Analysis Should you believe Red Hat's claims that its new Exchange marketplace for "open source business applications" contains nothing but open source business applications? We say "no" - since not even Red Hat appears to have a good answer for this question.

So far, Red Hat has filled its Exchange, also known as RHX, with software from numerous companies, including SugarCRM, Zimbra, and Alfresco. In posting their wares to the exchange, these software makers have given Red Hat permission to lead sales and provide support. Ultimately, all the vendors involved celebrate RHX as a way of boosting the sale of open source software to small and mid-sized businesses.

The rub is that many of the applications may fail to meet the meaning of open source software as put down by the Open Source Initiative (OSI) - the self-proclaimed steward of the Open Source Definition. That's a problem when you consider that Red Hat bills RHX as a spot to "compare buy and manage open source business applications - all in one place and backed by the open source leader." And an even bigger problem crops up when you realize that Michael Tiemann, a Red Hat VP, has led the criticism of OSI offenders in his role as President of the OSI.

Tiemann, in fact, ignited the OSI licensing controversy in a blog post last month entitled "Will the real open source CRM please stand up?" Ever prolix, Tiemann charged after some reporter who referred to SugarCRM and Centric CRM as open source CRM vendors. SugarCRM, you see, relies on a modified version of the OSI-approved Mozilla Public License (MPL) that includes a controversial "attribution" clause, while Centric CRM uses its own Centric Public License, not approved by the OSI.

Tiemaan wrote:

Starting around 2006, the term open source came under attack from two new and unanticipated directions: the first was from vendors who claimed that they have every bit as much right to define the term as does the OSI, and the second was from vendors who claimed that their license was actually faithful to the Open Source Definition (OSD), and that the OSI board was merely being obtuse (or worse) in not recognizing that fact. (At least one vendor has pursued both lines of attack.)

This was certainly not the first attack we ever had to repel, but it is the first time we have had to confront agents who fly our flag as their actions serve to corrupt our movement. The time has come to bring the matter into the open, and to let the democratic light of the open source community illuminate for all of us the proper answer.

Some vendors flying the open source flag have claimed that the infamous attribution add-on to the MPL serves their purposes well and does little to harm the so-called open source "community." These vendors created the clause as a means of countering the wholesale borrowing of code by service providers.

The likes of Google and Yahoo! can grab an open source package, modify it and then run it on their servers without returning the modified code to the public domain. That's the result of some archaic notions around distribution embedded in many open source licenses. Entities have typically been required to reveal code changes only if they redistribute an open source package. Service providers, meanwhile, claim they're not redistributing the software simply by running it on their servers and providing a service to customers.

With the attribution clause in place, the software makers hoped to gain public recognition for their work by forcing service providers and others to display their corporate logos if a given software package was being used. The service providers could also opt to pay the software makers to remove the logo.

True blue open source zealots castigate the attribution crowd as badgeware vandals. More critically, the open source advocates contend that vendors simply do not have the right to claim they produce "open source" code and place that code under the license of their choosing. Such tactics threaten to undermine the open source agenda.

"So, what's at stake is whether the term 'open source' continues to mean anything, or is in effect abandoned to third-rate marketing clowns with delusions of grandeur," Rick Moen a Linux activist told us. "I think the latter would deliver a roundhouse blow to the ongoing open source / free software outreach effort, one from which it might never recover."

The OSI license debate, like so many things open source, conjures up both emotional and pragmatic elements.

Critics of the OSI have room to argue a couple of major points. They can claim that the organization has failed to provide a well-greased mechanism for license examination and approval, something some OSI members will cop to. In addition, they can push forward independently, claiming that the OSI is not their boss. Business moves at the speed of business not standards organizations.

And, lastly, you can make a case that there's something very outdated about the desire of open source bigots to hold on the so-called "community" nature behind their software. The fact of the matter is that non-proprietary software has become popular with big business. The peace and love era has ended.

Tiemann proves uninterested in such arguments.

"In the open source context, when Larry Ellison (Oracle's CEO who launched an attack against Red Hat) stood up during his keynote and said what he thought open source meant, he was really saying 'I can steal other people's code, sell it at half price and make a lot of money.'" Tiemann told us. "We better be a lot more careful about what open source means because the big guys are coming and subverting the definition as best as they can."

Tiemann says the OSI now has a proper communications platform in place, via a web site upgrade of all things, to help it counter open source abusers. And Tiemann thinks the time is right to make an issue of the license situation.

"Companies using the term open source without an OSI approved license are diluting the brand," Tiemann said. "They are using the term without a concrete reference point. I think this is a big deal.

"There has been so much integrity in terms of what open source has meant."

The Return to RHX

SugarCRM has become the whipping boy for Tiemann and the open source advocates in general. As a result, the software maker has issued an omerta, refusing to comment to the press.

Meanwhile, Red Hat has its own problems.

