LWN.net Weekly Edition for November 30, 2006 [LWN.net]

Who is being divisive?

On November 23, the OpenSUSE project announced the first 10.2 release candidate. In its usual way, LWN posted that announcement; we tend to have a relatively large number of readers who are interested in software of great novelty and questionable stability. This time, however, a recent LWN subscriber took exception to our having posted the announcement:

If I had know that LWN is going to support Novell's betrayal of the FOSS community by helping disseminate SuSE I wouldn't have spent the money.

We got similar comments a few years ago when we continued to publish OpenLinux security alerts with all the others after SCO started its legal rampage. Now, as then, we do not intend to change our editorial policy.

In this context, a couple of other postings are worthy of merit. Shortly after the Novell/Microsoft deal was announced, Chris Dibona posted a weblog entry which reads, in its entirety:

I've been giving some thought about the implications of the recent Microsoft Novell deal, and while I'm not going to go into a long diatribe about how I do not agree that I need Microsoft permission via Novell to use Samba or much of any free software, I will say this to my open source developer friends at Novell:

The Google Engineering Staff and Open Source teams are hiring.

Comments posted on the site and elsewhere suggest that most readers found this entry to be topical and amusing.

On November 24, Ubuntu self-appointed benevolent dictator for life Mark Shuttleworth sounded off on the topic as well:

Novell's decision to go to great lengths to circumvent the patent framework clearly articulated in the GPL has sent shockwaves through the community. If you are an OpenSUSE developer who is concerned about the long term consequences of this pact, you may be interested in some of the events happening next week as part of the Ubuntu Open Week.

Unlike Chris's posting, however, Mark's missive was met with quite a bit of criticism. There was a fundamental difference between the two: Chris posted on his own weblog, while Mark chose to spam the OpenSUSE mailing list. Had Mark restricted his comments to his own, well-read weblog, he would likely have taken less grief.

Both people were, however, trying to do the same thing: attract developers away from the OpenSUSE project. We have also seen calls for direct boycotts of the SUSE/OpenSUSE distributions and, as mentioned above, people wishing that announcements from the OpenSUSE project would no longer be visible to the rest of the world. There is, it seems, a great deal of anger against Novell and a wish to marginalize its distributions in response. The petition posted by Bruce Perens states it clearly:

In short, now that Novell has chosen not to hang together with the Free Software community, we've chosen not to do so with you.

There are some problems with taking that approach at this time, however. Much of the concern in the community is about what will happen in the future - not what has happened so far. But predictions about the future are notoriously hard to get right, and things may not turn out the way people expect. In the mean time, however, we may have caused irreparable damage to our community.

The SUSE distribution is one of the oldest and highly respected available. SUSE has, over the course of many years, employed many free software developers and contributed heavily to the community. OpenSUSE is a free distribution which is slowly moving toward a more community-oriented model. There are many developers working on this distribution, and their work is worth as much now as it was last month. OpenSUSE is still a free-software distribution - especially if you avoid the proprietary add-ons disk.

As a bonus, OpenSUSE users are not beneficiaries of Novell's non-license, and, thus, get the full benefit of patent liability that they had before the deal was signed.

In addition, it is not yet clear what harm, if any, will be caused by Novell's deal with Microsoft. It could yet turn out as Novell says: more money for free software, more code, and no downsides. The fact that Novell chose to pay protection money to see off a potential bully does not necessarily make things harder for those who have not paid that money; if anything, Microsoft's attempt to start a new FUD campaign around this deal has backfired. Microsoft has now said, in public, that Novell did not acknowledge any patent problems - a statement which will make it harder for Microsoft to use Novell's protection money as a justification for shaking down other vendors.

Novell has been accused of trying to divide the Linux community. The truth of that accusation will (or will not) become clear over time. What is clear now is that calls to isolate SUSE and attempts to lure away its developer base are unquestionably divisive. Individual users and developers will certainly make their own decisions over time, and it could be that SUSE's run as a major distribution is nearing its end. Or, if things look bad enough, OpenSUSE might eventually fork away from its creator. But it is too soon for any of that to happen, and there is little benefit in trying to hurt a free software project like OpenSUSE. Companies which feel threatened by free software may well attempt to split up our community; there is, however, no sense in doing that work for them.

