ZDNet article - why attribution matters

View: New views

20 Messages — Rating Filter: Alert me

< Prev | 1 - 2 | Next >

	ZDNet article - why attribution matters by John-Sugar :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message OSI, I took a couple of days off from email last week so I’m just now providing our perspective in the talkback forum. I thought David’s recent ZDNet article gave fair coverage to this important issue. For the record though, there are far more projects adopting attribution clauses then the select few David calls out. I hope my response below will shed one more view point on why attribution benefits vs. hurts great open source projects. John Roberts News Discussion: Are SugarCRM, Socialtext, Zimbra, Scalix and others abusing the term "open source?" TalkBack 24 of 24: Previous message Attribution, why it matters David, I thought your article was very good based on the complexity of this issue. Below is my perspective as someone who felt compelled to add an attribution clause to our license in late 2004. I think we were the first to add this clause to the MPL. It appears now that almost every open source project with significant engineering salaries are also seeing attribution as a small request in return for writing and open source licensing their code – all of which is hard work. In fact almost every new open source project feels compelled to protect their identity in some way, not necessarily for monetary reasons though. I do find it very interesting that most folks who seem to take issue with this attribution provisions are ‘individuals’ who do not write any code themselves (but yet who seem to love the creative commons attribution license). Backgrounder, I did not initially want to add the attribution clause at all. Fact is you can only work for free for so many months, and I and my two co-founders, Clint and Jacob all had pregnant wives at the time when we first decided to resign from our jobs at E.piphnay and founded the SugarCRM project and initially worked for free. We have been very upfront, I think, in calling ourselves ‘commercial open source’ – it’s even a part of our logo. Why? Because we do not want to try and fool anyone that writing software full time is free. The fact is there is a very ugly side to open source redistribution. There are plenty of hosting providers, SI’s, etc… that look at open source licensed software as ‘free’ software for them to go and ‘sell’. They take no issue with removing all identifying marks off the software and will even go so far as to violate the open source licenses and remove copyright statements. We were finding ourselves in this position in late 2004 after putting in another intense effort to ship a new release of Sugar. These folks were simply lifting our identifying marks and ‘pretending to the world’ that they wrote software that they indeed had not. They also had no intention at all of adding to the SugarCRM project since that showed they weren’t the original authors of the software. What is interesting is that these folks all use the argument that ‘they are pure open source coders’ – which is only the case for maybe 2% to 3% of them. For those folks who are actually writing code that takes the project forward, I do agree that we would all be better off without the attribution clause. But…for the 98% of folks that are just looking for more free software to sell or host – yes, the attribution clause does piss them off. Because the last thing they want is for the end user to think that they did not write the code themselves. I’ve been amazed how such a small clause could become such an effective deterrent. As an example, you write a book (software) and open source license it. You allow folks to rename the title and author on the cover. And that’s all they change. This is an every day reality, and it’s not fair. But authors can use the creative commons attribution license, one of the most widely utilized licenses on the planet but OSI does not have a similar provision. http://creativecommons.org/licenses/by/2.5/ Our implementation, specifically the sugar attribution clause, only points to www.sugarforge.org. You can not buy anything on this site, so it is in no way advertising. If you want more free open source extensions or to start participating yourself, click the link. Ultimately this is not an issue for a self appointed group to decide for the rest of us. Open source code is a voluntary movement, if folks do not like the clause, they don’t have to use the software. I do think it is important that end users do understand the revenue stream (funding) of the code base. I’ve found our most hardened Sugar Open Source users are our most vocal Sugar Professional advocates. Why? Because the more successful SugarCRM is, the more open source code we will write and the more resources we can invest in our open source sites. Lastly, I do think though, taking a bunch of other folk’s code, say >50% at a minimum and adding an attribution clause is not a good use of the clause. The only reason we felt it was ok to add it was because we wrote the Sugar Open Source code base from scratch. Any additional libraries we may use are fully attributed in the about box of the software. Attribution goes both ways. John Roberts Posted by: john-sugar Posted on: 11/27/06 -------------------------------------------------------------------------------- From: Google Alerts [mailto:googlealerts-noreply@google.com] Sent: Tuesday, November 21, 2006 1:14 PM To: john@sugarcrm.com Subject: Google Alert - sugarcrm Google News Alert for: sugarcrm Are SugarCRM, Socialtext, Zimbra, Scalix and other abusing the ... ZDNet - USA ... A growing number of software providers including SugarCRM, Socialtext, Scalix, and Zimbra have taken it upon themselves create their own derivatives of the ... -------------------------------------------------------------------------------- This once a day Google Alert is brought to you by Google. Remove this alert. Create another alert. Manage your alerts.
	Re: ZDNet article - why attribution matters by Sanjiva Weerawarana :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Mon, 2006-11-27 at 15:28 -0800, John-Sugar wrote: > Attribution, why it matters > David, > I thought your article was very good based on the complexity of this issue. > Below is my perspective as someone who felt compelled to add an attribution > clause to our license in late 2004. I think we were the first to add this > clause to the MPL. It appears now that almost every open source project with > significant engineering salaries are also seeing attribution as a small > request in return for writing and open source licensing their code – all of > which is hard work. In fact almost every new open source project feels > compelled to protect their identity in some way, not necessarily for > monetary reasons though. I do find it very interesting that most folks who > seem to take issue with this attribution provisions are ‘individuals’ who do > not write any code themselves (but yet who seem to love the creative commons > attribution license). With all due respect, I disagree. I live primarily in Apache Software Foundation land where there are hundreds of projects without any attribution. Furthermore there are tens of projects which have companies footing engineering salaries and none of them are asking for attribution. To me the value is wide and open adoption, unconstrained by having to attribute the original developers. > Lastly, I do think though, taking a bunch of other folk’s code, say >50% at > a minimum and adding an attribution clause is not a good use of the clause. +1. FWIW if a project is indeed openly developed and is a true community effort, any kind of attribution is automatically out. In other words, attribution only makes sense when a project is basically a closed source developed but released under an open source license. Maybe the right thing is to have a different license which catches that category of project. Sanjiva. -- Sanjiva Weerawarana, Ph.D. Founder & Director; Lanka Software Foundation; http://www.opensource.lk/ Founder, Chairman & CEO; WSO2, Inc.; http://www.wso2.com/ Director; Open Source Initiative; http://www.opensource.org/ Member; Apache Software Foundation; http://www.apache.org/ Visiting Lecturer; University of Moratuwa; http://www.cse.mrt.ac.lk/
	RE: ZDNet article - why attribution matters by Lawrence Rosen :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi John, The issue isn't just "Why attribution matters," because it obviously does. Attribution is already mentioned in lots of FOSS licenses. Attribution is important to every author, not just commercial ones who work for a living (although most do!). Notice of authorship is so important that the US Copyright Act even makes the fraudulent removal of a copyright notice a criminal offense. 17 USC 506(d). We should instead be asking: How much attribution is enough? How much attribution can be demanded in an open source license? I don't believe anyone has argued yet that Sugar's license crosses the line. Most of us simply aren't sure where the line should be drawn. You can legally require in a software license that licensees put neon signs on the highway to announce your copyrighted work, but is that open source? /Larry Rosen > -----Original Message----- > From: John-Sugar [mailto:john@...] > Sent: Monday, November 27, 2006 3:29 PM > To: license-discuss@... > Subject: ZDNet article - why attribution matters > > > OSI, > > I took a couple of days off from email last week so I'm just now providing > our perspective in the talkback forum. I thought David's recent ZDNet > article gave fair coverage to this important issue. For the record though, > there are far more projects adopting attribution clauses then the select > few > David calls out. I hope my response below will shed one more view point on > why attribution benefits vs. hurts great open source projects. > > John Roberts > > > > > News Discussion: Are SugarCRM, Socialtext, Zimbra, Scalix and others > abusing > the term "open source?" > > TalkBack 24 of 24: > > Previous message > > > > > > > Attribution, why it matters > David, > I thought your article was very good based on the complexity of this > issue. > Below is my perspective as someone who felt compelled to add an > attribution > clause to our license in late 2004. I think we were the first to add this > clause to the MPL. It appears now that almost every open source project > with > significant engineering salaries are also seeing attribution as a small > request in return for writing and open source licensing their code - all > of > which is hard work. In fact almost every new open source project feels > compelled to protect their identity in some way, not necessarily for > monetary reasons though. I do find it very interesting that most folks who > seem to take issue with this attribution provisions are 'individuals' who > do > not write any code themselves (but yet who seem to love the creative > commons > attribution license). > > Backgrounder, I did not initially want to add the attribution clause at > all.. > Fact is you can only work for free for so many months, and I and my two > co-founders, Clint and Jacob all had pregnant wives at the time when we > first decided to resign from our jobs at E.piphnay and founded the > SugarCRM > project and initially worked for free. We have been very upfront, I think, > in calling ourselves 'commercial open source' - it's even a part of our > logo. Why? Because we do not want to try and fool anyone that writing > software full time is free. > > The fact is there is a very ugly side to open source redistribution. There > are plenty of hosting providers, SI's, etc. that look at open source > licensed software as 'free' software for them to go and 'sell'. They take > no > issue with removing all identifying marks off the software and will even > go > so far as to violate the open source licenses and remove copyright > statements. We were finding ourselves in this position in late 2004 after > putting in another intense effort to ship a new release of Sugar. These > folks were simply lifting our identifying marks and 'pretending to the > world' that they wrote software that they indeed had not. They also had no > intention at all of adding to the SugarCRM project since that showed they > weren't the original authors of the software. > > What is interesting is that these folks all use the argument that 'they > are > pure open source coders' - which is only the case for maybe 2% to 3% of > them. For those folks who are actually writing code that takes the project > forward, I do agree that we would all be better off without the > attribution > clause. But.for the 98% of folks that are just looking for more free > software to sell or host - yes, the attribution clause does piss them off. > Because the last thing they want is for the end user to think that they > did > not write the code themselves. I've been amazed how such a small clause > could become such an effective deterrent. As an example, you write a book > (software) and open source license it. You allow folks to rename the title > and author on the cover. And that's all they change. This is an every day > reality, and it's not fair. But authors can use the creative commons > attribution license, one of the most widely utilized licenses on the > planet > but OSI does not have a similar provision. > http://creativecommons.org/licenses/by/2.5/ > > Our implementation, specifically the sugar attribution clause, only points > to www.sugarforge.org. You can not buy anything on this site, so it is in > no > way advertising. If you want more free open source extensions or to start > participating yourself, click the link. Ultimately this is not an issue > for > a self appointed group to decide for the rest of us. Open source code is a > voluntary movement, if folks do not like the clause, they don't have to > use > the software. I do think it is important that end users do understand the > revenue stream (funding) of the code base. I've found our most hardened > Sugar Open Source users are our most vocal Sugar Professional advocates. > Why? Because the more successful SugarCRM is, the more open source code we > will write and the more resources we can invest in our open source sites. > > Lastly, I do think though, taking a bunch of other folk's code, say >50% > at > a minimum and adding an attribution clause is not a good use of the > clause. > The only reason we felt it was ok to add it was because we wrote the Sugar > Open Source code base from scratch. Any additional libraries we may use > are > fully attributed in the about box of the software. Attribution goes both > ways. > > John Roberts > > Posted by: john-sugar Posted on: 11/27/06 > > > > > > > -------------------------------------------------------------------------- > ------ > > From: Google Alerts [mailto:googlealerts-noreply@...] > Sent: Tuesday, November 21, 2006 1:14 PM > To: john@... > Subject: Google Alert - sugarcrm > > > > Google News Alert for: sugarcrm > > Are SugarCRM, Socialtext, Zimbra, Scalix and other abusing the ... > ZDNet - USA > ... A growing number of software providers including SugarCRM, Socialtext, > Scalix, and Zimbra have taken it upon themselves create their own > derivatives of the ... > > > -------------------------------------------------------------------------- > ------ > > This once a day Google Alert is brought to you by Google. > > Remove this alert. > Create another alert. > Manage your alerts. > > > > -- > View this message in context: http://www.nabble.com/ZDNet-article---why- > attribution-matters-tf2715092.html#a7570290 > Sent from the OpenSource - License-Discuss mailing list archive at > Nabble.com.
	RE: ZDNet article - why attribution matters by Michael Tiemann :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Mon, 2006-11-27 at 18:50 -0800, Lawrence Rosen wrote: > Hi John, > > The issue isn't just "Why attribution matters," because it obviously does. > Attribution is already mentioned in lots of FOSS licenses. Attribution is > important to every author, not just commercial ones who work for a living > (although most do!). Notice of authorship is so important that the US > Copyright Act even makes the fraudulent removal of a copyright notice a > criminal offense. 17 USC 506(d). > > We should instead be asking: How much attribution is enough? How much > attribution can be demanded in an open source license? This conflates two very important questions. > I don't believe anyone has argued yet that Sugar's license crosses the line. > Most of us simply aren't sure where the line should be drawn. You can > legally require in a software license that licensees put neon signs on the > highway to announce your copyrighted work, but is that open source? First: is it attribution? The Creative Commons folks seem to agree that attribution "in the manner specified by the author" is not a blank check, and they say so in the code (but not the deed) of the license. A requirement for neon in attribution is not, strictly speaking, needed to satisfy the legal requirements of legal attribution. Second: is it open source? Just as a lawyer cannot say for sure what the law says until a judge renders a verdict (and even then a successor judge can render a different judgment), the only way to know for sure that something satisfies the Open Source Definition is to put the license before the OSI approval process and see if it is approved by the process. M
	RE: ZDNet article - why attribution matters by John-Sugar :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Michael, There are multiple ways of protecting attribution. We use a text based language PHP, that does not need to be compiled. If we did use a language that required a compiler it would be much, much easier for us to embed our attribution marks in, say a Linux distribution and make it virtually impossible for anyone to compile the source with the attribution marks removed. Just another example of a way to be technically OSI approved, but still protect your attribution marks. What happens if you remove all the redhat marks and compile the source? RHEL makes that super simple right? No compile issues? Any average developer should be able to do this right? Can you point me to an URL and instructions on how to do this? Another way is to add external service agreements that surround GPL code that place extended limitations on the use of GPL code within enterprises that buy commercial linux subscription contracts? If this is true, it doesn't seem very open source to me. Even though it's 'OSI approved'. OSI is an organization that I believe tries very hard to represent the interests of both developers and users. I really do not like the idea of a small group of folks (I'm curious to understand how board members are chosen, elected, etc.) trying to create laws for the rest of the world. Open Source to me is about freedom. It's about letting the collective wisdom of crowds choose the licenses as they, the users see fit. Let the best licenses win. I am not trying to stir things up too much here. I'm a huge believer in what we are all trying to accomplish collectively. I've purposely stayed away from this discussion because it felt more like punditry then action. And most importantly, the acknowledgement that open source is growing, but it is also changing. I hope OSI does not get stuck in the past or it could, and I think will be superseded by a new open source organization that more people both developers and users feel represent their real interests and values. Attribution is here to stay. If you refuse to acknowledge it, you are trying to stop change, which will be very hard to do I believe. John -----Original Message----- From: Michael Tiemann [mailto:tiemann@...] Sent: Monday, November 27, 2006 7:08 PM To: Lawrence E. Rosen Cc: 'John-Sugar'; license-discuss@...; 'David Berlind' Subject: RE: ZDNet article - why attribution matters On Mon, 2006-11-27 at 18:50 -0800, Lawrence Rosen wrote: > Hi John, > > The issue isn't just "Why attribution matters," because it obviously does. > Attribution is already mentioned in lots of FOSS licenses. Attribution is > important to every author, not just commercial ones who work for a living > (although most do!). Notice of authorship is so important that the US > Copyright Act even makes the fraudulent removal of a copyright notice a > criminal offense. 17 USC 506(d). > > We should instead be asking: How much attribution is enough? How much > attribution can be demanded in an open source license? This conflates two very important questions. > I don't believe anyone has argued yet that Sugar's license crosses the line. > Most of us simply aren't sure where the line should be drawn. You can > legally require in a software license that licensees put neon signs on the > highway to announce your copyrighted work, but is that open source? First: is it attribution? The Creative Commons folks seem to agree that attribution "in the manner specified by the author" is not a blank check, and they say so in the code (but not the deed) of the license. A requirement for neon in attribution is not, strictly speaking, needed to satisfy the legal requirements of legal attribution. Second: is it open source? Just as a lawyer cannot say for sure what the law says until a judge renders a verdict (and even then a successor judge can render a different judgment), the only way to know for sure that something satisfies the Open Source Definition is to put the license before the OSI approval process and see if it is approved by the process. M
	RE: ZDNet article - why attribution matters by John-Sugar :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Michael, There are multiple ways of protecting attribution. We use a text based language PHP, that does not need to be compiled. If we did use a language that required a compiler it would be much, much easier for us to embed our attribution marks in, say a Linux distribution and make it virtually impossible for anyone to compile the source with the attribution marks removed. Just another example of a way to be technically OSI approved, but still protect your attribution marks. What happens if you remove all the redhat marks and compile the source? RHEL makes that super simple right? No compile issues? Any average developer should be able to do this right? Can you point me to an URL and instructions on how to do this? Another way is to add external service agreements that surround GPL code that place extended limitations on the use of GPL code within enterprises that buy commercial linux subscription contracts? If this is true, it doesn't seem very open source to me. Even though it's 'OSI approved'. OSI is an organization that I believe tries very hard to represent the interests of both developers and users. I really do not like the idea of a small group of folks (I'm curious to understand how board members are chosen, elected, etc.) trying to create laws for the rest of the world. Open Source to me is about freedom. It's about letting the collective wisdom of crowds choose the licenses as they, the users see fit. Let the best licenses win. I am not trying to stir things up too much here. I'm a huge believer in what we are all trying to accomplish collectively. I've purposely stayed away from this discussion because it felt more like punditry then action. And most importantly, the acknowledgement that open source is growing, but it is also changing. I hope OSI does not get stuck in the past or it could, and I think will be superseded by a new open source organization that more people both developers and users feel represent their real interests and values. Attribution is here to stay. If you refuse to acknowledge it, you are trying to stop change, which will be very hard to do I believe. John Michael Tiemann wrote: On Mon, 2006-11-27 at 18:50 -0800, Lawrence Rosen wrote: > Hi John, > > The issue isn't just "Why attribution matters," because it obviously does. > Attribution is already mentioned in lots of FOSS licenses. Attribution is > important to every author, not just commercial ones who work for a living > (although most do!). Notice of authorship is so important that the US > Copyright Act even makes the fraudulent removal of a copyright notice a > criminal offense. 17 USC 506(d). > > We should instead be asking: How much attribution is enough? How much > attribution can be demanded in an open source license? This conflates two very important questions. > I don't believe anyone has argued yet that Sugar's license crosses the line. > Most of us simply aren't sure where the line should be drawn. You can > legally require in a software license that licensees put neon signs on the > highway to announce your copyrighted work, but is that open source? First: is it attribution? The Creative Commons folks seem to agree that attribution "in the manner specified by the author" is not a blank check, and they say so in the code (but not the deed) of the license. A requirement for neon in attribution is not, strictly speaking, needed to satisfy the legal requirements of legal attribution. Second: is it open source? Just as a lawyer cannot say for sure what the law says until a judge renders a verdict (and even then a successor judge can render a different judgment), the only way to know for sure that something satisfies the Open Source Definition is to put the license before the OSI approval process and see if it is approved by the process. M
