Open Source Licenses and Embrace-Extend-Extinguish

[Michael Poole]

msibley at itoperators.com writes:

> My point here, is that people who support and develop free software and open
> standards should have some litigious reciprocity available against vendors who
> don't play nice. Malicious vendors should be responsible to everybody they
> screw, not just the original authors.
>
> So anything out there like that?
> Opinions? Comments?

Off hand, and based partly on many previous discussions of that
essential question, there are at least five major problems:

1. If enforceable, this would violate criterion 6 of the Open Source
Definition (no discrimination against fields of endeavor).

2. It would make it impossible for anyone to release an in-progress
version of software that supports the standard, which is a common
practice among open source developers.

3. It would not stop extend-and-extinguish tactics like those used in
some directory services -- where a vendor's server implements
proprietary extensions in the proper name space and the vendor's
clients effectively require those extensions.

4. It leaves anyone who releases buggy software (and that's everyone)
at risk of legal action if their bugs alter the program's behavior
with respect to the protocol implementation.

5. It would probably not be enforceable at all for a redistributable
standard: the copyright license on the protocol definition would not
impose obligations on those who implement the protocol.

Perhaps the most feasible compromise is to publish a test suite for
both sides of the protocol and require any software to pass that
before it may implement extensions to the protocol.  This would
resolve #2 and #3, and maybe #4, from the list above.  I believe this
is roughly the approach that Sun tried with Java.  They obviously did
not care about #1 at the time, and used non-copyright licenses to
address #5.

Michael Poole