Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

'Infectious' Open Source Software?

Posted by ScuttleMonkey on Wed Mar 01, 2006 08:36 AM
from the spreading-the-infection dept.
Software Businesses
Gavo writes "Law firm Chapmann Tripp advises New Zealand State Services Commission that the New Zealand Government should be wary of using 'infectious' open source software. They claim 'While the use of open source software has many benefits, it brings with it a number of legal risks not posed by proprietary or commercial software.'"
+ -
story

Related Stories

[+] Slashback: Sony Blu-Ray, Phone Records, Korean Cloners 158 comments
Slashdot tonight brings some corrections, clarifications, and updates to previous Slashdot stories, including a few thoughts on the McKinnon situation, New Zealand revises their views on OSS, Korean cloners facing possible jail time, the fight for .xxx continues, more details on Diebold problems, the Supreme Court sides with eBay, AT&T denied a closed hearing, and Sony's Blu-Ray demo on the level. -- Read on for details.
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

'Infectious' Open Source Software? 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.
  • The only legal risks are patent issues, which, I don't think they have in New Zealand. Otherwise, most FOSS software licenses don't kick in unless you redistribute the software. So long as the NZ authorities aren't modifying the code, they'll be fine.
    • So long as the NZ authorities aren't modifying the code, they'll be fine.

      So long as they aren't modifying and (as you did mention) the code. They can can modify it as much as they want and not have to release their source code if they just use it internally.

    • Even more fun when you compare to proprietary (Score:2, Interesting)

      by Anonymous Coward
      Otherwise, most FOSS software licenses don't kick in unless you redistribute the software.

      And it gets even more fun when you compare the F/OSS licenses with the common proprietary ones. When our company decided Legal needed to review any F/OSS license used here, I got them to agree to do the same level of review on the proprietary licenses. Not surprisingly, there were *way* more proprietary licenses (the original concern was too many licenses), and the proprietary ones had way more questionable terms t

    • Actually, copyright would be a potential risk as well.

      Ofcourse, commercial software is just as vulnerable to patent/copyright infringements as well, and so are it's users since most commercial software includes disclaimers.

      The only way a commercial package may be better protected is by "obfuscation"; you can't check the source to see if they stole your code. As such an open source package might be better, since you atleast can verify it's code.
      • Ofcourse, commercial software is just as vulnerable to patent/copyright infringements as well, and so are it's users since most commercial software includes disclaimers.

        The GPL also contains such disclaimers; it's extremely rare that a software licence doesn't.
    • Those aren't the only risks. The guy in New Zealand is being pretty alarmist in the way he puts things, but is right in at least one respect: If you use Open Source software as part of your own products, be aware of what the license says so you can make an informed decision on whether you're going to be able to use it in the way you want.

      I have to say "infectious" is a bit over the top. He probably only did that to get people to talk about it....and well, here we are.
      • If you use Open Source software as part of your own products

        Whereas, of course, you can legally use closed source a part of your own products all you want.

  • Lawyers are parasites, empowering them expose you to number of legal risks.

    Much better.
  • From TFA: "Exposure to faults and intellectual property claims.
    Relevant to all open source use.

    Disclosure of confidential code/ No rights to use.
    Relevant where software has been infected by an open source licence."

    They talk about it like there aren't IP claims with proprietary source code. I would argue that these "legal issues" are in fact features of open source that are hampered generally in commercial closed-source software. Closed source tends to have more of the issues above by defau
  • "We've noticed a substantial drop in the amount of EULA's being drafted, as well as an air of goodwill and cheer creeping into the normally sour and beligerent computer software industry, leading naturally to a decrease in important economy stimulating litigation.

    Time to break out the FUD cakes!"

  • Of course .... (Score:3, Interesting)

    by tinkerghost (944862) on Wednesday March 01 2006, @08:44AM (#14825837) Homepage
    There's more risk of OSS being called on IP violations. YOU CAN SEE THE CODE!!!!!!!!
    MS has been sued how many times now for IP violations? - and that's with people having to either "steal" the code or sue to see it.
    Unfortunately, I do see more IP challenges to OSS in the future. On the up side I also see those challenges being handled by the OSS community with rapid patches to remove the problem - unless it's something like BT sueing over links.

