tags:

views:

113

answers:

2
+4  Q: 

is there a good reason to fear closed-source code *inside* of open-source libraries?

Here's the situation. At work here, I hear there is resistance to using open source code (Nant in particular) because there might be closed-source copyrighted code in there (meaning copyrighted by someone who'd have an interest in suing anyone who used their code, e.g. Sun, Oracle etc.). Meaning somewhere in that open source tool or library there might be a chunk of code that was directly lifted from copyrighted code. In theory, this means our company (which is quite large) get sued for big money because they used an open source library.

We don't ship any software, so how this theoretical plaintiff would find this out is a mystery.

I have also heard that some group of people came through a year or two ago and actually found instances of this in our codebase. That's hearsay of course, so who knows.

Is this simple paranoia? Didn't something similar to this happen with Linux a while ago? Wouldn't the burden of checking for copyrighted code lie with the people who made the code, not the people who use it?

Edit: country is USA.

+3  A: 

Open source is (like everything else) copyrighted BY DEFAULT! Otherwise it'd be public domain!

Also, I don't see how you can be accountable if someone else infringes someone else's copyright. Unfortunately, you left your country field empty, so I don't know what kind of crazy laws you might have wherever you are.

On the other hand, lets take a look at this situation: There were numerous cases where a closed source company violated EULAs of free software makers (Cisco and FSF come to mind first, but there are many others). What if you happen to use closed-source library made from from free code in such way that it violates free code's EULA? There is no guarantee that closed source software isn't infringing someone's copyrights. In my example FSF sued Cisco, the ones who made the infringement, not the users.

Basically, my point is that whoever is resisting FLOSS is raising a valid concern (in some countries, at least) but is using it to unfairly target FLOSS. You have no better guarantee with closed-source of its legality than you have with open-source.

Also, how would you check if some open-source software is using pieces of closed-source code, unless you have access to that same piece of closed-source code?

Just read that country is USA, well good luck then. You can get sued for anything there.

AndrejaKo  2010-05-31 16:19:34
Agreed. Closed source code is no guarantee of copyright safety.
Robert Harvey  2010-05-31 16:26:51
Edited the OP to have country.
jcollum  2010-05-31 16:32:01
The difference between open-source vs. closed-source code is that usually there is a company to sue in the closed-source case. In the open-source case the holder of the copyright would go after whoever was using the code. At least that's the argument I hear.
jcollum  2010-05-31 16:33:26
Maybe I'm reading too much of Stallman's works, but I would go as far as to say that it'd be safer to actually use open-source software because it can actually be checked for copyright safety. There is no clear good way by which to check if code of two closed-source companies infringes each-other's copyrights unless they both agree to a check. Would you let someone see you using his stolen code?
AndrejaKo  2010-05-31 16:34:33
*if someone else infringes someone else's copyright*, but if I use code that is copyrighted by someone else and they haven't given me permission to use it, then I am infringing, just not wilfully. I would have thought that in many countries you'd be able to get in trouble for that, at least if you're not able to stop using all of that code immediately. Same as in many countries, if you buy stolen goods, even if you had no reason to expect that they were stolen, you are not the rightful owner of those goods.
ho1  2010-05-31 16:36:11
Well, NAnt looks pretty old (first releases in 2001). If it was infringing copyrights of say M$, I'm sure that they would have found out about it long time ago.
AndrejaKo  2010-05-31 16:38:37
@ho1 Yes, but in many countries if you buy stolen goods in a legitimate shop marked as legal goods, you didn't do anything wrong. The thing is that you can't have ANY guarantee for ANYTHING that it isn't stolen or smuggled or is infringing copyrights. As for code, take a look from this perspective: You are using finished product which was developed by someone else. Why should you be accountable for someone else's actions? If you buy a car that was made by a manufacturer who is violating patents, are you guilty of violating patent rights?
AndrejaKo  2010-05-31 16:42:55
+1  A: 

You questioned how anyone finds out about this stuff. Well, when companies get bought and sold (and this is always in the back of the mind of most executives), they usually instruct lawyers to do a due diligence exercise. These days, that frequently involves looking at the use of any third party code. Sometimes, the enquiries are backed up by using software which actually sniffs out the presence of third party code. Yes, they need access to the source code, but such access is usually provided as part of the sale process.

There's also the risk of whistle blowers finding such code and saying something about it.

I'm finding that the issues related to use of third party souyrce code (of any variety) are getting more frequent. Organisations which show recognition of the issues are wise, and it's worth the developer community understanding the ramifications.

CharlieDelta  2010-06-01 09:06:29

related questions

What is the best way to organize my C project code and its external libraries?
Alternative to FreeLists for hosting my (developer/software) maling lists?
How do I decide which features to implement?
What is a quality real world example of TDD in action?
Why the proliferation of open source licenses?
Where can open source developers "showcase" their projects and ask for help with development?
Free (and/or open source) security software
FOSS tools for Flash development
Arguments for going open source
Is Mono ready for prime time?
Good Open Source Queuing Platform?
Where is a good place to find a talented web designer?
Alternatives to Visual Sourcesafe that integrate with Visual Studio
What is your motivation for doing free stuff?
Best License for Selling Open Source Software
Open Source C# Opportunities
How do I attract developers to an Open Source project?
Open Source Licensing Options for ASP.NET MVC Application?
Best Open Source Project Hosting Site
Open Source Windows Mobile OCR Library
Looking for WYSIWYG HTML editor
Using Xming X Window Server over a VPN
How to contribute code back to an Open Source project?
Open Source Ruby Projects
What level of programming should I have to contribute to open source?