Summary: Microsoft proxies or offshoots are not managing to keep their cover and legitimate figures in the Free software world end up ostracising these
TECHRIGHTS recently wrote about the latest FUD from Black Duck, which has its roots in a person from Microsoft. Bruce Perens said that more people should call out this firm for its dubious claims about the GPL and now we see Simon Phipps, the president of the OSI, speaking about the problem. To quote:
So the real risk is much smaller than the headline numbers suggest. In all this, I can’t help feeling Black Duck want us to be afraid. It’s very important that Github takes its responsibilities seriously, and their new improvements show they are starting to do so. But the headline “60% of open source is dangerous” number from Black Duck, together with the “77% of Github is dangerous” number, seem over stated. Given their business model is to apply reassuring consulting and tools to corporate fears about open source, maybe that’s not surprising. But it’s regrettable.
Open source software is all about developers being able to achieve sufficient certainty to collaborate without the need to spend money on legal advice. OSI’s approved licenses deliver that, and the vast majority of active open source projects have this topic sorted. While Github’s laissez faire attitude to date has led to a good deal of inconvenience identifying the license in use for projects there, as well as pandering to the anti-bureaucratic instincts of the newer generation of developers, it’s now being sorted and it never rose to the level of a crisis for most people.
It must have been frustrating for Black Duck to have the PR spin on their new product thwarted by Github; I just wish they had responded by toning down the “danger, danger” message. Open source has a lower compliance burden than proprietary software and its endless, custom EULAs and developer licenses. Let’s shout that message, for a change.
Not too long ago Phipps also chastised a Microsoft proxy called Microsoft 'Open' Technologies.
After all the GPL fear that was spread by Black Duck it is too hard to believe anything it says. Black Duck was also honouring Microsoft with 'open source' awards (lending legitimacy with mere words and hype), not disclosing that it had a Microsoft business partnership and also a strong Microsoft connection (the firm’s founder) since its inception. The thing to remember about Black Duck is, they’re not selling FOSS or even any valuable information, just FUD and proprietary software. Moreover, they deserve no mercy or the benefit of the doubt (as there is doubt no more and the doubt only ever comes from them, along with fear and uncertainty about using FOSS code).
Yes, how profoundly ‘open source’. As long as the rest is all proprietary, everywhere else inside the stack… █