Newbie question on code vetting

Edward Elliott nobody at 127.0.0.1
Sat May 6 14:55:19 EDT 2006 

I'm replying to Ben because William's post is no longer on my news server.

<william.boquist at gte.net> wrote:
> I would like to offer a couple of links to the kind of stuff I am talking
> about w.r.t. the "transparency" issue.
> First, some from Eclipse:
> http://www.eclipse.org/legal/ See especially the "committer resources"
>
> Here are a couple more from the Apache software foundation.
> http://www.apache.org/foundation/how-it-works.html

Interesting, those links have nothing to do with checking the source of code
and everything to do with the projects covering their asses.  Which is
perfectly reasonable behavior on their part, but it gives you, the end
user, almost no protection.

Suppose company X proves that project Foo incorporated some of their
unlicensed code.  Copyright infringement is a strict liability action.  X
can obtain an injunction against distributing Foo and
impoundment/destruction of all infringing copies.  Waivers like those above
may indemnify Foo against monetary damages and legal fees, but end users
are in the same position as without the waivers: their software Foo can be
seized and destroyed.  How exactly are you better off trusting Foo?

Now maybe you could claim that merely using the waivers forces everyone to
think long and hard about IP, avoiding potential issues, but that strikes
me as more than a little dubious.  People often don't even read what they
sign, much less think about the implications.

I am not a lawyer (yet), but I have studied US copyright law.


> My thinking is that if that kind of documentation were more widely
> available, the process of doing appropriate diligence on the part of the
> consuming organizations would be easier and more repeatable. 

Looking for boilerplate waivers sounds more like CYA than diligence to me.


> Asking the higher-ups at
> work to reach technology management decisions based on my gut feel is an
> uphill climb. 

And foolish.  If you can't make a convincing case based on everything said
in this thread, you may as well give up because your higher-ups aren't
listening.


> The overall goal is to remove a barrier to more widespread use of Open
> Source - growing the mindshare dedicated to it and potentially shrinking
> the mindshare dedicated to commercially-produced software. 

Ben already mentioned the false dichotomy here.  Let me just say I think
both your goal and his (spreading free software at the expense of non-free)
are counterproductive.  Organizations (and people) should look for the
software that best fits their needs.  Sometimes that means highest
technical quality.  Sometimes it means open standards or open source.
Sometimes it means features X, Y, and Z.  Sometimes it means vendor
support.  Often it's a combination.  A successful project should focus on
discovering and meeting its users' needs.  Spreading open source for its
own sake helps no one.


> but
> if the Open Source movement can cause Bill Gates to show his code to the
> Chinese government, who knows what else it can do? 

Really, open source did that?  Here I thought it was the the Chinese govt
strongarming Microsoft over the promise of 1.3 billion potential consumers.


> I think the Open 
> Source movement is leading, not following, commercial code producers. If
> there is a better way to do business, I would like to see Open Source get
> there first.

"We must move forward, not backward, upward, not forward, and always
twirling, twirling, twirling towards freedom!"

Seriously, I think you're kidding yourself.  Community-based,
volunteer-driven open source projects handle some things very well. 
Closed, commercial projects excel at others.  In between there's a lot of
overlap with mixed attributes of each (not to imply these are merely two
ends along a single spectrum, there are more dimensions involved).

I think the market success of communal software shows that some software is
becoming commoditized.  Because software is a nonrivalous good (making
copies is essentially free), it's usually more economically efficient for
users to pool development costs and only pay for support than to pay for
profits on each copy produced.  Where it makes sense, the market is moving
towards software as a public good rather than software as a product. 
Instead of digging out a huge canyon and charging for access to it
(Microsoft/Oracle model), it's hiring out a river guide just to those who
want one (Linux/MySQL model).  Each has its place and neither is going
away.  Also note the public good approach doesn't require open source -- it
works just as well with freely available binaries, a la Sun's Java VM.

More information about the Python-list mailing list