Willis: Engaging with the OSI Elections 2022.1 [LWN.net]

Nathan Willis took a long look at the Open Source Initiative's 2022 board election and wasn't entirely pleased with what he saw.

So it’s a troubling ballot to look at. There’s an ostensibly non-profit organization that’s an official OSI affiliate trying to run its CEO as an individual candidate while also running a second member (a board director) on the appropriate, affiliate ballot in the same election. There’s also two financial sponsors running candidates on the individual ballot, one of them (Red Hat) running two candidates at the same time for the two open seats.

to post comments

Willis: Engaging with the OSI Elections 2022.1

Posted May 2, 2022 3:11 UTC (Mon) by donbarry (guest, #10485) [Link] (17 responses)

As Lenin famously described the League of Nations, the OSI from the start has been a "thieves' kitchen" to oppose the GPL and FSF and to promote permissive and cooptable licenses. One of its founders, ESR, attacked the GPL as "viral" and openly redbaited its author as a communist. Is it any surprise to find corporate gamesmanship going on now?

And for the record, on March 16, 2001, ESR wrote to me responding to one of his attacks on socialism to proclaim "unrepentent socialist" == "malignant idiot", to which he appended: "I shall take an actual positive delight in doing things which will offend and enrage you. Thank you for sharing, and please know that you enjoy my deepest contempt."

These are the waters out of which the OSI emerged. They just had the guilelessness in those simpler times to be more... well, "open" about it.

Nineteen years ago, when the OSI was only five years old, the Vice President for information technology at Cornell University announced a public forum to discuss "Commercial vs. Open (and vs. Free) source" The presenters were ranking figures at IBM, Sun, Apple, and Microsoft. Not even a corporation with closer ties, like RedHat, was invited! To criticisms of the absurdly one-sided commercial stacking of the podium (and the VP had significant ties to Microsoft), several of us reached out to FSF, which agreed to send a speaker. We were wholeheartedly rebuffed.

Instead, the promise was given that "we should have another forum with the open source players as round 2" (the phrase "free software" seemingly could not emerge from his keyboard).

Well, a year later I reached out to find when this "round 2" would happen.

"Our priorities have changed..."

Willis: Engaging with the OSI Elections 2022.1

Posted May 2, 2022 4:33 UTC (Mon) by willy (subscriber, #9762) [Link] (15 responses)

How times have changed.

IBM: Bought Red Hat
Sun: Bought by Oracle
Microsoft: Has released more lines of Open Source code than any other corporation
Apple: Three out of four ain't bad!

Willis: Engaging with the OSI Elections 2022.1

Posted May 2, 2022 7:03 UTC (Mon) by gfernandes (subscriber, #119910) [Link]

Times have, indeed, changed.

But the problems haven't. If anything, the new owners are less trustworthy than the earlier status quo...

Willis: Engaging with the OSI Elections 2022.1

Posted May 2, 2022 7:55 UTC (Mon) by LtWorf (subscriber, #124958) [Link] (13 responses)

They haven't.

Microsoft made the maybe-gpl-infringing autopilot. They claim it doesn't infringe, but they also didn't run it on all the closed source projects they host, which means they know very well it's a gray area to say the least.

Microsoft (under the guise of github) advices everyone to use MIT license if they don't know which license to use.

Whitepapers are continuously written to talk about the downfall of copyleft and how most projects use MIT license. Of course they only consider github projects, which are 90% useless unfinished stuff and dwarfed by thousands of js libraries that are shorter than the MIT license itself.

It's a massive marketing effort to undermine copyleft, because for them it is convenient to be able to steal work, much less convenient when they have to release changes.

Things have changed in the sense that companies realised that downloading free stuff instead of paying developers is convenient. But they still do not like having to give back, which is why the OSI exists in the first place and why they pour money to fight copyleft licenses.

Willis: Engaging with the OSI Elections 2022.1

Posted May 5, 2022 3:16 UTC (Thu) by NYKevin (subscriber, #129325) [Link] (12 responses)

> Microsoft (under the guise of github) advices everyone to use MIT license if they don't know which license to use.

I blame the FSF for this. GPL 3 was/is a good license. Calling it "GPL 3" was a bad idea, because not everyone thinks it accomplishes the same set of goals as GPL 2 did.[1] So now we're in this weird space where:

1. I don't want to use GPL 3 (or 3+), because I disagree with some of its terms.
2. I don't want to use GPL 2+, because then somebody will fork it and re-release it as GPL 3, at which point I get no benefit from the copyleft (I can't take their changes and incorporate them back into my software).
3. I don't want to use GPL 2 "only," because then it might inconvenience someone who wants to combine my software with something that uses GPL 3.
4. Screw it, let's just use MIT. This has the same problem as (2), but at least this way there are *no* compatibility issues whatsoever (you can use it with the CDDL, you can put it in BSD without people getting annoyed, etc.). If I'm not going to gain any benefit from copyleft anyway, then why should I pay for its downsides?

