed commercial software you have to track all the licenses, for open source you do not have to track the number of uses.

    The real question begins if you want to distribute a packet of open source software and want to know if they are license compatible. ANd the real trouble starts if you want to use a loophole of some license to sell it bundled it together with your own commercial software.
    • by also-rr (980579) on Friday August 24, 2007 @05:40PM (#20348519) Homepage
      Excellent point... especially when you consider that if you *are* distributing it will pass through your commercial department.

      I have been doing commercial work lately on over 100 contracts, each with unique terms and conditions. Even if we had projects running that used every single OSS license out there it wouldn't tax us to an unreasonable level. That is kind of what specialists are for... businesses pay programmers to programme, and the commercial department to read contracts.

      The best bit is that unlike technical issues your PHB probably appreciates the importance of contracts! I can't think of a single director (even the engineering directors) where I work who couldn't assimilate the GPL in five minutes or less - and the GPL is one of the more complex licenses. They deal with stuff far more weird than this every day.

      All you need is to know how to state the benefits in their language. My humble effort is here [revis.co.uk] - and I would welcome additions.
      • by einhverfr (238914)

        businesses pay programmers to programme, and the commercial department to read contracts.
        And in the case of the GPL v3, they have no clue what it means.... Seriously, there are some really nasty easily overlooked clauses in that license. See my latest journal entry for more info.
    • by Duncan3 (10537)
      Exactly.

      If you use open source software, then you have no issues of any kind. If you are a company writing/selling software, treat other people's open source like nuclear waste, and have your users download the prerequisites themselves.

      This is so very simple that we need at least 1000 more open source licenses, otherwise people will see how easy it is, and stop hiring lawyers.
    • by bit01 (644603)

      [deleted] If you want to distribute a packet of any software and want to know if they are license compatible. ANd the real trouble starts if you want to use a loophole of some license to sell it bundled it together with your own commercial software.

      You shouldn't apply arguments specifically to open source software that apply equally to any software. This entire /. story is misdirected and should be titled "License Proliferation Adding Complexity."

      Many commercial software astroturfers frequently propag

      • by ArsonSmith (13997)
        Did you know that just by being alive, jews turn precious oxygen into carbon-dioxide?

        Yea, I'm not kidding. You know that stuff that causes global warming!!

        Obviously jews are the problem
  • If you write software that you want to be paid for, release it under a for pay license.
    If you write software that you don't want to be paid for, release it under a completely free license... maybe even anonymously.

    If all software was released this way then there wouldn't need to be any odd licensing in a software package... everything is either free or for-pay.
    • Re: (Score:3, Interesting)

      by antiNeo2000 (981119)
      You're oversimplifying things. Some free software is gratis (free of charge), some is libre (free to modify), some is both, some allows commercial distribution, some doesn't, and the list goes on. Since people own the copyright, people are allowed to write their own software licenses, no matter how weird they might be. Some projects need to be commercially viable in order to be accepted as standards (X.Org and the X11 license), while others would rather be shielded from commercial abuse (GNU and friends). D
    • You seem to think this is a simple issue. It isn't.

      The question of software licensing has been complex and even controversial for decades. That apparently seems silly to you. That might even be a valid conclusion, but you're going to need a much more extensive understanding of the topic before you can convince anyone to agree.

      If you're actually interested in understanding the topic so you can discuss it intelligently, I suggest actually reading / watching the following (completely):

    • If you write software that you want to be paid for, release it under a for pay license.
      If you write software that you don't want to be paid for, release it under a completely free license... maybe even anonymously.

      I think you are too narrowly defining "pay" as a money only proposition. Under GPL 2, the payment for redistribution is payment in kind. That is, you use, modify, and distribute someone's GPLed code, you pay them by releasing your changes. Tit for tat, and that Finnish freak would say. It's really a nice balance, because in order to get the code you have to give up the code. Reciprocity, baby.

      That's the beauty of the GPL 2. It offers the guarantee of a (non-monetary) reward to the developer, and perhaps mo

  • by GrEp (89884) <(moc.liamg) (ta) (200brc)> on Friday August 24, 2007 @05:17PM (#20348333) Homepage Journal
    How about commercial licences? At least with FOSS you have a few major ones. With commercial every one is unique and usually much more complicated.
  • I personally will almost exclusively stick to the four major OS licenses: the GPL (any version), Apache, Mozilla, and (though purists may disagree) the BSD. My experience has been that a developer generally doesn't have to blend -- most of the web-related work I do is related to Apache, therefore that fits for the C++ development. Most of the web work is in one of the GPL'd languages (Perl, Python, PHP, or Ruby), etc.

    Does this fit for most others? I don't know.
  • I don't get it (Score:3, Insightful)

    by tie_guy_matt (176397) on Friday August 24, 2007 @05:24PM (#20348389)
    Don't most open source licenses have one thing in common: you can use the software and install it on as many computers as you want free of charge. The problem comes up when you modify the code and then want to redistribute it. My question is how many businesses are modifying tons of different programs so that they have to worry about tons of different licenses? And if your company is big enough that you are modifying tons of programs then don't you have legal department with an army of high priced lawyers who would love to do nothing else but make sure you dotted all your i's and crossed your t's when it comes to the licenses? Maybe I missed something.
  • by infonography (566403) on Friday August 24, 2007 @05:35PM (#20348485) Homepage
    Dear Friend,

    My late father was the finace minister for the pervious administration in Nigeria, in his weill he bequitehd me the income from meany open sourse licenses however since the new government crackdown we have had difficulites in tranparting themo out of th country. A reputable frind who can transport them out of the country for me needs a small advance to pay for expenses once we have these open sources license on the open market we can realize great proifit.

