HP exec calls for fewer open source licenses

SAN FRANCISCO — The open source community needs fewer licenses and the large number of software licenses used to release open source code is becoming a significant issue for developers and users, said a senior Hewlett-Packard Co. (HP) executive speaking at the Linuxworld Conference & Expo here Tuesday.

“A lot of people don’t realize that today there are dozens and dozens of open source licenses,” said Martin Fink, HP’s vice president of Linux. “The number has reached 52 open source licenses and will likely be 55 by the end of the week”

Open source licenses are approved by the nonprofit Open Source Initiative, (OSI) which has certified software licenses from organizations as diverse as the National Aeronautics and Space Administration (NASA), the Massachusetts Institute of Technology, Apple Computer Corp., and Nokia Corp., since it was founded in 1998.

But according to Fink, there are already too many such licenses. “There really is no value, and there is only confusion in having that many licenses,” he said.

To date, HP has not seen the need to create a new license for its own contributions, choosing instead to release its software under existing open source licenses, Fink said. “I approve on average three to five open source projects and contributions every single week,” he said. “If I have never had to create a new license, I have a really hard time understanding why you think you do.”

Fink called on open source developers in the LinuxWorld audience to try and reduce the number of software licenses. “Lets look for ways to start consolidating the existing set of licenses so that we remove the confusion that having that many licenses has on our industry,” he said.

The issue has attracted the attention of the OSI board and has, at least, the potential to become serious, said Eric Raymond President of OSI. There is a “strong chance” that the organization will be more restrictive in the number of licenses it certifies, though it has not put such a policy in place, he said in an e-mail interview.

The majority of OSI-certified licenses are used in a very small number of works, Raymond said. “All but a dozen of these are vanity

licenses, usually uttered by a corporate legal department with too much time on its hands, used on exactly one project,” he said.

Any confusion brought on by the proliferation of open source licensing is probably a greater issue for open source vendors, who must ensure that the products they sell do not have incompatible licenses, but it is also an issue for customers, said Chris Hjelm the Chief Technology Officer with Orbitz LLC, which uses a variety of open source software in its online travel business.

“If everyone sort of opted out of the licensing game, it would make everyone’s life a little easier,” Hjelm said.

At least one company, Waltham, Massachusetts-based Black Duck Software Inc. has been created to simplify the life of customers like Orbitz. Black Duck, sells a product called protexIP which allows IT managers to track their software developers contributions and to help ensure that any open source software being used or complies with its licensing terms.

Orbitz is currently having its internal code audited by protexIP, said Hjelm. “The promise is that they’ll manage this complexity,” he said.

For software vendors toying with the idea of adding to the plethora of open source licenses, Fink had some words of advice. “If you’re out there and you’re a vendor and you’re planning to create a new license. Stop. Please don’t. Call me.”