Tux

...making Linux just a little more fun!

Badgeware licences, Take Two

Rick Moen [rick at linuxmafia.com]
Wed, 31 Jan 2007 22:36:31 -0800

In which I scare up an alarmed Dave Rosenberg, CEO of MuleSource.

----- Forwarded message from Dave Rosenberg <daverosenberg at gmail.com> -----

Date: Wed, 31 Jan 2007 21:19:43 -0800 (PST)
From: Dave Rosenberg <daverosenberg@gmail.com>
To: TAG <tag@lists.linuxgazette.net>
To: license-discuss at opensource.org
Subject: Re: Badgeware licences, Take Two (was: Ethical Restriction)

Let's just be clear about what exactly was said about the "license's main point." You are taking the quote out of context in order to make your argument. What I was specifically talking about was the method that would allow users wanting to use Mule in a commercial product with no attribution. In no circumstance did I say that the license was designed to force people to pay. The license is there to protect our IP. However I do understand the confusion around the license and my comments--and understand that we all may interpret these things differently.

That said, I appreciate the feedback but wonder why not a single person who has so much to say about these licensing issues ever said "hey, we think you should consider changing this, and here is my recommendation." The same goes for the FAQ. If you think the information is incorrect how about helping us fix it? Ross and I are incredibly easy to get ahold of and have numerous emails and phone numbers.

You do note that we made a change yesterday that significantly softens the attribution clause, which I have stated publicly that the old version may have not made sense for us in the first place. I am not sure that this license is the best choice, but we are still evolving. Give us a hand and we'll send you a Mule T-shirt (uh-oh, there's that attribution again :>)

[snip quotation of my entire posting]

----- End forwarded message -----

----- Forwarded message from Matthew Flaschen <matthew.flaschen at gatech.edu> -----

Date: Thu, 01 Feb 2007 00:42:14 -0500
From: Matthew Flaschen <matthew.flaschen@gatech.edu>
To: TAG <tag@lists.linuxgazette.net>
To: Dave Rosenberg <daverosenberg at gmail.com>
Cc: license-discuss at opensource.org
Subject: Re: Badgeware licences, Take Two
Dave Rosenberg wrote:

> Let's just be clear about what exactly was said about the "license's main
> point." You are taking the quote out of context in order to make your
> argument.

That may be true, but there's no context to ignore in the FAQ entry I quoted.

> The license is there to protect our IP.
>From what?
> However I do understand the
> confusion around the license and my comments--and understand that we all may
> interpret these things differently.
> 
> That said, I appreciate the feedback but wonder why not a single person who
> has so much to say about these licensing issues ever said "hey, we think you
> should consider changing this, and here is my recommendation."

I've been doing that for weeks, implicitly and explicitly.

The same goes

> for the FAQ. If you think the information is incorrect how about helping us
> fix it?

Okay, I'll spell it out. Take out the text

"# Sell any MSPL covered code
# Sell derived works of Mule"
from below "What am I not allowed to do with code that is covered by the MSPL?" It's not a question of ethics. Legally, those restrictions are absolutely not in either the MPL or MSPL. You're just misstating the license.

In general, sometimes I say how something's broken, and sometimes I say how to fix it. Either way, my unspoken advice is the same:

Fix it.

If you really don't know how, feel free to ask for clarification.

Ross and I are incredibly easy to get ahold of and have numerous

> emails and phone numbers.

That may be true, but I'd rather post to the list so everyone hears the advice.

> You do note that we made a change yesterday that significantly softens the
> attribution clause, which I have stated publicly that the old version may
> have not made sense for us in the first place.

I don't understand why you want this kind of clause at all if, as you say:

"Mule is usually middleware and often doesn't have a GUI component. As such, the common attribution clause that expresses a demand for logo placement on every user interface screen caused much confusion. To that end we've decided to make changes that make more sense for where Mule lives in the stack and we hope will make the situation less cloudy."

Are you just following the other Business Logic companies here? Why can't you use straight MPL? You get a pretty OSI-certified logo to use (https://opensource.org/docs/certification_mark.php), and will stand away from the pack.

I am not sure that this

> license is the best choice, but we are still evolving. Give us a hand and
> we'll send you a Mule T-shirt (uh-oh, there's that attribution again :>)

Can I paint over it? ;)

Matthew Flaschen

----- End forwarded message -----

----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Wed, 31 Jan 2007 21:45:27 -0800
To: license-discuss at opensource.org
From: Rick Moen <rick@linuxmafia.com>
To: TAG <tag@lists.linuxgazette.net>
Subject: Re: Badgeware licences, Take Two (was: Ethical Restriction)
Quoting Dave Rosenberg (daverosenberg at gmail.com):

> Let's just be clear about what exactly was said about the "license's
> main point." You are taking the quote out of context in order to make
> your argument. What I was specifically talking about was the method
> that would allow users wanting to use Mule in a commercial product
> with no attribution.

