Karen Copenhaver Karen
Exploring Jim Berets’s post entitled “Can JavaScript optimization put you out of compliance with an open source license?,” he makes a great point and will end up with lots of other examples of unintentional compliance failures – and I think they will become more likely over time.

In Heather Meeker’s book she talks about the false sense of security that many lawyers have over decisions based on differentiating between static and dynamic linking. Many years ago, when making decisions about memory use were important, deciding what was statically linked was significant. Now, when memory space is much less valuable, a program that studies programs to optimize their operations will decide if something would work more efficiently if it were statically linked and will convert a link from dynamic to static in order to achieve that efficiency. My plain English explanation may make a technical person’s skin crawl – but it is another example of how decisions that are made in isolation in a lawyer’s office – without any process or follow-through to support their technical implementation – can do more harm than good by giving everyone a false sense of security.

An interesting question is whether community consensus over time regarding compliance will have to move to reflect changes in technology. If it becomes more difficult and “costly” in terms of impact on performance or functionality to comply with the license terms, will an alternative emerge? For example, if there were a compelling reason to optimize code for very tiny devices sold without documentation, will a consensus form around use of a pointer to a website that includes all of the licensing information and corresponding source for the licensed code?

If you were to find that code sample in a code review, you would point it out as a compliance failure. If you were in due diligence, every one of those is a problem even if it feels trivial. It erodes confidence in the effectiveness of the company’s internal control programs. The better course is to reinsert the license text. It will take time for a consensus to emerge that might support another answer.

Post to Twitter