The Open Source Initiative board on Wednesday adopted a new way of approving open-source licenses, as well as a new classification system for existing licensees, at its meeting at the Open Source Business Conference in San Francisco.
The OSI (Open Source Initiative) is the organization that approves open-source licenses. While its blessing is not necessary in any legalistic way, few if any companies or developers would use a so-called open-source license without the OSIs blessing.
“License proliferation has become a significant barrier to open-source deployment,” the group declares in its “License Proliferation” document, a copy of which was obtained by eWEEK.com prior to its publication.
From now on, the group says, “Approved licenses must meet three new criteria of being a) nonduplicative, b) clear and understandable, and c) reusable.”
Additionally, the Open Source Initiative says it “will be moving to a three-tier system in which licenses are classified as preferred, approved or deprecated.”
“The class of asymmetrical, corporate licenses that began with Mozilla was a worthy experiment that has failed. The new policy will discourage them,” the group says.
Many companies, such as Sun Microsystems Inc. with its controversial CDDL (Common Development and Distribution License), have used the Mozilla license to create their own. Critics have pointed out, and Sun admits, that the CDDL is not compatible with the GPL (GNU General Public License), which is the legal foundation of Linux and many other major open-source projects.
To prevent this kind of conflict between licenses, the group is explicitly stating that one of the new policys goals “will be to promote unrestricted reusability of code.”
But the OSI board will not be making the call on its own on which new licenses will be approved. The group “has designed a public-comment process to include community stakeholders in grading licenses.”
The organization is still working on the details of exactly how this process will work, according to sources close to the board.
Next Page: Too many open-source licenses?
Too Many Licenses
?”> The board is also now publicly agreeing with what many of its members—as well as the software development community—have charged for some time: that there are already too many open-source licenses.
“[One] problem the open-source definition did not specifically address was deployment,” the OSI board says in its paper. “Because we tackled the other problems so effectively, deployment issues that would have seemed marginal in 1998 are now perceived as large challenges. At the center of many of those issues is the proliferation of open-source licenses.”
Indeed, because of this realization, Intel Corp. recently asked that its little-used “Intel Open Source License” (aka “BSD License with Export Notice”) be removed from future use as an approved OSI open-source license.
“The central activity of the open-source community is to create, reuse and recombine source code,” the board says. “Our development practice is built on recombination; we write modules, service libraries, plug-ins and programs to be combined into larger aggregates—larger programs, CD-ROM anthologies, entire operating-system distributions.”
Because of this, “code written under different licenses gets mixed together—combined in new source code, linked in the same runtime, called from the same script, included on the same media.”
Such combination “can leave software developers, users and distributors uncertain what their rights and responsibilities are,” the OSI board says. “That uncertainty has a chilling effect; even the perception of legal risk forecloses a lot of activity that would otherwise be productive.
“The hard truth is this: In order to address the problem of license proliferation effectively, both sides—both partisans of a particular license and companies—will have to give up their vanity projects. The day of the open-source license as tribal flag or corporate monument will have to come to a close.”
In the past, for example, flame wars between supporters of the GPL and the BSD licenses have thrown off a lot of heat while not throwing much light on licensing questions.
Moving forward, the OSI will not allow licenses that do nothing but duplicate terms already found in OSI-approved licenses. “The license must be clearly written, simple and understandable” as well.
“Open-source licenses are written to serve people who are not attorneys, and they need to be comprehensible by people who are not attorneys,” the group says.
In regards to new licenses, the OSI now demands that the license be reusable. “Specifically, if the license contains proper names of individuals, associations or projects, these must be incorporated by reference from an attachment that declares the names of the issuer and any other cited parties, and which can be modified without changing the terms of the license.”
The only exception, the group says, is that “the license may name its owner and steward.”
At the same time, to deal with the small mountain of already existing open-source licenses, the OSI will classify them as falling under one of three tiers: “preferred,” “ordinary” (“approved”) or “deprecated.”
“The goal will be to define a small enough set of preferred licenses to make the interactions among them manageable,” the group says. No licenses have yet been classified.
The OSI now is setting up a process for categorizing its licenses. This will be done both by the board and by “a series of public discussions on specific issues in the construction of licenses.”
Some of the criteria that will be used include jurisdiction and choice-of-law issues; hard-coded trademark and brand references; patent-defense clauses; symmetry of rights among parties; and termination clauses and their triggers.
The Open Source Initiative says it is implementing the changes to break down legal barriers to open-source projects.
“The best way for us to serve the corporations and the entire open-source community is to go back to first principles and insist on reusability without qualifications and a general flattening of legal barriers.”