tags:

views:

162

answers:

5
+6  Q: 

Source code license for closed (non-open-source) software components

This is a question about licensing 3rd-party software components, which are to be included/used in your own software.

When you license a software component from a component vendor, many vendors will also allow you to get the source code (for an extra fee).

I'm talking about a not-for-resale and not-for-redistribution source code license, which developers sometimes want (perhaps on the theory that they can then support the component themselves if the vendor ever doesn't).

If you're a buyer:

  • Do you buy the source code license too?
  • Do you always, or does it depend on something, e.g. depend on how big the vendor is?
  • If a vendor doesn't license the source code, or if the license is expensive, is there any alternative to licensing the source code that you'd find acceptable: do you ever purchase a binaries-only license, and if so under what conditions?

If you're a vendor:

  • Do you offer source code to people who ask for it?
  • Does it depend on the buyer in any way?
  • If you don't, even to people who ask for it, then why not?
  • If you do, how do you choose a price (what's the biggest factor: is it just trying to maximise revenue, or is it any other motive e.g. pricing it high to try to minimise risk)

Also:

  • Do you happen to know of any standard/reusable license for such source code (which specifies e.g. "not for redistribution" etc).

I'm especially interested in your experience with "3rd party" components: from vendors smaller than Microsoft et al.

This question might seem like a 'poll', and subjective; but I'm trying to gather the business reasons for licensing or for not licensing source code, to understand the situations in which it's appropriate or not appropriate, and to hear of any alternatives or compromises.

+1  A: 

I would assume most software developers accept components without source code (at least if they are not developing on Linux):

  • Compilers
  • DBMSs
  • Application and Web servers
Frank  2010-08-18 22:01:12
I think these are open-source (e.g. gcc, Apache), or from very big vendors (e.g. Microsoft, Oracle).
ChrisW  2010-08-18 22:41:37
@ChrisW: Aside from the questionable truth of that statement, what does that matter? A large corporation is perfectly able to discontinue something you were relying on, or make a permanently breaking change, even if it's less likely to go bankrupt.
David Thornley  2010-08-20 16:24:53
@David - I don't know; I'm the one asking the question here. Can you answer my questions at all, from the OP?
ChrisW  2010-08-20 16:41:02
+4  A: 

In embedded systems it is common for libraries such as RTOS, protocol stacks, and file-systems for example to have soure-code license options. In this domain this is useful since target adaptation is often required beyond that facilitated by the object code license. Apart form that, I have used RTOS libraries both with and without source-code, and often debugging is much easier when you have the source, even when the component is not at fault - if only to better understand the often complex interaction with your application code.

As a vendor an alternative often used is an escrow agreement where the source is registered and held by a third-party escrow service for release to licensees should the vendor cease to trade or support the original code. This approach is used when the code embodies commercially sensitive intellectual property that may affect the value and competitiveness of the rights owner, but while equally the loss of support may affect the user's business viability.

Clifford  2010-08-18 22:11:43
+3  A: 

My employer at least once negotiated a source code escrow contract. This means the source code goes into an escrow agent's safe, and my employer can use it when the other company does not deliver updates fast enough.

For a license where the customer gets proprietary source code, look MFC's license. IMHO you can get the source code, modify it, and ship binary versions of the modified MFC library to your customers.

Eike  2010-08-18 22:19:46
An article with some warnings about source code escrow: [Source Code Escrow: Are You Just Following the Herd?](http://www.cio.com/article/187450/Source_Code_Escrow_Are_You_Just_Following_the_Herd_)
ChrisW  2010-08-18 23:08:41
Interesting, escrow seems to be quite common (see also Clifford's answer). It would be interesting to know how much more money a software vendor can get with an escrow contract.
Eike  2010-08-19 00:22:32
@ChrisW: If you read that article, read the comments too. They make some good points against the article.
David Thornley  2010-08-20 17:22:54
@David Thornley - Yes, and also others in favour of it. I don't see much down-side to escrow for the vendor: if a customer wants it and will pay for it then why not? Also, it's more obviously appropriate as "insurance for the $5million ERP package", than it is for smaller software components which are closer to the area that I'm interested in.
ChrisW  2010-08-20 17:38:02
Escrows are fine **if** you do them well. I have seen escrows done well and done badly. One company I worked for managed to persuade the customer (technically an investor/financer) that lodging binaries into escrow was sufficient (the customer wasn't tech savvy), and then put timebombed binaries into the escrow - worked fine when the escrow company tested them of course, but would have been absolutely useless. Equally that same company put source into escrow for a foreign sales agent - the escrow was properly executed, and was invaluable when the company went into administration / chapter 11.
JosephH  2010-08-28 18:19:00
+1  A: 

