...making Linux just a little more fun!

Mailbag, Part 2

This is a followup to last month's discussion of OSI and badgeware issues, published at http://linuxgazette.net/135/misc/lg/talkback_134_moen_html.html


Our Mailbag, Part 2


Attribution & the Adaptive Public License

Rick Moen [rick at linuxmafia.com]
Tue, 6 Feb 2007 10:41:28 -0800

I was tempted to comment on whose expensive legal advice a number of these firmed relied on, but feared that might be rude.

----- Forwarded message from Rick Moen <rick> -----

Date: Tue, 6 Feb 2007 10:38:08 -0800
From: Rick Moen <rick>
To: license-discuss at opensource.org
Subject: Re: Attribution & the Adaptive Public License
A member wrote me off-list for clarification, so perhaps I should also post it here.

> Rick, sorry for the private e-mail, but can you please expand on this 
> part of your e-mail:

Not a problem.

> >Aside:  It strikes me as very odd that all 20-odd "Exhibit B" badgeware
> >companies (MuleSource and others) elected to hang their clauses off a
> >copyleft licence (Mozilla Public License) whose copyleft provisions
> >inherently have _zero force_ in their (and their competitors')
> >no-distribution ASP usage model.  Isn't that a bit like requiring
> >spelunkers to wear sunscreen?  Don't they realise that about 3/4 of
> >their chosen licence is a NO-OP for their entire market segment?
> 
> I am not sure what you mean here. Feel free to drop my message if you 
> don't answer private ones.

A copyleft licence's provisions stating the obligation to give others access to source code -- which are the main point of such licences and what distinguishes them from simple permissive licences such as the BSD and MIT/X licences -- trigger upon distribution of the covered code or of derivative works from that code.

In the ASP business model, however, you make absolutely full use of code without the need to ever distribute it. Therefore, for users operating in that market, the source-access provisions of copyleft licences[1] might as well not exist, since they never operate as intended: ASP users never need to publish source. Effectively, ASP users can fork off proprietary derivatives of copylefted works at will, and do anything they wish with those, as long as they don't distribute (something their deployment model makes unnecessary).

Companies like Google can modify, re-use, exploit other people's GPL, MPL (etc.) works in ASP deployments for the entire coming millennium without ever needing to share back their changes. Or, seen another way, if Google does fully honour the intent of copyleft licences by sharing back its changes, it can have no confidence that competitors won't then take Google's changes proprietary in the manner described. The intended reciprocity of such copyleft licences thus gets finessed by the manner of deployment.

My point to the "Exhibit B" firms is thus: "Why on earth would you use a licence most of whose key terms get automatically made inapplicable by the basic business conditions of your market? For this, you paid for expensive legal advice?"

[1] Other than copyleft licences tailored specifically to address this problem within the ASP market, three of which I cited: Affero Public License, Honest Public License, and the GPLv3 drafts.

----- End forwarded message -----


Badgeware licences, Take Two

Rick Moen [rick at linuxmafia.com]
Wed, 31 Jan 2007 22:36:31 -0800

In which I scare up an alarmed Dave Rosenberg, CEO of MuleSource.

----- Forwarded message from Dave Rosenberg <daverosenberg at gmail.com> -----

Date: Wed, 31 Jan 2007 21:19:43 -0800 (PST)
From: Dave Rosenberg <daverosenberg@gmail.com>
To: TAG <tag@lists.linuxgazette.net>
To: license-discuss at opensource.org
Subject: Re: Badgeware licences, Take Two (was: Ethical Restriction)

Let's just be clear about what exactly was said about the "license's main point." You are taking the quote out of context in order to make your argument. What I was specifically talking about was the method that would allow users wanting to use Mule in a commercial product with no attribution. In no circumstance did I say that the license was designed to force people to pay. The license is there to protect our IP. However I do understand the confusion around the license and my comments--and understand that we all may interpret these things differently.

That said, I appreciate the feedback but wonder why not a single person who has so much to say about these licensing issues ever said "hey, we think you should consider changing this, and here is my recommendation." The same goes for the FAQ. If you think the information is incorrect how about helping us fix it? Ross and I are incredibly easy to get ahold of and have numerous emails and phone numbers.