	RE: ZDNet article - why attribution matters by Michael Bernstein-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Mon, 2006-11-27 at 20:37 -0800, John-Sugar wrote: > Just another example of a way to be technically OSI approved, but > still protect your attribution marks. What happens if you remove all > the redhat marks and compile the source? RHEL makes that super simple > right? No compile issues? Any average developer should be able to do > this right? Can you point me to an URL and instructions on how to do > this? Well, building an entire distribution is not exactly the same thing as compiling a package, but it so happens that this has already been done for you: http://www.centos.org/ Enjoy, - Michael R. Bernstein michaelbernstein.com
	Re: ZDNet article - why attribution matters by Rick Moen :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Quoting John-Sugar (john@...): > Just another example of a way to be technically OSI approved, but still > protect your attribution marks. What happens if you remove all the redhat > marks and compile the source? RHEL makes that super simple right? No compile > issues? Any average developer should be able to do this right? Can you point > me to an URL and instructions on how to do this? http://linuxmafia.com/faq/RedHat/rhel-rebuild.html > Another way is to add external service agreements that surround GPL > code that place extended limitations on the use of GPL code within > enterprises that buy commercial linux subscription contracts? If this > is true, it doesn't seem very open source to me. Even though it's 'OSI > approved'. That would very clearly _not_ be open source, per OSD items #1, 6, and 8. Strike one. > OSI is an organization that I believe tries very hard to represent the > interests of both developers and users. I really do not like the idea > of a small group of folks (I'm curious to understand how board members > are chosen, elected, etc.) trying to create laws for the rest of the > world. Trying to gratuitously change the subject to the personal merits of OSI Board members. Strike two. > Open Source to me is about freedom. It's about letting the collective > wisdom of crowds choose the licenses as they, the users see fit. Fallacy of argumentum ad populam. Strike three. > I am not trying to stir things up too much here. The noise will be ignored. Don't worry. > I've purposely stayed away from this discussion because it felt more > like punditry then action. And most importantly, the acknowledgement > that open source is growing, but it is also changing. I hope OSI does > not get stuck in the past or it could, and I think will be superseded > by a new open source organization that more people both developers and > users feel represent their real interests and values. Oh yeah. Threaten us with formation of yet another shareware collective. > Attribution is here to stay. Attribution per se is of course not an issue. Your remedial reading on that point should include the original BSD licence. And don't try to hustle the OSI, John. You'll just waste everyone's time and look silly in public. -- Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread. Hi!p I'm a .signature spread virus! Copy into your ~/.signature to help me Hilp I'm .sign turepread virus! into your ~/.signature! help me! Copy Help I'm traped in your ~/signature help me! -- Joe Slater
	RE: ZDNet article - why attribution matters by David Berlind :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message John: Thank you for cc:ing your response to license-discuss on ZDNet. In response to what I've so far seen from Michael, Larry, and you, I'd like to add my observations as an objective observer. First, I meant no disrespect to your values, wives, or families, all of whom require serious wage earning at some point. I have a wife and three children. I totally get it. I hope you understand that I am neutral to the issue of attribution and I'm glad that my post has provoked some discussion here. But I am not neutral to fine print issues that affect users of technology, particularly where the fine print is missing. I believe in my heart that a failure to disclose the fact that an open source license has so far not yet been approved as such by the defacto consortium to which the open source community currently looks for such approvals, qualifies as fine print that's missing. I prefer to stay out of the debate of whether attribution makes sense or not and if it does, how much is enough. There are people here that are far wiser than I who are obviously prepared to argue the merits of various approaches. So, from my point of view, the line crossed has nothing to do with your selected degree or method of attribution (eg: pointing back to SugarCRM where no advertising exists). The line crossed is the one where one company or organization decides it's OK to rewrite the rules of open source or, in the case of "commercial open source" to declare a new class of open source without seeking any consensus from the open source community itself. One could argue that no consensus is required before a new commercial license is written and that is of course true. However, there isn't a self-policing community of commercial license providers which has established to seek a standard baseline for what it means to be commercial the way there has been for open source. Perhaps a consensus, when and if one is achieved, will yield a result that's favorable to your position on the issue. But even you point out that now that you've done it (modified the MPL), others are doing the same. Clearly, there's no consensus on how the MPL should be modified, or, at the very least, all those who have followed in your footsteps would not have felt the need to write their own modifications to it. They would have picked yours. You're clearly testing the boundaries. That may have not been your intent. But to this independent observer, your choice (and the choices of others) to modify the MPL without following the community's accepted practice for making such changes, and to continue referring to your license as an open source license (commercial or otherwise) has tested the customs of the community. It tests the limits of the clause in the MPL that allows for changes. It tests the OSI's process. There's an old George Carlin bit where he talks about how, when he's driving on the road, everyone going slower than him is an idiot, and everyone going faster than him is a maniac. There are a lot of open source developers that don't have any mouths to feed but their own and are happy to operate within the norms of the community. And then, there will be people who, based on the precedent you've already set and are defending, will take it upon themselves to cross a line that even you wouldn't dare cross in modifying an existing open source license (while still referring to it as open source). You and others who have already taken matters into their own hands will of course have to remain silent. Pot, kettle, black. Think it won't happen? Trust me. There are people who didn't think what you've done could have happened. One day, "open source" will simply be meaningless or may even carry negative connotations (it's possible that "free software" could survive such a debacle, perhaps become stronger because of it). Why do I say any of this? Here's where I hope it becomes clear that none of what I just said is meant as a put down to you, Ross, Glenn, Scott or the others. The net result for SugarCRM and others who believe that associations with "open source" are positive associations for their brands will one day find that they are associated with something that means absolutely nothing. Or worse, something negative. You must ask yourselves if that's what you really want. db -----Original Message----- From: Michael Tiemann [mailto:tiemann@...] Sent: Monday, November 27, 2006 10:08 PM To: Lawrence E. Rosen Cc: 'John-Sugar'; license-discuss@...; David Berlind Subject: RE: ZDNet article - why attribution matters On Mon, 2006-11-27 at 18:50 -0800, Lawrence Rosen wrote: > Hi John, > > The issue isn't just "Why attribution matters," because it obviously does. > Attribution is already mentioned in lots of FOSS licenses. Attribution > is important to every author, not just commercial ones who work for a > living (although most do!). Notice of authorship is so important that > the US Copyright Act even makes the fraudulent removal of a copyright > notice a criminal offense. 17 USC 506(d). > > We should instead be asking: How much attribution is enough? How much > attribution can be demanded in an open source license? This conflates two very important questions. > I don't believe anyone has argued yet that Sugar's license crosses the line. > Most of us simply aren't sure where the line should be drawn. You can > legally require in a software license that licensees put neon signs on > the highway to announce your copyrighted work, but is that open source? First: is it attribution? The Creative Commons folks seem to agree that attribution "in the manner specified by the author" is not a blank check, and they say so in the code (but not the deed) of the license. A requirement for neon in attribution is not, strictly speaking, needed to satisfy the legal requirements of legal attribution. Second: is it open source? Just as a lawyer cannot say for sure what the law says until a judge renders a verdict (and even then a successor judge can render a different judgment), the only way to know for sure that something satisfies the Open Source Definition is to put the license before the OSI approval process and see if it is approved by the process. M
	RE: ZDNet article - why attribution matters by Michael Tiemann-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Mon, 2006-11-27 at 20:37 -0800, John-Sugar wrote: > Michael, > There are multiple ways of protecting attribution. We use a text based > language PHP, that does not need to be compiled. If we did use a language > that required a compiler it would be much, much easier for us to embed our > attribution marks in, say a Linux distribution and make it virtually > impossible for anyone to compile the source with the attribution marks > removed. I don't see how a compiler makes it easier, rather than harder, to protect proper attribution in code. In fact, when I was doing the G++ compiler for embedded systems, there was quite a conundrum about how to embed "Copyright (C) 1989 Free Software Foundation" into embedded object code for libg++ when every single byte of ROM is contended and every single byte of executable counted against our code size benchmark score. Placing attribution in a PHP script that can be examined by any human who wishes to read the code would have been a blessing to me. > Just another example of a way to be technically OSI approved, but still > protect your attribution marks. What happens if you remove all the redhat > marks and compile the source? RHEL makes that super simple right? No compile > issues? Any average developer should be able to do this right? Can you point > me to an URL and instructions on how to do this? IANAL, so this is not legal advice. However, I found this: http://www.raimokoski.com/lineox/rhel2lel.php . The CentOS folks take a different approach, which is to replace rather than to remove: http://rpm.pbone.net/index.php3/stat/4/idpl/3178870/com/redhat- logos-1.1.26-1.centos4.4.noarch.rpm.html . I am given to understand that Oracle's entry into the Linux distribution business was not, in fact, to clone Red Hat's Enterprise Linux, but to clone CentOS and charge infinitely more money than that free product. In any event, you can see from the above URLs that when Red Hat had a choice of whether to sprinkle its marks all over the place and make it a truly difficult exercise to exercise the GPL, Red Hat chose to make it as straightforward as possible to use the software and the freedoms it promised. > Another way is to add external service agreements that surround GPL code > that place extended limitations on the use of GPL code within enterprises > that buy commercial linux subscription contracts? If this is true, it > doesn't seem very open source to me. Even though it's 'OSI approved'. The limitations govern the service and support, not the source code itself. Commercial gain is not antithetical to free software. Open Source is not free software + commercial restrictions. What Red Hat has done is to keep its commercial terms completely separate from the source code, thereby protecting the promise of the GPL (and other OSI licenses). That Red Hat does have a successful commercial model does not itself violate the letter or the spirit of the GPL (or any other OSI-approved) license. > OSI is an organization that I believe tries very hard to represent the > interests of both developers and users. I really do not like the idea of a > small group of folks (I'm curious to understand how board members are > chosen, elected, etc.) trying to create laws for the rest of the world. Open > Source to me is about freedom. It's about letting the collective wisdom of > crowds choose the licenses as they, the users see fit. Let the best licenses > win. I'm all for letting the best licenses win...I believe that when the largest IT companies in the world all basically concede the superiority of the GPL (one way or another), we see that process in action. The OSI has taken a position to /not/ attack licenses, be they open source, free, or proprietary. However, what we have done is to try to uphold standards around what it means to be open source, and when people claim their licenses to be open source without OSI approval, we try to resolve the matter by either reviewing the license or by convincing the licensor that they would better serve their own commercial interests by making a more precise representation of their license. > I am not trying to stir things up too much here. I'm a huge believer in what > we are all trying to accomplish collectively. I've purposely stayed away > from this discussion because it felt more like punditry then action. And > most importantly, the acknowledgement that open source is growing, but it is > also changing. I hope OSI does not get stuck in the past or it could, and I > think will be superseded by a new open source organization that more people > both developers and users feel represent their real interests and values. We are eager for more participation as both Open Source and the OSI grow. I will note that despite much fanfare 5 years ago, another effort aimed at replacing open source with something more commercially friendly--it was called shared source--has gained little attention, precisely because it failed to deliver precisely what Open Source promises: the actual freedom to do something new. > Attribution is here to stay. If you refuse to acknowledge it, you are trying > to stop change, which will be very hard to do I believe. I agree that attribution, as a legal concept, has been here for a long time and will be around for a long time to come. I do not agree that arbitrary requirements labeled as attribution are proper, and I am interested in hashing out precisely what are the reasonable limits to what constitutes proper attribution and to what extent such proper attribution fits inside or outside the OSD. The answers I received from the Creative Commons licensing mailing list make me much more comfortable that narrowly defined forms of attribution are likely OSD compatible, but I also do not think they satisfy the expectations you may have for what is enough. Where we draw the attribution line is going to play a significant role in whether it fits within or lies outside the OSD circle. > John > > > > > > Michael Tiemann wrote: > > > > On Mon, 2006-11-27 at 18:50 -0800, Lawrence Rosen wrote: > >> Hi John, > >> > >> The issue isn't just "Why attribution matters," because it obviously > >> does. > >> Attribution is already mentioned in lots of FOSS licenses. Attribution is > >> important to every author, not just commercial ones who work for a living > >> (although most do!). Notice of authorship is so important that the US > >> Copyright Act even makes the fraudulent removal of a copyright notice a > >> criminal offense. 17 USC 506(d). > >> > >> We should instead be asking: How much attribution is enough? How much > >> attribution can be demanded in an open source license? > > > > This conflates two very important questions. > > > >> I don't believe anyone has argued yet that Sugar's license crosses the > >> line. > >> Most of us simply aren't sure where the line should be drawn. You can > >> legally require in a software license that licensees put neon signs on > >> the > >> highway to announce your copyrighted work, but is that open source? > > > > First: is it attribution? The Creative Commons folks seem to agree that > > attribution "in the manner specified by the author" is not a blank > > check, and they say so in the code (but not the deed) of the license. A > > requirement for neon in attribution is not, strictly speaking, needed to > > satisfy the legal requirements of legal attribution. > > > > Second: is it open source? Just as a lawyer cannot say for sure what > > the law says until a judge renders a verdict (and even then a successor > > judge can render a different judgment), the only way to know for sure > > that something satisfies the Open Source Definition is to put the > > license before the OSI approval process and see if it is approved by the > > process. > > > > M > > > > > > > > > > -- > View this message in context: http://www.nabble.com/ZDNet-article---why-attribution-matters-tf2715092.html#a7573276 > Sent from the OpenSource - License-Discuss mailing list archive at Nabble.com. >
	Re: ZDNet article - why attribution matters by Matt Asay :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message > From: Rick Moen <rick@...> > Date: Mon, 27 Nov 2006 21:04:54 -0800 > To: <license-discuss@...> > Subject: Re: ZDNet article - why attribution matters > > Quoting John-Sugar (john@...): > >> Just another example of a way to be technically OSI approved, but still >> protect your attribution marks. What happens if you remove all the redhat >> marks and compile the source? RHEL makes that super simple right? No compile >> issues? Any average developer should be able to do this right? Can you point >> me to an URL and instructions on how to do this? > > http://linuxmafia.com/faq/RedHat/rhel-rebuild.html Asay: The fact that you have to point to an outside source proves John's point. He's not trying to beat up on Red Hat, but rather show that some of our sacred cows (and trust me, I esteem Red Hat very highly) don't meet the bar this list seems to want to put on attribution. > >> Another way is to add external service agreements that surround GPL >> code that place extended limitations on the use of GPL code within >> enterprises that buy commercial linux subscription contracts? If this >> is true, it doesn't seem very open source to me. Even though it's 'OSI >> approved'. > > That would very clearly _not_ be open source, per OSD items #1, 6, and > 8. Strike one. ASAY: If that's the case, then I guess Red Hat isn't an open source company, because John is describing Red Hat's model. > >> OSI is an organization that I believe tries very hard to represent the >> interests of both developers and users. I really do not like the idea >> of a small group of folks (I'm curious to understand how board members >> are chosen, elected, etc.) trying to create laws for the rest of the >> world. > > Trying to gratuitously change the subject to the personal merits of OSI > Board members. Strike two. > >> Open Source to me is about freedom. It's about letting the collective >> wisdom of crowds choose the licenses as they, the users see fit. > > Fallacy of argumentum ad populam. Strike three. ASAY: Actually, the strike here is that in one breath John talks about a cabal (OSI), but doesn't recognize that if OSI is to be faulted on this issue, it's for following the (apparent) crowd. > >> I am not trying to stir things up too much here. > > The noise will be ignored. Don't worry. > >> I've purposely stayed away from this discussion because it felt more >> like punditry then action. And most importantly, the acknowledgement >> that open source is growing, but it is also changing. I hope OSI does >> not get stuck in the past or it could, and I think will be superseded >> by a new open source organization that more people both developers and >> users feel represent their real interests and values. > > Oh yeah. Threaten us with formation of yet another shareware collective. ASAY: Actually, I don't think John needs to threaten anything (nor do I think he was). The fact is, "open source" is not owned by OSI. Anyone can claim to be open source, and the only defense against such dilution is peer pressure, as it were. But if commercial development of open source becomes equal to or greater than community development of open source (frankly, we're already well past that point in terms of code that is commonly used), then maybe the concern is actually valid. Maybe an OSDL could spring up that would listen to commercial concerns as ardently as OSI listens to developers'.... > >> Attribution is here to stay. > > Attribution per se is of course not an issue. Your remedial reading on > that point should include the original BSD licence. > > And don't try to hustle the OSI, John. You'll just waste everyone's > time and look silly in public. ASAY: I think you're being unfair and rude, Rick. I don't think John's post warranted the tone of your response. > > -- > Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread. > Hi!p I'm a .signature spread virus! Copy into your ~/.signature to help me > Hilp I'm .sign turepread virus! into your ~/.signature! help me! Copy > Help I'm traped in your ~/signature help me! -- Joe Slater
	Re: ZDNet article - why attribution matters by Rick Moen :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Quoting Matt Asay (mjasay@...): > > http://linuxmafia.com/faq/RedHat/rhel-rebuild.html > > Asay: The fact that you have to point to an outside source proves > John's point. He's not trying to beat up on Red Hat, but rather show > that some of our sacred cows (and trust me, I esteem Red Hat very > highly) don't meet the bar this list seems to want to put on > attribution. I admire good examples of non-sequitur argumentation mightily, and so _do_ appreciate your contribution. > ASAY: If that's the case, then I guess Red Hat isn't an open source > company, because John is describing Red Hat's model. I'll immediately FedEx you a shiny nickel if you can cite to me _any_ software src.rpm package in the current RHEL4 release that is under any proprietary licence. (Please note that packages redhat-logos and anaconda-images are not software.) > > Fallacy of argumentum ad populam. Strike three. > > ASAY: Actually, the strike here is that in one breath John talks about a > cabal (OSI), but doesn't recognize that if OSI is to be faulted on this > issue, it's for following the (apparent) crowd. No, actually I meant by argumentum ad populam exactly what it means. > ASAY: Actually, I don't think John needs to threaten anything (nor do I > think he was). The fact is, "open source" is not owned by OSI. The fact is, "open source" in the software context was originated and is legimately defined by OSI. And they're the _nice_ people. You really don't want to piss off the rest of the open source world by making what amounts to a fraudulent and misleading claim to be open source, when you are not. The PR debacle will be serious and never-ending. > > And don't try to hustle the OSI, John. You'll just waste everyone's > > time and look silly in public. > > ASAY: I think you're being unfair and rude, Rick. (Gosh, that wouldn't have _anything_ to do with your being VP of Business Development for Alfresco, would it?) If my arguments lack merit, you need only disprove them. I can't help noticing that you're so far not bothering, but rather are floating yet more special pleadings and attacking the critic. And I was certainly being more polite to John than his insultingly feeble series of propaganda come-ons merited, which is more than I will generally be to people who think "open source" is legitimately anyone's to redefine at will. That would seem to include you and your employer, for example. -- Cheers, "In 1993, the World-Wide Web was an infosystem based on hypertext. Rick Moen In 1994, the World-Wide Web was an infosystem based on hype." rick@... -- Lars Aronsson
