Open Source undefined, part 2

Computer science, too, must exist in an uneasy alliance with industry

From the book Open Sources: Voices from the Open Source Revolution

In Open Source undefined, part 1 we had a closer look at the origins of the “Open Source” movement. We found out the “Open Source” term was being used with various meanings in the community and industry (including with commercial restrictions) long before the OSI came along; and OSI’s subsequent messy (rightful) failure to register a TradeMark.

However, OSI did formalize the Open Source Definition, which has been in use since then, as a sort of “North star”, with an organization defending and promoting it. The OSD has been on the OSI website for 25 years, largely unchanged. (here is version 1.9 from 2002, for example).

In this blog post, I would like to answer:

• does the OSI represent the “Open Source” community?
• how well has the OSD worked? Are we aligned or are there other definitions?
• does OSI indeed act in the industry’s best interest?
• how do we move forward?

OUTLINE

• OSI growth, authority

• disagreeing uses of open source in community and industry

  • “just public”

• SSPL: why not OSI? ambiguous process. industry friendly?

• distributions don’t really follow OSI

• missing stuff about ethics, commercial restrictions, cloud vendors

  • OSD Faq about evil people
  • GitHub 2.0
  • Hippocratic license Osd says nothing about governance, CLA

• missing stuff about sustainabality

• license proliferation

• OSI compliant: becaue some alignment is better than none

  • chacon ideas
  • torvalds define your goals

• after open source

  • https://arstechnica.com/gadgets/2018/07/googles-iron-grip-on-android-controlling-open-source-by-any-means-necessary/
  • redhat customer agreements
  • perens new initiative

• osi represents the community? https://web.archive.org/web/20220806022143/https://opensource.org/node/163 we promote that definition, and that’s what the world expects when they see the term mentioned

• conclusion:

OUTLINE

The “official” OSI story.

Like last time, we’ll start with the official OSI story.

Since then, adoption of the term “Open Source” has taken over the world, across software projects, from hobby projects to large industry players. OSI’s scope of influence has grown to cover goverment in the US, the UK, some of the EU, Asia and Australia, is sponsored by a small selection of the world’s largest tech companies - including GitHub, tied to non-profit/foundation affiliates and organizations who’ve vouched for OSI’s authority. As I was checking out these lists, I actually found som of them rather… surprisingly short. But I assume there are a multitude more organizations who vouch for OSI, yet haven’t initiated any official relation. E.g. Grafana Labs bets its entire business on OSI compliance, yet is nowhere to be found in these lists.

Contention post-OSI founding

OK, so we found evidence of the term “Open Source” being in use in the industry in the decade before the OSI was founded. And sometimes the term was used referring to software that came with commercial restrictions. Can we find examples of contention against OSI’s definition after OSI was founded?

OpenSource.com

Today, that website looks like some sort of community website ran by RedHat. For some reason they published a lot of rather vague and confusing prose about “What is Open Source” and The Open Source Way. These articles contain over 1900 words combined, and yet there’s only a single reference to the Open Source Definition, not even in the text. You have to mouse-over all the hyperlinks to find it.

Here are some quotes from the “What Is Open Source?” article:

Open source software is software with source code that anyone can inspect, modify, and enhance.

(nothing here about redistribution, or copying even)

Open source software is different [from proprietary and “closed source” software]. Its authors make its source code available to others who would like to view that code, copy it, learn from it, alter it, or share it.

(nothing here about redistribution) b This website confirms a couple of interesting things:

• anyone person or entity is permitted to declare “their truth” on what Open Source means
• your “truth” doesn’t need to match OSI.
• you don’t need to offer a precise, consistent explanation.

Linux Distributions

Do popular linux distributions abide by OSI?

• Debian, while affiliated with OSI, maintains its own license review process, though it is similar to OSI’s (source)
• Red Hat stands with OSI
• so does Ubuntu. (though both seem to present an inaccurate view on how the term came to be)
• BSD’s only allow permisse BSD licenes, no GPLs. See FreeBSD and https://www.openbsd.org/policy.html

https://en.wikipedia.org/wiki/Common_Public_Attribution_License FSF compatible, OSI compatible, but not in debian

proliferation anyway

https://opensource.org/license more than 100 licenses https://news.slashdot.org/story/20/01/05/208249/open-source-initiative-co-founder-bruce-perens-resigns-citing-move-toward-license-that-isnt-freedom-respecting#perens_coherent -> coherent open source. 3 licenses. only three licenses: The Affero GPL 3, LGPL3, or Apache 2.

