It’s been a very active couple of weeks on the license-discuss mailing list. Now the debate is spilling over into the blogosphere.
The underlying questions, though, are about the role of the OSI, and whether anything other than adherence to the open source definition can be used as criteria for certification or non-certification of a license.
First, is Microsoft’s past (and, dare I say, current) behavior as an anti-open-source force in the market relevant?
Second, what about the impact of license proliferation, and the creation of a “separate commons” of software which cannot be combined with projects under the GPL or other popular licenses? Is the impact of approving a set of licenses on “the open source community” something the OSI can, should, or even must consider?
The initial salvo in this discussion belongs to Chris DiBona, manager of open source programs for Google (though I assume he speaks, on the license-discuss mailing list, for himself, not as an official Google spokesperson), who wrote in an email to the list earlier this month :
I would like to ask what might be perceived as a diversion and maybe even a mean spirited one. Does this submission to the OSI mean that Microsoft will:
a) Stop using the market confusing term Shared Source
b) Not place these licenses and the other, clearly non-free , non-osd licenses in the same place thus muddying the market further.
c) Continue its path of spreading misinformation about the nature of open source software, especially that licensed under the GPL?
d) Stop threatening with patents and oem pricing manipulation schemes to deter the use of open source software?
If not, why should the OSI approve of your efforts? That of a company who has called those who use the licenses that OSI purports to defend a communist or a cancer? Why should we see this seeking of approval as anything but yet another attack in the guise of friendliness?
Finally, why should yet another set of minority, vanity licenses be approved by an OSI that has been attempting to deter copycat licenses and reduce license proliferation? I’m asked this for all recent license-submitters and you are no different :-)
I was surprised at the time that this didn’t receive more attention, but I guess most reporters don’t read mailing lists. ;)
Then Matt Asay blogged about it on C-Net, under the title Microsoft capitulates to the OSI, gets horse-whipped for its troubles
Asay’s argument, which has also been voiced clearly by a number of folks on the mailing list directly, is that the OSI ought not to consider the conduct of the submitting organization, but the content of the character of the licenses themselves:
I understand that Microsoft may be using the OSI’s license approval process to its own ends, and potentially ends that may be anti-open source. I’m still not sure, however, that it’s appropriate to treat an incoming license from Microsoft any differently than one that comes from Linus Torvalds.
Groklaw joined the conversation in “Why, Why, Why OSI?,” suggesting not only that the OSI may be within its charter to consider the conduct of the organization proposing the license (what the OSD prohibits is discrimination against fields of endeavor by licenses, not consideration of submitting entities by the OSI) but that the OSI may be required by its bylaws to do so:
If in fact OSI suspects that Microsoft’s real purpose is to cause harm, since OSI is a California 501(c)(3), can it approve a license it believes will harm the community’s interests? The By-laws seem to me to be incompatible with any action OSI knows will cause harm, or is foreseeably likely to cause harm, to the community’s interests. I’m just a paralegal, so OSI probably needs to ask its lawyers about that, but as I read it, I can’t see how it can ignore a threat that an OSI license might be used against the Open Source community. A number of community members have told OSI they think accepting this license would be harmful to the community’s interests, after all. Can OSI ignore that? I honestly don’t see how, unless they rewrite the by-laws.
The vision of the OSI Groklaw lays out here tasks it with approving licenses based on their potential impact on the open source community, rather than based on their compliance with the open source definition. (The OSI’s about page claims only “The OSI are the stewards of the Open Source Definition (OSD) and the community-recognized body for reviewing and approving licenses as OSD-conformant.”)
I think that’s too much for the OSI, or any other organization, to own. While the community discussion of the impact of (and Microsoft’s intent behind) these licenses – and vigorous arguments within projects about whether or not to adopt those licenses, should and must continue, I don’t believe the OSI should mix “impact on the community” together with “OSD compliant.”
However, even if the licenses were not submitted by Microsoft, or on its behalf, there are real potential issues based on license proliferation, and specifically the ability to combine into derivative works projects released under different licenses and license versions. And it is part of the overall OSI charter to focus on license proliferation issues and work to resolve them.
Zac Bowling, a developer on the Mono project sums up the issue on his blog:
While IÃ¢â‚¬â„¢m so happy Microsoft is [submitting the licenses for OSI certification], I do have a few small reservations. In general, I donÃ¢â‚¬â„¢t think having more open source licenses are a Ã¢â‚¬Å“good thingÃ¢â€žÂ¢Ã¢â‚¬Â for the community. I especially donÃ¢â‚¬â„¢t care for any new licenses that overly govern or even disallow mixing code under one license with code under itÃ¢â‚¬â„¢s license. We have problems with that type of thing right now where FSFÃ¢â‚¬â„¢s GPLv2, SunÃ¢â‚¬â„¢s CDDL, and all the Microsoft shared source licenses prevent mixing code with anything under a different license. GPLv3 did take care of part of this issue to be compatible with the Apache license and a few others.
These issues suggest to me that a legitimate approach is for the OSI to work directly with Microsoft (as the license drafters), as they have done with Sun, SocialText, and other license authors, to avoid unnecessary license proliferation and conflict.
Michael Tiemann’s suggested as much in his email to the license-discuss list this morning:
In many past discussions the arguments of license-discuss and the personal appeals of OSI board members have prevailed upon many license submitters to change their licenses so as to minimize the harm those licenses do to the overall open source ecosystem (as best we understand it). I think that this is a case where the proper next step is to take Microsoft up on their offer to discuss these points and see if we cannot address this particular case of license incompatibility. Again, I agree that license incompatibility per se is not evil, but total incompatibility with any other possible OSI-approved license is not a feature that fosters the benefits of open source as I understand them.
But what happens if those discussions have no effect? What if the “total incompatibility with any other possible OSI-approved license” aspect of the Microsoft licenses is a feature, not a bug (That is, deliberate and by design, not an accident of syntax)?
The only real solution I can see is that the licenses are approved as compliant with the open source definition (as it currently stands) but also marked as “not recommended for use” based on the incompatibilities they create. Soft of “approved as OSD compliant” but with a major asterisk. (Maybe a bew category on this page of “licenses reluctantly approved, to be used with extreme caution as they have significant incompatibility”).
Does that risk the charge of discrimination against Microsoft? Perhaps, but it would be clearly grounded in the licenses themselves and their effect, not in suspicions about corporate intent.