	RE: ZDNet article - why attribution matters by David RR Webber (XML) :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Dude's I'm coming a bit late to this discuss - as I suddenly noticed my mailbox full of this (in addition to spam!). Can we please get back on focus here and cut with the personal stuff. FWIW - I've always taken time to explain to people that - as with everything else in life there are flavours (or flavors even) - and therefore open source comes in several. The gold measure is clearly OSI - and publicly supported software projects - after that you go all the way thru to coal - which is where some company has a full commercial product and in some highly limited cases they will release "open source" - under strict legal agreements with selected people only. (I'm thinking here particularly of some of the companies producing voting systems in the later category - a particular angst of mine right now!). Therefore - I've taken to caveating the term open source with other qualifiers such as: open public (participation), open standard, open license, open source projects - this is the diamond measure - and diamonds are rare. Once people understand these questions - when an open source solution is mentioned - its pretty easy for them to qualify where it sits relative to the universe by asking these same questions - is it open license, open participation, open standard based, open public repository, open management and governance? Depending on the answers they can then match that to their own business requirements. Ultimately people integrating open source components into their solution architectures really want answers to the obvious business questions that any CFO is going to want. Who are these people, can we trust them, how much will this cost us, and how much control and influence do we have over our use of this? Maybe what you really need next is a simple ranking scoring system - points out of 10 in the 5 categories - so you can assign an OSI-scoring to an open source project - and people can quickly whip out their own scores - and folks like Gartner can latch onto this - and publish them too (and then award diamond thru coal badges?!). People love that stuff and OSI gets kudos and helps promote "better" open source whatever people generally agree that is by whatever measures. I don't think there is any secret sauce here - for me open source is all about good business decisions, common sense and ultimately better software and solutions - and the fact that computing today is built around open collaboration within your own community of practice and figuring out how we can all work together more efficiently and effectively. Been that way since humans started living together in caves and huts. DW "The way to be is to do" - Confucius (551-472 B.C.)
	RE: ZDNet article - why attribution matters by David RR Webber (XML) :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Larry, I think this cuts to the point of - what is the purpose of open source? The person publishing the source has very clear reasons why they are doing that and how they expect people to use that source. Other people then wish to retroactively bend that into something different - usually without the permission of the author, or perhaps as an unintended or unanticipated action beyond what the author original envisioned! This generates friction, or sometimes pleasant surprises - but not always! ; -) The job of OSI is to mitigate that and provide clear guidelines and boundaries for people to operate in so that they can anticipate and expect reliable and consistent results when they release their open source in a particular way. This ultimately fosters a healthy and thriving community of practice. DW "The way to be is to do" - Confucius (551-472 B.C.) -------- Original Message -------- Subject: RE: ZDNet article - why attribution matters From: "Lawrence Rosen" <lrosen@...> Date: Mon, November 27, 2006 9:50 pm To: "'John-Sugar'" <john@...>, <license-discuss@...> Cc: "'David Berlind'" <David.Berlind@...> Hi John, The issue isn't just "Why attribution matters," because it obviously does. Attribution is already mentioned in lots of FOSS licenses. Attribution is important to every author, not just commercial ones who work for a living (although most do!). Notice of authorship is so important that the US Copyright Act even makes the fraudulent removal of a copyright notice a criminal offense. 17 USC 506(d). We should instead be asking: How much attribution is enough? How much attribution can be demanded in an open source license? I don't believe anyone has argued yet that Sugar's license crosses the line. Most of us simply aren't sure where the line should be drawn. You can legally require in a software license that licensees put neon signs on the highway to announce your copyrighted work, but is that open source? /Larry Rosen > -----Original Message----- > From: John-Sugar [mailto:john@...] > Sent: Monday, November 27, 2006 3:29 PM > To: license-discuss@... > Subject: ZDNet article - why attribution matters > > > OSI, > > I took a couple of days off from email last week so I'm just now providing > our perspective in the talkback forum. I thought David's recent ZDNet > article gave fair coverage to this important issue. For the record though, > there are far more projects adopting attribution clauses then the select > few > David calls out. I hope my response below will shed one more view point on > why attribution benefits vs. hurts great open source projects. > > John Roberts > > > > > News Discussion: Are SugarCRM, Socialtext, Zimbra, Scalix and others > abusing > the term "open source?" > > TalkBack 24 of 24: > > Previous message > > > > > > > Attribution, why it matters > David, > I thought your article was very good based on the complexity of this > issue. > Below is my perspective as someone who felt compelled to add an > attribution > clause to our license in late 2004. I think we were the first to add this > clause to the MPL. It appears now that almost every open source project > with > significant engineering salaries are also seeing attribution as a small > request in return for writing and open source licensing their code - all > of > which is hard work. In fact almost every new open source project feels > compelled to protect their identity in some way, not necessarily for > monetary reasons though. I do find it very interesting that most folks who > seem to take issue with this attribution provisions are 'individuals' who > do > not write any code themselves (but yet who seem to love the creative > commons > attribution license). > > Backgrounder, I did not initially want to add the attribution clause at > all.. > Fact is you can only work for free for so many months, and I and my two > co-founders, Clint and Jacob all had pregnant wives at the time when we > first decided to resign from our jobs at E.piphnay and founded the > SugarCRM > project and initially worked for free. We have been very upfront, I think, > in calling ourselves 'commercial open source' - it's even a part of our > logo. Why? Because we do not want to try and fool anyone that writing > software full time is free. > > The fact is there is a very ugly side to open source redistribution. There > are plenty of hosting providers, SI's, etc. that look at open source > licensed software as 'free' software for them to go and 'sell'. They take > no > issue with removing all identifying marks off the software and will even > go > so far as to violate the open source licenses and remove copyright > statements. We were finding ourselves in this position in late 2004 after > putting in another intense effort to ship a new release of Sugar. These > folks were simply lifting our identifying marks and 'pretending to the > world' that they wrote software that they indeed had not. They also had no > intention at all of adding to the SugarCRM project since that showed they > weren't the original authors of the software. > > What is interesting is that these folks all use the argument that 'they > are > pure open source coders' - which is only the case for maybe 2% to 3% of > them. For those folks who are actually writing code that takes the project > forward, I do agree that we would all be better off without the > attribution > clause. But.for the 98% of folks that are just looking for more free > software to sell or host - yes, the attribution clause does piss them off. > Because the last thing they want is for the end user to think that they > did > not write the code themselves. I've been amazed how such a small clause > could become such an effective deterrent. As an example, you write a book > (software) and open source license it. You allow folks to rename the title > and author on the cover. And that's all they change. This is an every day > reality, and it's not fair. But authors can use the creative commons > attribution license, one of the most widely utilized licenses on the > planet > but OSI does not have a similar provision. > http://creativecommons.org/licenses/by/2.5/ > > Our implementation, specifically the sugar attribution clause, only points > to www.sugarforge.org. You can not buy anything on this site, so it is in > no > way advertising. If you want more free open source extensions or to start > participating yourself, click the link. Ultimately this is not an issue > for > a self appointed group to decide for the rest of us. Open source code is a > voluntary movement, if folks do not like the clause, they don't have to > use > the software. I do think it is important that end users do understand the > revenue stream (funding) of the code base. I've found our most hardened > Sugar Open Source users are our most vocal Sugar Professional advocates. > Why? Because the more successful SugarCRM is, the more open source code we > will write and the more resources we can invest in our open source sites. > > Lastly, I do think though, taking a bunch of other folk's code, say >50% > at > a minimum and adding an attribution clause is not a good use of the > clause. > The only reason we felt it was ok to add it was because we wrote the Sugar > Open Source code base from scratch. Any additional libraries we may use > are > fully attributed in the about box of the software. Attribution goes both > ways. > > John Roberts > > Posted by: john-sugar Posted on: 11/27/06 > > > > > > > -------------------------------------------------------------------------- > ------ > > From: Google Alerts [mailto:googlealerts-noreply@...] > Sent: Tuesday, November 21, 2006 1:14 PM > To: john@... > Subject: Google Alert - sugarcrm > > > > Google News Alert for: sugarcrm > > Are SugarCRM, Socialtext, Zimbra, Scalix and other abusing the ... > ZDNet - USA > ... A growing number of software providers including SugarCRM, Socialtext, > Scalix, and Zimbra have taken it upon themselves create their own > derivatives of the ... > > > -------------------------------------------------------------------------- > ------ > > This once a day Google Alert is brought to you by Google. > > Remove this alert. > Create another alert. > Manage your alerts. > > > > -- > View this message in context: http://www.nabble.com/ZDNet-article---why- > attribution-matters-tf2715092.html#a7570290 > Sent from the OpenSource - License-Discuss mailing list archive at > Nabble.com.
	RE: ZDNet article - why attribution matters by Lawrence Rosen :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. The job of OSI is to mitigate that and provide clear guidelines and boundaries for people to operate in so that they can anticipate and expect reliable and consistent results when they release their open source in a particular way. This ultimately fosters a healthy and thriving community of practice. Which is, I believe, the whole point. I'm looking forward to those clear guidelines and boundaries being set through this discussion and the resulting board decision. Like David Berlind, I can appreciate both sides to this. What's essential, though, is that this process works to a conclusion, not that we leave "open source" to the whims of license writers. /Larry From: David RR Webber (XML) [mailto:david@...] Sent: Tuesday, November 28, 2006 8:00 AM To: lrosen@... Cc: 'David Berlind'; 'John-Sugar'; license-discuss@... Subject: RE: ZDNet article - why attribution matters Larry, I think this cuts to the point of - what is the purpose of open source? The person publishing the source has very clear reasons why they are doing that and how they expect people to use that source. Other people then wish to retroactively bend that into something different - usually without the permission of the author, or perhaps as an unintended or unanticipated action beyond what the author original envisioned! This generates friction, or sometimes pleasant surprises - but not always! ; -) The job of OSI is to mitigate that and provide clear guidelines and boundaries for people to operate in so that they can anticipate and expect reliable and consistent results when they release their open source in a particular way. This ultimately fosters a healthy and thriving community of practice. DW "The way to be is to do" - Confucius (551-472 B.C.) -------- Original Message -------- Subject: RE: ZDNet article - why attribution matters From: "Lawrence Rosen" <lrosen@...> Date: Mon, November 27, 2006 9:50 pm To: "'John-Sugar'" <john@...>, <license-discuss@...> Cc: "'David Berlind'" <David.Berlind@...> Hi John, The issue isn't just "Why attribution matters," because it obviously does. Attribution is already mentioned in lots of FOSS licenses. Attribution is important to every author, not just commercial ones who work for a living (although most do!). Notice of authorship is so important that the US Copyright Act even makes the fraudulent removal of a copyright notice a criminal offense. 17 USC 506(d). We should instead be asking: How much attribution is enough? How much attribution can be demanded in an open source license? I don't believe anyone has argued yet that Sugar's license crosses the line. Most of us simply aren't sure where the line should be drawn. You can legally require in a software license that licensees put neon signs on the highway to announce your copyrighted work, but is that open source? /Larry Rosen > -----Original Message----- > From: John-Sugar [mailto:john@...] > Sent: Monday, November 27, 2006 3:29 PM > To: license-discuss@... > Subject: ZDNet article - why attribution matters > > > OSI, > > I took a couple of days off from email last week so I'm just now providing > our perspective in the talkback forum. I thought David's recent ZDNet > article gave fair coverage to this important issue. For the record though, > there are far more projects adopting attribution clauses then the select > few > David calls out. I hope my response below will shed one more view point on > why attribution benefits vs. hurts great open source projects. > > John Roberts > > > > > News Discussion: Are SugarCRM, Socialtext, Zimbra, Scalix and others > abusing > the term "open source?" > > TalkBack 24 of 24: > > Previous message > > > > > > > Attribution, why it matters > David, > I thought your article was very good based on the complexity of this > issue. > Below is my perspective as someone who felt compelled to add an > attribution > clause to our license in late 2004. I think we were the first to add this > clause to the MPL. It appears now that almost every open source project > with > significant engineering salaries are also seeing attribution as a small > request in return for writing and open source licensing their code - all > of > which is hard work. In fact almost every new open source project feels > compelled to protect their identity in some way, not necessarily for > monetary reasons though. I do find it very interesting that most folks who > seem to take issue with this attribution provisions are 'individuals' who > do > not write any code themselves (but yet who seem to love the creative > commons > attribution license). > > Backgrounder, I did not initially want to add the attribution clause at > all.. > Fact is you can only work for free for so many months, and I and my two > co-founders, Clint and Jacob all had pregnant wives at the time when we > first decided to resign from our jobs at E.piphnay and founded the > SugarCRM > project and initially worked for free. We have been very upfront, I think, > in calling ourselves 'commercial open source' - it's even a part of our > logo. Why? Because we do not want to try and fool anyone that writing > software full time is free. > > The fact is there is a very ugly side to open source redistribution. There > are plenty of hosting providers, SI's, etc. that look at open source > licensed software as 'free' software for them to go and 'sell'. They take > no > issue with removing all identifying marks off the software and will even > go > so far as to violate the open source licenses and remove copyright > statements. We were finding ourselves in this position in late 2004 after > putting in another intense effort to ship a new release of Sugar. These > folks were simply lifting our identifying marks and 'pretending to the > world' that they wrote software that they indeed had not. They also had no > intention at all of adding to the SugarCRM project since that showed they > weren't the original authors of the software. > > What is interesting is that these folks all use the argument that 'they > are > pure open source coders' - which is only the case for maybe 2% to 3% of > them. For those folks who are actually writing code that takes the project > forward, I do agree that we would all be better off without the > attribution > clause. But.for the 98% of folks that are just looking for more free > software to sell or host - yes, the attribution clause does piss them off. > Because the last thing they want is for the end user to think that they > did > not write the code themselves. I've been amazed how such a small clause > could become such an effective deterrent. As an example, you write a book > (software) and open source license it. You allow folks to rename the title > and author on the cover. And that's all they change. This is an every day > reality, and it's not fair. But authors can use the creative commons > attribution license, one of the most widely utilized licenses on the > planet > but OSI does not have a similar provision. > http://creativecommons.org/licenses/by/2.5/ > > Our implementation, specifically the sugar attribution clause, only points > to www.sugarforge.org. You can not buy anything on this site, so it is in > no > way advertising. If you want more free open source extensions or to start > participating yourself, click the link. Ultimately this is not an issue > for > a self appointed group to decide for the rest of us. Open source code is a > voluntary movement, if folks do not like the clause, they don't have to > use > the software. I do think it is important that end users do understand the > revenue stream (funding) of the code base. I've found our most hardened > Sugar Open Source users are our most vocal Sugar Professional advocates. > Why? Because the more successful SugarCRM is, the more open source code we > will write and the more resources we can invest in our open source sites. > > Lastly, I do think though, taking a bunch of other folk's code, say >50% > at > a minimum and adding an attribution clause is not a good use of the > clause. > The only reason we felt it was ok to add it was because we wrote the Sugar > Open Source code base from scratch. Any additional libraries we may use > are > fully attributed in the about box of the software. Attribution goes both > ways. > > John Roberts > > Posted by: john-sugar Posted on: 11/27/06 > > > > > > > -------------------------------------------------------------------------- > ------ > > From: Google Alerts [mailto:googlealerts-noreply@...] > Sent: Tuesday, November 21, 2006 1:14 PM > To: john@... > Subject: Google Alert - sugarcrm > > > > Google News Alert for: sugarcrm > > Are SugarCRM, Socialtext, Zimbra, Scalix and other abusing the ... > ZDNet - USA > ... A growing number of software providers including SugarCRM, Socialtext, > Scalix, and Zimbra have taken it upon themselves create their own > derivatives of the ... > > > -------------------------------------------------------------------------- > ------ > > This once a day Google Alert is brought to you by Google. > > Remove this alert. > Create another alert. > Manage your alerts. > > > > -- > View this message in context: http://www.nabble.com/ZDNet-article---why- > attribution-matters-tf2715092.html#a7570290 > Sent from the OpenSource - License-Discuss mailing list archive at > Nabble.com.
	RE: ZDNet article - why attribution matters by David RR Webber (XML) :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Larry, Looking forward to seeing those outcomes from the board. Also - most software writers don't want to be license writers - they much prefer to be able to take a sensible proven license template and quickly use it for their needs - and I sense that is the gap that needs to be addressed here. Thanks, DW "The way to be is to do" - Confucius (551-472 B.C.) -------- Original Message -------- Subject: RE: ZDNet article - why attribution matters From: "Lawrence Rosen" <lrosen@...> Date: Tue, November 28, 2006 11:11 am To: "'David RR Webber (XML)'" <david@...> Cc: "'David Berlind'" <David.Berlind@...>, "'John-Sugar'" <john@...>, <license-discuss@...> The job of OSI is to mitigate that and provide clear guidelines and boundaries for people to operate in so that they can anticipate and expect reliable and consistent results when they release their open source in a particular way. This ultimately fosters a healthy and thriving community of practice. Which is, I believe, the whole point. I'm looking forward to those clear guidelines and boundaries being set through this discussion and the resulting board decision. Like David Berlind, I can appreciate both sides to this. What's essential, though, is that this process works to a conclusion, not that we leave "open source" to the whims of license writers. /Larry From: David RR Webber (XML) [mailto:david@...] Sent: Tuesday, November 28, 2006 8:00 AM To: lrosen@... Cc: 'David Berlind'; 'John-Sugar'; license-discuss@... Subject: RE: ZDNet article - why attribution matters Larry, I think this cuts to the point of - what is the purpose of open source? The person publishing the source has very clear reasons why they are doing that and how they expect people to use that source. Other people then wish to retroactively bend that into something different - usually without the permission of the author, or perhaps as an unintended or unanticipated action beyond what the author original envisioned! This generates friction, or sometimes pleasant surprises - but not always! ; -) The job of OSI is to mitigate that and provide clear guidelines and boundaries for people to operate in so that they can anticipate and expect reliable and consistent results when they release their open source in a particular way. This ultimately fosters a healthy and thriving community of practice. DW "The way to be is to do" - Confucius (551-472 B.C.) -------- Original Message -------- Subject: RE: ZDNet article - why attribution matters From: "Lawrence Rosen" <lrosen@...> Date: Mon, November 27, 2006 9:50 pm To: "'John-Sugar'" <john@...>, <license-discuss@...> Cc: "'David Berlind'" <David.Berlind@...> Hi John, The issue isn't just "Why attribution matters," because it obviously does. Attribution is already mentioned in lots of FOSS licenses. Attribution is important to every author, not just commercial ones who work for a living (although most do!). Notice of authorship is so important that the US Copyright Act even makes the fraudulent removal of a copyright notice a criminal offense. 