Talkback:134/moen.html

[ In reference to "OSI, GAP, and "Exhibit B" licences" in LG#134 ]

Rick Moen [rick at linuxmafia.com]
Fri, 29 Dec 2006 19:42:15 -0800

[[[ Rick's article in LG#134 started as a TAG discussion in December. I have included the initial comments with the subsequent talkbacks. - Kat ]]]

This touches on a matter that will be in the January NewsBytes.

----- Forwarded message from Rick Moen <rick@linuxmafia.com> -----

Date: Fri, 29 Dec 2006 19:27:50 -0800
To: osi@opensource.org
Cc: license-discuss@opensource.org
From: Rick Moen <rick@linuxmafia.com>
Subject: Jbilling:  Possible unauthorised use of OSI Certified service mark
Dear OSI Board members:

Please see http://www.jbilling.com/?q=node/7&pl=pr Note OSI Certified logo.

The company in question, Sapienter Billing Software Corporation, is yet another Web 2.0 company using MPL 1.1 + an "Exhibit B" badgeware addendum, calling it "open source". However, this firm takes one step further the stance characteristic of Socialtext, SugarCRM, Alfresco, Zimbra, Qlusters, Jitterbit, Scalix, MuleSource, Dimdim, Agnitas AG, Openbravo, Emu Software, Terracotta, Cognizo Technologies, ValueCard, KnowledgeTree, OpenCountry, and 1BizCom, by using OSI's certification mark in outright violation of OSI's licensing terms -- or, at least, I'd be surprised to learn otherwise. Therefore, I'm mentioning that use, in case corrective action is needed.

I'd suggest Sapienter illustrates why "Exhibit B" licences (though certainly not badgeware licences generically) have become, in my view, a serious problem:

o Substantively all (probably literally all 19) of the above-listed firms already have considerable history of claiming in public to be open source.

o Few if any mention their licences' lack of OSI approval. Many imply otherwise; one (Sapienter) outright claims approval (as noted).

o Not ONE has applied for OSI approval, though many are demonstrably aware of OSI's approval process. It's also notable that many of their modified-MPL licences were reportedly written by OSI General Counsel Mark Radcliffe in his private capacity -- so it's doubtful many are unaware.

o Several of those firms' officers have already turned a deaf ear (so far) to suggestions on OSI license-discuss that they make their licences comply with OSD#10 ("License Must Be Technology-Neutral" -- the main problem) by adding "if any" qualifiers to their licences' requirements concerning "each user interface screen".

o At least one, Socialtext, falsely claims in public to use MPL 1.1 without mentioning its licence modifications at all.[1]

Aside from Sapienter's outreach breach of trademark law, some might object that OSI simply cannot do anything, to correct this situation. I beg to differ, and ask that OSI take appropriate, measured, and constructive action: Please consider issuing a formal statement deploring use of "modified MPL" licenses in circumvention of OSI scrutiny, and especially their use without clearly disclosing lack of OSI approval.

No one is denying the value of efforts to close the much-discussed ASP Loophole through suitable "attribution" clauses that do respect the OSD and substantively allow code reuse, forking, and other underlying core notions of open source. Reasonable people can create licences containing such clauses and get them approved. Unfortunately, the above-cited companies are pointedly eschewing any such effort, thereby making a mockery of OSI's moral and other authority over open source.

Please help us of the open source community's desire to help the OSI, by issuing a clear statement that we can use to enforce open source standards within this troublesome area. Thank you.

[1] http://www.socialtext.com/node/88

Sincerely Rick Moen (representing himself)

----- End forwarded message -----




Rick Moen [rick at linuxmafia.com]
Sat, 30 Dec 2006 00:29:07 -0800

The mini-thread that follows is not the only discussion that's occurred: It's been ongoing for about two months, but until recently I think few people had realised the scope of this snow-job. So, I decided to clear the air.

In his responses (below) where he clearly is trying to spin the situation, CEO Ross Mayfield, like a few other interested parties who have profoundly failed to impress me with any display of candour, perhaps might not grasp that techies tend to take it personally when flacks and others try to con them.

Date: Fri, 29 Dec 2006 19:27:50 -0800
To: osi@opensource.org
Cc: license-discuss@opensource.org
Subject: Jbilling:  Possible unauthorised use of OSI Certified service mark
X-Mas: Bah humbug.
User-Agent: Mutt/1.5.11+cvs20060403
Dear OSI Board members:

Please see http://www.jbilling.com/?q=node/7&pl=pr Note OSI Certified logo.

The company in question, Sapienter Billing Software Corporation, is yet another Web 2.0 company using MPL 1.1 + an "Exhibit B" badgeware addendum, calling it "open source". However, this firm takes one step further the stance characteristic of Socialtext, SugarCRM, Alfresco, Zimbra, Qlusters, Jitterbit, Scalix, MuleSource, Dimdim, Agnitas AG, Openbravo, Emu Software, Terracotta, Cognizo Technologies, ValueCard, KnowledgeTree, OpenCountry, and 1BizCom, by using OSI's certification mark in outright violation of OSI's licensing terms -- or, at least, I'd be surprised to learn otherwise. Therefore, I'm mentioning that use, in case corrective action is needed.

