On License Compliance For Users
Of the many attributes of software freedom that could move to front-of-mind, it strikes me that the minimal license compliance burdens for open source software users are actually a comparative strength. Having them presented as a dangerous weakness by commercial interests in various contexts (what has been called “the compliance-industrial complex”) applies a “frame” that serves only the detractors of software freedom. No wonder proprietary vendors want to divert our attention! Open source is so much easier!
License compliance is a major and costly issue for proprietary software users, who must keep track of every use of the proprietary software they are licensing in order to avoid severe consequences should their supplier choose to conduct an audit. The license involved in that case is an End User License Agreement (EULA), not a source license delivering extensive liberties. When we compare like-for-like, we discover open source software has negligible issues by comparison. End-users do not need to have a license management server, do not need to hold audits, do not need to fear contract enforcement raids.
Open Source License Compliance Is A Marginal Issue
Do we need to worry about license compliance? Obviously respecting authors, following license terms and obeying the law are important, but for most of us the answer is probably that there are bigger things to worry about. Open source software comes with a set of liberties commonly called “the four freedoms“. Any software under an open source license may be used, studied, adapted, shared (both in the origonal and modified form) and monetised for any purpose, as long as the license is obeyed.
- As a user of the software, there are no conditions of any kind set on your use; you are free to use it for any purpose. There is no compliance requirement, even for the GPL. Pause and reflect on that for a moment. Open source does not place a compliance burden on the end user, does not mandate acceptance of an end-user license agreement, does not subject you to para-police action from the BSA. That is a significant advantage, and there’s no wonder that proprietary vendors want to hide it from you and make you think open source licensing is somehow complex, burdensome or risky. If all you want to do is use the software – which is all you are allowed to do with proprietary software as the other three freedoms are entirely absent – then open source software carries significantly less risk.
- If you move beyond use of the software and study the source code, there is also no compliance burden. There is no risk associated with using the knowledge you gain for other purposes. You do not become “tainted” in some way, and there is no need to create a “clean room” environment when you build related software using that knowledge. Those actions are related to trade secrets and public code is by definition not secret.
- If you move beyond studying the code and actually adapt it for your own use, there is unlikely to be a compliance burden. You are free to use the modified version in any way you wish, both personally and within your business. There is no need to account for your use, no need to send your improvements somewhere else, no requirement that you participate in the community. Of course, if you don’t you won’t get all the benefits associated from joining the community, but all the same the choice remains yours.
- If you move beyond modifying the code and decide to share your modified version, that is the point at which there will most commonly be compliance issues with the open source license. You only need to check you are passing on the same rights to others as you received with the original code. Even then, not all open source licenses place significant responsibilities on you. Licenses like the Apache, BSD, MIT and X11 licenses are extremely easy to comply with and licenses like the Mozilla license involve negligible housekeeping if you are participating in an open source community – simply committing code back to the community repository is likely to be enough. Only reciprocal licenses like the GPL family truly need an audit process, and even there it’s no more burdensome for most of us than the sort of tracking we would do anyway in our version control system.
- When it comes to the tiny minority who monetise open source software per se by shipping products containing it, there are issues that companies need to keep in mind, but in my view they are no more complex and burdensome than the issues arising from shipping proprietary software. It’s important to make sure you know you have the necessary rights to everything you ship, and when you ship code made from proprietary elements you naturally do so because the contract both requires it and enables sanctions if you don't. Only sloppy developers fail to do this.
Software Freedom Is Not About Licenses
The result of making it seem otherwise is that the more subtle opponents of open source are able to raise Fears about compliance, attaching Uncertainties soluble only via extra costs that aren’t really applicable to the majority of uses and thus seeding Doubts that the bother is really worth it. This has all the classic hallmarks of FUD, projecting the weakness of proprietary software and license enforcement “audits” and by implication tarring open source with them. We should reject the frame.
Ultimately, software freedom is not about licenses; they are a fundamental and essential part of the mechanics, but not the goal. The goal is for every software user to be self-sovereign in their software. It is about the liberty to enjoy software unhindered, and we are free to use that liberty as little or as much as we want without interference. Allowing ourselves to be distracted from the liberty which is the source of all of the benefits individuals and business gain from open source is a mistake. Don’t let the forces of proprietary software do it to you. Reject the frame and revel in your liberty!