For a licence compliance company, Black Duck can sure generate some real nonsense. Take for example their latest ... "Black Duck Unlocks $59B Opportunity for Enterprises Using Open Source"
Here we are told of the terrible number of projects out there that have no explicit licence. Fair enough, modern public repositories have the problem that people can put code up on them with no licence. Black Duck go on then to say there are often "embedded licences" though so if you know that they are, you can comply with the licences and thats how you can use the code because you are complying with the embedded licences. And so Black Duck software unlocks this software because it lets you comply.
DING DING DING.
So not Numberwang. The problem with this position is that it ignores the fact that the entire project did not have a licence on it. There may well be embedded licences but they (a) probably belong to exisiting standalone components and (b) only in some very particular cases would the embedded licence pull unlicensed code into a licensed form. This is like some sort of open source fracking process.
Now, Black Duck's backup position is probably "Ah but we can tell you when that is". To which I say, firstly it won't be very often, and secondly where's the probity in yanking unlicensed code off the net and working out that because component X is under license Y, then all the code is under licence Y.
Thirdly, the process shows a distinct lack of regard to the author of the unlicensed code, gaming what possibly could have been an error or an accidental inclusion, to grab their code. There's this thing called email, it lets you contact people. Modern repositories also have ways of contacting the author. Hey, clone the project, add a license and send a pull request... the author will soon get the message.
But lets be blunt. The value of unlicensed code of unknown provenance on the net is $0. No magic wand is going to turn it into money. If you see an unlicensed repository, drop the repo owner a line, and point them at http://choosealicense.com/ or similar so they can get a better feel for licensing.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment