Bruce Perens and the OSI board

Bruce Perens and the OSI board

Posted Mar 24, 2008 18:30 UTC (Mon) by BrucePerens (guest, #2510)
Parent article: Bruce Perens and the OSI board

Jake, you should point out that the famous license proliferation committee that refused to seat me finally was not able to take any action regarding license proliferation.

Also, I'm disappointed that you did not publish much of the interview we had, it was a lot of work for me. Here are parts of two emails some will find relevant:

I really was afraid that they could vote in a Microsoft representative, next year if not this. After all, Matt has Microsoft giving the keynote speech at his "Open Source In Business" conference, and OSI is being so close-mouthed about this election that nobody knows who the other candidates are, or even the date of the election. But Mike Tiemann assures me they aren't considering MS, and Matt says he's the only one who actually did consider Microsoft (interesting the way he admits it while denying its possibility).

Jake Edge wrote:

You have mentioned the four licenses that would take care of all open source license requirements, what is the status of those? Have you specified them somewhere so that folks can look them over, etc?

I've been giving my Open Source Governance consulting customers this for some time, minus the political discussion because it doesn't apply to them, but I haven't published it.

First, the goals:

Meet most business (and non-business) purposes of Open Source. I go into the purposes in explaining the licenses.

The licenses must be compatible with each other, so that all of your projects and their derivatives can be mixed with all of your other projects and their derivatives.

Protect yourself. The most pressing need to protect yourself, and Open Source in general, is regarding software patents. The need to protect yourself is illustrated best by the JMRI (Java Model Railroad Interface) case. The JMRI developer was using an Artistic license. A manufacturer of model railroad throttles incorporated the JMRI code into his product, and then sued the JMRI author for patent infringement, seeking to prevent that developer from distributing the Open Source to anyone who wasn't using that manufacturer's product. The case hasn't gone entirely well for the JMRI developer because the Artistic license was legally weak. So, if you don't want to be taken advantage of by unsavory characters like that, you'd better have solid patent language in your license.

Essentially, you need these licenses:

Gift: This license has essentially no strings other than protecting the developer from patent suits by his own users regarding his own software. You use it when you want people to use their software in both proprietary and Open Source code, and you don't want them to worry about the license. For example, if you are trying to push a standard API layer for some task, you might distribute the example code to handle that API under this license so that everybody can use it in both proprietary and Open Source software.

Sharing with Rules: This license acts to keep all implementations of the software free by using a strong "reciprocal" provision. If you make a derivative work, you have to give everybody the source code, and the rights to modify, redistribute, use, etc. This is a very important license for businesses that want to make money through dual-licensing, like MySQL. They have the GPL, and then a commercial license that they sell to anyone who doesn't want to have to GPL their derivative work (I'm ignoring issues of MySQL's server-client nature and how the GPL applies to that for the purposes of this example). It keeps your competition from running away with your product, by binding them to be your partner in development. In the volunteer developer community, a strong reciprocal license is often preferred by developers whose motivation is to build up Free Software rather than to assist proprietary software.

In-Between: Something between gift and sharing with rules, to require a derivative work of a module to have reciprocal provisions while allowing that work to be bound into a greater product that is proprietary. LGPL is the most-used example of this. It motivates public cooperation from proprietary developers,

Software-as-a-Service: The Affero GPL is an example of this, so is the Socialtext license. They are kludges to get around the "ASP problem", the problem of works that are derivative of a reciprocal license but are performed rather than being distributed. They help some vendors maintain a dual-licensing paradigm while producing a software-as-a-service product.

You can achieve most purposes in Open Source with this list.

The political part is which licenses you pick, not that you pick licenses to do these things. To illustrate, suppose you pick this set:

Gift: BSD
In-Between: GPL with exception.
Sharing-with-rules: GPL
Software-as-a-service: Affero GPL.

