Open Source Leadership Summit 2017

Free and Open Source Software licenses stipulate various obligations upon distribution of the licensed software.
Attribution is generally considered the most basic and the most easily satisfiable requirement.

This talk will challenge this view by showing that simple solutions to attribution obligations might prove to be inadequate and often meticulous process steps are necessary in order to achieve complete compliance. This becomes extremely important in the case of malevolent actors who might argue for license violations.

Faced with this problematic landscape, the talk will present policies that would guarantee fulfillment of the license attribution obligations, regardless of the specific details.
The talk will include real-life examples taken from well-known and widely-used pieces of software that present particular challenges for compliance.

From upstreams through the supply chain to consumer products, open source sharing of code has enabled an unprecedented rate of innovation and new products. Complying with the respective open source licenses in the code is not always as easy as picking up the code and integrating it. Frequently licensing information for key software is overlooked or hard to find. Significant progress has been made in the last year to improving this, but there are some gaps still remaining. This talk will review the open source solutions available (and missing) for helping to make licensing compliance and security information more transparent, and able to keep up with the pace of innovation.

Your contributors want to contribute but your corporate lawyers want to make sure what they are contributing is the property of the contributors. Your lawyers want to make sure everything is 'legal' and have this wonderful 210 page document they want to be submitted with each line of code. And your bosses want these code gems included ASAP but didn't they see that code someplace else before? Welcome to managing contributions in a big corporation! So what do you do to protect the interests of all concerned (Contributors, Bosses, and Lawyers) while being a very public face to all? This presentation covers how MySQL balances life as a part of Oracle in an Open Source/Open Core/Enterprise world with a regular flow of new contributors, the interests of improving the code base, and risks to all in an every increasing litigious world. And plush fuzzy toys as swag do help!!

The initial step in helping make sure teams are in compliance with open source licenses is education. Attendees can expect to learn how to educate developers and managers on the differences between copyleft and permissive licenses, the inherent risks associated with non-compliance, and see real examples of how licensing risks are introduced into organizations and their consequences. The goal is to provide concrete steps towards development teams adopting a vested interest in paying attention to what open source they download and how it's used.