I'd suggest Sapienter illustrates why "Exhibit B" licences (though certainly not badgeware licences generically) have become, in my view, a serious problem:

o Substantively all (probably literally all 19) of the above-listed firms already have considerable history of claiming in public to be open source.

o Few if any mention their licences' lack of OSI approval. Many imply otherwise; one (Sapienter) outright claims approval (as noted).

o Not ONE has applied for OSI approval, though many are demonstrably aware of OSI's approval process. It's also notable that many of their modified-MPL licences were reportedly written by OSI General Counsel Mark Radcliffe in his private capacity -- so it's doubtful many are unaware.

o Several of those firms' officers have already turned a deaf ear (so far) to suggestions on OSI license-discuss that they make their licences comply with OSD#10 ("License Must Be Technology-Neutral" -- the main problem) by adding "if any" qualifiers to their licences' requirements concerning "each user interface screen".

o At least one, Socialtext, falsely claims in public to use MPL 1.1 without mentioning its licence modifications at all.[1]

Aside from Sapienter's outreach breach of trademark law, some might object that OSI simply cannot do anything, to correct this situation. I beg to differ, and ask that OSI take appropriate, measured, and constructive action: Please consider issuing a formal statement deploring use of "modified MPL" licenses in circumvention of OSI scrutiny, and especially their use without clearly disclosing lack of OSI approval.

No one is denying the value of efforts to close the much-discussed ASP Loophole through suitable "attribution" clauses that do respect the OSD and substantively allow code reuse, forking, and other underlying core notions of open source. Reasonable people can create licences containing such clauses and get them approved. Unfortunately, the above-cited companies are pointedly eschewing any such effort, thereby making a mockery of OSI's moral and other authority over open source.

Please help us of the open source community's desire to help the OSI, by issuing a clear statement that we can use to enforce open source standards within this troublesome area. Thank you.

[1] http://www.socialtext.com/node/88

Sincerely Rick Moen (representing himself)

Date: Fri, 29 Dec 2006 21:33:16 -0800
From: "Ross Mayfield" <ross.mayfield@socialtext.com>
To: "Rick Moen" <rick@linuxmafia.com>
Cc: osi@opensource.org, license-discuss@opensource.org
Subject: Re: Jbilling: Possible unauthorised use of OSI Certified service mark
You have done a service by pointing out this alleged breach of the OSI Certified trademark by this corporation.

However, ONLY ONE company that employs a provision similar to the Generic Attribution Provision has breached this trust. I believe you have provided another reason for the GAP to be minded by OSI.

It is inaccurate to say that NOT ONE company has applies for OSI approval, that is precisely what Socialtext has. And we clarified this blog post to say more than we were MPL with an addendum, and have had the license available our open source wiki since inception.

Deplorable is a strong word in the context of a community, especially a welcoming one.

Ross

[RM: snip Ross's copy of my entire post]

-- 
Ross Mayfield
CEO
Socialtext, Inc.
ross.mayfield@socialtext.com
aim:rossdmayfield
skype:rossmayfield
t. +1-650-323-0800
f. +1-650-323-0801
Date: Fri, 29 Dec 2006 22:01:01 -0800
From: Rick Moen <rick@linuxmafia.com>
To: osi@opensource.org
Cc: license-discuss@opensource.org
Subject: Re: Jbilling: Possible unauthorised use of OSI Certified service mark
X-Mas: Bah humbug.
User-Agent: Mutt/1.5.11+cvs20060403
Quoting Ross Mayfield (ross.mayfield@socialtext.com):

> You have done a service by pointing out this alleged breach of the OSI
> Certified trademark by this corporation.

Thank you for saying that.

> However, ONLY ONE company that employs a provision similar to the
> Generic Attribution Provision has breached this trust.  I believe you
> have provided another reason for the GAP to be minded by OSI.

Hmm, only one company mentioned (out of 20) actually is implementing GAP: Intalio. Every other one of the other 19 licences I cited, including the one your company uses, i.e., Socialtext Public Licence 1.0.0, seems to me to require a considerably more expansive implementation of "attribution" than does the GAP clause.

> It is inaccurate to say that NOT ONE company has applies for OSI
> approval, that is precisely what Socialtext has.

Do you mean you have submitted Socialtext Public Licence 1.0.0 for OSI certification? I attempted to search for any such indication, and found none.

I respect highly Socialtext's intent in bringing the GAP memo in front of the OSI Board, but it is my understanding that your firm uses SPL 1.0.0, not MPL + GAP (which Intalio proposes to use), for its wiki software. What I said to the Board was, of course, that none of the 19 firms referenced in my list had submitted the licences they use (and claim in public to be open source) to the Board for certification.

Socialtext's commendable intent seems noteworthy despite the fact that Socialtext substantively ignored the process detailed on http://www.opensource.org/docs/certification_mark.php by not submitting a licence at all, but rather a patch that Socialtext evidently wishes the Board to consider as applied to some unspecified fraction of the 58 existing OSI Certified licences (those with modifiable content).

> And we clarified this blog post to say more than we were MPL with an
> addendum, and have had the license available our open source wiki
> since inception.

Thank you for doing that, retroactively. Your edit appears to have been implemented within the past hour, I will note. As you know, I'd mentioned the misstatement of fact on license-discuss twice, the earlier time having been on Dec. 20, i.e., right in front of you, nine days ago.

> Deplorable is a strong word in the context of a community, especially
> a welcoming one.

Asking the Board to formally deplore the particular patterns of activity I cited seems amply merited by the problem those 20 firms have created. In fact, it strikes me as extremely mild, in the circumstances. Other actions, such as yours in sending and posting the GAP memo, should be praised and are quite appreciated.