[1]: https://www.youtube.com/watch?v=PaKIZ7gJlRU

Willis: Engaging with the OSI Elections 2022.1

Posted May 5, 2022 16:45 UTC (Thu) by donbarry (guest, #10485) [Link] (11 responses)

Microsoft's attacks, laundered through the OSI, predate the creation of GPL3 by eight years.

A key part of the attack on the GPL -- and the preparation for that attack -- was the awareness by Stallman that undoubtedly the playing field would shift with time and that just as proprietary software promoters have the agility to change the mechanisms by which they remove user control over software, any movement that exists within the interstices of currently existing society and its mechanisms of ownership -- those very mechanisms "hacked" by the GPL -- must have the ability to adapt to those changes.

And many changes did take place in the twenty years in which the GPL2 achieved its success. The two most notable ones were locking the software away on a server so that a user could "run" it but not possess it -- the experimental Affero General Public License of 2002 leading to the GNU AGPL3 or 2007 was the response to that -- and the "Tivoization" paradigm, which motivated the changes in the GPL3. There were also changes based on the international usage of the GPL3 to better preserve software freedoms in the international legal context.

Yes, we're aware of Torvalds' criticism of the license, as with those of others who have come to benefit substantially from the sphere opened up by GPL2. I don't begrudge Torvalds the $2 million a year income (as I might others whose relationship to software is less creative and more parasitic), but to a figure like him, a talented software architect whose greatest strength within his particular domain is his pragmatism, I suggest he's better consulted within his expertise rather than of the context that created his niche. After all, the dazzling bright lights of corporate finance even led a figure like Eben Moglen, who provided the legal language of the GPL3, astray.

Willis: Engaging with the OSI Elections 2022.1

Posted May 6, 2022 3:42 UTC (Fri) by NYKevin (subscriber, #129325) [Link] (10 responses)

> A key part of the attack on the GPL -- and the preparation for that attack -- was the awareness by Stallman that undoubtedly the playing field would shift with time and that just as proprietary software promoters have the agility to change the mechanisms by which they remove user control over software, any movement that exists within the interstices of currently existing society and its mechanisms of ownership -- those very mechanisms "hacked" by the GPL -- must have the ability to adapt to those changes.

The fact that a substantial portion of the GPL-using base migrated to MIT or slapped GPL-2-only notices on their code is, IMHO, indicative that not enough people *agreed* with y'all that this actually was the purpose of the GPL in the first place. A lot of people thought of it in the same way Linus describes (i.e. "I give you source code, you give me patches, we're even"), and it must be admitted that, at least in the short run, this position is far more pragmatically useful than vague appeals to user freedom (I can't eat user freedom, pay my bills with it, etc.). One could just as easily argue that the GPL should forbid all non-FOSS hardware, but the FSF does not do that, not for any reason of ideological purity, but because they know that most developers would run screaming in the opposite direction.

The FSF has made multiple licenses before; see for example AGPL and LGPL. Both of those existed to address specific problems, and the anti-TiVoization provisions of GPL3 could just as easily have been pushed into a fourth license. The FSF's decision to add substantive new provisions to GPL3 undermined the popularity of the main license, alienated significant portions of industry, and substantially weakened the overall appeal of copyleft in general.

In the non-software case, it's easy. I can just tell people "use CC-BY-SA if you want copyleft, or CC-BY if you don't." But because the FSF decided to sabotage its own license, my software recommendation has to be reduced to "use MIT if you don't want copyleft, $DEITY help you if you do."

Willis: Engaging with the OSI Elections 2022.1

Posted May 6, 2022 7:37 UTC (Fri) by Wol (subscriber, #4433) [Link]

> The FSF has made multiple licenses before; see for example AGPL and LGPL. Both of those existed to address specific problems, and the anti-TiVoization provisions of GPL3 could just as easily have been pushed into a fourth license. The FSF's decision to add substantive new provisions to GPL3 undermined the popularity of the main license, alienated significant portions of industry, and substantially weakened the overall appeal of copyleft in general.

The two problems I see in the "GPL 2 or 3" are the bug in 2 where, if you put the source and binary in two separate tarballs on a website, it triggers the "you have to provide source for three years", and all the *patent* language in a *copyright* licence in 3.

So yes I think a new version was needed, but it should have been a bugfix, not all this extra patent/tivoisation/whatever changes.

Cheers,
Wol

Willis: Engaging with the OSI Elections 2022.1

Posted May 7, 2022 1:14 UTC (Sat) by pabs (subscriber, #43278) [Link] (8 responses)

AFAIK, nothing in the GPL requires giving back patches, only giving patches forward, so I wonder where "I give you source code, you give me patches, we're even" came from.

