Licensing focus in govt open source guide

Licensing focus in govt open source guide

Summary: The Australian Government Information Management Office (AGIMO) has released the final "Guide to Open Source Software" for government agencies, which includes its new open source procurement principles.

SHARE:

The Australian Government Information Management Office (AGIMO) has released the final "Guide to Open Source Software" for government agencies, which includes its new open source procurement principles.

The office had released a short policy document in January, which said that Australian Government ICT procurement processes must actively and fairly consider all types of available software, including open source. The policy also recommended that clauses be used in checklists and requests for tender, to ensure that alternative software possibilities are considered.

The government had asked for feedback on the policy, which was generally positive. However, users asked that the policy document be released under creative commons, and said that it should have a description of how the policy would affect procurement, as well as advice to agencies on the benefits of contributing to the open source community.

The office has now released a 67-page document, which delves into open source definitions, and couches its principles (which appear the same) in advice on what to consider when procuring open source software.

AGIMO delved into certain issues that agencies consider when buying open source, such as:

  • access to source code: open source makes this available, while proprietary does not
  • capital expenditure: agencies need to consider total cost of ownership, not just an upfront fee, according to AGIMO, which urged agencies to consider acquisition, deployment, integration, support and maintenance, as well as training and exit costs
  • customisation: if the agency needs to customise, consider whether there will be enough support for the customisation, and what this will mean for licensing obligations
  • development: open source communities with a broad user base and an active and diverse membership will be more responsive to user requests, according to AGIMO — it recommends that agencies carefully look at the credentials of the developers, considering whether development of the software will continue during the lifespan of the agency's use
  • innovation: open source software allows agencies to innovate; however, this can also add to the total cost of ownership
  • lock-in: open source software often aligns with industry standards, which improves interoperability and reduces chance of vendor lock-in
  • code forking: if changes are made to code without it going back into the community, it makes it difficult for the agency to upgrade to newer versions of the open source code, since it would have to reapply all of its changes — AGIMO did, however, point out that a similar risk existed when agencies customised proprietary packages.

Licensing received pages of attention in the guide, with AGIMO going into detail about the dangers that open source licences present.

"A breach of an open source licence will occur if software covered by an open source licence is used contrary to the terms of the licence. Any breach may have far-reaching consequences. For example, a breach of the GNU General Public Licence V2 immediately terminates the licence, after which only the copyright holder can reinstate the licensee's rights," it said.

"Without a valid licence, the licensee must immediately cease using or distributing the software. Breaches of licence provisions are not always intentional; they may be due to a lack of governance in tracking the use of open source software within an agency. In addition, agencies may not be aware of all the actions that may lead to a breach of an open source licence."

It warned that some open source software licences include reciprocity requirements, which say that agencies would have to contribute back changes made to code if it's "distributed".

AGIMO said that the definition of distribution is not entirely clear legally, but it gives guidelines in the appendix as to when agencies should expect to have to give code back to the community depending on the level of reciprocity required under their licence.

A summarised version stated that if the modified source code was only used within one agency, it is unlikely that reciprocity will be triggered. AGIMO said, however, that agencies should seek legal advice rather than relying solely on the guidelines.

The agency said that there have been few court cases about open-source licensing, and AGIMO said that understanding the likelihood of enforcement was more useful than considering abstract legal questions of terms such as derived works.

However, it also urged agencies to take a conservative position on licensing if they were uncertain, and pointed to the Free Software Foundation or the Open Source Initiative as sources of information to use for ground rules.

Software developers generally weren't aware of licensing issues, AGIMO cautioned, and, because of the zero-upfront cost of the software, the organisation suggested that agencies put governance measures in place to track software use. Project managers should also make sure that any contractors or vendors have correct compliance procedures, it said.

Topics: Government, Government AU, Open Source

Suzanne Tindal

About Suzanne Tindal

Suzanne Tindal cut her teeth at ZDNet.com.au as the site's telecommunications reporter, a role that saw her break some of the biggest stories associated with the National Broadband Network process. She then turned her attention to all matters in government and corporate ICT circles. Now she's taking on the whole gamut as news editor for the site.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • It’s heartening to see the Australian Government’s move to embrace open source, and it follows the trend we’ve seen from other governments around the world including the UK, Brazil, France. Black Duck is working with the UK’s National Health Service (NHS) on their use of open source and community development. There is a free educational webinar available with NHS’s Denise Downs, Lead for Education & Stakeholder Engagement, Department of Health Informatics Directorate ( //tinyurl.com/nhs-downs ).

    We’re doing a free webinar on open source licensing for the Australian market with a local legal expert DLA Piper’s Jane Burton on Wednesday, July 20th @ 11am local time Sydney (AEST). Details are at: //tinyurl.com/aussie-oss

    Peter Vescuso
    pvescuso