Talkback:134/moen.html

[ In reference to "OSI, GAP, and "Exhibit B" licences" in LG#134 ]

Rick Moen [rick at linuxmafia.com]
Fri, 29 Dec 2006 19:42:15 -0800

[[[ Rick's article in LG#134 started as a TAG discussion in December. I have included the initial comments with the subsequent talkbacks. - Kat ]]]

This touches on a matter that will be in the January NewsBytes.

----- Forwarded message from Rick Moen <rick@linuxmafia.com> -----

Date: Fri, 29 Dec 2006 19:27:50 -0800
To: osi@opensource.org
Cc: license-discuss@opensource.org
From: Rick Moen <rick@linuxmafia.com>
Subject: Jbilling:  Possible unauthorised use of OSI Certified service mark
Dear OSI Board members:

Please see http://www.jbilling.com/?q=node/7&pl=pr Note OSI Certified logo.

The company in question, Sapienter Billing Software Corporation, is yet another Web 2.0 company using MPL 1.1 + an "Exhibit B" badgeware addendum, calling it "open source". However, this firm takes one step further the stance characteristic of Socialtext, SugarCRM, Alfresco, Zimbra, Qlusters, Jitterbit, Scalix, MuleSource, Dimdim, Agnitas AG, Openbravo, Emu Software, Terracotta, Cognizo Technologies, ValueCard, KnowledgeTree, OpenCountry, and 1BizCom, by using OSI's certification mark in outright violation of OSI's licensing terms -- or, at least, I'd be surprised to learn otherwise. Therefore, I'm mentioning that use, in case corrective action is needed.

I'd suggest Sapienter illustrates why "Exhibit B" licences (though certainly not badgeware licences generically) have become, in my view, a serious problem:

o Substantively all (probably literally all 19) of the above-listed firms already have considerable history of claiming in public to be open source.

o Few if any mention their licences' lack of OSI approval. Many imply otherwise; one (Sapienter) outright claims approval (as noted).

o Not ONE has applied for OSI approval, though many are demonstrably aware of OSI's approval process. It's also notable that many of their modified-MPL licences were reportedly written by OSI General Counsel Mark Radcliffe in his private capacity -- so it's doubtful many are unaware.

o Several of those firms' officers have already turned a deaf ear (so far) to suggestions on OSI license-discuss that they make their licences comply with OSD#10 ("License Must Be Technology-Neutral" -- the main problem) by adding "if any" qualifiers to their licences' requirements concerning "each user interface screen".

o At least one, Socialtext, falsely claims in public to use MPL 1.1 without mentioning its licence modifications at all.[1]

Aside from Sapienter's outreach breach of trademark law, some might object that OSI simply cannot do anything, to correct this situation. I beg to differ, and ask that OSI take appropriate, measured, and constructive action: Please consider issuing a formal statement deploring use of "modified MPL" licenses in circumvention of OSI scrutiny, and especially their use without clearly disclosing lack of OSI approval.

No one is denying the value of efforts to close the much-discussed ASP Loophole through suitable "attribution" clauses that do respect the OSD and substantively allow code reuse, forking, and other underlying core notions of open source. Reasonable people can create licences containing such clauses and get them approved. Unfortunately, the above-cited companies are pointedly eschewing any such effort, thereby making a mockery of OSI's moral and other authority over open source.

Please help us of the open source community's desire to help the OSI, by issuing a clear statement that we can use to enforce open source standards within this troublesome area. Thank you.

[1] http://www.socialtext.com/node/88

Sincerely Rick Moen (representing himself)

----- End forwarded message -----




Rick Moen [rick at linuxmafia.com]
Sat, 30 Dec 2006 00:29:07 -0800

The mini-thread that follows is not the only discussion that's occurred: It's been ongoing for about two months, but until recently I think few people had realised the scope of this snow-job. So, I decided to clear the air.

In his responses (below) where he clearly is trying to spin the situation, CEO Ross Mayfield, like a few other interested parties who have profoundly failed to impress me with any display of candour, perhaps might not grasp that techies tend to take it personally when flacks and others try to con them.

Date: Fri, 29 Dec 2006 19:27:50 -0800
To: osi@opensource.org
Cc: license-discuss@opensource.org
Subject: Jbilling:  Possible unauthorised use of OSI Certified service mark
X-Mas: Bah humbug.
User-Agent: Mutt/1.5.11+cvs20060403
Dear OSI Board members:

Please see http://www.jbilling.com/?q=node/7&pl=pr Note OSI Certified logo.

The company in question, Sapienter Billing Software Corporation, is yet another Web 2.0 company using MPL 1.1 + an "Exhibit B" badgeware addendum, calling it "open source". However, this firm takes one step further the stance characteristic of Socialtext, SugarCRM, Alfresco, Zimbra, Qlusters, Jitterbit, Scalix, MuleSource, Dimdim, Agnitas AG, Openbravo, Emu Software, Terracotta, Cognizo Technologies, ValueCard, KnowledgeTree, OpenCountry, and 1BizCom, by using OSI's certification mark in outright violation of OSI's licensing terms -- or, at least, I'd be surprised to learn otherwise. Therefore, I'm mentioning that use, in case corrective action is needed.

I'd suggest Sapienter illustrates why "Exhibit B" licences (though certainly not badgeware licences generically) have become, in my view, a serious problem:

o Substantively all (probably literally all 19) of the above-listed firms already have considerable history of claiming in public to be open source.

o Few if any mention their licences' lack of OSI approval. Many imply otherwise; one (Sapienter) outright claims approval (as noted).

o Not ONE has applied for OSI approval, though many are demonstrably aware of OSI's approval process. It's also notable that many of their modified-MPL licences were reportedly written by OSI General Counsel Mark Radcliffe in his private capacity -- so it's doubtful many are unaware.

o Several of those firms' officers have already turned a deaf ear (so far) to suggestions on OSI license-discuss that they make their licences comply with OSD#10 ("License Must Be Technology-Neutral" -- the main problem) by adding "if any" qualifiers to their licences' requirements concerning "each user interface screen".

o At least one, Socialtext, falsely claims in public to use MPL 1.1 without mentioning its licence modifications at all.[1]

Aside from Sapienter's outreach breach of trademark law, some might object that OSI simply cannot do anything, to correct this situation. I beg to differ, and ask that OSI take appropriate, measured, and constructive action: Please consider issuing a formal statement deploring use of "modified MPL" licenses in circumvention of OSI scrutiny, and especially their use without clearly disclosing lack of OSI approval.

No one is denying the value of efforts to close the much-discussed ASP Loophole through suitable "attribution" clauses that do respect the OSD and substantively allow code reuse, forking, and other underlying core notions of open source. Reasonable people can create licences containing such clauses and get them approved. Unfortunately, the above-cited companies are pointedly eschewing any such effort, thereby making a mockery of OSI's moral and other authority over open source.

Please help us of the open source community's desire to help the OSI, by issuing a clear statement that we can use to enforce open source standards within this troublesome area. Thank you.

[1] http://www.socialtext.com/node/88

Sincerely Rick Moen (representing himself)

Date: Fri, 29 Dec 2006 21:33:16 -0800
From: "Ross Mayfield" <ross.mayfield@socialtext.com>
To: "Rick Moen" <rick@linuxmafia.com>
Cc: osi@opensource.org, license-discuss@opensource.org
Subject: Re: Jbilling: Possible unauthorised use of OSI Certified service mark
You have done a service by pointing out this alleged breach of the OSI Certified trademark by this corporation.

However, ONLY ONE company that employs a provision similar to the Generic Attribution Provision has breached this trust. I believe you have provided another reason for the GAP to be minded by OSI.

It is inaccurate to say that NOT ONE company has applies for OSI approval, that is precisely what Socialtext has. And we clarified this blog post to say more than we were MPL with an addendum, and have had the license available our open source wiki since inception.

Deplorable is a strong word in the context of a community, especially a welcoming one.

Ross

[RM: snip Ross's copy of my entire post]

-- 
Ross Mayfield
CEO
Socialtext, Inc.
ross.mayfield@socialtext.com
aim:rossdmayfield
skype:rossmayfield
t. +1-650-323-0800
f. +1-650-323-0801
Date: Fri, 29 Dec 2006 22:01:01 -0800
From: Rick Moen <rick@linuxmafia.com>
To: osi@opensource.org
Cc: license-discuss@opensource.org
Subject: Re: Jbilling: Possible unauthorised use of OSI Certified service mark
X-Mas: Bah humbug.
User-Agent: Mutt/1.5.11+cvs20060403
Quoting Ross Mayfield (ross.mayfield@socialtext.com):

> You have done a service by pointing out this alleged breach of the OSI
> Certified trademark by this corporation.

Thank you for saying that.

> However, ONLY ONE company that employs a provision similar to the
> Generic Attribution Provision has breached this trust.  I believe you
> have provided another reason for the GAP to be minded by OSI.

Hmm, only one company mentioned (out of 20) actually is implementing GAP: Intalio. Every other one of the other 19 licences I cited, including the one your company uses, i.e., Socialtext Public Licence 1.0.0, seems to me to require a considerably more expansive implementation of "attribution" than does the GAP clause.

> It is inaccurate to say that NOT ONE company has applies for OSI
> approval, that is precisely what Socialtext has.

Do you mean you have submitted Socialtext Public Licence 1.0.0 for OSI certification? I attempted to search for any such indication, and found none.

I respect highly Socialtext's intent in bringing the GAP memo in front of the OSI Board, but it is my understanding that your firm uses SPL 1.0.0, not MPL + GAP (which Intalio proposes to use), for its wiki software. What I said to the Board was, of course, that none of the 19 firms referenced in my list had submitted the licences they use (and claim in public to be open source) to the Board for certification.

Socialtext's commendable intent seems noteworthy despite the fact that Socialtext substantively ignored the process detailed on http://www.opensource.org/docs/certification_mark.php by not submitting a licence at all, but rather a patch that Socialtext evidently wishes the Board to consider as applied to some unspecified fraction of the 58 existing OSI Certified licences (those with modifiable content).

> And we clarified this blog post to say more than we were MPL with an
> addendum, and have had the license available our open source wiki
> since inception.

Thank you for doing that, retroactively. Your edit appears to have been implemented within the past hour, I will note. As you know, I'd mentioned the misstatement of fact on license-discuss twice, the earlier time having been on Dec. 20, i.e., right in front of you, nine days ago.

> Deplorable is a strong word in the context of a community, especially
> a welcoming one.

Asking the Board to formally deplore the particular patterns of activity I cited seems amply merited by the problem those 20 firms have created. In fact, it strikes me as extremely mild, in the circumstances. Other actions, such as yours in sending and posting the GAP memo, should be praised and are quite appreciated.

Best Regards, Rick Moen

Date: Fri, 29 Dec 2006 22:16:32 -0800
From: "Ross Mayfield" <ross.mayfield@socialtext.com>
To: "Rick Moen" <rick@linuxmafia.com>
Cc: osi@opensource.org, license-discuss@opensource.org
Subject: Re: Jbilling: Possible unauthorised use of OSI Certified service mark
I'm not going to engage in fisking arguments by email. I might have lost your prior comments in the 100 fold thread that didn't yield that much substance against the GAP.

I'll point to a link that should help clarify the steps Socialtext has taken in good faith, and what we did to clarify our license. http://blogs.zdnet.com/BTL/?p=3430

I did amend the blog post tonight to provide a link to the license.

We did not submit the SPL which is consistent with OSD -- and instead sought to address the general problem we all face through the GAP. And we would never use the OSI Certified mark unless under an OSI approved. That's the point.

Ross

[RM: snip Ross's copy of my entire post]

--

-- 
Ross Mayfield
CEO
Socialtext, Inc.
ross.mayfield@socialtext.com
aim:rossdmayfield
skype:rossmayfield
t. +1-650-323-0800
f. +1-650-323-0801
Date: Fri, 29 Dec 2006 22:57:39 -0800
From: Rick Moen <rick@linuxmafia.com>
To: osi@opensource.org
Cc: license-discuss@opensource.org
Subject: Re: Jbilling: Possible unauthorised use of OSI Certified service mark
X-Mas: Bah humbug.
User-Agent: Mutt/1.5.11+cvs20060403
Quoting Ross Mayfield (ross.mayfield@socialtext.com):

> I'm not going to engage in fisking arguments by email.  I might have
> lost your prior comments in the 100 fold thread that didn't yield that
> much substance against the GAP.

You would not be counting outright jettisoning of OSD#10, I gather (especially given your ignoring the suggestion of an "if any" qualifier on GAP's "display of the same size" phrase).

> I'll point to a link that should help clarify the steps Socialtext has
> taken in good faith, and what we did to clarify our license.
> http://blogs.zdnet.com/BTL/?p=3430

I'm intimately familiar with Mr. Berlind's excellent article, thanks. (I owe at least a tall frosty one to him, Andrew C. Oliver, and Nicholas Goodman, whose writings on this subject are all mentioned in my upcoming Linux Gazette coverage.)

> I did amend the blog post tonight to provide a link to the license.

But not to mention that your firm's licence -- which it professes to be open source -- has never been OSI certified and that Socialtext has in fact avoided submitting it (the outcome being predictable). Thus, you're happy to continue, in effect, misleading the public.

> We did not submit the SPL which is consistent with OSD [...]

...other than OSD#10, and substantively #3 (especially given the bit about "the very bottom center of each user interface screen", which makes derivative works using two such codebases under your licence impossible even in theory).

> -- and instead sought to address the general problem we all face
> through the GAP.

To repeat, that was commendable. However:

> And we would never use the OSI Certified mark unless under an OSI
> approved.  That's the point.

No, sir, that is very assuredly not the point. Your firm lacks anything like the clear degree of fault Sapienter displays, but regrettably seems (along with SugarCRM) to have been a key part of the problem I cited -- and evidently wishes to continue being one. Your firm and the others are thus the reason I requested a measured, reasonable response from the OSI Board.

