Feeds

OSI approves 'badgeware' license

Socialtext wins with CPLA

Application security programs and practises

OSCON The Open Source Initiative (OSI) shocked the world today by approving a "badgeware" style license.

Members of the OSI board, speaking here at OSCON, announced that Socialtext's Common Public Attribution License (CPAL) received its blessing this morning. The license proves similar to non-OSI approved badgeware or attribution licenses used by numerous open source companies. Some leaders of the OSI have been attacking companies such as Sugar CRM and CentricCRM for claiming to be "open source" companies despite relying on the unapproved attribution licenses.

"We have been at this for more than nine months," Ross Mayfield, CEO and cofounder of enterprise Wiki maker Socialtext, told us in an interview. "We have taken the legal hit, and the reputation hit. I don't want to be too proud that we won out in the end, but we did."

The so-called badgeware licenses have proved tricky, as many open source purists fear they will result in the egregious display of logos and other celebratory material. Such licenses ask that users of open source products make the origins of their code clear.

This is, in some ways, a reaction to companies that use large amounts of open source code on their servers without disclosing this use or returning code changes to the open source community. Such companies claim that they're not obligated to return code changes because they're simply delivering a service to customers - not redistributing the code for commercial use.

Under the attribution-style licenses, code users must display a logo representing the original developer or pay the developer a fee.

The new CPAL should provide a way for CentricCRM and others to modify such licenses slightly and gain OSI approval.

The OSI has yet to release the new license language, at the time of this report, although a draft version can be seen here. We've viewed a final version of the license and very little has changed.

"As a modest attribution to the organizer of the development of the Original Code ("Original Developer"), in the hope that its promotional value may help justify the time, money and effort invested in writing the Original Code, the Original Developer may include in Exhibit B ("Attribution Notice") a requirement that each time an Executable and Source Code or a Larger Work is launched or run, a prominent display of the Original Developer's Attribution Information (as defined below) must occur on the graphic user interface (which may include display on a splash screen), if any," the license reads.

Only companies relying on graphical user interfaces must worry about the attribution clause.

Also of note is the "network use" or "external deployment" clause.

"The term 'External Deployment' means the use, distribution, or communication of the Original Code or Modifications in any way such that the Original Code or Modifications may be used by anyone other than You, whether those works are distributed or communicated to those persons or made available as an application intended for use over a network."

That could be a major blow for service providers if it gains wide adoption. Google's open source guru Chris DiBona, however, told us that Google will just make its own code when needed to get around clauses similar to these.

"We have enough engineering resources that, if the license has obligations we are not interested in, we can just not use it," he said.

OSI president and Red Hat executive Michael Tiemann has been the most outspoken critic of the broad use of badgeware licenses. He's pushed the position that companies claiming to be open source software makers while not using an OSI-approved license threaten to undermine the value of the open source brand.

The CPAL license seems to put some of these concerns to rest. For example, companies such as SugarCRM are looking at replacing their own attribution licenses with CPAL, SugarCRM CEO John Roberts told us.

In addition, we'll see if the badgeware fears of logos-logos-everywhere will be realized.

"Now, we have an opportunity to test out in the market if those nightmares are actually real," Mayfield said. ®

Eight steps to building an HP BladeSystem

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
SHOCK and AWS: The fall of Amazon's deflationary cloud
Just as Jeff Bezos did to books and CDs, Amazon's rivals are now doing to it
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
BlackBerry: Toss the server, mate... BES is in the CLOUD now
BlackBerry Enterprise Services takes aim at SMEs - but there's a catch
The triumph of VVOL: Everyone's jumping into bed with VMware
'Bandwagon'? Yes, we're on it and so what, say big dogs
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.