Feeds

Free software darling SugarCRM blasts OSI

Restrictive hypocrites

Choosing a cloud hosting partner with confidence

LinuxWorld Full of free software pride, SugarCRM CEO John Roberts has revitalized his attack against the Open Source Initiative (OSI) characterizing the organization as weak and confused.

After being the open source community's whipping boy, SugarCRM now enjoys a position of power. Last month, the software maker agreed to place a fresh version of its flagship product under the General Public License v3 (GPLv3) crafted by the Free Software Foundation. This established SugarCRM as the most prominent backer of GPLv3 to date.

The adoption of GPLv3 marked a significant shift in SugarCRM's licensing policy. The company had relied on a modified version of the Mozilla Public License (MPL) that required users of its code to display a SugarCRM logo. Critics - and there are many - of this type of license described SugarCRM as a badgeware vendor. In addition, OSI board members chastised SugarCRM for presenting itself as an open source software maker despite using a license not approved by the OSI – the self-proclaimed defenders of the open source definition.

When SugarCRM moved to GPLv3, quite a few reports emerged pushing the idea that the OSI forced it into the decision through public ridicule. Not so, according to Roberts.

"The OSI had nothing to do with our decision to go with GPLv3," Roberts said, during a panel today here at LinuxWorld.

Just as SugarCRM shifted to GPLv3, the OSI approved a badgerware license from Web 2.0 felch Socialtext.

"The OSI was hammering on us, and they just turned around and approved a more restrictive license," Roberts said. "It is really hypocrisy here."

And, in fact, Socialtext's Common Public Attribution License (CPAL) includes both an attribution clause – the logo bit – and a network use clause that forces software-as-a-service companies and service providers to give credit where credit may be due. That's a step beyond SugarCRM's old attribution license.

Even worse, the OSI has yet to approve GPLv3 as an open source license. In fact, the organization only managed to put GPLv3 up for review this week due to some bungling.

"Chris DiBona [Google's open source guru] submitted GPLv3 and LGPLv3 last month, but his submission was in the wrong format, so it was not captured by the automated tools that are set up to establish and track discussions," OSI President Michael Tiemann told us. "Russ Nelson [OSI's license approval chair] caught the error (manually), and the state as of (Aug. 5) is that we have both the GPLv3 and the LGPLv3 as formally submitted for discussion. When Russ believes the list has reached a consensus, he will report that consensus and we will take it under consideration for a vote."

These awkward machinations seem insane to us when you consider that GPLv2 covers close to 70 per cent of all the projects on SourgeForge and stands as the most prominent open source license. Surely, the OSI would think to slot its successor in for review as soon as it was possible, right?

In fairness, the OSI tends to give the author of a license the first crack at submitting it for approval. The FSF, however, has no intention of seeking the OSI's approval since it couldn't care less whether some organization deems its work worthy of the open source label. Everyone at the OSI knows this, and members of the organization should have taken it upon themselves to make sure such a crucial license was put up for review at the earliest possible moment. Instead, we find excuses about missing e-mails and improper formatting.

Roberts continues to question why the OSI gets to be the arbiter of all things open source – a query made stronger by the chaos often displayed by the organization and the fact that the board members are not elected but rather tapped to lead during a bizarre hazing ritual performed at midnight in the San Diego Zoo's penguin display.

"I really like what OSI represents as an organization," Roberts said. "But no one really asks, 'Who are the approvers. How are they elected – by hundreds of votes or three or four votes? How did you get to become the Supreme Court?'"

The hapless Danese Cooper, an OSI board member and Intel employee, did her best, during the LinuxWorld panel, to avoid adding any substance to the discussion. So desperate for attention that she knits during panels, Cooper shrugged off the OSI criticism, saying that GPLv3 is in fact making its way through OSI's approval process just fine.

The OSI could do itself a favor by making sure that people more willing to confront issues honestly and clearly – like Tiemann – show up at these types of gigs.

Roberts has recommended that the OSI or someone adopt a Digg-style system for sorting through open source licenses where the most popular – and perhaps useful – licenses would rise to the top. That idea feels a bit wisdom of crowds dependent to us, but at least it's a fresh idea.

The OSI's Tiemann remains impressive for his defense of the open source ideology, and it seems that something like the OSI is crucial for such a task. A Digg-style system would seem to place little emphasis on protecting ideals, brands and the like. Ultimately, you do want "open source" to mean something significant, and it takes thoughtful people to protect that.

That said, we find the OSI undermining its influence through the SugarCRM/GPLv3 epsisode.

It's beating up on SugarCRM one day and then championing it the next for a license switch. In actual fact, though, SugarCRM is still not an open source vendor under the OSI's definition because the OSI has failed to push through its approval of GPLv3 at speed. If this isn't ironic, it's at least a little pathetic. ®

Internet Security Threat Report 2014

More from The Register

next story
Preview redux: Microsoft ships new Windows 10 build with 7,000 changes
Latest bleeding-edge bits borrow Action Center from Windows Phone
Google opens Inbox – email for people too thick to handle email
Print this article out and give it to someone tech-y if you get stuck
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
Entity Framework goes 'code first' as Microsoft pulls visual design tool
Visual Studio database diagramming's out the window
Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...
Wobbly Gmail, Contacts, Calendar on the other hand ...
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.