Archive for the 'Guest' Category

Guest post: 2010 - Threats to copyleft

Published by Elizabeth Tatham on March 5, 2010 in Guest and Legal. Comments

This post is by Patrice-Emmanuel Schmitz, Director for European institution studies at Unisys Belgium (Brussels). His team is in charge of the www.OSOR.eu (Open Source Observatory and Repository), the Free/Libre/Open Source information platform and forge launched by the European Commission for public sector projects.

Combining freedoms and copyleft in the Gnu GPL license (invented by Richard Stallman) was the cornerstone of free software. This is now questioned due to the proliferation of incompatible copyleft licenses.

After counting 1,800 free software licenses used in hundreds of thousands of projects, the Black Duck company patented (Patent US 7,552,093 B2) the technology for controlling the use of open source licensing in a multi-source development process (meaning combined works, elaborated from multiple free components under different licenses).

No need to say that patenting proprietary technology to solve copyleft licenses incompatibility may not be seen by everyone as a major achievement!

Lamenting on license proliferation or blaming new license authors – who all call upon the best reasons of the world, looks useless. It would certainly be reasonable, as recommended by Bruce Perens, to deal with only four permissive and copyleft licenses, but this is wishful thinking. New licenses are presented every week by FLOSS authors and communities, and no benevolent dictator will limit human innovation regarding licensing.

The heart of the problem does not lie in the number of licenses, but in their incompatibility. I do not think that license proliferation is a failure of the FLOSS movement, it is rather the entire contrary: a testimony of the attractiveness of FLOSS models. In reality, license proliferation illustrates the failure of a certain model of strong copyleft, as it was initiated by the GPL in the 80’ and – unfortunately - reproduced by nearly all subsequent copyleft licenses. Once necessary and successful, this model looks not adapted anymore because it was copied and - seeing the Black Duck patent - one may question (like Ernest Park has done) if the way copyleft is applied does not generate today more jails than freedom.

According to my first study for the European Commission, the Gnu GPL v2 was used in 85% of the FLOSS projects in 2001. With a copyleft that was – maliciously – said “viral” by some, meaning that compatibility is always “upstream” (to itself) and never “downstream” (to other licenses), the adoption rate of the GPL should have been universal in 2010, confirming analysts’ assumption that “it is good for the community if people use a single copyleft license [1]”. However, the exact reverse happened: the GPLv2 (reducing) is still used in 50% of projects, the new GPLv3 reaches little more than 5% and other licenses are proliferating.

The fact a dozen of licenses are used by 90% of the FLOSS projects does not help very much, as the implementation of free solutions (which are often combined works) is done through integrating many components. It is enough to find only one incompatible license to compromise the distribution of these solutions.

The current situation is damaging for other reasons: it creates endless discussions on what could be considered as integration in combined works (dynamic or static linking) and it feeds disputes. To preserve their communities from schisms, gurus and acolytes urge followers not to use any other copyleft licenses, whatever their specific merits or advantages could be. It is time to admit that the strategy of keeping a “captive asset” of license users was not successful for avoiding proliferation, and that it is not the most appropriate way to reinforce the freedom, collaboration spirit and consistency within the fragmented FLOSS world.

In Europe, the recent - OSI approved and copyleft - European Union Public License (EUPL) meets some initial successes due to its compliance with Member States’ law and because it has equal value in the 22 languages of the Union. It has been selected by the German Federal Agency for Information Technologies, it is the license of choice in schemes published by the Dutch NOiV (see on the www.OSOR.eu site an English version of this scheme, translated by a member of the Swiss administration), a dedicated EUPL site was created in Italy, etc. In Spain, the Ministry of Industry, Tourism and Commerce (where the public agency Red.es is located, in charge of information technology) provides the following in call for tenders (software specifications):

“In case the contractor integrates in the development that is the object of the contract with modules or elements owned by third parties, he must first obtain from the legal owners the licenses and rights necessary to transfer the ownership of the development to , which will submit it, including the elements that are performed under the contract (such as fonts, dll, scripts, etc..) to the public license EUPL. In any case the total and final result of the development and the overall project will be subject to a license EUPL.”

Applying such provisions excludes strong copyleft components from the delivered combined work: all original developments are allowed; all “permissive” components are allowed (BSD, MIT, etc.); all “weak copyleft” components are allowed (i.e. LGPL), but no Gnu GPLv2 (or V3) components (except if the copyright owner is entitled to dual license the component under LGPL-like terms, for the purpose of addressing the contractual specifications).

The EUPL itself has an innovative approach to solve copyleft licenses conflicts: it publishes a downstream compatibility list (to other licenses). It is allowed to integrate EUPL components in a combined work that will be distributed under a compatible license. The concept is not new, as the FSF applied it with the LGPL a long time ago. The LGPL (now LGPLv3) is convenient for software libraries aimed to produce combined or derivative works: if the library is propagated on its own, it must be under the provision of its original license (LGPL), but if the library components are part of a derivative work, this work can be licensed under another license, while the original library remains LGPL. The EUPL compatibility is exactly the same, but its copyleft effect is stronger than in the LGPL (because compatibility is restricted to a limited and published list of other copyleft F/OSS licenses). Therefore it is not a weak but – say, a “tolerant copyleft”.

