The open source licence debate: what we need to know
As we have already noted on Computer Weekly Open Source Insider, open source grew, it proliferated… and it became something that many previously proprietary-only software vendors embraced as a key means of development.
But the issue of how open source software is licenced is still the stuff of some debate.
Open Source Insider has already looked at the issues relating to dead projects (that are still walking and running) and the need for workable incentivisation models.
Chief operating officer (COO) for GitHub Erica Brescia noted that, from her perspective, she is seeing an “increasing tension” between open source projects and those that are building services on top of open source, such as cloud vendors with their database services.
Brescia notes that licenses applied to open source projects a decade ago did not consider the possibility of a cloud vendor delivering an as-a-Service SaaS layer using the project without contributing back to it, which is leaving some open companies in a difficult position.
Computer Weekly’s Cliff Saran wrote, With friends like AWS, who needs an open source business? — and noted that a New York Times article suggested that Amazon Web Services (AWS) was strip-mining open source projects by providing managed services based on open source code, without contributing back to the community.
Security sources
We have also looked at the security aspects of open source licencing.
Exec VP at software intelligence company Cast is Rado Nikolov – for his money, the open source licencing debate also has a security element in it.
“Large organisations using open source code from GitHub, xs:code and other sources range from Walmart to NASA, collectively holding billions of pieces of sensitive data. Although open source code packages can be obtained at low or no cost, their various intellectual property and usage stipulations may lead to expensive legal implications if misunderstood or ignored,” said Niklov.
Ilkka Turunen, global director of solutions architecture at DevSecOps automation company Sonatype further reminded us that there are 1001 ways of commercialising open source software — but when releasing open source, the developer has a choice of publishing it under a license that is essentially a contract between them and the end user.
A multiplicity of complexities
So there’s security, there’s fair and just contributions back to the community, there’s layering over open for commercial use, there’s the complexity of just so many open source licences existing out there to choose from and there’s even concerns over whether trade sanctions can affect open source projects and see them becoming bifurcated along national borders.
Open source is supposed to be built around systems of meritocracy and be for the benefit of all, we must work hard to ensure that we can do this and shoulder the nuances of licensing to keep open source software as good as it should be… let the debate continue.