I want to go ahead and share one FOSS developer's perspective on why I think that licenses which force distribution to users (such as the AGPL and OSL) are detrimental to development. I am a full-time FOSS developer who makes my money doing both private and public modifications of code. While I don't think that the OSI should disqualify such licenses categorically, I think that they do seriously undermine community development.
<br><br>My general feeling is that the labels of "Free Software" and "Open Source" both miss the mark and that what we should really be focusing on (because it leads to both openness and freedom) is community-centric development. Control over a project by a single vendor (MySQL, Trolltech, Digium) is to be shunned while software which is not dominated by a single commercial entity (Apache, PostgreSQL, Linux, FreeBSD) is preferred. All such solutions are by definition Free, or Open Source, but not all of the latter solutions are developed in a community-centric way.
<br><br>One big issue that you have with these licenses is that it makes it very hard to have a real thriving community which, say, encourages community members to set up demo sites. The basic problem is that every demo site is *required* to be a point of distribution, especially if any changes are made, especially given ambiguities such as what constitutes modification (are changes to a
config.php sufficient to trigger this? Is it different if it is a config.ini? Are all possible changes to these files safe?). From a project perspective, this means that a security fix may not be distributed as widely as hoped because demos and other distribution points may not be up to date. While open source provides challenges in this regard anyway, under permissive of classical copyleft licenses, one can more easily encourage demos not to distribute the software. This is a big problem and one of the major reasons I opposed a proposal which was raised to eventually move LedgerSMB to the OSL (especially a problem due to the number of security releases we have had to put out since the fork).
<br><br>I would also note that the classical copyleft licenses do, however, help to encourage businesses to contribute code to community projects where the pace of development is lower because that cannot be reused by their competition legally. So despite my opinion that copyleft is unnecessary for dynamic and active projects, it does have some benefits in the absence of a large and active development team.
<br><br>On the subject of whether this is necessary for web application, lest they be taken over by commercial close SAAS vendors.... In general, my feeling is that the best defense against this is an active developer community which is able to do quality software engineering and build things right. If this is not in place, then the community doesn't stand to benefit from the forced contributions of the SAAS vendors anyway and if it is in place then economic (not market) forces will help ensure that as much gets contributed as possible from these vendors just as happens with more permissive licenses.
<br><br><br>I guess I would ask about licenses such as the OSL and AGPL: Do you *really* want to make everyone who modifies a project (even if it is just a configuration file) to feel like they have to be a distribution point to be safe? What if you do security releases? Do you really want a large number of distribution points which are likely to be vastly out of date? (The FOSS community has come a long way in keeping secondary distribution points up to date, but why complicate things?)
<br><br>Licenses like this, however, encourage a single vendor to control the copyright and then sell additional licenses (i.e. exceptions from the forced distribution, etc). These sorts of things undermine rather than help community-centric development and I would probably avoid using these licenses for any of my own work.
<br><br>Best Wishes,<br>Chris Travers<br>