Linked by David Adams on Tue 29th Jan 2008 17:56 UTC
Large companies typically don't have any idea how much Open Source software they have running on their various systems. This can pose a management and legal problem, so HP has developed software, called FOSSology and FOSSBazaar to help track down errant OSS installs. A Techtarget article notes, "HP gave an example of a recent customer that had three times as many FOSS licenses as originally estimated -- 75 licenses rather than 25. This left customers with a choice: implement governance policies to allow the safe use of FOSS, or replace the software at an estimated cost of $80 million."
Post a Comment
Member since:
2005-11-12
Member since:2007-02-22
What a useless product. Why would using OSS pose management and legal problems? Sounds like FUD to me.
OSS/copyleft projects can be very talented at hiding their licenses in obscure places. Additionally, there's currently no law requiring that open-source projects identify themselves as such in marketing and during installation so the user can opt out, so many people use open-source programs unknowingly.
Member since:2006-01-04
Member since:2005-08-18
Additionally, there's currently no law requiring that open-source projects identify themselves as such in marketing and during installation so the user can opt out, so many people use open-source programs unknowingly
There's no law requiring closed source software to indentify themselves as such in marketing and during installation so many people use closed source programs unknowingly.
Member since:2005-12-02
"What a useless product. Why would using OSS pose management and legal problems? Sounds like FUD to me."
In general there would be none. The one time it could pose a risk is if you are a software development house. That can cause legal problems if a developer uses the GPL versions of the files versus the paid for ones, such as with QT. That is the management/legal problem. Mainly because if the prodct can not be GPL for whatever reason, such as being a DoD project or such.
Member since:2005-07-13
What a useless product. Why would using OSS pose management and legal problems? Sounds like FUD to me.
Well, the FSF is taking an aggressive stance now with pursuing legal action against GPL violators.
Steve Ballmer is beating a tin drum about OSS projects violating MS IP.
Sun themselves are in a two-way lawsuit over patent violations in ZFS.
Trend Micro is barking patent claims against ClamAV, which is integrated into a surprising number of commercial enterprise-class security applications/products.
Linux kernel devs like Grek KH claim that closed drivers such as nvidia's are GPL violating, whereas Linus himself disagrees.
Qt respects a multitude of OSS licensing options but requires a commercial license for any applications that don't meet those OSS requirements.
The list goes on...
It's one thing to argue semantics on a tech-oriented forum such as OSNews. It's completely different to argue them with compliance-regulated commercial organizations that risk liability for license violations.
This isn't a bad thing HP is doing, so let's take the tinfoil hats off for a second and stop assuming that they're somehow trying to undermine OSS adoption, particularly considering they are a significant backer and contributor to OSS.
Commercial organizations operate under different priorities and requirements than your average tech enthusiast. Despite the growing adoption of OSS within enterprise class organizations, it's still a scary concept for many CIO's to try and navigate the requirements and obligations of various OSS licenses, particularly if they're creating software applications around them. Sarbox also implies a requirement for due diligence when it comes to things like IP issues, so execs often discard alternatives in favor of the warm and comfy proprietary licenses they are familiar with, complete with legal indemnity.
If you've got a bone to pick, don't blame HP. Blame MS for bringing up the issue of IP compliance to enterprises when it comes to OSS. Used appropriately, this is a tool for OSS-favorable CIO's to get a measurable handle on how non-proprietary tech is being used within their organizations.
I see the glass as being half-full, but I imagine that there will be many that insist on seeing it half-empty.
Member since:2007-02-17
Well, the FSF is taking an aggressive stance now with pursuing legal action against GPL violators.
Applies only to software developers who include GPL code in their own product which they then try to release as closed source and charge people for.
Steve Ballmer is beating a tin drum about OSS projects violating MS IP.
A lot of noise and no substance. Not one actual mention to date of an alleged infringement of an actual patent number from Steve.
Sun themselves are in a two-way lawsuit over patent violations in ZFS.
Has nothing to do with Sun's use of FOSS. ZFS is Sun's own product.
Trend Micro is barking patent claims against ClamAV, which is integrated into a surprising number of commercial enterprise-class security applications/products.
These claims are not against ClamAV itself, but rather are against the manner in which one company has used an anti-virus scanner (any one at all would qualify here) in a firewall product. Lots of prior art would indicate this action doesn't have a prayer anyway.
Linux kernel devs like Grek KH claim that closed drivers such as nvidia's are GPL violating, whereas Linus himself disagrees.
Which one of these is a copyright lawyer? As long as nvidia binaries contain no FOSS code itself, and do not statically link to GPL code (LGPL doesn't matter), then it does not infringe. This is in fact the case AFAIK, so Linus is correct it would seem.
Qt respects a multitude of OSS licensing options but requires a commercial license for any applications that don't meet those OSS requirements.
Like any software at all, if you want to include it in your closed-source product, then you must get permission from the author. The GPL does not give you permission to do that, so you must get a separate license from trolltech. This is no different WHATEVER code you use in your closed-source product ... if you did not write it yourself, you must get permission from the author. That would normally involve paying a FEE. This also has nothing to do with FOSS ... this is use in a commercial product.