Such flexibility removes incompatibility barriers and restores developers’ freedom, while keeping it in the limits of the desired copyleft effect.

While the EUPL solution may be considered as a conceptual progress, its tangible impact will stay very limited as long other copyleft licenses will not give some reciprocity: the quantity of available EUPL-ed material is quite small today, compared to the mass of components that are already available under the GPL terms. Extending the list of EUPL compatible licenses (i.e. by adding the still missing GPLv3) will not change the issue resulting from the Spanish specifications, where the government requires the facility to distribute the received combined work under the single license of its choice (the EUPL in this case).

Solving problems related to the proliferation of copyleft licenses requires setting up interoperability provisions between these main licenses. It will create, and focus attention, on a kind of “circle of trust” where the original copyleft licensing condition of a software will never be changed, but where – just to take an example – a GPL component could be part of a combined work that the recipient (let’s say the French or the Spanish government) could distribute as a whole under the provision of the copyleft license of its choice (i.e. CeCILL or the EUPL) provide these licenses are allowed in the compatibility list.

The Gnu GPLv3 includes (in its section 13) the exact provision corresponding to the above need, but it is directed to the AGPLv3 only. The intellectual effort to extend this provision in direction of a small list of interoperable licenses seems easy to deliver. The reciprocal condition must be added: in the example above, the combined work could be also (as the need may be) distributed under the provisions of the GPLv3.

This could be a way out to the deadlock where we are, due to the proliferation of incompatible licenses.

Looking for alternative? Pay a Black Duck patent license!

Patrice-Emmanuel Schmitz – www.OSOR.eu

[1] R.T. Nimmer, Legal issues in Open Source and Free Software distribution, The Law of Computer technology, Ch. 11 (1997, 2005 Supp.) (“Two different copyleft licenses are usually “incompatible”, which means it is illegal to merge the code using one license with the code using the other license; therefore it is good for the community if people use a single copyleft license (GPL)”).

Guest post: Paul Anderson interviews Jono Bacon

Published by Elena Blanco on November 3, 2009 in Guest, Event and Community. Comments

This post is by Paul Anderson, EPSRC Computer Science Writer of the Year 2007.

Jono Bacon is the community manager for Ubuntu, a popular distribution of GNU-Linux. Based on his experience Jono has just written a book, published by O’Reilly but available under a Creative Commons Licence, about community and open source. Originally from England, these days he is based near Berkeley, California. Paul Anderson from Intelligent Content caught up with him on a recent visit to London.

Q: You’ve just published a new book, The Art of Community, what’s the key message you are hoping to get across?

The Art of Community essentially teaches the reader how to build a productive and enjoyable open source community. It starts with a bird’s eye view of the social science behind the concept of ‘community’ and then gets into how to build a strategy for a particular community. The book then delves into each of the elements that go into the delivery of that strategy such as processes, governance, tools, running events, dealing with conflict, and how to hire a community manager.

Q: So why is the idea of community so important for open source?

I think that there are ethical benefits and there are pragmatic benefits. The ethical benefits of working through a community seem fairly obvious to me. They are things like it helps to reduce elitism, providing an opportunity for everyone to get involved, and it provides opportunities for people to gain experience. On the pragmatic side, a community that has been harnessed effectively can deliver some really interesting things. For example, on one of the projects I worked on we decided to open it up for translations [of the documentation] and within two weeks we had 17 languages.

Q: In the book you argue that a ’sense of belonging’ is important.

Yes. The way we build community is to create a sense of belonging. When people feel that sense of belonging in the community then they feel like they are part of something, they feel it is their ‘place’, their home. And when they have that they feel like contributing back to the community.

Meritocracy is very important part of this. This is where people build up reputations based on the merit of what they actually do. It is the only way that a distributed community can really work. When anyone is in a meritocratic environment they fundamentally feel a sense of principles and they really treasure the premise of equality.

Q: Ubuntu operates a code of conduct. This seems to be an important thing to get right.

When you build a community the first thing you need to do is build a set of principles. You need to say this is the culture that I want to instil and for open source software that means a culture of openness and transparency with freedom to contribute. You want people to be respectful and polite but not too restricted in their communications with each other.

The Code of Conduct we have in the Ubuntu community is essentially to provide a charter of reasonable interactions. So what it does is say: ‘every contributor to Ubuntu should follow this conduct’. It is a very basic set of ‘don’t be an idiot’ instructions. I believe that documents like this can hold tremendous value and it is held in very high regard in the Ubuntu world. This kind of thing helps build a sense of belonging.

Q: This raises the issue of managing the community, or as you describe it in the book, ‘Governance’.

Governance is having some kind of official structure that takes decisions on behalf of the community, like a Management Board or a Council. One of the mistakes that a lot of communities make is to believe that they need an explicit and very expansive governance structure in place, otherwise they are not real community. And this is not true.

Ubuntu has quite an expansive governance structure in place. We have a community Council and a tech Board at the top, and then various team councils that report to them. But this is because the Ubuntu community is huge and we need this to deal with the scale of what we’re doing. If you’re a smaller project you just don’t need that.

