ZDNet article - why attribution matters

Michael Tiemann tiemann at opensource.org
Tue Nov 28 05:21:19 UTC 2006

On Mon, 2006-11-27 at 20:37 -0800, John-Sugar wrote:
> Michael,
> There are multiple ways of protecting attribution. We use a text based
> language PHP, that does not need to be compiled. If we did use a language
> that required a compiler it would be much, much easier for us to embed our
> attribution marks in, say a Linux distribution and make it virtually
> impossible for anyone to compile the source with the attribution marks
> removed. 

I don't see how a compiler makes it easier, rather than harder, to
protect proper attribution in code.  In fact, when I was doing the G++
compiler for embedded systems, there was quite a conundrum about how to
embed "Copyright (C) 1989 Free Software Foundation" into embedded object
code for libg++ when every single byte of ROM is contended and every
single byte of executable counted against our code size benchmark score.
Placing attribution in a PHP script that can be examined by any human
who wishes to read the code would have been a blessing to me.

> Just another example of a way to be technically OSI approved, but still
> protect your attribution marks. What happens if you remove all the redhat
> marks and compile the source? RHEL makes that super simple right? No compile
> issues? Any average developer should be able to do this right? Can you point
> me to an URL and instructions on how to do this? 

IANAL, so this is not legal advice.  However, I found this:
http://www.raimokoski.com/lineox/rhel2lel.php .  The CentOS folks take a
different approach, which is to replace rather than to remove:
logos-1.1.26-1.centos4.4.noarch.rpm.html .  I am given to understand
that Oracle's entry into the Linux distribution business was not, in
fact, to clone Red Hat's Enterprise Linux, but to clone CentOS and
charge infinitely more money than that free product.  In any event, you
can see from the above URLs that when Red Hat had a choice of whether to
sprinkle its marks all over the place and make it a truly difficult
exercise to exercise the GPL, Red Hat chose to make it as
straightforward as possible to use the software and the freedoms it

> Another way is to add external service agreements that surround GPL code
> that place extended limitations on the use of GPL code within enterprises
> that buy commercial linux subscription contracts? If this is true, it
> doesn't seem very open source to me. Even though it's 'OSI approved'. 

The limitations govern the service and support, not the source code
itself.  Commercial gain is not antithetical to free software.  Open
Source is not free software + commercial restrictions.  What Red Hat has
done is to keep its commercial terms completely separate from the source
code, thereby protecting the promise of the GPL (and other OSI
licenses).  That Red Hat does have a successful commercial model does
not itself violate the letter or the spirit of the GPL (or any other
OSI-approved) license.

> OSI is an organization that I believe tries very hard to represent the
> interests of both developers and users. I really do not like the idea of a
> small group of folks (I'm curious to understand how board members are
> chosen, elected, etc.) trying to create laws for the rest of the world. Open
> Source to me is about freedom. It's about letting the collective wisdom of
> crowds choose the licenses as they, the users see fit. Let the best licenses
> win.

I'm all for letting the best licenses win...I believe that when the
largest IT companies in the world all basically concede the superiority
of the GPL (one way or another), we see that process in action.  The OSI
has taken a position to /not/ attack licenses, be they open source,
free, or proprietary.  However, what we have done is to try to uphold
standards around what it means to be open source, and when people claim
their licenses to be open source without OSI approval, we try to resolve
the matter by either reviewing the license or by convincing the licensor
that they would better serve their own commercial interests by making a
more precise representation of their license.

> I am not trying to stir things up too much here. I'm a huge believer in what
> we are all trying to accomplish collectively. I've purposely stayed away
> from this discussion because it felt more like punditry then action. And
> most importantly, the acknowledgement that open source is growing, but it is
> also changing. I hope OSI does not get stuck in the past or it could, and I
> think will be superseded by a new open source organization that more people
> both developers and users feel represent their real interests and values. 

We are eager for more participation as both Open Source and the OSI
grow.  I will note that despite much fanfare 5 years ago, another effort
aimed at replacing open source with something more commercially
friendly--it was called shared source--has gained little attention,
precisely because it failed to deliver precisely what Open Source
promises: the actual freedom to do something new.

> Attribution is here to stay. If you refuse to acknowledge it, you are trying
> to stop change, which will be very hard to do I believe.

I agree that attribution, as a legal concept, has been here for a long
time and will be around for a long time to come.  I do not agree that
arbitrary requirements labeled as attribution are proper, and I am
interested in hashing out precisely what are the reasonable limits to
what constitutes proper attribution and to what extent such proper
attribution fits inside or outside the OSD.  The answers I received from
the Creative Commons licensing mailing list make me much more
comfortable that narrowly defined forms of attribution are likely OSD
compatible, but I also do not think they satisfy the expectations you
may have for what is enough.  Where we draw the attribution line is
going to play a significant role in whether it fits within or lies
outside the OSD circle.

> John 
> Michael Tiemann wrote:
> > 
> > On Mon, 2006-11-27 at 18:50 -0800, Lawrence Rosen wrote:
> >> Hi John,
> >> 
> >> The issue isn't just "Why attribution matters," because it obviously
> >> does.
> >> Attribution is already mentioned in lots of FOSS licenses. Attribution is
> >> important to every author, not just commercial ones who work for a living
> >> (although most do!). Notice of authorship is so important that the US
> >> Copyright Act even makes the fraudulent removal of a copyright notice a
> >> criminal offense. 17 USC 506(d). 
> >> 
> >> We should instead be asking: How much attribution is enough? How much
> >> attribution can be demanded in an open source license? 
> > 
> > This conflates two very important questions.
> > 
> >> I don't believe anyone has argued yet that Sugar's license crosses the
> >> line.
> >> Most of us simply aren't sure where the line should be drawn. You can
> >> legally require in a software license that licensees put neon signs on
> >> the
> >> highway to announce your copyrighted work, but is that open source?
> > 
> > First: is it attribution?  The Creative Commons folks seem to agree that
> > attribution "in the manner specified by the author" is not a blank
> > check, and they say so in the code (but not the deed) of the license.  A
> > requirement for neon in attribution is not, strictly speaking, needed to
> > satisfy the legal requirements of legal attribution.
> > 
> > Second: is it open source?  Just as a lawyer cannot say for sure what
> > the law says until a judge renders a verdict (and even then a successor
> > judge can render a different judgment), the only way to know for sure
> > that something satisfies the Open Source Definition is to put the
> > license before the OSI approval process and see if it is approved by the
> > process.
> > 
> > M
> > 
> > 
> > 
> > 
> -- 
> View this message in context: http://www.nabble.com/ZDNet-article---why-attribution-matters-tf2715092.html#a7573276
> Sent from the OpenSource - License-Discuss mailing list archive at Nabble.com.

More information about the License-discuss mailing list