Blackduck Software and IP
Paul Lussier
p.lussier at comcast.net
Thu Jan 15 17:36:45 EST 2009
"Jeff Macdonald" <macfisherman at gmail.com> writes:
> Hi all,
>
> This isn't strictly Linux related, but a pointy-hair boss here
> mentioned to a peer of mine the desire to bring these folks in. I'm at
> a loss why any company would actually need such a service, so I'm
> wondering if any of you have anyinsight. My view is that since open
> source software is publicly available, an organization that would
> claim IP (intellectual property) rights would simply be better off
> sending cease and desist orders to the author of code. I do understand
> that wouldn't be as profitable as going after a company with deep
> pockets. The company I work for doesn't ship any code. We simply use
> open source in house to provide services. I would also think that once
> some sort of IP infringement is found, that would make the company
> more liable until such infringing code is removed/recoded.
A good friend of mine worked at BlackDuck for a bit before moving to
California. One of the things they do is help you audit your code so
you know what licenses the software falls under if you re-distributing
it.
Not all of what is avaliable for Linux is GPL'ed. There are several
different FOSS licenses, and several "free-ware" licenses, etc.
For example, my last company build a product on top of a Debian base.
We needed to provide a copy of each and every license for each piece
of software (well, that's the lawyers told us). In order to do that,
we needed to know what license each package fell under. Sadly, many,
many packages don't have the License field of the .deb package
manifest file filled in.
BlackDuck (i.e. specifically my friend) has spent months painstakingly
researching each and every package for Debian (and probably RH,
others) and created a database correlating versions with packages with
licenses, etc. Additionally, they've created checksums of everything
such that they can scan large repositories and detect these signatures
to help you determine if what your shipping falls under certain
licenses.
They are in fact a legit company, consisting of people who hold FOSS
very near and dear. They have just found a way to monetize a service
around FOSS as well.
--
Seeya,
Paul
More information about the gnhlug-discuss
mailing list