Willis: Engaging with the OSI Elections 2022.1

Posted May 7, 2022 21:40 UTC (Sat) by NYKevin (subscriber, #129325) [Link] (7 responses)

It came from the practical reality that giving patches forward *is* giving patches back, unless your name happens to be "Grsecurity." To the best of my knowledge, almost nobody else tries to enforce that distinction in practice, and Bruce Perens has opined[1] that Grsecurity may be a GPL violation specifically because of this enforcement.

(I have no opinion on that. Read Perens's blog post and come to your own conclusions.)

[1]: https://perens.com/2017/06/28/warning-grsecurity-potentia...

Willis: Engaging with the OSI Elections 2022.1

Posted May 8, 2022 2:03 UTC (Sun) by pabs (subscriber, #43278) [Link] (6 responses)

The GPL certainly doesn't require patches to be sent anywhere by end recipients, so no, it is only through knowledge of open source ideas/principles, knowledge of software development and a culture of upstreaming patches that code gets back to upstream. Even when patches that are publicly available, it is often unlikely downstream users will bother sending them upstream and often unlikely that upstream will look outside their own upstream patch submission process for changes. There are myriad patches available for Linux that no-one is bothering to upstream and upstream isn't bothering to look at either. I haven't heard of downstream distro users looking at publicly available distro patches and sending them upstream. There are also situations (like the app stores) where almost all users aren't developers and so they will ignore the source even where it is available to them. If the users have the code aren't willing to share, of course there is always the possibility that upstream can become a direct downstream recipient, but that possibility isn't required by the GPL either.

Re Grsecurity, I think Perens' argument is a bit of a stretch but that either way, what Grsecurity did is reprehensible and contrary to FLOSS culture.

It is interesting that there is also a bit of a loophole in the grsec situation; if you are a vendor who distributes grsec on devices to users, you are required under the GPL and allowed under the grsec contract to give the code to those users, who can then (if they are inclined to, see the first paragraph) turn around and send that code upstream or make it public. The grsec code has been leaked once before, but the loophole would in theory allow that to happen for every version.

Willis: Engaging with the OSI Elections 2022.1

Posted May 8, 2022 22:59 UTC (Sun) by johannbg (guest, #65743) [Link] (5 responses)

How does the situation look for vendors that upstream everything?

I mean if I as a vendor have a product that runs unmodified upstream code like for example the linux kernel could I not just as well just forward users to kernel.org to fetch the source of the kernel from there or am I forced to download the source and give it to end users?

Let's say the entire grsec product is entirely based on upstream without any local patches ( all patches are forwarded upstream ) and the secret of the product is how those upstream bits are assembled together and configured, would you have to share the assemble process and configuration since you are not modifying the source in any manner or would such an act be considered an modification?

Willis: Engaging with the OSI Elections 2022.1

Posted May 9, 2022 1:38 UTC (Mon) by pabs (subscriber, #43278) [Link] (4 responses)

If you've upstreamed everything, then you are taking the unmodified upstream source, building binaries from that, installing the binaries on the device and then redistributing those devices containing the GPLed binaries. GPLv2 §3 covers binary distribution and gives 3 options for the source a) distribute source with binaries b) distribute offer for source with binaries (for at least 3 years) c) distribute someone else's offer for source you received (not allowed in commercial situations). So it sounds like if you think kernel.org would last at least three years, you could just link to the relevant commit/tag/tarball on kernel.org for your source distribution requirements. Otherwise, distribute source on the same storage as the binaries, or on external storage distributed in the same package as the device.

https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html
https://copyleft.org/guide/comprehensive-gpl-guidech6.htm...

The GPL requires info on how to build, install and run the same binaries (modulo build determinism bugs) as the vendor distributes; this is known as "complete and corresponding source" (CCS). Basically, users should have the same access to the GPLed work as the vendor, so if the vendor can do something, the user should be able to as well (modulo skill levels). I assume that this would include the exact Linux kernel build config that you used, maybe some info on which toolchain versions you used etc. Perhaps the vendor in question also upstreamed their buildconfig as a defconfig for the device, telling users to use that seems fine. The Copyleft Guide has a few different sections dealing with CCS for GPLv2 and GPLv3 in more detail.

https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html
https://copyleft.org/guide/comprehensive-gpl-guidech6.htm...
https://copyleft.org/guide/comprehensive-gpl-guidech16.ht...
https://copyleft.org/guide/comprehensive-gpl-guidech10.ht...
https://sfconservancy.org/blog/2021/mar/25/install-gplv2/
https://sfconservancy.org/blog/2021/jul/23/tivoization-an...

Willis: Engaging with the OSI Elections 2022.1

Posted May 9, 2022 7:08 UTC (Mon) by johannbg (guest, #65743) [Link] (3 responses)

If the GPL requires info on how to build, install and run the same binaries when it leaves the company it requires access to the entire process the src was built on that means access to internal processes like the build system, the repositories the company used ( to understand the modifications that the company made, to be able to duplicate them etc).