17 USC 506(d). We should instead be asking: How much attribution is enough? How much attribution can be demanded in an open source license? I don't believe anyone has argued yet that Sugar's license crosses the line. Most of us simply aren't sure where the line should be drawn. You can legally require in a software license that licensees put neon signs on the highway to announce your copyrighted work, but is that open source? /Larry Rosen > -----Original Message----- > From: John-Sugar [mailto:john@...] > Sent: Monday, November 27, 2006 3:29 PM > To: license-discuss@... > Subject: ZDNet article - why attribution matters > > > OSI, > > I took a couple of days off from email last week so I'm just now providing > our perspective in the talkback forum. I thought David's recent ZDNet > article gave fair coverage to this important issue. For the record though, > there are far more projects adopting attribution clauses then the select > few > David calls out. I hope my response below will shed one more view point on > why attribution benefits vs. hurts great open source projects. > > John Roberts > > > > > News Discussion: Are SugarCRM, Socialtext, Zimbra, Scalix and others > abusing > the term "open source?" > > TalkBack 24 of 24: > > Previous message > > > > > > > Attribution, why it matters > David, > I thought your article was very good based on the complexity of this > issue. > Below is my perspective as someone who felt compelled to add an > attribution > clause to our license in late 2004. I think we were the first to add this > clause to the MPL. It appears now that almost every open source project > with > significant engineering salaries are also seeing attribution as a small > request in return for writing and open source licensing their code - all > of > which is hard work. In fact almost every new open source project feels > compelled to protect their identity in some way, not necessarily for > monetary reasons though. I do find it very interesting that most folks who > seem to take issue with this attribution provisions are 'individuals' who > do > not write any code themselves (but yet who seem to love the creative > commons > attribution license). > > Backgrounder, I did not initially want to add the attribution clause at > all.. > Fact is you can only work for free for so many months, and I and my two > co-founders, Clint and Jacob all had pregnant wives at the time when we > first decided to resign from our jobs at E.piphnay and founded the > SugarCRM > project and initially worked for free. We have been very upfront, I think, > in calling ourselves 'commercial open source' - it's even a part of our > logo. Why? Because we do not want to try and fool anyone that writing > software full time is free. > > The fact is there is a very ugly side to open source redistribution. There > are plenty of hosting providers, SI's, etc. that look at open source > licensed software as 'free' software for them to go and 'sell'. They take > no > issue with removing all identifying marks off the software and will even > go > so far as to violate the open source licenses and remove copyright > statements. We were finding ourselves in this position in late 2004 after > putting in another intense effort to ship a new release of Sugar. These > folks were simply lifting our identifying marks and 'pretending to the > world' that they wrote software that they indeed had not. They also had no > intention at all of adding to the SugarCRM project since that showed they > weren't the original authors of the software. > > What is interesting is that these folks all use the argument that 'they > are > pure open source coders' - which is only the case for maybe 2% to 3% of > them. For those folks who are actually writing code that takes the project > forward, I do agree that we would all be better off without the > attribution > clause. But.for the 98% of folks that are just looking for more free > software to sell or host - yes, the attribution clause does piss them off. > Because the last thing they want is for the end user to think that they > did > not write the code themselves. I've been amazed how such a small clause > could become such an effective deterrent. As an example, you write a book > (software) and open source license it. You allow folks to rename the title > and author on the cover. And that's all they change. This is an every day > reality, and it's not fair. But authors can use the creative commons > attribution license, one of the most widely utilized licenses on the > planet > but OSI does not have a similar provision. > http://creativecommons.org/licenses/by/2.5/ > > Our implementation, specifically the sugar attribution clause, only points > to www.sugarforge.org. You can not buy anything on this site, so it is in > no > way advertising. If you want more free open source extensions or to start > participating yourself, click the link. Ultimately this is not an issue > for > a self appointed group to decide for the rest of us. Open source code is a > voluntary movement, if folks do not like the clause, they don't have to > use > the software. I do think it is important that end users do understand the > revenue stream (funding) of the code base. I've found our most hardened > Sugar Open Source users are our most vocal Sugar Professional advocates. > Why? Because the more successful SugarCRM is, the more open source code we > will write and the more resources we can invest in our open source sites. > > Lastly, I do think though, taking a bunch of other folk's code, say >50% > at > a minimum and adding an attribution clause is not a good use of the > clause. > The only reason we felt it was ok to add it was because we wrote the Sugar > Open Source code base from scratch. Any additional libraries we may use > are > fully attributed in the about box of the software. Attribution goes both > ways. > > John Roberts > > Posted by: john-sugar Posted on: 11/27/06 > > > > > > > -------------------------------------------------------------------------- > ------ > > From: Google Alerts [mailto:googlealerts-noreply@...] > Sent: Tuesday, November 21, 2006 1:14 PM > To: john@... > Subject: Google Alert - sugarcrm > > > > Google News Alert for: sugarcrm > > Are SugarCRM, Socialtext, Zimbra, Scalix and other abusing the ... > ZDNet - USA > ... A growing number of software providers including SugarCRM, Socialtext, > Scalix, and Zimbra have taken it upon themselves create their own > derivatives of the ... > > > -------------------------------------------------------------------------- > ------ > > This once a day Google Alert is brought to you by Google. > > Remove this alert. > Create another alert. > Manage your alerts. > > > > -- > View this message in context: http://www.nabble.com/ZDNet-article---why- > attribution-matters-tf2715092.html#a7570290 > Sent from the OpenSource - License-Discuss mailing list archive at > Nabble.com.
	Re: ZDNet article - why attribution matters by Chuck Swiger :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Nov 28, 2006, at 8:00 AM, David RR Webber ((XML)) wrote: > I think this cuts to the point of - what is the purpose of open > source? The purpose of OSI Open Source is to make better software available to everyone. While there are lots of ways of writing, publishing, and maintaining software, the experience of the BSD community back in the 1970's, and later that of the FSF & GNU project starting in the early 80's [1], is that by making the source code to software publicly available and permitting people to make their own changes to the code and to be able to share these changes with everyone else, results in better software. > The person publishing the source has very clear reasons why they > are doing that and how they expect people to use that source. I would agree that people who publish their source code usually have clear reasons for doing so; I would disagree that most people writing Open Source software place expectations as to how others should use the software. People who place restrictions into the software license on how the software may be used generally do not comply with the Open Source Definition, and such licenses typically are rejected by the OSI board. > Other people then wish to retroactively bend that into something > different - usually without the permission of the author, or > perhaps as an unintended or unanticipated action beyond what the > author original envisioned! This generates friction, or sometimes > pleasant surprises - but not always! ; -) > > The job of OSI is to mitigate that and provide clear guidelines and > boundaries for people to operate in so that they can anticipate and > expect reliable and consistent results when they release their open > source in a particular way. This ultimately fosters a healthy and > thriving community of practice. Do you not find that the Open Source Definition provides clear guidelines and boundaries? Is there some part of it which you find unclear? -- -Chuck
	RE: ZDNet article - why attribution matters by John-Sugar :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message David, Fair points. To my knowledge OSI does not own the trademark for the words ‘open source’, only the domain name. If your whole value proposition is that your software is open source, I agree it’s not going to get you very far. The software needs to stand on its own merits. Open source for us is a descriptor that says the source code is provided, is extensible, redistributable, no restrictions of use and is patent free, etc. I’ve not met many of the OSI board members. I do know they are all very smart, well respected group of individuals. I don’t know how they got their positions, and why they were the chosen ones to create laws for everyone else. The website states they have not even had a meeting in over a year - http://opensource.org/weblog/. I’m just trying to understand how this organization operates and who exactly are the ‘approvers’ specifically. Here is a link to our license: http://www.sugarcrm.com/crm/SPL It is a combination of two OSI approved licenses: http://www.opensource.org/licenses/mozilla1.1.php plus http://www.opensource.org/licenses/attribution.php For us though, I’m just voicing my opinion. Vilify me if you like, Sugar Open Source is and will always be an open source licensed code base. This will likely be my last post on this issue. John David Berlind wrote: John: Thank you for cc:ing your response to license-discuss on ZDNet. In response to what I've so far seen from Michael, Larry, and you, I'd like to add my observations as an objective observer. First, I meant no disrespect to your values, wives, or families, all of whom require serious wage earning at some point. I have a wife and three children. I totally get it. I hope you understand that I am neutral to the issue of attribution and I'm glad that my post has provoked some discussion here. But I am not neutral to fine print issues that affect users of technology, particularly where the fine print is missing. I believe in my heart that a failure to disclose the fact that an open source license has so far not yet been approved as such by the defacto consortium to which the open source community currently looks for such approvals, qualifies as fine print that's missing. I prefer to stay out of the debate of whether attribution makes sense or not and if it does, how much is enough. There are people here that are far wiser than I who are obviously prepared to argue the merits of various approaches. So, from my point of view, the line crossed has nothing to do with your selected degree or method of attribution (eg: pointing back to SugarCRM where no advertising exists). The line crossed is the one where one company or organization decides it's OK to rewrite the rules of open source or, in the case of "commercial open source" to declare a new class of open source without seeking any consensus from the open source community itself. One could argue that no consensus is required before a new commercial license is written and that is of course true. However, there isn't a self-policing community of commercial license providers which has established to seek a standard baseline for what it means to be commercial the way there has been for open source. Perhaps a consensus, when and if one is achieved, will yield a result that's favorable to your position on the issue. But even you point out that now that you've done it (modified the MPL), others are doing the same. Clearly, there's no consensus on how the MPL should be modified, or, at the very least, all those who have followed in your footsteps would not have felt the need to write their own modifications to it. They would have picked yours. You're clearly testing the boundaries. That may have not been your intent. But to this independent observer, your choice (and the choices of others) to modify the MPL without following the community's accepted practice for making such changes, and to continue referring to your license as an open source license (commercial or otherwise) has tested the customs of the community. It tests the limits of the clause in the MPL that allows for changes. It tests the OSI's process. There's an old George Carlin bit where he talks about how, when he's driving on the road, everyone going slower than him is an idiot, and everyone going faster than him is a maniac. There are a lot of open source developers that don't have any mouths to feed but their own and are happy to operate within the norms of the community. And then, there will be people who, based on the precedent you've already set and are defending, will take it upon themselves to cross a line that even you wouldn't dare cross in modifying an existing open source license (while still referring to it as open source). You and others who have already taken matters into their own hands will of course have to remain silent. Pot, kettle, black. Think it won't happen? Trust me. There are people who didn't think what you've done could have happened. One day, "open source" will simply be meaningless or may even carry negative connotations (it's possible that "free software" could survive such a debacle, perhaps become stronger because of it). Why do I say any of this? Here's where I hope it becomes clear that none of what I just said is meant as a put down to you, Ross, Glenn, Scott or the others. The net result for SugarCRM and others who believe that associations with "open source" are positive associations for their brands will one day find that they are associated with something that means absolutely nothing. Or worse, something negative. You must ask yourselves if that's what you really want. db -----Original Message----- From: Michael Tiemann [mailto:tiemann@redhat.com] Sent: Monday, November 27, 2006 10:08 PM To: Lawrence E. Rosen Cc: 'John-Sugar'; license-discuss@opensource.org; David Berlind Subject: RE: ZDNet article - why attribution matters On Mon, 2006-11-27 at 18:50 -0800, Lawrence Rosen wrote: > Hi John, > > The issue isn't just "Why attribution matters," because it obviously does. > Attribution is already mentioned in lots of FOSS licenses. Attribution > is important to every author, not just commercial ones who work for a > living (although most do!). Notice of authorship is so important that > the US Copyright Act even makes the fraudulent removal of a copyright > notice a criminal offense. 17 USC 506(d). > > We should instead be asking: How much attribution is enough? How much > attribution can be demanded in an open source license? This conflates two very important questions. > I don't believe anyone has argued yet that Sugar's license crosses the line. > Most of us simply aren't sure where the line should be drawn. You can > legally require in a software license that licensees put neon signs on > the highway to announce your copyrighted work, but is that open source? First: is it attribution? The Creative Commons folks seem to agree that attribution "in the manner specified by the author" is not a blank check, and they say so in the code (but not the deed) of the license. A requirement for neon in attribution is not, strictly speaking, needed to satisfy the legal requirements of legal attribution. Second: is it open source? Just as a lawyer cannot say for sure what the law says until a judge renders a verdict (and even then a successor judge can render a different judgment), the only way to know for sure that something satisfies the Open Source Definition is to put the license before the OSI approval process and see if it is approved by the process. M
	RE: ZDNet article - why attribution matters by David RR Webber (XML) :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message John, Pay no mind to the man behind the green curtain... ; -) One could ask - how do you get to be President of the United States too, eh?! The answer to the Q on the meetings is probably something around busy people meet when they need to; plus you can't get elected but you can get fired and you have to be stupid enough to volunteer in the first place... I'm just an interested by-stander here - but based on my observations this past year and change - I'm sure the stakeholders at OSI will be sorting this all out with reasonable expedience. Cheers, DW "The way to be is to do" - Confucius (551-472 B.C.) -------- Original Message -------- Subject: RE: ZDNet article - why attribution matters From: John-Sugar <john@...> Date: Tue, November 28, 2006 1:04 pm To: license-discuss@... David, Fair points. To my knowledge OSI does not own the trademark for the words â€˜open sourceâ€™, only the domain name. If your whole value proposition is that your software is open source, I agree itâ€™s not going to get you very far. The software needs to stand on its own merits. Open source for us is a descriptor that says the source code is provided, is extensible, redistributable, no restrictions of use and is patent free, etc. Iâ€™ve not met many of the OSI board members. I do know they are all very smart, well respected group of individuals. I donâ€™t know how they got their positions, and why they were the chosen ones to create laws for everyone else. The website states they have not even had a meeting in over a year - http://opensource.org/weblog/. Iâ€™m just trying to understand how this organization operates and who exactly are the â€˜approversâ€™ specifically. Here is a link to our license: http://www.sugarcrm.com/crm/SPL It is a combination of two OSI approved licenses: http://www.opensource.org/licenses/mozilla1.1.php plus http://www.opensource.org/licenses/attribution.php For us though, Iâ€™m just voicing my opinion. Vilify me if you like, Sugar Open Source is and will always be an open source licensed code base. This will likely be my last post on this issue. John David Berlind wrote: > > John: > > Thank you for cc:ing your response to license-discuss on ZDNet. In > response to what I've so far seen from Michael, Larry, and you, I'd like > to add my observations as an objective observer. First, I meant no > disrespect to your values, wives, or families, all of whom require > serious wage earning at some point. I have a wife and three children. I > totally get it. I hope you understand that I am neutral to the issue of > attribution and I'm glad that my post has provoked some discussion here. > But I am not neutral to fine print issues that affect users of > technology, particularly where the fine print is missing. I believe in > my heart that a failure to disclose the fact that an open source license > has so far not yet been approved as such by the defacto consortium to > which the open source community currently looks for such approvals, > qualifies as fine print that's missing. > > I prefer to stay out of the debate of whether attribution makes sense or > not and if it does, how much is enough. There are people here that are > far wiser than I who are obviously prepared to argue the merits of > various approaches. So, from my point of view, the line crossed has > nothing to do with your selected degree or method of attribution (eg: > pointing back to SugarCRM where no advertising exists). The line crossed > is the one where one company or organization decides it's OK to rewrite > the rules of open source or, in the case of "commercial open source" to > declare a new class of open source without seeking any consensus from > the open source community itself. One could argue that no consensus is > required before a new commercial license is written and that is of > course true. However, there isn't a self-policing community of > commercial license providers which has established to seek a standard > baseline for what it means to be commercial the way there has been for > open source. > > Perhaps a consensus, when and if one is achieved, will yield a result > that's favorable to your position on the issue. But even you point out > that now that you've done it (modified the MPL), others are doing the > same. Clearly, there's no consensus on how the MPL should be modified, > or, at the very least, all those who have followed in your footsteps > would not have felt the need to write their own modifications to it. > They would have picked yours. You're clearly testing the boundaries. > That may have not been your intent. But to this independent observer, > your choice (and the choices of others) to modify the MPL without > following the community's accepted practice for making such changes, and > to continue referring to your license as an open source license > (commercial or otherwise) has tested the customs of the community. It > tests the limits of the clause in the MPL that allows for changes. It > tests the OSI's process. > > There's an old George Carlin bit where he talks about how, when he's > driving on the road, everyone going slower than him is an idiot, and > everyone going faster than him is a maniac. > > There are a lot of open source developers that don't have any mouths to > feed but their own and are happy to operate within the norms of the > community. And then, there will be people who, based on the precedent > you've already set and are defending, will take it upon themselves to > cross a line that even you wouldn't dare cross in modifying an existing > open source license (while still referring to it as open source). You > and others who have already taken matters into their own hands will of > course have to remain silent. Pot, kettle, black. Think it won't happen? > Trust me. There are people who didn't think what you've done could have > happened. One day, "open source" will simply be meaningless or may even > carry negative connotations (it's possible that "free software" could > survive such a debacle, perhaps become stronger because of it). > > Why do I say any of this? Here's where I hope it becomes clear that none > of what I just said is meant as a put down to you, Ross, Glenn, Scott or > the others. The net result for SugarCRM and others who believe that > associations with "open source" are positive associations for their > brands will one day find that they are associated with something that > means absolutely nothing. Or worse, something negative. > > You must ask yourselves if that's what you really want. > > db > -----Original Message----- > From: Michael Tiemann [mailto:tiemann@...] > Sent: Monday, November 27, 2006 10:08 PM > To: Lawrence E. Rosen > Cc: 'John-Sugar'; license-discuss@...; David Berlind > Subject: RE: ZDNet article - why attribution matters > > On Mon, 2006-11-27 at 18:50 -0800, Lawrence Rosen wrote: >> Hi John, >> >> The issue isn't just "Why attribution matters," because it obviously > does. >> Attribution is already mentioned in lots of FOSS licenses. Attribution > >> is important to every author, not just commercial ones who work for a >> living (although most do!). Notice of authorship is so important that >> the US Copyright Act even makes the fraudulent removal of a copyright >> notice a criminal offense. 17 USC 506(d). >> >> We should instead be asking: How much attribution is enough? How much >> attribution can be demanded in an open source license? > > This conflates two very important questions. > >> I don't believe anyone has argued yet that Sugar's license crosses the > line. >> Most of us simply aren't sure where the line should be drawn. You can >> legally require in a software license that licensees put neon signs on > >> the highway to announce your copyrighted work, but is that open > source? > > First: is it attribution? The Creative Commons folks seem to agree that > attribution "in the manner specified by the author" is not a blank > check, and they say so in the code (but not the deed) of the license. A > requirement for neon in attribution is not, strictly speaking, needed to > satisfy the legal requirements of legal attribution. > > Second: is it open source? Just as a lawyer cannot say for sure what > the law says until a judge renders a verdict (and even then a successor > judge can render a different judgment), the only way to know for sure > that something satisfies the Open Source Definition is to put the > license before the OSI approval process and see if it is approved by the > process. > > M > > > -- View this message in context: http://www.nabble.com/ZDNet-article---why-attribution-matters-tf2715092.html#a7584294 Sent from the OpenSource - License-Discuss mailing list archive at Nabble.com.
	Re: ZDNet article - why attribution matters by Rick Moen :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Quoting David Berlind (David.Berlind@...): > I prefer to stay out of the debate of whether attribution makes sense > or not and if it does, how much is enough. It is irksome to see interested parties such as Matt Asay and John Roberts claim they seek merely to add software authors' attributions to open source, when _technology-neutral_ attribution mechanisms (ref: OSD#10) have been an integral part of open source since the very beginning -- as several posters have already stated. In (at least) Mr. Asay's case, his Alfresco "logo" clause has proven, upon discussion here, to be quite deliberately not technology-neutral. That is, I (ironically) tried to make the argument that the quoted, slightly vague clause couldn't possibly be _intended_ as requiring that all derivative works be graphical, as that's simply not reasonable for a licence aspiring to be open source -- and, incredibly, Asay quickly followed up by saying (paraphrased) "No, that's pretty much exactly what we mean to require." So, we have people trying to deliberately contravene -- among other things -- OSD#10 and then claim that their licences should be considered open source anyway because... oh, I dunno: Because they're nice people with families to feed, because Red Hat, Inc. doesn't itself publish a guide to recompiling RHEL without trademark encumbrances, because they hold careless and convenient misconceptions about "external service agreements that surround GPL code that place extended limitations on the use of GPL code within enterprises that buy commercial Linux subscription contracts", because if they aren't accomodated they'll invent an OSI-replacement consortium, or some damned thing like that. And we're supposed to take this seriously because... and here, my imagination fails. Because we're gullible? Because we're not very bright? I'm open to suggestions, in hopes of extending the narrative in some plausible direction. Or, in the alternative, we could do the totally unimaginative and return to examining submitted licences per the Open Source Definition, and cease wasting time plowing through rhetorical bullshit. -- Cheers, My grandparents went to a planet with no bilateral Rick Moen symmetry, and all I got was this lousy F-shirt. rick@...