I might as well use space here to thank Compiere, which until recently used an MPL 1.1 + "Exhibit B" clause licence, but within this past month seems to have ended the practice and joined the open source world.

Best Regards, Rick Moen




Benjamin A. Okopnik [ben at linuxgazette.net]
Sat, 30 Dec 2006 13:32:20 -0500

On Sat, Dec 30, 2006 at 12:29:07AM -0800, Rick Moen wrote:

> The mini-thread that follows is not the only discussion that's occurred:
> It's been ongoing for about two months, but until recently I think few
> people had realised the scope of this snow-job.  So, I decided to clear
> the air.

If you feel like sliding this one into your article, well, you're a "trusted user" on this system. :)

> In his responses (below) where he clearly is trying to spin the
> situation, CEO Ross Mayfield, like a few other interested parties who
> have profoundly failed to impress me with any display of candour,
> perhaps might not grasp that techies tend to take it personally when
> flacks and others try to con them.

Heh.

[ From your response to Ross Mayfield ]

> Thank you for doing that, retroactively.  Your edit appears to have been
> implemented within the past hour, I will note.

I'm glad I wasn't drinking anything when I read that; computer screens are vulnerable to damage from nasally-ejected liquids. Egads... this is supposed to be somebody who deals with technology as their core business. And people mumble about "retraining the average user"??? Please.

-- 
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *



Rick Moen [rick at linuxmafia.com]
Tue, 2 Jan 2007 02:58:22 -0800

[Nicholas, I'm CCing you on a mailing list thread among the Linux Gazette magazine staff. My article was published at: exhibit-b.html [mirror]]

Quoting Benjamin A. Okopnik (ben@linuxgazette.net):

> On Sat, Dec 30, 2006 at 12:29:07AM -0800, Rick Moen wrote:
> > The mini-thread that follows is not the only discussion that's occurred:
> > It's been ongoing for about two months, but until recently I think few
> > people had realised the scope of this snow-job.  So, I decided to clear
> > the air.
> 
> If you feel like sliding this one into your article, well, you're a
> "trusted user" on this system. :)
>  
> > In his responses (below) where he clearly is trying to spin the
> > situation, CEO Ross Mayfield, like a few other interested parties who
> > have profoundly failed to impress me with any display of candour,
> > perhaps might not grasp that techies tend to take it personally when
> > flacks and others try to con them.
> 
> Heh.
> 
> [ From your response to Ross Mayfield ]
> 
> > Thank you for doing that, retroactively.  Your edit appears to have been
> > implemented within the past hour, I will note.
> 
> I'm glad I wasn't drinking anything when I read that; computer screens
> are vulnerable to damage from nasally-ejected liquids. Egads... this is
> supposed to be somebody who deals with technology as their core
> business. And people mumble about "retraining the average user"???
> Please.

Ross is said to be one of the good guys in this picture; I've been getting vibes, both overt and indirect, that OSI would like me to go easy on him. Unlike all the other "Exhibit B" firms' guys, including the one who's now on OSI's Board, Ross has actually taken the trouble to put a licence proposal of sorts in front of OSI, and I'm guessing he means well -- by his lights.

My guess is that there has been a bunch of behind-the-scenes coaxing, attempting to avert a confrontation between OSI and this growing market segment of insurgents who're abusing the heck out of the notion of "open source" and are fully aware of doing so. OSI doesn't actually have a lot of strength other than moral suasion, no assets, no professional staff, a strong interest in avoiding conflicts that can be reasonably avoided.

Also, it's undeniable that the "ASP loophole" is a real problem, and that there's nothing wrong per se with "attribution" generically as a concept -- as opposed to the particular over-the-top solution they're all currently using of a mandatory logo on every page. OSI (and maybe Ross) probably hopes that something reasonable can be found that satisfies the "Exhibit B" companies' desire for recognition, while at the same time not grossly violating OSD#10 (technological neutrality), #6 (freedom to use in any field of endeavour, including commerce), and #3 (freedom to create derivative works).

Highly perceptive critic Nicholas Goodman, by the way, thinks people like me aren't cynical enough, and that the "Exhibit B" companies absolutely do want to impair commercial use.[1]

If so, OSI yielding substantively on that point would be a huge mistake, as the biggest threats to open source have always been people wanting to use the open source community as a free-of-charge development and PR house while reserving commercial rights to themselves. I hope OSI doesn't cut any such deal.

At the same time, having a bloc of high-profile (even if economically paper-thin) firms prominently calling themselves open source while using non-conforming licences -- the situation we have today -- is almost as bad.

Goodman fears[2] that continuing conflic