Almost every day I get an email to my mailbox from one Asterisk/VoIP vendor or another, soliciting me to become their reseller/integrator. As a rule of thumb, my company doesn’t install PBX systems, at least not as our main business, so most of these products are fairly of no interest to us.

About 9 months GreenfieldTech was hired as part of a due diligence process, between two companies who wanted to collaborate in the distribution of an Asterisk based product. Our part of the due diligence was to evaluate the Asterisk product and ascertain it’s technical viability, roadmap length and per our recommendation – conformity to GPL and Digium licensing.

Our research showed that the vendor lacked proper understanding of GPL and Creative Commons licenses, where the developed product had violated various licenses of over 15 different Open Source packages. We included that into our report – which was then passed over to the various legal departments in both companies. Following the report, the vendor had concluded that conforming to the various GPL licensing or acquiring the proper IP licensing from the various respective owners will be too long and too costly, so they decided to dump the entire thing and start from scratch, with a new approach that doesn’t violate licenses.

Now, imagine a scenario where a vendor would offer us a reseller agreement, to a product that violates various Open Source licenses. That means that any given time, one of the Open Source IP owners that had been incorporated into the package can step up and say: “You are violating my IP, pay up or cash out!” – sure, that doesn’t happen all that often, but it can happen.

So, my question is this: “What do you really know about the products you are reselling?” – have you ever truly gone through it with a fine tooth comb, understanding its parts, its associated licenses, its associated bindings – and to be more blunt, do you even care about it?