< Prev | 1 - 2 | Next >

	ZDNet article - why attribution matters by John-Sugar :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message OSI, I took a couple of days off from email last week so I’m just now providing our perspective in the talkback forum. I thought David’s recent ZDNet article gave fair coverage to this important issue. For the record though, there are far more projects adopting attribution clauses then the select few David calls out. I hope my response below will shed one more view point on why attribution benefits vs. hurts great open source projects. John Roberts News Discussion: Are SugarCRM, Socialtext, Zimbra, Scalix and others abusing the term "open source?" TalkBack 24 of 24: Previous message Attribution, why it matters David, I thought your article was very good based on the complexity of this issue. Below is my perspective as someone who felt compelled to add an attribution clause to our license in late 2004. I think we were the first to add this clause to the MPL. It appears now that almost every open source project with significant engineering salaries are also seeing attribution as a small request in return for writing and open source licensing their code – all of which is hard work. In fact almost every new open source project feels compelled to protect their identity in some way, not necessarily for monetary reasons though. I do find it very interesting that most folks who seem to take issue with this attribution provisions are ‘individuals’ who do not write any code themselves (but yet who seem to love the creative commons attribution license). Backgrounder, I did not initially want to add the attribution clause at all. Fact is you can only work for free for so many months, and I and my two co-founders, Clint and Jacob all had pregnant wives at the time when we first decided to resign from our jobs at E.piphnay and founded the SugarCRM project and initially worked for free. We have been very upfront, I think, in calling ourselves ‘commercial open source’ – it’s even a part of our logo. Why? Because we do not want to try and fool anyone that writing software full time is free. The fact is there is a very ugly side to open source redistribution. There are plenty of hosting providers, SI’s, etc… that look at open source licensed software as ‘free’ software for them to go and ‘sell’. They take no issue with removing all identifying marks off the software and will even go so far as to violate the open source licenses and remove copyright statements. We were finding ourselves in this position in late 2004 after putting in another intense effort to ship a new release of Sugar. These folks were simply lifting our identifying marks and ‘pretending to the world’ that they wrote software that they indeed had not. They also had no intention at all of adding to the SugarCRM project since that showed they weren’t the original authors of the software. What is interesting is that these folks all use the argument that ‘they are pure open source coders’ – which is only the case for maybe 2% to 3% of them. For those folks who are actually writing code that takes the project forward, I do agree that we would all be better off without the attribution clause. But…for the 98% of folks that are just looking for more free software to sell or host – yes, the attribution clause does piss them off. Because the last thing they want is for the end user to think that they did not write the code themselves. I’ve been amazed how such a small clause could become such an effective deterrent. As an example, you write a book (software) and open source license it. You allow folks to rename the title and author on the cover. And that’s all they change. This is an every day reality, and it’s not fair. But authors can use the creative commons attribution license, one of the most widely utilized licenses on the planet but OSI does not have a similar provision. http://creativecommons.org/licenses/by/2.5/ Our implementation, specifically the sugar attribution clause, only points to www.sugarforge.org. You can not buy anything on this site, so it is in no way advertising. If you want more free open source extensions or to start participating yourself, click the link. Ultimately this is not an issue for a self appointed group to decide for the rest of us. Open source code is a voluntary movement, if folks do not like the clause, they don’t have to use the software. I do think it is important that end users do understand the revenue stream (funding) of the code base. I’ve found our most hardened Sugar Open Source users are our most vocal Sugar Professional advocates. Why? Because the more successful SugarCRM is, the more open source code we will write and the more resources we can invest in our open source sites. Lastly, I do think though, taking a bunch of other folk’s code, say >50% at a minimum and adding an attribution clause is not a good use of the clause. The only reason we felt it was ok to add it was because we wrote the Sugar Open Source code base from scratch. Any additional libraries we may use are fully attributed in the about box of the software. Attribution goes both ways. John Roberts Posted by: john-sugar Posted on: 11/27/06 -------------------------------------------------------------------------------- From: Google Alerts [mailto:googlealerts-noreply@google.com] Sent: Tuesday, November 21, 2006 1:14 PM To: john@sugarcrm.com Subject: Google Alert - sugarcrm Google News Alert for: sugarcrm Are SugarCRM, Socialtext, Zimbra, Scalix and other abusing the ... ZDNet - USA ... A growing number of software providers including SugarCRM, Socialtext, Scalix, and Zimbra have taken it upon themselves create their own derivatives of the ... -------------------------------------------------------------------------------- This once a day Google Alert is brought to you by Google. Remove this alert. Create another alert. Manage your alerts.
	Re: ZDNet article - why attribution matters by Sanjiva Weerawarana :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Mon, 2006-11-27 at 15:28 -0800, John-Sugar wrote: > Attribution, why it matters > David, > I thought your article was very good based on the complexity of this issue. > Below is my perspective as someone who felt compelled to add an attribution > clause to our license in late 2004. I think we were the first to add this > clause to the MPL. It appears now that almost every open source project with > significant engineering salaries are also seeing attribution as a small > request in return for writing and open source licensing their code – all of > which is hard work. In fact almost every new open source project feels > compelled to protect their identity in some way, not necessarily for > monetary reasons though. I do find it very interesting that most folks who > seem to take issue with this attribution provisions are ‘individuals’ who do > not write any code themselves (but yet who seem to love the creative commons > attribution license). With all due respect, I disagree. I live primarily in Apache Software Foundation land where there are hundreds of projects without any attribution. Furthermore there are tens of projects which have companies footing engineering salaries and none of them are asking for attribution. To me the value is wide and open adoption, unconstrained by having to attribute the original developers. > Lastly, I do think though, taking a bunch of other folk’s code, say >50% at > a minimum and adding an attribution clause is not a good use of the clause. +1. FWIW if a project is indeed openly developed and is a true community effort, any kind of attribution is automatically out. In other words, attribution only makes sense when a project is basically a closed source developed but released under an open source license. Maybe the right thing is to have a different license which catches that category of project. Sanjiva. -- Sanjiva Weerawarana, Ph.D. Founder & Director; Lanka Software Foundation; http://www.opensource.lk/ Founder, Chairman & CEO; WSO2, Inc.; http://www.wso2.com/ Director; Open Source Initiative; http://www.opensource.org/ Member; Apache Software Foundation; http://www.apache.org/ Visiting Lecturer; University of Moratuwa; http://www.cse.mrt.ac.lk/
	RE: ZDNet article - why attribution matters by Lawrence Rosen :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi John, The issue isn't just "Why attribution matters," because it obviously does. Attribution is already mentioned in lots of FOSS licenses. Attribution is important to every author, not just commercial ones who work for a living (although most do!). Notice of authorship is so important that the US Copyright Act even makes the fraudulent removal of a copyright notice a criminal offense. 17 USC 506(d). We should instead be asking: How much attribution is enough? How much attribution can be demanded in an open source license? I don't believe anyone has argued yet that Sugar's license crosses the line. Most of us simply aren't sure where the line should be drawn. You can legally require in a software license that licensees put neon signs on the highway to announce your copyrighted work, but is that open source? /Larry Rosen > -----Original Message----- > From: John-Sugar [mailto:john@...] > Sent: Monday, November 27, 2006 3:29 PM > To: license-discuss@... > Subject: ZDNet article - why attribution matters > > > OSI, > > I took a couple of days off from email last week so I'm just now providing > our perspective in the talkback forum. I thought David's recent ZDNet > article gave fair coverage to this important issue. For the record though, > there are far more projects adopting attribution clauses then the select > few > David calls out. I hope my response below will shed one more view point on > why attribution benefits vs. hurts great open source projects. > > John Roberts > > > > > News Discussion: Are SugarCRM, Socialtext, Zimbra, Scalix and others > abusing > the term "open source?" > > TalkBack 24 of 24: > > Previous message > > > > > > > Attribution, why it matters > David, > I thought your article was very good based on the complexity of this > issue. > Below is my perspective as someone who felt compelled to add an > attribution > clause to our license in late 2004. I think we were the first to add this > clause to the MPL. It appears now that almost every open source project > with > significant engineering salaries are also seeing attribution as a small > request in return for writing and open source licensing their code - all > of > which is hard work. In fact almost every new open source project feels > compelled to protect their identity in some way, not necessarily for > monetary reasons though. I do find it very interesting that most folks who > seem to take issue with this attribution provisions are 'individuals' who > do > not write any code themselves (but yet who seem to love the creative > commons > attribution license). > > Backgrounder, I did not initially want to add the attribution clause at > all.. > Fact is you can only work for free for so many months, and I and my two > co-founders, Clint and Jacob all had pregnant wives at the time when we > first decided to resign from our jobs at E.piphnay and founded the > SugarCRM > project and initially worked for free. We have been very upfront, I think, > in calling ourselves 'commercial open source' - it's even a part of our > logo. Why? Because we do not want to try and fool anyone that writing > software full time is free. > > The fact is there is a very ugly side to open source redistribution. There > are plenty of hosting providers, SI's, etc. that look at open source > licensed software as 'free' software for them to go and 'sell'. They take > no > issue with removing all identifying marks off the software and will even > go > so far as to violate the open source licenses and remove copyright > statements. We were finding ourselves in this position in late 2004 after > putting in another intense effort to ship a new release of Sugar. These > folks were simply lifting our identifying marks and 'pretending to the > world' that they wrote software that they indeed had not. They also had no > intention at all of adding to the SugarCRM project since that showed they > weren't the original authors of the software. > > What is interesting is that these folks all use the argument that 'they > are > pure open source coders' - which is only the case for maybe 2% to 3% of > them. For those folks who are actually writing code that takes the project > forward, I do agree that we would all be better off without the > attribution > clause. But.for the 98% of folks that are just looking for more free > software to sell or host - yes, the attribution clause does piss them off. > Because the last thing they want is for the end user to think that they > did > not write the code themselves. I've been amazed how such a small clause > could become such an effective deterrent. As an example, you write a book > (software) and open source license it. You allow folks to rename the title > and author on the cover. And that's all they change. This is an every day > reality, and it's not fair. But authors can use the creative commons > attribution license, one of the most widely utilized licenses on the > planet > but OSI does not have a similar provision. > http://creativecommons.org/licenses/by/2.5/ > > Our implementation, specifically the sugar attribution clause, only points > to www.sugarforge.org. You can not buy anything on this site, so it is in > no > way advertising. If you want more free open source extensions or to start > participating yourself, click the link. Ultimately this is not an issue > for > a self appointed group to decide for the rest of us. Open source code is a > voluntary movement, if folks do not like the clause, they don't have to > use > the software. I do think it is important that end users do understand the > revenue stream (funding) of the code base. I've found our most hardened > Sugar Open Source users are our most vocal Sugar Professional advocates. > Why? Because the more successful SugarCRM is, the more open source code we > will write and the more resources we can invest in our open source sites. > > Lastly, I do think though, taking a bunch of other folk's code, say >50% > at > a minimum and adding an attribution clause is not a good use of the > clause. > The only reason we felt it was ok to add it was because we wrote the Sugar > Open Source code base from scratch. Any additional libraries we may use > are > fully attributed in the about box of the software. Attribution goes both > ways. > > John Roberts > > Posted by: john-sugar Posted on: 11/27/06 > > > > > > > -------------------------------------------------------------------------- > ------ > > From: Google Alerts [mailto:googlealerts-noreply@...] > Sent: Tuesday, November 21, 2006 1:14 PM > To: john@... > Subject: Google Alert - sugarcrm > > > > Google News Alert for: sugarcrm > > Are SugarCRM, Socialtext, Zimbra, Scalix and other abusing the ... > ZDNet - USA > ... A growing number of software providers including SugarCRM, Socialtext, > Scalix, and Zimbra have taken it upon themselves create their own > derivatives of the ... > > > -------------------------------------------------------------------------- > ------ > > This once a day Google Alert is brought to you by Google. > > Remove this alert. > Create another alert. > Manage your alerts. > > > > -- > View this message in context: http://www.nabble.com/ZDNet-article---why- > attribution-matters-tf2715092.html#a7570290 > Sent from the OpenSource - License-Discuss mailing list archive at > Nabble.com.
	RE: ZDNet article - why attribution matters by Michael Tiemann :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Mon, 2006-11-27 at 18:50 -0800, Lawrence Rosen wrote: > Hi John, > > The issue isn't just "Why attribution matters," because it obviously does. > Attribution is already mentioned in lots of FOSS licenses. Attribution is > important to every author, not just commercial ones who work for a living > (although most do!). Notice of authorship is so important that the US > Copyright Act even makes the fraudulent removal of a copyright notice a > criminal offense. 17 USC 506(d). > > We should instead be asking: How much attribution is enough? How much > attribution can be demanded in an open source license? This conflates two very important questions. > I don't believe anyone has argued yet that Sugar's license crosses the line. > Most of us simply aren't sure where the line should be drawn. You can > legally require in a software license that licensees put neon signs on the > highway to announce your copyrighted work, but is that open source? First: is it attribution? The Creative Commons folks seem to agree that attribution "in the manner specified by the author" is not a blank check, and they say so in the code (but not the deed) of the license. A requirement for neon in attribution is not, strictly speaking, needed to satisfy the legal requirements of legal attribution. Second: is it open source? Just as a lawyer cannot say for sure what the law says until a judge renders a verdict (and even then a successor judge can render a different judgment), the only way to know for sure that something satisfies the Open Source Definition is to put the license before the OSI approval process and see if it is approved by the process. M
	RE: ZDNet article - why attribution matters by John-Sugar :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Michael, There are multiple ways of protecting attribution. We use a text based language PHP, that does not need to be compiled. If we did use a language that required a compiler it would be much, much easier for us to embed our attribution marks in, say a Linux distribution and make it virtually impossible for anyone to compile the source with the attribution marks removed. Just another example of a way to be technically OSI approved, but still protect your attribution marks. What happens if you remove all the redhat marks and compile the source? RHEL makes that super simple right? No compile issues? Any average developer should be able to do this right? Can you point me to an URL and instructions on how to do this? Another way is to add external service agreements that surround GPL code that place extended limitations on the use of GPL code within enterprises that buy commercial linux subscription contracts? If this is true, it doesn't seem very open source to me. Even though it's 'OSI approved'. OSI is an organization that I believe tries very hard to represent the interests of both developers and users. I really do not like the idea of a small group of folks (I'm curious to understand how board members are chosen, elected, etc.) trying to create laws for the rest of the world. Open Source to me is about freedom. It's about letting the collective wisdom of crowds choose the licenses as they, the users see fit. Let the best licenses win. I am not trying to stir things up too much here. I'm a huge believer in what we are all trying to accomplish collectively. I've purposely stayed away from this discussion because it felt more like punditry then action. And most importantly, the acknowledgement that open source is growing, but it is also changing. I hope OSI does not get stuck in the past or it could, and I think will be superseded by a new open source organization that more people both developers and users feel represent their real interests and values. Attribution is here to stay. If you refuse to acknowledge it, you are trying to stop change, which will be very hard to do I believe. John -----Original Message----- From: Michael Tiemann [mailto:tiemann@...] Sent: Monday, November 27, 2006 7:08 PM To: Lawrence E. Rosen Cc: 'John-Sugar'; license-discuss@...; 'David Berlind' Subject: RE: ZDNet article - why attribution matters On Mon, 2006-11-27 at 18:50 -0800, Lawrence Rosen wrote: > Hi John, > > The issue isn't just "Why attribution matters," because it obviously does. > Attribution is already mentioned in lots of FOSS licenses. Attribution is > important to every author, not just commercial ones who work for a living > (although most do!). Notice of authorship is so important that the US > Copyright Act even makes the fraudulent removal of a copyright notice a > criminal offense. 17 USC 506(d). > > We should instead be asking: How much attribution is enough? How much > attribution can be demanded in an open source license? This conflates two very important questions. > I don't believe anyone has argued yet that Sugar's license crosses the line. > Most of us simply aren't sure where the line should be drawn. You can > legally require in a software license that licensees put neon signs on the > highway to announce your copyrighted work, but is that open source? First: is it attribution? The Creative Commons folks seem to agree that attribution "in the manner specified by the author" is not a blank check, and they say so in the code (but not the deed) of the license. A requirement for neon in attribution is not, strictly speaking, needed to satisfy the legal requirements of legal attribution. Second: is it open source? Just as a lawyer cannot say for sure what the law says until a judge renders a verdict (and even then a successor judge can render a different judgment), the only way to know for sure that something satisfies the Open Source Definition is to put the license before the OSI approval process and see if it is approved by the process. M
	RE: ZDNet article - why attribution matters by John-Sugar :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Michael, There are multiple ways of protecting attribution. We use a text based language PHP, that does not need to be compiled. If we did use a language that required a compiler it would be much, much easier for us to embed our attribution marks in, say a Linux distribution and make it virtually impossible for anyone to compile the source with the attribution marks removed. Just another example of a way to be technically OSI approved, but still protect your attribution marks. What happens if you remove all the redhat marks and compile the source? RHEL makes that super simple right? No compile issues? Any average developer should be able to do this right? Can you point me to an URL and instructions on how to do this? Another way is to add external service agreements that surround GPL code that place extended limitations on the use of GPL code within enterprises that buy commercial linux subscription contracts? If this is true, it doesn't seem very open source to me. Even though it's 'OSI approved'. OSI is an organization that I believe tries very hard to represent the interests of both developers and users. I really do not like the idea of a small group of folks (I'm curious to understand how board members are chosen, elected, etc.) trying to create laws for the rest of the world. Open Source to me is about freedom. It's about letting the collective wisdom of crowds choose the licenses as they, the users see fit. Let the best licenses win. I am not trying to stir things up too much here. I'm a huge believer in what we are all trying to accomplish collectively. I've purposely stayed away from this discussion because it felt more like punditry then action. And most importantly, the acknowledgement that open source is growing, but it is also changing. I hope OSI does not get stuck in the past or it could, and I think will be superseded by a new open source organization that more people both developers and users feel represent their real interests and values. Attribution is here to stay. If you refuse to acknowledge it, you are trying to stop change, which will be very hard to do I believe. John Michael Tiemann wrote: On Mon, 2006-11-27 at 18:50 -0800, Lawrence Rosen wrote: > Hi John, > > The issue isn't just "Why attribution matters," because it obviously does. > Attribution is already mentioned in lots of FOSS licenses. Attribution is > important to every author, not just commercial ones who work for a living > (although most do!). Notice of authorship is so important that the US > Copyright Act even makes the fraudulent removal of a copyright notice a > criminal offense. 17 USC 506(d). > > We should instead be asking: How much attribution is enough? How much > attribution can be demanded in an open source license? This conflates two very important questions. > I don't believe anyone has argued yet that Sugar's license crosses the line. > Most of us simply aren't sure where the line should be drawn. You can > legally require in a software license that licensees put neon signs on the > highway to announce your copyrighted work, but is that open source? First: is it attribution? The Creative Commons folks seem to agree that attribution "in the manner specified by the author" is not a blank check, and they say so in the code (but not the deed) of the license. A requirement for neon in attribution is not, strictly speaking, needed to satisfy the legal requirements of legal attribution. Second: is it open source? Just as a lawyer cannot say for sure what the law says until a judge renders a verdict (and even then a successor judge can render a different judgment), the only way to know for sure that something satisfies the Open Source Definition is to put the license before the OSI approval process and see if it is approved by the process. M
