+972 52-548-6969
Microsoft and shipping OSS
Jon Galloway presents an interesting point of view about why Microsoft can't ship open source code. Basically, it boils down to the fear that an Open Source project that is licensed under a permissive license will "aquire" a piece of code that originated from GPL code, thus infecting the rest of the code distributing with that project with the GPL license. The implications of which would cause either (A) windows itself to be GPLed, (B) tremendous costs for recalling and replacing the GPLed sections.
The example given is distibuting Paint.NET, where a GPL code found in it can be will cause a recall of Windows.
This sounds reasonable enough, on the surface, but I don't agree with this on a number of counts. I would like to point out that most OSS developers have at least basic understanding about what licenses, but that is actually beside the point.
It is far more important to consider the fact that the GPL applies to derived work only. Even assuming that the Paint.NET source code is found to contain GPLed bug, it has no implications on anything else in Windows. The worst case scenario would be that Paint.NET itself would be forced to become GPL, no other affect on anything else on Windows.
In fact, the GPL License explicitly allows this:
Jon goes on to point out that the implications of this:
Again, I disagree. Some projects are fairly chaotic in this manner (usually GPLed ones), and will accept any patch, and may incur this issue. (This is non issue for GPLed projects, although there is also the reverse issue here, but that is rarer) Most open source projects require that you would either explicitly transfer ownership of the code or that you would guarantee that you are adding your own code, and not some random code that you grabbed from somewhere.
This also completely ignore the fact that a valid response for GPL code found in your code is to remove the offending code and get on with your life. A possible response would be to release an update via Windows Update in such scenario.
Comments
This is exactly why I say that the browser is an excellent information distribution platform, but an awful application platform. Even with fancy toolkits, writing web applications is just plain hard. You spend a lot of time worrying about stupid things like cross-browser, cross-platform compatibility, weird concurrency issues, slowness of interpreted JavaScript, the inherent stateless of the browser, poor handling of lost connections, and more. Don't get me wrong - web-enabled application are awesome. I just think that JavaScript and DHTML for applications are not going to be the primary means of delivery in the next 5 to 10 years.
Did you comment to the wrong post?
i think that's just a lame excuse by Microsoft. everyone who knows GPL knows that just because you bundle a single GPL app with Windows doesn't mean the entire Windows will have to be GPLd! if that were so then all Linux distros would be pure GPL, and we know they're not.
Actually, I think it's less a fear of GPL and more a fear of patented code.
For example, suppose Microsoft is ready to ship the next version and they bundle something like a new open source network stack. Just before shipping (or worse, after shipping) a company sues them because the network stack code included some code patented by another company. It would suck if Microsoft had to delay the release due to an injunction. This is the scenario they want to avoid.
On one hand, I think we need to reject a culture of fear. On the other hand, we've seen this sort of thing bite Microsoft over and over, whether or not the lawsuits had merit.
That is not something that is unique to OSS, not by a long shot. Hell, they were sued (and lost) over IE's ActiveX!
I don't think that this is something where OSS would increase the risk of infringing on patents.
First let me say that I've been arguing for a long time that Microsoft was dropping the ball by not shipping BSD and MIT licensed projects with Windows, so I very much want to be wrong.
I think the general issue is that they can't afford the risk of shipping code they can't verify they have the right to ship. Patented disputes are probably a more likely concern, as Phil mentioned. However, even the GPL in Paint.NET issue presents the risk of being very costly for Microsoft. It's not at all hard to believe that a court (especially one with a bias against Microsoft) would grant an injunction preventing Microsoft from shipping the GPL'd code pending further study. However, that code is burned onto DVD's sitting on store shelves and preinstalled on thousands of computers at Dell, HP, etc. It doesn't matter that the court might be wrong, a massive recall and a one month delay in shipping Windows would be a disaster. Just the potential of something like that happens weighs pretty heavily against the nominal benefit Microsoft would get for shipping a better paint program.
"Most open source projects require that you would either explicitly transfer ownership of the code or that you would guarantee that you are adding your own code" - my guarantee doesn't do Microsoft any good if they're sued. Are they going to come after me to recoup the money they lost?
While you'd assume most developers know their software licenses, just today I talked to a leader on a medium sized open source project who discovered that a patch contained code which had been copied from another project with an incompatible license and without credit. The developer (who was immediately banned from the project) claimed they didn't know that was wrong.
Certainly not unique to OSS.
But from MS perspectives, their employees are told not to look at OSS code unless they get some form of approval. They are less likely to introduce patented code into a project by accident.
However, if they take a large OSS code base and decide to integrate it into Windows and release it, there may be tens to hundreds of contributors. It's very difficult for them to figure out whether it's a lawsuit waiting to happen.
I'm just saying, it's a legitimate concern, but not an insurmountable concern. Rather than saying, "Big deal! Just deal with it!" or "Everyone deals with this!" it's more helpful to say, "Here's how to mitigate the risk."
Keep in mind. There's no point suing an OSS project that has no money. For example, if someone put patented code in Rhino Mocks or MbUnit, you might never know (assuming others contribute). Why would anyone want to sue you?
Suing MS, is another matter because they have tons of money.
They are an attractive target.
Heck, it might be a bit outlandish, but you could imagine a scenario where someone contributes patented code to a project in the hope that MS incorporates, just so they can sue them later.
Again, the constructive question is, "What is your advice to MS?"
Jon,
No argument about "most" not being all, no. There are certainly developers like the ones that you describe.
That said, the GPL explicitly allows to ship GPL software with non-GPL software, so I find it hard to believe that the disaster scenario you describe is even possible.
Define integrate, I am not talking about taking the networking stack from the SCO kernel, I am talking about bundling user level applications, and the example is Paint.NET.
That one is a legitimate concern, sure ,but it is the same concern you have whenever you take a dependency on another's code.
Phil,
My advice would be to evaluate existing OSS efforts and consider making use of them instead of developing in house. In this regard, Paint.NET is not a good example, because I am mainly talking about tools, more than user applications.
NUnit vs. MsTest is the classic example where they took the wrong way.
When/if they decide that they would like to develop something in-house instead of reusing existing technologies, I would like to know what the reasoning behind the decision are.
Comment preview