informa
/
Commentary

Subcontractors, Meet Open Source

Now that the recent lawsuit against Verizon by a couple of open source developers has been settled, it's become clear -- as some people suspected -- that the real offender here wasn't Verizon per se but a subcontractor, Actiontec.  I wonder if this will mean a new level scrutiny or contractual stipulations for the way subcontractors are hired to do this kind of work -- with one

Now that the recent lawsuit against Verizon by a couple of open source developers has been settled, it's become clear -- as some people suspected -- that the real offender here wasn't Verizon per se but a subcontractor, Actiontec.  I wonder if this will mean a new level scrutiny or contractual stipulations for the way subcontractors are hired to do this kind of work -- with one of the possible stipulations being "no open source," especially if litigation is a serious risk.

In the abstract, it's not hard to avoid getting sued by the authors of an open source product for violating the GPL -- you just have to follow the rules and provide the source code for whatever you've been using.  The problem is that if you're a contractor, whoever is upstream from you may not want that -- especially if the modifications made to the open source code might (in their opinion) clue people in about things that they consider proprietary, like hardware designs.  (Note: I'm not trying to imply this actually happened in this case -- only that it's possible.)

One of the stipulations of the settlement, aside from Actiontec posting the code on its site, is the creation of an open source compliance officer's position at Actiontec.  This is something my cohort Paul McDougall talked about at the end of last year in the context of another settlement conducted by the SFLC.  He, too, was worried that moves like this would have unexpected side effects -- not least of all, an increasing hesitancy to adopt open source by companies who didn't want to find themselves strong-armed into creating job positions they didn't feel they really needed.

Now, the SFLC and its clients (mainly the authors of the Busybox toolkit, the code that was reused but not republished by Actiontec) aren't exactly using patent-troll tactics to get their way.  In fact, up until recently, they were content to simply shame the offenders on their Web site.  Then the sheer number of offenders grew and grew, shame stopped being effective by itself, and they decided to take legal action.

From their side, their behavior's perfectly reasonable.  But from the side of folks for whom using open source is still a relatively exotic and new (and, therefore, not wholly required) thing, it might be an incentive to keep things as proprietary as possible ... just to be safe.

The irony is that those who opt out of open source because of fears about getting pricked by thorns in the licensing stipulations may find themselves at a disadvantage in the marketplace.  When your competitors are using open source to get an edge -- and that might include potential bidders for a contract who already have documented open source compliance mechanisms in place -- you don't want to be last to the table.

Do you think contractors in IT should get special stipulations regarding their use of open source, or be left to fend for themselves?