	RE: ZDNet article - why attribution matters by Michael Bernstein-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Mon, 2006-11-27 at 20:37 -0800, John-Sugar wrote: > Just another example of a way to be technically OSI approved, but > still protect your attribution marks. What happens if you remove all > the redhat marks and compile the source? RHEL makes that super simple > right? No compile issues? Any average developer should be able to do > this right? Can you point me to an URL and instructions on how to do > this? Well, building an entire distribution is not exactly the same thing as compiling a package, but it so happens that this has already been done for you: http://www.centos.org/ Enjoy, - Michael R. Bernstein michaelbernstein.com
	Re: ZDNet article - why attribution matters by Rick Moen :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Quoting John-Sugar (john@...): > Just another example of a way to be technically OSI approved, but still > protect your attribution marks. What happens if you remove all the redhat > marks and compile the source? RHEL makes that super simple right? No compile > issues? Any average developer should be able to do this right? Can you point > me to an URL and instructions on how to do this? http://linuxmafia.com/faq/RedHat/rhel-rebuild.html > Another way is to add external service agreements that surround GPL > code that place extended limitations on the use of GPL code within > enterprises that buy commercial linux subscription contracts? If this > is true, it doesn't seem very open source to me. Even though it's 'OSI > approved'. That would very clearly _not_ be open source, per OSD items #1, 6, and 8. Strike one. > OSI is an organization that I believe tries very hard to represent the > interests of both developers and users. I really do not like the idea > of a small group of folks (I'm curious to understand how board members > are chosen, elected, etc.) trying to create laws for the rest of the > world. Trying to gratuitously change the subject to the personal merits of OSI Board members. Strike two. > Open Source to me is about freedom. It's about letting the collective > wisdom of crowds choose the licenses as they, the users see fit. Fallacy of argumentum ad populam. Strike three. > I am not trying to stir things up too much here. The noise will be ignored. Don't worry. > I've purposely stayed away from this discussion because it felt more > like punditry then action. And most importantly, the acknowledgement > that open source is growing, but it is also changing. I hope OSI does > not get stuck in the past or it could, and I think will be superseded > by a new open source organization that more people both developers and > users feel represent their real interests and values. Oh yeah. Threaten us with formation of yet another shareware collective. > Attribution is here to stay. Attribution per se is of course not an issue. Your remedial reading on that point should include the original BSD licence. And don't try to hustle the OSI, John. You'll just waste everyone's time and look silly in public. -- Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread. Hi!p I'm a .signature spread virus! Copy into your ~/.signature to help me Hilp I'm .sign turepread virus! into your ~/.signature! help me! Copy Help I'm traped in your ~/signature help me! -- Joe Slater
	RE: ZDNet article - why attribution matters by David Berlind :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message John: Thank you for cc:ing your response to license-discuss on ZDNet. In response to what I've so far seen from Michael, Larry, and you, I'd like to add my observations as an objective observer. First, I meant no disrespect to your values, wives, or families, all of whom require serious wage earning at some point. I have a wife and three children. I totally get it. I hope you understand that I am neutral to the issue of attribution and I'm glad that my post has provoked some discussion here. But I am not neutral to fine print issues that affect users of technology, particularly where the fine print is missing. I believe in my heart that a failure to disclose the fact that an open source license has so far not yet been approved as such by the defacto consortium to which the open source community currently looks for such approvals, qualifies as fine print that's missing. I prefer to stay out of the debate of whether attribution makes sense or not and if it does, how much is enough. There are people here that are far wiser than I who are obviously prepared to argue the merits of various approaches. So, from my point of view, the line crossed has nothing to do with your selected degree or method of attribution (eg: pointing back to SugarCRM where no advertising exists). The line crossed is the one where one company or organization decides it's OK to rewrite the rules of open source or, in the case of "commercial open source" to declare a new class of open source without seeking any consensus from the open source community itself. One could argue that no consensus is required before a new commercial license is written and that is of course true. However, there isn't a self-policing community of commercial license providers which has established to seek a standard baseline for what it means to be commercial the way there has been for open source. Perhaps a consensus, when and if one is achieved, will yield a result that's favorable to your position on the issue. But even you point out that now that you've done it (modified the MPL), others are doing the same. Clearly, there's no consensus on how the MPL should be modified, or, at the very least, all those who have followed in your footsteps would not have felt the need to write their own modifications to it. They would have picked yours. You're clearly testing the boundaries. That may have not been your intent. But to this independent observer, your choice (and the choices of others) to modify the MPL without following the community's accepted practice for making such changes, and to continue referring to your license as an open source license (commercial or otherwise) has tested the customs of the community. It tests the limits of the clause in the MPL that allows for changes. It tests the OSI's process. There's an old George Carlin bit where he talks about how, when he's driving on the road, everyone going slower than him is an idiot, and everyone going faster than him is a maniac. There are a lot of open source developers that don't have any mouths to feed but their own and are happy to operate within the norms of the community. And then, there will be people who, based on the precedent you've already set and are defending, will take it upon themselves to cross a line that even you wouldn't dare cross in modifying an existing open source license (while still referring to it as open source). You and others who have already taken matters into their own hands will of course have to remain silent. Pot, kettle, black. Think it won't happen? Trust me. There are people who didn't think what you've done could have happened. One day, "open source" will simply be meaningless or may even carry negative connotations (it's possible that "free software" could survive such a debacle, perhaps become stronger because of it). Why do I say any of this? Here's where I hope it becomes clear that none of what I just said is meant as a put down to you, Ross, Glenn, Scott or the others. The net result for SugarCRM and others who believe that associations with "open source" are positive associations for their brands will one day find that they are associated with something that means absolutely nothing. Or worse, something negative. You must ask yourselves if that's what you really want. db -----Original Message----- From: Michael Tiemann [mailto:tiemann@...] Sent: Monday, November 27, 2006 10:08 PM To: Lawrence E. Rosen Cc: 'John-Sugar'; license-discuss@...; David Berlind Subject: RE: ZDNet article - why attribution matters On Mon, 2006-11-27 at 18:50 -0800, Lawrence Rosen wrote: > Hi John, > > The issue isn't just "Why attribution matters," because it obviously does. > Attribution is already mentioned in lots of FOSS licenses. Attribution > is important to every author, not just commercial ones who work for a > living (although most do!). Notice of authorship is so important that > the US Copyright Act even makes the fraudulent removal of a copyright > notice a criminal offense. 17 USC 506(d). > > We should instead be asking: How much attribution is enough? How much > attribution can be demanded in an open source license? This conflates two very important questions. > I don't believe anyone has argued yet that Sugar's license crosses the line. > Most of us simply aren't sure where the line should be drawn. You can > legally require in a software license that licensees put neon signs on > the highway to announce your copyrighted work, but is that open source? First: is it attribution? The Creative Commons folks seem to agree that attribution "in the manner specified by the author" is not a blank check, and they say so in the code (but not the deed) of the license. A requirement for neon in attribution is not, strictly speaking, needed to satisfy the legal requirements of legal attribution. Second: is it open source? Just as a lawyer cannot say for sure what the law says until a judge renders a verdict (and even then a successor judge can render a different judgment), the only way to know for sure that something satisfies the Open Source Definition is to put the license before the OSI approval process and see if it is approved by the process. M
	RE: ZDNet article - why attribution matters by Michael Tiemann-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Mon, 2006-11-27 at 20:37 -0800, John-Sugar wrote: > Michael, > There are multiple ways of protecting attribution. We use a text based > language PHP, that does not need to be compiled. If we did use a language > that required a compiler it would be much, much easier for us to embed our > attribution marks in, say a Linux distribution and make it virtually > impossible for anyone to compile the source with the attribution marks > removed. I don't see how a compiler makes it easier, rather than harder, to protect proper attribution in code. In fact, when I was doing the G++ compiler for embedded systems, there was quite a conundrum about how to embed "Copyright (C) 1989 Free Software Foundation" into embedded object code for libg++ when every single byte of ROM is contended and every single byte of executable counted against our code size benchmark score. Placing attribution in a PHP script that can be examined by any human who wishes to read the code would have been a blessing to me. > Just another example of a way to be technically OSI approved, but still > protect your attribution marks. What happens if you remove all the redhat > marks and compile the source? RHEL makes that super simple right? No compile > issues? Any average developer should be able to do this right? Can you point > me to an URL and instructions on how to do this? IANAL, so this is not legal advice. However, I found this: http://www.raimokoski.com/lineox/rhel2lel.php . The CentOS folks take a different approach, which is to replace rather than to remove: http://rpm.pbone.net/index.php3/stat/4/idpl/3178870/com/redhat- logos-1.1.26-1.centos4.4.noarch.rpm.html . I am given to understand that Oracle's entry into the Linux distribution business was not, in fact, to clone Red Hat's Enterprise Linux, but to clone CentOS and charge infinitely more money than that free product. In any event, you can see from the above URLs that when Red Hat had a choice of whether to sprinkle its marks all over the place and make it a truly difficult exercise to exercise the GPL, Red Hat chose to make it as straightforward as possible to use the software and the freedoms it promised. > Another way is to add external service agreements that surround GPL code > that place extended limitations on the use of GPL code within enterprises > that buy commercial linux subscription contracts? If this is true, it > doesn't seem very open source to me. Even though it's 'OSI approved'. The limitations govern the service and support, not the source code itself. Commercial gain is not antithetical to free software. Open Source is not free software + commercial restrictions. What Red Hat has done is to keep its commercial terms completely separate from the source code, thereby protecting the promise of the GPL (and other OSI licenses). That Red Hat does have a successful commercial model does not itself violate the letter or the spirit of the GPL (or any other OSI-approved) license. > OSI is an organization that I believe tries very hard to represent the > interests of both developers and users. I really do not like the idea of a > small group of folks (I'm curious to understand how board members are > chosen, elected, etc.) trying to create laws for the rest of the world. Open > Source to me is about freedom. It's about letting the collective wisdom of > crowds choose the licenses as they, the users see fit. Let the best licenses > win. I'm all for letting the best licenses win...I believe that when the largest IT companies in the world all basically concede the superiority of the GPL (one way or another), we see that process in action. The OSI has taken a position to /not/ attack licenses, be they open source, free, or proprietary. However, what we have done is to try to uphold standards around what it means to be open source, and when people claim their licenses to be open source without OSI approval, we try to resolve the matter by either reviewing the license or by convincing the licensor that they would better serve their own commercial interests by making a more precise representation of their license. > I am not trying to stir things up too much here. I'm a huge believer in what > we are all trying to accomplish collectively. I've purposely stayed away > from this discussion because it felt more like punditry then action. And > most importantly, the acknowledgement that open source is growing, but it is > also changing. I hope OSI does not get stuck in the past or it could, and I > think will be superseded by a new open source organization that more people > both developers and users feel represent their real interests and values. We are eager for more participation as both Open Source and the OSI grow. I will note that despite much fanfare 5 years ago, another effort aimed at replacing open source with something more commercially friendly--it was called shared source--has gained little attention, precisely because it failed to deliver precisely what Open Source promises: the actual freedom to do something new. > Attribution is here to stay. If you refuse to acknowledge it, you are trying > to stop change, which will be very hard to do I believe. I agree that attribution, as a legal concept, has been here for a long time and will be around for a long time to come. I do not agree that arbitrary requirements labeled as attribution are proper, and I am interested in hashing out precisely what are the reasonable limits to what constitutes proper attribution and to what extent such proper attribution fits inside or outside the OSD. The answers I received from the Creative Commons licensing mailing list make me much more comfortable that narrowly defined forms of attribution are likely OSD compatible, but I also do not think they satisfy the expectations you may have for what is enough. Where we draw the attribution line is going to play a significant role in whether it fits within or lies outside the OSD circle. > John > > > > > > Michael Tiemann wrote: > > > > On Mon, 2006-11-27 at 18:50 -0800, Lawrence Rosen wrote: > >> Hi John, > >> > >> The issue isn't just "Why attribution matters," because it obviously > >> does. > >> Attribution is already mentioned in lots of FOSS licenses. Attribution is > >> important to every author, not just commercial ones who work for a living > >> (although most do!). Notice of authorship is so important that the US > >> Copyright Act even makes the fraudulent removal of a copyright notice a > >> criminal offense. 17 USC 506(d). > >> > >> We should instead be asking: How much attribution is enough? How much > >> attribution can be demanded in an open source license? > > > > This conflates two very important questions. > > > >> I don't believe anyone has argued yet that Sugar's license crosses the > >> line. > >> Most of us simply aren't sure where the line should be drawn. You can > >> legally require in a software license that licensees put neon signs on > >> the > >> highway to announce your copyrighted work, but is that open source? > > > > First: is it attribution? The Creative Commons folks seem to agree that > > attribution "in the manner specified by the author" is not a blank > > check, and they say so in the code (but not the deed) of the license. A > > requirement for neon in attribution is not, strictly speaking, needed to > > satisfy the legal requirements of legal attribution. > > > > Second: is it open source? Just as a lawyer cannot say for sure what > > the law says until a judge renders a verdict (and even then a successor > > judge can render a different judgment), the only way to know for sure > > that something satisfies the Open Source Definition is to put the > > license before the OSI approval process and see if it is approved by the > > process. > > > > M > > > > > > > > > > -- > View this message in context: http://www.nabble.com/ZDNet-article---why-attribution-matters-tf2715092.html#a7573276 > Sent from the OpenSource - License-Discuss mailing list archive at Nabble.com. >
	Re: ZDNet article - why attribution matters by Matt Asay :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message > From: Rick Moen <rick@...> > Date: Mon, 27 Nov 2006 21:04:54 -0800 > To: <license-discuss@...> > Subject: Re: ZDNet article - why attribution matters > > Quoting John-Sugar (john@...): > >> Just another example of a way to be technically OSI approved, but still >> protect your attribution marks. What happens if you remove all the redhat >> marks and compile the source? RHEL makes that super simple right? No compile >> issues? Any average developer should be able to do this right? Can you point >> me to an URL and instructions on how to do this? > > http://linuxmafia.com/faq/RedHat/rhel-rebuild.html Asay: The fact that you have to point to an outside source proves John's point. He's not trying to beat up on Red Hat, but rather show that some of our sacred cows (and trust me, I esteem Red Hat very highly) don't meet the bar this list seems to want to put on attribution. > >> Another way is to add external service agreements that surround GPL >> code that place extended limitations on the use of GPL code within >> enterprises that buy commercial linux subscription contracts? If this >> is true, it doesn't seem very open source to me. Even though it's 'OSI >> approved'. > > That would very clearly _not_ be open source, per OSD items #1, 6, and > 8. Strike one. ASAY: If that's the case, then I guess Red Hat isn't an open source company, because John is describing Red Hat's model. > >> OSI is an organization that I believe tries very hard to represent the >> interests of both developers and users. I really do not like the idea >> of a small group of folks (I'm curious to understand how board members >> are chosen, elected, etc.) trying to create laws for the rest of the >> world. > > Trying to gratuitously change the subject to the personal merits of OSI > Board members. Strike two. > >> Open Source to me is about freedom. It's about letting the collective >> wisdom of crowds choose the licenses as they, the users see fit. > > Fallacy of argumentum ad populam. Strike three. ASAY: Actually, the strike here is that in one breath John talks about a cabal (OSI), but doesn't recognize that if OSI is to be faulted on this issue, it's for following the (apparent) crowd. > >> I am not trying to stir things up too much here. > > The noise will be ignored. Don't worry. > >> I've purposely stayed away from this discussion because it felt more >> like punditry then action. And most importantly, the acknowledgement >> that open source is growing, but it is also changing. I hope OSI does >> not get stuck in the past or it could, and I think will be superseded >> by a new open source organization that more people both developers and >> users feel represent their real interests and values. > > Oh yeah. Threaten us with formation of yet another shareware collective. ASAY: Actually, I don't think John needs to threaten anything (nor do I think he was). The fact is, "open source" is not owned by OSI. Anyone can claim to be open source, and the only defense against such dilution is peer pressure, as it were. But if commercial development of open source becomes equal to or greater than community development of open source (frankly, we're already well past that point in terms of code that is commonly used), then maybe the concern is actually valid. Maybe an OSDL could spring up that would listen to commercial concerns as ardently as OSI listens to developers'.... > >> Attribution is here to stay. > > Attribution per se is of course not an issue. Your remedial reading on > that point should include the original BSD licence. > > And don't try to hustle the OSI, John. You'll just waste everyone's > time and look silly in public. ASAY: I think you're being unfair and rude, Rick. I don't think John's post warranted the tone of your response. > > -- > Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread. > Hi!p I'm a .signature spread virus! Copy into your ~/.signature to help me > Hilp I'm .sign turepread virus! into your ~/.signature! help me! Copy > Help I'm traped in your ~/signature help me! -- Joe Slater
	Re: ZDNet article - why attribution matters by Rick Moen :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Quoting Matt Asay (mjasay@...): > > http://linuxmafia.com/faq/RedHat/rhel-rebuild.html > > Asay: The fact that you have to point to an outside source proves > John's point. He's not trying to beat up on Red Hat, but rather show > that some of our sacred cows (and trust me, I esteem Red Hat very > highly) don't meet the bar this list seems to want to put on > attribution. I admire good examples of non-sequitur argumentation mightily, and so _do_ appreciate your contribution. > ASAY: If that's the case, then I guess Red Hat isn't an open source > company, because John is describing Red Hat's model. I'll immediately FedEx you a shiny nickel if you can cite to me _any_ software src.rpm package in the current RHEL4 release that is under any proprietary licence. (Please note that packages redhat-logos and anaconda-images are not software.) > > Fallacy of argumentum ad populam. Strike three. > > ASAY: Actually, the strike here is that in one breath John talks about a > cabal (OSI), but doesn't recognize that if OSI is to be faulted on this > issue, it's for following the (apparent) crowd. No, actually I meant by argumentum ad populam exactly what it means. > ASAY: Actually, I don't think John needs to threaten anything (nor do I > think he was). The fact is, "open source" is not owned by OSI. The fact is, "open source" in the software context was originated and is legimately defined by OSI. And they're the _nice_ people. You really don't want to piss off the rest of the open source world by making what amounts to a fraudulent and misleading claim to be open source, when you are not. The PR debacle will be serious and never-ending. > > And don't try to hustle the OSI, John. You'll just waste everyone's > > time and look silly in public. > > ASAY: I think you're being unfair and rude, Rick. (Gosh, that wouldn't have _anything_ to do with your being VP of Business Development for Alfresco, would it?) If my arguments lack merit, you need only disprove them. I can't help noticing that you're so far not bothering, but rather are floating yet more special pleadings and attacking the critic. And I was certainly being more polite to John than his insultingly feeble series of propaganda come-ons merited, which is more than I will generally be to people who think "open source" is legitimately anyone's to redefine at will. That would seem to include you and your employer, for example. -- Cheers, "In 1993, the World-Wide Web was an infosystem based on hypertext. Rick Moen In 1994, the World-Wide Web was an infosystem based on hype." rick@... -- Lars Aronsson
