0
Video: Open source: Companies skipping security update face big risk
The purpose? The top Linux developers explained, “Our intent in providing these assurances is to encourage more use of the software. We want companies and individuals to use, modify and distribute this software. We want to work with users in an open and transparent way to eliminate any uncertainty about our expectations regarding compliance or enforcement that might limit adoption of our software. We view legal action as a last resort, to be initiated only when other community efforts have failed to resolve the problem.”
In its new position statement, Red Hat explained that the GPLv2 and LGPL, as written, has led to the belief that automatic license termination and copyright infringement claims can result from a single act of inadvertent non-compliance. Indeed, some people believe a singly copyright violation could lead to a lawsuit even if the copyright holders haven’t bothered to tell the alleged violators of what was going down before seeking legal recourse.
Within Red Hat’s non-commercial software family, the WildFly, GlusterFS and Pulp projects have added the language. These provide core components of Red Hat’s JBoss Middleware, Red Hat Gluster Storage, and Red Hat Satellite products. Other Red Hat-based projects considering this license protection include Anaconda, Red Hat’s operating system installation program; Candlepin; the Cockpit server manager; and Koji, the RPM package builder.
Why is Red Hat bothering with this when it’s already incorporated the cure commitment language with Red Hat Enterprise Linux (RHEL)? Red Hat’s senior commercial counsel, Richard Fontana, explained:
“License selection is a form of legal decision making, but for as long as I’ve been at Red Hat, engineers have been given significant discretion to choose licenses for the projects they maintain, within certain boundaries (for example, expectations to pick from a small set of widely-used, de facto standard licenses). This reflects not only our corporate traditions of developer empowerment, but also our view that engineers typically have the greatest competence to determine the appropriate license strategy for growing user and contributor communities around their projects.”
Both historically and today, many Red Hat engineers choose GPLv2 or LGPLv2.1 for their projects. Over time, these often incorporate contributions from copyright holders other than Red Hat.
Therefore, said Fontana, “We are extending the GPLv3 termination policy to users of our GPLv2/LGPLv2.1 code because we consider it the right thing to do. The cure permissions offer additional comfort that users of our code have reasonable assurances of quiet use of that code, even if there is a temporary license noncompliance by a third party redistributing our code, due to misunderstanding or otherwise. … We hope that others will also join in this endeavor to reassure the open source community that good faith efforts to fix noncompliance will be embraced.”
Read also: From Linux to cloud, why Red Hat matters for every enterprise
He makes an excellent point. If your company or group is creating open-source software under a license without copyright cure commitment language, you’d be wise to consider adopting one. It will go a long way to reassuring any potential legally concerned partners and customers that they won’t have any worries about contributing to or using your software.
Related stories
Linux beats legal threat from one of its own developers ‘Big four’ Linux companies shift open-source licensing policiesLinus Torvalds’ love-hate relationship with the GPL
Related Topics:
Legal
Cloud
Big Data Analytics
Innovation
Tech and Work
Collaboration
0