Outsource Software Development and Open Source: Coming of Age in the 2000s
暂无分享,去创建一个
Abstract This article gives a brief overview of certain issues that outsource development service providers should consider to ensure open source software license compliance. Among other topics, this article considers various types of licenses, development tools, and addresses the "developer problem." I. INTRODUCTION First they ignore you, then they laugh at you, then they fight you, then you win. --Mohandas Gandhi The non-violent revolution of open source software, which has been re-working the world's software licensing landscape for the last 15 years, is on the cusp of maturity. It is fitting that Gandhi's famous quotation so accurately describes the adoption of open source by the technology industry, (1) because outsource software development providers, particularly in emerging economies like India, China, and Eastern Europe, are quickly internalizing the U.S. software industry's best practices for dealing with open source legal risks. By all indications, open source is somewhere between the fighting stage and the winning stage. Certainly, it is no longer ignored; in the United States, conferences on open source and open source licensing are ubiquitous. Steve Ballmer's infamous description of free software as "communist" (2) is already eight years in the past. At this point, best practices in the technology sector include policies and procedures for vetting the inclusion of open source software in commercial products. (3) Some companies, particularly in the United States, have become quite sophisticated in this regard. However, communicating software development standards to outsource providers is difficult in the best case--facing, as it does, the challenges of translation errors and cultural disconnects. When it comes to open source, this is even more difficult, because outsource providers are being required to come up to speed quickly to follow U.S.-driven policies. U.S. companies have developed best practices to inoculate their products against open source licensing risks gradually and organically. Now, outsource providers are being tasked with following policies that differ from client to client, and add significant overhead to software development activity. So now, in the late 2000s, outsource providers are scrambling to meet their clients' requirements for best development practices relating to open source. But those clients themselves, for the most part, have only recently put their own house in order after a long period of denial and ignorance of open source licensing risks. Outsource clients today are like parents telling their outsource developer teenage children to straighten up and fly right--which is like a thirty year old father telling his fifteen year old son to stop partying, when it was not so long ago that the father was doing exactly the same partying himself. II. GIGO--THE ETERNAL INFORMATION PROBLEM The vast majority of time spent resolving issues in open source licensing is the gathering of information--or more precisely, the vetting of the information. Anyone can collect inaccurate or incomplete information, quickly and easily. As every programmer knows, bad data means bad results--garbage in, garbage out. Good record keeping is the answer, of course, but it is a harder answer to implement than it seems. Outsource providers will get significant benefit for their efforts by streamlining their information tracking systems to record and update open source licensing terms for software used in development. The information typically needed is: * Software package name * Version * License (including version) * Download URL * Dependencies * Whether the code has been modified * Copyright notices The version of the software is necessary, because open source projects do change their licenses over time, so the version of the software may help to verify licensing terms. …