Like everyone else who has dealt with Open Source software and libraries I have been seriously confused over what I could and couldn't legally do and the risks associated with developing open source. I have decided to write this page to assist those who are in the starting out in earth science software licensing.
So do You Really Want to be a 'Good' Guy?
I could go on forever about virtue and consequential ethics, but doesn't the bottom line trump these principles each time? I could also go on about the many articles spouting the benefits of open source for business but is it good path to go down?
The geoscientific sector is exceptionally unique. We are a small, highly specialized industry with many different sub-specialties and it is even more in our best interest to invest in this open business model. We have all seen the result of one or two companies dominating in highly specialized areas... outrageously expensive software licenses, limitations on software and equipment use, anti-competitive behavior and subversive tactics to steal the oppositions technology whilst internalizing potentially revolutionary ideas. So is there a good reason to continue along this trajectory? It promotes monopoly, inhibits start ups, squeezes dollars out of small to mid size companies and encourages a closed stagnant industry.
If you are a Good Guy, What Kind are you?
There are four main software licensing regimes, the EULA, permissive open source, strict open source and no license.
There is only one style of commercial license, the end user license agreement. We have all seen (but not read) end user license agreements or EULA for short. EULA's are essentially a contract the user has with the developers. They usually spell out why you don't own the software but own all of the risk associated with using the software. You may as well sign your name in blood. In an era of litigation it is a necessary evil.
When you look at open source software there are a variety of open source licenses ranging from GPL to Creative Commons to Apache to WTFPL. You can be a really, really, nice guy and use a permissive license such as Apache, lesser GPL or my favorite (and perhaps the most permissive of all) WTFPL. These type of licenses typically enable people to take your source code and incorporate it in their software as their own. Proprietary or not. They don't pay a cent. These caveat is that if you modify the open source code you have to contribute your modifications of the open source section.
Then there is strict open source which forces everybody share your philosophy. Or Open Source Facist. GNU GPL is a great example of this. There are particular reasons for having these licenses. If license your software as GPLv3 for instance, anybody can use it for free but if anyone which wishes to incorporate it into their software must also license their software as GPLv3. It forces all parties who wish to incorporate their code to do so in like kind. While great in concept by promoting the virtues of open source, these strict licenses inhibit commercial expansion. Commercial software cannot be built using this style of license.
Finally there is having no license. This murky case is great for intellectual property lawyers to profit from. From the few cases I have read on this subject in the US and Australia, most decisions favor the user. No license is akin to having a permissive open source license. This one is possibly the most dangerous (and popular amongst older scientific programmers) forms of licensing as you are giving away your software for free and without any safeguards or disclaimers.
Of course each license is down to the choice of the developer.
The Risk of Killing
Most computer science/software engineers are posed the same dilemma. In the mid 1980's there was a case where an x-ray machine (See Therac-25) dosed patients with hundreds of times more radiation than what was intended, expectedly there were complications and deaths occurred. The operator had accidentally set the radiation levels significantly dangerous levels, but the safeguards put in place failed to work and allowed excessive radiation to be transmitted into the patient. Who is to blame? Is it the operator who entered the wrong value? The manufacturer for allowing such high levels to produced? or is it the software developer who allowed an unsafe value to be entered? Blame has to go somewhere.
Now can you imagine a popular geophysical software package which had relaxed risk mitigation agreements attached to the software? Perhaps a developer incorrectly labelled a map projection and a $100 million well was incorrectly positioned by several kilometers. Who is to blame? Could the software development company be sued? What if you are an individual open source developer who made the module and later integrated into a commercial product? Could that individual be sued for millions. Unlikely but the possibility creeps into my mind every now and then as I develop open source software tools.
Personally we should try to envisage and mitigate incompetence without reducing the level of freedom in the software. We got taught, write the program as though you were making it for 'stupid' people. However understanding all 'stupid' actions in geoscience is impossible. Data can be manipulated, displayed and interpreted in a multitude of different ways which may appear stupid to one person may make sense to another.
What Should you do?
It's up to you. My advice is that unless you are in research with good industry backing, open source is probably not the approach for you. If you choose to make your code open source, make damn well sure that the software works perfectly or have a disclaimer ensuring you don't harbor all of the risk but none of the profit.Last updated: June 20, 2014 at 19:13 pm