Sign In/My Account | View Cart  

advertisement

AddThis Social Bookmark Button

GPL gets another brickbat--but where does the Sarbanes-Oxley problem really lie?

   Print.Print
Email.Email weblog link
Discuss.Discuss
Blog this.Blog this

Andy Oram
Feb. 22, 2006 10:48 AM
Permalink

Atom feed for this author. RSS 1.0 feed for this author. RSS 2.0 feed for this author.

URL: http://www.wasabisystems.com/gpl/...

Honestly, I don't know how thousands of businesses can thrive on free software. They certainly wouldn't if they listened to the software industry experts. First there were all the claims (borne out by some real major failures in the industry during the dot-com bust) that there was no business case for making money on software that everyone could download, run, and freely alter. Now that free software is a well established industry, there comes a white paper by Jay Michaelson of Wasabi Systems, which got reported on by ITManagersJournal.com, NewsForge, and others.

You're probably expecting me to sneer at Michaelson's paper, but I'm not going to. It's an excellent essay, in my opinion. It describes a real--though very limited--problem. In fact, I think a recognition of this problem may lead to an increase in dual licensing, which will allay many of the fears expressed in the paper.

Basically, Michaelson's white paper lays out the controversy over the GPL's share-and-share-alike provisions, often called "viral" by its critics. This controversy (especially the paper's corresponding praise for the BSD license) goes back a couple decades and is familiar to anyone who's followed open source.

Where Michaelson does not report fairly, in my opinion, is that he doesn't make it clear what a tiny sliver of businesses are affected by this provision: businesses such as his, which sells embedded systems.

Even these businesses should not be wringing their hands over the GPL, because they have hardware to build their revenue on. They needn't fret over releasing the source code to their drivers--they should instead be expressing gratitude that Linux provides such a great platform for them to release their drivers to.

Still, companies cite various legal reasons (cross-licensing, government restrictions on radio emissions, and so forth) for needing to keep source code secret. You can pick each one apart, but Michaelson is within his rights to point out that companies do worry about this issue, and that the GNU/Linux communities have left the area deliberately ambiguous. The new GPLv3 doesn't seem to offer any resolution to this issue either.

Michaelson makes another valid point (though not as directly as I make it here). Most companies that used closed source software have explicit licensing agreements that protect them from liability from lawsuits and the provisions of Sarbanes-Oxley. Companies that use free software don't have those agreements in place. That's why I think that people reading this paper may have good reason to offer dual licensing for the software they produce, and to sign such licenses for free software they bring in house.

But even here, GPL critics go too far in singling it out for blame. Many of the licenses that are usually seen as more industry-friendly, such as the Apache License and the Sun Community Source License, contain restrictions of their own, and these could just as easily turn into traps. Sarbanes-Oxley in general requires companies to be careful--very careful. (By the way, legal folks have been talking to me about the interaction between Sarbanes-Oxley and free software for a year or two; this article does not reveal anything new.)

And why are the "intellectual property" provisions of Sarbanes-Oxley so draconian? Not because of free software advocates, I can tell you that. The provisions must be there because major copyright and patent holders wanted the largest possible stick with which to beat companies that dare to use copyrighted and patented products without jumping through the licensing hoops set up by the intellectual property holders. If these enemies of free software have set up such a frightening legal phalanx to further their own business needs, it's only poetic justice that the same phalanx can be called into play to uphold free software.

The ubiquity and lack of barriers to using free software allow people to abuse it by hiding it in proprietary products. Companies may find it worth hiring Black Duck Software or Palamida to make sure they comply with free software licenses. Yes, intellectual property regimes help make it dangerous to go into business. Free software can add its own complications, but code reviews and dual-licensing provide recourses.

Andy Oram is an editor for O'Reilly Media, specializing in Linux and free software books, and a member of Computer Professionals for Social Responsibility. His web site is www.praxagora.com/andyo.

Return to weblogs.oreilly.com.



Weblog authors are solely responsible for the content and accuracy of their weblogs, including opinions they express, and O'Reilly Media, Inc., disclaims any and all liabililty for that content, its accuracy, and opinions it may contain.

Creative Commons License This work is licensed under a Creative Commons License.



-->