Best Regards, Rick Moen

Date: Fri, 29 Dec 2006 22:16:32 -0800
From: "Ross Mayfield" <ross.mayfield@socialtext.com>
To: "Rick Moen" <rick@linuxmafia.com>
Cc: osi@opensource.org, license-discuss@opensource.org
Subject: Re: Jbilling: Possible unauthorised use of OSI Certified service mark
I'm not going to engage in fisking arguments by email. I might have lost your prior comments in the 100 fold thread that didn't yield that much substance against the GAP.

I'll point to a link that should help clarify the steps Socialtext has taken in good faith, and what we did to clarify our license. http://blogs.zdnet.com/BTL/?p=3430

I did amend the blog post tonight to provide a link to the license.

We did not submit the SPL which is consistent with OSD -- and instead sought to address the general problem we all face through the GAP. And we would never use the OSI Certified mark unless under an OSI approved. That's the point.

Ross

[RM: snip Ross's copy of my entire post]

--

-- 
Ross Mayfield
CEO
Socialtext, Inc.
ross.mayfield@socialtext.com
aim:rossdmayfield
skype:rossmayfield
t. +1-650-323-0800
f. +1-650-323-0801
Date: Fri, 29 Dec 2006 22:57:39 -0800
From: Rick Moen <rick@linuxmafia.com>
To: osi@opensource.org
Cc: license-discuss@opensource.org
Subject: Re: Jbilling: Possible unauthorised use of OSI Certified service mark
X-Mas: Bah humbug.
User-Agent: Mutt/1.5.11+cvs20060403
Quoting Ross Mayfield (ross.mayfield@socialtext.com):

> I'm not going to engage in fisking arguments by email.  I might have
> lost your prior comments in the 100 fold thread that didn't yield that
> much substance against the GAP.

You would not be counting outright jettisoning of OSD#10, I gather (especially given your ignoring the suggestion of an "if any" qualifier on GAP's "display of the same size" phrase).

> I'll point to a link that should help clarify the steps Socialtext has
> taken in good faith, and what we did to clarify our license.
> http://blogs.zdnet.com/BTL/?p=3430

I'm intimately familiar with Mr. Berlind's excellent article, thanks. (I owe at least a tall frosty one to him, Andrew C. Oliver, and Nicholas Goodman, whose writings on this subject are all mentioned in my upcoming Linux Gazette coverage.)

> I did amend the blog post tonight to provide a link to the license.

But not to mention that your firm's licence -- which it professes to be open source -- has never been OSI certified and that Socialtext has in fact avoided submitting it (the outcome being predictable). Thus, you're happy to continue, in effect, misleading the public.

> We did not submit the SPL which is consistent with OSD [...]

...other than OSD#10, and substantively #3 (especially given the bit about "the very bottom center of each user interface screen", which makes derivative works using two such codebases under your licence impossible even in theory).

> -- and instead sought to address the general problem we all face
> through the GAP.

To repeat, that was commendable. However:

> And we would never use the OSI Certified mark unless under an OSI
> approved.  That's the point.

No, sir, that is very assuredly not the point. Your firm lacks anything like the clear degree of fault Sapienter displays, but regrettably seems (along with SugarCRM) to have been a key part of the problem I cited -- and evidently wishes to continue being one. Your firm and the others are thus the reason I requested a measured, reasonable response from the OSI Board.

I might as well use space here to thank Compiere, which until recently used an MPL 1.1 + "Exhibit B" clause licence, but within this past month seems to have ended the practice and joined the open source world.

Best Regards, Rick Moen




Benjamin A. Okopnik [ben at linuxgazette.net]
Sat, 30 Dec 2006 13:32:20 -0500

On Sat, Dec 30, 2006 at 12:29:07AM -0800, Rick Moen wrote:

> The mini-thread that follows is not the only discussion that's occurred:
> It's been ongoing for about two months, but until recently I think few
> people had realised the scope of this snow-job.  So, I decided to clear
> the air.

If you feel like sliding this one into your article, well, you're a "trusted user" on this system. :)

> In his responses (below) where he clearly is trying to spin the
> situation, CEO Ross Mayfield, like a few other interested parties who
> have profoundly failed to impress me with any display of candour,
> perhaps might not grasp that techies tend to take it personally when
> flacks and others try to con them.

Heh.

[ From your response to Ross Mayfield ]

> Thank you for doing that, retroactively.  Your edit appears to have been
> implemented within the past hour, I will note.

I'm glad I wasn't drinking anything when I read that; computer screens are vulnerable to damage from nasally-ejected liquids. Egads... this is supposed to be somebody who deals with technology as their core business. And people mumble about "retraining the average user"??? Please.

-- 
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *



Rick Moen [rick at linuxmafia.com]
Tue, 2 Jan 2007 02:58:22 -0800

[Nicholas, I'm CCing you on a mailing list thread among the Linux Gazette magazine staff. My article was published at: exhibit-b.html [mirror]]

Quoting Benjamin A. Okopnik (ben@linuxgazette.net):

> On Sat, Dec 30, 2006 at 12:29:07AM -0800, Rick Moen wrote:
> > The mini-thread that follows is not the only discussion that's occurred:
> > It's been ongoing for about two months, but until recently I think few
> > people had realised the scope of this snow-job.  So, I decided to clear
> > the air.
> 
> If you feel like sliding this one into your article, well, you're a
> "trusted user" on this system. :)
>  
> > In his responses (below) where he clearly is trying to spin the
> > situation, CEO Ross Mayfield, like a few other interested parties who
> > have profoundly failed to impress me with any display of candour,
> > perhaps might not grasp that techies tend to take it personally when
> > flacks and others try to con them.
> 
> Heh.
> 
> [ From your response to Ross Mayfield ]
> 
> > Thank you for doing that, retroactively.  Your edit appears to have been
> > implemented within the past hour, I will note.
> 
> I'm glad I wasn't drinking anything when I read that; computer screens
> are vulnerable to damage from nasally-ejected liquids. Egads... this is
> supposed to be somebody who deals with technology as their core
> business. And people mumble about "retraining the average user"???
> Please.

