Black Duck Software and Palamida have each announced that they are partnering with the Eclipse Foundation and SourceForge.Net, as reported by CNET's Stephen Shankland and others. It will not only make their databases more effective, as Dave Rosenberg at Infoworld points out, because of being more complete, but it makes due diligence regarding copyright issues easier because of automating the process. For one thing, there will be no time lag now, Internet News points out, because any new additions to Sourceforge will be immediately available in Black Duck's code management database, for example, which is now allowed to replicate the software repository.
Call it a preventive strike against any future SCO lookalikes, if you like. Call it antiFUD, if you prefer. Palamida says one purpose is to "ease open source developers' concerns about the utilization of their custom-created intellectual property, and allow organizations to be more confident in their use of open source software." It also makes it easier to find hidden GPL violations in your proprietary code, so you don't have to worry any more about any so-called GPL "viral" effect.
When you think how much it has taken to get those pesky SCOfolks legally pinned to the mat, I think it is wise to do all things possible to prevent another SCO. I don't want my unborn grandchildren someday to have to keep writing Groklaw to the end of time. And some businesses feel they need clarity and assurance regarding legal compliance and code purity. I know such tools are disliked by some developers and that there are traditional methods that can be used instead, and I understand the why of the dislike, because some feel such tools are supporting antiGPL and antiOpen Source FUD, but I think such tools make it possible to more easily answer the SCO- and MS-inspired FUD, and to me that can only be good. The FUD has to be dealt with somehow.
Let's face it. Not everyone is a deep thinker. Others simply don't have time for long discussions. If a CEO hears there are IP issues with Free and Open Source software, even if it's FUD, they'll Just Say No to using it. If, instead, someone can say, there's a solution to that problem, it makes a difference. You can argue all you like that it's silly that people are like that and think like that, and you can write long blog entries about how such tools aren't needed because of this or that perfectly sensible reasons, but humans *are* like that and they *do* think like that, and that isn't going to change. CEOs are too busy to read a lot on subsidiary issues, and that is something I've learned to understand, as Groklaw gets bigger and more popular. I too now have to ask folks to give me the executive version before I even consider giving time to something. All CEOs want to quickly find answers to are the following questions: is there a solution to this problem? If so, does it work? Is there any down side? Can I move on to the next issue now? And don't forget that CEOs of public companies have to think about things you don't, like their obligations under the Sarbanes-Oxley Act [PDF].
The Palamida press release is here. And Black Duck Software's is here. It begins like this:
Black Duck Software, the leading provider of software compliance management solutions, and SourceForge.netŪ, the world's largest Open Source collaborative development site and part of the OSTG (a subsidiary of VA Software, NASDAQ: LNUX) technology network, today announced a partnership to help businesses worldwide confidently use more open source software while ensuring they meet their license compliance obligations. SourceForge.net hosts more than 103,000 open source projects, and today over 1,100,000 registered users leverage this resource to accelerate their own software development efforts. Through the partnership, Black Duck will now house a replicated version of the SourceForge.net repository at its headquarters. Black Duck will leverage this to provide users of their protexIPTM software compliance management platform with the most comprehensive and timely library of open source project information. I wrote an article for LWN.net a little while ago, "IP Software Compliance Tools -- Who Needs Them and Why?" about how both companies work and what the differences are between them, and in the course of doing my research, I became finally convinced that such tools can provide a valuable service, if only for antiFUD purposes, but for another reason as well. One part of what they do is to alert you to what your license obligations are if you use a particular piece of code. That is really useful to a business and can prevent any mistakes out of ignorance or confusion about how licenses work and how they interact, so as to prevent conflicts with other license responsibilities a company is already obligated under. When you consider that there are more than 500 FOSS licenses now, which is way too many, it's not a small task for lawyers to figure out what can mix with what, but that's a rant for another day.
The protexIP system contains a KnowledgeBase of sophisticated Code Prints and processed licensing information from open source projects which is used to validate whether companies are correctly using open source within their applications. protexIP identifies which projects are in use and alerts users to license obligations and conflicts, enabling automated intellectual property (IP) policy management across distributed development teams. The alliance will further leverage Black Duck's existing, unique Web Update service whereby the Company offers regular online KnowledgeBase enhancements to its customers via subscription service. The direct access to SourceForge.net project information means that newly released projects will be immediately identifiable by protexIP.