Feeds

Is Red Hat doing its part to win the 'open source' war?

Confusion at Club Badgeware

Top 5 reasons to deploy VMware with Tegile

Analysis Should you believe Red Hat's claims that its new Exchange marketplace for "open source business applications" contains nothing but open source business applications? We say "no" - since not even Red Hat appears to have a good answer for this question.

So far, Red Hat has filled its Exchange, also known as RHX, with software from numerous companies, including SugarCRM, Zimbra, and Alfresco. In posting their wares to the exchange, these software makers have given Red Hat permission to lead sales and provide support. Ultimately, all the vendors involved celebrate RHX as a way of boosting the sale of open source software to small and mid-sized businesses.

The rub is that many of the applications may fail to meet the meaning of open source software as put down by the Open Source Initiative (OSI) - the self-proclaimed steward of the Open Source Definition. That's a problem when you consider that Red Hat bills RHX as a spot to "compare buy and manage open source business applications - all in one place and backed by the open source leader." And an even bigger problem crops up when you realize that Michael Tiemann, a Red Hat VP, has led the criticism of OSI offenders in his role as President of the OSI.

Tiemann, in fact, ignited the OSI licensing controversy in a blog post last month entitled "Will the real open source CRM please stand up?" Ever prolix, Tiemann charged after some reporter who referred to SugarCRM and Centric CRM as open source CRM vendors. SugarCRM, you see, relies on a modified version of the OSI-approved Mozilla Public License (MPL) that includes a controversial "attribution" clause, while Centric CRM uses its own Centric Public License, not approved by the OSI.

Tiemaan wrote:

Starting around 2006, the term open source came under attack from two new and unanticipated directions: the first was from vendors who claimed that they have every bit as much right to define the term as does the OSI, and the second was from vendors who claimed that their license was actually faithful to the Open Source Definition (OSD), and that the OSI board was merely being obtuse (or worse) in not recognizing that fact. (At least one vendor has pursued both lines of attack.)

This was certainly not the first attack we ever had to repel, but it is the first time we have had to confront agents who fly our flag as their actions serve to corrupt our movement. The time has come to bring the matter into the open, and to let the democratic light of the open source community illuminate for all of us the proper answer.

Some vendors flying the open source flag have claimed that the infamous attribution add-on to the MPL serves their purposes well and does little to harm the so-called open source "community." These vendors created the clause as a means of countering the wholesale borrowing of code by service providers.

The likes of Google and Yahoo! can grab an open source package, modify it and then run it on their servers without returning the modified code to the public domain. That's the result of some archaic notions around distribution embedded in many open source licenses. Entities have typically been required to reveal code changes only if they redistribute an open source package. Service providers, meanwhile, claim they're not redistributing the software simply by running it on their servers and providing a service to customers.

With the attribution clause in place, the software makers hoped to gain public recognition for their work by forcing service providers and others to display their corporate logos if a given software package was being used. The service providers could also opt to pay the software makers to remove the logo.

True blue open source zealots castigate the attribution crowd as badgeware vandals. More critically, the open source advocates contend that vendors simply do not have the right to claim they produce "open source" code and place that code under the license of their choosing. Such tactics threaten to undermine the open source agenda.

"So, what's at stake is whether the term 'open source' continues to mean anything, or is in effect abandoned to third-rate marketing clowns with delusions of grandeur," Rick Moen a Linux activist told us. "I think the latter would deliver a roundhouse blow to the ongoing open source / free software outreach effort, one from which it might never recover."

Beginner's guide to SSL certificates

Next page: The Return to RHX

More from The Register

next story
It's Big, it's Blue... it's simply FABLESS! IBM's chip-free future
Or why the reversal of globalisation ain't gonna 'appen
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Microsoft and Dell’s cloud in a box: Instant Azure for the data centre
A less painful way to run Microsoft’s private cloud
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
CAGE MATCH: Microsoft, Dell open co-located bit barns in Oz
Whole new species of XaaS spawning in the antipodes
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.