SlideShare a Scribd company logo

Should Orgs Care About GPL Compliance

Source Code Control Limited
Source Code Control Limited

1) There are two main categories of open source licenses - permissive licenses that allow reuse with few obligations, and copyleft licenses like the GPL that require derivatives to also be open source. 2) Organizations adopting open source software face risks if they do not comply with license obligations like source code sharing. Compliance is especially important for regulated industries and is overseen by groups like the Free Software Foundation. 3) To encourage compliance, enforcement focuses on education and fixing issues rather than penalties. Legal action is a last resort, and the primary goal is bringing organizations into compliance while respecting users' freedom.

Software
1 of 4
Download to read offline
Open Source Software GPL Compliance – Should Organisations Care? Open Source Licence Licensing Principles There are numerous Open Source Software (OSS) licences available today. These licences generally fall into one of two categories, Permissive licences which allow the software to be reused in any project as long as obligations of the licences are met or Copyleft. Licences which require derivatives of the software to be licensed on the same terms. There are a number of Copyleft licences but the primary copyleft licence is the GNU General Public License (GPL). There are a number of GPL versions and editions such as GPLv2, GPLv3, LGP and AGPL. The aim of Copyleft licensing is to provide a framework that allow ongoing sharing of a published work with clear permissions that grant and defend its users’ freedoms. These freedoms are:  The freedom to run the program, for any purpose.  The freedom to study how the program works, and modify it  The freedom to redistribute copies.  The freedom to distribute copies of modified versions to others Copyleft is a strategy to leverage copyright law to ensure these freedoms are maintained even in derivative works. Copyleft enables licensors to achieve legal protection for free sharing. So Copyleft is a legal strategy to defend, uphold and propagate software freedom. Open Source Software Compliance Open Source Software is being broadly adopted in organisations via many routes such as internally developed code (many companies are creating their own apps), reused/third party code from sites such as Github and Nuget, and outsourced code. The rate of adoption of OSS is being driven by technology benefits and business’ processes for managing business risk lags behind. Organisations that are risk averse and/or regulated such as finance, health will have Open Source policies in place to manage licence compliance of Open Source Software Other organisations from a business level perspective either are oblivious to the licence compliance risks or decide the cost of managing the actual risk therefore deem compliance management as an unnecessary or low priority investment. It is quite common to hear the statement “well who will enforce compliance” There are two organisations today that lead efforts globally to ensure compliance with GPL family of licences, they are the Free Software Foundation (FSF) and Software Freedom Conservancy The FSF began copyleft enforcement in the 1980s, and Conservancy has enforced the GPL for many of its member projects since its founding nearly a decade ago. An example case would be the suit against Cisco more details of which can be found here. The FSF holds the copyright to many GNU packages and although they can only enforce the licences on works to which they hold the copyright they can and do assists with enforcement elsewhere. In the world of proprietary software copyright holders seek monetary damages when their licence is violated for example the work undertaken by the Business Software Alliance whereas the goal of the
Free Software Foundation is a desire for violators to become compliance and repair any harm to the free software community. The FSF receive numerous violation reports each month via license-violation@gnu.org . The FSF Licensing Compliance Lab will follow a process of: 1. Investigate and validate a violation has happened. 2. Inform the violating party they are in violation of the GPL and they have lost their right to distribute the software in question. 3. Enter into a discussion to resolve the issue – Generally the issue is down to a lack of knowledge or understanding and are easily resolved. 4. If it is not a straightforward resolution the FSF has access to legal counsel and resources from the Software Freedom Law Center. Naturally however straightforward the issue reacting to this situation will be disruptive, time consuming and potentially costly. How to manage Open Source GPL Compliance To help guide end users, modifiers and redistributors of Open Source Software on software compliance issues and to help ensure enforcement work is undertaken in a community oriented fashion the FSF and Free Software Conservancy have issued a statement of principle which are summarised below The primary goal in GPL enforcement is to bring about GPL compliance Copyleft's overarching policy goal is to make respect of users' freedoms the norm. The FSF designed the GNU GPL's text towards this end. Copyleft enforcement done in this spirit focuses on stopping incorrect