Which brings us to Red Hat and it's obfuscation back in the day when RHEL 6 got released in which Red Hat deliberately withheld information that was previously part of the sources they released thus it violated the GPL did it not?

Willis: Engaging with the OSI Elections 2022.1

Posted May 9, 2022 8:06 UTC (Mon) by mjg59 (subscriber, #23239) [Link] (2 responses)

The RHEL 6 kernel SRPM could be rebuilt into an equivalent binary by anyone. I think the refusal to provide split out patches was an astonishingly dick move, but I don't think there's any real argument that it violated the GPL.

Willis: Engaging with the OSI Elections 2022.1

Posted May 9, 2022 13:05 UTC (Mon) by johannbg (guest, #65743) [Link] (1 responses)

Well you know as well as I do that many upstream projects ( if not all of them ) only distribute patchless tarballs ( which arguably is becoming obsolete in these days as in distribution in form of tarballs ) because that's how development is done in real life so from that standpoint Red Hat's move was no more or less a dick move than how upstream more or less does things ( more inline with it if anything ).

Now if the GPL is forcing companies to release their internal processes along with the source code as is implied in another response ( how builds were configured, changelog/changelog history, broken out patchset if applied on top of upstream etc ) that's entirely a different thing and directly affects upstreams themselves ( upstreams themselves could be violating the license they chose for their project ) then there is the "preferred form for modification" which means what and to whom, upstream,vendor,consumer even the courts could be putting their own meaning into that.

In the end of the day most if not all upstream wants is to get fixes/features back upstream. an no license will achieve that, on the contrary it might have the opposite effect ( the stricter the licence, the harder it twists peoples/vendor arm. the less likely people/vendors contribute upstream ).

Willis: Engaging with the OSI Elections 2022.1

Posted May 10, 2022 2:32 UTC (Tue) by pabs (subscriber, #43278) [Link]

RH's actions are a dick move because they made something secret that should have been public all along and should still be. TBH their special versions of the Linux kernel shouldn't really exist, they should be using the upstream LTS versions and maybe collaborating with CIP if they want extremely long term LTS versions.

The GPL doesn't force companies to release their internal processes; only enough so that a user can rebuild the code.

The license doesn't factor into sending code back upstream for me; I will always do it because then I don't have to rebase local patches continuously. The same should apply in companies; forwarding bugs and patches upstream is way more efficient, even when you have automated the rebase/rebuild process. I've successfully applied this argument at work too and management agreed.

Willis: Engaging with the OSI Elections 2022.1

Posted May 2, 2022 5:49 UTC (Mon) by oldtomas (guest, #72579) [Link]

Thank you.

I wanted to post something, but it turns out you've expressed most of it in a better way I could ever have.

The OSI was for me an industry consortium, right from the beginning. And if there's something this kind of industry fears, it's their user's freedom. Beware!

I can only add: OSI is the single entity which has done most to discredit the term "open source" with me.

Willis: Engaging with the OSI Elections 2022.1

Posted May 2, 2022 10:19 UTC (Mon) by kpfleming (subscriber, #23250) [Link] (25 responses)

It's unfortunate that Nathan chose to misrepresent my candidacy in spite of my responses to his questions on the OSI candidacy page.

I am employed by Red Hat, but my candidacy was completely unrelated to my role at Red Hat.

Willis: Engaging with the OSI Elections 2022.1

Posted May 2, 2022 10:28 UTC (Mon) by mjg59 (subscriber, #23239) [Link] (13 responses)

I'd say as someone who disagrees with Kevin on a whole bunch of things, I absolutely trust him to represent himself rather than his employer. The unfortunate reality right now is that anyone who actually understands free software is likely to end up employed by a small number of companies who fund free software - if we insist that they can only represent their employers then we force people to choose between, say, paying their mortgage or ideological purity. As someone who's largely in favour of ideological purity but who also exists in capitalism, I don't have a great answer for how we define separation of concerns other than through trust of individuals.

Willis: Engaging with the OSI Elections 2022.1

Posted May 2, 2022 11:37 UTC (Mon) by marduk (guest, #3831) [Link] (6 responses)

(Pretending not to notice the small distance between posting times and subscriber #s)

> The unfortunate reality right now is that anyone who actually understands free software is likely to end up employed by a small number of companies who fund free software

I think I may be misunderstanding this statement. To me it sounds like a) there are but a few people on this planet who "understand" free software and b) those people likely work for a big funder "free software".

Is that what is being said and do you *actually* believe that? If so, how did you come to that conclusion?

Willis: Engaging with the OSI Elections 2022.1

Posted May 2, 2022 12:15 UTC (Mon) by tialaramex (subscriber, #21167) [Link] (3 responses)

I'd add the constraint that some people who understand (like me) do not have time for this, and big Free Software funders are more likely to allow their employees to carve out time for such work (I don't know if Red Hat do so) and so yeah, the typical "independent" candidate is much more likely to be from these companies.

