Language Selection

English French German Italian Portuguese Spanish

Commercial Open Source?

Filed under
OSS

Here’s a wrinkle that many devotees of open source either don’t know about, or don’t talk about. As it turns out, open source projects can get acquired by commercial software companies. And to prove that point, one of the more popular open source projects on sourceforge.net was acquired last week. To what extent the acquisition of an open source project results in its being taken out off the open source shelves depends on many things. For example, how many people were contributing to it before the acquisition, who are they, and what are their plans now that their open source project has been acquired?

To acquire an open source project, the acquirer has to, with almost 100 percent certainty, be sure that they are acquiring the copyrights to all of the code being used in the project. Those copyrights ultimately belong to the individual contributors to the project who, up until the point of acquisition, would have been bequeathing certain rights to their code to others under whatever open source license is behind the project. To the extent that licensing that code under an OSI-approved license is what let the code out out of the box and into the open source wild, there’s nothing that the acquirer can do to put it back in the box. That code will always remain available under whatever open source license it was published. But, by acquiring the copyrights and any trademarks that are associated with that code, the acquirer also acquires the right to modify and distribute the original code without having to make those modifications available under an open source license. In other words, future versions of the open source software could become closed source. So, how could this play out?

With a project like Linux, there’s pretty much a zero probablility of the project ever being acquired because of how many contributors are involved. Not only would it be difficult to track them all down, establish with some degree that they are indeed the copyright holders, and reach some mutually beneficial financial arrangement to give an acquirer all the rights they need. There’s also the high likelihood that some passionate group of developers would take the core body of source code that was already available under an open source license (the GPL), and exercise their rights to continue the evolution of an open source version of Linux. The end result, even if someone successfully "acquired" Linux, would be a tangible forking of the code. One fork would be open source version that the passionate community carried forward. The other would be the commercial derivative that was some percentage open source (by virtue of the "grandfathered" code base), and some percentage closed source.

But what about a popular open source project that has far fewer developers with far fewer copyrights to track down? Sure, the developers could sell their copyrights to the acquirer, but nothing prevents them from continuing to evolve the already open-sourced code under an open source license. That is, unless, in the process of acquiring the copyrights to the source code, the acquirer also hires the most passionate developers — the driving forces — behind the open source project.

Full Story.

More in Tux Machines

today's lefftovers

OSS Leftovers

  • Running for the board of the Open Source Initiative – a few words
    Today I would like to explain my reasons for my candidacy at the board of the Open Source Initiative. I can think of two kinds of reason for my decision: one is personal, and the other one is directly related to current state of Open Source and software freedom. Let’s start with the first one: I’m currently helping the Open Information Security Foundation and the Suricata project in my capacity at ANSSI, while contributing in a minor way to the LibreOffice project and the Document Foundation.
  • Tutanota: Encrypted Open Source Email Service for Privacy Minded People
    Since then, I have heard of another email provider that you may be interested in. It’s a little different, but it touts some of the same features ProtonMail does: privacy, security, open-source code, etc. It’s called Tutanota, and like ProtonMail, I am a very big fan.
  • Open FinTech Forum – Event preview, October 10-11, New York City.
  • The tracker will always get through
    A big objection to tracking protection is the idea that the tracker will always get through. Some people suggest that as browsers give users more ability to control how their personal information gets leaked across sites, things won't get better for users, because third-party tracking will just keep up. On this view, today's easy-to-block third-party cookies will be replaced by techniques such as passive fingerprinting where it's hard to tell if the browser is succeeding at protecting the user or not, and users will be stuck in the same place they are now, or worse. I doubt this is the case because we're playing a more complex game than just trackers vs. users. The game has at least five sides, and some of the fastest-moving players with the best understanding of the game are the adfraud hackers. Right now adfraud is losing in some areas where they had been winning, and the resulting shift in adfraud is likely to shift the risks and rewards of tracking techniques.
  • MozMEAO SRE Status Report - February 16, 2018
    Here’s what happened on the MozMEAO SRE team from January 23 - February 16.
  • The major milestones of the Government Digital Service (GDS)
  • PyTorch Should Be Copyleft
    Most people have heard of Google’s Tensorflow which was released at the end of 2015, but there’s an active codebase called PyTorch which is easier to understand, less of a black box, and more dynamic. Tensorflow does have solutions for some of those limitations (such as Tensorflow-fold, and Tensorflow-Eager) but these new capabilities remove the need for other features and complexity of Tensorflow. Google built a great system for doing static computation graphs before realizing that most people want dynamic graphs. Doh! [...] I wish PyTorch used the AGPL license. Most neural networks are run on servers today, it is hardly used on the Linux desktop. Data is central to AI and that can stay owned by FB and the users of course. The ImageNet dataset created a revolution in computer vision, so let’s never forget that open data sets can be useful.
  • Linux on Nintendo Switch, a new Kubernetes ML platform, and more news
    In this edition of our open source news roundup, we take a look at the Mozilla's IoT gateway, a new machine learning platform, Code.mil's revamp, and more.

Security: France, Munich, 'Smart' Meters, MeltdownPrime and SpectrePrime

  • Highlights of the French cybersecurity strategy

    First, the document describes that in France cyberdefence and cyberoffence are separated. This is directly opposed to the models employed in Anglo-Saxon countries. But it’s shown as an asset. Key argument: it respects freedoms and civil liberties.

    The document then lists the six general objectives of cyberdefence, namely: prevention, anticipation, protection, detection, attribution, reaction (remediation). The strategy itself is complete, it focuses on civil, military, domestic, external, and international levels. Let’s say it’s a rarity in the business in strategic cybersecurity documents.

    [...]

    The strategy then mentions that one of the solutions could be to release source code and documentation after an end of support date.

  • The Munich Security Conference 2018

    Over the past five decades, the Munich Security Conference (MSC) has become the major global forum for the discussion of security policy. Each February, it brings together more than 450 senior decision-makers from around the world, including heads-of-state, ministers, leading personalities of international and non-governmental organizations, as well as high ranking representatives of industry, media, academia, and civil society, to engage in an intensive debate on current and future security challenges.

  • Smart meters could leave British homes vulnerable to cyber attacks, experts have warned
    New smart energy meters that the Government wants to be installed in millions of homes will leave householders vulnerable to cyber attacks, ministers have been warned.
  • MeltdownPrime and SpectrePrime: Researchers nail exploits
    "The flaws—dubbed Meltdown and Spectre—are in chips made by Intel and other major suppliers. They can allow hackers to steal data from the memory of running apps, including password managers, browsers and emails." The authors of the paper on arXiv, Caroline Trippel, Daniel Lustig, and Margaret Martonosi, discuss a tool they developed for "automatically synthesizing microarchitecture-specific programs capable of producing any user-specified hardware execution pattern of interest." They said they show "how this tool can be used for generating small microarchitecture-specific programs which represent exploits in their most abstracted form—security litmus tests."

How Linux became my job

I've been using open source since what seems like prehistoric times. Back then, there was nothing called social media. There was no Firefox, no Google Chrome (not even a Google), no Amazon, barely an internet. In fact, the hot topic of the day was the new Linux 2.0 kernel. The big technical challenges in those days? Well, the ELF format was replacing the old a.out format in binary Linux distributions, and the upgrade could be tricky on some installs of Linux. Read more