I have not been through the Boost source but I have gone through other open source code in this kind of process. It is amazing how much code exists that still has comments like “Property of ...” or “Copyright ....” regardless of the general say GPL license for the project source. The person providing the code means well but may not understand the legal ramifications. Algorithms may be patented (such as some crypto ones) so unless the open source project provides a method of ensuring such code is not included when it is built you might have to get a license to use the project. The copyright registration in the US at least requires the names of all contributors and their involvement. If you contribute it needs to be clear that you have the right to contribute as some companies may assert rights through employment agreements even if it is not directly in your job scope. If a company uses open source code without due diligence to the origin of code the results could be patent infringement litigation, substantial licensing fees, a required change to a company’s product to remove functionality related to the open source code, and/or other similarly unpalatable options. Larry From: Sebastian Redl Sent: Tuesday, September 04, 2012 3:15 AM To: boost-users@lists.boost.org Subject: Re: [Boost-users] Why is there so much co-dependency in Boost? Is there anything to be done about it? On 03.09.2012 07:43, steve@parisgroup.net wrote: Greetings, Right now I'm working for a company that worries a lot about negative exposure to Open Source software issues such as questions that might arise about authorship, copyright or even patent issues. The company does allow the use of Open Source software, but it requires that each piece of code that is brought in first be justified and vetted. Leaving the issue of Boost's structure aside, how does this vetting process even work? I can maybe see someone looking over the code to look for well-known patented software patterns (Does anyone know such? I can't think of any outside of lockfree programming.), but how on earth would you verify authorship or copyright, beyond what the file says? Do you scan the commit history of the files? Also, what's the point? The code is released by everyone who contributed to it under the liberal Boost license. You won't find any comments or commit messages to the point of "oh, by the way, this isn't under the BSL". Or maybe someone who looks it over is expected to find similarities to other software, which isn't under the BSL? This is, in my opinion, completely impossible - there's just way too much code out there to compare to to make any significant difference. How would that look in court? "Yeah, these people claim that Boost contains some of their GPL code, but when we decided to use Boost, we compared its code to 0.0001% of the GPL code in existence (a generous estimate) and didn't find similarities, so we shouldn't be liable!" Maybe you can find a way to convince your boss that the policy just doesn't make sense. Sebastian -------------------------------------------------------------------------------- _______________________________________________ Boost-users mailing list Boost-users@lists.boost.org http://lists.boost.org/mailman/listinfo.cgi/boost-users