Yesterday I attended an event at the Holiday Inn in Belfast regarding some of the legal concerns over software houses incorporating open source code into their applications. This was put on by the good people at Momentum NI.

It was an excellent talk delivered expertly by Rory Campbell from Forde Campbell. I figured I would take 5 minutes to briefly sum up what I got from the talk for those who could not attend (or could attend but wanted to watch Mexico show France up!).

Open source is good although it sometimes gets a bad wrap in the public sector, as developers we all know how good it is to have a nice open community building on the same code you are building on.

There is a wide spectrum of open source licences but generally there are two camps FSF (Which created GPL) and OSI (Who endorse the MIT licence).

GPL2 is almost too open for business purposes, it basically says that if you use any code from this licence then your code also needs to be completely GPL2 as well - this is obviously a massive issue if you are doing this. (Personally I know I use open source code all the time, what I don't know is what licence I have accepted by doing so, do you?)

MIT is more relaxed, it doesn't force you to make your code open source. It does however state that the code is provided as is and basically if it goes wrong it isn't the providers fault, which means if you use some in your code and it breaks you have no leg to stand on when your client starts shouting at you.

So far there have been no court decisions in the UK but people are getting wise to open source law and are arguably getting a bit paranoid over it so it is something we can't afford to ignore. In Germany there have been rulings and one developer used to actively seek out companies who were not complying (Harald Welte).

The main issue is that if you use open source and don't follow the terms your leave yourself open to get sued by the open source supplier for breaking their licence and also your client because you are passing risk onto them. Also if someone attempt to buy your company things like is could throw a spanner in the works.

There are a few things we can do, we can run audits on our projects to make sure we know what open source licences we are currently using, we can educate ourselves and our co-workers in the issues, we can log any new stuff coming in somewhere we can easily reference it and we can always fall back onto lawyers for advice.

That is pretty much it, now I am off to see what licences I have to stop pissing on!

* Edit

Thanks to Rory Campbell for correcting how I described the two camps.
Thanks to Future Perfect for telling me the difference between licence and license.