Similar to how reliably lots of the people at a physical IETF event are employees of US "Big Tech" companies, compared to say, big pharmaceutical companies, or banking - because many those tech companies allow their employees to take time to do this, trusting that if you've got (say) three Google people in the room, that room is unlikely to design a new protocol that's completely unworkable for Google. As EDCO discovered there's no benefit to just sending people to the IETF to have more bodies in the room "on your side" though.

Now, I assume OSI is ultimately some sort of corporate entity, with voting and so on, and so it actually could make sense to have people "on your side" there, but also this makes it much less important who controls it. Ultimately this was never a "community" thing so it's a creature of the entities that control it.

I don't remember what my subscriber number is, and I hope that the fact it took me over an hour to respond to you somehow lays your mind to ease in that regard.

Willis: Engaging with the OSI Elections 2022.1

Posted May 2, 2022 12:39 UTC (Mon) by LtWorf (subscriber, #124958) [Link]

How likely are people to directly vote in contrast to the interest of their employer when they are attending such board activities while on the payroll of their employer and know that voting in such manner is likely to compromise their future career advancements at least?

Can we all agree that the conflict of interest does exist in principle?

In reality, in this specific case, I agree it's meaningless because the OSI exists solely to do the bidding of the industry sponsors, so it doesn't really matter.

Willis: Engaging with the OSI Elections 2022.1

Posted May 3, 2022 8:22 UTC (Tue) by pbonzini (subscriber, #60935) [Link] (1 responses)

> I don't know if Red Hat do so

That depends in general, but there is one important thing that Red Hat promises their employees: "Participation in an open source community project, whether maintained by the Company or by another commercial or non-commercial entity or organization, does not constitute a conflict of interest even where you may make a determination in the interest of the project that is adverse to the Company’s interests".

Willis: Engaging with the OSI Elections 2022.1

Posted May 3, 2022 9:27 UTC (Tue) by gioele (subscriber, #61675) [Link]

> That depends in general, but there is one important thing that Red Hat promises their employees: "Participation in an open source community project, whether maintained by the Company or by another commercial or non-commercial entity or organization, does not constitute a conflict of interest even where you may make a determination in the interest of the project that is adverse to the Company’s interests".

For the record, that quote is from RedHat's "Code of business conduct and ethics" [1], one of their official "Policies and guidelines" [2], not from a random blog post. So, definitely "a promise with teeth".

[1] https://www.redhat.com/licenses/RH_CoC_2_2022_Eng_Externa...
[2] https://www.redhat.com/en/about/all-policies-guidelines

Willis: Engaging with the OSI Elections 2022.1

Posted May 2, 2022 18:32 UTC (Mon) by mjg59 (subscriber, #23239) [Link] (1 responses)

> (Pretending not to notice the small distance between posting times and subscriber #s)

It's pretty easy to determine that Kevin and I are distinct individuals

> Is that what is being said and do you *actually* believe that?

I didn't make that point terribly clearly, let me try again. The set of people who are in a good position to devote a meaningful amount of time to speaking about and advocating free software is a set of attractive recruitment targets for a relatively small number of companies who are willing to pay to have that expertise, and unsurprisingly many of them accept.

Willis: Engaging with the OSI Elections 2022.1

Posted May 2, 2022 23:48 UTC (Mon) by marduk (guest, #3831) [Link]

> It's pretty easy to determine that Kevin and I are distinct individuals

Sorry about that. It wasn't my intention to imply that you were the same individual but, in retrospect, I guess when you see people say things like that it's usually what's being implied.

Also thanks for your clarification. It did sound to me at first you were saying that only those in those positions had an understanding of what free software was. The way I think about it is like: there are TV preachers and then there's the preacher at your local church. The one at your local church may have more knowledge of the subject and be closer to the community than the one on TV; it's just that the capacity for TV preachers is relatively small. And yeah the ones on TV typically wear the fancier attire.

Willis: Engaging with the OSI Elections 2022.1

Posted May 2, 2022 13:16 UTC (Mon) by ballombe (subscriber, #9523) [Link] (3 responses)

> if we insist that they can only represent their employers then we force people to choose between, say, paying their mortgage or ideological purity.
The issue we can we can only expect then not to represent their employer if they are willing to support opinion that can get them fired. If their interest are 100% aligned with their employer, what do they bring ? If they are afraid to support different position than their employer, what do they bring ?

Working for IBM,MS,Apple is a choice. It pays better than smaller organisations but it still a choice. You cannot have your cake and eat it too.

Willis: Engaging with the OSI Elections 2022.1

Posted May 2, 2022 19:29 UTC (Mon) by Wol (subscriber, #4433) [Link] (2 responses)

And what's YOUR employer's position? I don't know who they are, I certainly couldn't state my employer's position, and I know we've got Ubuntu workstations all over the place (I don't have one).

