-
It is the CEO’s responsibility (and liability)
A CEO (Geschäftsführer) is generally responsible for ensuring that the company entrusted to them is operating at the state of the art. If they are negligent of this and something goes wrong, shareholders may well be on their back, suing them for failure of due care and diligence or just generally for mismanagement. Open source…
-
Now careful with that trademark policy
Community open source projects that become successful are often commercially relevant. Hence, to prevent abuse, the project founder or a supporting foundation acquires a trademark to the name of the project. If you want to build a business based on the project, you’ll want to use the trademark in advertising your product, and if you…
-
Three types of community open source
Any project or product that uses open-source software becomes dependent on it. Introducing such a dependency should be thought through in detail, in particular if the software is to be used as a component in a commercial product. Most notably, you need to understand the intentions of the open source programmers then and how they…
-
A new answer to open source vs. the cloud
Some time ago, people wondered (and worried) whether the cloud will kill open source. Today we have an answer, which is: The cloud is open source, most of it anyway. So we observe a peaceful coexistence, with both community and commercial open source software working well with cloud services. However, I would like to go…
-
Should I care about license compliance of container base images?
I just received the following question: “We ship our software application as a container image built on a base image. Surely we don’t have to worry about open source license compliance of the base image, do we?” My answer is: “Of course you have to worry.” Let me explain this step by step. If you…
-
Dependency graph vs. software supply chain
The human brain is just amazing when it comes to making sense of words. Still, it helps to be precise about terms, because it reduces confusion and improves understanding. One such terminology confusion in open source is between the concepts of dependency graph and software supply chain. A dependency graph is a set of components…