Tux

...making Linux just a little more fun!

when is an open source license open source?

Rick Moen [rick at linuxmafia.com]


Wed, 27 Jun 2007 14:51:36 -0700

----- Forwarded message from Rick Moen <rick@linuxmafia.com> -----

Date: Wed, 27 Jun 2007 14:45:53 -0700
From: Rick Moen <rick@linuxmafia.com>
To: Ashlee Vance <ashlee.vance@theregister.co.uk>
Cc: Karsten Self <karsten@linuxmafia.com>
Subject: Re: (forw) Re: when is an open source license open source?
Quoting Ashlee Vance (ashlee.vance@theregister.co.uk):

> Rick, your explanation helped a great. Who are the main culprits of 
> consequence besides Sugar?

SugarCRM started the trend, and the other dozen-odd firms (Socialtext, Alfresco, Zimbra, Qlusters, Jitterbit, Scalix, MuleSource, Dimdim, Agnitas AG, Openbravo, Emu Software, Terracotta, Cognizo Technologies, ValueCard, KnowledgeTree, OpenCountry, 1BizCom, MedSphere, vTiger) literally copied their so-called "MPL-style" licence, with minor variations. MuleSource was for a long time a vocal backer of SugarCRM's position (but see below).

Alfresco used to be a major backer of that position, but then suddenly decided to shift to GPLv2, which is what they use now. (They are no longer a badgeware firm.) Company spokesman (and OSI Board member, and attorney) Matt Asay says he tried all along to convince them to do that, and I do believe him.

SocialText (and especially CEO Ross Mayfield) has taken a lead online role in trying to resolve the impasse -- though I personally find most of what he says to be almost purely rationalising, and for him to be mostly unresponsive to (or evasive of) substantive criticism.

MuleSource and Medsphere have, within the last few months, improved their respective MPL + Exhibit B licences (http://www.mulesource.com/MSPL/ http://medsphere.org/license/MSPL.html) very dramatically, in direct response to criticism on OSI's license-discuss mailing list. This work seems to be that of attorney Mitch Radcliffe, and encouraged by MuleSource and Medsphere Board member Larry Augustin (formerly of VA Linux Systems). I have great respect for this work, though I am still trying to properly assess and analyse it.

(Disclaimer: Larry is a friend of mine, though I see him only rarely, and I once was employed at one of his firms.)

You should be made aware of the role of vTiger (of Chennai) in all of this: In August 2004, it forked and since then has offered independently, under its own name and brand, an early version of the SugarCRM codebase, plus various changes of their own devising. It was in response to that forking event, to which SugarCRM CEO John Roberts responded very angrily at the time, that SugarCRM adopted the "Exhibit B" restrictive licensing addendum that then became the hallmark of badgeware licences generally. See second post on http://www.vtiger.com/forums/viewtopic.php?p=22 , and the matching apologia at http://www.vtiger.com/forums/viewtopic.php?p=22 by Christiaan Erasmus of badgeware firm ValueCard (South Africa).

----- End forwarded message -----


Top    Back


Rick Moen [rick at linuxmafia.com]


Wed, 27 Jun 2007 15:45:06 -0700

----- Forwarded message from Rick Moen <rick@linuxmafia.com> -----

Date: Wed, 27 Jun 2007 15:44:47 -0700
From: Rick Moen <rick@linuxmafia.com>
To: Ashlee Vance <ashlee.vance@theregister.co.uk>
Cc: Karsten Self <karsten@linuxmafia.com>
Subject: Re: (forw) Re: when is an open source license open source?
I wrote:

> SugarCRM started the trend, and the other dozen-odd (Socialtext,
> Alfresco, Zimbra, Qlusters, Jitterbit, Scalix, MuleSource,
> Dimdim, Agnitas AG, Openbravo, Emu Software, Terracotta, Cognizo
> Technologies, ValueCard, KnowledgeTree, OpenCountry, 1BizCom, MedSphere,
> vTiger) literally copied their so-called "MPL-style" licence, with minor
> variations.  MuleSource was for a long time a vocal backer of SugarCRM's
> position (but see below).

Re-reading my own _Linux Gazette_ articles has served to remind me that a firm named Compiere was among those firms until roughly December 2006, at which point it switched to genuine open source.

Intalio, Inc. initially used a minor variant of SugarCRM's licence, but has more recently dropped it and adopted an outright proprietary licence (http://bpms.intalio.com/content/view/5/37/).

Sapienter Billing Software Corporation has also closely copied SugarCRM's licence (http://www.jbilling.com/?q=node/7&pl=pr). Additionally, as I mentioned in my second _Linux Gazette_ article, Sapienter unlawfully used the "OSI Certified" certification mark logo on its Web page for this badgeware licence, until I called OSI's attention to this misdeed and OSI demanded the logo's removal.

> MuleSource and Medsphere have, within the last few months, improved their 
> respective MPL + Exhibit B licences (http://www.mulesource.com/MSPL/ 
> http://medsphere.org/license/MSPL.html) very dramatically, in direct
> response to criticism on OSI's license-discuss mailing list.  This work
> seems to be that of attorney Mitch Radcliffe, and encouraged by
> MuleSource and Medsphere Board member Larry Augustin (formerly of VA
> Linux Systems).  I have great respect for this work, though I am still
> trying to properly assess and analyse it.

Correct name is Mark Radcliffe.

I picked up the error of referring to the gentleman as "Mark Radcliffe" by copying the name verbatim from some of SocialText CEO Ross Mayfield's online writings about the latter's "Generic Attribution Provision" proposal to get OSI approval for a generic Exhibit B addendum that he proposed to be add-able to any OSI-approved licence, and still retain OSI certification. That proposal failed.

----- End forwarded message -----


Top    Back


Rick Moen [rick at linuxmafia.com]


Thu, 19 Jul 2007 00:28:01 -0700

Quoting Ashlee Vance (ashlee.vance@theregister.co.uk):

> Gosh> didn't you give in kinda easy?
> http://rhx.redhat.com/rhx/catalog/productdetail.jspa?productId=1002
> SugarCRM is the market-leading commercial open source customer relationship
> management (CRM) application.

Well, I had never noticed that, so I didn't comment on it.

What originally brought the matter to my attention was attending the RHEL5 product launch, the first time that RHX was mentioned, seeing the dozen-odd initial offerings shown on the slide describing RHX as offering open source applications, and noticing that around half of those listed offerings were very clearly NOT open source. I chatted with Red Hat's CTO, about a half-hour after the presentation, and he agreed with my assessment that it was inevitable that RHX would offer proprietary applications, but that the literature needed to be corrected. He promised to pass the word along.

Time passed, and I started to see press releases -- which repeated and furthered the misrepresentations I saw on Launch Day. I checked out the http://www.redhat.com/rhx/ entry page and some of the subpages of http://rhx.redhat.com/ . I certainly didn't dig down into all of the subpages; my focus was on the pages people were most likely to encounter soonest.

So, I never even bothered to visit the product-spepcific page(s) about SugarCRM. (I didn't really want to read about SugarCRM, after all; it's terrible, badly coded bloatware, pitched by a bunch of pushy, small-time hucksters.)

Well, anyway, damn. I spoke too soon, it seems.

At least the misstatement on the main pages has been removed -- which was the basis of my comment that RH had done the right thing -- even though I mistakenly assumed they'd done a clean sweep. Maybe I should ask RH to add a "Representation on this page are those of the software vendor, and not of Red Hat, Inc." disclaimer? What's your own opinion, Ashlee? I'm more than a bit tired and too darned busy with other things, but can get back to this matter soon.


Top    Back


Rick Moen [rick at linuxmafia.com]


Thu, 19 Jul 2007 07:57:25 -0700

Quoting Ashlee Vance (ashlee.vance@theregister.co.uk):

> What change happened on the front page? I'm still confused by that. Not sure
> I'm seeing it.
> 
> Um, my opinion is that Red Hat isn't doing a heck of a lot here.

(I notice you ignored my question.)

You know, it would help if you would provide something like, oh, _a URL_, when you use relatively vague expressions like "the front page". Is copy and paste really so difficult?

It's possible that, by "the front page", you're referring to http://www.redhat.com/rhx/ . That page used to say, right near the top, that the offerings were all open source. It no longer does.

(Whoops, http://www.redhat.com/products/ still says

  #  Red Hat Exchange
 
   Compare, buy, and manage open source business applications. All in one
   place. All from one trusted source.
That very much needs fixing.)

That http://www.redhat.com/rhx/ page hyperlinks to http://rhx.redhat.com/rhx/ , which autoredirects to http://rhx.redhat.com/rhx/catalog/products.jspa . That page used to say, right near the top, that the offerings were all open source. It no longer does.

The hyperlink "More about RHX" goes to http://rhx.redhat.com/rhx/support/article/DOC-1285. That page used to say, right near the top, that the offerings were all open source. It no longer does.

Ashlee, I'm missing the part where it's somehow my job to search up and down all of Red Hat's various Web sites and catalogue everything related to RHX. I'm a busy guy, especially right at this moment. Perhaps you are, too, accounting for your unavailability for copying and pasting URLs. ;-> But yes, evidently I missed some Web text that they still need to correct. I'm sure I'll eventually find time to chase down and examine all RHX references, but today's not looking promising.

-- 
Cheers,      "Transported to a surreal landscape, a young girl kills the first
Rick Moen     woman she meets, and then teams up with three complete strangers
rick@linuxmafia.com       to kill again."  -- Rick Polito's That TV Guy column,
              describing the movie _The Wizard of Oz_

Top    Back


Rick Moen [rick at linuxmafia.com]


Thu, 19 Jul 2007 12:15:10 -0700

Quoting Ashlee Vance (ashlee.vance@theregister.co.uk):

> Yep, I meant the front page of RHX, since that's what we were talking
> about.  I was digging through the cache images, but can't seem to find
> a shot where they have the old open source claims up. You didn't take
> a screen shot by chance did you?

Nope. I don't really "do" screen shots. Sometimes I mirror Web pages (e.g., when I think them likely to disappear), but not in this case.

> Not sure where the rest of your comments are coming from. I was just
> surprised by your pro RHX comments scattered over the site, as it seemed
> like they did very little to me. Just trying to get your perspective. Could
> care less whether you find the time to police Red Hat.

Er, to the best of my recollection, I posted one followup right below my earlier critical comment[1], to ensure that I credited them for fixing the problem I had complained about -- because in fact they had fixed all of the ones I'd cited. If one cluebats companies into doing the right thing, it's only fair to say nice things when they get around to complying -- and also smart tactics, so that you retain the reputation for being fair and not just yet another Internet flamer.

The fact that I hadn't noticed some additional Web pages needing fixing doesn't change that basic logic.

[1] It's possible that I posted a followup under both of my two critical comments on the site -- which, again, is the smart thing to do when you've asked a company to go out of its way to fix a misstatement, and it complies. I'd go chase down how many times I said "thank you for doing the right thing", if I weren't already excessively busy and likely to have a very long day. (I'm also again a bit surprised that you cannot bother to include URLs when you say things like "your pro RHX comments scattered over the site".)


Top    Back