distribution, encouraging corrected distribution, and addressing damage done to the community and users by the past violation. Addressing past damage often includes steps to notify those who have already received the software how they can also obtain its source code, and to explain the scope of their related rights. No other ancillary goals should supersede full compliance with the GPL and respect for users' freedoms to copy, share, modify and redistribute the software. Legal action is a last resort. Most GPL violations occur by mistake, without ill will. Copyleft enforcement should assist these distributors to become helpful participants in the free software projects on which they rely. Occasionally, violations are intentional or the result of severe negligence, and there is no duty to be empathetic in those cases. Even then, a lawsuit is a last resort; mutually agreed terms that fix (or at least cease) further distribution and address damage already done are much better than a battle in court. Confidentiality can increase receptiveness and responsiveness Supporters of software freedom rightly view confidentiality agreements with distrust, and prefer public discussions. However, in compliance work, initiating and continuing discussions in private demonstrates good faith, provides an opportunity to teach compliance without fear of public
reprisal, and offers a chance to fix honest mistakes. Enforcement actions that begin with public accusations are much more likely to end in costly and lengthy lawsuits, and less likely to achieve the primary goal of coming into compliance. Accordingly, enforcers should, even if reluctantly, offer confidentiality as a term of settlement. If it becomes apparent that the company is misusing good faith confidentiality to cover inaction and unresponsiveness, the problems may be publicized, after ample warning. Community-oriented enforcement must never prioritise financial gain Financial penalties are a legitimate tool to achieve compliance when used judiciously. Logically, if the only penalty for violation is simply compliance with the original rules, bad actors will just wait for an enforcement action before even reading the GPL. That social model for copyleft and its enforcement is untenable and unsustainable. An enforcement system without a financial penalty favours bad actors over good ones, since the latter bear the minimal (but non-trivial) staffing cost of compliant distribution while the former avoid it. Copyright holders (or their designated agent) therefore are reasonable to request compensation for the cost of their time providing the compliance education that accompanies any constructive enforcement action. Nevertheless, pursuing damages to the full extent allowed by copyright law is usually unnecessary, and can in some cases work against the purpose of copyleft. Community-oriented compliance work does not request nor accept payment to overlook problems Community-oriented enforcement cannot accept payments in exchange for ignoring a violation or accepting incomplete solutions to identified compliance problems. Ideally, copyright holders should refuse any payment entirely until the distributor repairs the past violation and commits formally (in writing) to plans for future compliance. Community-oriented compliance work starts with carefully verifying violations and finishes only after a comprehensive analysis This means fully checking reports and confirming violations before accusing an entity of violating the GPL. Then, all of the relevant software should be examined to ensure any compliance problems, beyond those identified in initial reports and those relating to any clauses of the relevant licenses, are raised and fixed. This is important so that the dialogue ends with reasonable assurance for both sides that additional violations are not waiting to be discovered. (Good examples of compliance already exist to help distributors understand their obligations.) Community-oriented compliance processes should extend the benefit of GPLv3-like termination, even for GPLv2-only works GPLv2 terminates all copyright permissions at the moment of violation, and that termination is permanent. GPLv3's termination provision allows first-time violators automatic restoration of distribution rights when they correct the violation promptly, and gives the violator a precise list of copyright holders whose forgiveness it needs. GPLv3's collaborative spirit regarding termination reflects a commitment to and hope for future cooperation and collaboration. It's a good idea to follow this approach in compliance situations stemming from honest mistakes, even when the violations are on works under GPLv2.
Conclusion Organisations should fully understand the business risk associated with licence compliance of free and Open Source Software. If organisations are unclear of what if any open source software is in their organisations then undertake a software review. This should include in house developed software, third party developed applications and packaged applications from independent software vendors which unclear licensing terms. Once there is clarity of the use of Open Source Software then organisations should define an Open Source Policy which should be implemented through a combination of education and enforcement through a continuous compliance program.