Which is just a fancy way of saying "If you need to avoid the badge for your commercial use, then you'll need to negotiate a separate licence with us" (https://weblog.infoworld.com/openresource/archives/2006/11/licensing_in_lo.html) -- thus (precisely) my point. And it's interesting that all you have to say about the FAQ is to suggest that it's somehow up to us to do something about it.

Whether your FAQ entry is "correct" or not is beside my point: It seems reasonable to believe it reflects what MuleSource wants people to think. Thus, again, my point.

Also, come to think of it, the purpose of this mailing list isn't to help vendors improve their online documentation. It's to evaluate submitted licences from aspiring open-source publishers, to determine if they can be certified as "open source".

Your firm, not to put too fine a point on it, has been going around for some time telling the public you're "open source". Is there some reason why you are unable to submit your licence? Selective finger malfunction, perhaps? If not, when can we expect to see it -- and are you going to suspend your public claims of being "open source" until it's approved?

> In no circumstance did I say that the license was designed to force people
> to pay.

This is the Ben Tilly line: They're not UNABLE to use the badgeware version in commerce. They're juse UNWILLING. Quoting your InfoWorld entry: "My answer was simple. You make a deal with us for a commercial license and then you do whatever you want."

Right. Exactly.

> The license is there to protect our IP. 

MuleSource uses this phrase a lot -- including in yesterday's announcement of the new badgeware provision. But it doesn't mean anything. Your "IP" (copyright title) is protected (in the USA) by 17 U.S.C., the Copyright Act. It is neither more nor less protected with the badgeware clause.

Do you think the "IP" (copyright title) in Firefox (real MPL 1.1) is up for grabs? Try creating and redistributing a proprietary, binary-only fork, and see how long the court summons takes.

-- 
Cheers,           "You know, I've gone to a lot of psychics, and they've told me
Rick Moen         a lot of different things, but not one of them has ever told me
rick at linuxmafia.com      'You are an undercover policewoman, here to arrest me.'"
                                          -- New York City undercover policewoman
----- Forwarded message from Dave Rosenberg <daverosenberg at gmail.com> -----

Date: Wed, 31 Jan 2007 22:06:00 -0800 (PST)
From: Dave Rosenberg <daverosenberg@gmail.com>
To: TAG <tag@lists.linuxgazette.net>
To: license-discuss at opensource.org
Subject: Re: Badgeware licences, Take Two (was: Ethical Restriction)

Again, I think interpretation is in the eye of the beholder. Re: FAQ, it's completely possible that it was wrong to begin with, but not everyone has time to read these license-discuss threads (though perhaps if we had sooner than we could have fixed things in a more timely manner) so take it as you will.

We are absolutely happy to submit our license, but have been in contact with a number of OSI board members who suggested we wait and see what happened with the SocialText submission. Our goal was not/is not to create confusion or non-compliance with the OSI. We don't use the OSI badge, and we have been counseled that the license is compliant. We'll figure that out soon enough as we continue the discovery.

RE: IP protection--We have run into multiple issues with public and private companies who have made attempts to skirt the MPL/MSPL/maybe anything and essentially take Mule as their own with no recognition of the author, copyrights, license agreements etc. Forking is one thing, stealing is another. Your Firefox example is actually one that I hadn't entirely considered (so thank you for the input.)

I don't know that the attribution clause makes any difference--which is why I asked for suggestions. It's highly possible that we can switch to the MPL with zero negative effects--we just haven't figured it out yet. For that matter we might also consider the GPL.

[snip quoting of my entire posting]

----- End forwarded message -----

----- Forwarded message from Matthew Flaschen <matthew.flaschen at gatech.edu> -----

Date: Thu, 01 Feb 2007 01:22:00 -0500
From: Matthew Flaschen <matthew.flaschen@gatech.edu>
To: TAG <tag@lists.linuxgazette.net>
To: Dave Rosenberg <daverosenberg at gmail.com>
Cc: license-discuss at opensource.org
Subject: Re: Badgeware licences, Take Two
Dave Rosenberg wrote:

> Again, I think interpretation is in the eye of the beholder. Re: FAQ, it's
> completely possible that it was wrong to begin with, but not everyone has
> time to read these license-discuss threads (though perhaps if we had sooner
> than we could have fixed things in a more timely manner) so take it as you
> will.

That's fair enough. I'm still wondering where you got that idea (that selling was prohibited by MPL). The Open Source Definition explicitly requires that "The license shall not restrict any party from selling or giving away the software". MPL wouldn't be approved by OSI (which it is) if it banned selling.

> We are absolutely happy to submit our license, but have been in contact with
> a number of OSI board members who suggested we wait and see what happened
> with the SocialText submission.

That makes some sense. However, SocialText seems to have withdrawn their original submission (and intends to resubmit soon). So if you submitted MPSL now, you might actually be ahead of the game.

> Our goal was not/is not to create confusion
> or non-compliance with the OSI. We don't use the OSI badge, and we have been
> counseled that the license is compliant. We'll figure that out soon enough
> as we continue the discovery.

We would rather you not use the phrase "open source" either until the license was approved. The badge is legally protected, but the phrase "open source" is just as important really.

