I am all for OSS, but I do kind of understand where McAfee is coming from. At my current employer, I had to work with some lawyers to certify a product complied with all the OSS licenses included in the product. There are terms in the GPL and LGPL that are not clearly defined. The term derivative work is less controversial, at least in my dealings with the GPL/LGPL. With that said, there is still a lot of open discussion. For example, does a kernel module that I insmod into the kernel have to comply with the GPL. Some lawyers call this a derivative work and require the module to comply with the GPL, others don't (e.g. ATI and nVidia).
The term that we had the most trouble with was distribution. When do the terms of the license apply? Our lawyers defined it as any time a contractor or third party works on the product/source. Therefore, we had to verify compliance if we gave a product to a customer to test. We also had to certify compliance (i.e. general source code, etc.) if we had a contractor work on the product. Other lawyers argued that a distribution requires sales or transfer of ownership. I would argue that this is not clear in the license.
We also wanted to provide our customers with a support/test box running Ubuntu Linux. We ended up not being able to do this because we could not certify that the entire Ubuntu distribution complied with all the OSS licenses and by providing Linux box we would be distributing Ubuntu Linux (and therefore must comply with all the terms of all the licenses). One could say that the Ubuntu web site is taking care of all of this. We couldn't be completely sure of this.
Finally, we ran into some issue with things we tried to use were dual licensed. For example, what does one need to do to support both the BSD and GPL license? Or what about GPL and Apache? These are not as trivial as one may think.
Now, I am all for open code and complying with the terms, but there is valid confusion in some of the license terms. I can understand the statement of risk because I like to think we complied with all the terms of the OSS licenses we used (There were 16 different licenses in our product.), I can't be 100% sure.
Just my two cents. Perhaps we overcomplicated things, but this is just my experience.
I thought that if you wanted to enforce a patent, you needed to do it in every situation or not at all. Couldn't the companies being sued just argue that since they are not going after Amazon, Ebay, etc, they can not enforce the patent?
Correct me if I am wrong, but doesn't the DMCA help here. I thought that the DMCA stated that it was against the law for a person to decrypt something that was not intended for them. Couldn't an argument be made that the HTTP requests are encoded using an extremely week encryption algorithm called ASCII, a symmetric key algorithm that maps a byte to a character?
Slashdot Mirror
I am all for OSS, but I do kind of understand where McAfee is coming from. At my current employer, I had to work with some lawyers to certify a product complied with all the OSS licenses included in the product. There are terms in the GPL and LGPL that are not clearly defined. The term derivative work is less controversial, at least in my dealings with the GPL/LGPL. With that said, there is still a lot of open discussion. For example, does a kernel module that I insmod into the kernel have to comply with the GPL. Some lawyers call this a derivative work and require the module to comply with the GPL, others don't (e.g. ATI and nVidia).
The term that we had the most trouble with was distribution. When do the terms of the license apply? Our lawyers defined it as any time a contractor or third party works on the product/source. Therefore, we had to verify compliance if we gave a product to a customer to test. We also had to certify compliance (i.e. general source code, etc.) if we had a contractor work on the product. Other lawyers argued that a distribution requires sales or transfer of ownership. I would argue that this is not clear in the license.
We also wanted to provide our customers with a support/test box running Ubuntu Linux. We ended up not being able to do this because we could not certify that the entire Ubuntu distribution complied with all the OSS licenses and by providing Linux box we would be distributing Ubuntu Linux (and therefore must comply with all the terms of all the licenses). One could say that the Ubuntu web site is taking care of all of this. We couldn't be completely sure of this.
Finally, we ran into some issue with things we tried to use were dual licensed. For example, what does one need to do to support both the BSD and GPL license? Or what about GPL and Apache? These are not as trivial as one may think.
Now, I am all for open code and complying with the terms, but there is valid confusion in some of the license terms. I can understand the statement of risk because I like to think we complied with all the terms of the OSS licenses we used (There were 16 different licenses in our product.), I can't be 100% sure.
Just my two cents. Perhaps we overcomplicated things, but this is just my experience.
I thought that if you wanted to enforce a patent, you needed to do it in every situation or not at all. Couldn't the companies being sued just argue that since they are not going after Amazon, Ebay, etc, they can not enforce the patent?
Correct me if I am wrong, but doesn't the DMCA help here. I thought that the DMCA stated that it was against the law for a person to decrypt something that was not intended for them. Couldn't an argument be made that the HTTP requests are encoded using an extremely week encryption algorithm called ASCII, a symmetric key algorithm that maps a byte to a character?