Subject: RE: ZDNet article - why attribution matters
From: "David Berlind" <David.Berlind@cnet.com>
Date: Tue, 28 Nov 2006 00:21:12 -0500

 Tue, 28 Nov 2006 00:21:12 -0500
John:

Thank you for cc:ing your response to license-discuss on ZDNet. In
response to what I've so far seen from Michael, Larry, and you, I'd like
to add my observations as an objective observer. First, I meant no
disrespect to your values, wives, or families, all of whom require
serious wage earning at some point.  I have a wife and three children. I
totally get it. I hope you understand that I am neutral to the issue of
attribution and I'm glad that my post has provoked some discussion here.
But I am not neutral to fine print issues that affect users of
technology, particularly where the fine print is missing. I  believe in
my heart that a failure to disclose the fact that an open source license
has so far not yet been approved as such by the defacto consortium to
which the open source community currently looks for such approvals,
qualifies as fine print that's missing. 

I prefer to stay out of the debate of whether attribution makes sense or
not and if it does, how much is enough. There are people here that are
far wiser than I who are obviously prepared to argue the merits of
various approaches. So, from my point of view, the line crossed has
nothing to do with your selected degree or method of attribution (eg:
pointing back to SugarCRM where no advertising exists). The line crossed
is the one where one company or organization decides it's OK to rewrite
the rules of open source or, in the case of "commercial open source" to
declare a new class of open source without seeking any consensus from
the open source community itself. One could argue that no consensus is
required before a new commercial license is written and that is of
course true. However, there isn't a self-policing community of
commercial license providers which has established to seek a standard
baseline for what it means to be commercial the way there has been for
open source.

Perhaps a consensus, when and if one is achieved, will yield a result
that's favorable to your position on the issue. But even you point out
that now that you've done it (modified the MPL), others are doing the
same. Clearly, there's no consensus on how the MPL should be modified,
or, at the very least, all those who have followed in your footsteps
would not have felt the need to write their own modifications to it.
They would have picked yours. You're clearly testing the boundaries.
That may have not been your intent. But to this independent observer,
your choice (and the choices of others) to modify the MPL without
following the community's accepted practice for making such changes, and
to continue referring to your license as an open source license
(commercial or otherwise) has tested the customs of the community. It
tests the limits of the clause in the MPL that allows for changes. It
tests the OSI's process.  

There's an old George Carlin bit where he talks about how, when he's
driving on the road, everyone going slower than him is an idiot, and
everyone going faster than him is a maniac.

There are a lot of open source developers that don't have any mouths to
feed but their own and are happy to operate within the norms of the
community. And then, there will be people who, based on the precedent
you've already set and are defending, will take it upon themselves to
cross a line that even you wouldn't dare cross in modifying an existing
open source license (while still referring to it as open source). You
and others who have already taken matters into their own hands will of
course have to remain silent. Pot, kettle, black. Think it won't happen?
Trust me. There are people who didn't think what you've done could have
happened. One day, "open source" will simply be meaningless or may even
carry negative connotations (it's possible that "free software" could
survive such a debacle, perhaps become stronger because of it).

Why do I say any of this? Here's where I hope it becomes clear that none
of what I just said is meant as a put down to you, Ross, Glenn, Scott or
the others. The net result for SugarCRM and others who believe that
associations with "open source" are positive associations for their
brands will one day find that they are associated with something that
means absolutely nothing. Or worse, something negative.

You must ask yourselves if that's what you really want.

db
-----Original Message-----
From: Michael Tiemann [mailto:tiemann@redhat.com] 
Sent: Monday, November 27, 2006 10:08 PM
To: Lawrence E. Rosen
Cc: 'John-Sugar'; license-discuss@opensource.org; David Berlind
Subject: RE: ZDNet article - why attribution matters

On Mon, 2006-11-27 at 18:50 -0800, Lawrence Rosen wrote:
> Hi John,
> 
> The issue isn't just "Why attribution matters," because it obviously
does.
> Attribution is already mentioned in lots of FOSS licenses. Attribution

> is important to every author, not just commercial ones who work for a 
> living (although most do!). Notice of authorship is so important that 
> the US Copyright Act even makes the fraudulent removal of a copyright 
> notice a criminal offense. 17 USC 506(d).
> 
> We should instead be asking: How much attribution is enough? How much 
> attribution can be demanded in an open source license?

This conflates two very important questions.

> I don't believe anyone has argued yet that Sugar's license crosses the
line.
> Most of us simply aren't sure where the line should be drawn. You can 
> legally require in a software license that licensees put neon signs on

> the highway to announce your copyrighted work, but is that open
source?

First: is it attribution?  The Creative Commons folks seem to agree that
attribution "in the manner specified by the author" is not a blank
check, and they say so in the code (but not the deed) of the license.  A
requirement for neon in attribution is not, strictly speaking, needed to
satisfy the legal requirements of legal attribution.

Second: is it open source?  Just as a lawyer cannot say for sure what
the law says until a judge renders a verdict (and even then a successor
judge can render a different judgment), the only way to know for sure
that something satisfies the Open Source Definition is to put the
license before the OSI approval process and see if it is approved by the
process.

M