He also makes the following excellent point: "I also want to be very clear: Complying with open source licenses is actually easier than complying with proprietary ones. (One reason: There is no money involved.) There are countless software audits of users every year, and settlements often range in the tens of millions for large companies. You may not have heard about those cases since they do not get the attention the very few open source cases do, but make no mistake, complying with proprietary licenses is not easy or cheap."
That is, not only is compliance with open source easier than with proprietary products, it is now even easier, thanks to the new program.
An important part of this is a set of new tools. All of them, of course, are open source, so it will be interesting to see whether any new companies grow up around them:
- Dependency Checker Tool: Initiated by the Linux Foundation as an open source project, this tool identifies source code combinations at the dynamic and static link levels and provides a license policy framework that enables open source compliance officers to define combinations of licenses and linkage methods that are to be flagged if found as a result of running the tool.
- Code Janitor Tool: Initiated by the Linux Foundation as an open source project, this Code Janitor tool provides linguistic review capabilities to make sure developers did not leave comments in the source code about future products, product code names, mention of competitors, and so on. The tool maintains a database of keywords that are scanned for in the source code files to ensure source code comments are sanitized and ready for public consumption.
- Bill of Material Difference Tool (BoM Diff): Initiated by the Linux Foundation as an open source project, the tool will be capable of reporting differences between bills of materials and therefore enable companies to identify changed source code components and to better report included open source component in updated product releases. The development on this tool will start in late 2010 and links to mailing list and Git repository will be made available then.
All three tools -- but especially the one that sanitizes your code -- reveal a deep and important truth about this latest move by the Linux Foundation: that they try to take all the fun out of free software. They are about removing the quirkiness and the riskiness that has characterized free software in business for the last decade and a half, and seek to replace it with nice, safe systems that senior management will instantly fall in love with. In a word, they seek to make open source boring for the enterprise. That's not only good news for companies, it's a really important step for the Linux Foundation.
I've been rather skeptical about what role the Linux Foundation should play in the open source ecosystem, and I've found its earlier moves have rather smacked of searching around for something to do there. But with its new Open Compliance Programme it has truly come into its own, offering an important, necessary, and dull set of tools that mark a kind of coming of age not just for enterprise open source, but for the Linux Foundation itself.