Badgeware licences, Take Two

Matthew Flaschen matthew.flaschen at
Thu Feb 1 05:28:28 UTC 2007

Rick Moen wrote:
> Quoting Matthew Flaschen (matthew.flaschen at
>> Their FAQ ( also has the
>> interesting interpretation that one cannot:
>> * Sell any MSPL covered code
>> * Sell derived works of Mule
> Yes.  You may recall I asked John Roberts of SugarCRM to explain how a very
> similar FAQ entry on _that_ firm's Web pages

Yes, I remember.

  The MuleSource and SugarCRM FAQs say third parties
> _may not sell derivatives_.

Actually, these two both ban sales outright; see and  Jitterbit (another
company Radcliffe consulted for) says
( "Despite your
copyright, you can not sell derived code" [of JPL code].  One would hope
these companies know they probably can not enforce restrictions counter
to their license; who are they fooling, themselves or their customers?

> Anyway, predictably, we're now seeing the beginning of Badgeware Take Two --
> MuleSource yesterday, probably Socialtext in a few days or so.  The new
> tack seems to be to _try_ to defuse the heretofore slam-dunk OSD#10
> argument (which effort from MuleSource I do appreciate, as it at least
> tries, and can probably be fixed in that area), but retains from Take
> One the "big logo with name and URL must be shoved into every user's
> face" notion.

It's certainly an improvement, but still non-compliant in my view.

> Something I forgot to address earlier.  Craig Muth wrote:
>> Although I think many here on the list have made valid refutations for
>> many points raised by SugarCRM, I think this one still stands:
>>> I guess they didn't notice that it's not open source.  They
>>> downloaded it, accessed the source, modified it, forked it, and
>>> redistributed it.  If it smells like open source and tastes like
>>> open source...maybe it's open source? 
> I'll bet John Roberts (and Craig Muth) would _really_ like SATAN, then.
> No, not Satan; SATAN, the Security Administrator Tool for Analyzing
> Networks, released in 1995 by Dan Farmer and Wietse Venema.  The licence
> is similar to that of pre-3.0 releases of Tripwire and the
> source-available (pre-6.0) releases of PGP:  You could download the
> source, access the source, modify the source, fork the source, and
> redistribute the source.
> If you weren't paying attention, you might consider those facts to
> constitute "smelling like open source and tasting like open source" --
> and might hastily conclude that it _was_ open source.  
> [...]
> SATAN's still available:  It's just that nobody's cared in a decade,
> because its licensing crippled reuse, leaving a gap into which
> alternatives like Nessus stepped eventually.

To be fair, it seems Nessus also cripples reuse in the traditional
method ("You agree not to deliver or otherwise
make available the Software, in whole or in part,
to any party other than Tenable" ...).

Matthew Flaschen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the License-discuss mailing list