a-little-foss-knowledge jlovejoy final2 · foss knowledge: a little does not always go a long way...

FOSS Knowledge: A little does NOT always go a long way

Jilayne Lovejoy Corporate Counsel

16 April 2013 Linux Foundation Collab Summit

Roadmap ² When it comes to FOSS

knowledge: o Where did we come from? o Where are we now? o Where are we going?

¨  (the goal)

o How did we get here? ¨ What path are we taking?

o Common FOSS knowledge gaps & misunderstandings ¨  (Why) is this a problem?

o What is the goal? ¨ How do we get there?

© J.Lovejoy

Trail

OPEN SOURCE

4  

5  © Ayzek09 | Dreamstime.com

6  

7  

8  from http://www.fluevog.com/files_2/os-1.html

9  http://www.opensourcefood.com/

10  from  h/p://opensource.com/life/13/3/spread-­‐open-­‐source-­‐sxsw  

“open” is the new “green”

11  

12  

Is this bad?

http://xkcd.com/246/ 13  

14  © Ayzek09 | Dreamstime.com

“open” is the new “green”

15  

16  © Ayzek09 | Dreamstime.com

17  

m a i n t e n a n c e Maintain, update, train

a c t i o n Adopt a robust and practical open source policy

p r e p a r a t i o n “We need a plan. This is what we are going to do.”

c o n t e m p l a t i o n “We are using open source. What should we do?”

d e n i a l “We’re not using any open source.”

“Do you understand the difference between source and object code?” “No.” (after claiming to have a basic understanding of open source software)

18  

“Do we have any GNU licenses?”

(after using “GPL” during the lengthy previous discussion)

19  

“Apache 2.0 is a restrictive license.”

20  

“All open source licenses require code contributions back to the community.”

21  

“If I dynamically link, I’m okay.”

(in regards to compliance with the LGPL)

22  

“If I use GPL, I have to release the code for the entire product.”

23  

“What needs to be fixed?” (and other questions re: compliance)

Company receives software bill of materials from vendor or for its own code or as part of M&A due diligence

24  

“Who’s providing technical support on this?”

Company is using FOSS for a critical system... and something goes wrong...

25  

“I require my developers to submit for review all open source, even under MIT License...”

Insight from an in-house counsel regarding how open source licenses are reviewed in his company

26  

What about the 100+ developers who are going to be using the tool?

Company decides to implement policy and acquires governance tool for requests, approvals, tracking, etc.

27  

28  

(Why) is this a problem?

29  © Zimmytws | Dreamstime.com

30  

31  © Alien185 | Dreamstime.com

32  © Ayzek09 | Dreamstime.com

ü  Request  /  Approval  ü  Support  /  Maintenance  ü  AudiIng  /  Scanning  ü  License  Compliance  ü  Tracking  /  Monitoring  ü  AcquisiIon  ü  Contract  /  Legal  ü  Community  InteracIon  

33  

and communication

34  © Ayzek09 | Dreamstime.com

35  

legal

engineering

© Ayzek09 | Dreamstime.com

36  

m a i n t e n a n c e Maintain, update, train

a c t i o n Adopt a robust and practical open source policy

p r e p a r a t i o n “We need a plan. This is what we are going to do.”

c o n t e m p l a t i o n “We are using open source. What should we do?”

d e n i a l “We’re not using any open source.”

Questions? Thank you! jlovejoy@openlogic.com

© J.Lovejoy

© 2013 OpenLogic (images as noted)