There was a time when the OSI (Open Source Initiative) was one of the hotbeds of open source activity. After the retirement of its co-founder and leader, Eric S. Raymond, in January 2005, the OSI lost much of its fire. That may be changing soon, though.
An investigation by Linux-Watch has found that there is still heat in what appeared to be the organization’s quiet ashes.
What’s the OSI? Basically, the non-profit OSI, founded in 1998 by Raymond and others, was formed for the purpose of “managing and promoting the Open Source Definition for the good of the community, specifically through the OSI Certified Open Source Software certification mark and program.” In short, the OSI was traditionally the group that decided whether a license is true-blue “Open Source” or not.
Under Tiemann’s leadership, the OSI decided to cut back on what Danese Cooper, Intel’s senior director of open-source strategy and secretary/treasurer for the OSI, called the ungoverned growth of “vanity licenses.” Companies did this because they all wanted one of their own. The overall effect of all these vanity licenses was they were seldom reused and there was “not much true community around those vanity projects,” according to Cooper.
In April of 2005, the OSI followed up on this by adopting a new way of approving open-source licenses and a classification system for existing licensees. With these new rules, “Approved licenses must meet three new criteria of being a) non-duplicative, b) clear and understandable, and c) reusable.” Under the new classification system, the OSI “will be moving to a three-tier system in which licenses are classified as preferred, approved or deprecated.”
The point of these changes was to “promote unrestricted reusability of code.” As it was, the OSI felt that “license proliferation has become a significant barrier to open source deployment,” In particular, “The class of asymmetrical, corporate licenses that began with Mozilla was a worthy experiment that has failed. The new policy will discourage them.”
The immediate effect of these changes was that a few companies, notably Intel and Sun, killed off two of their little-used open source licenses. After that, things got very quiet. The OSI Web site, for example, hasn’t had its news updated since July 27, 2005.
At the same time that the OSI appeared to be going into hibernation, a new flurry of MPL-based (Mozilla Public License) licenses appeared. SugarCRM, Socialtext, Scalix, and Zimbra have all created their own derivatives of the MPL. None of these licenses have been approved yet by the OSI. In the case of Scalix, it’s not clear that OSI approval has even been sought.
In addition, several of these licenses require developers to use “badgeware,” a prominent display of the company’s chosen logo, if they use the code. In SugarCRM’s case, that’s a “Powered By SugarCRM” logo that must be at least 106 x 23 pixels in size. This, in turn, must link to the SugarCRM open-source site.
Are these new-model MPL-based licenses really open source? Is badgewear an acceptable addition to an open source license? Some observers, such as David Berlind of ZDNet, wonder if these licenses aren’t abusing the term, “open source.” According to the OSI, the OSI must approve them before they can really be open source licenses.
Meanwhile, back at the OSI…
It turns out that the OSI is alive and well, but they’ve been rather quiet. According to Raymond, who is back to working with the board, “SugarCRM’s license is in our approval process right now. We’re aware of Zimbra. Scalix is new on the radar.”
In addition, “The license-proliferation committee has turned in its report. We announced this months ago — I think at OSCON 2006 — and held an open meeting with a bunch of corporate stakeholders at OSBC (Open Source Business Conference). As a result, somewhere around a half-dozen old licenses have been withdrawn, and not just from Sun (I saw yet another notice of withdrawal on the Board list just two days ago). The job isn’t done — the Board still has some policy decisions to make — but it’s well started,” said Raymond.
According to Tiemann, although the OSI has been quiet, it’s actually been very active. “We’ve been meeting nearly every month since you last checked in. We have held face-to-face meetings (with public meetings) since OSCON in 2005 in: Brazil 2006 (FISL 7), OSCON 2006, and Sri Lanka 2006 (FOSSSL).”
The OSI has also “generated and have begun discussing an Open Standards platform. We recruited 3 new board observers (Ernie Prabhakar, David Axmark, and Federico Heinz). We elected a new board member (Matt Asay). Not only Sun, but Intel and a few others have responded to our LPC report by retiring their own OSS licenses,” Tiemann continued.
In addition, “There have been vigorous and lively discussions about the attribution licenses, badgeware, and whether the OSD should be amended, revised or clarified, all taking place in the open on the license-discuss mailing list,” added Tiemann.
In the future, the OSI will also be more forthcoming about its activities. One of the problems has been, Tiemann explained, that “We have been working on a new Drupal-based website that’s been stuck in the birth canal since about August (very frustrating, especially because it’s so close). One of the major new features of this site will be the publication of the board minutes of all meetings going back to around that last date you recorded.”
The OSI is also aware that “Open Source is a big buzzword again now, and yes there are those (as there have been from the beginning) who are trying to understand how they can embroider over the edges of Open Source to achieve business goals nearly but perhaps not perfectly aligned with the spirit of the Open Source Definition,” added Cooper.
For instance, on the subject of license proliferation, Cooper added that, “as Michael and Ken [Coar, OSI board member and director of the Apache Foundation], have pointed out, a report was produced collaboratively (between members of the OSI Board and the licensing community including individuals representing companies and also some of the large projects) and in the process several license authors offered to voluntarily deprecate their ‘vanity’ licenses.”
As for the MPL-style licenses, Cooper said, “We’ve been working this issue for some time now; it is not new to us. The formal public debate about where the line should be drawn between ‘attribution’ and ‘badgeware’ has been going on only since mid-November, however. The fact that the topic is under discussion now has already yielded a couple of re-licensing to more time-tested OSI approved licenses by companies who had been using ‘badgeware’ licenses… so again the process is working.”
Cooper concluding by noting that the OSI is an unfunded organization that does its work due solely through the efforts of its members. She concluded that “those with specific agendas always have an axe to grind with organizations such as the OSI. It’s easy to take pot-shots, and requires far more commitment to become part of better solution. We invite any and all to become part of current conversations on the future of Open Standards, OSI Membership, and of course License[s].
Still, not everyone is convinced that the OSI is doing as much as it could. Larry Rosen, a partner in the technology law firm Rosenlaw & Einschlag and former OSI general counsel, said he was concerned about the OSI, but since “I am not affiliated with OSI any longer … I cannot predict when they will solve their problems and become a more effective organization. But I remain hopeful.”