Frank Field is skeptical, but as open source licensing moves more broadly into the commercial marketplace, it’s perfectly understandable and perfectly legitimate for commercial developers to want to know whether or not their code includes GPL’d code. The GPL and other open source licenses are extremely difficult to understand, even for an experienced licensing lawyer. They are positively impenetrable to a non-lawyer, even to a highly motivated and well-educated layperson. If the licenses don’t get more clear, and the waters are risky, then one alternative is insurance. Another is code audits.
So, it may be an overstatement for a manager to justify a code audit on the ground that the company doesn’t want to get dragged into an SCO-type lawsuit, but it’s not an overstatement for a manager to justify a code audit on the ground that no one really knows, for sure, what happens when coders intermingle GPL’d code with code that the company (for perfectly legitimate reasons) wants *not* to GPL. It’s no answer to argue that the counsel to the Free Software Foundation knows. He’s a smart, thoughtful guy, but would a competent lawyer advise a client to ship a product, or to license a product, based on the FSF’s assurance that it complies with GPL obligations? I doubt it. In the commercial marketplace, the mantra that open source is a development methodology will give way, eventually. In the end, it’s all about the license.