Recommended

Towards a Video Rights Maturity Model
Towards a Video Rights Maturity ModelTowards a Video Rights Maturity Model
Towards a Video Rights Maturity ModelJulia Goodwin
 
P3S
P3SP3S
P3Sartba
 
Open Source is good for you
Open Source is good for youOpen Source is good for you
Open Source is good for youDirk Haun
 
Continuous Integration - Does it scale?
Continuous Integration - Does it scale?Continuous Integration - Does it scale?
Continuous Integration - Does it scale?Dirk Haun
 
Vorsicht, Kamera!
Vorsicht, Kamera!Vorsicht, Kamera!
Vorsicht, Kamera!Dirk Haun
 
Braindump - How to leave your Knowledge when leaving your Job
Braindump - How to leave your Knowledge when leaving your JobBraindump - How to leave your Knowledge when leaving your Job
Braindump - How to leave your Knowledge when leaving your JobDirk Haun
 
Reverse Bildersuche mit TinEye
Reverse Bildersuche mit TinEyeReverse Bildersuche mit TinEye
Reverse Bildersuche mit TinEyeDirk Haun
 
Cmsms, open source & business model
Cmsms, open source & business modelCmsms, open source & business model
Cmsms, open source & business modelJean-Christophe Cuvelier
 

Recommended

Towards a Video Rights Maturity Model
Towards a Video Rights Maturity ModelTowards a Video Rights Maturity Model
Towards a Video Rights Maturity ModelJulia Goodwin
 
P3S
P3SP3S
P3Sartba
 
Open Source is good for you
Open Source is good for youOpen Source is good for you
Open Source is good for youDirk Haun
 
Continuous Integration - Does it scale?
Continuous Integration - Does it scale?Continuous Integration - Does it scale?
Continuous Integration - Does it scale?Dirk Haun
 
Vorsicht, Kamera!
Vorsicht, Kamera!Vorsicht, Kamera!
Vorsicht, Kamera!Dirk Haun
 
Braindump - How to leave your Knowledge when leaving your Job
Braindump - How to leave your Knowledge when leaving your JobBraindump - How to leave your Knowledge when leaving your Job
Braindump - How to leave your Knowledge when leaving your JobDirk Haun
 
Reverse Bildersuche mit TinEye
Reverse Bildersuche mit TinEyeReverse Bildersuche mit TinEye
Reverse Bildersuche mit TinEyeDirk Haun
 
Cmsms, open source & business model
Cmsms, open source & business modelCmsms, open source & business model
Cmsms, open source & business modelJean-Christophe Cuvelier
 
Essay #2 ethical considerations
Essay #2 ethical considerationsEssay #2 ethical considerations
Essay #2 ethical considerationsjandrewsxu
 
Essay #2 ethical considerations
Essay #2 ethical considerationsEssay #2 ethical considerations
Essay #2 ethical considerationsjandrewsxu
 
Ethical consideration in open source software
Ethical consideration in open source softwareEthical consideration in open source software
Ethical consideration in open source softwareaamatya
 
Ethical consideration in open source software
Ethical consideration in open source softwareEthical consideration in open source software
Ethical consideration in open source softwareaamatya
 
Legitimacy of Open Source Softwares
Legitimacy of Open Source SoftwaresLegitimacy of Open Source Softwares
Legitimacy of Open Source SoftwaresAntara Rastogi
 
10 things to know about the intersection of blockchain technology, open sourc...
10 things to know about the intersection of blockchain technology, open sourc...10 things to know about the intersection of blockchain technology, open sourc...
10 things to know about the intersection of blockchain technology, open sourc...Kyiv National Economic University
 
Copyright or Copy left by manoranjan, glc, tvpm
Copyright or Copy left by manoranjan, glc, tvpmCopyright or Copy left by manoranjan, glc, tvpm
Copyright or Copy left by manoranjan, glc, tvpmAdvocate
 
Exploring Open Source Licensing
Exploring Open Source LicensingExploring Open Source Licensing
Exploring Open Source LicensingStefano Fago
 
Ethical Considerations in Open-Source Software Usage
Ethical Considerations in Open-Source Software UsageEthical Considerations in Open-Source Software Usage
Ethical Considerations in Open-Source Software Usageepidemicaa
 
Open Source Presentation To Portal Partners2
Open Source Presentation To Portal Partners2Open Source Presentation To Portal Partners2
Open Source Presentation To Portal Partners2Viet NguyenHoang
 
Foss Licencing
Foss LicencingFoss Licencing
Foss LicencingFITT
 
The social and ethical issues of sdd
The social and ethical issues of sddThe social and ethical issues of sdd
The social and ethical issues of sddsarthakgarg97
 
Introduction to Open Source License and Business Model
Introduction to Open Source License and Business ModelIntroduction to Open Source License and Business Model
Introduction to Open Source License and Business ModelMohd Izhar Firdaus Ismail
 
Introduction to Software Licensing
Introduction to Software LicensingIntroduction to Software Licensing
Introduction to Software Licensingtravellingpolander
 
