|
Keeping it Clean - Sourceforge and Eclipse Foundation To Work with Palamida and Black Duck |
|
Wednesday, August 03 2005 @ 05:43 AM EDT
|
Black Duck Software and Palamida have each announced that they are partnering with the Eclipse Foundation and SourceForge.Net, as reported by CNET's Stephen Shankland and others. It will not only make their databases more effective, as Dave Rosenberg at Infoworld points out, because of being more complete, but it makes due diligence regarding copyright issues easier because of automating the process. For one thing, there will be no time lag now, Internet News points out, because any new additions to Sourceforge will be immediately available in Black Duck's code management database, for example, which is now allowed to replicate the software repository. Call it a preventive strike against any future SCO lookalikes, if you like. Call it antiFUD, if you prefer. Palamida says one purpose is to "ease open source developers' concerns about the utilization of their custom-created intellectual property, and allow organizations to be more confident in their use of open source software." It also makes it easier to find hidden GPL violations in your proprietary code, so you don't have to worry any more about any so-called GPL "viral" effect. When you think how much it has taken to get those pesky SCOfolks legally pinned to the mat, I think it is wise to do all things possible to prevent another SCO. I don't want my unborn grandchildren someday to have to keep writing Groklaw to the end of time. And some businesses feel they need clarity and assurance regarding legal compliance and code purity. I know such tools are disliked by some developers and that there are traditional methods that can be used instead, and I understand the why of the dislike, because some feel such tools are supporting antiGPL and antiOpen Source FUD, but I think such tools make it possible to more easily answer the SCO- and MS-inspired FUD, and to me that can only be good. The FUD has to be dealt with somehow. Let's face it. Not everyone is a deep thinker. Others simply don't have time for long discussions. If a CEO hears there are IP issues with Free and Open Source software, even if it's FUD, they'll Just Say No to using it. If, instead, someone can say, there's a solution to that problem, it makes a difference. You can argue all you like that it's silly that people are like that and think like that, and you can write long blog entries about how such tools aren't needed because of this or that perfectly sensible reasons, but humans *are* like that and they *do* think like that, and that isn't going to change. CEOs are too busy to read a lot on subsidiary issues, and that is something I've learned to understand, as Groklaw gets bigger and more popular. I too now have to ask folks to give me the executive version before I even consider giving time to something. All CEOs want to quickly find answers to are the following questions: is there a solution to this problem? If so, does it work? Is there any down side? Can I move on to the next issue now? And don't forget that CEOs of public companies have to think about things you don't, like their obligations under the Sarbanes-Oxley Act [PDF].
The Palamida press release is here. And Black Duck Software's is here. It begins like this: Black Duck Software, the leading provider of software compliance management solutions, and SourceForge.net®, the world's largest Open Source collaborative development site and part of the OSTG (a subsidiary of VA Software, NASDAQ: LNUX) technology network, today announced a partnership to help businesses worldwide confidently use more open source software while ensuring they meet their license compliance obligations. SourceForge.net hosts more than 103,000 open source projects, and today over 1,100,000 registered users leverage this resource to accelerate their own software development efforts. Through the partnership, Black Duck will now house a replicated version of the SourceForge.net repository at its headquarters. Black Duck will leverage this to provide users of their protexIPTM software compliance management platform with the most comprehensive and timely library of open source project information.
The protexIP system contains a KnowledgeBase of sophisticated Code Prints and processed licensing information from open source projects which is used to validate whether companies are correctly using open source within their applications. protexIP identifies which projects are in use and alerts users to license obligations and conflicts, enabling automated intellectual property (IP) policy management across distributed development teams. The alliance will further leverage Black Duck's existing, unique Web Update service whereby the Company offers regular online KnowledgeBase enhancements to its customers via subscription service. The direct access to SourceForge.net project information means that newly released projects will be immediately identifiable by protexIP. I wrote an article for LWN.net a little while ago, "IP Software Compliance Tools -- Who Needs Them and Why?" about how both companies work and what the differences are between them, and in the course of doing my research, I became finally convinced that such tools can provide a valuable service, if only for antiFUD purposes, but for another reason as well. One part of what they do is to alert you to what your license obligations are if you use a particular piece of code. That is really useful to a business and can prevent any mistakes out of ignorance or confusion about how licenses work and how they interact, so as to prevent conflicts with other license responsibilities a company is already obligated under. When you consider that there are more than 500 FOSS licenses now, which is way too many, it's not a small task for lawyers to figure out what can mix with what, but that's a rant for another day.
|
|
Authored by: MathFox on Wednesday, August 03 2005 @ 06:13 AM EDT |
"Pamela never makes mistakes"
"Are you sure?"