Ross is said to be one of the good guys in this picture; I've been getting vibes, both overt and indirect, that OSI would like me to go easy on him. Unlike all the other "Exhibit B" firms' guys, including the one who's now on OSI's Board, Ross has actually taken the trouble to put a licence proposal of sorts in front of OSI, and I'm guessing he means well -- by his lights.

My guess is that there has been a bunch of behind-the-scenes coaxing, attempting to avert a confrontation between OSI and this growing market segment of insurgents who're abusing the heck out of the notion of "open source" and are fully aware of doing so. OSI doesn't actually have a lot of strength other than moral suasion, no assets, no professional staff, a strong interest in avoiding conflicts that can be reasonably avoided.

Also, it's undeniable that the "ASP loophole" is a real problem, and that there's nothing wrong per se with "attribution" generically as a concept -- as opposed to the particular over-the-top solution they're all currently using of a mandatory logo on every page. OSI (and maybe Ross) probably hopes that something reasonable can be found that satisfies the "Exhibit B" companies' desire for recognition, while at the same time not grossly violating OSD#10 (technological neutrality), #6 (freedom to use in any field of endeavour, including commerce), and #3 (freedom to create derivative works).

Highly perceptive critic Nicholas Goodman, by the way, thinks people like me aren't cynical enough, and that the "Exhibit B" companies absolutely do want to impair commercial use.[1]

If so, OSI yielding substantively on that point would be a huge mistake, as the biggest threats to open source have always been people wanting to use the open source community as a free-of-charge development and PR house while reserving commercial rights to themselves. I hope OSI doesn't cut any such deal.

At the same time, having a bloc of high-profile (even if economically paper-thin) firms prominently calling themselves open source while using non-conforming licences -- the situation we have today -- is almost as bad.

Goodman fears[2] that continuing conflict will cause "a fork in open source". By contrast, I think SugarCRM, Socialtext, et al. left us long ago, but want to pretend they haven't, for business / PR reasons.

I'm trying to not act on my gut-level reaction to the line of con-job rhetoric evinced throughout this discussion by Matt Asay of Alfresco (and OSI Board member) in his articles and blog[3], John Roberts of Socialtext on his GAP information (advocacy) page[4], and Ross Mayfield in some of his replies to me and others. I suspect they're accustomed to playing deceptive spin games with published information and not having anyone dare (or bother) to call them on it, let alone take offence. That's a typical CEO / VP trait, I notice.

Anyhow, once the fog of lies and distortions blows away, all the really matters in the end is code and licensing, licensing and code. So far, these firms' licensing simply sucks, so I say the rational response is to make crystal clear that they've defined themselves outside our community. If they later want to rejoin it, that's up to them, not us.

There remains also one other bit of unfinished business: the role of OSI General Counsel Mark Radcliffe, documented only by the amazingly effective David Berlind of ZDnet: http://blogs.zdnet.com/BTL/?p=4124 The whole situation is pretty unhealthy.

[1] http://www.nicholasgoodman.com/bt/blog/2006/12/22/badgeware-ceo-to-community-buy-a-commercial-license/

[2] http://www.nicholasgoodman.com/bt/blog/2006/12/02/irony-in-open-source/

[3] http://asay.blogspot.com/

[4] http://ross.typepad.com/blog/2006/11/socialtext_prop.html




Benjamin A. Okopnik [ben at linuxgazette.net]
Tue, 2 Jan 2007 11:03:13 -0500

On Tue, Jan 02, 2007 at 02:58:22AM -0800, Rick Moen wrote:

> 
> My guess is that there has been a bunch of behind-the-scenes coaxing,
> attempting to avert a confrontation between OSI and this growing market
> segment of insurgents who're abusing the heck out of the notion of "open
> source" and are fully aware of doing so.  OSI doesn't actually have a
> lot of strength other than moral suasion, no assets, no professional
> staff, a strong interest in avoiding conflicts that can be reasonably
> avoided.

As I see it, what OSI has - and is failing to use as effectively as it might - is the belief of the Open Source community in their right to define what Open Source licensing means (this is related to moral suasion, but focuses on a slightly different perspective.) My take on the situation, which I've spent some time exploring after Rick pointed it out, is that a bunch of opportunistic business people are taking advantage of a "soft", poorly-defined area of the licensing procedure, and are trading on the forbearance that has been granted to them. It is not a case of a mistaken understanding, or even of attempting to redefine the meaning of Open Source for the general benefit; it is a move designed to create a private, proprietary benefit for the companies involved. Everything said by these companies' representatives in this discussion supports that, in my view.