Comments (133 posted)

What is open source?

When the Open Source Initiative first set up shop, the plan was to obtain a trademark (in the US) for the term "Open Source," and to restrict use of that trademark to licenses which were deemed to uphold open source values. That plan came to an end when the trademark office turned down the application. Some time later, the OSI trademarked "OSI Certified" instead, but, by then, the momentum was gone. Use of the OSI Certified mark has been minimal. There is, it seems, little demand for a trademarked stamp of approval for open source licenses.

That situation could yet change, however, as a crop of relatively new companies pushes the boundaries of the term "open source." At the top of the list may well be SugarCRM, which bills itself as "commercial open source." The company's web site says "We thought there was better way. Why not write our product in public and distribute it through an open source license?" Despite these words, the license created by this company, the SugarCRM Public License (SPL), is not on the OSI list of open source licenses - and it's not clear if it ever will be.

The SPL is based on the Mozilla Public License, but it includes (among other things) some text at the end:

However, in addition to the other notice obligations, all copies of the Covered Code in Executable and Source Code form distributed must, as a form of attribution of the original author, include on each user interface screen (i) the "Powered by SugarCRM" logo and (ii) the copyright notice in the same form as the latest version of the Covered Code distributed by SugarCRM, Inc. at the time of distribution of such copy. In addition, the "Powered by SugarCRM" logo must be visible to all users and be located at the very bottom center of each user interface screen. Notwithstanding the above, the dimensions of the "Powered By SugarCRM" logo must be at least 106 x 23 pixels. When users click on the "Powered by SugarCRM" logo it must direct them back to http://www.sugarforge.org. In addition, the copyright notice must remain visible to all users at all times at the bottom of the user interface screen. When users click on the copyright notice, it must direct them back to http://www.sugarcrm.com

These requirements on how the software is to be used are rather intrusive for what is supposed to be a free license; most open source licenses do not prescribe the layout of an application's windows. The folks at SugarCRM, suspecting that the OSI would not consider such requirements as being free, opted not to ask for OSI approval at all. But they call their license "open source" all the same.

SugarCRM's John Roberts makes no apologies for his license, stating that the attribution requirement is necessary to keep others from stealing his company's work. He goes on to say:

I hope OSI does not get stuck in the past or it could, and I think will be superseded by a new open source organization that more people both developers and users feel represent their real interests and values.

Attribution is here to stay. If you refuse to acknowledge it, you are trying to stop change, which will be very hard to do I believe.

Ross Mayfield, representing Socialtext, has also come out in favor of attribution requirements. He has submitted for discussion a general policy statement on attribution requirements and the form they can take. It supports a relatively restrained version of the requirement which might find broader acceptance.

Not everybody buys the argument that web-based applications have a need for attribution which did not exist for prior generations of free software. Michael Tiemann says:

Now somehow the argument is being advanced that because somebody else can grab Software X, run it on their own hardware and offer it as a service, this is somehow different than being able to download a compiler from the net, build a new cellphone, and sell it by the millions without payment to the developers who created such a fantastic toolkit. I don't see it.

So there are some decisions which will have to be made here. One is: to what extent are attribution requirements simply a form of proper credit for the creation of free software? And to what extent are they an attempt to exercise a sort of proprietary control over software which, as a result, is not truly free? The SPL requirements on the presence, positioning, and linkage of logos do not look all that different from the invariant section requirements in the GFDL - and those requirements are widely held to be non-free. A programmer who borrows even a single function from SugarCRM's code base must thereafter make his or her entire application "powered by SugarCRM," assuming the licenses are compatible at all. It would not be surprising to see a consensus build to the effect that this requirement makes the SPL a non-free license.