A Qualitative Study On The Adoption Of Copyright Assignment Agreements (CAA) ...
A Qualitative Study On The Adoption Of Copyright Assignment Agreements (CAA) ...A Qualitative Study On The Adoption Of Copyright Assignment Agreements (CAA) ...
A Qualitative Study On The Adoption Of Copyright Assignment Agreements (CAA) ...Addison Coleman
 
Open Source Developer by Binary Semantics
Open Source Developer by Binary SemanticsOpen Source Developer by Binary Semantics
Open Source Developer by Binary SemanticsBinary Semantics
 
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?Jennifer O'Neill
 
1 Open Source Business
1 Open Source Business1 Open Source Business
1 Open Source BusinessJennifer Strong
 
Opensource Powerpoint Review.Ppt
Opensource Powerpoint Review.PptOpensource Powerpoint Review.Ppt
Opensource Powerpoint Review.PptViet NguyenHoang
 
opensource_powerpoint_review
opensource_powerpoint_reviewopensource_powerpoint_review
opensource_powerpoint_reviewwebuploader
 
OpenUK A4 x 8pp Re-use Principles June 2016 FINAL
OpenUK A4 x 8pp Re-use Principles June 2016 FINALOpenUK A4 x 8pp Re-use Principles June 2016 FINAL
OpenUK A4 x 8pp Re-use Principles June 2016 FINALSource Code Control Limited
 
DevOps and Open Source Software Continuous Compliance
DevOps and Open Source Software Continuous ComplianceDevOps and Open Source Software Continuous Compliance
DevOps and Open Source Software Continuous ComplianceSource Code Control Limited
 

More Related Content

Similar to Should Orgs Care About GPL Compliance

Essay #2 ethical considerations
Essay #2 ethical considerationsEssay #2 ethical considerations
Essay #2 ethical considerationsjandrewsxu
 
Essay #2 ethical considerations
Essay #2 ethical considerationsEssay #2 ethical considerations
Essay #2 ethical considerationsjandrewsxu
 
Ethical consideration in open source software
Ethical consideration in open source softwareEthical consideration in open source software
Ethical consideration in open source softwareaamatya
 
Ethical consideration in open source software
Ethical consideration in open source softwareEthical consideration in open source software
Ethical consideration in open source softwareaamatya
 
Legitimacy of Open Source Softwares
Legitimacy of Open Source SoftwaresLegitimacy of Open Source Softwares
Legitimacy of Open Source SoftwaresAntara Rastogi
 
10 things to know about the intersection of blockchain technology, open sourc...
10 things to know about the intersection of blockchain technology, open sourc...10 things to know about the intersection of blockchain technology, open sourc...
10 things to know about the intersection of blockchain technology, open sourc...Kyiv National Economic University
 
Copyright or Copy left by manoranjan, glc, tvpm
Copyright or Copy left by manoranjan, glc, tvpmCopyright or Copy left by manoranjan, glc, tvpm
Copyright or Copy left by manoranjan, glc, tvpmAdvocate
 
Exploring Open Source Licensing
Exploring Open Source LicensingExploring Open Source Licensing
Exploring Open Source LicensingStefano Fago
 
Ethical Considerations in Open-Source Software Usage
Ethical Considerations in Open-Source Software UsageEthical Considerations in Open-Source Software Usage
Ethical Considerations in Open-Source Software Usageepidemicaa
 
Open Source Presentation To Portal Partners2
Open Source Presentation To Portal Partners2Open Source Presentation To Portal Partners2
Open Source Presentation To Portal Partners2Viet NguyenHoang
 
Foss Licencing
Foss LicencingFoss Licencing
Foss LicencingFITT
 
The social and ethical issues of sdd
The social and ethical issues of sddThe social and ethical issues of sdd
The social and ethical issues of sddsarthakgarg97
 
Introduction to Open Source License and Business Model
Introduction to Open Source License and Business ModelIntroduction to Open Source License and Business Model
Introduction to Open Source License and Business ModelMohd Izhar Firdaus Ismail
 
Introduction to Software Licensing
Introduction to Software LicensingIntroduction to Software Licensing
Introduction to Software Licensingtravellingpolander
 
A Qualitative Study On The Adoption Of Copyright Assignment Agreements (CAA) ...
A Qualitative Study On The Adoption Of Copyright Assignment Agreements (CAA) ...A Qualitative Study On The Adoption Of Copyright Assignment Agreements (CAA) ...
A Qualitative Study On The Adoption Of Copyright Assignment Agreements (CAA) ...Addison Coleman
 
