Open-source companies are taking a “closed” approach to licensing options as a way to fight off what they see as threats to their projects. The first approach to make waves in the open-source community was the Commons Clause initiative, which aimed to add restrictions to existing open-source licenses. Following Commons Clause, MongoDB set out to create its own license to be applied to its open-source projects, and since then a number of other companies have followed suit.
The problem these open-source businesses are finding is that technology giants and cloud providers are taking advantage of their work for monetary gain without contributing back to these projects. However, the issue with creating and applying new licenses or clauses to existing open-source licenses is that it the projects become technically no longer open source, unless the licenses are approved by the Open Source Initiative (OSI), an organization dedicated to promoting and protecting open-source software, projects and communities.
OSI’s definition of open source states that source code must meet the following criteria:
- Free redistribution
- Source code
- Allow derived works
- Integrity of the author’s source code
- No discrimination against persons or groups
- No discrimination against fields of endeavor
- Distribution of license
- License must not be specific to a product
- License must not restrict other software
- License must be technology-neutral
MongoDB’s Server Side Public License is currently under the review of the OSI, but has not yet gained approval. In addition, the other licenses and clauses being applied to projects by open-source companies are not OSI-approved.
SD Times had the opportunity to talk with Vicky “VM” Brasseur, vice president of the Open Source Initiative, on the state of open-source projects and the ongoing “battle” businesses feel like they are having with technology giants and cloud providers.
SD Times: Open-source companies are applying new licenses to their projects because they believe projects are being taken advantage of. Do you believe this is a real issue the community should be worried about?
Brasseur: There are dozens and dozens of companies that identify as “open-source companies.” What we have are very few that have relicensed the open-sourced software on which they based their companies, taking that software out of the open-source communities. A couple of these projects happen to have a lot users who aren’t customers of these companies, and that leads to an inordinate amount of press coverage as the relicensing ripples to affect the entire community.
As far as the matter of companies taking advantage of free and open-source projects for financial gain: We at OSI are all for it! Free and open-source software comprises the rising technological tide that lifts all boats. Much like the fundamental science that provides life-saving breakthroughs in medicine, the fundamental development and release of free and open-source software projects provide the building blocks of software innovation the world over. I challenge anyone to find a successful software company that does not rely on open source in some way. Billions of dollars of revenue and millions of jobs exist now thanks to free and open-source software solutions. This is wonderful and OSI wholeheartedly supports it.
We also, however, support all of these companies contributing back to the free and open-source projects on which they rely. These contributions could be in the form of code, community management, security, design, technical writing, or they could simply be monetary. The type of contribution that makes the most sense will vary by company and project. OSI encourages all companies to look at those projects that contribute to their success and then give back to those communities and projects.
Why do you think projects and companies are having an issue, and how do you suggest the open-source community can address this?
It’s important here not to conflate “project” and “company.” The issues each face are completely different. Projects face issues of community and resource management: how does the project plan its roadmap based upon the contributors it expects to have, and how does it bring in new users and contributors? Companies face issues of profitability: how does the company create a product offering that provides value to its market, and how does it price that offering to attract and retain enough paying customers to cover its costs and provide an acceptable profit margin?
The widely publicized instances of relicensing have all been initiated and driven by the companies involved, not by the projects. Despite that, the relicensing rationalizations have been couched in terms of the projects: a relicensing is necessary because tech giants aren’t contributing back to the community, the tech giants are gaining benefit but not giving back, and therefore the company is suffering and must relicense the open-source project.
This is disingenuously mixing project interests with company interests. If the reason for the relicensing is that tech giants were not contributing back to the projects, why are these companies not detailing how the project reached out to the giants asking them to contribute, or asking those giants why they don’t contribute and how the project might improve its contribution processes to improve the contributor process? None of the “open-source” companies that have relicensed have yet discussed this. Showing how they attempted to engage the giants in contribution but were rebuffed would have won these companies more support from the community, but that is not what happened.
Instead, these companies have discovered that in order to run a successful business they must do what every other successful business does: provide a more compelling product offering than their competitors. Their competitors were beating them out on that front, so rather than admitting this and adjusting their product offering and business operations to adjust to the market, these companies are relicensing open-source projects, causing irreparable harm to the community that had made those projects successful enough that others wished to use them. Personally, I don’t think it makes a lot of business sense.
What sort of impact does the implementation of new (non-OSI approved) licenses being applied to traditional open-source projects have on the community and ecosystem as a whole?
Generally speaking, while we would naturally prefer all software to be under free and open-source software licenses, we recognize and respect that sometimes proprietary licenses are necessary. There’s no problem with that, if it’s what’s required by your business.
What’s happened here though, is locking up things that used to be free and open behind proprietary licenses. There is nothing good, helpful, or empowering about that action. It takes the efforts of individuals, who contributed believing that their work would be freely and openly available for all to benefit from, and reserves it solely for the benefit of a single company. Who from the community would ever contribute to such a project again? In one disrespectful stroke these companies have therefore decimated their communities and, ironically, done precisely what they claim the relicensing was intended to prevent: taken the freely contributed work of others for their own benefit.
Companies and individuals who support this sort of community-busting action show themselves to be unworthy of the contributions of others. They’re almost doing the open source community a favor by making themselves so evident. By thus branding themselves as disrespectful of the tenets and essence of open source, people now know to avoid these companies and the projects they release.
Not only have these companies thumbed their noses at the communities and contributors of the projects that they have relicensed, in taking this nuclear option of defensively relicensing to “thwart” the tech giants they have created an immense amount of collateral damage in the smaller companies that relied upon those projects in order to operate. These companies now must either re-architect their software to remove their dependency on those projects or they must pay for enterprise licenses. Both of these options are very expensive, but as the choice is literally extortionate it wouldn’t surprise me if most of them opt to re-architect rather than pay a company that has shown it violates the trust of the contributors of an open-source project and those who use it.
What misconception or misunderstanding do you believe these projects have with cloud providers and vice versa?
Again, this question conflates project with company.
It was not the projects that took these relicensing actions. It was the companies that held majority copyright interests in the projects that took these actions. Any project would be proud to be used by a large profitable software [company] and would have no need to relicense. The only problem the project may have with the tech giants is that they aren’t contributing back, and through community management and outreach that’s a fixable issue.
The companies, on the other hand, saw that their competitors had developed more compelling product offerings than they, so instead of resolving that issue they’re trying to remove a variable from the product offering equation. As we’re now seeing, that’s not working as they expected. The misconception here is that companies with valuations several, several, several times more than their own would just roll over and take this relicensing rather than simply forking the projects or creating their own solutions, which is what we’re now seeing.