I do understand the desire to be lenient with "fellow FOSS community members". The problem, however, is not that these companies have "wandered from the path", or have made an innocent mistake: in my opinion, they are grabbing a piece of something that does not belong to them, and leveraging it as a commercially-valuable part of their business. This is not a case for leniency or forbearance, but an occasion for remembering the concept of adverse possession (a.k.a. "squatters' rights"):

(Wikipedia cite)

In common law, adverse possession is the name given to the process by
which title to another's real property is acquired without compensation,
by, as the name suggests, holding the property in a manner that
conflicts with the true owner's rights for a specified period of time.
The fact that they have been allowed to trade on that leniency for this long affects the very root of the moral suasion that OSI holds, and must be strongly countered, as quickly as possible.

> Highly perceptive critic Nicholas Goodman, by the way, thinks people
> like me aren't cynical enough, and that the "Exhibit B" companies
> absolutely do want to impair commercial use.[1]

That's my conclusion as well. Primarily, I see that they want to arrogate to themselves the right to benefit from Open Source while not "paying the costs" for doing so.

> If so, OSI yielding substantively on that point would be a huge mistake, 
> as the biggest threats to open source have always been people wanting to
> use the open source community as a free-of-charge development and PR
> house while reserving commercial rights to themselves.  I hope OSI
> doesn't cut any such deal.

If they do, they might as well pack their bags - they would have surrendered the very reason for their own existence.

> Goodman fears[2] that continuing conflict will cause "a fork in open
> source".  By contrast, I think SugarCRM, Socialtext, et al. left us long
> ago, but want to pretend they haven't, for business / PR reasons.

I agree. These days, the ability to tag yourself/your company as "Open Source" is a hot property, with a tremendous amount of commercial value. I recall that when I visited a LinuxWorld show - a year after IBM jumped on the Open Source bandwagon - they were claiming to have invested a billion dollars in Open Source and having recouped it all within that year.

> I'm trying to not act on my gut-level reaction to the line of con-job
> rhetoric evinced throughout this discussion by Matt Asay of Alfresco
> (and OSI Board member) in his articles and blog[3], John Roberts of
> Socialtext on his GAP information (advocacy) page[4], and Ross Mayfield
> in some of his replies to me and others.  I suspect they're accustomed
> to playing deceptive spin games with published information and not
> having anyone dare (or bother) to call them on it, let alone take
> offence.  That's a typical CEO / VP trait, I notice. 

I've run into it most often in my contacts with the advertising world; it's also a very precise fit for the categories defined by Professor Frankfurt ("On Bullshit", http://press.princeton.edu/titles/7929.html).

Oh, and -

Funny thing about that: We tend to allow people to use transparent
bullshit to move onwards, when they're in an awkward spot and otherwise
trapped. Everyone knows that the excuse is devoid of merit, but nobody
comments on it. It's just social lubricant.
 
 -- Rick Moen, speaking.html#funny [mirror]
There's a good chunk of that going on here - precisely at the time when it must not be allowed.

> Anyhow, once the fog of lies and distortions blows away, all the really
> matters in the end is code and licensing, licensing and code.  So far,
> these firms' licensing simply sucks, so I say the rational response is
> to make crystal clear that they've defined themselves outside our
> community.  If they later want to rejoin it, that's up to them, not us.

I agree. The sooner that statement comes, and the clearer and more definite it is, the better for the community and for OSI themselves.

> There remains also one other bit of unfinished business:  the 
> role of OSI General Counsel Mark Radcliffe, documented only by the
> amazingly effective David Berlind of ZDnet:
> http://blogs.zdnet.com/BTL/?p=4124  The whole situation is pretty 
> unhealthy.

Fascinating article - thanks for pointing it out. Important extract:

In hope of avoiding a conflict of interest or any sense of impropriety,
Mark Radcliffe has excused himself from the OSI's deliberations over
whether the attribution provisions in question should be approved by the
OSI. In other words, his position with the OSI when it comes to this
particular matter is irrelevant.
As it happens, I strongly disagree with that last sentence: his position with the OSI is indeed the only thing that matters - when it comes to these companies' PR. The fact that he has recused himself is invisible to the public; therefore, he appears to speak with the full authority of the OSI in the matter. It is not credible, in my perception, that either these companies or Mark Radcliffe himself could have missed this point; in fact, I strongly suspect them of trading on that very fact.

-- 
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *



Rick Moen [rick at linuxmafia.com]
Tue, 2 Jan 2007 10:40:05 -0800

----- Forwarded message from Nick Goodman <ngoodman@bayontechnologies.com> -----

Date: Tue, 2 Jan 2007 07:51:14 -0800
From: Nick Goodman <ngoodman@bayontechnologies.com>
To: Rick Moen <rick@linuxmafia.com>
Subject: Re: [TAG] tkb: Talkback:134/moen.html
Hey Rick.

Thanks for that. I'm headed out for a two month walkabout and will be absent from this discussion for a while. Fight the good fight and I'll check back in a couple of months.

Nick

On 1/2/07, Rick Moen <rick@linuxmafia.com> wrote:

>[Nicholas, I'm CCing you on a mailing list thread among the Linux
>Gazette magazine staff.  My article was published at:
>exhibit-b.html [mirror]]

[[[ Quoted message elided, as it's been included in toto above. - Kat ]]]

----- End forwarded message -----




Rick Moen [rick at linuxmafia.com]
Wed, 3 Jan 2007 09:42:53 -0800

----- Forwarded message from Ismael Ghalimi <ghalimi@intalio.com> -----

Date: Wed, 3 Jan 2007 09:23:00 -0800
From: Ismael Ghalimi <ghalimi@intalio.com>
To: rick@linuxmafia.com
Subject: About Intalio
Rick,

First of all, Happy New Year to you.