Open Source Developer by Binary Semantics
Open Source Developer by Binary SemanticsOpen Source Developer by Binary Semantics
Open Source Developer by Binary SemanticsBinary Semantics
 
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?Jennifer O'Neill
 
Opensource Powerpoint Review.Ppt
Opensource Powerpoint Review.PptOpensource Powerpoint Review.Ppt
Opensource Powerpoint Review.PptViet NguyenHoang
 
opensource_powerpoint_review
opensource_powerpoint_reviewopensource_powerpoint_review
opensource_powerpoint_reviewwebuploader
 

Similar to Should Orgs Care About GPL Compliance (20)

Essay #2 ethical considerations
Essay #2 ethical considerationsEssay #2 ethical considerations
Essay #2 ethical considerations
 
Essay #2 ethical considerations
Essay #2 ethical considerationsEssay #2 ethical considerations
Essay #2 ethical considerations
 
Ethical consideration in open source software
Ethical consideration in open source softwareEthical consideration in open source software
Ethical consideration in open source software
 
Ethical consideration in open source software
Ethical consideration in open source softwareEthical consideration in open source software
Ethical consideration in open source software
 
Legitimacy of Open Source Softwares
Legitimacy of Open Source SoftwaresLegitimacy of Open Source Softwares
Legitimacy of Open Source Softwares
 
10 things to know about the intersection of blockchain technology, open sourc...
10 things to know about the intersection of blockchain technology, open sourc...10 things to know about the intersection of blockchain technology, open sourc...
10 things to know about the intersection of blockchain technology, open sourc...
 
Copyright or Copy left by manoranjan, glc, tvpm
Copyright or Copy left by manoranjan, glc, tvpmCopyright or Copy left by manoranjan, glc, tvpm
Copyright or Copy left by manoranjan, glc, tvpm
 
Exploring Open Source Licensing
Exploring Open Source LicensingExploring Open Source Licensing
Exploring Open Source Licensing
 
Ethical Considerations in Open-Source Software Usage
Ethical Considerations in Open-Source Software UsageEthical Considerations in Open-Source Software Usage
Ethical Considerations in Open-Source Software Usage
 
Open Source Presentation To Portal Partners2
Open Source Presentation To Portal Partners2Open Source Presentation To Portal Partners2
Open Source Presentation To Portal Partners2
 
Foss Licencing
Foss LicencingFoss Licencing
Foss Licencing
 
The social and ethical issues of sdd
The social and ethical issues of sddThe social and ethical issues of sdd
The social and ethical issues of sdd
 
Introduction to Open Source License and Business Model
Introduction to Open Source License and Business ModelIntroduction to Open Source License and Business Model
Introduction to Open Source License and Business Model
 
Introduction to Software Licensing
Introduction to Software LicensingIntroduction to Software Licensing
Introduction to Software Licensing
 
A Qualitative Study On The Adoption Of Copyright Assignment Agreements (CAA) ...
A Qualitative Study On The Adoption Of Copyright Assignment Agreements (CAA) ...A Qualitative Study On The Adoption Of Copyright Assignment Agreements (CAA) ...
A Qualitative Study On The Adoption Of Copyright Assignment Agreements (CAA) ...
 
Open Source Developer by Binary Semantics
Open Source Developer by Binary SemanticsOpen Source Developer by Binary Semantics
Open Source Developer by Binary Semantics
 
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?
 
1 Open Source Business
1 Open Source Business1 Open Source Business
1 Open Source Business
 
Opensource Powerpoint Review.Ppt
Opensource Powerpoint Review.PptOpensource Powerpoint Review.Ppt
Opensource Powerpoint Review.Ppt
 
opensource_powerpoint_review
opensource_powerpoint_reviewopensource_powerpoint_review
opensource_powerpoint_review
 

More from Source Code Control Limited

OpenUK A4 x 8pp Re-use Principles June 2016 FINAL
OpenUK A4 x 8pp Re-use Principles June 2016 FINALOpenUK A4 x 8pp Re-use Principles June 2016 FINAL
OpenUK A4 x 8pp Re-use Principles June 2016 FINALSource Code Control Limited
 
DevOps and Open Source Software Continuous Compliance
DevOps and Open Source Software Continuous ComplianceDevOps and Open Source Software Continuous Compliance
DevOps and Open Source Software Continuous ComplianceSource Code Control Limited
 
