Arguing for an open approach to Open Source compliance

The main objective of this theme is to collect all the “good ideas” to explain the interest in this approach. Feel free to add your ideas, opinions, experience, on elements added in this post my answering this topic.

Here are the first element mentioned during workshops :

Issues encountered in Open Source compliance

Legal issues

  • There is not a lot of European jurisprudence on this issue, we need to work together in the EU as a (legal) community to have a common view and to standardise certain interpretations.

  • Concurrent approaches to ensure harmonisation. Licences are often subject to different interpretations and there is little case law.

  • It is hard to find efficient legal knowledge about Open Source (trust issues).

Issues related to the organisation of the ecosystem

  • As Open Source is based on a horizontal approach, it is important to contribute to the way it might be interpreted by jurisdictions all around the world

  • There are various “philosophies” / “community interpretation” with sometimes contradictory answers. There is a need for a consensus.

  • It takes time, it is complex. A community approach would be more efficient because of the similarities between all individual compliance work.

A context calling for this need

  • Compliance approach is different from legal approach, we need to come to some kind of consensus to reduce risk for each organisation

  • Complete common understanding: the link between technical interactions and legal implications is often difficult to find.

  • Thinking about easy ways to use legal practices that would be a benefit for both lawyers and other people

  • Move forward and more quickly without having to duplicate the work done by others on these issues

  • There is a need for a cultural change, and global approaches are needed

During the second workshop, a number of elements were discussed that could be added to the list :

The challenge to imagine FOOS compliance through community approaches in research organisations

  • Mitigate legal risks & litigations,
  • Make research results applicable & useful for society, industry and public,
  • Reduce overhead cost of compliance for research results and lower the cost of compliance check to do it with current public institution resources,
  • Challenges : capacity to do it, low visibility of the problem, lack of personnel.

A collaborative effort to create trust

  • Need to create something that would ease our lives and push the subject in the working circles. European money could fund it,
  • Importance of trust of the research to do compliance. But it raises the question about the tool to use to do so,
  • Sharing of responsibilities : who is assigned to do the final check ?

A context calling for this need

  • Open Source software are bound to publications, there nobody is checking the compliance. In some cases it is in the hands of researchers and professors with technologies,
  • Different levels of autonomy : some can choose licences, others are bound to what the editor of the paper has chosen. Some institutes, universities, have already intellectual property (IP) policies in place while others have to do it all manually.
  • When IP policies are in place : there are people to help to choose the licence, software reporting systems to know which software to use and there are templates to support Open Source compliance activity in processes.
  • When IP policies are not in place or are not clear : processes are not always sophisticated and elaborated which can lead to chaos, there are not many resources to make compliance, the compliance is done manually (thanks to tools likes Scancode) and because of that not everything is reported,
  • The use of Open source is not valorized in research : need of an awareness work on the compliance subject, but it is still a long way to go.