Subject: Re: Assistance/advice in choosing a license for POV-Ray 4.0
From: Chris Cason <ccosilist@povray.org>
Date: Sun, 13 Nov 2005 14:04:03 +1100

Chris Cason wrote:
> I also have some personal comments that I'll post as a separate message
> so as not to intersperse them with this message (which I post as the
> representative of the team).

And those comments follow below. When reading these you might come to the
conclusion that I am a very cynical person who believes commercial
vendors are just out to rip off free software. However my approach to the
license issue is based mostly on actual events; I've been with the
project for more than a decade and have seen examples of both outright
ripoffs of our code in commercial apps and also examples of folks who
manage to tip-toe around the wording of the license in order to do
something we clearly did not intend to allow (such as selling POV-Ray)
but manage to get away with it because of some small loophole.

I don't believe *all* commercial vendors are like this. However the fact
that even a very small minority are means we need to consider what they
would be able to 'get away with' in respect of each license we look at
using. We are aware of the fact that no matter what we do, someone will
probably find a way to cheat the system. However, that doesn't mean we
want to make it easy for them.

With respect to the CDDL (and similar licenses that require release of
modified source, but not the entire app), I have concerns about how
efficient that requirement is in terms of getting code back into the
hands of the community, in those cases where the vendor doesn't want to
do so. It may be that with different types of software the below will be
less of a concern, however due to the modular nature of a raytracer
(which is easily used as a library), it's possible (and in fact often
desirable) to add non-trivial new features into separate files.

My concern is this: if a vendor who takes CDDL source code and puts it
into their own project doesn't want to comply with the spirit of the
source release requirements - and will therefore only follow the letter
of them - what is there to stop them putting virtually all new code they
add (barring perhaps one-line changes) into separate files, and simply
adding calls to those files from the original source ?

As I read it they would not have to release any of the new files they
write, provided that they do not contain any CDDL-licensed code. In that
case what they do release would be for the most part the original code
with a bunch of callouts added, but no source for the target functions.
The code thus released would not even be usable!

Of course I can see a valid reason for this in a limited sense; for
example if a company added a new, highly-advanced fur shader, they may
consider their algorithm or implementation a trade secret and not want to
release the enhancement. To an extent I can understand that and overall
while I would of course like to see such code released at some point, I'm
not totally opposed to it remaining internal.

However if a vendor chose to take this approach simply to avoid releasing
*anything* useful to the community (and therefore their competitors), the
question is, can anything be done about it ? And if not, then at least in
the case of software such as ours, is there any point in having it as a
requirement at all ? What could it be replaced with that *would* work ?

regards,

-- Chris