September 26, 2002

Beware of viral PLG software licenses!

- By Robin "Roblimo" Miller -
It has come to our attention that certain software licenses can spread in viral fashion from program to program and play havoc with programmers' and software users' lives. We present the following article as a public service to Linux.com/NewsForge readers and their friends.

How an infection starts

Programmers often save time by using prewritten code. "Why reinvent the wheel?" is their typical "answer a question with a question" response if anyone asks why this practice is so common in the software business. But it's all too easy for a programmer to reuse code from a source that is encumbered by a class of licenses that, for the purpose of this article, we'll call "Proprietary Licenses in General" or "PLG" for short.

We believe that most reuse of PLG code is innocent; that it usually comes about because a programmer has, at some point, glanced at a program's source code released under a seemingly innocent initiative of some sort that gave them access to code that is strictly protected by copyrights, patents, Arctic Wolves, lawyers, biker gangs, the DMCA or other restrictive devices.

Imagine a programmer working on a tight deadline who sleepily semi-remembers a few lines of C that will do just what he needs to do, and plugs them into his current work. Next, imagine the user of this code releasing the program back to the community that developed the original program the programmer was hired to customize. Now imagine a biker gang or software company coming along and claiming that because their PLG code was added to the program, the whole thing must now be relicensed as PLG -- that it is now a proprietary program -- and that the biker gang is claiming ownership of it.

How the infection can spread

What if the bikers don't spot the first use of their PLG code, and the program that incorporates it becomes popular or, worse, the module that contains the PLG code is reused or linked to by other software projects? Suddenly the bikers can sic their lawyers not only on the original software developer who accidentally reused their work, but on all the developers who reused that original developer's work. Suddenly thousands, possibly millions, of users are Evil Software Pirates and have their doors kicked in by goons masquerading as intellectual property lawyers -- or by intellectual property lawyers masquerading as goons, depending on the circumstances.

Guard against viral PLG infection: Just say no

The best way to avoid PLG infection is to avoid looking at any source code, ever, that may carry a proprietary license of some sort. Even if your best friend offers you proprietary source code, and all your other friends say, "Aw, c'mon, be one of the gang, one little peek isn't going to hurt," you need to stay strong. Just say no. It's not always easy to resist peer pressure, especially if you're depressed and a hit of that proprietary code might make you feel like you're on top of the world. You may want to talk to a trusted adult if the pressure keeps up. If you don't want to discuss this sort of thing with your parents, turn to your minister, rabbi or local Free Software Foundation representative. But until you reach that trusted counselor, just say no.

Smart kids reject peeks at PLG code

According to Microsoft, they have offered their Shared Source program to 2,300 companies, but only 150 have been interested. The company's official line goes, "Most say 'we are manufacturers, we don't do source code -- that's your job,' and others say they expect their systems integrators to deal with any source code issues."

Ummm ... okay. Or maybe those companies were worried about accidental infringement or even charges of infringement that, however groundless, could eat up plenty of management time and run up big legal bills. We remember Samba project managers absolutely rejecting any chance to look at any Microsoft code whatsoever, even if seeing what that code did and how it did it would have made it easier to get Windows to communicate with Linux and Unix.

PLG vs. GPL

We've heard plenty about how, if you write software that incorporates code published under the GPL (General Public License), your entire program may also need to carry the GPL. Okay. This does not mean that writing commercial software that runs on GPL-licensed Linux will suddenly assume the license terms of the operating system any more than a GPL-licensed program running on Windows will suddenly grow long, vampire-like proprietary teeth.

The real problem comes when you incorporate code published under one kind of license into a program published under a different one or link to code libraries that carry a license that doesn't play well with the one you want to use for your software.

So perhaps the GPL license can be considered "viral" because programs that use GPL code must also be licensed under the GPL. This is a 48-hour flu kind of virus. It is an inconvenience, possibly an irritation.

But the viral nature of PLG (Proprietary Licenses in General), which hardly gets any attention in the IT media, is more on the West Nile level. Use proprietary code in your software -- either on purpose or by mistake -- and you can end up with whole gangs of lawyers hassling you and taking all your money. You might even end up in jail as a "software pirate" under some countries' laws.

Anyway, please help spread the word about the dangers of even accidentally using PLG-licensed code. Perhaps a group like Sincere Choice should make this warning part of its platform in order to remind unwary programmers and software users of the danger proprietary code may pose to their well-being.

Click Here!