Singling out OSS projects for FUD and profit

Android attracts "booga-booga" from compliance vendor

I pulled a thread today, and found a little FUD that turned out to be a marketing pitch.

The headline on my newsreader read "Legal Challenges in Android Development," with a byline on This sounded like another legal expert taking potshots at Android, so I clicked the link to see what was what.

What I found was an article that, while not as harsh as some I have seen, seemed to single out Android development as more potentially hazardous to a developer's legal health than other open source projects.

Imagine, then, my surprise when I noted that the article's author was Mark F. Radcliffe, who currently acts as the General Counsel for the Open Source Initiative.

The article, in and of itself, wasn't too far afield of any other kind of licensing article a lawyer might put together. Know your license, know what you're getting into, and execute plans accordingly. Open source fans may get jumpy about such advice, because we tend to get defensive, but in truth it's no different than any advice about any license, proprietary or otherwise. "Respect the License" is solid advice no matter the license.

But Radcliffe seemed to spend quite a bit of time focusing on the notion of derivative works in the GNU General Public License (GPL) v2, which is the license for the Linux-based Android kernel.

"Compliance with GPLv2 is made more complicated by the difficulty of determining the scope of 'derivative works' in the context of software because of software’s functional nature... In the simplest situation, the modification of components licensed under the GPLv2 would require such modifications to be licensed under the GPLv2. However, a derivative work can also be created by interactions between software components."

He then tossed in an FAQ from the Free Software Foundation that attempts to narrow down what aggregate and derivative mean.

I must be clear here: none of what Radcliffe has written here is wrong. But his arguments seemed substantially weaker than his specific arguments about derivative works in the Android kernel when he corrected fellow lawyer Edward Naughton's assertions that the Android kernel might be violating the GPL by using Linux kernel header files.

There's little evidence of his passionate and specific defense of Android and how derivative works function in this article, and at first I wasn't sure why.

Radcliffe also cites "fragmentation" of Android as a problem in development. Sure, anyone who's worked with Linux is familiar with that tune. Each separate Linux distro has its own way of doing things that has historically driven independent software vendors crazy, and has led to efforts like the Linux Standard Base to help align development on the Linux platform. So, yes, while individual vendor tweaking of Android is a pain in the butt, I am still not clear why this puts Android in the special troublesome category.

Finally, Radcliffe mentions the anecdotal evidence of one developer at the recent Android Builder's Summit saying he wasn't happy with Android's Toolbox and how that developer "regularly substitutes BusyBox for Toolbox."

"However, BusyBox is licensed under GPLv2 (unlike the Toolbox components which are licensed under a combination of the permissive licenses Apache 2.0 and BSD), and the license for BusyBox is one of the most actively enforced licenses in open source because of a campaign by the Software Conservancy," Radcliffe continued.

Uh, I don't know the specifics of how that developer is using BusyBox, but using something just because it's GPL is not automatically grounds for freaking out. Using any software component and not knowing how to stay in compliance with any license is a bad idea. And why paint the Software Conservancy (SC) as the bogeyman? Sure, I disagree with its executive director Bradley Kuhn on other issues from time to time, but the SC is not on some kind of witch hunt.

The Radcliffe article seemed a little off. We got a lot of facts that on their own are true. But when they were stacked together, these facts specifically painted Android as more of a problem than other open source projects.

That's not just me saying that. It's in Radcliffe's conclusion:

"Thus, the flexible nature of Android and the approach of the developer community require even stronger management than traditional open source software until the community establishes a framework for managing these issues."

The issues that Radcliffe highlights aren't untrue, but I had to wonder why Android is being singled out. These issues can apply to any open source software project. Indeed, any free software or proprietary licensed software, too. If you don't Respect the License, you could be in for a world of hurt.

This is not the first time others have noticed seemingly contrarian views that Radcliffe has held that seem counter with the efforts of the Open Source Initiative (OSI). His pro-patent stance, for example.

And while the OSI is not in the business of supporting Android, it seems odd that its general counsel is running around using general licensing arguments in a manner that portrays Android as somehow more dangerous than other open source projects. To be clear, Radcliffe is not representing the OSI in this article.

But Radcliffe seems to have has an arrangement with another company that seems very interested in selling developers tools to manage Android project compliance.

This is the bigger picture that was initially missing from Radcliffe's article: it's actually a sidebar piece supporting a broader piece written by Peter Vescuso of Black Duck Software.

In his article Vescuso, vice president of marketing and business development at Black Duck Software, uses many of the same points Radcliffe made in the sidebar (until it's not entirely clear who wrote what first). The purpose of Vescuso's article is to as an expert for legal technologists who are learning about what's involved in Android development.

The Black Duck article, while providing expert commentary, also serves as a nice bit of product placement for Black Duck Software, particularly in two of the "best practices" Vescuso offers to "avoid litigation involving Android":

  • "Manual processes are not fast enough to aid in the discovery of hidden or potentially encumbered code...
  • "Automate monitoring and tracking of Android and its components..."

Those suggestions sound like Black Duck services to me. Indeed, this is probably the "stronger management" in Radcliffe's sidebar conclusion.

It is not unusual for vendors like Black Duck to post content on media and topical information websites like this. It's a way to get the word out about the company, its products, and the expertise of its personnel. Nor is it unusual to tap experts like Radcliffe to help bolster their points. Radcliffe's relationship with Black Duck is not clear, though he has spoken at Black Duck events.

The tenor of these articles seems to suggest, however, that there's something inherently wrong with Android because of the way it uses open source. There are things wrong with Android, but I'm not sure license compliance is any different than other projects'.

I would suggest that the only thing "wrong" with Android is that it's been wildly popular as a mobile development platform, and Black Duck is trying to get in on the action. There's nothing wrong with compliance and compliance monitoring tools, but why do market them at the expense of a successful software project?

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon