FOSSBazaar is no longer being updated. The information on this site is preserved for your convenience but may be out of date. Please visit Linux Foundation's Open Compliance Program for current information and activities.

Open source compliance: know your obligations

tbm's picture

One key element of open source compliance is to know your obligations. There is a lot of confusion about what open source means exactly and some people believe that open source means you can do whatever you want. While open source grants users many freedoms, open source code comes under specific license terms which often include obligations that have to be followed by companies distributing open source software.

Because of recent lawsuits by the Software Freedom Law Center on behalf of the busybox project and the activities of the GPL-Violations project, awareness is growing that copyleft licenses such as the GPL come with obligations. For example, the GPL requires source code to be offered to those who receive binaries. The AGPL goes a step further and additionally requires that the source code be made available to users who interact with the software over the network.

Governance session at Open World Forum

tbm's picture

FOSSBazaar, with the help of the QualiPSo project, have organized a governance session at Open World Forum in Paris. We'll have a whole day to talk about governance issues. The morning session is dedicated to the adoption of open source whereas the focus of the afternoon session is on compliance. The program is available now. I hope to see many of you in Paris!

Black Duck Software vs the FOSSology project

bobg's picture

Black Duck Software vs FOSSology

Peter Vescuso (Black Duck VP Marketing and Bob Gobeille (FOSSology originator and developer), put together this brief high level comparison between Black Duck's Software Suite and the open source FOSSology project.  This is a question that comes up repeatedly so, hopefully, this will help people understand the major differences.


1) By and large FOSSology and Black Duck don’t compete. There is some overlap in functionality but the Black Duck Suite is a complete OSS management/automation solution for your entire software lifecyle.  The FOSSology application is a system that integrates a set of tools that you might find useful in your OSS management.  Currently FOSSology focuses on license scanning, categorization, and copyright.  This is why many companies (including Hewlett Packard, whom Bob works for) use both Black Duck Software and FOSSology.


Antelink joins FOSSBazaar

grouss's picture

I'm very pleased to annouce that Antelink, the INRIA'spinoff I lead and cofound with Stépane Bagnier, joins FOSSBazaar community.

Antelink is a software vendor. Our market position leaves little room for developing service/consulting activities. As a result, we didn’t opt for an open source model. However, as users of open source libraries and solutions, we felt it was important to give something back to open source communities. Part of this will involve developing products and services that can be used for free by open source communities.

Metaphysical Detectives and Emotional Spies

Andrew Grant's picture

In one recent deal we were left with the thorny problem of Indemnity and who pays for it. Typically, if you are using proprietary code you are buying a pig in a poke (buying something in a black sack that the vendor says will do  the job). The case of indemnity arises if a patent troll claims ownership and then sues the user for a multi-million dollar sum. The legal team then refers to the contract and points the troll's complaint at the software vendor who defends the claim (on the basis they know what's in the software and where it came from because they "own" it.)

Now, it gets more complicated when companies acquire companies who acquire other companies who may have mashed together their apps over time. The enterprise needs to make sure it is not open to legal risk yet this places the burden of cost for defence and code parentage on the vendor - another cost that would need to be borne by Open Source vendors when dealing with the Enterprise.