Subject: Re: support for a small US college going GNU?
From: "Stephen J. Turnbull" <stephen@xemacs.org>
Date: Tue, 19 Jul 2005 12:43:25 +0900

>>>>> "David" == David Kaufman <david@gigawatt.com> writes:

    David> Be sure to point out that most, if not all, corporate IT
    David> departments and small businesses also find that they have
    David> easily, even unintentionally fallen out of compliance
    David> because it is nearly impossible to track, and MS licenses
    David> seldom enforced.  But ask them, why run an O/S that has
    David> such a high legal risk attached to it?

This is a good point, but you really shouldn't push it to the point of
calling it a "no-brainer".  The fact is that most people are most of
the time out of compliance with several of the contracts and
regulatory regimes they are subject to (think "IRS", "OSHA", and
"EPA"---I'll bet most of the used reagents in the chemistry lab go
directly into the town sewers, for example), and regularly shoulder
substantial legal risk (in the educational sector, simply hiring a
person of either gender exposes you to high legal risk; heck,
assigning an "F" grade does!)

Linux also carries substantial legal risk, including to users, as SCO
made us aware.  Even FSF-owned software carries some legal risk, as
the FSF does even less checking than Microsoft does.  Instead, they
get indemnification from contributors and waivers from employers---but
if upstream screwed up, that protects only the FSF, and only
financially (it doesn't protect them from having to cease
distribution).

So legal risk is part of the system.  It's simply not possible to
avoid it; you can only manage it.  Here that means using the
strategies you describe, of course, but I would definitely present it
in a cost-benefit framework, not a "no-brainer" framework.  If the
compliance costs add up as fast as you think they will, it would be a
no-brainer, of course.  But they may not, especially if the goal is a
thorough purge of proprietary software, but some departments (finance,
registrar, CS labs, even the main web site) happen to be in a good
situation compliance-wise.

Also, what you're likely to find is that the biggest compliance costs
are in precisely the areas where you need a lot of cooperation from
many individuals to achieve either compliance or migration.  It's not
obvious which they'll choose (although my bet is that, absent
persuasive advocacy, most students, parents, and faculty will prefer
compliance at moderate cost per person).

Finally, you need to address the "SCO risk of OSS", which is easy
enough.  Yes, SCO shows that even OSS can be risky---but look who was
the main defendent: IBM, which is the champion at management of
intellectual property.  So such frivolous lawsuits are simply
unavoidable.[1]  And when there's really a case, there's no particular
reason to suppose open source is more risky on that account than
closed source is.  The risks are different, of course; in proprietary
software you'll see an across the board price increase to cover
royalties, while open source will have to remove the feature, even
cease distribution entirely.  I doubt you want to advertise that last
fact, though.


Footnotes: 
[1]  Unless you subscribe to the "Microsoft did it" conspiracy
theories, in which case using Windows _would_ be the best preventative.

-- 
School of Systems and Information Engineering http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.