Feeds

OSI approves 'badgeware' license

Socialtext wins with CPLA

High performance access to file storage

OSCON The Open Source Initiative (OSI) shocked the world today by approving a "badgeware" style license.

Members of the OSI board, speaking here at OSCON, announced that Socialtext's Common Public Attribution License (CPAL) received its blessing this morning. The license proves similar to non-OSI approved badgeware or attribution licenses used by numerous open source companies. Some leaders of the OSI have been attacking companies such as Sugar CRM and CentricCRM for claiming to be "open source" companies despite relying on the unapproved attribution licenses.

"We have been at this for more than nine months," Ross Mayfield, CEO and cofounder of enterprise Wiki maker Socialtext, told us in an interview. "We have taken the legal hit, and the reputation hit. I don't want to be too proud that we won out in the end, but we did."

The so-called badgeware licenses have proved tricky, as many open source purists fear they will result in the egregious display of logos and other celebratory material. Such licenses ask that users of open source products make the origins of their code clear.

This is, in some ways, a reaction to companies that use large amounts of open source code on their servers without disclosing this use or returning code changes to the open source community. Such companies claim that they're not obligated to return code changes because they're simply delivering a service to customers - not redistributing the code for commercial use.

Under the attribution-style licenses, code users must display a logo representing the original developer or pay the developer a fee.

The new CPAL should provide a way for CentricCRM and others to modify such licenses slightly and gain OSI approval.

The OSI has yet to release the new license language, at the time of this report, although a draft version can be seen here. We've viewed a final version of the license and very little has changed.

"As a modest attribution to the organizer of the development of the Original Code ("Original Developer"), in the hope that its promotional value may help justify the time, money and effort invested in writing the Original Code, the Original Developer may include in Exhibit B ("Attribution Notice") a requirement that each time an Executable and Source Code or a Larger Work is launched or run, a prominent display of the Original Developer's Attribution Information (as defined below) must occur on the graphic user interface (which may include display on a splash screen), if any," the license reads.

Only companies relying on graphical user interfaces must worry about the attribution clause.

Also of note is the "network use" or "external deployment" clause.

"The term 'External Deployment' means the use, distribution, or communication of the Original Code or Modifications in any way such that the Original Code or Modifications may be used by anyone other than You, whether those works are distributed or communicated to those persons or made available as an application intended for use over a network."

That could be a major blow for service providers if it gains wide adoption. Google's open source guru Chris DiBona, however, told us that Google will just make its own code when needed to get around clauses similar to these.

"We have enough engineering resources that, if the license has obligations we are not interested in, we can just not use it," he said.

OSI president and Red Hat executive Michael Tiemann has been the most outspoken critic of the broad use of badgeware licenses. He's pushed the position that companies claiming to be open source software makers while not using an OSI-approved license threaten to undermine the value of the open source brand.

The CPAL license seems to put some of these concerns to rest. For example, companies such as SugarCRM are looking at replacing their own attribution licenses with CPAL, SugarCRM CEO John Roberts told us.

In addition, we'll see if the badgeware fears of logos-logos-everywhere will be realized.

"Now, we have an opportunity to test out in the market if those nightmares are actually real," Mayfield said. ®

High performance access to file storage

More from The Register

next story
Seagate brings out 6TB HDD, did not need NO STEENKIN' SHINGLES
Or helium filling either, according to reports
European Court of Justice rips up Data Retention Directive
Rules 'interfering' measure to be 'invalid'
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Cisco reps flog Whiptail's Invicta arrays against EMC and Pure
Storage reseller report reveals who's selling what
Bored with trading oil and gold? Why not flog some CLOUD servers?
Chicago Mercantile Exchange plans cloud spot exchange
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
IT bods: How long does it take YOU to train up on new tech?
I'll leave my arrays to do the hard work, if you don't mind
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.