2007’s “OSI crackdown”

https://slashdot.org/story/07/06/21/1146259/osi-to-crack-down-on-open-source-abusers%E2%8B%85same backlash OSI approved

industry

GitHub - founded in 2008 - is by far the largest Open Source code platform with more than 100 million developers globally.

The term “Open Source” has been in wide (and formalized) use for decades before that, so when Scott Chacon, cofounder of GitHub remarked earlier this year that most developers understand “open source” to mean “public on GitHub” and suggested redefining “open source” as such; I couldn’t believe what I was reading. I couldn’t comprehend how someone could propose something so obviously ludicrous. I thought, “maybe the success of GitHub got to his head?”.

But we have more good datapoints:

• the multitude of voluntary “OSI defense” happening on platforms such as X, reddit, etc. It’s a deep rooted part of the industry, even if not formalized.

In about 2019 when MongoDB sought OSI approval for its SSPL license (and failed to secure it). Since then, several companies have followed suit and adopted various new licenses with similar commercial non-compete clauses. The non-OSI compliance has led to new terms such as Source Available, Open Core, Fair Code, Commons Clause and Fair Source. Note, I have written an analysis of Fair Source. It seems the community at large has come to the conclusion that the easiest solution in these cases is to just coin new terms and start initatives.

GitHub - founded in 2008 - is by far the largest code platform with more than 100 million developers globally. Its reach eclipses that of the affiliates and sponsors lists combined. Most recently, Scott Chacon, cofounder of GitHub remarked that most developers understand “open source” to mean “public on GitHub” and suggested redefining “open source” as such. The gravity of this observation is not to be underestimated. GitHub has indeed brought in tens of millions of developers who may not be up to speed on the whole “Open Source” definition. And it is tempting to just redefine a term to accommodate them all at once. But what would this actually solve? If we don’t disagree with the OSD, then everyone agrees, and there are no ambiguities whatsoever that could be resolved by redefining. In fact, redefining would create ambiguities (at the global scale) and this wouldn’t really solve the need to educate people either. At the end of the day, they still need to know if they’re allowed to commercially redistribute, for example.

I think redefining “Open Source” today would be tremendously impractical. It is, in fact, a tremendous achievement that most of the whole world can agree on what a term means. It is truly exceptional that all over the world, goverment offices, startups, students, academia, and so on, are either already perfectly aligned, or can align, with a minimum of self-education. To try to change that, after 25 years would create so much friction that far outweighs any perceived benefits.

It’s much easier to just coin a new term and promote that instead, which is this case is what happened with Fair Source.

But the fact of the matter is, they were not the first to coin the term, they don’t have a trademark, and it has been consistly contested despite their garguantuan efforts to get the whole world aligned (with good results in the programming community, in goverments, and the industry)

It seems as if every single year, the same pot gets stirred: a vendor publicizes source code under a license that allows viewing, modifying and reuse (but with a commercial restriction) and makes an announcement about “open source”, and the community is up in arms because “that’s not what open source means”. So what does “open source” mean, exactly?

When communities form and evolve along with the world around them, inevetably incompatible viewpoints emerge and can cause fractures. This was as true in the 1990’s as it is in the 2020’s.

The gravity of this observation is not to be underestimated. GitHub has indeed brought in tens of millions of developers who may not be up to speed on the whole “Open Source” definition. And it is tempting to just redefine a term to accommodate them all at once. But what would this actually solve? If we don’t disagree with the OSD, then everyone agrees, and there are no ambiguities whatsoever that could be resolved by redefining. In fact, redefining would create ambiguities (at the global scale) and this wouldn’t really solve the need to educate people either. At the end of the day, they still need to know if they’re allowed to commercially redistribute, for example.

Who gets to say exactly what a term means, or doesn’t mean? Today, the word “literally” means its opposite, and what is DevOps anyway?

In a world that can’t agree on anything, the amount of alignment that OSI has been able to create is remarkable. But there is plenty of evidence that the word “open source” has been used in ways incompatible with the OSD, both before, and after OSI’s creation. One meaning of open source comes up over and over again: publishing source code for anyone to use, except to compete with the author. OSI’s attempts to control usage of the term - for which they have no legal grounds - have been proven mostly pointless, and I don’t see this conflict ever being truly resolved.

My suggestion therefore, is a pragmatic one:

• as a vendor, communicate in more detail (but not too verbosely) what your terms are. Customers and prospects appreciate clarity and dislike being misguided.
• as a consumer/customer, always look beyond the buzz-words and build a good understanding of the licensing terms you are about to use.
• if as a vendor, you find it important to use a OSI compliant license, simply mention “OSI certified”, which is trademarked, and has a precise meaning.
• as a consumer/customer, look beyond the “OSI certified” (or “Open Source”) label. It may only cover a part of the whole offering (e.g. any Open core product), you may need to sign a customer agreement undermining the OSI license (e.g. RedHat), and something non-OSI compliant may actually serve you better (e.g. Source-Available or Fair Source).