Venture Capitalists Tech Investment Hidden Risks
Venture Capitalists Tech Investment Hidden RisksVenture Capitalists Tech Investment Hidden Risks
Venture Capitalists Tech Investment Hidden RisksSource Code Control Limited
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSource Code Control Limited
 
Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Source Code Control Limited
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskSource Code Control Limited
 

More from Source Code Control Limited (7)

OpenUK A4 x 8pp Re-use Principles June 2016 FINAL
OpenUK A4 x 8pp Re-use Principles June 2016 FINALOpenUK A4 x 8pp Re-use Principles June 2016 FINAL
OpenUK A4 x 8pp Re-use Principles June 2016 FINAL
 
DevOps and Open Source Software Continuous Compliance
DevOps and Open Source Software Continuous ComplianceDevOps and Open Source Software Continuous Compliance
DevOps and Open Source Software Continuous Compliance
 
Venture Capitalists Tech Investment Hidden Risks
Venture Capitalists Tech Investment Hidden RisksVenture Capitalists Tech Investment Hidden Risks
Venture Capitalists Tech Investment Hidden Risks
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoT
 
Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations?
 
e-HealthWhitepaper
e-HealthWhitepapere-HealthWhitepaper
e-HealthWhitepaper
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the Risk
 

Recently uploaded

(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 

Recently uploaded (20)

