Are Your Licenses Compliant?
If you work with Open Source software every day, you probably do not think for a moment about license compliance. In fact, if you are not an IT manager or professional intellectual property lawyer, you might not even think about it at all. Until you get the phone call.
My last article was back in the first week of January. It was probably written over the Christmas break, before I got the phone call. It was not that I was not expecting the phone call, but I was certainly not expecting to disappear into a morass of legal discussion, code review, and debate sessions that would make Members of Parliament blanch. I was not expecting to be looking for loop holes to make my technical decisions easier or to be losing sleep wondering if we would get our product corrected soon enough to be able to get it out the door this quarter and fulfill the sales that our reps had already booked. And while the company was not blaming me per se, there was certainly a lot of focus on me and my team to clean up what was essentially a five-year-old mistake.
For a variety of reasons, I cannot go into some of the details. But let me explain the situation as best I can. The company makes a product. An appliance actually, and we use a lot of Open Source code. We also license a number of other pieces of code, both quasi-Open Source and proprietary, and bundle them all together into this appliance. One of the contracts with a piece of the quasi-Open Source code expired and we set about the task of renegotiating it. So far, not a big deal right? That was exactly what we were thinking back in the fourth quarter of last year when we started this. It rapidly went downhill. Like so many popular programs, the company we had originally signed the contract with had been bought by a larger company – actually a couple of them. So now we were not dealing with a friendly Open Source company but a group of…what’s the term? Oh, yes, flesh eating lawyers. Still, we were not really asking for much more than a renewal of the contract and more reasonable terms, because we do represent a revenue stream to them. So far, everything was good. And then we discovered that we were using the wrong binaries.
It turns out that the code existed in a licensed version and a community version. We had been using the community version. Slap!
It might have ended there, but we really kind of needed to use the software, so that meant that we had to get back on the good side. Simple, straightforward, and easy right? Just hit the Easy Button® and everything is good right? Um. No.
Again, I won’t dive into the messy details, the late nights, the impossible schedules, the lack of being able to deliver product, the yelling, the screaming, the sleepless nights, the long phone calls and of course the lawyers. I think Shakespeare might have had a point.
The moral of the story is this. Do not wait until the phone rings. Do not wait until the lawyers are sharpening their pencils. Make sure you are in good shape now. The costs -- monetary, health, and welfare -- are not worth it.
Shameless promotion: For those in the Washington, DC area, I will be presenting a talk entitled Linux and Amateur Radio: The Development Divide at the Columbia Area Linux User’s Group’s April meeting. Visit the CALUG’s website for details and directions.
- The Tiny Internet Project, Part I
- SUSECON 2016: Where Technology Reigns Supreme
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Free Today: September Issue of Linux Journal (Retail value: $5.99)
- Bitcoin on Amazon! Sort of...
- Linux Journal October 2016
- Android Browser Security--What You Haven't Been Told
- Epiq Solutions' Sidekiq M.2
- Securing the Programmer
Pick up any e-commerce web or mobile app today, and you’ll be holding a mashup of interconnected applications and services from a variety of different providers. For instance, when you connect to Amazon’s e-commerce app, cookies, tags and pixels that are monitored by solutions like Exact Target, BazaarVoice, Bing, Shopzilla, Liveramp and Google Tag Manager track every action you take. You’re presented with special offers and coupons based on your viewing and buying patterns. If you find something you want for your birthday, a third party manages your wish list, which you can share through multiple social- media outlets or email to a friend. When you select something to buy, you find yourself presented with similar items as kind suggestions. And when you finally check out, you’re offered the ability to pay with promo codes, gifts cards, PayPal or a variety of credit cards.Get the Guide