Q: You also talk at length about process workflows and tools.

Yes, I think it’s really important to get this right. On the workflow side of things the focus is on identifying ways in which people can work together on common problems, for example bug tracking. How do you handle bugs? How does the team triage them when they come in? Who fixes them? All these are part of the community workflow, they are really important and the book has a lot of ‘hands on’ stuff about these issues.

I think that tools need to be applicable to do the job. One of the problems for a lot of communities is that they want to have something like a public website, so what they’ll do is agree that they need a website, but then have a long and drawn out debate about which content management system they should use. What happens is that they spend more time bickering about tools than actually doing something good like having a basic project website and actually getting people to visit it.

What I recommend in the book is that they just pick something, it doesn’t matter too much what that is. In a year’s time they will want something different. The first six months of a community is the most critical time and a team needs to be built - a sense of excitement, a sense of belonging needs to be built up. You don’t get that by spending the time bickering about tools like a CMS.

Q. Widening things out a little, where do you see the general situation with open source today?

I think we are in good shape. What we are doing is building a new IT industry with open source, building a new approach to software and I think we have made tremendous progress. Just look at Linux. I first got involved in 1998 and we have made so much progress in the intervening years. I look back to those days when I actually needed a soldering iron and a steady hand to get Linux working on my PC! We have made huge progress in terms of writing software, making it useful and integrating it with systems.

This week is Ubuntu Open week which includes a series of tuition sessions and the whole ubuntu community is joining in. If you’re interested in getting a taste of what’s involved, now is the time to see for yourself. 

Guest Post: FOSS and the European Parliament

Published by Rowan Wilson on June 1, 2009 in Guest, Procurement, Strategy and Policy and Community. Comments

From time to time OSS Watch will be publishing guest blog posts here to highlight interesting opinions from around the FOSS community. This post is by Gerry Gavigan, chairman of the Open Source Consortium.

Elections for the European Parliament are scheduled for 2 June 2009, and this seems like an ideal opportunity to broach the subject of ICT policies and draw the attention of candidates to the issues surrounding choices by government and its administration concerning software and systems. Hopefully, this will at least raise the profile and gain better consideration of the underpinning issues and lead to wider adoption of Free and Open Source Software.

One initiative attempting to do this is the Free Software Pact (FSP) providing candidates with a method to inform the voting public that “they favour the development and use of Free Software, and will protect it from possible threatening EU legislation.”

As Chairman of the Open Source Consortium I was asked to help promote the FSP. Fundamentally I agree with the underlying objectives of the FSP but I am not sure that the approach to implementation is well thought through.

I am convinced that level playing fields coupled with open and transparent processes topped off with effective governance (easier said than done, of course) are all that Free Software needs for new installations and also to trickle through the arteries and capillaries of existing ICT deployments, eventually eliminating the externalities of proprietary software (largely summarisable as the deadweight costs arising from distortions in the market). I should add that this opinion is vendor neutral. I don’t care who it is or how Free Software is supplied.

If we are to achieve this nirvana we need to approach those we are seeking to influence in terms that are meaningful to them. This is not always easy but that is not an excuse not to try. And it may require several goes. Additionally if one is seeking to influence politicians or administrations is is easier to go with the grain of things than start again somewhere else.

With that in mind and prompted by the FSP, it seems right to put my drafting where my opinions were. Accordingly the OSC has created a draft form letter that hope as many people as possible will send it to the candidates in their constituency.

Dear…

Support Implementation of draft European Interoperability Framework V2 “EIF V2″

As you are a candidate in the forthcoming elections for the European Parliament I am writing to seek your support for a simple measure that will help citizens, businesses and European society.

Information and Communications Technology (ICT) has become a critical part of European infrastructure; a modern economy cannot function without it.

Optimal choices in ICT need a European policy on interoperability in ICT.

Interoperability means it does not matter how you mix and match the constituent parts of ICT, they will just work with each other without problems or issues. Such choice also means that users of your ICT systems (e.g., users of European or national government on-line services) do not have to make ICT choices based on your decisions, e.g., having to use a specific web browser (that itself may require a specific operating system).

Many European and national ICT systems have been implemented using software which does not enable easy interoperability, and instead creates an effect where it becomes easier, and some cases necessary, to choose more of the same supplier’s products, and harder to choose competing products.

Moreover, once governments or local administrations have decided to use software that does not enable easy interoperability, that choice imposes a requirement for the citizen or customer to choose the same software.

This network effect prevents choice, competition and limits opportunities to promote innovation outside vendor control, in the whole European arena for ICT.

To have agreed as policy the (draft) EIF V2 ( http://ec.europa.eu/idabc/en/document/7728) will halt and eventually reverse this situation.

This draft has been criticised by vendors currently benefiting from the current uneven playing field, but its adoption would not prevent any vendor, current or future, from supplying ICT to European or national governments.

The EIF is not considered to by all to be perfect, but getting it firmly “inside the tent” would enable it to be improved. I urge you to adopt or adapt this letter and write.

You can find your existing MEPs and candidates here.

Gerry Gavigan