Feeds

Free software darling SugarCRM blasts OSI

Restrictive hypocrites

Internet Security Threat Report 2014

LinuxWorld Full of free software pride, SugarCRM CEO John Roberts has revitalized his attack against the Open Source Initiative (OSI) characterizing the organization as weak and confused.

After being the open source community's whipping boy, SugarCRM now enjoys a position of power. Last month, the software maker agreed to place a fresh version of its flagship product under the General Public License v3 (GPLv3) crafted by the Free Software Foundation. This established SugarCRM as the most prominent backer of GPLv3 to date.

The adoption of GPLv3 marked a significant shift in SugarCRM's licensing policy. The company had relied on a modified version of the Mozilla Public License (MPL) that required users of its code to display a SugarCRM logo. Critics - and there are many - of this type of license described SugarCRM as a badgeware vendor. In addition, OSI board members chastised SugarCRM for presenting itself as an open source software maker despite using a license not approved by the OSI – the self-proclaimed defenders of the open source definition.

When SugarCRM moved to GPLv3, quite a few reports emerged pushing the idea that the OSI forced it into the decision through public ridicule. Not so, according to Roberts.

"The OSI had nothing to do with our decision to go with GPLv3," Roberts said, during a panel today here at LinuxWorld.

Just as SugarCRM shifted to GPLv3, the OSI approved a badgerware license from Web 2.0 felch Socialtext.

"The OSI was hammering on us, and they just turned around and approved a more restrictive license," Roberts said. "It is really hypocrisy here."

And, in fact, Socialtext's Common Public Attribution License (CPAL) includes both an attribution clause – the logo bit – and a network use clause that forces software-as-a-service companies and service providers to give credit where credit may be due. That's a step beyond SugarCRM's old attribution license.

Even worse, the OSI has yet to approve GPLv3 as an open source license. In fact, the organization only managed to put GPLv3 up for review this week due to some bungling.

"Chris DiBona [Google's open source guru] submitted GPLv3 and LGPLv3 last month, but his submission was in the wrong format, so it was not captured by the automated tools that are set up to establish and track discussions," OSI President Michael Tiemann told us. "Russ Nelson [OSI's license approval chair] caught the error (manually), and the state as of (Aug. 5) is that we have both the GPLv3 and the LGPLv3 as formally submitted for discussion. When Russ believes the list has reached a consensus, he will report that consensus and we will take it under consideration for a vote."

These awkward machinations seem insane to us when you consider that GPLv2 covers close to 70 per cent of all the projects on SourgeForge and stands as the most prominent open source license. Surely, the OSI would think to slot its successor in for review as soon as it was possible, right?

In fairness, the OSI tends to give the author of a license the first crack at submitting it for approval. The FSF, however, has no intention of seeking the OSI's approval since it couldn't care less whether some organization deems its work worthy of the open source label. Everyone at the OSI knows this, and members of the organization should have taken it upon themselves to make sure such a crucial license was put up for review at the earliest possible moment. Instead, we find excuses about missing e-mails and improper formatting.

Roberts continues to question why the OSI gets to be the arbiter of all things open source – a query made stronger by the chaos often displayed by the organization and the fact that the board members are not elected but rather tapped to lead during a bizarre hazing ritual performed at midnight in the San Diego Zoo's penguin display.

"I really like what OSI represents as an organization," Roberts said. "But no one really asks, 'Who are the approvers. How are they elected – by hundreds of votes or three or four votes? How did you get to become the Supreme Court?'"

The hapless Danese Cooper, an OSI board member and Intel employee, did her best, during the LinuxWorld panel, to avoid adding any substance to the discussion. So desperate for attention that she knits during panels, Cooper shrugged off the OSI criticism, saying that GPLv3 is in fact making its way through OSI's approval process just fine.

The OSI could do itself a favor by making sure that people more willing to confront issues honestly and clearly – like Tiemann – show up at these types of gigs.

Roberts has recommended that the OSI or someone adopt a Digg-style system for sorting through open source licenses where the most popular – and perhaps useful – licenses would rise to the top. That idea feels a bit wisdom of crowds dependent to us, but at least it's a fresh idea.

The OSI's Tiemann remains impressive for his defense of the open source ideology, and it seems that something like the OSI is crucial for such a task. A Digg-style system would seem to place little emphasis on protecting ideals, brands and the like. Ultimately, you do want "open source" to mean something significant, and it takes thoughtful people to protect that.

That said, we find the OSI undermining its influence through the SugarCRM/GPLv3 epsisode.

It's beating up on SugarCRM one day and then championing it the next for a license switch. In actual fact, though, SugarCRM is still not an open source vendor under the OSI's definition because the OSI has failed to push through its approval of GPLv3 at speed. If this isn't ironic, it's at least a little pathetic. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Be real, Apple: In-app goodie grab games AREN'T FREE – EU
Cupertino stands down after Euro legal threats
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Bada-Bing! Mozilla flips Firefox to YAHOO! for search
Microsoft system will be the default for browser in US until 2020
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.