Employers probably have at least as many positions as they have senior managers (or more, or less if said managers don't give a damn).

At the end of the day, if you stand up for what you think is the best decision, and you've got decent managers who support you, then you're extremely unlikely to get fired for such a decision. And if you do get fired, well, if you've got a decent reputation you're liklely to find another job easy enough.

Cheers,
Wol

Willis: Engaging with the OSI Elections 2022.1

Posted May 3, 2022 7:56 UTC (Tue) by ballombe (subscriber, #9523) [Link] (1 responses)

> And what's YOUR employer's position?

When your employer has an affiliate seat on the OSI board, you can find out its position if you want to. That is what we are talking about.

Willis: Engaging with the OSI Elections 2022.1

Posted May 5, 2022 14:25 UTC (Thu) by jberkus (guest, #55561) [Link]

Just to be clear, for-profit corporations cannot have affiliate seats in the OSI. Affiliate seats are only for other non-profits.

Willis: Engaging with the OSI Elections 2022.1

Posted May 4, 2022 21:56 UTC (Wed) by bkuhn (subscriber, #58642) [Link] (1 responses)

mjg, I think it has become increasingly difficult for employees to avoid the influence of their employers — particularly in the USA. Fear of losing your job in the USA usually means fear of losing your healthcare coverage (if you're under the age of 65, anyway), and lack of a social safety net means that unless you're given an extremely high salary and/or don't have a young family to support, losing your job could mean disaster. It's hard to blame anyone (at least, anyone not in a management role) in this situation for being afraid to rock any boats in directions that their employer won't like. It's not direct control, I don't think, but a chilling effect on ideas that an employer would dislike.

I don't necessarily believe that most folks on the OSI Board are primarily representing their company's views: at least, I am sure that most of them don't intend to do that. I'm reminded of something Barney Frank (a former member of the US House of Reps) said about lobbyist influence. He argued that most politicians aren't corruptly taking directions from the lobbyists. Rather, Frank argued, politicians spend so much of their time talking to lobbyists and hearing what the lobbyists problems are, that it is very easy to believe that those problems are the primary ones faced in society.

I think we have a similar phenomenon in FOSS generally, but the OSI leadership has historically been ground zero for this problem. Most of the people on OSI's Board spend the majority of their time talking to large companies (and their attorneys) about what those people want from “open source”. Unsurprisingly, the OSI has almost always represented primarily the concerns and interests of large companies, and still leans in that direction today.

I believe rfontana when he says (downthread) that IBM's Red Hat didn't plan any influence that they have over the OSI, but I'm sure that management at these companies are quite pleased when their company's representatives get elected. The company's management know they have someone in a key position, and that person is more likely than not to prioritize for-profit corporate concerns over those of individual FOSS users.

I really thank n8willis for doing investigative journalism of this nature. It's a wonderful contribution. I do want to note, as I didn't see it raised elsewhere in the thread, n8willis' article hints that OSI owns a trademark on “open source” (saying that “open source is OSI's property”), but they don't: “open source” is a generic term on which no one holds trademark. (OSI tried at one point to trademark the term in the field of software, and the USPTO rejected the application, so the story goes; if anyone knows how to search the UPSTO site for dockets of failed applications, I'd appreciate it).

Also, I noticed n8willis left out one key point that I think is highly relevant when considering OSI elections. The election results are not binding on the OSI Board; the OSI Board has the right to reject the election results and appoint whomever they like. (To my knowledge, they have been following the election results since the inception of elections, which is itself relatively new in their history.)

Oh, and I can't help but adding this anecdote: I was a guest observer at one of the earliest OSI Board meetings (I think it was the late 1990s, but 2002 at the very latest) where the Directors were first considering a program where by those who gave money to the organization could vote for directors. The idea was quickly rejected for one key reason: someone said “if we allow people to pay money to become members, Microsoft will just fund folks to become members and vote in candidates that they like”.

Willis: Engaging with the OSI Elections 2022.1

Posted May 9, 2022 13:19 UTC (Mon) by cyborglawyer (subscriber, #136323) [Link]

I don't think this is quite right, which may just be the way you wrote your comment (in part maybe because your knowledge of OSI has been collected over so many years and much of what you are talking about relates to board members that have not served in a long time).

As a 501c3 org in the US, board members have a duty of care and a duty of loyalty to the organization. So where the interests of OSI would not align with the interests of a director's employer, they would need to resolve the conflict (perhaps by recusing themselves from the discussion) regardless of whether there is a formal conflict of interest policy. While this does not protect the org from an unethical director's bad behavior, the individual's obligations should be clear.

I do agree that there is a subtle influence that an employer has over its employees, which is a problem for any organization with a volunteer board of directors where those directors are often working full time for for-profit companies. This is often a worthwhile bargain; while those employers would have some confidence that their issues won't be completely ignored, the legal duties of a director should provide the structure to keep those interests in their place.

