Jbilling: Possible unauthorised use of OSI Certified service mark

Rick Moen rick at linuxmafia.com
Sat Dec 30 11:59:23 UTC 2006

I join Danese Cooper in thanking Ross Mayfield and Socialtext for
helping bring the Exhibit B-addenda issue to OSI's attention, and in
particular for the Generic Attribution Provision text, and Ross's
general spirit of dialogue.

If I've seemed a bit sharp, it's been partly because of some
forked-tongue statements and insultingly obvious distortions from
numerous other semi-related parties, which I've encountered both here
and elsewhere, which have correspondingly dominated the press's coverage
of this issue.

Let me give you one example (and many others could be cited):  CEO John
Roberts of SugarCRM, Inc., to my knowledge the original founder and main
exponent (well, alongside Matt Asay) of the MPL + Exhibit B
"Attribution" notion has for quite some time been going around telling
all and sundry[1] that _all_ he did was "merely combine elements from
two existing open source licenses -- the Mozilla Public License and the
Attribution Assurance License".

Roberts is also directly quoted (by David Berlind, in a podcast
interview) as saying, even more strikingly, "If you look through the
Sugar Public License ...it is the combination of two OSI approved
licenses.  The MPL and the [Attribution] Assurance License."

I believe Roberts has also made that same assertion here in on this
mailing list.

And thus OSI has _already_ been approving "attribution" licences[2] --
and SugarCRM has, we are told, has even been _more_ pure in its
approach than merely drafting a brand-new licence:  Instead, they just
grabbed two OSI-approved messages, and combined them.  Logically,
shouldn't that thus result in open source (is the implied question)?
What could be more reasonable?

Only one problem:  It's just not true!  The whole ball of wax, the whole
megillah, le chose entier, the _entire_ preceding line of reasoning, 
rests on a breathtakingly nervy misrepresentation of fact -- for, you
see, the Attribution Assurance License is _nothing_ like SugarCRM's
Exhibit B addendum (nor at all like any of the other 18 firms' licences
I mentioned).  Compare:

Relevant section of Edwin A. Suominen's Attribution Assurance License:

  Redistributions of the Code in binary form must be accompanied by
  this GPG-signed text in any documentation and, each time the resulting
  executable program or a program dependent thereon is launched, a
  prominent display (e.g., splash screen or banner text) of the Author's
  attribution information, which includes:

  (a) Name ("AUTHOR"),
  (b) Professional identification ("PROFESSIONAL IDENTIFICATION"), and
  (c) URL ("URL").

Relevant section of SugarCRM Public Licence v. 1.1.3:

  [I]n addition to the other notice obligations, all copies of the Covered
  Code in Executable and Source Code form distributed must, as a form of
  attribution of the original author, include on each user interface
  screen (i) the "Powered by SugarCRM" logo and (ii) the copyright notice
  in the same form as the latest version of the Covered Code distributed
  by SugarCRM, Inc. at the time of distribution of such copy. In addition,
  the "Powered by SugarCRM" logo must be visible to all users and be
  located at the very bottom center of each user interface screen.
  Notwithstanding the above, the dimensions of the "Powered By SugarCRM"
  logo must be at least 106 x 23 pixels. 

How are we to respond when someone comes to us and bases his entire
argument on a fundamental assertion of fact that turns out, upon cursory
examination, to be just plain false?

[1] Examples:  http://blogs.zdnet.com/Berlind/?p=211

[2] The Adaptive Public Licence also gets quoted in these advocacy
song-and-dance routines, as does Open Source License -- e.g., in the
long and equally distortive advocacy segments of Ross Mayfield's page
http://www.socialtext.net/stoss/index.cgi?attribution_memo .  Guess what?
Those licences are nothing like these Web 2.0 "Exhibit B" addenda, either.

More information about the License-discuss mailing list