	RE: ZDNet article - why attribution matters by David RR Webber (XML) :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Dude's I'm coming a bit late to this discuss - as I suddenly noticed my mailbox full of this (in addition to spam!). Can we please get back on focus here and cut with the personal stuff. FWIW - I've always taken time to explain to people that - as with everything else in life there are flavours (or flavors even) - and therefore open source comes in several. The gold measure is clearly OSI - and publicly supported software projects - after that you go all the way thru to coal - which is where some company has a full commercial product and in some highly limited cases they will release "open source" - under strict legal agreements with selected people only. (I'm thinking here particularly of some of the companies producing voting systems in the later category - a particular angst of mine right now!). Therefore - I've taken to caveating the term open source with other qualifiers such as: open public (participation), open standard, open license, open source projects - this is the diamond measure - and diamonds are rare. Once people understand these questions - when an open source solution is mentioned - its pretty easy for them to qualify where it sits relative to the universe by asking these same questions - is it open license, open participation, open standard based, open public repository, open management and governance? Depending on the answers they can then match that to their own business requirements. Ultimately people integrating open source components into their solution architectures really want answers to the obvious business questions that any CFO is going to want. Who are these people, can we trust them, how much will this cost us, and how much control and influence do we have over our use of this? Maybe what you really need next is a simple ranking scoring system - points out of 10 in the 5 categories - so you can assign an OSI-scoring to an open source project - and people can quickly whip out their own scores - and folks like Gartner can latch onto this - and publish them too (and then award diamond thru coal badges?!). People love that stuff and OSI gets kudos and helps promote "better" open source whatever people generally agree that is by whatever measures. I don't think there is any secret sauce here - for me open source is all about good business decisions, common sense and ultimately better software and solutions - and the fact that computing today is built around open collaboration within your own community of practice and figuring out how we can all work together more efficiently and effectively. Been that way since humans started living together in caves and huts. DW "The way to be is to do" - Confucius (551-472 B.C.)
	RE: ZDNet article - why attribution matters by David RR Webber (XML) :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Larry, I think this cuts to the point of - what is the purpose of open source? The person publishing the source has very clear reasons why they are doing that and how they expect people to use that source. Other people then wish to retroactively bend that into something different - usually without the permission of the author, or perhaps as an unintended or unanticipated action beyond what the author original envisioned! This generates friction, or sometimes pleasant surprises - but not always! ; -) The job of OSI is to mitigate that and provide clear guidelines and boundaries for people to operate in so that they can anticipate and expect reliable and consistent results when they release their open source in a particular way. This ultimately fosters a healthy and thriving community of practice. DW "The way to be is to do" - Confucius (551-472 B.C.) -------- Original Message -------- Subject: RE: ZDNet article - why attribution matters From: "Lawrence Rosen" <lrosen@...> Date: Mon, November 27, 2006 9:50 pm To: "'John-Sugar'" <john@...>, <license-discuss@...> Cc: "'David Berlind'" <David.Berlind@...> Hi John, The issue isn't just "Why attribution matters," because it obviously does. Attribution is already mentioned in lots of FOSS licenses. Attribution is important to every author, not just commercial ones who work for a living (although most do!). Notice of authorship is so important that the US Copyright Act even makes the fraudulent removal of a copyright notice a criminal offense. 17 USC 506(d). We should instead be asking: How much attribution is enough? How much attribution can be demanded in an open source license? I don't believe anyone has argued yet that Sugar's license crosses the line. Most of us simply aren't sure where the line should be drawn. You can legally require in a software license that licensees put neon signs on the highway to announce your copyrighted work, but is that open source? /Larry Rosen > -----Original Message----- > From: John-Sugar [mailto:john@...] > Sent: Monday, November 27, 2006 3:29 PM > To: license-discuss@... > Subject: ZDNet article - why attribution matters > > > OSI, > > I took a couple of days off from email last week so I'm just now providing > our perspective in the talkback forum. I thought David's recent ZDNet > article gave fair coverage to this important issue. For the record though, > there are far more projects adopting attribution clauses then the select > few > David calls out. I hope my response below will shed one more view point on > why attribution benefits vs. hurts great open source projects. > > John Roberts > > > > > News Discussion: Are SugarCRM, Socialtext, Zimbra, Scalix and others > abusing > the term "open source?" > > TalkBack 24 of 24: > > Previous message > > > > > > > Attribution, why it matters > David, > I thought your article was very good based on the complexity of this > issue. > Below is my perspective as someone who felt compelled to add an > attribution > clause to our license in late 2004. I think we were the first to add this > clause to the MPL. It appears now that almost every open source project > with > significant engineering salaries are also seeing attribution as a small > request in return for writing and open source licensing their code - all > of > which is hard work. In fact almost every new open source project feels > compelled to protect their identity in some way, not necessarily for > monetary reasons though. I do find it very interesting that most folks who > seem to take issue with this attribution provisions are 'individuals' who > do > not write any code themselves (but yet who seem to love the creative > commons > attribution license). > > Backgrounder, I did not initially want to add the attribution clause at > all.. > Fact is you can only work for free for so many months, and I and my two > co-founders, Clint and Jacob all had pregnant wives at the time when we > first decided to resign from our jobs at E.piphnay and founded the > SugarCRM > project and initially worked for free. We have been very upfront, I think, > in calling ourselves 'commercial open source' - it's even a part of our > logo. Why? Because we do not want to try and fool anyone that writing > software full time is free. > > The fact is there is a very ugly side to open source redistribution. There > are plenty of hosting providers, SI's, etc. that look at open source > licensed software as 'free' software for them to go and 'sell'. They take > no > issue with removing all identifying marks off the software and will even > go > so far as to violate the open source licenses and remove copyright > statements. We were finding ourselves in this position in late 2004 after > putting in another intense effort to ship a new release of Sugar. These > folks were simply lifting our identifying marks and 'pretending to the > world' that they wrote software that they indeed had not. They also had no > intention at all of adding to the SugarCRM project since that showed they > weren't the original authors of the software. > > What is interesting is that these folks all use the argument that 'they > are > pure open source coders' - which is only the case for maybe 2% to 3% of > them. For those folks who are actually writing code that takes the project > forward, I do agree that we would all be better off without the > attribution > clause. But.for the 98% of folks that are just looking for more free > software to sell or host - yes, the attribution clause does piss them off. > Because the last thing they want is for the end user to think that they > did > not write the code themselves. I've been amazed how such a small clause > could become such an effective deterrent. As an example, you write a book > (software) and open source license it. You allow folks to rename the title > and author on the cover. And that's all they change. This is an every day > reality, and it's not fair. But authors can use the creative commons > attribution license, one of the most widely utilized licenses on the > planet > but OSI does not have a similar provision. > http://creativecommons.org/licenses/by/2.5/ > > Our implementation, specifically the sugar attribution clause, only points > to www.sugarforge.org. You can not buy anything on this site, so it is in > no > way advertising. If you want more free open source extensions or to start > participating yourself, click the link. Ultimately this is not an issue > for > a self appointed group to decide for the rest of us. Open source code is a > voluntary movement, if folks do not like the clause, they don't have to > use > the software. I do think it is important that end users do understand the > revenue stream (funding) of the code base. I've found our most hardened > Sugar Open Source users are our most vocal Sugar Professional advocates. > Why? Because the more successful SugarCRM is, the more open source code we > will write and the more resources we can invest in our open source sites. > > Lastly, I do think though, taking a bunch of other folk's code, say >50% > at > a minimum and adding an attribution clause is not a good use of the > clause. > The only reason we felt it was ok to add it was because we wrote the Sugar > Open Source code base from scratch. Any additional libraries we may use > are > fully attributed in the about box of the software. Attribution goes both > ways. > > John Roberts > > Posted by: john-sugar Posted on: 11/27/06 > > > > > > > -------------------------------------------------------------------------- > ------ > > From: Google Alerts [mailto:googlealerts-noreply@...] > Sent: Tuesday, November 21, 2006 1:14 PM > To: john@... > Subject: Google Alert - sugarcrm > > > > Google News Alert for: sugarcrm > > Are SugarCRM, Socialtext, Zimbra, Scalix and other abusing the ... > ZDNet - USA > ... A growing number of software providers including SugarCRM, Socialtext, > Scalix, and Zimbra have taken it upon themselves create their own > derivatives of the ... > > > -------------------------------------------------------------------------- > ------ > > This once a day Google Alert is brought to you by Google. > > Remove this alert. > Create another alert. > Manage your alerts. > > > > -- > View this message in context: http://www.nabble.com/ZDNet-article---why- > attribution-matters-tf2715092.html#a7570290 > Sent from the OpenSource - License-Discuss mailing list archive at > Nabble.com.
	RE: ZDNet article - why attribution matters by Lawrence Rosen :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. The job of OSI is to mitigate that and provide clear guidelines and boundaries for people to operate in so that they can anticipate and expect reliable and consistent results when they release their open source in a particular way. This ultimately fosters a healthy and thriving community of practice. Which is, I believe, the whole point. I'm looking forward to those clear guidelines and boundaries being set through this discussion and the resulting board decision. Like David Berlind, I can appreciate both sides to this. What's essential, though, is that this process works to a conclusion, not that we leave "open source" to the whims of license writers. /Larry From: David RR Webber (XML) [mailto:david@...] Sent: Tuesday, November 28, 2006 8:00 AM To: lrosen@... Cc: 'David Berlind'; 'John-Sugar'; license-discuss@... Subject: RE: ZDNet article - why attribution matters Larry, I think this cuts to the point of - what is the purpose of open source? The person publishing the source has very clear reasons why they are doing that and how they expect people to use that source. Other people then wish to retroactively bend that into something different - usually without the permission of the author, or perhaps as an unintended or unanticipated action beyond what the author original envisioned! This generates friction, or sometimes pleasant surprises - but not always! ; -) The job of OSI is to mitigate that and provide clear guidelines and boundaries for people to operate in so that they can anticipate and expect reliable and consistent results when they release their open source in a particular way. This ultimately fosters a healthy and thriving community of practice. DW "The way to be is to do" - Confucius (551-472 B.C.) -------- Original Message -------- Subject: RE: ZDNet article - why attribution matters From: "Lawrence Rosen" <lrosen@...> Date: Mon, November 27, 2006 9:50 pm To: "'John-Sugar'" <john@...>, <license-discuss@...> Cc: "'David Berlind'" <David.Berlind@...> Hi John, The issue isn't just "Why attribution matters," because it obviously does. Attribution is already mentioned in lots of FOSS licenses. Attribution is important to every author, not just commercial ones who work for a living (although most do!). Notice of authorship is so important that the US Copyright Act even makes the fraudulent removal of a copyright notice a criminal offense. 17 USC 506(d). We should instead be asking: How much attribution is enough? How much attribution can be demanded in an open source license? I don't believe anyone has argued yet that Sugar's license crosses the line. Most of us simply aren't sure where the line should be drawn. You can legally require in a software license that licensees put neon signs on the highway to announce your copyrighted work, but is that open source? /Larry Rosen > -----Original Message----- > From: John-Sugar [mailto:john@...] > Sent: Monday, November 27, 2006 3:29 PM > To: license-discuss@... > Subject: ZDNet article - why attribution matters > > > OSI, > > I took a couple of days off from email last week so I'm just now providing > our perspective in the talkback forum. I thought David's recent ZDNet > article gave fair coverage to this important issue. For the record though, > there are far more projects adopting attribution clauses then the select > few > David calls out. I hope my response below will shed one more view point on > why attribution benefits vs. hurts great open source projects. > > John Roberts > > > > > News Discussion: Are SugarCRM, Socialtext, Zimbra, Scalix and others > abusing > the term "open source?" > > TalkBack 24 of 24: > > Previous message > > > > > > > Attribution, why it matters > David, > I thought your article was very good based on the complexity of this > issue. > Below is my perspective as someone who felt compelled to add an > attribution > clause to our license in late 2004. I think we were the first to add this > clause to the MPL. It appears now that almost every open source project > with > significant engineering salaries are also seeing attribution as a small > request in return for writing and open source licensing their code - all > of > which is hard work. In fact almost every new open source project feels > compelled to protect their identity in some way, not necessarily for > monetary reasons though. I do find it very interesting that most folks who > seem to take issue with this attribution provisions are 'individuals' who > do > not write any code themselves (but yet who seem to love the creative > commons > attribution license). > > Backgrounder, I did not initially want to add the attribution clause at > all.. > Fact is you can only work for free for so many months, and I and my two > co-founders, Clint and Jacob all had pregnant wives at the time when we > first decided to resign from our jobs at E.piphnay and founded the > SugarCRM > project and initially worked for free. We have been very upfront, I think, > in calling ourselves 'commercial open source' - it's even a part of our > logo. Why? Because we do not want to try and fool anyone that writing > software full time is free. > > The fact is there is a very ugly side to open source redistribution. There > are plenty of hosting providers, SI's, etc. that look at open source > licensed software as 'free' software for them to go and 'sell'. They take > no > issue with removing all identifying marks off the software and will even > go > so far as to violate the open source licenses and remove copyright > statements. We were finding ourselves in this position in late 2004 after > putting in another intense effort to ship a new release of Sugar. These > folks were simply lifting our identifying marks and 'pretending to the > world' that they wrote software that they indeed had not. They also had no > intention at all of adding to the SugarCRM project since that showed they > weren't the original authors of the software. > > What is interesting is that these folks all use the argument that 'they > are > pure open source coders' - which is only the case for maybe 2% to 3% of > them. For those folks who are actually writing code that takes the project > forward, I do agree that we would all be better off without the > attribution > clause. But.for the 98% of folks that are just looking for more free > software to sell or host - yes, the attribution clause does piss them off. > Because the last thing they want is for the end user to think that they > did > not write the code themselves. I've been amazed how such a small clause > could become such an effective deterrent. As an example, you write a book > (software) and open source license it. You allow folks to rename the title > and author on the cover. And that's all they change. This is an every day > reality, and it's not fair. But authors can use the creative commons > attribution license, one of the most widely utilized licenses on the > planet > but OSI does not have a similar provision. > http://creativecommons.org/licenses/by/2.5/ > > Our implementation, specifically the sugar attribution clause, only points > to www.sugarforge.org. You can not buy anything on this site, so it is in > no > way advertising. If you want more free open source extensions or to start > participating yourself, click the link. Ultimately this is not an issue > for > a self appointed group to decide for the rest of us. Open source code is a > voluntary movement, if folks do not like the clause, they don't have to > use > the software. I do think it is important that end users do understand the > revenue stream (funding) of the code base. I've found our most hardened > Sugar Open Source users are our most vocal Sugar Professional advocates. > Why? Because the more successful SugarCRM is, the more open source code we > will write and the more resources we can invest in our open source sites. > > Lastly, I do think though, taking a bunch of other folk's code, say >50% > at > a minimum and adding an attribution clause is not a good use of the > clause. > The only reason we felt it was ok to add it was because we wrote the Sugar > Open Source code base from scratch. Any additional libraries we may use > are > fully attributed in the about box of the software. Attribution goes both > ways. > > John Roberts > > Posted by: john-sugar Posted on: 11/27/06 > > > > > > > -------------------------------------------------------------------------- > ------ > > From: Google Alerts [mailto:googlealerts-noreply@...] > Sent: Tuesday, November 21, 2006 1:14 PM > To: john@... > Subject: Google Alert - sugarcrm > > > > Google News Alert for: sugarcrm > > Are SugarCRM, Socialtext, Zimbra, Scalix and other abusing the ... > ZDNet - USA > ... A growing number of software providers including SugarCRM, Socialtext, > Scalix, and Zimbra have taken it upon themselves create their own > derivatives of the ... > > > -------------------------------------------------------------------------- > ------ > > This once a day Google Alert is brought to you by Google. > > Remove this alert. > Create another alert. > Manage your alerts. > > > > -- > View this message in context: http://www.nabble.com/ZDNet-article---why- > attribution-matters-tf2715092.html#a7570290 > Sent from the OpenSource - License-Discuss mailing list archive at > Nabble.com.
	RE: ZDNet article - why attribution matters by David RR Webber (XML) :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Larry, Looking forward to seeing those outcomes from the board. Also - most software writers don't want to be license writers - they much prefer to be able to take a sensible proven license template and quickly use it for their needs - and I sense that is the gap that needs to be addressed here. Thanks, DW "The way to be is to do" - Confucius (551-472 B.C.) -------- Original Message -------- Subject: RE: ZDNet article - why attribution matters From: "Lawrence Rosen" <lrosen@...> Date: Tue, November 28, 2006 11:11 am To: "'David RR Webber (XML)'" <david@...> Cc: "'David Berlind'" <David.Berlind@...>, "'John-Sugar'" <john@...>, <license-discuss@...> The job of OSI is to mitigate that and provide clear guidelines and boundaries for people to operate in so that they can anticipate and expect reliable and consistent results when they release their open source in a particular way. This ultimately fosters a healthy and thriving community of practice. Which is, I believe, the whole point. I'm looking forward to those clear guidelines and boundaries being set through this discussion and the resulting board decision. Like David Berlind, I can appreciate both sides to this. What's essential, though, is that this process works to a conclusion, not that we leave "open source" to the whims of license writers. /Larry From: David RR Webber (XML) [mailto:david@...] Sent: Tuesday, November 28, 2006 8:00 AM To: lrosen@... Cc: 'David Berlind'; 'John-Sugar'; license-discuss@... Subject: RE: ZDNet article - why attribution matters Larry, I think this cuts to the point of - what is the purpose of open source? The person publishing the source has very clear reasons why they are doing that and how they expect people to use that source. Other people then wish to retroactively bend that into something different - usually without the permission of the author, or perhaps as an unintended or unanticipated action beyond what the author original envisioned! This generates friction, or sometimes pleasant surprises - but not always! ; -) The job of OSI is to mitigate that and provide clear guidelines and boundaries for people to operate in so that they can anticipate and expect reliable and consistent results when they release their open source in a particular way. This ultimately fosters a healthy and thriving community of practice. DW "The way to be is to do" - Confucius (551-472 B.C.) -------- Original Message -------- Subject: RE: ZDNet article - why attribution matters From: "Lawrence Rosen" <lrosen@...> Date: Mon, November 27, 2006 9:50 pm To: "'John-Sugar'" <john@...>, <license-discuss@...> Cc: "'David Berlind'" <David.Berlind@...> Hi John, The issue isn't just "Why attribution matters," because it obviously does. Attribution is already mentioned in lots of FOSS licenses. Attribution is important to every author, not just commercial ones who work for a living (although most do!). Notice of authorship is so important that the US Copyright Act even makes the fraudulent removal of a copyright notice a criminal offense. 