Subject: Certification Mark: OSI Certified
From: "Lawrence E. Rosen" <>
Date: Thu, 12 Apr 2001 12:05:57 -0700

The comments in license-discuss about the OSI certification mark, "OSI
Certified" as applied to open source software, prompted me to review the OSI
website.  Thanks to those of you who pointed out the confusing wording.  I
have submitted some changes to our webmaster to clarify.

On the page I have
requested the following changes:

   "If you want to use the OSI Certified mark on your software,
   you can do this by distributing the software with an approved
   license from the list and marking the software appropriately,..."

                 should be changed to

   "If you want to use the OSI Certified mark on your software,
   you can do this by distributing the software under an approved
   license from the list and marking the software appropriately,..."

   "You may use the OSI Certified mark on any software distribution
   that contains, and meets the requirements of, any license on the
   approved list below, or on software whose source code is explicitly
   identified as having been placed in the public domain."

                 should be changed to

   "You may use the OSI Certified mark on any software that is
   distributed under any license on the OSI approved list."

There were also a couple of questions about the certification mark that I
will try to answer.

First, the OSI Certified mark is applied to software, because software is
the "goods" that are distributed in interstate commerce.  It can only be
applied if the license under which the software is distributed is approved
by OSI.

Second, an example was given of software distributed under the MPL (an OSI
approved license) and then redistributed under another license that is not
OSI approved.  That is allowed under the MPL.  The original software is OSI
Certified Open Source Software because the MPL is an approved license.  The
redistributed software, on the other hand, is not OSI Certified.

My proposed changes to the OSI website are intended to clear up confusion
about those points.

/Larry Rosen
Executive Director, OSI

>-----Original Message-----
>From: Frank Hecker []
>Sent: Thursday, April 12, 2001 9:01 AM
>To: David Johnson
>Subject: Re: OpenLDAP license
>David Johnson wrote:
>> Okay, I see what you're getting at, and thus what Ryan was
>getting at. Some
>> of our assumptions on "what is Open Source" might not match the
>actual thing
>> itself. My assumption, at least, was that the OSI Certification Mark was
>> applied to the software, and not the license.
>The term the OSI certification page uses is actually "software
>distribution", which I interpret to mean "software as distributed". I
>think this is a better term in context than plain "software"; it
>emphasizes that what is at issue is not just the actual code itself but
>the entire "offering" to the user, including any terms and conditions
>associated with the software as distributed.
>> I wouldn't change the OSD at all.
>Nor would I.
>> But I would make it so that the software
>> itself had to comply with the OSD, and not merely its license.
>How exactly to
>> do this is another matter.  One possible solution is to add to
>the list of
>> requirements for using the Certification Mark.
>I agree that the OSI requirements for using the mark need to be
>tightened up. I won't presume to suggest how to do that. However I will
>note that doing such "tinkering" may not be as straightforward as it
>might appears. The wording of the requirements already shows evidence
>(at least to me) of some "lawyering".
>For example, note that the requirements do not state that the software
>be "distributed under the terms of" an approved license (or similar
>phrasing; they state that the mark can be used for any software
>distribution that "contains, and meets the requirements of, any license
>on the approved list ..." The MPL, for example, explicitly allows
>software executables to be distributed under a license other than the
>MPL (MPL section 3.6). So it is perfectly possible to contemplate, say,
>a binary Mozilla distribution being distributed under a license
>prohibiting redistribution of the binaries.
>As I read the OSI requirements, this distribution could still use the
>OSI mark as long as a copy of the MPL were included, directly or by
>reference (the "software distribution ... contains ... [a] license on
>the approved list"), and as long as the distribution terms were
>consistent with the provisions of MPL 3.6 and related sections (the
>"software distribution ... meets the requirements of ... [a] license on
>the approved list"). (Thus, for example, per MPL 3.6 the license for the
>binary version can't attempt to limit your rights in the source code
>version distributed separately under the MPL.)
>Incidentally, this example is not all that hypothetical. The Netscape 6
>binaries are distributed under a license that is clearly not an
>OSD-compliant license
>(it prohibits redistribution, among other things) but that does
>reference the NPL and MPL and includes notices required by NPL/MPL 3.6.
>As it happens, Netscape 6 contains some non-Mozilla code for which
>source code is not available; however if Netscape 6 contained only
>Mozilla code then I believe it would meet the OSI requirements and could
>use the mark, despite the fact that the Netscape 6 license itself is not
>an approved license.
>> > In fact, just for fun, let's say that if anyone asks me "where's the
>> > source code", I reply "Oh, you can get that. All you need to do is to
>> > send me $1M and a self-addressed envelope, and I'll send you a copy of
>> > the source." Again, were I to do this, on what grounds could
>OSI prevent
>> > me from continuing to use its certification mark to promote my
>> And what's wrong with that? If you can somehow demonstrate that
>the $1M is
>> reasonable, go for it! (If that's what M$ charges, a court could
>very well
>> agree with you) But the source code has to come with the same
>terms as the
>> binary.
>I spoiled my example. I meant to add that the terms for the source code
>would be proprietary. Thus in my hypothetical example the source code
>distribution would not be "OSI Certified Open Source Software" but the
>binary distribution would be.
>Frank Hecker            work:
>        home: