Feeds

OSI approves 'badgeware' license

Socialtext wins with CPLA

Beginner's guide to SSL certificates

OSCON The Open Source Initiative (OSI) shocked the world today by approving a "badgeware" style license.

Members of the OSI board, speaking here at OSCON, announced that Socialtext's Common Public Attribution License (CPAL) received its blessing this morning. The license proves similar to non-OSI approved badgeware or attribution licenses used by numerous open source companies. Some leaders of the OSI have been attacking companies such as Sugar CRM and CentricCRM for claiming to be "open source" companies despite relying on the unapproved attribution licenses.

"We have been at this for more than nine months," Ross Mayfield, CEO and cofounder of enterprise Wiki maker Socialtext, told us in an interview. "We have taken the legal hit, and the reputation hit. I don't want to be too proud that we won out in the end, but we did."

The so-called badgeware licenses have proved tricky, as many open source purists fear they will result in the egregious display of logos and other celebratory material. Such licenses ask that users of open source products make the origins of their code clear.

This is, in some ways, a reaction to companies that use large amounts of open source code on their servers without disclosing this use or returning code changes to the open source community. Such companies claim that they're not obligated to return code changes because they're simply delivering a service to customers - not redistributing the code for commercial use.

Under the attribution-style licenses, code users must display a logo representing the original developer or pay the developer a fee.

The new CPAL should provide a way for CentricCRM and others to modify such licenses slightly and gain OSI approval.

The OSI has yet to release the new license language, at the time of this report, although a draft version can be seen here. We've viewed a final version of the license and very little has changed.

"As a modest attribution to the organizer of the development of the Original Code ("Original Developer"), in the hope that its promotional value may help justify the time, money and effort invested in writing the Original Code, the Original Developer may include in Exhibit B ("Attribution Notice") a requirement that each time an Executable and Source Code or a Larger Work is launched or run, a prominent display of the Original Developer's Attribution Information (as defined below) must occur on the graphic user interface (which may include display on a splash screen), if any," the license reads.

Only companies relying on graphical user interfaces must worry about the attribution clause.

Also of note is the "network use" or "external deployment" clause.

"The term 'External Deployment' means the use, distribution, or communication of the Original Code or Modifications in any way such that the Original Code or Modifications may be used by anyone other than You, whether those works are distributed or communicated to those persons or made available as an application intended for use over a network."

That could be a major blow for service providers if it gains wide adoption. Google's open source guru Chris DiBona, however, told us that Google will just make its own code when needed to get around clauses similar to these.

"We have enough engineering resources that, if the license has obligations we are not interested in, we can just not use it," he said.

OSI president and Red Hat executive Michael Tiemann has been the most outspoken critic of the broad use of badgeware licenses. He's pushed the position that companies claiming to be open source software makers while not using an OSI-approved license threaten to undermine the value of the open source brand.

The CPAL license seems to put some of these concerns to rest. For example, companies such as SugarCRM are looking at replacing their own attribution licenses with CPAL, SugarCRM CEO John Roberts told us.

In addition, we'll see if the badgeware fears of logos-logos-everywhere will be realized.

"Now, we have an opportunity to test out in the market if those nightmares are actually real," Mayfield said. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
IT crisis looming: 'What if AWS goes pop, runs out of cash?'
Public IaaS... something's gotta give - and it may be AWS
Linux? Bah! Red Hat has its eye on the CLOUD – and it wants to own it
CEO says it will be 'undisputed leader' in enterprise cloud tech
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
Hey, what's a STORAGE company doing working on Internet-of-Cars?
Boo - it's not a terabyte car, it's just predictive maintenance and that
Troll hunter Rackspace turns Rotatable's bizarro patent to stone
News of the Weird: Screen-rotating technology declared unpatentable
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.