Badgeware licences, Take Two (was: Ethical Restriction)

Rick Moen rick at
Thu Feb 1 04:30:45 UTC 2007

Quoting Matthew Flaschen (matthew.flaschen at

> Their FAQ ( also has the
> interesting interpretation that one cannot:
> * Sell any MSPL covered code
> * Sell derived works of Mule

Yes.  You may recall I asked John Roberts of SugarCRM to explain how a very
similar FAQ entry on _that_ firm's Web pages could possibly be
consistent with SugarCRM supposedly being open source -- it's still
there, by the way[1] -- and Roberts completely and scrupulously ignored
my question.

Isn't it funny how many of these folk suddenly become selectively unable
to perceive your mail, the moment it starts including inconvenient

More to the immediate point, is there _anyone_ left on this mailing list
who still doubts that the primary aim of all the "Exhibit B" addenda we've
seen from these 20-odd companies (most having cloned and slightly
mutated SugarCRM's clause, which pioneered the concept) is to impair
commercial reuse?  The MuleSource and SugarCRM FAQs say third parties
_may not sell derivatives_.  And MuleSource's CEO says outright that
their licence's main point is to force commercial users to buy separate
commercial licences![2]  How much clearer could this possibly be?

Anyway, predictably, we're now seeing the beginning of Badgeware Take Two --
MuleSource yesterday, probably Socialtext in a few days or so.  The new
tack seems to be to _try_ to defuse the heretofore slam-dunk OSD#10
argument (which effort from MuleSource I do appreciate, as it at least
tries, and can probably be fixed in that area), but retains from Take
One the "big logo with name and URL must be shoved into every user's
face" notion.  Which, unlike an About screen that _isn't_ force-fed, is,
as noted, _advertising, not attribution_.

By analogy:  If I slip a movie DVD into my Linux iBook and launch Xine,
I'm able to _skip_ the three minutes of trailers and Interpol notices
the studios want me to have no choice but to sit through (which is why
the Menu and similar remote-control buttons are locked out during
startup, on consumer DVD players).  The badgeware companies want to
mandate in perpetuity the same level of eyeball control over users --
and I'll be surprised if Socialtext's resubmission doesn't follow suit.
(If I end up being pleasantly surprised, great.)

Something I forgot to address earlier.  Craig Muth wrote:

> Although I think many here on the list have made valid refutations for
> many points raised by SugarCRM, I think this one still stands:
> > I guess they didn't notice that it's not open source.  They
> > downloaded it, accessed the source, modified it, forked it, and
> > redistributed it.  If it smells like open source and tastes like
> > open source...maybe it's open source? 

I'll bet John Roberts (and Craig Muth) would _really_ like SATAN, then.
No, not Satan; SATAN, the Security Administrator Tool for Analyzing
Networks, released in 1995 by Dan Farmer and Wietse Venema.  The licence
is similar to that of pre-3.0 releases of Tripwire and the
source-available (pre-6.0) releases of PGP:  You could download the
source, access the source, modify the source, fork the source, and
redistribute the source.

If you weren't paying attention, you might consider those facts to
constitute "smelling like open source and tasting like open source" --
and might hastily conclude that it _was_ open source.  

Until you read the licence.  If you were, and were paying attention,
you'd realise that Farmer and Venema had reserved most commercial rights
to themselves.

Oh, John seems to have forgotten about that:  You can have the right to
download, access, modify, fork, and redistribute the source, and yet it
might _not_ be open source. 

SATAN's still available:  It's just that nobody's cared in a decade,
because its licensing crippled reuse, leaving a gap into which
alternatives like Nessus stepped eventually.

SugarCRM's rather softer licence -- as Ben Tilly would point out in all
capital letters -- doesn't actually make commercial users UNABLE to
exercise those rights.  It just seeks to make them UNWILLING.  (And
their FAQ, of course, claims "UNABLE".)

And that, friends, is what this is really all about.

for Monday's article about SugarCRM having raised over $26 million in
venture capital, including $8 million from its main VC backer, Draper
Fisher Jurvetson:  Obviously, there's a heavy VC push behind them.
Board members include Josh Stein from Draper Fisher Jurvetson, Larry
Augustin of Azure Capital Partners and Medsphere (also known to some of
us from elsewhere), Mary Coleman formerly of Internet Capital Group.
The Board of Advisors includes Matt Asay, and also Andrew Aitken of
Olliance Group.  (Olliance is _also_ a recurring thread among these 20
firms, and in general you keep seeing a lot of the same faces.)


Cheers,        "History doesn't always repeat itself. Sometimes it just screams, 
Rick Moen      'Why don't you listen to me?' and lets fly with a big stick." 
rick at                               --John W. Campbell Jr.

More information about the License-discuss mailing list