The Role of the OSI

  • Article

Steven J. Vaughan-Nichols expressed his desire to see fewer OSI-approved licenses a couple of days ago. He applauds the decisions of Intel and Sun to retire certain licenses and then chastises CA, IBM, Lucent, and Nokia for not getting rid of their "vanity" licenses. There is more to this than he touches on in his column.

I am a fan of the simplification of licensing of source code. The most difficult questions regarding most OSS-licensed code revolve around what other code is license-compatible. The FSF has a long list of licenses that are incompatible with the GPL. Few people understand that ALL reciprocal licenses are by default incompatible with each other due to the very terms that make those licenses unique. Can I run code licensed by the Python Foundation with code from Apache? What if I combine it with Eclipse-licensed code, or want to mingle in some Mozilla-licensed stuff? Can I do that?

License proliferation is an issue. And one that we have wrestled with at MS for a while as well. As each project goes out the door, and each team has a desire to do certain things with their project - you get a natural growth in the number of licenses. This is true for OSI-approved communities as well as others such as Microsoft. The reality is that the owner of the copyright can choose whatever license they would like to release their code under. It is their property - and for that reason, OSS code is proprietary (in the traditional, non-pejorative use of that word). MySQL is 100% copyright holder of their code. The FSF is 100% copyright holder of their code. They, and only they, get to choose how it is licensed - it is their property.  Witness the Mambo situation and the issues that have come up due to the ownership of the copyright by Miro.

So what is the role of the OSI in this mess of licensing? From their website:

"Open Source Initiative (OSI) is a non-profit corporation dedicated to managing and promoting the Open Source Definition for the good of the community, specifically through the OSI Certified Open Source Software certification mark and program . You can read about successful software products that have these properties, and about our certification mark and program, which allow you to be confident that software really is "Open Source." We also make copies of approved open source licenses here."  

In other words, they are looking to establish themselves as the arbitor as to what is "open" or not. I don't think that is a bad thing. In fact, look at the choice SourceForge made long ago regarding licensing on their website. They were being asked routinely to pass judgement on a project as to whether or not it was "open." They quickly realized this was a losing scenario for them so they made a very simple declaration - you want to be on our site, you use an OSI-approved license. Much simpler for them. Ok, so in that capacity the OSI is a very good thing. There are many industry standards bodies and they are performing important functions. Most importantly though - these standards bodies are neutral actors. Meaning, they create a level field in a specific space for competitors and partners alike to come to consensus. There are rules in place to protect all players and the very neutrality of the body provides a trusted working environment.

I think this is a lesson that should be closely paid attention to by the OSI. Right now they are not neutral, nor are they measured in their response to certain issues. If the ideas embodied in Mr. Vaughan-Nicols piece are to be carried through - meaning, have property owners use common license terms so that there is less friction for the adoption of certain technologies, then the OSI is going to have to step-up in a way that they have not chosen to do so today.