Forced distribution licenses (AGPL/OSL/etc): Why not.

Sat Dec 15 06:32:50 UTC 2007

I want to go ahead and share one FOSS developer's perspective on why I think
that licenses which force distribution to users (such as the AGPL and OSL)
are detrimental to development.  I am a full-time FOSS developer who makes
my money doing both private and public modifications of code.  While I don't
think that the OSI should disqualify such licenses categorically, I think
that they do seriously undermine community development.

My general feeling is that the labels of "Free Software" and "Open Source"
both miss the mark and that what we should really be focusing on (because it
leads to both openness and freedom) is community-centric development.
Control over a project by a single vendor (MySQL, Trolltech, Digium) is to
be shunned while software which is not dominated by a single commercial
entity (Apache, PostgreSQL, Linux, FreeBSD)  is preferred.  All such
solutions are by definition Free, or Open Source, but not all of the latter
solutions are developed in a community-centric way.

One big issue that you have with these licenses is that it makes it very
hard to have a real thriving community which, say, encourages community
members to set up demo sites.  The basic problem is that every demo site is
*required* to be a point of distribution, especially if any changes are
made, especially given ambiguities such as what constitutes modification
(are changes to a config.php sufficient to trigger this?  Is it different if
it is a config.ini?  Are all possible changes to these files safe?).  From a
project perspective, this means that a security fix may not be distributed
as widely as hoped because demos and other distribution points may not be up
to date.  While open source provides challenges in this regard anyway, under
permissive of classical copyleft licenses, one can more easily encourage
demos not to distribute the software.  This is a big problem and one of the
major reasons I opposed a proposal which was raised to eventually move
LedgerSMB to the OSL (especially a problem due to the number of security
releases we have had to put out since the fork).

I would also note that the classical copyleft licenses do, however, help to
encourage businesses to contribute code to community projects where the pace
of development is lower because that cannot be reused by their competition
legally.  So despite my opinion that copyleft is unnecessary for dynamic and
active projects, it does have some benefits in the absence of a large and
active development team.

On the subject of whether this is necessary for web application, lest they
be taken over by commercial close SAAS vendors....  In general, my feeling
is that the best defense against this is an active developer community which
is able to do quality software engineering and build things right.  If this
is not in place, then the community doesn't stand to benefit from the forced
contributions of the SAAS vendors anyway and if it is in place then economic
(not market) forces will help ensure that as much gets contributed as
possible from these vendors just as happens with more permissive licenses.

I guess I would ask about licenses such as the OSL and AGPL:  Do you
*really* want to make everyone who modifies a project (even if it is just a
configuration file) to feel like they have to be a distribution point to be
safe?  What if you do security releases?  Do you really want a large number
of distribution points which are likely to be vastly out of date?  (The FOSS
community has come a long way in keeping secondary distribution points up to
date, but why complicate things?)

Licenses like this, however, encourage a single vendor to control the
copyright and then sell additional licenses (i.e. exceptions from the forced
distribution, etc). These sorts of things undermine rather than help
community-centric development and I would probably avoid using these
licenses for any of my own work.

Best Wishes,
Chris Travers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20071214/35965069/attachment.html>