I applaud OSI for moving to shift their funding towards individual members which diversifies them away from reliance on corporate interests and to involve other nonprofit organizations in their governance via the affiliate members. The mechanism where the board implements the election also provides a failsafe that is available in the instance they realize that a bad corporate actor is trying to take control of the org through purchasing memberships (as you point out). Additionally, employment of an Executive Director helps to keep the org focused on its mission, in contrast to relying on a working board of directors who may be distracted by their employer's needs.

I also applaud Nate for digging into this (I wish LWN and others could be funded to do serious investigative journalism on many issues), but I don't really agree with his determination that the way that OpenUK's candidates were put forward was necessarily unethical. While it's true that as CEO, Brock would have known that another candidate was put forward, it's possible that she felt her participation in the board would reflect priorities consistent with the individual members rather than the affiliate organizations.

Willis: Engaging with the OSI Elections 2022.1

Posted May 2, 2022 13:18 UTC (Mon) by n8willis (subscriber, #43041) [Link] (10 responses)

Well, Kevin, as it says at the bottom of the post (and I suppose less-clearly in the title), that was just part one (which looked just at the structure of the board and the various constituencies), and part two will deal with the questions I asked and the replies.

I didn't know Jon was going to post a link to part one before I had written part two. I think that whenever I get around to completing part two, you will see that I was happy to read your reply and I felt like the question was answered satisfactorily. But as for passing judgement based only on part one, I hope you'll reconsider whether I misrepresent the encounter when I've finished writing up the full tome. I didn't expect it to be "news," since it's primarily for my own future reference and a means to procrastinate from my other obligations....

So, it's just my chronological account of the experience; spoiler alert, I thought your answers were fine; and I had no reason to anticipate it getting reposted here at this stage of the process.
Nate

Willis: Engaging with the OSI Elections 2022.1

Posted May 2, 2022 13:21 UTC (Mon) by n8willis (subscriber, #43041) [Link] (9 responses)

> before I had written part two

(Just to clarify ever-so slightly: I had no idea Jon would ever post any links to the post or post-series, regardless of how many installments I completed.)

Nate

Willis: Engaging with the OSI Elections 2022.1

Posted May 2, 2022 15:05 UTC (Mon) by kpfleming (subscriber, #23250) [Link] (8 responses)

Thanks Nate. I think the primary issue I have is with the language:

"one of them (Red Hat) running two candidates at the same time for the two open seats."

Red Hat did not ask me to, nor even participate in my decision to, nominate myself for the OSI board. While I can't speak for Josh Berkus, I suspect the situation is the same for him. At best, there may have been an internal notification to let others know that we planned to nominate ourselves.

If your goal was to let the reader know that it *appeared* that Red Hat was attempting to present two candidates for the board, then using less conclusive/absolute language would have avoided the concern in my mind.

Willis: Engaging with the OSI Elections 2022.1

Posted May 2, 2022 15:50 UTC (Mon) by n8willis (subscriber, #43041) [Link] (1 responses)

Luckily, I'm no stranger to having LWN commenters lambaste my phraseology.

Nate

Willis: Engaging with the OSI Elections 2022.1

Posted May 5, 2022 22:51 UTC (Thu) by jschrod (subscriber, #1646) [Link]

Well, a comments like that is not a good answer to 2 persons telling you that you did misrepresent them.

FWIW, as somebody not involved in OSI - and even not interested in OSI, I publish my software under GPL - their comments are more believable than your snide comment, looking from the outside.

Willis: Engaging with the OSI Elections 2022.1

Posted May 2, 2022 19:21 UTC (Mon) by rfontana (subscriber, #52677) [Link] (4 responses)

Nate, I thought this essay made some good points which I hope the OSI will read. But I also took issue with the "Red Hat running candidates ... " phrasing since it sounds like you're asserting someone at Red Hat must be recruiting Red Hat employees to run for the OSI board or directing such efforts. This is very much not the case. I don't think even Kevin's reference to a possible "internal notification to let others know" has typically occurred in the several cases over the years in which Red Hat employees (including, a few times, me) have run for OSI board seats.

Willis: Engaging with the OSI Elections 2022.1

Posted May 2, 2022 23:36 UTC (Mon) by JoeBuck (subscriber, #2330) [Link] (1 responses)

I trust the integrity of the candidates who work for Red Hat. Nevertheless, since the structure of the board is that institutional members are guaranteed half of the seats, it seems problematic if employees from those companies also hold the "individual member" seats. That seems to be the objection here, and unless there are no qualified outside candidates it seems a fair objection to me.

We had a similar issue when we started EGCS; we wanted to make clear that this wasn't just Cygnus (and later Red Hat) taking over GCC, so it was agreed to limit the number of steering committee members from any one company, regardless of how independent of management they pledged to be. If the intent of the board structure is that people other than the institutional members are represented, then maybe that should be taken into account.