You do note that we made a change yesterday that significantly softens the attribution clause, which I have stated publicly that the old version may have not made sense for us in the first place. I am not sure that this license is the best choice, but we are still evolving. Give us a hand and we'll send you a Mule T-shirt (uh-oh, there's that attribution again :>)

[snip quotation of my entire posting]

----- End forwarded message -----

----- Forwarded message from Matthew Flaschen <matthew.flaschen at gatech.edu> -----

Date: Thu, 01 Feb 2007 00:42:14 -0500
From: Matthew Flaschen <matthew.flaschen@gatech.edu>
To: TAG <tag@lists.linuxgazette.net>
To: Dave Rosenberg <daverosenberg at gmail.com>
Cc: license-discuss at opensource.org
Subject: Re: Badgeware licences, Take Two
Dave Rosenberg wrote:

> Let's just be clear about what exactly was said about the "license's main
> point." You are taking the quote out of context in order to make your
> argument.

That may be true, but there's no context to ignore in the FAQ entry I quoted.

> The license is there to protect our IP.
>From what?
> However I do understand the
> confusion around the license and my comments--and understand that we all may
> interpret these things differently.
> 
> That said, I appreciate the feedback but wonder why not a single person who
> has so much to say about these licensing issues ever said "hey, we think you
> should consider changing this, and here is my recommendation."

I've been doing that for weeks, implicitly and explicitly.

The same goes

[ ... ]

[ Thread continues here (1 message/18.94kB) ]


Introducing Open Solutions Alliance

Rick Moen [rick at linuxmafia.com]
Mon, 5 Feb 2007 14:29:46 -0800

Today's volleys in the licensing war. Note that Timothy McIntyre is corporate counsel for one of the "Exhibit B" firms. Earlier I "outed" him as a paid flack for one of the interested parties (a fact he nowhere mentioned, at the time) when he posted his ostensibly personal opinion that Socialtext's GAP licence [sic] should get OSI approval because Attribution Assurance License had, earlier -- a non-sequitur argument, and one that ignored AAL's clear violation of OSD#10, adopted after AAL's approval.

----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Mon, 5 Feb 2007 14:16:27 -0800
To: license-discuss at opensource.org
From: Rick Moen <rick@linuxmafia.com>
To: TAG <tag@lists.linuxgazette.net>
Subject: Introducing Open Solutions Alliance
Back in mid-December, when discussion of Socialtext's Generic Attribution Provision and "Exhibit B" clauses got going and I'd posted a couple of initial comments (e.g., that the wording of Exhibit B clauses seemed to stand in the way of code reuse), I was surprised to find Brian Behlendorf querying me in offlist mail about my reaction to such clauses. Brian's a good guy, and I was glad to give my assessment (that there was nothing inherently wrong with forced advertising clauses per se, that the OSD#10 gaffe needed to be fixed, and that intrusion on reuse in commerce has to be minor enough not to violate OSD#3&6) -- but found the experience odd. For what reason was I being so promptly sounded out in private?

Brian was of course one of OSI's founding Board members. Lately, I'm pretty sure his main concern has been Collab.net.

I noticed recently that on February 15, at a panel discussion at the OpenSolutions Summit in NYC, Brian, representing Collab.net, is going to be introducing to the world a new "trade association", the Open Solutions Alliance (OSA), about which curiously little is being said except that it will be "focusing on business use of open source apps", and "not as a standards body, but more like a Good Housekeeping Seal of Approval thing.". Robin Miller has an interesting article about it: http://www.linux.com/article.pl?sid=07/02/03/1737253

Business use of open source apps is of course a very good thing. However, somewhat disturbingly, the main backer of the OSA, and owner of its OpenSolutionsAlliance.org domain, appears to be yet another proprietary Web 2.0 company posing to the public as an open source firm: Dark Horse Ventures, LLC of Norfolk, Virginia, DBA CentricCRM.

CentricCRM publishes a "Community Edition" that is professed to be open source, but after you download it (which is possible only after registering and logging into their site), key code turns out to be under the "Centric Public License" (CPL), which is of course proprietary and used as an inducement to get people to buy separate commercial-use licences.

CPL itself can be viewed here: http://www.centriccrm.com/ProjectManagementFiles.do?command=Download&pid=56&fid=344&view=true

[ ... ]

[ Thread continues here (2 messages/25.07kB) ]


Ethical Restriction

Rick Moen [rick at linuxmafia.com]
Wed, 31 Jan 2007 15:21:30 -0800

Several paragraphs down, I angle back to the "badgeware" issue.

----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Wed, 31 Jan 2007 14:47:23 -0800
To: license-discuss at opensource.org
From: Rick Moen <rick@linuxmafia.com>
To: TAG <tag@lists.linuxgazette.net>
Subject: Re: Ethical Restriction
Quoting gilemon (gilemon at free.fr):

> Sorry for trying again to push forward a "hypothetical discussions"...
> After going through the whole genesis of Open Source, the
> "non-military use" restriction sounds too clumsy to be constructively
> considered in this mailing list. But it looks like there might be some
> room for the notion of ethic.
>
> As our research project involves human subjects, it has to be reviewed
> and monitored by an independent ethics committee. Our project has
> restrictions in order to safeguard the rights, safety, and well-being
> of all trial subjects. As this is applying to our own software, in
> which way will it be inherited by people reusing our sources?

