Earlier this week, the latest round of BusyBox GPL lawsuits were announced by the SFLC. The current offenders are Best Buy, JVC, Samsung, Westinghouse and 10 others. It seems that every few months, there are a new round of violations or lawsuits announced, so it behooves every company that distributes software or products containing software to ensure they aren't ever on the list. We announced our Open Source Fulfillment Center service earlier this week that helps companies ensure they comply with the GPL.

Jason Perlow of ZDnet gave a pretty good explanation of the challenges in complying with the GPL. Dana Blankenhorn, his colleague, talks about why those explanations are not an excuse. I want to focus on some concrete steps companies can take to avoid being the next defendants.

Assume that you may be using GPL code.

Realize that if you have software in your product, there is a high probability that you have open source software in it. There is also a HIGH probability you have GPL or LGPL code in your software, even if you think you don't.

At OpenLogic, we offer an Application Audit service for customers where our experts scan your source code to identify any open source and help you comply with the licenses. When we do an Application Auidt, we always find open source, we always find more open source than the company thinks they have, and we almost always find GPL code that the company is unaware of.

Scan all of your code – including code from outsourcers.

Even when companies have good source code control practices, it's almost impossible to get a 100% accurate list of the open source and licenses used. The main challenge is that open source often has other open source components that are bundled inside it, and that use different licenses than the primary license specified by the project. The only way to find a complete list of open source and the relevant licenses is to scan your code.

It's also critical to scan all code from outsourcers. At OpenLogic, we find that many cases of "hidden GPL" come from this source.

OpenLogic provides both services and products for scanning code to identify open source.

Understand how to fulfill the source code requirements of the GPL/LGPL.

Once you determine that you have GPL or LGPL code in your software, make sure you understand and follow all of the appropriate requirements. Some of those requirements may not be readily apparent, but they can include:

• Including source code with your product OR including an offer to get source code with your product
• Providing the exact "corresponding source" that goes with the binaries for each product and model
• Providing instructions on how to create binaries from the source – including scripts, information on the tools needed, and details on how to replace the standard code in your product with the modified code
• Providing the source code in electronic AND physical media
• Maintaining the source code for a period of time after the latest distribution of your product

OpenLogic provides an Open Source Fulfillment Center service that helps you comply with the GPL.

I also recommend A Practical Guide to GPL Compliance from the SFLC as a great primer for do-it-yourselfers.

We announced last week that we were offering support for CentOS — a community distribution of Linux that is created from the publicly available source code that is used to create RHEL.  CentOS strives to be binary compatible with RHEL and is built from the source code that is used to make RHEL — minus all of the Red Hat names, logos and trademarks.

Here's what's included in a CentOS support subscription from OpenLogic.

Technical Support with multiple service level options: OpenLogic provides business hour and 24×7 SLA options with guaranteed response times.

Access to Updates:  OpenLogic provides a service (called OpenUpdate) which notifies customers of new releases and patches for not only CentOS but 500 open source packages in the OpenLogic Certified Library.

Indemnification: OpenLogic offers limited indemnification to customers who buy CentOS support for IP actions against CentOS.

Companies that distribute software containing open source often struggle to comply with open source licenses.  (See latest lawsuit by Artifex against Palm).

Most companies that violate open source licenses do so because they haven't properly tracked the open source software they used or what open source licenses apply.  The use of code from outsourcers and the nesting of open source projects creates additional complexities for companies' compliance efforts.

Today at OpenLogic we announced a new source code scanning and license compliance solution to help companies accurately identify the open source in their code.  Scanning solutions to identify open source code have been around for several years.  However, as we used a variety of scanners to audit customer's applications, we found that these existing solutions have significant limitations.  We developed OSS Deep Discovery and the OLEX License Compliance module to address these issues.  The OpenLogic solutions provides:

• High accuracy, low noise:  Using a range of advanced matching and noise reduction techniques, OSS Deep Discovery provides pinpoint identification of the correct origin of open source code.  OSS Deep Discovery eliminates the extraneous matches that are common with previous solutions.
• Lightweight, instant-on architecture:  The OLEX License Compliance module is a SaaS-based solution that eliminates the need for additional hardware or infrastructure and OSS Deep Discovery is a lightweight downloadable client that enables you to start scanning your code within minutes.
• Value-priced:  OpenLogic's solution provides a low cost way to ensure open source compliance.  Subscriptions provide a low-entry price for small companies as well as a cost-effective "unlimited scanning" option for companies scanning large volumes of code.

Companies now have new options for scanning source code to find open source and ensure compliance with open source licenses.

After four years supporting a wide variety of open source projects for over 120 enterprises, OpenLogic is now expanding our offering to include commercial support for community distributions of Linux.  Today we announced that we are offering commercial support for CentOS as our first community Linux distro.

Here's a Q&A explaining the why's and how's of our announcement:

Why are you now offering support for Linux?

Customers come to OpenLogic to get one-stop support across all of the open source that they use.  Since applications using open source often run on Linux, our customers have asked us to offer support for community distros of Linux.  

Why are you starting with support for CentOS?

We have gotten requests for CentOS support from our customers.  In addition, CentOS is a great choice for enterprises looking for a lower cost option for Linux on their servers.

Why would a company get CentOS support from you versus other support vendors?

There are three main reasons customers get support from us — aggregation, quality and value. 

• OpenLogic is a one-stop shop for companies looking for open source support covering hundreds of open source projects – including many projects for which there is no other commercial support option.
• OpenLogic provides high-quality, expert support that doesn't stop at the boundary of a single project.  When issues span multiple open source projects and even involve the operating system, OpenLogic can still help when other vendors begin to point fingers.
• OpenLogic is value-priced compared with offerings from other vendors.  OpenLogic offers low priced support options for unlimited servers and unlimited incidents.

How is your CentOS support priced?

Our CentOS support can be bought in two ways — based on the number of servers or an unlimited server option.  The low priced unlimited server option can provide significant cost advantages for as few as 15 servers.

How do you handle bug fixes?

The CentOS project stays up-to-date with fixes from the upstream vendor.  OpenLogic will fix bugs and contribute fixes back to the community on behalf of its customers.

What is CentOS?

From the CentOS Wiki & website:

CentOS is an Enterprise Linux distribution based on the freely available sources from Red Hat(R) Enterprise Linux.

CentOS conforms fully with the upstream vendors redistribution policies and aims to be 100% binary compatible. (CentOS mainly changes packages to remove upstream vendor branding and artwork).  CentOS is free.

 

CentOS is a trademark of CentOS Ltd.

Red Hat is a registered trademark of Red Hat, Inc.