Subject: Re: APL license - What about the enforced logos?
From: Rick Moen <rick@linuxmafia.com>
Date: Wed, 20 Dec 2006 19:44:58 -0800

Attempting to briefly recap some prior discussion, to confirm where we
are:

Quoting Matt Asay (mjasay@gmail.com):

> ASAY:  This would be an incorrect inference.  The OSI has made no
> official (or unofficial) decision on Alfresco or any other pixel-based
> attribution requirement.  It is therefore incorrect to say that these
> licenses are not valid.  They simply haven't been evaluated yet.

Nor _submitted_, correct?

If I understand correctly, the only thing relevant to recent discussion
that's been submitted to OSI for the licence approval process
(http://www.opensource.org/docs/certification_mark.php#approval) is a
brief memo from Mitch Radcliffe, on November 13th, 2006, asking that
the following "Generic Attribution Provision" be judged as OSD-compliant
if applied as a patch to "any 'modifiable' license" -- presumably
meaning any of the 58 approved licences on
http://www.opensource.org/licenses/ whose copyright terms permit licence
modification:

   Generic Attribution Provision

   Redistributions of the original code in binary form or source code
   form, must ensure that each time the resulting executable program, a
   display of the same size as found in the original code released by
   the original licensor (e.g., splash screen or banner text) of the
   original licensor's attribution information, which includes:

   (a) Company Name
   (b) Logo (if any) and
   (c) URL

This page at Socialtext...
http://www.socialtext.net/stoss/index.cgi?attribution_memo 
...is useful despite being heavily laden with advocacy prose, because it
includes the text of Socialtext's Generic Attribution Provision ("GAP") 
plus five Web 2.0 firms' "attribution" addenda to MPL 1.1 -- all of
those being roughly similar to each other, and all specifying far more
extensive logo requirements than GAP does:

o  Zimbra Public License
o  Qlusters Public License
o  SugarCRM Public License 1.1.3
o  Socialtext Public License 1.0.0
o  Alfresco Public License 1.0

Not yet included on that page are two other Web 2.0 firms' MPL-fork
licences:

o  Jitterbit Public License:
   http://www.jitterbit.com/Product/license.php
o  Intalio, Inc.'s pending MPL + GAP licence
   http://www.intalio.com/news/press-release/?release=20061212-OS 
   (press release)


The latter item brought this subject back to my attention, today, in my
capacity as one of the editors of the monthly online magazine 
_Linux Gazette_:  Howard Dyckoff's "NewsBytes" column in the January
2007 issue (issue #134) is slated to include this news item:

---<begin article text>---

Open Source BPM solution under MPL

Intalio has announced that Intalio|BPMS Community Edition will be
released under the Mozilla Public License (MPL) amended with the Generic
Attribution Provision submitted to the Open Source Initiative (OSI)
earlier this year.<a href="#1"><strong>[1]</strong></a>

---<end article text>---


I felt obliged to add an editorial footnote, which follows.  Any
corrections (within the next week or so) will be very much welcome.



<a name="1"></a>
<p> [1] <span class="editorial">Rick Moen comments</span>:  
The <a href="http://www.socialtext.net/stoss/index.cgi?attribution_memo">
Generic Attribution Provision</a> ("GAP") is a "badgeware" (mandatory
advertising) software-licensing clause, primarily intended for Web and
similar hosted applications, written by Mitch Radcliffe of Socialtext,
Inc.  Radcliffe submitted it as a memo to the Open Source Initiative on
November 13, 2006, asking that the OSI Board approve it as an addendum
to "any [OSI-approved] 'modifiable' licence" as being compliant with the
<a href="Open">http://www.opensource.org/docs/definition.php">Open Source
Definition</a>.  In doing so, Socialtext represents the interests of its
own Web 2.0 hosted application, and also by extension those of several
other Web 2.0 businesses:   SugarCRM, Zimbra, Alfresco, Qlusters, and
Jitterbit.  All have adopted "badgeware" addenda to the Mozilla Public
License v. 1.1 (renamed variously), to serve their business models.