(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 

Should Orgs Care About GPL Compliance

  • 1. Open Source Software GPL Compliance – Should Organisations Care? Open Source Licence Licensing Principles There are numerous Open Source Software (OSS) licences available today. These licences generally fall into one of two categories, Permissive licences which allow the software to be reused in any project as long as obligations of the licences are met or Copyleft. Licences which require derivatives of the software to be licensed on the same terms. There are a number of Copyleft licences but the primary copyleft licence is the GNU General Public License (GPL). There are a number of GPL versions and editions such as GPLv2, GPLv3, LGP and AGPL. The aim of Copyleft licensing is to provide a framework that allow ongoing sharing of a published work with clear permissions that grant and defend its users’ freedoms. These freedoms are:  The freedom to run the program, for any purpose.  The freedom to study how the program works, and modify it  The freedom to redistribute copies.  The freedom to distribute copies of modified versions to others Copyleft is a strategy to leverage copyright law to ensure these freedoms are maintained even in derivative works. Copyleft enables licensors to achieve legal protection for free sharing. So Copyleft is a legal strategy to defend, uphold and propagate software freedom. Open Source Software Compliance Open Source Software is being broadly adopted in organisations via many routes such as internally developed code (many companies are creating their own apps), reused/third party code from sites such as Github and Nuget, and outsourced code. The rate of adoption of OSS is being driven by technology benefits and business’ processes for managing business risk lags behind. Organisations that are risk averse and/or regulated such as finance, health will have Open Source policies in place to manage licence compliance of Open Source Software Other organisations from a business level perspective either are oblivious to the licence compliance risks or decide the cost of managing the actual risk therefore deem compliance management as an unnecessary or low priority investment. It is quite common to hear the statement “well who will enforce compliance” There are two organisations today that lead efforts globally to ensure compliance with GPL family of licences, they are the Free Software Foundation (FSF) and Software Freedom Conservancy The FSF began copyleft enforcement in the 1980s, and Conservancy has enforced the GPL for many of its member projects since its founding nearly a decade ago. An example case would be the suit against Cisco more details of which can be found here. The FSF holds the copyright to many GNU packages and although they can only enforce the licences on works to which they hold the copyright they can and do assists with enforcement elsewhere. In the world of proprietary software copyright holders seek monetary damages when their licence is violated for example the work undertaken by the Business Software Alliance whereas the goal of the
  • 2. Free Software Foundation is a desire for violators to become compliance and repair any harm to the free software community. The FSF receive numerous violation reports each month via license-violation@gnu.org . The FSF Licensing Compliance Lab will follow a process of: 1. Investigate and validate a violation has happened. 2. Inform the violating party they are in violation of the GPL and they have lost their right to distribute the software in question. 3. Enter into a discussion to resolve the issue – Generally the issue is down to a lack of knowledge or understanding and are easily resolved. 4. If it is not a straightforward resolution the FSF has access to legal counsel and resources from the Software Freedom Law Center. Naturally however straightforward the issue reacting to this situation will be disruptive, time consuming and potentially costly. How to manage Open Source GPL Compliance To help guide end users, modifiers and redistributors of Open Source Software on software compliance issues and to help ensure enforcement work is undertaken in a community oriented fashion the FSF and Free Software Conservancy have issued a statement of principle which are summarised below The primary goal in GPL enforcement is to bring about GPL compliance Copyleft's overarching policy goal is to make respect of users' freedoms the norm. The FSF designed the GNU GPL's text towards this end. Copyleft enforcement done in this spirit focuses on stopping incorrect distribution, encouraging corrected distribution, and addressing damage done to the community and users by the past violation. Addressing past damage often includes steps to notify those who have already received the software how they can also obtain its source code, and to explain the scope of their related rights. No other ancillary goals should supersede full compliance with the GPL and respect for users' freedoms to copy, share, modify and redistribute the software. Legal action is a last resort. Most GPL violations occur by mistake, without ill will. Copyleft enforcement should assist these distributors to become helpful participants in the free software projects on which they rely. Occasionally, violations are intentional or the result of severe negligence, and there is no duty to be empathetic in those cases. Even then, a lawsuit is a last resort; mutually agreed terms that fix (or at least cease) further distribution and address damage already done are much better than a battle in court. Confidentiality can increase receptiveness and responsiveness Supporters of software freedom rightly view confidentiality agreements with distrust, and prefer public discussions. However, in compliance work, initiating and continuing discussions in private demonstrates good faith, provides an opportunity to teach compliance without fear of public
  • 3. reprisal, and offers a chance to fix honest mistakes. Enforcement actions that begin with public accusations are much more likely to end in costly and lengthy lawsuits, and less likely to achieve the primary goal of coming into compliance. Accordingly, enforcers should, even if reluctantly, offer confidentiality as a term of settlement. If it becomes apparent that the company is misusing good faith confidentiality to cover inaction and unresponsiveness, the problems may be publicized, after ample warning. Community-oriented enforcement must never prioritise financial gain Financial penalties are a legitimate tool to achieve compliance when used judiciously. Logically, if the only penalty for violation is simply compliance with the original rules, bad actors will just wait for an enforcement action before even reading the GPL. That social model for copyleft and its enforcement is untenable and unsustainable. An enforcement system without a financial penalty favours bad actors over good ones, since the latter bear the minimal (but non-trivial) staffing cost of compliant distribution while the former avoid it. Copyright holders (or their designated agent) therefore are reasonable to request compensation for the cost of their time providing the compliance education that accompanies any constructive enforcement action. Nevertheless, pursuing damages to the full extent allowed by copyright law is usually unnecessary, and can in some cases work against the purpose of copyleft. Community-oriented compliance work does not request nor accept payment to overlook problems Community-oriented enforcement cannot accept payments in exchange for ignoring a violation or accepting incomplete solutions to identified compliance problems. Ideally, copyright holders should refuse any payment entirely until the distributor repairs the past violation and commits formally (in writing) to plans for future compliance. Community-oriented compliance work starts with carefully verifying violations and finishes only after a comprehensive analysis This means fully checking reports and confirming violations before accusing an entity of violating the GPL. Then, all of the relevant software should be examined to ensure any compliance problems, beyond those identified in initial reports and those relating to any clauses of the relevant licenses, are raised and fixed. This is important so that the dialogue ends with reasonable assurance for both sides that additional violations are not waiting to be discovered. (Good examples of compliance already exist to help distributors understand their obligations.) Community-oriented compliance processes should extend the benefit of GPLv3-like termination, even for GPLv2-only works GPLv2 terminates all copyright permissions at the moment of violation, and that termination is permanent. GPLv3's termination provision allows first-time violators automatic restoration of distribution rights when they correct the violation promptly, and gives the violator a precise list of copyright holders whose forgiveness it needs. GPLv3's collaborative spirit regarding termination reflects a commitment to and hope for future cooperation and collaboration. It's a good idea to follow this approach in compliance situations stemming from honest mistakes, even when the violations are on works under GPLv2.
  • 4. Conclusion Organisations should fully understand the business risk associated with licence compliance of free and Open Source Software. If organisations are unclear of what if any open source software is in their organisations then undertake a software review. This should include in house developed software, third party developed applications and packaged applications from independent software vendors which unclear licensing terms. Once there is clarity of the use of Open Source Software then organisations should define an Open Source Policy which should be implemented through a combination of education and enforcement through a continuous compliance program.