Understanding Licensing Compliance for Open Source Software
As the consumption of open source technologies is skyrocketing, one of the biggest yet most underrated challenges are software licenses. Organizations often use a mix of open source technologies that are released under different open source licenses. Sometimes these licenses are compatible with each other and sometimes not. Additionally, lack of adherence to the license may lead to legal actions.
Philippe Ombrédanne, co-founder and chief technology officer of nexB open source management consultancy, has dedicated his life to helping organizations to reuse free/libre and open source software, without worrying about licenses. He has been a prolific contributor to many open source projects including Eclipse and Java, but now he has evolved his role within the Open Source community.
For the past few years, he has been focusing on creating tools to uncover the origin and license about free and open source software.
He explained that today, the way we build software is like LEGOs. Open Source has created a huge reservoir of blocks and pieces created by different individuals and organizations available for anyone to use. People take these pieces and assemble applications and systems that they need.
“The skills in future is not that much into coding,” said Ombrédanne. Though he quickly clarified that coding will always be needed; we always need people who build the LEGO blocks, but the real skill lies in how to take those pieces and assemble into something that creates a new business or add business value to an organization. As people take these LEGO blocks to build new things, they need to be mindful of the licenses dictating each block.
“Most users of the free and open source code want to do the right thing. If I am the author of a project, maybe I want to get some credit for it. In some cases, I feel strongly about copyleft and I want to make sure that my code stays free,” said Ombrédanne. “As a user, it’s really important to meet the wishes of the original authors.
He provided the example of the Linux kernel that has around 60,000 lines of code. There are over 80 different licenses in the kernel. The core of the kernel is GNU GPL, but there is much more code in the kernel that’s released under different licenses. If an organization is releasing a product running the kernel, it should be aware of these licenses.
“Even if you don’t care about the license,” said Ombrédanne, “knowing what you use is good engineering. If you build a car. It’s good to know where you get your parts from and what parts are being used. So if there is a problem you know the sources. Software is no different.”