<p>
Socialtext's GAP clause is as follows:

<blockquote>
<p>
Redistributions of the original code in binary form or source code form,
must ensure that each time the resulting executable program, a display
of the same size as found in the original code released by the original
licensor (e.g., splash screen or banner text) of the original licensor's
attribution information, which includes:
</p>

<p>
(a) Company Name<br>
(b) Logo (if any) and<br>
(c) URL
</p>
</blockquote>

<p>
Yr. humble servant has been part of the resulting online discussion on
OSI's license-discuss mailing list, and sees a couple of obstacles, one
large and one small:

<p>
OSD #10 ("License Must Be Technology-Neutral") is the larger obstacle:
"No provision of the license may be predicated on any individual technology
or style of interface."  GAP appears from its wording to permit creation
only of derivative works having user interfaces, i.e., it prohibits
reuse of covered code for daemons.  Some online comments from some of the
affected firms (though not necessarily Socialtext) suggest that this
<em>is</em> the purport of that clause, and is a deliberate effect.

<p>
The lesser obstacle is that the <a
href="OSI">http://www.opensource.org/docs/certification_mark.php">OSI Certified
approval process</a> vets <em>licences</em> as OSD-compliant -- and
Socialtext didn't actually submit one:  As worded, Radcliffe's memo
seems to say "Please examine all 58 OSI-approved licences to see which
of them permit textual modifications, and then consider us to have asked
approval for each of those that do, each one with our clause appended."

<p>
That procedural gaffe is not necessarily fatal to the merits of
Socialtext's proposal per se, but does make it severely out of order as
a licence proposal.

<p>
I should hasten to add that, as serious as GAP's problems are, all
of the firms' in-use badgeware clauses -- all but one listed on
the same page as GAP -- have worse ones.  Zimbra, Qlusters, SugarCRM,
Socialtext itself (in its Socialtext Public License 1.0.0), Alfresco,
and <a href="Jitterbithttp://www.jitterbit.com/Product/license.php">Jitterbit</a>
require their company logos appear on "each user interface screen" of
derivative works, not just on some "splash screen or banner text".
Further, each of those licences dictates an exact location and size
where that logo much appear on "each user interface screen".  Some of
those requirements, rather comically for a would-be open source licence,
make it physically impossible to comply if you have combined two
codebases under the same licence: e.g., SugarCRM and Socialtext specify
"the very bottom center of each user interface screen", which obviously
cannot be true of two logos at once.

<p>
In no way do I speak for Open Source Initiative, but I'd be extremely
surprised if any of those licences as presently constituted, or the
Generic Attribution Provision (as patched onto some subset of 58 extant
licences) were ever approved by the OSI Board.  Meanwhile, Zimbra,
Qlusters, SugarCRM, SocialText, Alfresco, and Jitterbit all claim in
public to publish open source software, despite having never submitted
their licences to OSI for certification and despite the doubtfulness of
their claim on its face.

<p>
(SugarCRM CEO John Roberts ignored my question of why, if his firm's
licence is open source, the 
<a href="http://www.sugarcrm.com/crm/open-source/public-license-faq.html">
SPL FAQ</a> claims it's unlawful to sell works derived from covered
code.  Matt Asay, VP of Business Development for Alfresco similarly
ignored my question of whether Alfresco would kindly suspend claims of
being "open source" until its licence gets evaluated, or at least commit
to remove that claim if its application is declined.)

<p>
SocialText even <claimedhttp://www.socialtext.com/node/88">claimed</a> last
July that its wiki software Socialtext Open was available under MPL
v. 1.1, when in fact that is simply
<a href="not">http://superb-west.dl.sourceforge.net/sourceforge/socialtext/Socialtext-Open-2.5.0.2.tar.gz">not
the case</a>.

<p>
There may be a good-faith effort at dealing reasonably with the open
source community somewhere in there, but I'm seeing little of it so far 
-- and I would caution firms like Intalio from assuming they've truly
gone open source, solely on account of Radcliffe's "submission" of GAP
to OSI's Board.



-- 
Cheers,              Never anger a bard, for your name sounds funny and
Rick Moen            scans to many popular songs.
rick@linuxmafia.com                         -- Stephen Savitzky