GPL gets another brickbat--but where does the Sarbanes-Oxley problem really lie?

by Andy Oram

Related link: http://www.wasabisystems.com/gpl/



Honestly, I don't know how thousands of businesses can thrive on free
software. They certainly wouldn't if they listened to the software
industry experts. First there were all the claims (borne out by some
real major failures in the industry during the dot-com bust) that
there was no business case for making money on software that everyone
could download, run, and freely alter. Now that free software is a
well established industry, there comes a
white paper
by Jay Michaelson of Wasabi Systems, which got reported on by

ITManagersJournal.com
,
NewsForge,
and others.



You're probably expecting me to sneer at Michaelson's paper, but I'm
not going to. It's an excellent essay, in my opinion. It describes a
real--though very limited--problem. In fact, I think a recognition of
this problem may lead to an increase in dual licensing, which will
allay many of the fears expressed in the paper.



Basically, Michaelson's white paper lays out the controversy over the
GPL's share-and-share-alike provisions, often called "viral" by its
critics. This controversy (especially the paper's corresponding
praise for the BSD license) goes back a couple decades and is familiar
to anyone who's followed open source.



Where Michaelson does not report fairly, in my opinion, is that he
doesn't make it clear what a tiny sliver of businesses are affected by
this provision: businesses such as his, which sells embedded systems.



Even these businesses should not be wringing their hands over the GPL,
because they have hardware to build their revenue on. They needn't
fret over releasing the source code to their drivers--they should
instead be expressing gratitude that Linux provides such a great
platform for them to release their drivers to.



Still, companies cite various legal reasons (cross-licensing,
government restrictions on radio emissions, and so forth) for needing
to keep source code secret. You can pick each one apart, but
Michaelson is within his rights to point out that companies do worry
about this issue, and that the GNU/Linux communities have left the
area deliberately ambiguous. The new GPLv3 doesn't seem to offer any
resolution to this issue either.



Michaelson makes another valid point (though not as directly as I make
it here). Most companies that used closed source software have
explicit licensing agreements that protect them from liability from
lawsuits and the provisions of Sarbanes-Oxley. Companies that use free
software don't have those agreements in place. That's why I think that
people reading this paper may have good reason to offer dual licensing
for the software they produce, and to sign such licenses for free
software they bring in house.



But even here, GPL critics go too far in singling it out for
blame. Many of the licenses that are usually seen as more
industry-friendly, such as the Apache License and the Sun Community
Source License, contain restrictions of their own, and these could
just as easily turn into traps. Sarbanes-Oxley in general requires
companies to be careful--very careful. (By the way, legal folks have
been talking to me about the interaction between Sarbanes-Oxley and
free software for a year or two; this article does not reveal anything
new.)



And why are the "intellectual property" provisions of Sarbanes-Oxley
so draconian? Not because of free software advocates, I can tell you
that. The provisions must be there because major copyright and patent
holders wanted the largest possible stick with which to beat companies
that dare to use copyrighted and patented products without jumping
through the licensing hoops set up by the intellectual property
holders. If these enemies of free software have set up such a
frightening legal phalanx to further their own business needs, it's
only poetic justice that the same phalanx can be called into play to
uphold free software.



The ubiquity and lack of barriers to using free software allow people
to abuse it by hiding it in proprietary products.
Companies may find it worth hiring
Black Duck Software
or
Palamida
to make sure they comply with free software licenses. Yes,
intellectual property regimes help make it dangerous to go into
business. Free software can add its own complications, but code
reviews and dual-licensing provide recourses.


1 Comments

Internet backgammon
2006-03-16 21:30:38
Internet backgammon Super :)