"Well, let's start a corrections thread anyway!"
---
When people start to comment on the form of the message, it is a sign that they
have problems to accept the truth of the message.
[ Reply to This | # ]
|
|
Authored by: Nonad on Wednesday, August 03 2005 @ 06:13 AM EDT |
"When you think how much it has taken to get those pesky SCOfolks legally
pinned to the mat, I think it is wise to do all things possible to prevent
another SCO."
I'm not sure they're pinned to the mat quite yet - at
least they're still wiggling, it seems...
It will take a few more words from
the court(s) to firmly pin them.
Actually, rather than just pinning them to
the mat, what we all really want is a stake through their collective
heart.
We want them dead, Dead, DEAD! :o)
[ Reply to This | # ]
|
|
Authored by: MathFox on Wednesday, August 03 2005 @ 06:20 AM EDT |
"Hey, there's no off-topic thread yet... You know how those Groklawyers
behave without one!"
"Okay, Okay..."
---
When people start to comment on the form of the message, it is a sign that they
have problems to accept the truth of the message.
[ Reply to This | # ]
|
- OT-Copyright lobbyists strike again - Authored by: DaveRexel on Wednesday, August 03 2005 @ 08:12 AM EDT
- Leverage - Authored by: The Cornishman on Wednesday, August 03 2005 @ 08:14 AM EDT
- New Lamlaw article: Just what happens if SCO files for bankruptcy? - Authored by: fudisbad on Wednesday, August 03 2005 @ 08:32 AM EDT
- Linux on a USB stick - Authored by: DaveJakeman on Wednesday, August 03 2005 @ 09:48 AM EDT
- Bogus lobbying - Authored by: Chris Lingard on Wednesday, August 03 2005 @ 10:30 AM EDT
- Current events, calendar. - Authored by: gnuadam on Wednesday, August 03 2005 @ 10:33 AM EDT
- SCO's pending bankruptcy - Authored by: Anonymous on Wednesday, August 03 2005 @ 10:45 AM EDT
- Secret Documents About Indymedia Server Disappearance Unsealed - Authored by: ff5166 on Wednesday, August 03 2005 @ 11:02 AM EDT
- Baystar, RBC, MS in big trouble? - Authored by: Anonymous on Wednesday, August 03 2005 @ 02:28 PM EDT
- Computors and programmers: 50 years ago - Authored by: Anonymous on Wednesday, August 03 2005 @ 04:51 PM EDT
- The Vista threatening to sue Microsoft was recently purchased by SCO Group - Authored by: Anonymous on Wednesday, August 03 2005 @ 06:09 PM EDT
- New Docs Available - Authored by: Anonymous on Wednesday, August 03 2005 @ 09:30 PM EDT
- Andrew Morton's Podcast about the Linux Kernel - Authored by: Anonymous on Wednesday, August 03 2005 @ 09:55 PM EDT
- Groklaw RSS feeds on Google Portal - Authored by: Nivuahc on Wednesday, August 03 2005 @ 10:44 PM EDT
- "Where Can I Find Linux Porters?" - Authored by: Anonymous on Wednesday, August 03 2005 @ 10:54 PM EDT
- What happened to ffii.org, the anti-patent site? - Authored by: Anonymous on Wednesday, August 03 2005 @ 11:17 PM EDT
- Microsoft Word Redaction Add-in - Authored by: Anonymous on Thursday, August 04 2005 @ 03:38 AM EDT
- Oracle flatters Linux in their ad - Authored by: Anonymous on Thursday, August 04 2005 @ 07:38 AM EDT
- eWeek review of SCO OpenServer 6 - Authored by: gumnos on Thursday, August 04 2005 @ 09:12 AM EDT
|
Authored by: Anonymous on Wednesday, August 03 2005 @ 06:20 AM EDT |
Sorry, PJ, but I don't agree with your conclusions. Black
Duck is spreading FUD to sell a solution for a problem
that may not even exist. They are, in effect, telling
management that their developers are not to be trusted and
will plagiarize GPL code unless you check up on them with
their nifty code-checking tools.