This gives you a working set of licenses, pretty compatible with each other, and the text of three of them are very similar so there are really only two licenses to understand, and they have the advantage that they are in very broad use. But some of the community are kicking and screaming because they resent and oppose the GPL and the Free Software Foundation, or something similar. And there are also the problems that BSD doesn't have explicit patent protection language, and the GPL has been criticized for legal ambiguity.

So, to resolve the legal ambiguity you go to LGPL3, GPL3, and Affero GPL3. These have been scrutinized by a committee of lawyers from many major corporations and other entities during their development, which is much more than we can say for most other Open Source licenses. So they have more legal solidity. But some component of the community is kicking and screaming even worse because they distrust the GPL3 effort.

So, you may have to use licenses that duplicate the effect of LGPL, GPL, and Affero GPL without coming from FSF, to calm down the violent opposition. You craft these licenses carefully to be compatible with the FSF ones. But now you may have had to create more licenses, and you have a new part of the community kicking and screaming because they'd rather you used the FSF ones.

And somewhere in there you have to find a version of the BSD license with better patent protection, which may get the BSD folks upset, even though you are doing this for their own protection.

So, that's the political problem. The assignment is to navigate your way through this, satisfying a lot of people but NOT getting a complete consensus. Then evangelize the result and try to gently influence people to use your minimal combination rather than all 70 licenses out there at the moment. I think it could work pretty well. Never perfectly.

Bruce Perens

---

to post comments

it just means that someone can take your code and combine it with GPLv3 code and remove the
permission that you granted.

if you just use GPLv2 (without or later) your code cannot be (ab)used this way.

believe it or not Bruce, many people aren't happy with others taking their code and putting
more restrictive licenses on the resulting work and will pick a license that doesn't allow
that

> it just means that someone can take your code and combine it with GPLv3 code and
> remove the permission that you granted.
In the combined work, yes, but in your code, no. You granted the permission to tivoize 
your code, your permission is there, latent. If I take _your_ code and put in my TiVoSX, but 
not the code that the other author does not want tivoized, it's ok. That is the beauty of the 
GPLv3+waivers:

Your code: GPLv3 + waiver tivoizing
My code: GPLv3
Combined code: GPLv3

If anyone wants to tivoize your code, _nothing_ will stop them. Your wishes regarding 
_your_ code are _always_ respected. Now, your wishes regarding _my_ code...

And that, boys and girls, is what polite people describe as proof
by assertion...

So MIT wouldn't be covered? So using X wouldn't be an approved software? Apache isn't free
either? And why not these? And at what level does OSI become irrelevant because huge sections
of what people use isn't considered open/free/libre enough? [This is the opposite of the other
question which I would say "no to: Is OSI relevant because it has accepted every license under
the sun?]

And if in the end you are elected, what then? Will you see through the entire lifetime of your
seat even if you aren't able to get enough others to vote for your views?

What I am trying to see is what is your real committment, and what are you really trying to
achieve. Is it to represent the people who sign your petition (whether they completely agree
with you or not), or is it more of a protest campaign where you are going to try and get
enough 'outrage' to set up some sort of rival organization. Not that doing so would be a bad
idea, but I would prefer to have it in the open.

Thankyou for the clarifications. And yes, we all have grown up in the last 10+ years... 

I don't know the internal structure of the FSF and how hard it is to get on the Board.

But i thought that for you the topics (e.g. license proliferation.) is the important part and
not your position in an organisation. I think you could find more like-minded people in the
FSF than in the OSI for this topic. So i think you could at least work with them together in
promoting such a set of licenses. If they will offer you a place in the board and when they
will do it depends probably on how satisfied they are with your work but this should be an
minor point, shouldn't it? It's the work which is important not the position.

> So, to resolve the legal ambiguity you go to LGPL3, GPL3, and Affero
> GPL3...

Not that I care about your quest to make OSI even more irrelevant by 
joining it, but the irony of you joining an advocacy organization is just 
too much.

You are the reason I will never write any code under GPL version 3.  
Before encountering you, I merely thought GPLv3 was a bad idea that I 
could ignore.  Your misguided and aggressive trolling of the busybox list 
(a full decade after you'd abandoned the project, never posting _once_ to 
that list until you came back as a troll) is what pushed me over the edge 
to actively work _against_ GPLv3.