  • Infectious! (Score:3, Funny)

    by Rob T Firefly (844560) on Wednesday March 01 2006, @08:46AM (#14825840) Homepage Journal
    It's all true!! I set up one little Linux box, and the next morning my phone, toaster, and kitchen sink were all being freely updated and improved by thousands of collaborators all over the world! Insidious stuff, that open-source.

  • Recommended Daily Allowance of FUD (Score:3, Insightful)

    by Antique Geekmeister (740220) on Wednesday March 01 2006, @08:47AM (#14825849)
    The entire slant of the document is incorrect. There are certainly concerns with the open source licenses, especially for someone unfamiliar with them who is used to using proprietary software, tweaking it, and reselling without every publishing the modifications to their clients or to the authors.

    But the use of closed source and proprietary software has a generally greater risk due to risk of copyright violation and patent violation and user agreement violation. Simply reverse-engineering a proprietary protocol in order to get your work done or to fix a serious issue in closed source software can cause serious legal problems which are often far greater, even though they are more familiar. And the closed source tools are far more likely to contain backdoors or to have vital features discarded in new revisions, forcing a painful and expensive upgrade process for both software and its configurations to the new setups, or to simply be discarded and the data or tools permanently lost to users.

    The shutdown of companies or their abandonment of products is a real problem in the closed source world.

  • Nothing but the usual FUD (Score:3, Interesting)

    by KiloByte (825081) on Wednesday March 01 2006, @08:47AM (#14825850)
    an increased risk of exposure to faults
    More public review, code that tends to be of higher quality, and the ability to fix problems yourself

    intellectual property claims
    And since when proprietary software was free from litigation?

    the risk of forced disclosure of confidential code
    "confidential code" -- whose? If yours, you wouldn't even be able to put it there otherwise. And someone has to reread the GPL again -- no one says the gov agency in question has to distribute any source of things they use internally. If the agency in question releases some software itself -- that "confidential code" will be disclosed anyway, just in a form that is harder to read. Back in the days, I learned how to program a particular SVGA chipset by debugging through BIOS code, and my asm skills are low -- are you going to tell me that if the "confidential code" has any real value, no one will get to it anyway?
    • And someone has to reread the GPL again -- no one says the gov agency in question has to distribute any source of things they use internally.

      Well, as I read the GPL, if said government agency creates a GPLed tool and distributes it internally, then they must also make the source available internally; I see no exceptions allowing you to not provide source to employees on demand. I also see no exceptions allowing you to require that said receiving employees do not distribute the code outside of the agency.

      So

  • Sigh. Another one. (Score:5, Insightful)

    by jimicus (737525) on Wednesday March 01 2006, @08:47AM (#14825854) Homepage
    It's not FUD, it is simply "OSS for the uninitiated - be warned that if you're developing software, you might want to actually read the license of anything else you or your contractors plan to use rather than just ignoring it like you usually do". The general tone is "You can use OSS, but be careful".

    It's not terribly well written, mainly because it seems to add a load of guff to licenses which are by and large pretty easy to read. And it uses some contentious terminology which is likely to cause concern. ("Infectious", anyone?)

    Doubtless a whole boatload of slashbots who didn't RTFA will be a long in a moment to say "yeah but no but it's microsoft FUD ignore it don't give it publicity etc etc" - I'm not going to debate that one. I actually think it's more likely to be an attempt on the part of the law firm to drum up a bit of business. Something along the lines of "Now you've read this article, contact us for further advice!"
    • slashbots who didn't RTFA will be a long in a moment to say "yeah but no but it's microsoft FUD ignore it don't give it publicity etc etc" - I'm not going to debate that one. I actually think it's more likely to be an attempt on the part of the law firm to drum up a bit of business. Something along the lines of "Now you've read this article, contact us for further advice!"

