Are Your Licenses Compliant?
If you work with Open Source software every day, you probably do not think for a moment about license compliance. In fact, if you are not an IT manager or professional intellectual property lawyer, you might not even think about it at all. Until you get the phone call.
My last article was back in the first week of January. It was probably written over the Christmas break, before I got the phone call. It was not that I was not expecting the phone call, but I was certainly not expecting to disappear into a morass of legal discussion, code review, and debate sessions that would make Members of Parliament blanch. I was not expecting to be looking for loop holes to make my technical decisions easier or to be losing sleep wondering if we would get our product corrected soon enough to be able to get it out the door this quarter and fulfill the sales that our reps had already booked. And while the company was not blaming me per se, there was certainly a lot of focus on me and my team to clean up what was essentially a five-year-old mistake.
For a variety of reasons, I cannot go into some of the details. But let me explain the situation as best I can. The company makes a product. An appliance actually, and we use a lot of Open Source code. We also license a number of other pieces of code, both quasi-Open Source and proprietary, and bundle them all together into this appliance. One of the contracts with a piece of the quasi-Open Source code expired and we set about the task of renegotiating it. So far, not a big deal right? That was exactly what we were thinking back in the fourth quarter of last year when we started this. It rapidly went downhill. Like so many popular programs, the company we had originally signed the contract with had been bought by a larger company – actually a couple of them. So now we were not dealing with a friendly Open Source company but a group of…what’s the term? Oh, yes, flesh eating lawyers. Still, we were not really asking for much more than a renewal of the contract and more reasonable terms, because we do represent a revenue stream to them. So far, everything was good. And then we discovered that we were using the wrong binaries.
It turns out that the code existed in a licensed version and a community version. We had been using the community version. Slap!
It might have ended there, but we really kind of needed to use the software, so that meant that we had to get back on the good side. Simple, straightforward, and easy right? Just hit the Easy Button® and everything is good right? Um. No.
Again, I won’t dive into the messy details, the late nights, the impossible schedules, the lack of being able to deliver product, the yelling, the screaming, the sleepless nights, the long phone calls and of course the lawyers. I think Shakespeare might have had a point.
The moral of the story is this. Do not wait until the phone rings. Do not wait until the lawyers are sharpening their pencils. Make sure you are in good shape now. The costs -- monetary, health, and welfare -- are not worth it.
Shameless promotion: For those in the Washington, DC area, I will be presenting a talk entitled Linux and Amateur Radio: The Development Divide at the Columbia Area Linux User’s Group’s April meeting. Visit the CALUG’s website for details and directions.
Free DevOps eBooks, Videos, and more!
Regardless of where you are in your DevOps process, Linux Journal can help!
We offer here the DEFINITIVE DevOps for Dummies, a mobile Application Development Primer, and advice & help from the expert sources like:
- Linux Journal
- Be a Mechanic...with Android and Linux!
- New Products
- Users, Permissions and Multitenant Sites
- Flexible Access Control with Squid Proxy
- Security in Three Ds: Detect, Decide and Deny
- High-Availability Storage with HA-LVM
- Tighten Up SSH
- DevOps: Everything You Need to Know
- Solving ODEs on Linux
- Non-Linux FOSS: MenuMeters