Second, I read your article with interest:

exhibit-b.html [mirror]

I believe that you might be interested by this one:

http://itredux.com/blog/2007/01/02/on-intalio-and-open-source/

Please let me know if anything there is unclear or inaccurate.

Best regards

-- 
Ismael Chang Ghalimi, CEO
Intalio, Leader in Open Source BPM
ghalimi@intalio.com | www.intalio.com
weblog.itredux.com
----- Forwarded message from Rick Moen <rick@linuxmafia.com> -----

Date: Wed, 3 Jan 2007 09:39:51 -0800
From: Rick Moen <rick@linuxmafia.com>
To: Ismael Ghalimi <ghalimi@intalio.com>
Subject: Re: About Intalio
Quoting Ismael Ghalimi (ghalimi@intalio.com):

> Second, I read your article with interest:
> 
> exhibit-b.html [mirror]
> 
> I believe that you might be interested by this one:
> 
> http://itredux.com/blog/2007/01/02/on-intalio-and-open-source/
> 
> Please let me know if anything there is unclear or inaccurate.

Thank you, Mr. Ghalimi, and Happy New Year to you, as well.

This appears, at an initial glance, to be inaccurate:

Fourth, we announced that we will release our entire BPMS under the Mozilla Public License (MPL) amended with an attribution clause.

Actually, you announced specifically MPL with GAP.

I have one question:

Do you intend to commence disclosing to the public that your intended "open source" licence is not OSI-approved? (I realise your software under that licence has not yet been released, but you have already done a considerable amount of publicity for it.)

-- 
Cheers,
Rick Moen                      "vi is my shepherd; I shall not font."
rick@linuxmafia.com                               -- Psalm 0.1 beta



Benjamin A. Okopnik [ben at linuxgazette.net]
Wed, 3 Jan 2007 13:19:33 -0500

[ Not CCd to querent ]

On Wed, Jan 03, 2007 at 09:42:53AM -0800, Rick Moen wrote:

> ----- Forwarded message from Ismael Ghalimi <ghalimi@intalio.com> -----
> 
> Date: Wed, 3 Jan 2007 09:23:00 -0800
> From: Ismael Ghalimi <ghalimi@intalio.com>
> To: rick@linuxmafia.com
> Subject: About Intalio
> 
> Rick,
> 
> First of all, Happy New Year to you.
> 
> Second, I read your article with interest:
> 
> exhibit-b.html [mirror]
> 
> I believe that you might be interested by this one:
> 
> http://itredux.com/blog/2007/01/02/on-intalio-and-open-source/

A quote from the above:

Some call it Commercial Open Source. Others Professional Open Source.
Fascinating. I wonder if Mr. Ghalimi is familiar with the "Cheetoh Factor"?

http://slacktivist.typepad.com/slacktivist/2004/01/cheetohs_of_mas.html

[ ... ] in which every additional adjective makes the noun in question
less true:
 
"Cheese" = cheese
 
"processed cheese" = cheese, sort of
 
"processed cheese food" = cheese, sort of, plus other stuff that's not
	cheese
 
"processed cheese food snack product" = the food in question is orange,
	but contains no actual cheese
I also wonder what color Open Source would leave behind after Open Source has been completely removed from it by the above method. Gray? Gray could be OK, I suppose, as long as it's a nice, tasteful, understated sort of gray - a perfectly balanced Ansel Adams 18%-reflectivity sort of gray. I just hope it's not that nasty Day-Glo green. I hate Day-Glo green.

...

Maybe we should just skip the process completely. That would be best overall, as far as I'm concerned.

-- 
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *



Rick Moen [rick at linuxmafia.com]
Wed, 3 Jan 2007 11:06:38 -0800

Quoting Benjamin A. Okopnik (ben@linuxgazette.net):

> Fascinating. I wonder if Mr. Ghalimi is familiar with the "Cheetoh Factor"?
> http://slacktivist.typepad.com/slacktivist/2004/01/cheetohs_of_mas.html

This nearly cost me a keyboard:

"Weapons of mass destruction-related program activities."

In the immortal words of Jon Stewart, "What the f--k is that?!?! Catering for the scientists?!?!?"

-- 
Cheers,
Rick Moen                      "vi is my shepherd; I shall not font."
rick@linuxmafia.com                               -- Psalm 0.1 beta



Rick Moen [rick at linuxmafia.com]
Wed, 3 Jan 2007 10:03:45 -0800

I'm getting that feeling again, of bandying words with a sharp customer who's hoping I'm either not too bright or easily confused. I hope I'm just being cynical.

----- Forwarded message from Ismael Ghalimi <ghalimi@intalio.com> -----

Date: Wed, 3 Jan 2007 09:46:38 -0800
From: Ismael Ghalimi <ghalimi@intalio.com>
To: Rick Moen <rick@linuxmafia.com>
Subject: Re: About Intalio
Rick,

I'm not sure I follow you. Isn't GAP an "attribution clause"?

And isn't the OSI currently reviewing proposals for acceptable attribution clauses that could be added to MPL-like licenses?

What we've stated in our press release is that we will make an Open Source release of our entire BPMS product, and I truly hope that the OSI will have approved acceptable attribution terms by then. If not, we might use different OSI-approved licensing terms in the interim, but I'm not sure customers nor developers would benefit from the confusion.

Please let me know what we should do to clarify the issue.