Also, this has nothing to do with clearing the air of FUD
regarding Free/Open Source software. It will do
absolutely nothing to check if Free software projects
contain stolen proprietary code. It just allows a code
base to be checked for similarities against the projects
on SourceForge. Indeed, it seems more like a tool that
would be useful for the next SCO-alike as a method of
searching for potential victims.
Still, thanks for all of your efforts and please don't
take offense to my disagreement. [ Reply to This | # ]
|
- Black Duck is spreading FUD, not resolving it - Authored by: PJ on Wednesday, August 03 2005 @ 06:27 AM EDT
- Black Duck is spreading FUD, not resolving it - Authored by: MathFox on Wednesday, August 03 2005 @ 06:39 AM EDT
- Black Duck is spreading FUD, not resolving it - Authored by: DFJA on Wednesday, August 03 2005 @ 06:44 AM EDT
- Black Duck is spreading FUD, not resolving it - Authored by: Anonymous on Wednesday, August 03 2005 @ 07:36 AM EDT
- Black Duck is spreading FUD, not resolving it - Authored by: tknarr on Wednesday, August 03 2005 @ 10:45 AM EDT
- Symptom: Black Duck is spreading FUD, not resolving it - Authored by: Anonymous on Wednesday, August 03 2005 @ 11:16 AM EDT
- Large projects - Authored by: gdeinsta on Wednesday, August 03 2005 @ 01:44 PM EDT
- Large projects - Authored by: Tyro on Wednesday, August 03 2005 @ 03:38 PM EDT
- Large projects - Authored by: Anonymous on Wednesday, August 03 2005 @ 03:44 PM EDT
- For investors... - Authored by: Anonymous on Wednesday, August 03 2005 @ 07:36 PM EDT
|
Authored by: alangmead on Wednesday, August 03 2005 @ 09:10 AM EDT |
About a month or so ago, at the Massachusetts Software Council Open Source
SIG's meeting, I saw that presentation from Black Duck. While I can see why
some organizations may want this kind of protection against plagerism in their
code base, it seems to me that the usefulness depends on the canon of material
it has to compare against.
A non-technical executive in an organization
may read about the viral nature of the GPL and think that any connection
to GPL'd code is a cause for concern, but the underlying action that would cause
this problem isn't limited to GPL'd or other free and open source software. If a
software developer was going to plagerize, there are other sources of material,
and its seems like the liability from other visable source material would
be as great or greater.
Microsoft's source code distribution program is
an obvious example, if for no other reason than that they coined the term
visable source. Other proprietary software vendors include source code
with their product too. One that I can think of is Zope Corporations products
like Zope Replication Service (although ZC released their application server as
Open Source, their business model includes selling enterprise components as
add-ons.) Lots of development libraries and frameworks, even propriatary ones
come with source. Even real time embedded kernels often come with source. It
seems to me that the companies behind these proprietary software companies have
more at stake than some random GPL licensed project as SourceForge.
So
based on the underlying problem (as frequent as it may or may not be) of source
code plagerism, what do companies like Blank Duck and Palamida do to prevent it?
Part of the answer depends on the accuracy of their match detection algorithms.
Another part depends on the repository of work they compare it against. Does
their repository include visiable source distributions? Or do they only check
against Open Source code?
[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, August 04 2005 @ 01:37 AM EDT |
Black Duck and Palamida are excellent examples of building business around FOSS,
without having to give the business way, and without stealing anything.
[ Reply to This | # ]
|
|
|
|
|