Edited 2008-01-30 06:22 UTC
Member since:
2007-04-06
Member since:2005-06-29
"...to help companies address the potential legal, financial and security risks involved in the
adoption of free and open source software."
Right.
adoption of free and open source software."
Right.
I don't think anyone will quibble about security risks running unknown copies of open source; if it's unknown, it is likely not going to be upgraded when security flaws are discovered and fixed.
As for financial and legal risks, there are, in fact, legally encumbered binaries (at least in some jurisdictions) which cannot be copied under the license terms. While this can be overcome by building equivalent binaries from the source (which does require some work), not doing so could result in risks, however small in practice.
RE[2]: If you say so...
by sbergman27 on Wed 30th Jan 2008 01:39 UTC
in reply to "RE: If you say so..."
Member since:2005-07-24
I don't think anyone will quibble about security risks running unknown copies of open source; if it's unknown, it is likely not going to be upgraded when security flaws are discovered and fixed.
While unknown copies of proprietary programs are, by contrast, not subject to these issues.
Edited 2008-01-30 01:40 UTC
RE[2]: If you say so...
by Soulbender on Wed 30th Jan 2008 03:00 UTC
in reply to "RE: If you say so..."
Member since:2005-08-18
RE[3]: If you say so...
by james_parker on Wed 30th Jan 2008 19:42 UTC
in reply to "RE[2]: If you say so..."
Member since:2005-06-29
"I don't think anyone will quibble about security risks running unknown copies of open source;
Please explain how this is different from running unknown software that isn't open source. "
In general, there is no difference. However, in server environments (which this software is geared toward), nearly all closed source software is commercial, and generally requires such things as licence information and root access to install, not to mention a commercial agreement prior to receiving the software.
In contrast, open source can generally be installed without such restrictions, making it far easier to overlook.
RE[4]: If you say so...
by lemur2 on Wed 30th Jan 2008 22:22 UTC
in reply to "RE[3]: If you say so..."
Member since:2007-02-17
nearly all closed source software is commercial, and generally requires such things as licence information and root access to install, not to mention a commercial agreement prior to receiving the software
...
In contrast, open source can generally be installed without such restrictions, making it far easier to overlook.
...
In contrast, open source can generally be installed without such restrictions, making it far easier to overlook.
Open source code does not need "looking over". You are granted permission to install it and run it without any commercial agreement in place. Since you don't need any commercial agreements to install it and run it, what exactly is the point of trying to keep track of commercial agreement papers which don't exist and aren't required?
Member since:
2006-01-28
Business people try to pinch a dollar out of you no matter what you are doing.
If you don't know what you have installed on your systems, ask your system administrators to keep updated documentation on how your network is set up and evolves. Make it part of their job evaluation.
RE: Much ado about nothing
by jharrell on Tue 29th Jan 2008 19:27 UTC
in reply to "Much ado about nothing"
Member since:2007-07-30
Member since:
2007-03-31
as far as we can see. They want licenses to be sold.
HP-UX is pretty arcane, incomplete, runs on hardware that isn't avalable anymore (PA-RISC) and now they bet in Itanium. Even a DVD set will cost you list price $800 or so.
HP has a hard time and they try to compensate..
Member since:
2005-08-12
"There is a significant benefit for enterprises to understand how much of this software they have and be able to manage it. Companies are running huge risks -- financial and otherwise -- by not knowing what open source software they're using and therefore not knowing what license obligations and security violations come along with it," Martino said.
That was the only explanation in the article. I tried to play devil's advocate and come up with some legally compromising scenarios of my own, but I honestly couldn't.
If anyone is curious, you can download the tool here: http://www.fossology.org/. It's GPL, somewhat ironically.
Ed: it appears to scan local files for text in 30 types of OSS licenses (\agents\foss_license_agent\Licenses\Raw\) and store the results in an sql-based "fossrepo."
Edited 2008-01-29 22:19 UTC
Member since:
2005-11-02
"HP gave an example of a recent customer that had three times as many FOSS licenses as originally estimated -- 75 licenses rather than 25. This left customers with a choice: implement governance policies to allow the safe use of FOSS, or replace the software at an estimated cost of $80 million."
75 FOSS licenses? Really? I assume this does not refer to having software under 75 different OSI-approved license terms in their organization, but rather to having 75 devices running on FOSS software under licenses unknown.
Does HP mean to imply that not obtaining (read: paying for) licenses for FOSS software is somehow illegal or against government policy? I find this somewhere between comical and disingenuous. Is it unsafe to use unpaid-for software, even if that is in compliance with its license?
I understand that some organizations might like to know how much unapproved FOSS software has crept in to their infrastructure, purely for informational and planning purposes, but to advertise this service in a way that suggests that they are ferreting out illicit or illegal installations and making people pay for them is... unpleasant.
