Home » Blogs » Andrew Aitken's blog

The Need for Governance - A Practical Perspective

FOSSBazaar is no longer being updated. The information on this site is preserved for your convenience but may be out of date. Please visit Linux Foundation's Open Compliance Program for current information and activities.

Andrew Aitken's picture
Posted January 24th, 2008 by Andrew Aitken

We can’t help ourselves. Here I sit with 15 of the most knowledgeable open source experts at a wonderful restaurant in Nuremberg, Germany at the Open Source Meets Business Conference, and we’re not talking about the great beer or the tasty Scheufelen but the GPLv2 vs. GPL v3. And the problem is there is little agreement among the business and legal experts as to the impact or adoption of v3. Although there isn’t consensus among the group, we do agree that today there has been limited adoption - but that is where the opinions begin to fragment and the discussions become animated. Some feel that the GPLv3 will remain a minor license for community-based projects with minor commercial open source adoption. Others feel that it is simply a mater of time before some of the more “sticky” clauses within v3 force it into commercial open source applications. Some say it’s only a matter of months before the community begins to understand the legal implications of v3, yet others say it is too complicated and may take years, or never happen. One commercial vendor at the table complained that his offerings contained two GPL v2 applications, but one had moved to GPL v3 making it incompatible with the other application. This has led to community confusion, an analysis of re-architecting his solutions and a lot of expensive time with his attorney trying to figure out a work-around.

As I sat back listening to the conversation it struck me that if the best “experts” at the table had such divergent opinions, how was a large enterprise using dozens if not hundreds of open source applications going to sort out this situation? Even more importantly, what about those manufacturers of devices distributing millions of units with embedded open source code? This conversation clearly highlighted the need for a comprehensive and flexible open source governance program. Something that provides structure yet allows for the evolution of open source licensing and its impact on the software we deploy. Open source offers tremendous advantages, but as the industry finds its way and evolves, we need to pay attention, a tremendous amount of attention, to these details.

While I agree that it

Submitted by George Pace on Thu, 2008-01-24 02:48.
While I agree that it highlights the need for governance, what it REALLY highlights is the need for SIMPLIER, REAL LIFE licensing terms. For example, if you are a typical corporation that isn't developing software for a living, all you want to do is make use of standard defacto libraries, and use them EXACTLY as they were intended. My favorite example is to use LOG4J - The concepts of the LGPL, which allowed you to use the binary and distribute it without problems is what we need to see more of. It can't be that hard, can it ?