Feeds

Meet Mark Radcliffe: The man who rules open source law

'The most inefficient conspirator in the world'

Top three mobile application threats

As one of his clients told us, "Mark Radcliffe is the law when it comes to open source software."

Radcliffe, an attorney at giant DLA Piper, has lurked behind some of the most important shifts in the open source world over the past few years. He helped Sun Microsystems open source the Solaris operating system, developing Sun's CDDL (Common Development and Distribution License) license. He crafted SugarCRM's controversial attribution license and then did similar work for a handful of significant open source players. This year, he teamed with SocialText to push the CPAL (Common Public Attribution License) through OSI (Open Source Initiative) approval, while at the same time advising the OSI as legal counsel. And Radcliffe worked with the Free Software Foundation on v3 of the General Public License (GPL).

Matters such as SCO's Linux assault and Microsoft's hints of legal action against open source software makers and users tend to dominate the public discourse around open source code.

The projects that Radcliffe has touched, however, stand as far more substantial to the evolution of of open source software as it marches into big and small business. Radcliffe now looms as the dominant force shaping the restrictions/permissions around open source software (OSS), but few people outside of the core OSS kingdom are aware of the scope of his work.

Radcliffe's power in the open source world has not escaped controversy. For example, some of the open source world's most rabid vocal members went after his attribution licenses, which often require the display of a company's logo by users of a given product. More than a dozen open source players have crafted their own attribution licenses - a derivative of the Mozilla Public License (MPL) - outside of the OSI's official "open source" blessing. This influx of attribution licenses has prompted some to present horror scenarios of logos filling up your screen in a badgeware meltdown.

The OSI railed against these attribution licenses just before the organization approved the CPAL license in July. So, you find Radcliffe championing a license of his making, while advising the OSI on its merits at the same time.

Head shot of Mark Radcliffe

Mark Radcliffe

Was Radcliffe miffed by the open source "community's" shock and horror over the attribution licenses?

"I was a little bit surprised," he told us. "We thought what we were doing was totally consistent with the open source definition.

"Attribution and giving people credit for what they've done is kind of at the core of the whole open source philosophy from my point of view. So, I didn't see attribution as being the big, evil thing that everybody was concerned about."

Of course, the open source "community's" initial response to just about anything tends to veer toward apocalyptic scenarios - in this case a world destroyed by logos. Rather than tempting reality, the members of the never-ending car crash known as the "license-discuss" mailing list, where all the really important OSI matters are handled, embraced conniption.

"You know, if you don't like something, give it an evil name and come up with these hypotheticals that don't exist in the real world," Radcliffe said.

"It is interesting to me that in all of the discussions on license-discuss the problem that people were talking about, which is that attribution would somehow limit the number of people who are willing to distribute the product and it would destroy the marketing, I don't remember any comment from any distributor of any of the products using open source except a positive one.

"So this big problem that a couple of the people on license-discuss were postulating as to how this was going to destroy open source just had no basis in fact."

Through the efforts of Radcliffe and SocialText's CEO Ross Mayfield, CPAL has arrived as a viable open source license that delivers the attribution clause as well as a network use clause that regulates how service providers, for example, can make use of code. Companies such as Mulesource have already picked up CPAL, and more of the attribution license crowd is expected to follow suit.

Radcliffe dismisses the contention that his influence with the OSI ultimately generated any favoritism for CPAL.

"There are some people who seem to have developed this enormous conspiracy theory, and, if they're right, then I am probably the most inefficient conspirator in the world, since it took me eight months to get CPAL through."

But, let's move away from the OSI and CPAL to get "the law's" take on some broader issues facing the open source "community."

3 Big data security analytics techniques

Next page: Network abuse

More from The Register

next story
OpenBSD founder wants to bin buggy OpenSSL library, launches fork
One Heartbleed vuln was too many for Theo de Raadt
Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
Leaker claims big release due this fall as Microsoft herds us into the CLOUD
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
Plus: iThings and desktops at risk of NEW SSL attack flaw
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Apple inaugurates free OS X beta program for world+dog
Prerelease software now open to anyone, not just developers – as long as you keep quiet
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.