An FAQ page on the RHX web site makes the following statement: "The initial set of participating software partners all have an open source focus. We realize that there is debate about which companies are truly open source. To make it transparent to users, RHX lists license information for each software partner. Longer term, we may introduce proprietary applications that are friendly with open source applications."

In reality, those searching for clear license information on the RHX site will struggle to find it. Instead of providing the license upfront, Red Hat forces you to tunnel into FAQ minutiae for each application, and even then, you have to be lucky to discover the relevant information.

Some of the 13 companies in RHX stand out as huge OSI offenders, according to the "true" open source advocates. Software makers such as SugarCRM and Centric CRM are there. You'll also find the likes of MySQL, EnterpriseDB, Zmanda and Compiere using dual GPL and commercial licenses. Then, there are companies such as Zimbra that use the MPL for the majority of their software, relying on the attribution-friendly Zimbra Public License for their Ajax client.

"Zimbra is staunchly committed to open source ideals," said Scott Dietzen, President of Zimbra in a statement.

There's also Alfresco, which counts OSI director Matt Asay as a top executive and recently switched from the MPL to the GPL 2.

So, if you're looking for license consistency and clarity, RHX is not the best place to turn.

"The RHX material needs to be more clear about what part of this is open source and what part just works with open source," Tiemann said. "You don't want to shoot on sight, but you do want to put people on notice."

(Incidentally, the RHX staff appear to have removed the comment counter following our recent story. Transparency? We've heard of it.)

Red Hat bills itself as the open source software leader. As we see it, however, the company is struggling to be clear about these OSI licensing issues that the open source community considers critical. If Tiemann and others want to create a muscular division between the badgeware bastardizers and the open source faithful, we'll need to see a much more focused effort from the top.

Surely, RHX - the grand "open source" software collective - should stand as a model for the proper way to do business. Red Hat should take its position as a trend setter very seriously here, since so many of the open source fans we know consider this a do or die moment for holding on to the open source definition.®

Related stories

• Red Hat cancels one-click world domination effort (11 June 2008)

  https://www.theregister.com/2008/06/11/redhat_rhx_slowed/

• Perens: 'Badgeware' threat to open source's next decade (11 February 2008)

  https://www.theregister.com/2008/02/11/open_source_at_ten/

• Code morpher Transitive dives into Red Hat Exchange (13 December 2007)

  https://www.theregister.com/2007/12/13/transitive_rhx/

• Open source model impacts EnterpriseDB staff (4 December 2007)

  https://www.theregister.com/2007/12/04/enterprisedb_layoff/

• Open source CMS - promise without pitfall (11 October 2007)

  https://www.theregister.com/2007/10/11/open_source_cms/

• Meet Mark Radcliffe: The man who rules open source law (30 August 2007)

  https://www.theregister.com/2007/08/30/open_source_mark_radcliffe/

• Microsoft vs. Google – the open source shame (21 August 2007)

  https://www.theregister.com/2007/08/21/microsoft_google_osi/

• EnterpriseDB chases Oracle and MySQL on Web 2.0 (10 August 2007)

  https://www.theregister.com/2007/08/10/enteprisedb_web_developers_oracle/

• EnterpriseDB snags information strategist (31 July 2007)

  https://www.theregister.com/2007/07/31/enterprisedb_zurek_cto/

• OSI Prez confronts irate users over 'badgerware' license (30 July 2007)

  https://www.theregister.com/2007/07/30/osi_tiemann_responds/

• OSI evacuation begins over 'badgeware' license (27 July 2007)

  https://www.theregister.com/2007/07/27/osi_fury_badgerware/

• SugarCRM trades badgeware for GPL 3 (25 July 2007)

  https://www.theregister.com/2007/07/25/sugarcrm_gpl3/

• OSI approves 'badgeware' license (25 July 2007)

  https://www.theregister.com/2007/07/25/osi_socialtext_cpla/

• Red Hat flags OSI offenders on partner site (25 July 2007)

  https://www.theregister.com/2007/07/25/rhx_change_redhat/

• Red Hat's Exchange roars like a muted lamb (26 June 2007)

  https://www.theregister.com/2007/06/26/redhat_rhx_update/

• Torvalds slams Sun over Linux intentions (13 June 2007)

  https://www.theregister.com/2007/06/13/schwartz_v_torvalds/

• On Microsoft's feeble Fortune-based nastygram to Red Hat (14 May 2007)

  https://www.theregister.com/2007/05/14/microsoft_fortune_redhat/

• Red Hat RHXes out to open source partners (10 May 2007)

  https://www.theregister.com/2007/05/10/redhat_rhx/

• Open Source - it isn't just about being nice (17 November 2006)

  https://www.theregister.com/2006/11/17/open_source_tiemann/

• Linus: read-up on your GPL 3.0 (15 February 2006)

  https://www.theregister.com/2006/02/15/gpl_drm_license/