      So in other words, it's FUD but not from Microsoft? It really shouldn't be rocket science to figure it out if only someone reads it - or

    • I actually think it's more likely to be an attempt on the part of the law firm to drum up a bit of business.

      It was prepared by the State Services Commission [ssc.govt.nz] and therefore presumably carries a stronger imprimatur than if it were just some private law firm making this analysis.

      Then again, IANAK (I Am Not A Kiwi [wikipedia.org]), so I may be giving this agency more credit than it is due...

    • It's not FUD, it is simply "OSS for the uninitiated - be warned that if you're developing software, you might want to actually read the license of anything else you or your contractors plan to use rather than just ignoring it like you usually do". The general tone is "You can use OSS, but be careful".

      Yes, the actual content is reasonable and sensible. It even specifically identifies the GPL as an appropriate license that has been approved for use in the case where software will either only be distributed i
      • Replying to myself, but the content really isn't as great as I thought it would be from the executive summary section.

        For example, they assert that the output of GPL programs will be covered by the GPL - a point of view expressedly disavowed by most legal experts and by the authors of the GPL itself! I quote:

        The GPL expressly provides that software compiled with the GNU Compiler Collection (GCC) is not infected by the GPL. Presumably the Free Software Foundation considers other GPL compilers will infect th
    • I read it. The FUD is both explicit and implicit. The failure to compare the copyright or patent violation risks of open source software to those of closed source software, where the intellectual property you may be duplicating accidentally is invisible to you, is an implicit FUD. And the indemnification clause is an explicit FUD, since the resolution to most open source copyright violations is simply to publish your modifications to your clients.

      The person who wrote this has clearly never examined the his
    • Repeat after me, Jimicus:
      1. FOSS licenses are less restrictive than non free licenses in every way.
      2. FOSS is easier to acquire, own, and develop than non free.
      3. The only unique legal issue regarding the use of free software is one dead lawsuit from SCO that was funded by Microsoft.
      4. All software has problems with faults but Microsoft is by far the worst.
      5. All software is threatened by bogus "IP" claims as anyone with a Blackberry can tell you.

      That six chapters of nonsense is not worth reading. It's full of th

  • What a bunch of baloney. What's this about "risk of forced disclosure of confidential code"? Risk makes it sound like it is some kind of roll of the dice thing where if you're unlucky, and you get busted, you have to disclose the code.

    How about "agencies should read the licence agreement and abide by it whether open source or not"?

    And what about "include an increased risk of exposure to faults". Is that supposed to mean open source has a higher "risk" (there's that word again) of faults, because it is bad q
    • No-ones ever, AFAIK, forced a company to disclose its own code. They've all been given the choice of rewriting without the GPLed code or disclosing.

      "First think we do, let's kill all the lawyers" especially ones who can't read, don't understand, and use FUD to get business.

      Justin.

  • It's not as though Chapman Tripp could have been unapprised of how utterly stupid their claims are -- Simpson Grierson tried this FUD on a year or so ago, as well: (see The Fud Buster pages of the New Zealand Open Source Society. )

    I hope the New Zealand Serious Fraud Office goes after Chapman Tripp's spreading such lies which bring tangible monetary injury to the New Zealand Open Source community, measurable every time we hear a prospect repeat the utter and unadulterated and deliberate bullshit th

  • It seems that after recent press coverage, that legal staff around the world are trying to cover business risks. Obviously the marketing machines of the software industry are zooming in on some of the mistakes bussiness have made when using f.i. GPL software.
    • the marketing machines of the software industry are zooming in on some of the mistakes bussiness have made when using f.i. GPL software


      Any smart software consumer should "zoom in on" the fact that Monoposoft Office (a.k.a. The Enterprise Ready Virus-Development Environment) has cost the entire PLANET billions of dollars in downtime and that over 99% of all viruses are M-Windows viruses.

