Wjgtll 1 philippe carré

Alcatel-Lucent

FOSS WORSHOP Workshop in ADACORE Paris, April 2nd 2013

Philippe Carré

Alcatel-Lucent 2

Presentation plan

Alcatel-Lucent background

FOSS Strategy

Open Source Initiative & FSF

FOSS use in Alcatel-Lucent

Contribution

FOSS Obligations

Legal aspects

FOSS assessment process

FOSS usage in Product Life Cycle

New Challenges

CanadaUK

France

Australia

Brazil

Research CentersProduct & SolutionDevelopment Centers

Executive Business Centers

USA

Belgium

Ireland

GermanyNetherlandsItalySpain

Israel

Turkey

Russia

PolandRomania

Slovakia

ChinaSouth Korea

TaiwanIndia

Singapore

N. America: ~36% Europe: ~32% Asia Pacific: ~18% Rest of world: ~14%

ALCATEL-LUCENTBACKGROUND

% revenues

• 79 000+ employees • 27 900 active patents• Present in more than 130 countries

• 600+ new development projects per year

• Numerous suppliers and outsourced developments

• Several acquisitions of companies per year

• Product life can be from 1 to 20 years

• Sells anything in the network for communication Network access Core network Transmission technologies Applications Professional services

• Customers Network operators (around 1500 in the world)

Strategic industries Enterprises Indirectly: end users

Alcatel-Lucent 4

Alcatel-Lucent 5

FOSS STRATEGY

3

COPYRIGHT © 2011 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

SOFTWARE R&D AND FOSSINDUSTRY TRENDS

FOSSDevelopment cost

Proprietary R&DFOSS

Trends: R&D becomes a shared effort

We stand here

TODAYYESTERDAY

A proprietary SW product

TOMORROW

A FOSS distributor/integrator

Development cost

Development cost

Trend line

Alcatel-Lucent 6

Free and Open Source Software (FOSS)

OSI => Open Source Initiative

Cover all major licenses

No discrimination against person/groups

No discrimination against field of endeavor

License must not be specific to a product

License must not restrict other software

License must be technology neutral...

FSF => Free Software Foundation

GPL (GNU Public license):

The freedom to run the program, for any purpose (freedom 0).

The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this.

The freedom to redistribute copies so you can help your neighbor (freedom 2).

The freedom to improve the program, and release your improvements to the public, so that the whole community benefits (freedom 3). Access to the source code is a precondition for this.

http://www.opensource.org/

http://www.fsf.org/

7


• Strategy: use FOSS whenever possible

• Use FOSS distributors / supporting companies whenever possible

E.g. Linux - Android is our strategy

• 20% to 80% of an Alcatel-Lucent product code is FOSS (42% in average today)

• Basic rationale Remove supplier lock-in Reduce R&D costs Create an internal and external

community on common software

Provide our contribution to the communities

It is also about • Innovation

Using FOSS accelerate innovation Re-use avoid to re-invent the wheel

• Provide freedom to our customers Provide them standard solutions to

develop additional services Reduce their need to adapt their

solutions for each supplier

• New Business model: Moving from a HW/SW supplier to a service supplier

Compete on quality, customer care, innovation

FOSS USE IN ALCATEL-LUCENT

8


• Contributions to tools Expat suite of tools, GForge/ Fusionforge

• Contribution to FOSS bug Fix• Contribution to new developments

Corba component model on top of Mico (GPL/LGPL licenses)

Plan9 (operating system under Lucent public license)

• Indirect contributions to non core telecom business through FOSS distributors

We pay ten’s of million$ per year to FOSS distributors for enhancements to OS, database, middleware, ….

• FOSS Forums and standardization• Linux foundation: Alcatel-Lucent is one of

the 9 founders of carrier grade Linux group • FOSSBazaar: Alcatel-Lucent participate to

SPDX standard and promote it.• FOSSBazaar: we will continue the

standardization of FOSS governance process.

• We participate to OWF• Systematic: FOSS project committee• OVA: Open Virtualization Alliance member

CONTRIBUTION

Alcatel-Lucent 9

Ensure FOSS Obligations are Met!

When packaging an Alcatel-Lucent product & documentation all FOSS licenses obligations must be respected

Source code of FOSS software that has to be made available MUST be made available.

Necessary acknowledgement must be done according to the license: in the distribution or in the documentation or at run time

Licenses must be propagated with the distribution

Disclaimer must be propagated if need be

…

Alcatel-Lucent 10

Alcatel-Lucent FOSS policy

Alcatel-Lucent policy is to strictly respect FOSS license philosophies

If you cannot respect them, do not use them

Alcatel-Lucent

Background on legal aspects

Alcatel-Lucent 12

License Agreement

License

It is an agreement: created when an offer is accepted

It defines the rights and obligations for using, copying, modifying, re-distributing, sub-licensing the software

The offer containing the license terms is made by the copyright holder: if you accept it, a legally valid contract is created

Downloading FOSS

When downloading/using a FOSS the downloader generally implicitly signs the contract represented by the license.