Well, you say your project includes ethical restrictions, which is perfectly reasonable given its nature and aims. The question is: Is someone who fetches the source code to your software and uses it independently of your project required to adhere to the project's restrictions on software usage?

I looked briefly through http://emotion-research.net/ to see if I could determine what strings are currently attached to such source code, but couldn't find the latter.

Really, the fundamental point is that code, to be open source, must have source available and be licensed to be usable for any purpose by all parties present and future -- including people you (generic "you") disapprove of, using it even for purposes you might highly disapprove of: Users such as your enemies, your competitors, your enemies' great-grandchildren.... Usages such as warfare, blowing away cute furry woodland creatures, commercial competition against your company, etc.

When you (speaking generically of "you" as licensor -- and please excuse my using this occasion to make a broader point) are mouldering in the grave, after your company and all its VC funders[1] were obliterated when the Financial District Meteor of 2009 struck the corner of California and Market Streets, your source code must still be fully adaptable for any purpose, even after you yourself are a thin layer of dust covered with an overlay of slowly cooling extrasolar feldspar. Ideally, your licence should be, too -- which is why, for example, the otherwise highly useful IBM Public License got quickly renamed to "Common Public Licence" and all its internal company-specific references were made generic to licensor rather than "IBM" (other than the definition of "Agreement Steward", which is the party allowed to create new versions of the licence, as copyright holder over that document).

Because -- hey! -- one of the core ideas of open source is to make reuse by others feasible: reuse of licences, equally as of code. Open source takes the long view, and says "What happens when _you're not around_, any more? And how do other people use your licence?"

[ ... ]

[ Thread continues here (2 messages/11.80kB) ]


Alfresco shifts to GPL

Rick Moen [rick at linuxmafia.com]
Fri, 23 Feb 2007 01:44:59 -0800

Alfresco is the Web 2.0 firm whose VP of Business Development, Matt Asay, is on OSI's Board of Directors.

----- Forwarded message from Mark Wielaard <mark at klomp.org> -----

From: Mark Wielaard <mark@klomp.org>
To: TAG <tag@lists.linuxgazette.net>
To: license-discuss at opensource.org
Date: Fri, 23 Feb 2007 10:31:35 +0100
X-Mailer: Evolution 2.8.3 (2.8.3-1.fc6)
Subject: Alfresco shifts to GPL
Some good news in the license consolidation (and badgeware) discussion:
        The company's free Community edition previously used the Mozilla
        Public License, but the move to GPL removes some barriers, said
        Matt Asay, Alfresco's vice president of marketing. The company's
        supported and Enterprise edition remains available under a
        commercial license.
         
        "We wanted the code to be bigger than the company," Asay said.
        "People basically know what (the GPL) means, so there's no time
        wasted wondering (about) MPL [and extra exhibit B clauses]."
         
        [...]
         
        the company did add to the GPL license a "FLOSS exception"
        provision that permits the software to be embedded in other
        FLOSS (free/libre/open-source software) packages. With the
        exception, those other projects don't have to worry about a
        potential requirement to release their own software under the
        GPL, Asay said.
http://news.com.com/Open-source+Alfresco+shifts+to+GPL/2100-7344_3-6161579.html?tag=html.alert

----- End forwarded message -----


Badgeware licences, Take Two (was: Ethical Restriction)

Rick Moen [rick at linuxmafia.com]
Wed, 31 Jan 2007 20:33:16 -0800

In which I point to what I believe is the elephant in the room.

----- Forwarded message from Matthew Flaschen <matthew.flaschen at gatech.edu> -----

Date: Wed, 31 Jan 2007 22:15:46 -0500
From: Matthew Flaschen <matthew.flaschen@gatech.edu>
To: TAG <tag@lists.linuxgazette.net>
Cc: license-discuss at opensource.org
Subject: Re: Ethical Restriction
Rick Moen wrote:

> Quoting Matthew Flaschen (matthew.flaschen at gatech.edu):
> 
> [Yesterday's new MuleSource thing:]
> 
>> It still counts on every UI being able to display that exact graphic
>> (the license text even includes the graphic), which doesn't seem to
>> comply with OSD 10.
>  
> Indeed, that's a good point -- that the presence of a "user interface"
> doesn't necessarily imply a graphical user interface.  (Come to think
> of it, I'm not even sure that a GUI would necessarily always be able
> to display that particular 250 x 52 pixel GIF, either.)
> 

Their FAQ (http://mulesource.com/products/licensing.php) also has the interesting interpretation that one cannot:

* Sell any MSPL covered code
* Sell derived works of Mule
No wonder "the MPL is one of the more accepted open source licenses" (same page)...