Best regards -Ismael

----- End forwarded message ----- ----- Forwarded message from Rick Moen <rick@linuxmafia.com> -----

Date: Wed, 3 Jan 2007 09:59:26 -0800
From: Rick Moen <rick@linuxmafia.com>
To: Ismael Ghalimi <ghalimi@intalio.com>
Subject: Re: About Intalio
Quoting Ismael Ghalimi (ghalimi@intalio.com):

> Rick,
> 
> I'm not sure I follow you. Isn't GAP an "attribution clause"?

I'm sorry if I was unclear. It is inaccurate to state that Italio's press release had claimed the eventual release would be under merely MPL + some "attribution" clause, when in fact the press release had specified in particular MPL + GAP. Further, the implication of your quoted sentence in the context of the sentence immediately after is that Intalio would use whatever OSI approves, and that is, however, not what your press release actually said.

Meanwhile, you are creating the impression that MPL + GAP is open source, i.e., has been judged compliant with OSD, when that is not the case.

> And isn't the OSI currently reviewing proposals for acceptable
> attribution clauses that could be added to MPL-like licenses?

That is true in the minimal sense that it is inviting discussion that might lead to a proposed licence.

> What we've stated in our press release is that we will make an Open
> Source release of our entire BPMS product, and I truly hope that the
> OSI will have approved acceptable attribution terms by then.

The press release I read you claimed something rather more specific than that.

> If not, we might use different OSI-approved licensing terms in the 
> interim, but I'm not sure customers nor developers would benefit from
> the confusion.
> 
> Please let me know what we should do to clarify the issue.

In my view, you should cease referring to licensing not approved by the OSI Board as "open source". At the bare minimum, you should qualify any mention of covered software being "open source" with a clarification that its licence hasn't been OSI certified.

Please note that this is also commentator David Berlind's view.

-- 
Cheers,                        My pid is Inigo Montoya.  You kill -9    
Rick Moen                      my parent process.  Prepare to vi.
rick@linuxmafia.com



Rick Moen [rick at linuxmafia.com]
Wed, 3 Jan 2007 12:01:33 -0800

----- Forwarded message from Ismael Ghalimi <ghalimi@intalio.com> -----

Date: Wed, 3 Jan 2007 10:05:19 -0800
From: Ismael Ghalimi <ghalimi@intalio.com>
To: Rick Moen <rick@linuxmafia.com>
Subject: Re: About Intalio
Rick,

You're right, the press release should not have mentioned GAP, but just some undefined "attribution clause" instead.

Now, with respect to the use of the term "Open Source", I personally believe that an MPL-like license amended with an attribution clause qualifies to the spirit of Open Source, especially due to the fact that the AAL is OSI-approved. All we are doing is essentially merging two OSI-approved licenses, and I like to believe that such merging is transitive. Do you see any reason why it should not be?

Best regards -Ismael

-- 
Ismael Chang Ghalimi, CEO
Intalio, Leader in Open Source BPM
ghalimi@intalio.com | www.intalio.com
weblog.itredux.com
----- Forwarded message from Rick Moen <rick@linuxmafia.com> -----

Date: Wed, 3 Jan 2007 11:59:45 -0800
From: Rick Moen <rick@linuxmafia.com>
To: Ismael Ghalimi <ghalimi@intalio.com>
Subject: Re: About Intalio
Quoting Ismael Ghalimi (ghalimi@intalio.com):

> You're right, the press release should not have mentioned GAP, but
> just some undefined "attribution clause" instead.
> 
> Now, with respect to the use of the term "Open Source", I personally
> believe that an MPL-like license amended with an attribution clause
> qualifies to the spirit of Open Source, especially due to the fact
> that the AAL is OSI-approved. 

Such a licence certainly could be, which is a very hopeful thing, and with luck will lead to productive results. More about that, below.

> All we are doing is essentially merging two OSI-approved licenses, and
> I like to believe that such merging is transitive. Do you see any
> reason why it should not be?

GAP is close but not identical to the wording of the Attribution Assurance Licence, which the OSI Board did indeed approve, some years ago. Recent opinion on OSI license-discuss, for what it's worth, is that AAL would not pass certification if it were proposed these days, because its wording somewhat suggests the intent to categorically require that derivative works have a "prominent display", i.e., that they have user interfaces, which would thus prohibit creation of daemons and similar code. That prohibition would contravene OSD#10, "License Must Be Technology-Neutral".

One of the core notions of open source is that of allowing for code reuse (which is an essential route to continuity and evolution of code, regardless of how relatively little used). That is the background reason for the wording of OSD#10 ("No provision of the license may be predicated on any individual technology or style of interface"): A type of program output or other technology that seems essential and inevitable today may become awkward, problematic, or just obsolete tomorrow. Thus, open source code must not be tied to same.

It is my personal opinion that MPL 1.1 with GAP addendum, if GAP's term "display" were qualified with the phrase "(if any)", would fully comply with the Open Source Definition -- and would deserve quick approval. (I of course do not speak for OSI's Board.)

In any event, no, it's not actually the case that MPL 1.1 + GAP is the merging of two OSI-approved licences, because GAP's wording does actually differ somewhat from that of AAL.

Moreover, OSI has always made it abundantly clear that modification of licenses is supposed to trigger a re-submit to OSI before claiming that the resulting derivative is still open source. See http://www.opensource.org/docs/definition.php for the full certification policy. The wisdom of that policy should be obvious, I think: Even if one were merely to concatenate two approved licences, it is by no means certain that the result would necessarily, in fact, be OSD-commpliant. That question of fact would hinge on the net legal effect of the textual merger, which would need to be measured against the OSD.

