[beyond-copyright] Noticing when a company offers OSS edition as SaaS.

Brian Behlendorf brian at behlendorf.com
Wed Mar 30 05:04:34 UTC 2016 

I believe wordpress.com is also OSaaS, though IIRC they offer commercial 
templates and plugins provided by 3rd parties, and it could be the case 
that their billing and provisioning software is purpose-built and not 
widely released.  With software like ZPanel and Webmin and others there 
may be a way to avoid requiring sites to also open source their equivalent 
software and scripts, which are likely much more difficult to genericize. 
After all, we allow there can be OSS software that runs on proprietary 
operating systems and hardware.

I like a carrot-and-stick approach - badges if they pass a certain set of 
criteria (self-attest, perhaps), and public shaming if they either are 
found to have failed those criteria or otherwise confuse the customers 
regarding which pieces are truly OSS/OSaaS.

Since this is generally harder to interrogate than someone's public 
license, would it be inappropriate to suggest a certification program, one 
with fees to fund the human time to conduct a certification process?  Or 
is there some scalable way involving whistleblowers?  Perhaps the 
self-attestation includes a provision swearing not to prosecute company 
employees who approach OSI or the public with contrary evidence.  Though, 
ugh, this is all more complicated than approving licenses.

Brian

On Tue, 29 Mar 2016, Karl Fogel wrote:
> One of the ideas we discussed in San Francisco was this:
>
> Many companies do That Thing where they maintain an open source edition [1] and then a proprietary edition [2] that is based on the OSS edition -- but then they offer paid hosting *only* for the proprietary version.
>
> So for companies that do the awesome thing and offer full-service SaaS hosting for completely open source products, the OSI could provide some kind of trademarked logo (based on the OSI keyhole logo), which those companies can use to signify that the hosting product meets the "OSaaS" standard.
>
> By the way, there are such companies.  I had a conversation with someone at Odoo (https://odoo.com) in which they indicated that *all* their products are the fully open-source SaaS and that they were willing to guarantee that would continue to be the case (i.e., that they wouldn't silently or accidentally upgrade or cross-grade a customer to something with proprietary bits in it).  The same is apparently true of Kolab (https://kolabnow.com/).  There are probably others.
>
> The key thing is probably to tie this badge to the *product*, not the company.  A company might also offer non-OSS SaaS, and that's fine.  The important thing for potential customers to be able to distinguish between OSS and non-OSS SaaS offerings, so they can choose the OSS one for all the usual reasons.  Interestingly, even with Odoo and Kolab, it was difficult to find out whether a given SaaS offering was purely OSS; I eventually had to call them up and ask.  In fact, look at the Kolab web site and see if you can even figure out that their stuff is open source at all.  Hint: it's there -- the link you want is https://kolabnow.com/feature/freedom -- but you have to choose just the right path from the front page to find it :-).  Maybe if the OSI could help make this more of a thing, by providing an attractive badge and the "OSaaS" abbreviation, it would give companies like Kolab a bandwagon to get on.
>
> Now, secondarily: is it worth harassing companies about the damaging terminology in [1] and [2]?  Should using that terminology be a disqualifier from using the badge?  I don't know.  Probably not.  Better to use other methods of public shaming, I guess?  Not sure on this one.  It's just annoying to see that awful and counterproductive terminology becoming the norm, and I wish there were something we could do about it, but maybe the effort/result ratio isn't great.
>
> But in any case, badging OSaaS, in the way we do OSS itself, could be a really useful thing to do, and would be a very clear-cut win.
>
> Thoughts?
>
> Best regards,
> -Karl
>
> [1] Which they always call the "community edition", even though there's usually little or no community around it.
>
> [2] Which they always call either the "Enterprise Edition" or the "Commercial License edition", even though the open source edition might be perfectly suitable for enterprise use, and anyway all open source licenses are commercial licenses too.  Insert sigh here.
> _______________________________________________
> beyond-copyright mailing list
> beyond-copyright at opensource.org
> https://lists.opensource.org/cgi-bin/mailman/listinfo/beyond-copyright
>

More information about the beyond-licensing mailing list