Yet another overblown open source debate

Matt Aslett of The 451 Group and I met in London this morning, and discussed a range of issues. One thing that came up, which Aslett discusses on his blog, was the furor over CPAL, AGPL, and other open-source licensing designed for the Internet. I heavily contributed to that furor but, looking back, it would seem that the concerns were almost completely overblown.

Mea culpa.

A year and a half later, very few open-source projects use the CPAL license, which introduced a specific form of graphical attribution for open-source projects. There was sound around it, and there was fury, but the reality is the world didn't end when the OSI blessed CPAL, neither with a bang nor with a whimper. It simply ignored the licenses, even though a few prominent open-source companies like Zimbra still use CPAL licensing.

Affero General Public License (AGPL)? Fabrizio Capobianco cheered its progress recently, and I continue to believe it has a valuable role to fill, but the reality is that it powers 181 open-source projects out of more than 180,000, according to Palamida, and most of the projects that have adopted it are no-name projects.

Despite our efforts to tweak open-source licensing to fit the realities of Web-based "distribution" of software, the world still revolves around L/GPL, BSD/Apache, and MPL. I doubt this is going to change anytime soon.

Why? Because customers don't care about this issue. Just as they don't care about whether 100 percent of their code is open source, they also don't care about vendors protecting their code from other vendors. They just want software that works. If freedom comes with that, all the better, but they don't fetish licenses the way open-source vendors and communities do.

License proliferation, badgeware, and all the other "big" open-source licensing debates have turned out to be somewhat hollow in retrospect. Customers are voting for open-source software, not open-source licenses. There is a difference.

[jrepenning]

What is the point of quoting statistics based on the number of open-source projects? One of the great inventions of the open source movement is "cheap failure," and there are, as we all know, many many FOSS projects that are simply dead and irrelevant. It's tough on flip statisticians, I know, but there it is.

In any case, AGPL and/or CPAL have their full effect if even one FOSS component uses them, if I want to use that component, just as GPL would matter hugely even if only Linux used it.

[alamp23]

jrpenning, you make a fantastic point on the community side. And indeed the open source community recognizes that. But it does not help much from a commercial open source perspective if only a small number of companies adopt your license. To thrive commercially, a commercial open source vendor needs broad adoption of their product. So in that case, statistics matter.

[jgodse]

You are absolutely right. Most software folks just don't care. Web application providers that host their applications care even less. If you are a business that hosts web apps, you only really have to worry about AGPL (which forces you to give up your code) and licenses such as MPL or EPL that require you to send improvements back to the originator.

If you are a software distributor, then you only have to worry about GPL 2.x or 3.x because they require you to distribute the source to the entire derivative work. However anything that is MIT/BSD or Apache 2.0 is very safe for the business to use in terms of software licenses.

Check out my page at <a href="http://www.squidoo.com/software_ip_management">http://www.squidoo.com/software_ip_management</a> for more thoughts on this topic.