These days, I license all my code GPLv2 only, the same license as the 
Linux kernel.  My code _cannot_ be used under the terms of GPLv3, and 
never will.  Although I was never likely to leave GPLv2 behind, you're the 
one who convinced me to drop the "or later".  Because you advocated for 
GPLv3 _that_badly_.

And now you want to join the board of an advocacy organization?

Dude: http://en.wikipedia.org/wiki/Dunning-Kruger_effect

So you admit that you go out of your way to oppose a license for reasons of petty spite.
That's not as impressive as you seem to think.

I thought GPLv3 was a bad idea for day 1, long before Bruce showed up.  
Primarily I thought it was unnecessary, divisive, and an order of 
magnitude more complicated than its predecessor (which is a big down side 
all on its own).  He didn't change my mind on that.  I just wasn't 
motivated to _do_ anything about it, and was happy to ignore it the way I 
ignore other licenses (like the CDDL) that I consider a bad idea.

Bruce's attempt to advocate in favor of GPLv3 failed so spectacularly it 
left me motivated to actively oppose GPLv3.  His advocacy backfired.  The 
_point_ of my post was that he's not planning to join an advocacy 
organization to increase the scope of the damage he can do, and alienate 
more people.

However, I expect the actual _effect_ of this would be to cause OSI to 
collase into complete dysfunctional irrelevance in a few years, due to 
the kind of infighting Debian suffered in the decade or so after Bruce's 
leadership of that project.  So it probably doesn't really _matter_.  I 
just found it ironic.

Yes, yes, yes.  I gathered all that from your previous rant.  I also noticed that you admitted
-- twice now -- that you were planning to do nothing about the GPLv3 until Bruce Perens ticked
you off.  I'm having trouble imagining the Free Software Foundation trembling in fear of your
wrath, but your motivation is clearly petty spite.

Since you're wandering off topic at length I'll take the liberty of debunking two of your more
bizarre distortions.  First, characterizing Perens' activity on the BusyBox list as "advocacy"
is a stretch.  As I read it he was objecting the removal of the "or later" clause from a
project based on his original work and arguments about the merits of the GPLv3 were a side
issue.  Second, Debian has had infighting for as long as it has been around.  Consider what's
going on around dpkg for a recent example.  Laying this at the feet of Bruce Perens is silly.
For someone so concerned with what makes effective advocacy, you seem blissfully unaware of the
effect all this foaming at the mouth has on your own credibility.

> I gather that you are accusing Bruce of having little knowledge while
> thinking he knows a lot.

No, I'm using the formulation that uses "skill" instead of knowledge.  
You can be a quite well-informed klutz.  Neither programmers nor lawyers 
(similar but distinct skill sets) necessarily make good good advocates 
(essentially a marketing position) or project managers.  (Heck, Transmeta 
made Linus Torvalds a manager and had people reporting to him, and by his 
own admission he sucked at it.  Open source project management and 
corporate middle management are different skills.)

Am I the only one to remember Bruce's tenure at HP?  That he was on the 
OSI board before and that the actions leading to his resignation involved 
describing Tim O'Reilley as "one of the leading parisites (sic) of the 
free software community"?  Did anyone actually read his Debian 
resignation letter (http://lwn.net/lwn/1998/0319/resign.html) in the 
context that A) none of the "more mainstream" distributions he felt 
he "should be working with" paid him any attention, and B) since then 
both Knoppix and Ubuntu have made new mainstream distributions based on 
Debian.

Looking at the past full decade of his attempts at this advocacy thing: 
he's shown much motivation, a reasonable amount of knowledge, and very 
little skill.  This has nothing to do with how well he might program.  Al 
Viro and Cristoph Hellwig are both great programmers, would either of 
them be your first choice for a public relations position?

Rob

Can't say I agree with your tone, Rob, but I do think your message has merit.  UserLinux was
another particularly salient example.