Back when we were developing in Delphi, we wouldn't even consider buying a third-party library without source code. That's because the .dcu file format (basically the object code that you link against) changed with every version of Delphi, and there was no upgrade utility; you just had to recompile.

So if we didn't have source code, then whenever a new version of the compiler came out, we wouldn't be able to upgrade until every single vendor released a new version of the .dcu files. That's untenable. Non-source distributions of Delphi libraries simply aren't workable; you need the source so you can recompile it yourself.

Joe White  2010-08-18 22:24:37
+3  A: 

Around here, we will ask about a source code license, but it's by no means the most important part of our decision to buy.

I've worked in a couple of small businesses that sold software for a major revenue stream. One sold software to deal with a lot of things in doctors' offices, and I don't think anybody ever asked about the source. One sold big-buck software to electrical utilities, and we supplied the source freely to our customers. (One issue there is that utilities are stable companies, usually with deep pockets, and easy to enforce license terms on by suing if absolutely necessary. Many doctors' offices can fold up fairly easily, and enforcing license terms can be a problem.)

David Thornley  2010-08-20 17:27:44
When you ask about a source code license, is "no" an acceptable answer?
ChrisW  2010-08-23 11:44:39
@ChrisW: Acceptable to whom? I'd call it a reasonable answer, and one that people will generally expect, but it may or may not be acceptable to a customer.
David Thornley  2010-08-24 14:08:22
"Acceptable to whom?" - Is it acceptable to *you*: would you buy a component, from a 3rd party, for which they wouldn't offer a source code license? That question (and other related questions) were what I was asking in my OP. Also, do you think that people generally expect no as an answer? I would have (I don't know) guessed the opposite: that people expect that the source is available, for a price.
ChrisW  2010-08-24 14:58:52
I have just pitched a software product to my manager that doesn't appear to come with a source code license. I'm hoping they buy it, as it would make part of my job much more pleasant. So, the answer for me is "yes". As for what I'd expect, it depends on what sort of software it is. The closer the relationship between vendor and client, the more likely the source will be available. Shrink-wrap software is almost always without source, but it's far more likely when there's personal contact and individual negotiations.
David Thornley  2010-08-24 17:35:01

related questions

Can you improve this 'lines of code algorithm' in F#?
JDK/JRE source code with matching JSSE (SSL) source code and matching runnable JDK / JRE?
How to get JRE/JDK with matching source?
How many lines of debugged code do you produce in a day's work?
Where to find beautiful PHP code to read?
SAP R/3 package code modification
Subversion and shared files across repositories/projects?
What to write in the header comments of a code file?
How do you prefer to organize exception definitions?
Best rule for maximum function size?
Can you debug a .NET app with ONLY the source code of one file?
Converting C++ code to HTML safe
What Are Some Decent ISPs That Host Subversion
Best file comparison tool
Where to find Java 6 JSSE/JCE Source Code?
What open source virtual private server program do you recommend with windows as host
How to highlight source code in HTML?
What's the right way to branch with Visual Source Safe?
Directory layout for pure Ruby project
How would you organize a Subversion repository for in house software projects
How do I avoid having the database password stored in plaintext in sourcecode?
How do you actually read source code?
Programmatically editing python source
alternative to VSS for a one man show (army of one?)
Any good java source code analyzing and modifying libraries?