Feeds

Red Hat flags OSI offenders on partner site

Users force enlightenment

Internet Security Threat Report 2014

OSCON Sometimes being the open source software leader means distancing yourself from open source claims.

Red Hat has bowed to pressure and improved the way it describes partner software licenses on the Red Hat Exchange (RHX). The licenses of companies such as SugarCRM, Zimbra and Alfresco used to be buried on the RHX site, requiring interested customers to spend considerable time finding the documentation. This hide-the-license policy angered some open source advocates who argued that Red Hat gave the misleading impression that all RHX vendors had Open Source Initiative (OSI)-approved licenses. Now, Red Hat is working to banish broad "open source software" claims from the RHX marketplace.

Earlier this month, we uncovered the RHX issues, and Red Hat took notice. According to sources, Red Hat contacted RHX partners over the past week, asking for clear licensing details for their respective products, noting that RHX had started to receive negative press on the licensing matter.

Red Hat began displaying the new information this weekend. In addition, Red Hat removed a number of "open source software" descriptions from the RHX site, replacing the language on most occasions by characterizing the products as "business solutions."

The RHX controversy bubbled up out of comments made by Red Hat executive and OSI board member Michael Tiemann, who complained that a number of companies were abusing the "open source" label. Some software makers have adopted so-called attribution licenses, which require those who take their code to display the given software maker's logo.

This is a reaction to the growing trend of service providers such as Google and Yahoo! taking open source code, running it on their servers and then failing to release any changes to the code back to the "community." The service providers are able to do this because of an archaic notion of distribution tied to many open source license where running code on a server and delivering a service does not count as distribution, while shipping software on CDs or via downloads does.

The OSI has yet to approve an attribution-style license, which puts companies such as SugarCRM and Centric CRM, who have their own licenses, in the non open source/badgeware camp, according to Tiemann and others.

Despite its self-proclaimed position as the shepherd of open source software, Red Hat did the OSI camp few favors when it launched RHX in May. Red Hat grouped all of the software partners under the open source software umbrella and hid companies' licensing information. (RHX is billed as a one-stop-shop for small- to medium-sized businesses to pick up popular applications and Red Hat-led support.)

Red Hat's stance put Tiemann, also with OSI, in an awkward position. To the executive's credit, he asked that Red Hat do more with the RHX site.

The company responded to the request in short order.

You'll now find SugarCRM's licensing policy, for example, described in simple terms. "This license is not Open Source Initiative Approved," the RHX page says. "The license allows redistribution, but only if certain attribution requirements are met."

Most of the licensing language is remarkably clear.

"We're being a lot more forthcoming with disclosing and actually educating our customers about what exactly the license is," Donald Fischer, VP of online services at Red Hat, told us today during an interview at the OSCON conference. "We are working on creating human readable license summaries similar to what the Creative Commons has done.

"We did not get it all right and have responded to feedback we got from the community."

Does any of this really matter? Well, that's a fair question.

Plenty of people will argue that the OSI is not their lord and master. Companies can ship software and call it open source on their own, especially when they're clearly allowing modification and broad use of their code.

Tiemann, however, counters that clarity is needed in this area to prevent abuse of the open source term, particularly as larger companies such as Oracle begin butting into the open source market with aggressive tactics.

If Red Hat takes its position as the self-proclaimed open source leader seriously, it should be on top of these issues and be consistent. The company appears to have moved toward this goal with the RHX updates. ®

Internet Security Threat Report 2014

More from The Register

next story
Cray-cray Met Office spaffs £97m on VERY AVERAGE HPC box
Only 250th most powerful in the world? Bring back Michael Fish
UK.gov pushes for SWIFT ACTION against nuisance calls, threatens £500k fines
DCMS seeks lowering of legal threshold to fight rogue firms
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
The DRUGSTORES DON'T WORK, CVS makes IT WORSE ... for Apple Pay
Goog Wallet apparently also spurned in NFC lockdown
Microsoft brings the CLOUD that GOES ON FOREVER
Sky's the limit with unrestricted space in the cloud
'ANYTHING BUT STABLE' Netflix suffers BIG Europe-wide outage
Friday night LIVE? Nope. The only thing streaming are tears down my face
Google roolz! Nest buys Revolv, KILLS new sales of home hub
Take my temperature, I'm feeling a little bit dizzy
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
How to simplify SSL certificate management
Simple steps to take control of SSL certificates across the enterprise, and recommendations centralizing certificate management throughout their lifecycle.