Certification Process

Alex Nicolaou anicolao at cgl.uwaterloo.ca
Tue Dec 14 19:05:42 UTC 1999


"Rafi M. Goldberg" wrote:

>         I recently submitted a license for certification, and I have
> yet to hear anything about it.  As it is, there has been very little
> activity on this mailing list.  I was just wondering how long it
> usually takes to get a license certified, from start to finish.

You know, I was just in the middle of writing a long rant on the subject
of the OSI certification mark, but I've decided that even writing the
message is a waste of time and I can summarize it in a few bullets:

- The OSI certification mark was introduced on June 16, 1999
- The licenses on http://www.opensource.org/licenses/ are OSI certified
- However, http://www.opensource.org/certification-mark.html#approval
has never been followed to certify a license

The OSI certified licenses fall into two categories:

1. Time-honoured licenses backed by many thousands of lines of code that
are in use on hundreds of thousands of workstations worldwide. These
licenses and their authors simply can't be ignored - they're the guys
we're always pointing to as proof that open source is good! We're
talking about Apache, BSD, GNU, Perl, Python, and X-windows for crying
out loud. If it wasn't for these people and the software they've
written, most of us wouldn't *have* open source development machines to
work on at all!

2. Licenses produced by corporate lawyers, run repeatedly through the
Bruce Perens filter, until finally they are OSI approved with Bruce's
"but you should really use GPL" still ringing in their ears.

Thus, I have concluded that if you want an OSI license, you should
follow one of three paths:

a) pick an existing one. That's what the people running the "OSI
process" will tell you to do, anyway.

b) write an medium-sized body of code (60,000 - 250,000 LOC) then
publish it with your license. Extra credit for operating system kernels,
windowing systems, compilers, and internet servers. Once everyone is
using your code they might remember to re-read your license.

c) join a large company and get their lawyers to get your license
through the approval process. 

Finally, I've noticed that the developers and users don't seem to care
what license you use. So, I'd recommend either doing (a) if having an
OSI license is important to you, or just ignoring the whole
certification mark and releasing your code with your own license. 

The bottom line is that the supposed OSI certification process has yet
to approve a single license. A certification mark that is not granted to
licenses that pass the objective terms of the process is a certification
mark that simply isn't worth having -- it effectively doesn't exist.
There appears to be only one person actively involved in reviewing the
licenses that appear on this mailing list, and while Bruce does a good
job, one person cannot provide "public comment"; it's not public comment
until at least a few people have discussed the license. 

So, accept OSI certification for what it is - a way of acknowledging the
greatest open source contributors and a marketing move for large
corporations that wish to enter the open source arena. The so-called
"process" just isn't for the little guy - at least, not until he's
proven that he's a hacker extraordinaire.

Well, there you have it. That's the "short" version of my rant - aren't
you glad I didn't post the original? :-)

alex



More information about the License-discuss mailing list