RealTime IT News

DiBona: Just Comply With Open Source, Will Ya

SAN FRANCISCO -- Are you in compliance with the open source licensed application you're using?

It's a question that Google's Open Source Program Manager Chris DiBona understands well.

In an energetic 90-minute session here at LinuxWorld, DiBona explained the principal differences between licenses and how to maintain compliance with them.

He also explained how Google, which consumes, produces and supports open source in a myriad of ways, handles the complexity of code licensing.

At the core of all open source applications is the open source license under which the application is made available.

The definition of open source, according to DiBona, is something that is easy to answer at a high level: It is approved by the Open Source Institute.

DiBona warned, however, that not all firms that claim to be open source actually are open source.

"If you go out on the show floor, vendors will say words like 'open source,' and sometimes they are lying; but sometimes they have a different idea about what x or y license is."

At the root of the problem of understanding what is and isn't open source is the fact that there are over 60 OSI-approved licenses.

Yet, among those 60-plus licenses, one license clearly dominates the landscape.

"GPL is the most important license in open source today," DiBona said.

According to Google's studies cited by DiBona, GPL-licensed code represents 45 percent to 50 percent of all open source software.

The fact that the GPL is so pervasive means that understanding its terms is even more important.

The GPL is a reciprocal license, meaning the code must remain free and that contributions must be committed back to the community.

DiBona said the problem with many licenses is with open source intermingling where bits of code licensed under different licenses are cobbled together into an application.

Not all licenses are compatible.

"It ends up hurting your productivity," DiBona said. "It's worth understanding this problem so you can stay out of it."

A lot of license compliance has to do with the spirit of the license as opposed to the letter of the license.

A lot of terms in open source licensing can be somewhat ambiguous, and non-compliance enforcement doesn't carry much of a penalty.

"The reason why we're [Google] compliant is because it's the right thing to do," DiBona said. "The financial penalty is not significant."

DiBona noted that people are breaking the law in terms of license compliance, but they often are remedied simply. In his view most developers simply just want to make sure their code and applications continue in an open source manner.

"What it comes down to is that there are developers that want others to use their work, and that's pretty awesome."

The GPL in its current version 2 includes some items that are often misunderstood.

If you link, you have to make your code free. But there is no clear definition on what linking means.

For example, if a user uses GCCto compile their application, that doesn't mean that the software that is compiled is now GPL.

"Most people agree that linking means dynamic linking to a library," DiBona explained. With GPL's other variant, the Lesser GNU Public License, a dynamic link is not an infection.

The terms of the GPL and other open source licenses is not necessarily where the difficultly rests.

"The problem is not mirroring or patching or following the law. The hard part is tracking the software," DiBona said.

DiBona told the audience that Google built a tool to track what is what and where things came from. As such, code is properly segregated, minimizing the risk of non-compliance.

"We spend a lot of time on engineer training," DiBona said.

As part of that training DiBona gives new Google engineers an orientation that teaches them about Google's code repository and the importance of identifying and tagging code.

"Once they get into the habit in your own organization, they'll get used to being compliant," DiBona said.

What it boils down to in the end is understanding where open source developers are coming from so you can make better use of the software.

The idea is hat you get more out of open source code and participating in the process of its development and growth than you would simply by using it on your own.

What's important to understand about most open source software developers is that they are not in it for the money, according to DiBona.

"They know what they are doing, and if they wanted to charge you they would choose a commercial license," DiBona said. "There are lots of opportunities in commercial licensing. If you want to get paid do not give it away."

That said DiBona did note that there are plenty of opportunities to make money in open source, but making recurring licensing revenue is not one of them.

"Ninety-nine percent of projects are one or two people that have a problem that interests them so they use the license so they can work together," DiBona said.

"Open source licenses give us a structure to work together, not one to rip each other off."