      There is no mistake so dear as using Monoposoft products.
  • From TFA:

    * "Infectious" nature: Many open source licences are "infectious", meaning that the original open source licence may apply to:
    (a) the original software if re-distributed
    (b) any modification of the original software if redistributed
    (c) software containing or integrated with the original software, if redistributed
    (d) software used in conjunction with the original software to provide a web based service.

    Correct me if I'm wrong, but I don't know any OSI licenses that enforce (d). See

  • How many people and/or companies have been sued for just using F/OSS? I don't know of any. BTW: all the scox-scam lawsuits are over bogus contract violation. Scox has not sued anybody for just using Linux.

    Innocent parties have been sued for using proprietary software. The msft/time-line case is one example. How many people have been harassed, or fined, by the BSA, because they couldn't find their certificate of ownership?

    These articles always assert that F/OSS is a legal minefield, whereas proprietary is co

  • RTF Document (Score:5, Informative)

    by KingSkippus (799657) * on Wednesday March 01 2006, @08:59AM (#14825923) Homepage Journal

    Read the actual document [e.govt.nz], not just the summary. The actual document isn't that bad.

    The stuff inside isn't that big a secret to most folks. It mainly boils down to, "Using open source software under licenses we've reviewed is okay, but be careful if you're developing code using open source software that we don't want released to the masses, because under some licenses, we may be obligated to."

    In fact, this document is probably a good thing, in spite of a somewhat badly written summary. Check out Chapter 2 [e.govt.nz]:

    (a) Only use open source licences that have been legally reviewed, including the GPL, LGPL, CAL, MBSD, MIT, which have been reviewed and are recommended by SSC for use in accordance with this guide.
    (b) Obtain performance and intellectual property warranties from the supplier of the open source software, where appropriate and available.

    This only makes sense. I can't imagine anyone disagreeing, saying that you should use software with a license we're not familiar with, or to disregard the IP of open source authors.

    Also, look just below it. It says that for software development that is for open distribution, it's okay to use open source software. For software that is for limited or closed distribution, don't. Is this new? Am I missing something? If anything, people who are interested in open source software can look at this document as permission to go forward, not as a hinderance!

    I mean, I realize that the words "infectious" has negative connotations, but I just don't see this document in and of itself as a bad thing. And even though I'm a strong FOSS advocate, the stuff that's in there is stuff that I would recommend to any company, government or organization to consider in their decision whether to use closed- or open source software.

    • Re:RTF Document (Score:5, Insightful)

      by bani (467531) on Friday March 03 2006, @03:03AM (#14841245)
      I mean, I realize that the words "infectious" has negative connotations, but I just don't see this document in and of itself as a bad thing.

      You might think that, with your head screwed on properly. However the pointy hairs who read this document are going to go apeshit when they read the emotional words "infectious" and "quarantine".

      This document is written for pointy hairs, not engineers. It's designed to scare them into submission, make them freak out and think that open source is going to steal all their company patents, intellectual propery, their baby, and kick their dog too.
  • No offense, but these countries are not exactly international economic power-houses.

    It has often surprised me how much of the F/OSS v proprietary battle goes on over there.

  • Good Point (Score:3, Interesting)

    by 4of12 (97621) on Wednesday March 01 2006, @09:08AM (#14825975) Homepage Journal

    Legal risks with using software are a real issue in our world.

    That's why it would be in the best interests of all computer users and IT decision makers to explore the issue fully, to look closely at what kinds of risks exist, what kinds of risks tend to occur most often in the real world and what their consequences are.

    My experience has been that folks using proprietary software are frequently in the position of bending over backwards (particularly in a large corporate or government environment) to make sure that they have licenses for every piece of software that their employees are running on the their PCs. The IT folks spend some serious time auditing to avoid the even larger risk of a BSA audit.

    As for legal risks associated with open source software I have yet to encounter any. All I've seen are press reports of legal actions that show no outcome but to prove they were based on frivolous premises and some PR statements talking about legal indemnification which are excellent marketing strategies for certain vendors of proprietary software keenly afraid of their revenue stream becoming commoditised by free and open source software. About the only genuine risk I've seen with FOSS is for developers that disobey the "Share and share alike" GPL by releasing modified binaries without releasing modified source.

