Feeds

Red Hat flags OSI offenders on partner site

Users force enlightenment

Mobile application security vulnerability report

OSCON Sometimes being the open source software leader means distancing yourself from open source claims.

Red Hat has bowed to pressure and improved the way it describes partner software licenses on the Red Hat Exchange (RHX). The licenses of companies such as SugarCRM, Zimbra and Alfresco used to be buried on the RHX site, requiring interested customers to spend considerable time finding the documentation. This hide-the-license policy angered some open source advocates who argued that Red Hat gave the misleading impression that all RHX vendors had Open Source Initiative (OSI)-approved licenses. Now, Red Hat is working to banish broad "open source software" claims from the RHX marketplace.

Earlier this month, we uncovered the RHX issues, and Red Hat took notice. According to sources, Red Hat contacted RHX partners over the past week, asking for clear licensing details for their respective products, noting that RHX had started to receive negative press on the licensing matter.

Red Hat began displaying the new information this weekend. In addition, Red Hat removed a number of "open source software" descriptions from the RHX site, replacing the language on most occasions by characterizing the products as "business solutions."

The RHX controversy bubbled up out of comments made by Red Hat executive and OSI board member Michael Tiemann, who complained that a number of companies were abusing the "open source" label. Some software makers have adopted so-called attribution licenses, which require those who take their code to display the given software maker's logo.

This is a reaction to the growing trend of service providers such as Google and Yahoo! taking open source code, running it on their servers and then failing to release any changes to the code back to the "community." The service providers are able to do this because of an archaic notion of distribution tied to many open source license where running code on a server and delivering a service does not count as distribution, while shipping software on CDs or via downloads does.

The OSI has yet to approve an attribution-style license, which puts companies such as SugarCRM and Centric CRM, who have their own licenses, in the non open source/badgeware camp, according to Tiemann and others.

Despite its self-proclaimed position as the shepherd of open source software, Red Hat did the OSI camp few favors when it launched RHX in May. Red Hat grouped all of the software partners under the open source software umbrella and hid companies' licensing information. (RHX is billed as a one-stop-shop for small- to medium-sized businesses to pick up popular applications and Red Hat-led support.)

Red Hat's stance put Tiemann, also with OSI, in an awkward position. To the executive's credit, he asked that Red Hat do more with the RHX site.

The company responded to the request in short order.

You'll now find SugarCRM's licensing policy, for example, described in simple terms. "This license is not Open Source Initiative Approved," the RHX page says. "The license allows redistribution, but only if certain attribution requirements are met."

Most of the licensing language is remarkably clear.

"We're being a lot more forthcoming with disclosing and actually educating our customers about what exactly the license is," Donald Fischer, VP of online services at Red Hat, told us today during an interview at the OSCON conference. "We are working on creating human readable license summaries similar to what the Creative Commons has done.

"We did not get it all right and have responded to feedback we got from the community."

Does any of this really matter? Well, that's a fair question.

Plenty of people will argue that the OSI is not their lord and master. Companies can ship software and call it open source on their own, especially when they're clearly allowing modification and broad use of their code.

Tiemann, however, counters that clarity is needed in this area to prevent abuse of the open source term, particularly as larger companies such as Oracle begin butting into the open source market with aggressive tactics.

If Red Hat takes its position as the self-proclaimed open source leader seriously, it should be on top of these issues and be consistent. The company appears to have moved toward this goal with the RHX updates. ®

Bridging the IT gap between rising business demands and ageing tools

More from The Register

next story
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
FLAPE – the next BIG THING in storage
Find cold data with flash, transmit it from tape
Seagate chances ARM with NAS boxes for the SOHO crowd
There's an Atom-powered offering, too
Gartner: To the right, to the right – biz sync firms who've won in a box to the right...
Magic quadrant: Top marks for, er, completeness of vision, EMC
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.