Another area must be addressed before open source nirvana can begin. People and enterprises who use the code have to contribute, and only a small percentage of them do. The reason they don't is that they've been taught to be afraid, Ramji believes. Although it's been a decade since Steve Ballmer called Linux a "cancer" thanks to the "copyleft" provisions of the GPL, even when IT staff wants to contribute, corporate lawyers often won't let them, Ramji says. Lawyers worry that intellectual property may inadvertently be made free or that a downstream user could later sue the company for liability.
The typical process is that someone in IT wants to contribute to a project and is told to check with the legal department. "The lawyers at the mainstream company are going to say no [because they] see risk but no value. We've had people say, 'The lawyers say they can't even look at this for six months and the internal bill is going to be $50,000. We're just trying to give a patch back to Apache,'" Ramji says.
Outercurve is working to clear the FUD, Ramji says, by offering examples of how developers can work on projects with both proprietary and open source code. Outercurve accepts any projects covered by any OSI-approved license (including the various GPL licenses).
There are other efforts working on the legal fear issue such as the Canonical-led Project Harmony, an attempt to come up with a standard set of contribution agreements. Note that Red Hat's lead council dissed the 1.0 documents of Harmony, saying they were needlessly complicated.
Meanwhile, the Linux Foundation and FOSSBazaar are tackling a different part of the issue. In August, they released the 1.0 version of the Software Package Data Exchange (SPDX). It tracks license information in a standardized way and allows it to travel across the software supply chain, so users and contributors can know they are in compliance.
"We think there's a higher-level conversation that needs to be had by users, developers and providers to say, what does the industry want? What are we worried about?" Ramji describes. "Fundamentally, we are worried about interoperability and our ability to get on and get off the software without suffering too much."
Sign up for CIO Asia eNewsletters.