RE: Comment by sorpigal
by Moulinneuf on Wed 30th Jan 2008 06:09 UTC
in reply to "Comment by sorpigal"
RE[2]: Comment by sorpigal
by lemur2 on Wed 30th Jan 2008 09:31 UTC
in reply to "RE: Comment by sorpigal"
Member since:2007-02-17
It's a lie by the BSD that all OSS code is equal and that all are legal.
Sorry to burst your bubble Moulinef, but it is not at all illegal to write software (as long as you actually write it yourself and refrain from copying someone else's work), nor is it in any way illegal to let someone else run the software you have written. As long as you have written the software, then the law is such that you the author gets to say how others may, or may not, use it.
There is nothing "illegal" about FOSS software.
RE[3]: Comment by sorpigal
by Moulinneuf on Thu 31st Jan 2008 09:53 UTC
in reply to "RE[2]: Comment by sorpigal"
RE[4]: Comment by sorpigal
by lemur2 on Thu 31st Jan 2008 11:20 UTC
in reply to "RE[3]: Comment by sorpigal"
Member since:2007-02-17
It is when your not legally given the permission to do it.
Sigh! You really do have a major, major disconnect from reality here.
It is not illegal to write code. You just sit down and type it. As long as it is your own work, no-one can stop you. You do NOT need permission, from anyone.
Once you have written your own work, your very own piece of code ... you are then the author of it. You automatically own the copyrights to it. Not the US government, not Microsoft, not your local pastor ... nobody but you.
As the copyright owner in the code, you may license it however you wish. You set the terms by which others may use it and copy it.
Once again, and with emphasis ... you DO NOT NEED ANYONE'S PERMISSION to write your own code.
http://en.wikipedia.org/wiki/Freedom_of_speech
http://en.wikipedia.org/wiki/Copyright
"Copyright - is a legal concept enacted by most national governments, that gives the creator of an original work exclusive rights to it"
http://en.wikipedia.org/wiki/Free_content
"Because the law by default grants copyright holders monopolistic control over their creations"
Since the creator of a work has control rights over that work, they can choose to do this with it if they so please:
http://en.wikipedia.org/wiki/Free_software
PS: sorry about the mis-spelling of Moulinneuf. That was lazy of me.
Edited 2008-01-31 11:23 UTC
Member since:
2005-10-31
Member since:
2005-08-18
"HP gave an example of a recent customer that had three times as many FOSS licenses as originally estimated -- 75 licenses rather than 25. This left customers with a choice: implement governance policies to allow the safe use of FOSS, or replace the software at an estimated cost of $80 million."
Wow. Welcome to the land of bullshit.
Seriously, that sentence makes no sense. Did they have software licensed under 75 different OSS licenses? Did they have 75 users of some OSS software that is per-seat licensed? Or something else entirely? What governance policies?
"Open source software is different than traditional proprietary software
Other than how it's licensed it's no different.
and most people don't know how much they have embedded in their hardware."
What? Embedded in the hardware? Why the fsck would that matter? If it's embedded it comes with the damn product. Why does it matter if a hardware device is using OSS or not?
Users have uniformly told us that they don't know how much open source software they had
I doubt "users" know how much software they have, regardless of license.
FOSSology and FOSSBazaar are completely free, but HP refused to issue pricing for its Health Check Services, which vary depending on the service.
Wow really. No price eh? There's a surprise for ya.
You know, if they had said that it helped you find unknown OSS software so you could keep track of it and keep it updated that would have been one thing but this, this is just bullshit,
Edited 2008-01-30 03:28 UTC
Member since:
2007-02-17
FTA:
"HP gave an example of a recent customer that had three times as many FOSS licenses as originally estimated -- 75 licenses rather than 25. This left customers with a choice: implement governance policies to allow the safe use of FOSS, or replace the software at an estimated cost of $80 million."
If it really is FOSS, then it is absolutely free to "use" (that is, to run). Free as in freedom AND free as in beer. It says so right in the license.
The only restriction comes when you are a software developer yourself, and only then if the code that you produce actually includes FOSS source code within it, and only then if it is licensed under a copyleft FOSS license (such as the GPL) rather than a permissive FOSS license (such as BSD), and only then if your product itself is closed-source.
So are HP trying to claim that their customer was a developer who had released 75 closed-source applications which included copyleft FOSS source code, when they thought they had made only 25 applications?
HP's customer needs to buy $80 million dollars worth of free software? Is that a silly claim or what? HP are sounding utterly stupid with this press release. Either stupid or ignorant of what the licenses actually say.
If I were a non-developer customer of HP's and HP tried to scare me into buying a HP product with FUD like that, I would drop HP like a ton of hot bricks.
Even if I were a software developer, I'd take HP's press release to mean that HP thought that I didn't know what I was doing ... and still I would drop HP like a ton of hot bricks.
Member since:
2005-10-31
And realized that it was like to ultimate flame-bait generator ...
Psst ... are you gonna let them use your code like that?
What are you talking about?
Well something tells me that Abiword might be using your BSD licensed code and the calling the whole thing GPL
Yeah you're right
I'm not saying you have to do something, I'm just saying
No your right !!
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Links