But perhaps this doesn't really matter if the intent is that OSI is run by its institutional members; I'm not clear on what OSI is doing lately and how much the board contributes to that.

Willis: Engaging with the OSI Elections 2022.1

Posted May 3, 2022 0:28 UTC (Tue) by rfontana (subscriber, #52677) [Link]

Just to clarify, the OSI does not have board seats for corporate sponsors (Red Hat is a corporate sponsor). The OSI holds board seat elections for representatives of individual members and affiliate members. The affiliates are all nonprofit organizations.
See: https://opensource.org/osi-affiliate-membership

Willis: Engaging with the OSI Elections 2022.1

Posted May 3, 2022 10:42 UTC (Tue) by n8willis (subscriber, #43041) [Link] (1 responses)

Hi Richard,

> it sounds like you're asserting someone at Red Hat must be recruiting

No no; I publicly promise that if I wanted to say that I'd just have done so.

Although there's only so many ways to arrange them in a sentence, and, if we're getting right down to the nitty-gritty, the post does use "two RedHatters running" construction more times than it uses "Red Hat running two."

But you're certainly free to like or not like any phrasing. That's fine with me.

Besides, if we're headed in the territory of conjecturing what a hypothetical reader would misinterpret, I can think of a lot more interesting variations. And, like I said in my reply to Kevin, that post is just issue-framing stuff, and the notly-anticipated, edge-of-your-seat sequel is where I'd get into actually tacking the questions themselves. Whenever I can get that done.

Nate

Willis: Engaging with the OSI Elections 2022.1

Posted May 3, 2022 22:13 UTC (Tue) by beagnach (guest, #32987) [Link]

>> it sounds like you're asserting someone at Red Hat must be recruiting

> No no; I publicly promise that if I wanted to say that I'd just have done so.

Actually, based on the excerpt from the article used here it did look to me like that's what you were saying (Red Hat recruiting etc)

> So it’s a troubling ballot to look at... There’s also two financial sponsors running candidates on the individual ballot, one of them (Red Hat) running two candidates at the same time for the two open seats.

First impressions matter.

Willis: Engaging with the OSI Elections 2022.1

Posted May 5, 2022 14:38 UTC (Thu) by jberkus (guest, #55561) [Link]

I've been on License-Review for 20 years, though 5 different employers, and had discussed joining the Board with Russ Nelson even before that.

The only way in which Red Hat influenced my choosing to run for OSI is that here I get to participate in OSI while on work time, which wouldn't have been true with some of my other employers (this is the problem that Bradley mentions above, but it's a common problem all over open source, not just with the OSI).

And I found out that Kevin was running when the list of candidates was published, not before.

I remember ICANN

Posted May 2, 2022 16:43 UTC (Mon) by mtaht (guest, #11087) [Link] (4 responses)

Nearly every democratically founded org that I once had hope for has ended up being dominated by those with the time to make it their own. I still remember the hopes, dashed less than 2 years later, in the global election we held for ICANN, with every attempt karl auerbach made to open it up being shut.

https://archive.icann.org/en/membership/archive1/msg00168...

Perhaps we should not put faith in institutions, but ourselves.

I remember ICANN

Posted May 2, 2022 18:01 UTC (Mon) by brunowolff (guest, #71160) [Link] (3 responses)

I voted for Karl in that election and used to regularly read his blog about what shady stuff ICANN staff was up to.
He (and the european rep to a lesser extent) had one big affect on ICANN. They didn't let regular internet users ever vote again after none of their compliant candidates won in europe and north america.
ICANN is still doing shady stuff. Not too long ago they were trying to approve the sale of the non-profit registry for .org to a for profit org that was using suspicious financing for paying for the transaction, that suggested that what they were saying their policies were going to be, wasn't true. Fortunately that was averted by some public campaigning by the users of .org domains.

I remember ICANN

Posted May 3, 2022 9:58 UTC (Tue) by nix (subscriber, #2304) [Link] (2 responses)

to a for profit org that was using suspicious financing for paying for the transaction

... that had only just been founded and that was owned in a not-very-well-concealed fashion by people high up in ICANN (who had been parachuted in there). All pretty brazenly so he could make a pile of money off the general public and nonprofit orgs, and all feeling quite thoroughly covered in slime. It only really had a chance of success as long as it didn't hit the press.

I remember ICANN

Posted May 3, 2022 22:16 UTC (Tue) by beagnach (guest, #32987) [Link] (1 responses)

> All pretty brazenly so he could make a pile of money off the general public

Is it possible to say who"he" is?

I remember ICANN

Posted May 4, 2022 0:28 UTC (Wed) by brunowolff (guest, #71160) [Link]

https://www.theregister.com/2019/11/20/org_registry_sale_... mentions a few names.