    I have a limited introductory offer for any software you want at a low low rate per seat. Comes with Complemetary Viagra from te late presidents presonal stores.

    Please send to my paypal account darl.mcbride@sco.com
    • Source code must be made available to any recipient of binary code upon request
    • The customer must then agree to safeguard the source and be responsible for damages if leaked. The copyright owner can demand a proof that a particular customer is willing and able to honor a contract. Customers can create modified versions for private use distribute binaries and source to anyone who already obtained the corresponding original from the author.
    • Copyright expires after 14 years, as envisioned by the founders, at whi
  • New projects going forward should all be released public domain. Bam. *All* projects can now use your code. Because of crazy liability statutes and crazy precedence, you will need to put a disclaim of liability/warranty on the code when *you* distribute it, but there isn't any need at all to make others who distribute it do so by adding a license term contingent on *their* distribution--that's the biggest downfall of the non-advertising clause BSD license, but in practice isn't that big of a deal. I am
  • by radarsat1 (786772) on Friday August 24, 2007 @05:53PM (#20348609) Homepage
    I've had the idea for a while that it would be cool to design some kind of formal language to describe licenses, so that you could apply logical rules to cancel out conflicting requirements and determine whether licenses are compatible with each other.

    Sure, legalese is pretty "formal", but it's not computer-science *formal*. How cool would that be to encode laws and legal conditions such that they are provably effective?

    Someone must have done something like this...

    (That said, I've never really understood why people choose licenses other than BSD or GPL, since these seem to express some basic viewpoints on how F/OSS should work, but I guess people have their own reasons, which is fine with me actually.)
    • by einhverfr (238914)
      Sounds doable. BUt how are you going to get a Lawyer to do something that would jeopardize his/her job security?
  • a lawyer's view (Score:3, Interesting)

    by faceword (635817) on Friday August 24, 2007 @05:53PM (#20348611) Homepage
    I represented an company that had developed a closed source software product that had incorporated several open source (but not GPL'ed) libraries, each released under a different license.

    There was a transaction cost, in that the company had to pay my law firm to review each license to be sure the distribution of the product did not violate the license. Some of the licenses had attribution requirements, including one which required the verbatim reproduction of the open source license within the distribution. I advised my client as such, and they included that license within a readme file, complete with the glaring typos that were in the original.

    The cost of a junior lawyer spending a few hours reviewing six different licenses (approx $300 per hour) was lower than recreating the code from scratch -- so it is hard to argue that the proliferation of licenses is problematic. My client was still better off than if it had to spend an extra week of development time authoring the libraries.

    • by JohnFluxx (413620)
      Out of interest, did you have to review the license agreements on the normal closed source software?
    • by cfulmer (3166)
      Oy vey. I'm also a lawyer and get a couple of deals like this a month. There are generally a handful of well-used licenses -- the GPL, the LGPL, Apache 2.0, occasionally the Mozilla license. And then there are times when the client makes a choice -- with mySQL, for example, you choose either the GPL or the commercial license. These are generally well understood, and helping a client through that stuff is pretty easy.

      The harder parts is often that the client doesn't understand exactly what they use -- th
  • of corporate open source adopters, there is no issue, as they will not be selling and distributing the software. For those that do, open source licenses tend to cover many different products, whereas each closed product will have a different license. So, if nothing else, open source is slowly reducing the number of licenses you have to worry about.
  • Having just reviewed the Microsoft XPE OEM and Runtime licenses and a whole bunch of 'off-the-shelf' commercial software for some work I'm doing, navigating what you can and can't do with the software is not all that easy.... (vs what you are required to do under many FOSS licenses). Imagine the worst EULA you've ever seen, then change it randomly and apply a different restrictions to each application you're using with completely different conditions. Then put them all on one system.

    The whole time I was
  • "What can be done to minimize multiple-license pain for corporate open source adopters?"

    Why should corporate users get an easy ride ?

    Corporate users are the ones who would likely turn on us and destroy the community if it would boost the next profit report by a few percent.

    Its not about users its about the source code.

    But i guess if it turns out that corporate users a big on giving constructive feedback, bug reports then i guess we should give a shit, but i expect they are too busy using to do anything else
  • because UNLESS they are also DISTRIBUTING said software, they probably don't have to worry about the license very much. Especially if they stick to a GPL style license. If they are in the business of distributing software, then they damn well better have a clue on how to handle the terms of the licenses of the software they choose to use. At the end of the day, the free software world doesn't need the suits, it's the suits that need FOSS.
  • If its 'open' its mine to do with as i please.
  • by Vexorian (959249)
    1) Truly open source licenses don't govern use.
    2) Most users don't distribute

    Therefore there is not much of added complexity...

    Not to mention the fact that there may be 1000 open source licenses, that does not mean the projects with multiple license use more than 3 and the differences on the licenses in a single project tend not to be big, and it is very unlikely you would not get into one of the 10 most common ones.

  • It seems *companies* that release a version of or part of their software as open source seem to have an aversion to using existing licenses. Too many of them take a common license, and then just change the name. This is also true for open-source foundations that are arms of the various companies. Consider:

    * Apache Software License
    * Apache License, 2.0
    * Apple Public Source License
    * Computer As
  • Closed source compliance costs are such that the company I work for has moved to "Open (Wallet) Licensing" (http://www.microsoft.com/licensing/programs/open / default.mspx).

    We effectively buy 2 windows licenses for every box (one OEM, one volume license), we even have to pay for non-MS boxes (you license every box 'capable of running windows' regardless of whether or not it does. I run Ubuntu and I'm still paying an annual fee to MS!!).

    Yeah, our problem is the proliferation of FOSS licenses (all of whi

The only function of economic forecasting is to make astrology look respectable. -- John Kenneth Galbraith

Working...