[lug] can't make this stuff up, folks...

Landon Cox landon at 360vl.com
Mon Oct 19 14:10:22 MDT 2009 

Sorry, can't quite give up on the library thread yet....

One other point about pulling in libraries is related to licensing  
issues.

This comes out of the experience of working with large enterprises who  
are trying to come to grips with the licenses and obligations of open  
source components they've integrated (sometimes unwittingly.)

To date, the issue has been mainly ignored, but more and more  
enterprises are putting an actual cost on open source and one of those  
costs is related to known and unknown license obligations, the expense  
of figuring it all out after the fact (after an engineer pulled the  
code in without regard for legal considerations), and now there's  
legal obligation incurred by the enterprise that it didn't explicitly  
agree to.   Try doing an in-depth license analysis of everything that  
goes into Ruby or JRuby sometime - you'll be shocked and not a little  
concerned, possibly.

While libraries may work together technically, they may not work  
together legally.   So, some companies are forced into facing a basic  
business decision:

How much will it cost to figure out license obligations, do the audits  
required to make sure open source policies (if they even have them  
established) are not violated and OSS license compliance is intact?   
Is it cheaper or more expensive than just writing the code internally  
and owning it outright - never to worry about the rest of that stuff  
again, or at least diminishing the issue.

Many companies are realizing, too late, that they have OSS license  
obligations and are forced into a risk equation at that point.  One  
they didn't intend to take when an engineer incorporated a library  
because it did the job functionally.  Is it more expensive to take the  
risk of a license violation, become self-insured, or just rewrite the  
functionality and own it forever after?

If I were to sum up the points in my last two emails it would be  
this:  there are hidden costs in the form of feature bloat,  
maintenance issues, and legal to consider when using someone else's  
library.

Had to get that all off my chest after reading the contrary points  
that made it look stupid for an engineer to write a library from  
scratch.  Sometimes it looks stupid but sometimes there are good  
reasons to own it yourself.  Thanks for reading,

Landon

More information about the LUG mailing list