Which is, of course, what OSI's certification process does, and is the whole point of their policy.

-- 
May those that love us love us; and those that don't love us, may
God turn their hearts; and if he doesn't turn their hearts, may
he turn their ankles so we'll know them by their limping.



Rick Moen [rick at linuxmafia.com]
Wed, 3 Jan 2007 12:03:12 -0800

And I believe I hadn't yet forwarded this one.

----- Forwarded message from Rick Moen <rick@linuxmafia.com> -----

Date: Sat, 30 Dec 2006 03:59:23 -0800
From: Rick Moen <rick@linuxmafia.com>
To: license-discuss@opensource.org
Subject: Re: Jbilling: Possible unauthorised use of OSI Certified service mark
I join Danese Cooper in thanking Ross Mayfield and Socialtext for helping bring the Exhibit B-addenda issue to OSI's attention, and in particular for the Generic Attribution Provision text, and Ross's general spirit of dialogue.

If I've seemed a bit sharp, it's been partly because of some forked-tongue statements and insultingly obvious distortions from numerous other semi-related parties, which I've encountered both here and elsewhere, which have correspondingly dominated the press's coverage of this issue.

Let me give you one example (and many others could be cited): CEO John Roberts of SugarCRM, Inc., to my knowledge the original founder and main exponent (well, alongside Matt Asay) of the MPL + Exhibit B "Attribution" notion has for quite some time been going around telling all and sundry[1] that all he did was "merely combine elements from two existing open source licenses -- the Mozilla Public License and the Attribution Assurance License".

Roberts is also directly quoted (by David Berlind, in a podcast interview) as saying, even more strikingly, "If you look through the Sugar Public License ...it is the combination of two OSI approved licenses. The MPL and the [Attribution] Assurance License."

I believe Roberts has also made that same assertion here in on this mailing list.

And thus OSI has already been approving "attribution" licences[2] -- and SugarCRM has, we are told, has even been more pure in its approach than merely drafting a brand-new licence: Instead, they just grabbed two OSI-approved messages, and combined them. Logically, shouldn't that thus result in open source (is the implied question)? What could be more reasonable?

Only one problem: It's just not true! The whole ball of wax, the whole megillah, le chose entier, the entire preceding line of reasoning, rests on a breathtakingly nervy misrepresentation of fact -- for, you see, the Attribution Assurance License is nothing like SugarCRM's Exhibit B addendum (nor at all like any of the other 18 firms' licences I mentioned). Compare:

Relevant section of Edwin A. Suominen's Attribution Assurance License:

Redistributions of the Code in binary form must be accompanied by this GPG-signed text in any documentation and, each time the resulting executable program or a program dependent thereon is launched, a prominent display (e.g., splash screen or banner text) of the Author's attribution information, which includes:

(a) Name ("AUTHOR"), (b) Professional identification ("PROFESSIONAL IDENTIFICATION"), and (c) URL ("URL").

Relevant section of SugarCRM Public Licence v. 1.1.3:

[I]n addition to the other notice obligations, all copies of the Covered Code in Executable and Source Code form distributed must, as a form of attribution of the original author, include on each user interface screen (i) the "Powered by SugarCRM" logo and (ii) the copyright notice in the same form as the latest version of the Covered Code distributed by SugarCRM, Inc. at the time of distribution of such copy. In addition, the "Powered by SugarCRM" logo must be visible to all users and be located at the very bottom center of each user interface screen. Notwithstanding the above, the dimensions of the "Powered By SugarCRM" logo must be at least 106 x 23 pixels.

How are we to respond when someone comes to us and bases his entire argument on a fundamental assertion of fact that turns out, upon cursory examination, to be just plain false?

[1] Examples: http://blogs.zdnet.com/Berlind/?p=211 http://blogs.zdnet.com/open-source/?p=867 http://www.podfeed.net/podcast/ZDNets+IT+Matters/8276

[2] The Adaptive Public Licence also gets quoted in these advocacy song-and-dance routines, as does Open Source License -- e.g., in the long and equally distortive advocacy segments of Ross Mayfield's page http://www.socialtext.net/stoss/index.cgi?attribution_memo . Guess what? Those licences are nothing like these Web 2.0 "Exhibit B" addenda, either.

----- End forwarded message -----




Rick Moen [rick at linuxmafia.com]
Wed, 3 Jan 2007 12:09:45 -0800

I'm left vaguely pleased by this discussion, even if it's achieved relatively little other than chew up some of my (and CEO Ghalimi's) time. I'm tempted to forward the entire dialogue over to OSI license-discuss, and excuse the breach of privacy on grounds that it was feedback to a magazine article.

----- Forwarded message from Ismael Ghalimi <ghalimi@intalio.com> -----

Date: Wed, 3 Jan 2007 12:04:02 -0800
From: Ismael Ghalimi <ghalimi@intalio.com>
To: Rick Moen <rick@linuxmafia.com>
Subject: Re: About Intalio
Rick,

Thanks for the clarification. Indeed, GAP needs some more work, and we're very interested to see what the OSI will come up with.

Best regards -Ismael

-- 
Ismael Chang Ghalimi, CEO
Intalio, Leader in Open Source BPM
ghalimi@intalio.com | www.intalio.com
weblog.itredux.com



Copyright © 2007, by the respective authors.

This material was first published in issue 134 of Linux Gazette, January 2007.