17 USC 506(d). We should instead be asking: How much attribution is enough? How much attribution can be demanded in an open source license? I don't believe anyone has argued yet that Sugar's license crosses the line. Most of us simply aren't sure where the line should be drawn. You can legally require in a software license that licensees put neon signs on the highway to announce your copyrighted work, but is that open source? /Larry Rosen > -----Original Message----- > From: John-Sugar [mailto:john@...] > Sent: Monday, November 27, 2006 3:29 PM > To: license-discuss@... > Subject: ZDNet article - why attribution matters > > > OSI, > > I took a couple of days off from email last week so I'm just now providing > our perspective in the talkback forum. I thought David's recent ZDNet > article gave fair coverage to this important issue. For the record though, > there are far more projects adopting attribution clauses then the select > few > David calls out. I hope my response below will shed one more view point on > why attribution benefits vs. hurts great open source projects. > > John Roberts > > > > > News Discussion: Are SugarCRM, Socialtext, Zimbra, Scalix and others > abusing > the term "open source?" > > TalkBack 24 of 24: > > Previous message > > > > > > > Attribution, why it matters > David, > I thought your article was very good based on the complexity of this > issue. > Below is my perspective as someone who felt compelled to add an > attribution > clause to our license in late 2004. I think we were the first to add this > clause to the MPL. It appears now that almost every open source project > with > significant engineering salaries are also seeing attribution as a small > request in return for writing and open source licensing their code - all > of > which is hard work. In fact almost every new open source project feels > compelled to protect their identity in some way, not necessarily for > monetary reasons though. I do find it very interesting that most folks who > seem to take issue with this attribution provisions are 'individuals' who > do > not write any code themselves (but yet who seem to love the creative > commons > attribution license). > > Backgrounder, I did not initially want to add the attribution clause at > all.. > Fact is you can only work for free for so many months, and I and my two > co-founders, Clint and Jacob all had pregnant wives at the time when we > first decided to resign from our jobs at E.piphnay and founded the > SugarCRM > project and initially worked for free. We have been very upfront, I think, > in calling ourselves 'commercial open source' - it's even a part of our > logo. Why? Because we do not want to try and fool anyone that writing > software full time is free. > > The fact is there is a very ugly side to open source redistribution. There > are plenty of hosting providers, SI's, etc. that look at open source > licensed software as 'free' software for them to go and 'sell'. They take > no > issue with removing all identifying marks off the software and will even > go > so far as to violate the open source licenses and remove copyright > statements. We were finding ourselves in this position in late 2004 after > putting in another intense effort to ship a new release of Sugar. These > folks were simply lifting our identifying marks and 'pretending to the > world' that they wrote software that they indeed had not. They also had no > intention at all of adding to the SugarCRM project since that showed they > weren't the original authors of the software. > > What is interesting is that these folks all use the argument that 'they > are > pure open source coders' - which is only the case for maybe 2% to 3% of > them. For those folks who are actually writing code that takes the project > forward, I do agree that we would all be better off without the > attribution > clause. But.for the 98% of folks that are just looking for more free > software to sell or host - yes, the attribution clause does piss them off. > Because the last thing they want is for the end user to think that they > did > not write the code themselves. I've been amazed how such a small clause > could become such an effective deterrent. As an example, you write a book > (software) and open source license it. You allow folks to rename the title > and author on the cover. And that's all they change. This is an every day > reality, and it's not fair. But authors can use the creative commons > attribution license, one of the most widely utilized licenses on the > planet > but OSI does not have a similar provision. > http://creativecommons.org/licenses/by/2.5/ > > Our implementation, specifically the sugar attribution clause, only points > to www.sugarforge.org. You can not buy anything on this site, so it is in > no > way advertising. If you want more free open source extensions or to start > participating yourself, click the link. Ultimately this is not an issue > for > a self appointed group to decide for the rest of us. Open source code is a > voluntary movement, if folks do not like the clause, they don't have to > use > the software. I do think it is important that end users do understand the > revenue stream (funding) of the code base. I've found our most hardened > Sugar Open Source users are our most vocal Sugar Professional advocates. > Why? Because the more successful SugarCRM is, the more open source code we > will write and the more resources we can invest in our open source sites. > > Lastly, I do think though, taking a bunch of other folk's code, say >50% > at > a minimum and adding an attribution clause is not a good use of the > clause. > The only reason we felt it was ok to add it was because we wrote the Sugar > Open Source code base from scratch. Any additional libraries we may use > are > fully attributed in the about box of the software. Attribution goes both > ways. > > John Roberts > > Posted by: john-sugar Posted on: 11/27/06 > > > > > > > -------------------------------------------------------------------------- > ------ > > From: Google Alerts [mailto:googlealerts-noreply@...] > Sent: Tuesday, November 21, 2006 1:14 PM > To: john@... > Subject: Google Alert - sugarcrm > > > > Google News Alert for: sugarcrm > > Are SugarCRM, Socialtext, Zimbra, Scalix and other abusing the ... > ZDNet - USA > ... A growing number of software providers including SugarCRM, Socialtext, > Scalix, and Zimbra have taken it upon themselves create their own > derivatives of the ... > > > -------------------------------------------------------------------------- > ------ > > This once a day Google Alert is brought to you by Google. > > Remove this alert. > Create another alert. > Manage your alerts. > > > > -- > View this message in context: http://www.nabble.com/ZDNet-article---why- > attribution-matters-tf2715092.html#a7570290 > Sent from the OpenSource - License-Discuss mailing list archive at > Nabble.com.
	Re: ZDNet article - why attribution matters by Chuck Swiger :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Nov 28, 2006, at 8:00 AM, David RR Webber ((XML)) wrote: > I think this cuts to the point of - what is the purpose of open > source? The purpose of OSI Open Source is to make better software available to everyone. While there are lots of ways of writing, publishing, and maintaining software, the experience of the BSD community back in the 1970's, and later that of the FSF & GNU project starting in the early 80's [1], is that by making the source code to software publicly available and permitting people to make their own changes to the code and to be able to share these changes with everyone else, results in better software. > The person publishing the source has very clear reasons why they > are doing that and how they expect people to use that source. I would agree that people who publish their source code usually have clear reasons for doing so; I would disagree that most people writing Open Source software place expectations as to how others should use the software. People who place restrictions into the software license on how the software may be used generally do not comply with the Open Source Definition, and such licenses typically are rejected by the OSI board. > Other people then wish to retroactively bend that into something > different - usually without the permission of the author, or > perhaps as an unintended or unanticipated action beyond what the > author original envisioned! This generates friction, or sometimes > pleasant surprises - but not always! ; -) > > The job of OSI is to mitigate that and provide clear guidelines and > boundaries for people to operate in so that they can anticipate and > expect reliable and consistent results when they release their open > source in a particular way. This ultimately fosters a healthy and > thriving community of practice. Do you not find that the Open Source Definition provides clear guidelines and boundaries? Is there some part of it which you find unclear? -- -Chuck
	RE: ZDNet article - why attribution matters by John-Sugar :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message David, Fair points. To my knowledge OSI does not own the trademark for the words ‘open source’, only the domain name. If your whole value proposition is that your software is open source, I agree it’s not going to get you very far. The software needs to stand on its own merits. Open source for us is a descriptor that says the source code is provided, is extensible, redistributable, no restrictions of use and is patent free, etc. I’ve not met many of the OSI board members. I do know they are all very smart, well respected group of individuals. I don’t know how they got their positions, and why they were the chosen ones to create laws for everyone else. The website states they have not even had a meeting in over a year - http://opensource.org/weblog/. I’m just trying to understand how this organization operates and who exactly are the ‘approvers’ specifically. Here is a link to our license: http://www.sugarcrm.com/crm/SPL It is a combination of two OSI approved licenses: http://www.opensource.org/licenses/mozilla1.1.php plus http://www.opensource.org/licenses/attribution.php For us though, I’m just voicing my opinion. Vilify me if you like, Sugar Open Source is and will always be an open source licensed code base. This will likely be my last post on this issue. John David Berlind wrote: John: Thank you for cc:ing your response to license-discuss on ZDNet. In response to what I've so far seen from Michael, Larry, and you, I'd like to add my observations as an objective observer. First, I meant no disrespect to your values, wives, or families, all of whom require serious wage earning at some point. I have a wife and three children. I totally get it. I hope you understand that I am neutral to the issue of attribution and I'm glad that my post has provoked some discussion here. But I am not neutral to fine print issues that affect users of technology, particularly where the fine print is missing. I believe in my heart that a failure to disclose the fact that an open source license has so far not yet been approved as such by the defacto consortium to which the open source community currently looks for such approvals, qualifies as fine print that's missing. I prefer to stay out of the debate of whether attribution makes sense or not and if it does, how much is enough. There are people here that are far wiser than I who are obviously prepared to argue the merits of various approaches. So, from my point of view, the line crossed has nothing to do with your selected degree or method of attribution (eg: pointing back to SugarCRM where no advertising exists). The line crossed is the one where one company or organization decides it's OK to rewrite the rules of open source or, in the case of "commercial open source" to declare a new class of open source without seeking any consensus from the open source community itself. One could argue that no consensus is required before a new commercial license is written and that is of course true. However, there isn't a self-policing community of commercial license providers which has established to seek a standard baseline for what it means to be commercial the way there has been for open source. Perhaps a consensus, when and if one is achieved, will yield a result that's favorable to your position on the issue. But even you point out that now that you've done it (modified the MPL), others are doing the same. Clearly, there's no consensus on how the MPL should be modified, or, at the very least, all those who have followed in your footsteps would not have felt the need to write their own modifications to it. They would have picked yours. You're clearly testing the boundaries. That may have not been your intent. But to this independent observer, your choice (and the choices of others) to modify the MPL without following the community's accepted practice for making such changes, and to continue referring to your license as an open source license (commercial or otherwise) has tested the customs of the community. It tests the limits of the clause in the MPL that allows for changes. It tests the OSI's process. There's an old George Carlin bit where he talks about how, when he's driving on the road, everyone going slower than him is an idiot, and everyone going faster than him is a maniac. There are a lot of open source developers that don't have any mouths to feed but their own and are happy to operate within the norms of the community. And then, there will be people who, based on the precedent you've already set and are defending, will take it upon themselves to cross a line that even you wouldn't dare cross in modifying an existing open source license (while still referring to it as open source). You and others who have already taken matters into their own hands will of course have to remain silent. Pot, kettle, black. Think it won't happen? Trust me. There are people who didn't think what you've done could have happened. One day, "open source" will simply be meaningless or may even carry negative connotations (it's possible that "free software" could survive such a debacle, perhaps become stronger because of it). Why do I say any of this? Here's where I hope it becomes clear that none of what I just said is meant as a put down to you, Ross, Glenn, Scott or the others. The net result for SugarCRM and others who believe that associations with "open source" are positive associations for their brands will one day find that they are associated with something that means absolutely nothing. Or worse, something negative. You must ask yourselves if that's what you really want. db -----Original Message----- From: Michael Tiemann [mailto:tiemann@redhat.com] Sent: Monday, November 27, 2006 10:08 PM To: Lawrence E. Rosen Cc: 'John-Sugar'; license-discuss@opensource.org; David Berlind Subject: RE: ZDNet article - why attribution matters On Mon, 2006-11-27 at 18:50 -0800, Lawrence Rosen wrote: > Hi John, > > The issue isn't just "Why attribution matters," because it obviously does. > Attribution is already mentioned in lots of FOSS licenses. Attribution > is important to every author, not just commercial ones who work for a > living (although most do!). Notice of authorship is so important that > the US Copyright Act even makes the fraudulent removal of a copyright > notice a criminal offense. 17 USC 506(d). > > We should instead be asking: How much attribution is enough? How much > attribution can be demanded in an open source license? This conflates two very important questions. > I don't believe anyone has argued yet that Sugar's license crosses the line. > Most of us simply aren't sure where the line should be drawn. You can > legally require in a software license that licensees put neon signs on > the highway to announce your copyrighted work, but is that open source? First: is it attribution? The Creative Commons folks seem to agree that attribution "in the manner specified by the author" is not a blank check, and they say so in the code (but not the deed) of the license. A requirement for neon in attribution is not, strictly speaking, needed to satisfy the legal requirements of legal attribution. Second: is it open source? Just as a lawyer cannot say for sure what the law says until a judge renders a verdict (and even then a successor judge can render a different judgment), the only way to know for sure that something satisfies the Open Source Definition is to put the license before the OSI approval process and see if it is approved by the process. M
	RE: ZDNet article - why attribution matters by David RR Webber (XML) :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message John, Pay no mind to the man behind the green curtain... ; -) One could ask - how do you get to be President of the United States too, eh?! The answer to the Q on the meetings is probably something around busy people meet when they need to; plus you can't get elected but you can get fired and you have to be stupid enough to volunteer in the first place... I'm just an interested by-stander here - but based on my observations this past year and change - I'm sure the stakeholders at OSI will be sorting this all out with reasonable expedience. Cheers, DW "The way to be is to do" - Confucius (551-472 B.C.) -------- Original Message -------- Subject: RE: ZDNet article - why attribution matters From: John-Sugar <john@...> Date: Tue, November 28, 2006 1:04 pm To: license-discuss@... David, Fair points. To my knowledge OSI does not own the trademark for the words â€˜open sourceâ€™, only the domain name. If your whole value proposition is that your software is open source, I agree itâ€™s not going to get you very far. The software needs to stand on its own merits. Open source for us is a descriptor that says the source code is provided, is extensible, redistributable, no restrictions of use and is patent free, etc. Iâ€™ve not met many of the OSI board members. I do know they are all very smart, well respected group of individuals. I donâ€™t know how they got their positions, and why they were the chosen ones to create laws for everyone else. The website states they have not even had a meeting in over a year - http://opensource.org/weblog/. Iâ€™m just trying to understand how this organization operates and who exactly are the â€˜approversâ€™ specifically. Here is a link to our license: http://www.sugarcrm.com/crm/SPL It is a combination of two OSI approved licenses: http://www.opensource.org/licenses/mozilla1.1.php plus http://www.opensource.org/licenses/attribution.php For us though, Iâ€™m just voicing my opinion. Vilify me if you like, Sugar Open Source is and will always be an open source licensed code base. This will likely be my last post on this issue. John David Berlind wrote: > > John: > > Thank you for cc:ing your response to license-discuss on ZDNet. In > response to what I've so far seen from Michael, Larry, and you, I'd like > to add my observations as an objective observer. First, I meant no > disrespect to your values, wives, or families, all of whom require > serious wage earning at some point. I have a wife and three children. I > totally get it. I hope you understand that I am neutral to the issue of > attribution and I'm glad that my post has provoked some discussion here. > But I am not neutral to fine print issues that affect users of > technology, particularly where the fine print is missing. I believe in > my heart that a failure to disclose the fact that an open source license > has so far not yet been approved as such by the defacto consortium to > which the open source community currently looks for such approvals, > qualifies as fine print that's missing. > > I prefer to stay out of the debate of whether attribution makes sense or > not and if it does, how much is enough. There are people here that are > far wiser than I who are obviously prepared to argue the merits of > various approaches. So, from my point of view, the line crossed has > nothing to do with your selected degree or method of attribution (eg: > pointing back to SugarCRM where no advertising exists). The line crossed > is the one where one company or organization decides it's OK to rewrite > the rules of open source or, in the case of "commercial open source" to > declare a new class of open source without seeking any consensus from > the open source community itself. One could argue that no consensus is > required before a new commercial license is written and that is of > course true. However, there isn't a self-policing community of > commercial license providers which has established to seek a standard > baseline for what it means to be commercial the way there has been for > open source. > > Perhaps a consensus, when and if one is achieved, will yield a result > that's favorable to your position on the issue. But even you point out > that now that you've done it (modified the MPL), others are doing the > same. Clearly, there's no consensus on how the MPL should be modified, > or, at the very least, all those who have followed in your footsteps > would not have felt the need to write their own modifications to it. > They would have picked yours. You're clearly testing the boundaries. > That may have not been your intent. But to this independent observer, > your choice (and the choices of others) to modify the MPL without > following the community's accepted practice for making such changes, and > to continue referring to your license as an open source license > (commercial or otherwise) has tested the customs of the community. It > tests the limits of the clause in the MPL that allows for changes. It > tests the OSI's process. > > There's an old George Carlin bit where he talks about how, when he's > driving on the road, everyone going slower than him is an idiot, and > everyone going faster than him is a maniac. > > There are a lot of open source developers that don't have any mouths to > feed but their own and are happy to operate within the norms of the > community. And then, there will be people who, based on the precedent > you've already set and are defending, will take it upon themselves to > cross a line that even you wouldn't dare cross in modifying an existing > open source license (while still referring to it as open source). You > and others who have already taken matters into their own hands will of > course have to remain silent. Pot, kettle, black. Think it won't happen? > Trust me. There are people who didn't think what you've done could have > happened. One day, "open source" will simply be meaningless or may even > carry negative connotations (it's possible that "free software" could > survive such a debacle, perhaps become stronger because of it). > > Why do I say any of this? Here's where I hope it becomes clear that none > of what I just said is meant as a put down to you, Ross, Glenn, Scott or > the others. The net result for SugarCRM and others who believe that > associations with "open source" are positive associations for their > brands will one day find that they are associated with something that > means absolutely nothing. Or worse, something negative. > > You must ask yourselves if that's what you really want. > > db > -----Original Message----- > From: Michael Tiemann [mailto:tiemann@...] > Sent: Monday, November 27, 2006 10:08 PM > To: Lawrence E. Rosen > Cc: 'John-Sugar'; license-discuss@...; David Berlind > Subject: RE: ZDNet article - why attribution matters > > On Mon, 2006-11-27 at 18:50 -0800, Lawrence Rosen wrote: >> Hi John, >> >> The issue isn't just "Why attribution matters," because it obviously > does. >> Attribution is already mentioned in lots of FOSS licenses. Attribution > >> is important to every author, not just commercial ones who work for a >> living (although most do!). Notice of authorship is so important that >> the US Copyright Act even makes the fraudulent removal of a copyright >> notice a criminal offense. 17 USC 506(d). >> >> We should instead be asking: How much attribution is enough? How much >> attribution can be demanded in an open source license? > > This conflates two very important questions. > >> I don't believe anyone has argued yet that Sugar's license crosses the > line. >> Most of us simply aren't sure where the line should be drawn. You can >> legally require in a software license that licensees put neon signs on > >> the highway to announce your copyrighted work, but is that open > source? > > First: is it attribution? The Creative Commons folks seem to agree that > attribution "in the manner specified by the author" is not a blank > check, and they say so in the code (but not the deed) of the license. A > requirement for neon in attribution is not, strictly speaking, needed to > satisfy the legal requirements of legal attribution. > > Second: is it open source? Just as a lawyer cannot say for sure what > the law says until a judge renders a verdict (and even then a successor > judge can render a different judgment), the only way to know for sure > that something satisfies the Open Source Definition is to put the > license before the OSI approval process and see if it is approved by the > process. > > M > > > -- View this message in context: http://www.nabble.com/ZDNet-article---why-attribution-matters-tf2715092.html#a7584294 Sent from the OpenSource - License-Discuss mailing list archive at Nabble.com.
	Re: ZDNet article - why attribution matters by Rick Moen :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Quoting David Berlind (David.Berlind@...): > I prefer to stay out of the debate of whether attribution makes sense > or not and if it does, how much is enough. It is irksome to see interested parties such as Matt Asay and John Roberts claim they seek merely to add software authors' attributions to open source, when _technology-neutral_ attribution mechanisms (ref: OSD#10) have been an integral part of open source since the very beginning -- as several posters have already stated. In (at least) Mr. Asay's case, his Alfresco "logo" clause has proven, upon discussion here, to be quite deliberately not technology-neutral. That is, I (ironically) tried to make the argument that the quoted, slightly vague clause couldn't possibly be _intended_ as requiring that all derivative works be graphical, as that's simply not reasonable for a licence aspiring to be open source -- and, incredibly, Asay quickly followed up by saying (paraphrased) "No, that's pretty much exactly what we mean to require." So, we have people trying to deliberately contravene -- among other things -- OSD#10 and then claim that their licences should be considered open source anyway because... oh, I dunno: Because they're nice people with families to feed, because Red Hat, Inc. doesn't itself publish a guide to recompiling RHEL without trademark encumbrances, because they hold careless and convenient misconceptions about "external service agreements that surround GPL code that place extended limitations on the use of GPL code within enterprises that buy commercial Linux subscription contracts", because if they aren't accomodated they'll invent an OSI-replacement consortium, or some damned thing like that. And we're supposed to take this seriously because... and here, my imagination fails. Because we're gullible? Because we're not very bright? I'm open to suggestions, in hopes of extending the narrative in some plausible direction. Or, in the alternative, we could do the totally unimaginative and return to examining submitted licences per the Open Source Definition, and cease wasting time plowing through rhetorical bullshit. -- Cheers, My grandparents went to a planet with no bilateral Rick Moen symmetry, and all I got was this lousy F-shirt. rick@...

ZDNet article - why attribution matters

ZDNet article - why attribution matters

Re: ZDNet article - why attribution matters

RE: ZDNet article - why attribution matters

RE: ZDNet article - why attribution matters

RE: ZDNet article - why attribution matters

RE: ZDNet article - why attribution matters

RE: ZDNet article - why attribution matters

Re: ZDNet article - why attribution matters

RE: ZDNet article - why attribution matters

RE: ZDNet article - why attribution matters

Re: ZDNet article - why attribution matters

Re: ZDNet article - why attribution matters

RE: ZDNet article - why attribution matters

RE: ZDNet article - why attribution matters

RE: ZDNet article - why attribution matters

RE: ZDNet article - why attribution matters

Re: ZDNet article - why attribution matters

RE: ZDNet article - why attribution matters

RE: ZDNet article - why attribution matters

Re: ZDNet article - why attribution matters