November 28th, 2006
Attribution may matter (in open source licensing), but making the Open Source Initiative whole matters first
Just before the Thanksgiving holiday here in the US, I wrote about how a handful of vendors including customer relationship management solution provider SugarCRM were distributing software under licenses that they claimed to be open source licenses, but that don't appear on the Open Source Initiative's (OSI) official list of approved open source licenses.
Since 1998 when the OSI was first formed, the technology industry has generally recognized it as the keeper of the definition of open source (known as the Open Source Definition or OSD) as well as the consortium that ratifies certain software licenses such as the GNU General Public License (GPL) and the Mozilla Public License (MPL) as open source licenses: ones that conform to the OSD. An increasing number of software products are being licensed under the heading of open source while the licenses assigned to them have yet to be blessed by the OSI. That recognition however, is an unofficial one. The OSI doesn't have a trademark on the term "open source" which means that it has no legal leverage over when, how, or in what context the phrase gets used. But, even without that legal leverage, developers both small (eg: individuals) and large (ie: IBM and Sun) have respected the OSI's defacto role by either picking from the OSI's approved list of licenses when getting ready to open source some software or by seeking the OSI's seal of approval on a newly authored license before claiming that license to be an open source one, or releasing software under it.
The OSI has an official but easy process for seeking that seal of approval. Newly authored licenses need only be submitted to an OSI mailing list known as License Discuss. According to the OSI's web site:
OSI has also established a mailing list to review licenses submitted to license-approval at opensource.org. To subscribe, send mail to license-discuss-subscribe at opensource.org. Unsubscribes go to license-discuss-unsubscribe at opensource.org. The usual -request address works as well. This list is archived here.
Once a license has been submitted for approval, anyone with an opinion on the worthiness of the license is free to chime in with their thoughts and comments. Not only will the OSI's board members weigh in with their opinions, so too will other individuals such as Bruce Perens who have played a long term role in drafting and revising the OSI's Open Source Definition.
While the OSI has had its critics over the years (for everything from having too many licenses on its list to leadership issues to its idealogical differences with the Free Software Foundation), the OSI process has never really been openly challenged. That is, no one has authored a license, declared it to be open source, and released software under that license without at some point, submitting that license for review to the License Discuss mailing list. To do so was considered sacreligious by the open source community.
Then came SugarCRM. SugarCRM isn't unlike other commercial ventures (eg: Red Hat) looking to capitalize on the popularity of open source. The idea is pretty simple:
