Governance with FOSSology and FOSSBazaar: Rights and Licensing
At CeBIT Open Source 2009 Martin Michlmayr, past Debian project lead, presented his current projects FOSSology and FOSSBazaar, and spoke about the role his employer Hewlett-Packard is giving him in the governance project and how the FOSSBazaar work group is organized within the Linux Foundation.
Britta Wülfing of Linux Magazine Online interviewed Michlmayr after his talk to find out more about his work at the Open Source Initiative (OSI) and the European Union Public License (EUPL). Here are the results of that conversation.
LMO: To whom is FOSSBazaar targeted?
Michlmayr: FOSSBazaar is clearly enterprise-oriented, not necessarily directed at technologists, but more to managers, lawmakers, procurement officers. With this project we want to cover thematically the entire bandwidth of Linux and Open Source.
LMO: What interest does HP have in it?
Michlmayr: HP has to do this work anyway with all its products and programs. It has to be clear for each software what licenses and rights are attached to it, how they are to be maintained and supported. We have to do it, everyone has to do it. Why not together then?
LMO: There are already several projects concerned with this topic, for example the Freedom Task Force of the Free Software Foundation or Harald Welte with gpl-violoations.org . Are there differences or do you work together?
Michlmayr: Yes, we're working together on certain levels. We have intensive discussions on mailing lists, and we're providing seminars together with the French INRIA [National Institute for Research in Computer Science and Control] research institute.
LMO: How is the project adopted by enterprises?
Michlmayr: We're working with a platform that everyone can access. Truthfully many enterprises apparently have a problem in openly talking or writing about licensing and rights. That requires some convincing on our part.
LMO: The term "governance" might be considered a body of rules and standards, which seems somewhat unwieldy. Isn't it a bit daunting for smaller and middle sized enterprises?
Michlmayr: That's a hard one. We don't want to instill any FUD on anyone, but simply clarify. Of course some examples present some problems, such as when a single software includes dozens of Open Source licenses. We'd rather like to collect examples of how many projects actually include only one license.
LMO: The plethora of licenses is always a hot topic in the OSI, where you're also active. There's been a suggestion to limit things to three licenses. What's your take on this?
Michlmayr: Whether to limit things realistically to three licenses is a good question. But I feel that everyone involved in this is agreed certainly on limiting them. That's why careful thought is given to new licenses and if they should be distributed. There are obviously vanity factors involved when a license happens to bear the name of its issuer. But one new license is bound to be of true value in the near future: the EUPL [European Union Public License]. For the first time we'd have a license available in all European languages and valid everywhere, that is, all translations have been legally scrutinized. Also of practical value is that EUPL code can be converted to GPL code.
LMO: When can we expect to see OSI approval of the EUPL?
Michlmayr: We can't give an exact date, but it's bound to happen soon.
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.
Klaus Knopper announces the latest version of his iconic Live Linux system.
All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.
According to a report, many potential victims of the Heartbleed attack have patched their systems, but few have cleaned up the crime scene to protect themselves from the effects of a previous intrusion.
DARPA and NICTA release the code for the ultra-secure microkernel system used in aerial drones.
Should you trust an online service to store your online passwords?
New B+ board lets you build cool things without the complication of a powered USB hub.