As far as “Open Source” terminology goes, arguing about whether that means OSI compliant or not, is pretty useless. I would try to sidestep it al together. Except if you’re a company who believes “any press is good press”, than use the term “open source” as you wish, especially for non-OSI compliant licenses. You’re free to do so, and you’ll have guaranteed buzz.

Source Available or Fair Source. And if those don’t fit your need, you can always create a new one. Even Bruce Perens himself is working on an “Open Source” reimagined which will be a distinct initiative as well.

alt headline: ‘Foolish to assume open source means OSD, double foolish to try to make it so’

we love open source, therefore we are quick to support organizations that claim to support open source, and quick to repeat whatover propaganda

https://news.slashdot.org/story/99/06/17/0213251/esr-on-the-open-source-trademark comments osi approval https://news.slashdot.org/story/99/06/17/0213251/esr-on-the-open-source-trademark comments osi approval

should “open source” be defined as narrow as possible? does that mean “marketing use” will also be narrower? maybe a bit?

In conclusion

$$$$ IGNORE THIS DRAFT TEXT BELOW

https://lists.nongnu.org/archive/html/discuss-gnustep/2013-09/msg00113.html another example of commercial clause making non-osi compliant

There is something to be said about the work of taking a word that is colloquially used, and formally defining it.

TODO: simon phipps open source definition hot debate. 5-10 years ago

You can meet the OSI definition, not be OSD compliant

swiss government datapoint https://www.fedlex.admin.ch/eli/cc/2023/682/de

in a world that can’t agree on anything..

• https://opensource.org/licenses/review-process new developments. “Software freedom”
• https://opensource.org/licenses/review-process
• Heather says :
• The addition of the requirement to “guarantee software freedom” introduced a
  significant level of discretion into the approval process. That
  discretionary element probably existed de facto prior to the SSPL
  controversy but was made especially public as a result of it

https://web.archive.org/web/20070627154037/https://opensource.org/node/163 2007 enforcing by OSI with huge backlash and some good quotes re TMp https://slashdot.org/story/07/06/21/1146259/osi-to-crack-down-on-open-source-abusers same

https://www.reddit.com/r/mongodb/comments/1ao3yan/has_sspllicensed_mongodb_been_accepted/ mostly rejected

https://news.ycombinator.com/item?id=35544600 sspl discussion. many find open source = can download

https://slashdot.org/~drinkypoo/journal/175327 this is the same guy as before, martin, i think

https://www.theregister.com/2007/09/27/open_season_episode_3/ rumours that google would make own license?

MS shared source: different from OSD, OSI considers it marketing ploy. https://en.wikipedia.org/wiki/Shared_Source_Initiative#cite_note-icaza20110307-22

https://openpath.chadwhitacre.com/2024/the-historical-case-for-fair-source/ Netscape you have to start somewhere

• https://youtu.be/jq4rRJqAuOE OSS is broken
  • Talk on hipporactic license. Not open source. Not a great answer.
  • Conclusion : is it OSs is wrong question

https://github.com/ssddanbrown/Open-Source-Confusion-Cases/issues

https://slashdot.org/comments.pl?sid=239319&cid=19593239 TM abandonded due to bad legal advice

we all want to be part of a positive movement in the world, we want there to be an org that supports the movement for positive change, and that we can align with. but we never really asked to stop to think whether OSI is really it

4 freedoms easier to understand ?

• You can’t untie licensing from the OSs spirit (ref to that blog post ) or ethos

• “need to make it palatable to businesses” but now businesses and comminity want to bring in ethics

• At least as optional category

• from that youtube video

  • “Bracket our tolerance” , liberties but allow evil.
  • Existing injustices : hire based on GitHub ?
  • Can’t employ ethics licenses under OSI . Nice quote 17:30

  New certification marks with categories. By OSI or something new

  ---

  Classes like CC. TM yes/no - see free software article “oss misses the mark” points out TM issues

  ########

  • how many times have you seen “everyone in the open source community agrees, except for you. so please change”. in my 20 year career i’ve seen this easily 20-30 times, and i’m wiling to bet this will be familiar to many of you too.

• (..) part of cute lists here

• so if there’s tens, or hundreds of instances of “everyone agrees except you”, perhaps not everyone agrees

- https://runacap.com/ross-index/methodology/ -> not OSI

https://unite.un.org/news/sixteen-organizations-endorse-un-open-source-principles while OSI endorsed, includes principles around diversity and collaboration.