Feeds

Free software darling SugarCRM blasts OSI

Restrictive hypocrites

Combat fraud and increase customer satisfaction

LinuxWorld Full of free software pride, SugarCRM CEO John Roberts has revitalized his attack against the Open Source Initiative (OSI) characterizing the organization as weak and confused.

After being the open source community's whipping boy, SugarCRM now enjoys a position of power. Last month, the software maker agreed to place a fresh version of its flagship product under the General Public License v3 (GPLv3) crafted by the Free Software Foundation. This established SugarCRM as the most prominent backer of GPLv3 to date.

The adoption of GPLv3 marked a significant shift in SugarCRM's licensing policy. The company had relied on a modified version of the Mozilla Public License (MPL) that required users of its code to display a SugarCRM logo. Critics - and there are many - of this type of license described SugarCRM as a badgeware vendor. In addition, OSI board members chastised SugarCRM for presenting itself as an open source software maker despite using a license not approved by the OSI – the self-proclaimed defenders of the open source definition.

When SugarCRM moved to GPLv3, quite a few reports emerged pushing the idea that the OSI forced it into the decision through public ridicule. Not so, according to Roberts.

"The OSI had nothing to do with our decision to go with GPLv3," Roberts said, during a panel today here at LinuxWorld.

Just as SugarCRM shifted to GPLv3, the OSI approved a badgerware license from Web 2.0 felch Socialtext.

"The OSI was hammering on us, and they just turned around and approved a more restrictive license," Roberts said. "It is really hypocrisy here."

And, in fact, Socialtext's Common Public Attribution License (CPAL) includes both an attribution clause – the logo bit – and a network use clause that forces software-as-a-service companies and service providers to give credit where credit may be due. That's a step beyond SugarCRM's old attribution license.

Even worse, the OSI has yet to approve GPLv3 as an open source license. In fact, the organization only managed to put GPLv3 up for review this week due to some bungling.

"Chris DiBona [Google's open source guru] submitted GPLv3 and LGPLv3 last month, but his submission was in the wrong format, so it was not captured by the automated tools that are set up to establish and track discussions," OSI President Michael Tiemann told us. "Russ Nelson [OSI's license approval chair] caught the error (manually), and the state as of (Aug. 5) is that we have both the GPLv3 and the LGPLv3 as formally submitted for discussion. When Russ believes the list has reached a consensus, he will report that consensus and we will take it under consideration for a vote."

These awkward machinations seem insane to us when you consider that GPLv2 covers close to 70 per cent of all the projects on SourgeForge and stands as the most prominent open source license. Surely, the OSI would think to slot its successor in for review as soon as it was possible, right?

In fairness, the OSI tends to give the author of a license the first crack at submitting it for approval. The FSF, however, has no intention of seeking the OSI's approval since it couldn't care less whether some organization deems its work worthy of the open source label. Everyone at the OSI knows this, and members of the organization should have taken it upon themselves to make sure such a crucial license was put up for review at the earliest possible moment. Instead, we find excuses about missing e-mails and improper formatting.

Roberts continues to question why the OSI gets to be the arbiter of all things open source – a query made stronger by the chaos often displayed by the organization and the fact that the board members are not elected but rather tapped to lead during a bizarre hazing ritual performed at midnight in the San Diego Zoo's penguin display.

"I really like what OSI represents as an organization," Roberts said. "But no one really asks, 'Who are the approvers. How are they elected – by hundreds of votes or three or four votes? How did you get to become the Supreme Court?'"

The hapless Danese Cooper, an OSI board member and Intel employee, did her best, during the LinuxWorld panel, to avoid adding any substance to the discussion. So desperate for attention that she knits during panels, Cooper shrugged off the OSI criticism, saying that GPLv3 is in fact making its way through OSI's approval process just fine.

The OSI could do itself a favor by making sure that people more willing to confront issues honestly and clearly – like Tiemann – show up at these types of gigs.

Roberts has recommended that the OSI or someone adopt a Digg-style system for sorting through open source licenses where the most popular – and perhaps useful – licenses would rise to the top. That idea feels a bit wisdom of crowds dependent to us, but at least it's a fresh idea.

The OSI's Tiemann remains impressive for his defense of the open source ideology, and it seems that something like the OSI is crucial for such a task. A Digg-style system would seem to place little emphasis on protecting ideals, brands and the like. Ultimately, you do want "open source" to mean something significant, and it takes thoughtful people to protect that.

That said, we find the OSI undermining its influence through the SugarCRM/GPLv3 epsisode.

It's beating up on SugarCRM one day and then championing it the next for a license switch. In actual fact, though, SugarCRM is still not an open source vendor under the OSI's definition because the OSI has failed to push through its approval of GPLv3 at speed. If this isn't ironic, it's at least a little pathetic. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.