On 03.09.2012 07:43, steve@parisgroup.net wrote:

Greetings,

Right now I'm working for a company that worries a lot about negative exposure to Open Source software issues such as questions that might arise about authorship, copyright or even patent issues.  The company does allow the use of Open Source software, but it requires that each piece of code that is brought in first be justified and vetted.
Leaving the issue of Boost's structure aside, how does this vetting process even work? I can maybe see someone looking over the code to look for well-known patented software patterns (Does anyone know such? I can't think of any outside of lockfree programming.), but how on earth would you verify authorship or copyright, beyond what the file says? Do you scan the commit history of the files? Also, what's the point? The code is released by everyone who contributed to it under the liberal Boost license. You won't find any comments or commit messages to the point of "oh, by the way, this isn't under the BSL". Or maybe someone who looks it over is expected to find similarities to other software, which isn't under the BSL? This is, in my opinion, completely impossible - there's just way too much code out there to compare to to make any significant difference. How would that look in court? "Yeah, these people claim that Boost contains some of their GPL code, but when we decided to use Boost, we compared its code to 0.0001% of the GPL code in existence (a generous estimate) and didn't find similarities, so we shouldn't be liable!"
Maybe you can find a way to convince your boss that the policy just doesn't make sense.

Sebastian