couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bernd Fondermann <>
Subject Licensing is not important
Date Tue, 11 Aug 2009 08:33:39 GMT

I'd like to try and maybe provide some insights on the topic of
licensing, dependencies, IP and so on.
The current discussion mainly focuses on licensing, but this is only
one aspect. If including some specificly licensed code is allowed or
not is not always a binary decision. You can have very bad
ASL-licensed code.

At first, a quick example: Two developers, Mathilda and Sven start a
cool open source project A. Sven finds some nifty third party open
source library B which (as code) they include in their own repository.
They make a release, they fix some bugs and their project quickly
gains attraction. Company BigCo uses their product and they are very
happy with it, they even hire Mathilda as a consultant for some time
and release their own product "BigCo DB".
Then, one day, small company Moronz & Sons sues BigCo for patent
infrigement. Oops, library B implemented an algorithm which Moronz &
Sons hold a patent on (or claim some other IP for).
BigCo is no longer so happy and now sues poor developer Mathilda,
because they can. The shit hit the fan. Mathilda is broke after
fighting BigCo, Sven is scared away. Project is dead.

To prevent anything like this, the ASF has put up all these processes
and firewalls like being a foundation, having insurance, having a PMC,
requesting CLAs and code grants, having licensing policies, holding
votes etc. It's for the sole purpose to secure the code we are
developing here to be freely distributed to our users.

Often, these are only seen as tedious, bureaucratic overhead. And
indeed they are. They aren't fun. But they can make you as developers
and your users more relaxed that nothing bad comes out of it.

So I suggest to be double careful. Don't discuss licenses only. Look
at the code. Make sure the stuff you are distributing is your own and
you know it is safe to distribute. Otherwise, back it out, check with
the original developers, re-implement, request code grants etc. That's
the task of the PMC. By +1ing a release you say that all this is
properly checked.

I like CouchDB quite a lot and when I use it I want to be absolutely
sure I'm safe both using it and suggesting it to my customers.



View raw message