Compliance
We're in this weird time in history when most commercial software is touted as "proprietary" software, yet every commercial enterprise relies on GPL software. It's kinda like saying you really love the fresh air on a Spring morning while ignoring the physical reality that you share that air with every polluter on the planet. Compliance is like trying to prove on paper that the air molecules that you breathe are not and have never touched pollution. Selling proprietary software is like trying to sell packaged air because "it's clean". It would be a better world if we just focused our energy on eliminating air pollution. Until we have such Utopia, we have companies trying to document their compliance at the least possible cost.
Contents
Compliance between Licenses[edit | edit source]
The compliance drama is not just one between proprietary and free software. There is an over abundance of software licenses, and many of the so-called 'open source' or 'permissive' licenses are incompatible with each other. So, compliance is actually about what code you have, what license is that code under, and are you compliant with all the terms of every license that you are a party to.
Enforcement[edit | edit source]
There isn't some big government agency like the FBI (who prosecutes you if you copy a movie) working to ensure that free code remains free. Instead, the effort is literally left to the little guy. The Software Freedom Conservancy is the main actor in enforcement. They are a charity drawing their financial support from individuals. https://sfconservancy.org/copyleft-compliance/principles.html Meanwhile, the big guys certainly do have lots of money to enforce violations of their licenses (http://www.bsa.org/).
Resources[edit | edit source]
Eben Moglen is director of the Software Freedom Law Center. See their guide https://www.softwarefreedom.org/resources/2014/SFLC-Guide_to_GPL_Compliance_2d_ed.html
Bradley Kuhn (and the FSF?) put together https://copyleft.org where you can find
- https://copyleft.guide
- Copyleft and the GNU General Public License: A Comprehensive Tutorial and Guide
- https://gpl.guide
- Part I Detailed Analysis of the GNU GPL and Related Licenses
- https://compliance.guide
- Part II A Practical Guide to GPL Compliance
Termination[edit | edit source]
Compliance is important obviously, and for a number of reasons. One reason is that under GPLv2, your rights to use (and distribute) are automatically and irrevocably terminated with violation. The GPLv3 amends this by offering a pathway to cure the violation.
Vendors[edit | edit source]
BlackDuck here in Massachusetts sells compliance as do other firms like TripleCheck
Criticisms[edit | edit source]
One of the chief criticisms of these vendors is that they do not provide guidance or solutions for meeting the "Complete and Corresponding Source Code" requirement of the licenses. Without providing Complete and Corresponding Source Code, you are not compliant.
Another criticism is that any enforcement action is used as fodder for these companies to heavily market their services and that these vendors are not about preventing or curing Violations.