    Perhaps I'm missing a serious issue and these folks could show some evidence of real people and real companies that have experienced harm due to lack of vigilance concerning the legal risks of FOSS. And they could explain why my personal experience doesn't reflect reality of serious legal risks with hard statistics concerning how much time and money are lost to risk mitigation and handling legal mishaps with users of FOSS compared to users of proprietary software.

  • part of the problem is that people just talk about Free software and open source software as if they are all under the same licence. I think the guy is right in saying that you need to becareful. Consider the fate of a person who thinks he is using a BSD licenced app as a base for his own stuff only to reliaze it is GPL. Sure they are both open source and financially free, but you are not as free to do what you want with it under the GPL as you are with the BSD licence. It gets even more complicated when y
  • My understanding of the GPL was that basically you couldn't plan to distribute just an executable binary. That the person who the software is distributed too can also get the source.

    Now if the government is producing code based on GPL products, then typically they will be the only customer. The only one the code would be distributed to would be the NZ goverment itself. So the government would be the only customer that could ask for the source code.

    Its going to worry about asking itself?

    Just don't ask. T
  • Let me guess... (peers into crystal ball)... Oh yeah, that law firm represented Microsoft in New Zealand [chapmantripp.co.nz]. They even cite Intellectual Property as one of their area of expertise.

    Case closed. Move along, folks, nothing to see here.

  • Regardless of risks of actual litigation and those idiotic software patents (doesn't even apply in NZ), the likelihood that there is copyrighted code in a proprietary application is higher than in an open source one.

    Copyrighted code in a closed source app will be far less conspicuous than in an open source app, and therefore the programmer is more likely to think "well, no one will notice, anyway." In open source apps, the risk of being caught is so much higher, and therefore it's more likely to be free o

  • > While the use of open source software has many benefits, it brings with it a number of legal risks not posed by proprietary or commercial software.

    [F]OSS operates under the same laws as commercial software, and with the possible rare exception gives you more usage rights than commercial software. There shouldn't be any legal problem per se.

    However, there is the social problem of people thinking that free(beer) means they can do whatever they want with it, which often isn't the case.

    Teach your employees

    • Re:and GPL v3 makes this problem worse (Score:5, Insightful)

      by meringuoid (568297) on Wednesday March 01 2006, @09:08AM (#14825973)
      For companies that do not want their source code plastered all over the internet, avoiding GPL'd software just makes good sense.

      Ehh... sort of. You can still use open-source software: you can develop in emacs on GNU/Linux and write up all the documentation using LyX or OpenOffice or whatever. As long as your product is all your own work that's fine. It's when you start shipping, say... an Integrated Firewall Solution that happens to run on a modified Linux kernel that you might run into GPL issues.

      That's the quarrel we generally have with this kind of article: it can confuse the issue between use of GPL software - which you can do freely, even if you don't accept the terms of the GPL itself - and redistribution of GPL software or derived works, which is just plain illegal under standard copyright law unless you do so under the terms of the GPL.

    • Some people just prefer the old business model, y'know?

      Yes, of course they do. It's called Stockholm Syndrome [wikipedia.org].

      The GPL does not expose a company's source code to competitors unless they choose to incorporate GPL code into their own. This is a choice, a conscious decision. It's a decision you don't even have with proprietary closed-source software.

      To claim GPL'd code is somehow inferior to closed-source commercial software because of this is laughable. Simply laughable.

      You can make all kinds of flame argument
      • And judging from my own experience of both proprietary and FLOSS development, I can say that I hit back doors of all kinds in proprietary software much more often. Normally they are disable for the releases, but it happens sometimes to release piece of software with backdoor enabled.

        Story about "Netscape Engineers Are Weenies" backdoor of M$' FrontPage got quite much publicity.

        As to add to FLOSS fame, the first computer worm ever used sendmail backdoor normally provisioned for debugging purposes solely.

        IOW,

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.