Feeds

OSI approves 'badgeware' license

Socialtext wins with CPLA

Security for virtualized datacentres

OSCON The Open Source Initiative (OSI) shocked the world today by approving a "badgeware" style license.

Members of the OSI board, speaking here at OSCON, announced that Socialtext's Common Public Attribution License (CPAL) received its blessing this morning. The license proves similar to non-OSI approved badgeware or attribution licenses used by numerous open source companies. Some leaders of the OSI have been attacking companies such as Sugar CRM and CentricCRM for claiming to be "open source" companies despite relying on the unapproved attribution licenses.

"We have been at this for more than nine months," Ross Mayfield, CEO and cofounder of enterprise Wiki maker Socialtext, told us in an interview. "We have taken the legal hit, and the reputation hit. I don't want to be too proud that we won out in the end, but we did."

The so-called badgeware licenses have proved tricky, as many open source purists fear they will result in the egregious display of logos and other celebratory material. Such licenses ask that users of open source products make the origins of their code clear.

This is, in some ways, a reaction to companies that use large amounts of open source code on their servers without disclosing this use or returning code changes to the open source community. Such companies claim that they're not obligated to return code changes because they're simply delivering a service to customers - not redistributing the code for commercial use.

Under the attribution-style licenses, code users must display a logo representing the original developer or pay the developer a fee.

The new CPAL should provide a way for CentricCRM and others to modify such licenses slightly and gain OSI approval.

The OSI has yet to release the new license language, at the time of this report, although a draft version can be seen here. We've viewed a final version of the license and very little has changed.

"As a modest attribution to the organizer of the development of the Original Code ("Original Developer"), in the hope that its promotional value may help justify the time, money and effort invested in writing the Original Code, the Original Developer may include in Exhibit B ("Attribution Notice") a requirement that each time an Executable and Source Code or a Larger Work is launched or run, a prominent display of the Original Developer's Attribution Information (as defined below) must occur on the graphic user interface (which may include display on a splash screen), if any," the license reads.

Only companies relying on graphical user interfaces must worry about the attribution clause.

Also of note is the "network use" or "external deployment" clause.

"The term 'External Deployment' means the use, distribution, or communication of the Original Code or Modifications in any way such that the Original Code or Modifications may be used by anyone other than You, whether those works are distributed or communicated to those persons or made available as an application intended for use over a network."

That could be a major blow for service providers if it gains wide adoption. Google's open source guru Chris DiBona, however, told us that Google will just make its own code when needed to get around clauses similar to these.

"We have enough engineering resources that, if the license has obligations we are not interested in, we can just not use it," he said.

OSI president and Red Hat executive Michael Tiemann has been the most outspoken critic of the broad use of badgeware licenses. He's pushed the position that companies claiming to be open source software makers while not using an OSI-approved license threaten to undermine the value of the open source brand.

The CPAL license seems to put some of these concerns to rest. For example, companies such as SugarCRM are looking at replacing their own attribution licenses with CPAL, SugarCRM CEO John Roberts told us.

In addition, we'll see if the badgeware fears of logos-logos-everywhere will be realized.

"Now, we have an opportunity to test out in the market if those nightmares are actually real," Mayfield said. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
IBM storage revenues sink: 'We are disappointed,' says CEO
Time to put the storage biz up for sale?
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Microsoft and Dell’s cloud in a box: Instant Azure for the data centre
A less painful way to run Microsoft’s private cloud
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
CAGE MATCH: Microsoft, Dell open co-located bit barns in Oz
Whole new species of XaaS spawning in the antipodes
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.