Matthew Flaschen

----- End forwarded message -----

----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Wed, 31 Jan 2007 20:30:45 -0800
To: license-discuss at opensource.org
From: Rick Moen <rick@linuxmafia.com>
To: TAG <tag@lists.linuxgazette.net>
Subject: Badgeware licences, Take Two (was: Ethical Restriction)
Quoting Matthew Flaschen (matthew.flaschen at gatech.edu):

> Their FAQ (http://mulesource.com/products/licensing.php) also has the
> interesting interpretation that one cannot:
> 
> * Sell any MSPL covered code
> * Sell derived works of Mule

Yes. You may recall I asked John Roberts of SugarCRM to explain how a very similar FAQ entry on that firm's Web pages could possibly be consistent with SugarCRM supposedly being open source -- it's still there, by the way[1] -- and Roberts completely and scrupulously ignored my question.

Isn't it funny how many of these folk suddenly become selectively unable to perceive your mail, the moment it starts including inconvenient questions?

More to the immediate point, is there anyone left on this mailing list who still doubts that the primary aim of all the "Exhibit B" addenda we've seen from these 20-odd companies (most having cloned and slightly mutated SugarCRM's clause, which pioneered the concept) is to impair commercial reuse? The MuleSource and SugarCRM FAQs say third parties _may not sell derivatives_. And MuleSource's CEO says outright that their licence's main point is to force commercial users to buy separate commercial licences![2] How much clearer could this possibly be?

[ ... ]

[ Thread continues here (1 message/7.83kB) ]


InfoWorld: Pentaho opens up further (Exhibit B to real MPL)

Rick Moen [rick at linuxmafia.com]
Tue, 30 Jan 2007 16:47:05 -0800

I should explain two references: (1) "Larry L." refers to noted attorney, author, and open source luminary Larry Lessig, whom Matt Asay (of the OSI Board, but also a "business development" flack for badgeware firm Alfresco) turns out to have studied under at Stanford Law School. (2) Mark Radcliffe is OSI's General Counsel, and is also reported (by ZDnet columnist David Berlind) to have had a disturbing lead role, on the side, in drafting on a consulting basis these non-OSD-compliant licences and advising the firms who then use them and claim (falsely) to be publishing "open source". See: http://blogs.zdnet.com/BTL/?p=4124 and http://blogs.zdnet.com/BTL/index.php?p=3430

It's also becoming quite apparent that the key aim of these "Exhibit B" licences is to substantively reserve commecial-usage rights to the copyright holder, while still claiming to be open source, and some of them even admit it outright: http://www.nicholasgoodman.com/bt/blog/2006/12/22/badgeware-ceo-to-community-buy-a-commercial-license/ Personally, I think it's always been understood that if you can't stand competitors using your code in commerce, and aren't prepared to out-compete them on an equal footing, that you aren't yet ready for open source. OSI President Michael Tiemann has said more or less the same thing: http://www.nabble.com/Re%3A--Fwd%3A-FW%3A-For-Approval%3A-Generic-Attribution-Provision--tf2757445.html#a7900005 ...and he and I see eye-to-eye generally: http://www.nabble.com/Re%3A--Fwd%3A-FW%3A-For-Approval%3A-Generic-Attribution-Provision--tf2757445.html#a7900005

Here's the position paper that I and others have prepared against the Generic Attribution Provision proposal -- and I consider it damning: http://www.buni.org/mediawiki/index.php/GAP_Against

What remains still hanging is whether OSI will seriously consider other "Exhibit B"-like licences that aim to withhold some commercial rights in some clever fashion that advocates can claim is something else.

(Socialtext seems to have unofficially thrown in the towel on the GAP proposal, but says it wishes to submit a new "attribution" (badgeware) licence -- maybe one in complete English sentences, this time. http://www.nabble.com/SocialText-license-discussion--call-for-closure-of-arguments-tf3042834.html#a8571245 )

[ ... ]

[ Thread continues here (5 messages/30.42kB) ]


Talkback: Discuss this article with The Answer Gang

Copyright © 2007, . Released under the Open Publication License unless otherwise noted in the body of the article. Linux Gazette is not produced, sponsored, or endorsed by its prior host, SSC, Inc.

Published in Issue 136 of Linux Gazette, March 2007

Tux