> RE: IP protection--We have run into multiple issues with public and private
> companies who have made attempts to skirt the MPL/MSPL/maybe anything and
> essentially take Mule as their own with no recognition of the author,
> copyrights, license agreements etc. Forking is one thing, stealing is
> another.

You're not being very specific, but in general MPL and GPL have strong protections against this.

MPL says, "You must include a prominent statement that the Modification is derived, directly or indirectly, from Original Code provided by the Initial Developer and including the name of the Initial Developer in (a) the Source Code, and (b) in any notice in an Executable version or related documentation in which You describe the origin or ownership of the Covered Code."

GPL says you must, "conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty."

Also, both require redistributors provide source for the MPL/GPL code, though the copyleft differs.

Your Firefox example is actually one that I hadn't entirely

> considered (so thank you for the input.)

Mozilla diligently goes after perceived trademark violations, and I think they would be equally vigorous about copyright infringement.

> I don't know that the attribution clause makes any difference--which is why
> I asked for suggestions. It's highly possible that we can switch to the MPL
> with zero negative effects--we just haven't figured it out yet. For that
> matter we might also consider the GPL.

I definitely would urge you to consider both.

Matthew Flaschen

----- End forwarded message -----

----- Forwarded message from Matthew Flaschen <matthew.flaschen at gatech.edu> -----

Date: Thu, 01 Feb 2007 00:28:28 -0500
From: Matthew Flaschen <matthew.flaschen@gatech.edu>
To: TAG <tag@lists.linuxgazette.net>
Cc: license-discuss at opensource.org
Subject: Re: Badgeware licences, Take Two
Rick Moen wrote:

> Quoting Matthew Flaschen (matthew.flaschen at gatech.edu):
> 
>> Their FAQ (https://mulesource.com/products/licensing.php) also has the
>> interesting interpretation that one cannot:
>>
>> * Sell any MSPL covered code
>> * Sell derived works of Mule
> 
> Yes.  You may recall I asked John Roberts of SugarCRM to explain how a very
> similar FAQ entry on that firm's Web pages

Yes, I remember.

The MuleSource and SugarCRM FAQs say third parties

> _may not sell derivatives_.

Actually, these two both ban sales outright; see https://www.sugarcrm.com/crm/open-source/public-license-faq.html and https://mulesource.com/products/licensing.php. Jitterbit (another company Radcliffe consulted for) says (https://www.jitterbit.com/Product/licensefaq.php) "Despite your copyright, you can not sell derived code" [of JPL code]. One would hope these companies know they probably can not enforce restrictions counter to their license; who are they fooling, themselves or their customers?

> Anyway, predictably, we're now seeing the beginning of Badgeware Take Two --
> MuleSource yesterday, probably Socialtext in a few days or so.  The new
> tack seems to be to try to defuse the heretofore slam-dunk OSD#10
> argument (which effort from MuleSource I do appreciate, as it at least
> tries, and can probably be fixed in that area), but retains from Take
> One the "big logo with name and URL must be shoved into every user's
> face" notion.

It's certainly an improvement, but still non-compliant in my view.

> SATAN's still available:  It's just that nobody's cared in a decade,
> because its licensing crippled reuse, leaving a gap into which
> alternatives like Nessus stepped eventually.

To be fair, it seems Nessus also cripples reuse in the traditional method ("You agree not to deliver or otherwise make available the Software, in whole or in part, to any party other than Tenable" ...).

Matthew Flaschen

----- End forwarded message -----

----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Wed, 31 Jan 2007 21:50:36 -0800
To: license-discuss at opensource.org
From: Rick Moen <rick@linuxmafia.com>
To: TAG <tag@lists.linuxgazette.net>
Subject: Re: Badgeware licences, Take Two
Quoting Matthew Flaschen (matthew.flaschen at gatech.edu):

> To be fair, it seems Nessus also cripples reuse in the traditional
> method ("You agree not to deliver or otherwise
> make available the Software, in whole or in part,
> to any party other than Tenable" ...).

True. I actually meant to say Snort (https://www.snort.org/), which is GPLv2. I use those things so seldom, I pulled the wrong one out of dusty long-term memory.

-- 
Cheers,                   "The American Republic will endure, until politicians 
Rick Moen                 realize they can bribe the people with their own money."
rick at linuxmafia.com                               -- Alexis de Tocqueville
----- Forwarded message from Dave Rosenberg <daverosenberg at gmail.com> -----

Date: Wed, 31 Jan 2007 21:39:50 -0800 (PST)
From: Dave Rosenberg <daverosenberg@gmail.com>
To: TAG <tag@lists.linuxgazette.net>
To: license-discuss at opensource.org
Subject: Re: Badgeware licences, Take Two

Thanks for pointing to those statements in the FAQ. While I am not sure that the statements are wrong, they are clearly open to interpretation. Regardless, we intended to remove them when we made the license change. Sorry to add to the confusion.

It would have been helpful for you to have sent me a note so that we can help to dispel any confusion or inaccuracy. Should there be other issues, please don't hesitate to let me know.

[snip quotation of Matthew Flaschen's entire posting]

----- End forwarded message -----


Top    Back