[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What to do when DD considers policy to be optional? [kubernetes]

On 27.03.20 01:57, Paul Wise wrote:
> On Thu, Mar 26, 2020 at 8:30 PM Christian Kastner wrote:
>> [Well, technically, you could use your own lawyer to perform the due
>> diligence and have them submit any necessary changes to the BTS, but I
>> think it's safe to assume that that is a theoretical example.]
> The OSI started ClearlyDefined, which aims to do just that (and more)
> for both Debian and other communities, using automated tools
> (scanCode) and human curation of the results.
> https://clearlydefined.io/?type=debsrc&sort=releaseDate&sortDesc=true
> https://clearlydefined.io/about
> https://docs.clearlydefined.io/contributing-data
> https://wiki.debian.org/CopyrightReviewTools
> https://github.com/nexB/scancode-toolkit/
> https://fosdem.org/2020/schedule/event/rust_license_clearlydefined/

Interesting. While I personally believe this would be insufficient as
due diligence [*], it would definitely be a great assistance in carrying
out thereof, and help bring "surprises" to light (eg a BSD-licensed
software containing some GPL code).

One frequent reason why proprietary software wins over FOSS in corporate
environments is because the vendor is willing to indemnify the client.
So by buying $FOO, you can spare yourself all this legal headache, the
problem is simply shifted to the vendor. That's a really hard offer to
beat, business-wise.

[*] To use extreme examples, in SCO v. IBM and Google v. Oracle cases,
they went file-by file. In the first trial to the latter case, a 9-line
function was found to be infringing. (This was later reversed, but
that's still bad enough).

Reply to: