Open Letter to OSI

Cross Post

Mike Tiemann, President of OSI and CTO of Redhat says he's putting his foot down. In a recent blog post he states:

Enough is enough. Open Source has grown up. Now it is time for us to stand up. I believe that when we do, the vendors who ignore our norms will suddenly recognize that they really do need to make a choice: to label their software correctly and honestly, or to license it with an OSI-approved license that matches their open source label.

If you read my personal blog regularly you know I’ve been outspoken about companies claiming to be open source, but not adhering to the OSD or licensing with an OSI approved license. In fact, I’ve been so outspoken I’ve offended some well connected people, I have even been called infantile names, and in some circles marginalized. I’ve blogged about the dilution of open source and the confusion created by new pseudo-open source licenses and I’ve left lengthy comments at OSI. Moreover, I spoke directly with Mike Tiemann about the need for OSI to put their foot down and take a stand for open source. I've even provided some ideas about how this can be accomplished.

In Mike's aforementioned post he specifies a few CRM companies that have been waving the open source banner, but do not license with an OSI approved license. The most well known being SugarCRM. I've blogged about SugarCRM and it's CEO John Roberts previously (the last bit of this post). Let me say, I really like John and I think SugarCRM is a quality product. Previously I stated I wasn't certain if attribution licenses were "bad", but that they were definitely unnecessary and placed unfair restrictions on others because the authors don't provide similar concessions to projects they use in their development. I now believe attribution is bad. If an open source project/product requires prominently displayed attribution shouldn't they also do this for all their components? Won't this escalate? Will applications end up looking like NASCAR? Take MindTouch's DekiWiki for example. What if it had the requirement that logos for MindTouch, MySQL, PHP, Mono, ImageMagick, Debian, Apache, on and on…were prominently displayed? Wouldn't this diminish reusability and begin to infringe on the freedoms of others? Isn't reusability, at least partially, the point of open source? I believe it is. We want people to reuse MindTouch's software and do great things with it. I'm certain a growing use of attribution would diminish the reusability of open source.

Those who use an attribution license do so with the intent of protecting their intellectual property. First of all, it should be understood copyright does this already. Secondly, I've often heard from companies who use an attribution license that they don't want a competitor incorporating their work into a competing proprietary product or stealing their work and rebranding it as their own. This is mostly solved by using GPL because of the nature of its copyleft clause. Eben Moglen gives a wonderful talk on not being another's free lunch that explains this brilliantly. All the attribution licenses I've seen are modified MPL licenses, which doesn't offer the same protection as GPL. Finally, the notion that someone will come along, steal your code, and be able to out-innovate you on your own code is a spurious claim. And quite frankly, if you can be out-innovated on your own codebase..well, you've got bigger problems. Free and open source software, is about freedom and freedom (and more choices) is always what's best for the market (users, developers, etc). For those who assert: "It's their work, they should receive attribution." or "I want to be attributed for my work." Well, so do I. MindTouch receives attribution thanks to copyright. It's wonderful to receive attribution, but restricting users or developers by requiring a prominently displayed logo and link is wrong and potentially harmful for reasons that should become clear when you understand the significance of free and open source software, which I will go into in a moment. For additional historical perspective on this topic review the UC Berkeley advertising clause.

An even more toxic misuse of open source that seems to be growing more prevalent and brazen is when a company successfully wields the banner of open source for years, but doesn't release a line of code. There is a difference between using open source and being open source. I suspect the Free Software Foundation would claim there is a difference between being free and using free software and would draw this line between free software and open source. I don't agree with this, but I do believe “open source is a development methodology; free software is a social movement.” And open source is a development methodology inspired by free software. At any rate, the ignorance of analysts and journalists has assisted offenders in spreading their deceptions intentional and otherwise. And OSI is partially guilty for this by not being more aggressive to stop it, but before I constructively criticize OSI I want to address why open source is so very important to all of mankind.

So what is the significance of free and open source software (FOSS)? If you don't understand why open source matters then this is a pointless conversation. Therefore, just to make sure we're all on the same page let's address this first. The reason why open source matters is the same reason why open standards matter. The Internet revolution and perhaps the very dawn of the Information Age has been fueled almost entirely by FOSS and open standards. Without FOSS and open standards there simply would not be the Internet you know and love today. The current boom in the technology industry is due almost entirely to FOSS and open standards. The first .COM boom also owes itself to FOSS and open standards. How so? So as to not dig too deeply into history let's just examine the current Web 2.0 boom. Because there are huge repositories of open source applications, libraries, and components developers are able to very quickly build interesting things at very low costs. Most often these applications are then released for others to create derivatives of and build on. Or, thanks to open standards and increasingly this is true with SOA, one can provide an API for others to incorporate functionality into their own projects, but let's just focus on FOSS. In short, open source projects like Apache, Linux. MySQL, Perl, PHP, and many other thousands of projects are building blocks for engineers to construct wonderful things for all of mankind.

Having, I hope, now sufficiently established the importance of open source I suppose it's important to answer the question: so what, if others don't adhere to OSI&#3
9;

s vision of open source? Who cares other than OSI, right? OSI is a community appointed board that is tasked with ensuring the building blocks, that are open source components, fit together cleanly. What if there were no standards body for licensing and defining open source? The result would be a chaotic landscape that would be very difficult to navigate and that would require an army of lawyers. It would not be clear what one license means relative to another, if they fit together, or how they would fit with proprietary software systems. Each license would have to be carefully examined by the individual wishing to use the component. I surely do not want to be responsible for this legal bill. FOSS would quickly become too expensive to be worth using. Clearly, only the lawyers win in this reality. I want to rely on OSI. They should make my life simpler and require less legal expense on all our parts. Moreover, I want them (and FSF) to be the umbrella that polices offenders who misuse the title of open source by not paying forward the benefits they reap from FOSS.

This brings me to my most unfortunate conclusion that OSI, in my opinion, has been remiss with its responsibilities. First and foremost there needs to be a membership, member involvement, and some transparency in how the board is appointed. I think a portion of the board should be elected. More importantly I think OSI should be more aggressive in policing our community. This can be done with very little overhead by using a "wall of shame", which I proposed previously. The wall of shame could be structured such that offenders are warned of their offenses and then ultimately ostracized by listing their offenses on a public website, namely www.opensource.org. This is a low cost solution that will undoubtedly prove to be effective.

 I believe that the folks at OSI are well intentioned hard working people who probably give far more than they receive. With a membership, perhaps paid, I believe the board can afford to give more and expect more in return. I know there is already a move underway to put in place a membership and I'm quite thankful for this. Moreover, it seems with Mike's most recent post there will be an increase in the aggressiveness of the organization in protecting open source. This too is wonderful news. I think open source is experiencing some growing pains as the community tests boundaries; however, if OSI doesn't reign the problem children I believe we'll all suffer.