|
Boost Users : |
Subject: Re: [Boost-users] Why is there so much co-dependency in Boost? Is there anything to be done about it?
From: Sebastian Redl (sebastian.redl_at_[hidden])
Date: 2012-09-04 03:15:26
On 03.09.2012 07:43, steve_at_[hidden] wrote:
>
> Greetings,
>
> Right now I'm working for a company that worries a lot about negative
> exposure to Open Source software issues such as questions that might
> arise about authorship, copyright or even patent issues. The company
> does allow the use of Open Source software, but it requires that each
> piece of code that is brought in first be justified and vetted.
Leaving the issue of Boost's structure aside, how does this vetting
process even work? I can maybe see someone looking over the code to look
for well-known patented software patterns (Does anyone know such? I
can't think of any outside of lockfree programming.), but how on earth
would you verify authorship or copyright, beyond what the file says? Do
you scan the commit history of the files? Also, what's the point? The
code is released by everyone who contributed to it under the liberal
Boost license. You won't find any comments or commit messages to the
point of "oh, by the way, this isn't under the BSL". Or maybe someone
who looks it over is expected to find similarities to other software,
which isn't under the BSL? This is, in my opinion, completely impossible
- there's just way too much code out there to compare to to make any
significant difference. How would that look in court? "Yeah, these
people claim that Boost contains some of their GPL code, but when we
decided to use Boost, we compared its code to 0.0001% of the GPL code in
existence (a generous estimate) and didn't find similarities, so we
shouldn't be liable!"
Maybe you can find a way to convince your boss that the policy just
doesn't make sense.
Sebastian
Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net