In case the news from Google I/O this week left you feeling Google can do no wrong, there's a story no one is writing about that lends a little balance. Google's handling of the challenge to the VP8 codec from MPEG-LA is now in progress -- and it shows signs of unfamiliarity with the tenets of software freedom.

As you may recall, Google continues to assert there are no patents in MPEG-LA's pool that read on VP8, yet has secured agreement from MPEG-LA to a license settling once and for all that there's no risk to VP8 implementors and users from MPEG-LA's pool. At the time of the recent IETF meeting, Google promised to publish its ideas for a cross-license agreement, and it's done just that. The draft agreement is clearly marked as a work in progress, so there's still scope for change. I hope it happens.

[ Also on InfoWorld: Video codecs: The ugly business behind pretty pictures | Nokia battles Google to kill open video | Track the latest trends in open source with InfoWorld's Technology: Open Source newsletter. ]

The release of that discussion draft last week is good news for open source enthusiasts. At least, it sounds like good news. The explanatory blurb adorning the draft agreement's text says it's designed to give a "royalty-free license to certain patents that are necessary for the implementation of VP8." The fact that the document has been released while its specific points are still "under review" is also encouraging; perhaps Google is keen to measure the community reaction, testing the ideas publicly rather than releasing a completed document.

Issues for open source

The devil, of course, is in the details. How should we react to the proposed cross-license? What would we like the company to take away from our response? At the moment the document has a number of issues.

The first, and most significant from my perspective, is that gaining benefit from the agreement requires individual execution of the license agreement (see section 2). This will have to be done by each person wishing to benefit from the agreement; the rights under the agreement are not "sublicensable" according to section 3, so they can't be passed on to anyone else. You'll need to provide your personal information to Google to get this license, and section 9 makes clear the company may well use it at some point to contact you and even use your name in its publicity, according to section 15.

That restriction is probably tolerable for a corporation that can execute the agreement once for all products and staff, but for an open source project it's a big problem. Open source communities may not have a legal entity able to sign on behalf of the community, either because there's no actual legal entity or because the community of developers has too loose a relationship with any legal entity to be counted as the equivalent employees. By requiring individual, nontransferrable registration, Google is erecting a barrier that at the very least will provoke suspicion from open source projects.