Not respecting a license is like a breach of contract

Alcatel-Lucent 13

Breach of Contract Risks

Breach of a license contract means you are not licensed - copyright holder can pursue you as infringer.

Money damages

Pay a fee to copyright holder

Injunctive relief

Stop selling a product

Criminal fine for the company

Management can be criminally liable under the copyright law

Other potential consequences

Bad image

No right to use anymore some open source

If your customer is sued by copyright holder because the product you delivered is infringing, you may have to cover his costs and what he has to pay in damages

Alcatel-Lucent

Selecting FOSSEvaluating risks

15


• Governance process started in 2002

Process scope: FOSS selection, use of detection tools, outsourcing developments, merge and acquisitions, packaging Alcatel-Lucent products, suppliers contracts, contributing to FOSS.

Implementation in place

• Numbers and facts 160+ people trained to

select/authorize/forbid FOSS and implement the process

1000s of people trained to basic tutorial

3500 FOSS in Alcatel-Lucent FOSS database (describing risk issues)

Alcatel-Lucent is committed to align on SPDX/FOSSBazaar standard

All new contracts with suppliers contains FOSS clauses

Alcatel-Lucent is sharing common governance processes with other companies (e.g Fossbazaar, OWF,...)

NEED OF A STRONG FOSS GOVERNANCE PROCESS!

Alcatel-Lucent 16

Alcatel-Lucent FOSS Review Procedure

FOSS Database

Initiator, e.g. Product Management or advanced

procurement

Check A, B, C

Set B risks

Evaluate B

Can you confirm that B is a library ?

FOSS Expert

Core team Evaluators

FOSS Evaluators

FOSS Executive Committee

A is OK, C is forbidden, B is not described in the DB

Add B

Lawyers

Purchasing

Support for

difficult evaluations

Alcatel-Lucent 17

FOSS Database: example

Alcatel-Lucent 18

FOSS Database - request

Alcatel-Lucent

Alcatel-Lucent FOSS processinside the Product Life Cycle

Alcatel-Lucent 20

Alcatel-Lucent FOSS Process in PLC

VolumeDeployment

Planning

End ofLife

Sales & Marketing Preparation

LimitedDeployment

DR0

DR1

DR2

DR4

DR5

DR6

DR3

OpportunityDefinition

Design andImplementatio

nValidation

E x e c u t i o n

Before DR1, all FOSS planned to be used in an Alcatel-Lucent product must be identified.

A new entry request must be issued (preferably) by the FOSS expert if the FOSS is not registered in the database.

At DR1, A FOSS expert must check that for each FOSS planned to be used, conform to what is authorized in the FOSS DB.

When packaging the Alcatel-Lucent product, all FOSS license obligations must be respected.

At DR4, a check must be performed to ensure all FOSS license obligations are met.

FOSS request: if a FOSS is not in the database or if the FOSS version is not covered by the Database

Fill a form for the FOSS and all dependencies (all included FOSS)

Explain the nature of the software (with respect to GPL obligations) and the way of use

Between D1 and DR4 check ALU code with FOSS detector

Alcatel-Lucent 21

Packaging an ALU product

Make the list of all FOSS with their license

Create a directory “License” in the binary distribution

Copy all Licenses in this directory.

If there are some licenses that require source code availability upon distribution burn a CD with source code of ALL FOSS and put it in ALU catalogue of orderable items

Write in the documentation of the ALU product that source code of FOSS is available in the ALU catalog.

Alcatel-Lucent 22

FOSS detector

Black Duck’s Protex is a software tool for checking FOSS presence in target software

It compares target code to a database of hundreds of thousands of FOSS packages

generates a bill of material of FOSS with a list of FOSS obligations

Installed on server

BD representatives trained for its use

Evaluate other competitor tools (e.g. from Palamida)

FOSSology.

Tool to detect copyright and licensing information in source code

Complementary with Black Duck

Allow to detect potential dependencies inside an Open source

Available on a server

23


NEW CHALLENGES FOR ALCATEL-LUCENT

• Standardizing the process with other companies Move to the SPDX standard Go further in standardizing FOSS governance process

• Keeping up with new business models Cloud computing, SaaS, PaaS, IaaS, …

• Keeping up with recent technologies Maven – dynamic internet download of Java software at runtime Bit torrent propagation – automatic propagation of software between

servers DRM or CAS software – limit to multimedia content access

• Improving our process A process cannot be frozen and must be continuously improved

Alcatel-Lucent

Thank you for your attention !!!

Technology

Wjgtll 1 philippe carré