Cisco Lawsuit: A Test for the GPL? - Page 2

Haislmaier suspects that both the FSF and Cisco will likely want to resolve the case out of court, for a number of reasons. To date, no case has ever progressed far enough in the judicial system to enable the courts to weigh in on the GPL -- a fact that makes the FSF appear as both judge and jury when it comes to interpreting it.

"This situation has definitely benefited the FSF, as it has led to the FSF becoming the de facto interpreter of the GPL -- to the extent that many erroneously assume that the burden is on the party opposite the FSF to justify its interpretation of the GPL and no longer on the FSF to justify its own interpretation," Haislmaier said.

"A court decision substantively interpreting the GPL, even a decision favorable to the FSF, draws a legal line in the sand," he added. "While that line could adopt the views of the FSF in the case at hand, there is no guarantee that this would be the result -- particular when the other side is a legally sophisticated and deep-pocketed defendant like Cisco."

Haislmaier argued that in his view, the FSF has often used to its advantage the inherent ambiguity over some of the key provisions of the GPL -- for instance what forms a "work based on the program" or what constitutes a "distribution".

"This is not to say that they have been unfair or unethical, just that as any savvy software licensor would do, they have used the interpretation of their license to their advantage," Haislmaier noted. "While Cisco almost certainly has some fault in its alleged non-compliance, the environment of ambiguity around the interpretation of the GPL cultivated by the FSF(or at least not meaningfully dispelled by the FSF over the years) certainly plays a role as well."

Impact on enterprise open source users

Regardless of the outcome the FSF-Cisco lawsuit, the debate has once again brought open source legal issues to the forefront. It's also prompted enterprises using open source -- and those considering it -- to wonder about the route for using and redistributing open source, according to Haislmaier, who represents open source services vendor OpenLogic and said he's been fielding inquiries relating to the lawsuit's potential impact.

"For those invested in open source, the case has definitely raised some concerns," Haislmaier said. "For companies that distribute software, whether large or small, we continue to recommend that they should absolutely be auditing their code for open source and ensuring they fulfill all of the license obligations that are found. Believe it or not, many companies simply continue to avoid this obligation."

Haislmaier added that others do try to comply, but most don't end up being 100 percent-compliant without some kind assistance.

[cob:Special_Report]"As an example, a system that depends on self-reporting by developers of the open source code used and licenses involved will typically miss a large percentage of the open source actually in use," he said. "This typically has little to do with the veracity of the developers and more to do with the complexity of the environment in which they work -- open source reporting is simply not something that humans do well."

Haislmaier recommends that software developers and other companies that distribute software put in place a process and policy to uncover and follow open source license obligations. He also pointed to tools to used to help identify open source code and licenses -- ranging from vendors like Black Duck and his client, OpenLogic, to free tools like FOSSology.

"Of course, solid legal expertise in open source to back-up the processes and policies is also essential," Haislmaier said.