The bigger question which is being forced by this discussion, however, is: what does "open source" mean? When the term was first coined, there was concern that businesses would attempt to use it for licenses which were decidedly not open. That sort of abuse has not been much of a problem - so far. But now we are seeing businesses apply the term to code which, to some people in the community at least, is not open source. Problems often start small and grow from there; if some businesses are able to get away with calling licenses without OSI-approval "open source," others will do the same with much more restrictive licenses. There will always be somebody who is willing to test the limits.

What can be done about any future abuse of the term "open source" is not clear, however. There is no trademark, so there is no legal mechanism available to shut down such claims. The OSI could attempt to regain control of the term with a publicity campaign and a stronger effort to push the "OSI Certified" mark. But the OSI has been largely inactive and out of the public view for some time, and it is not generally seen as a representative body. So it is an organization with a relatively small mind share and relatively small moral authority. It's not clear what the OSI can do at this point.

(See also: David Berlind's long article which started the current round of discussion).

Comments (25 posted)

The GNOME Foundation board election

The GNOME Foundation aims to help the progress of the GNOME project by coordinating releases, representing the project to the rest of the world, producing documentation, and more. The board which directs the Foundation currently has seven open slots, to be filled by an election ending on December 16. There are eleven candidates for those seven slots. A look at some of the things the candidates are saying gives an interesting view into the issues which are driving the GNOME project this year.

If you are a rock star hacker (or a busy non-rock star hacker at work), you will not be a good Board member. Don't think that you can squeeze in a couple hours each week; you won't be able to. In the Board you have to do little tasks like answer mails, take minutes, send minutes to the public, be in contact with the companies in the Advisory Board, make plans, etc. If you wouldn't normally have time to participate in a volunteer organization where you do paperwork, the Board is not fit for you.

-- Federico Mena Quintero (not a candidate)

I would like to see us hire a bugmaster to ensure that downstream distros benefit from their collective work. I would like to hire a full-time editorial resource for our user and developer websites. I would like to see the foundation invest heavily in documentation, and ensure that high-quality, up-to-date, printed documentation exists for the platform and for users. I would like to see the foundation invest also in marketing, listening to ISDs, distributors and users and ensuring that that feedback gets fed back into the development cycle.

-- David Neary

More specifically, as a Board member I would like to focus on the GNOME Brand - the verbal and visual manifestation of what GNOME is all about - GNOME's personality. I will continue to drive our brand's definition via the brand book (regardless) and once finished, make it easy for others to use and spread GNOME by driving the development and organization of consistent collateral. I would also love to help in any way I can to fully address our trademark concerns so we can confidentially make use of our brand.

-- Máirín Duffy

As a board member I like to see we get the revamped website online, and the online store become a reality. I also want to see the Foundation have better writers, possibly funded by the foundation. I want to help better documenting board's events and procedures, and make sure incoming board email is processed as fast as possible.

-- Behdad Esfahbod

Here's what I want to do if I'm elected. It's no big things, but important stuff: make sure that people who mail the board have an answer in less than 2 days, send as much informations as possible to the membership about what's happening (I do not feel the minutes we send are enough), push to delegate stuff.

-- Vincent Untz

Hire a business development manager for the GNOME Foundation, to raise funds and manage our organisational relationships. I am particularly keen on this, because a bizdev manager for the GNOME Foundation will be able to better manage the operational side of my crazy ideas.

-- Jeff Waugh

I think it's important to keep a steady flow of funds from the advisory board members. I don't really have much of an idea of the current situation regarding finances in what areas we're spending or raising money.

-- Glynn Foster

Someone inside the European Union is pushing white papers, recommendations and similar documents since years. We need to be part of this effort and position ourselves in order to be in the right place when the reports lead to planning processes, design and implementation of real policies and migrations in the public sector.

-- Quim Gil

Certainly getting involved with the board shouldn't require technical knowledge. But there is a need to plan the development of Gnome, and I'm not sure who is doing this. The last few releases have lacked direction, features are added without consideration of their integration into the desktop and future development, and hard decisions are not being taken. If not the board, then who?

-- Joachim Noreiko

Right now, some GNOME hackers are targeting OLPC for a port of their application, but we are not actively developing for that. I think OLPC is doing a lot of innovation, and GNOME can be a bigger part of it.

-- Sara Khalatbari

I think embedded and targeted devices is en exciting new area where GNOME has been going to in the last year. From the 770 to the OLPC and gps devices GNOME tech is being spread well past the desktop. The cool thing about these areas is that they allow for more focused development than a general desktop does. What this does is make the general desktop better because tech developed in the embedded market is in many cases huge wins for the desktop. We need to make sure we don't fork GNOME but instead create an environment where embedded developers contribute back to upstream and where upstream is open to the stuff the embedded developers and offering.

-- John Palmieri

The board should deal with, and point out important issues in time. Which means that we as community together should prepare ourselves well ahead of time.

Licenses, open standards, software patents, free competition, privacy, and freedom of choice are issues I care deeply for. Along with access to, and sharing of freedom, knowledge, and information.

-- Anne Østergaard

That's one statement from each candidate (in no particular order). A few more quotes caught your editor's attention as highlighting other themes in this election:

Much like our focus on usability and the release process, issues related to Software Freedom figure prominently in GNOME's trial-by-fire introduction to development (something we need to improve). We face a tougher time with our users because we don't usually have a direct relationship with them - we must work with and through our distributors to make sure users understand and hopefully value Software Freedom.

-- Jeff Waugh

What freedoms exactly? The computer users I know can't code. What are they going to with the source code they have the freedom to modify? And free as in beer makes no difference to them: they either got their Windows XP with their Dell, or from a bloke they know with a CD burner.

Freedoms that you can't exercise are meaningless.

-- Joachim Noreiko

I've been focusing on another market for a while now (more seriously in the last year) which is not entirely standard fare for us: mobile and embedded.

This is a massive, growing market, more open to newcomers than the desktop market (thanks to our favourite monopolist incumbents), and we have a bunch of fascinating advantages in this space. It's a huge opportunity to take Free Software to *vastly* more people, faster than we've done so far, and to spur further investment in our developer platform (there are already more developers contributing to our platform for embedded use than desktop use).

-- Jeff Waugh

All GNOME Foundation members should have the information they need to vote. May the best candidates win.

Comments (1 posted)

Page editor: Jonathan Corbet

Inside this week's LWN.net Weekly Edition

Security: The Firefox password manager vulnerability; New vulnerabilities in dovecot, fvwm, imagemagick, tar, ...
Kernel: Workqueues get a rework; Avoiding - and fixing - memory fragmentation; File-based capabilities.
Distributions: Perl/Linux; new releases of YDL, Xandros, openSUSE, GNUstep, BLAG and 64 Studio; new distribution mEDUXa
Development: Control instrumentation devices with PyVISA, the Free Ryzom Project, new versions of Rivendell, MySQL, Cairo, libX11, XCB, libpthread-stubs, 1bizCom, Zope, ghostess, jack_oscrolloscope, GNOME, GARNOME, GnuPG, Dirmngr, SQL-Ledger, Frozen-Bubble, pycairo, pyFltk, giv, Wine, Jackbeat, ARToolKit, Schrodinger, gMobileMedia, OmegaT, PyVISA, CMake.
Press: Why We Need an Open Source Second Life, Novell CEO on Microsoft deal, IBM VP on Novell/MS, coverage of FOSS.in and Software patent conf, French parliament switching to Linux, FC5 on PlayStation 3, Attribution and licensing, Turkey investigates Kurdish Ubuntu, SPI to settle domain name dispute, FOSS friendly vendors, online Linux class.
Announcements: Open letter to Novell, four countries adopt ODF, Novell launches desktop-to-data center management initiative, Rivet Software to open-source XBRL viewer, Marten Mickos gets Nokia award, GPLv3 conf. transcripts, LCA miniconfs, Make Art 2007 cfp, RuPy 2007, Mtn Summit, PHP Conf Brasil, two Ruby conferences, Eben Moglen's Plone keynote.

Next page: Security>>