Will The Real Open Source CRM Please Stand Up?

Dana Blankenhorn's story How far can open source CRM get? has finally pushed me to respond to the many people who have asked "When is the OSI going to stand up to companies who are flagrantly abusing the term 'open source'?" The answer is: starting today. I am not going to start by flaming Dana. As President of the Open Source Initiative, I feel a certain amount of responsibility for stewardship of the open source brand, including both the promotion of the brand as well as the protection of the brand. The topic of "what is really open source and what is not?" has been simmering for quite some time. And until last year the question was trivial to answer, and the answer provided a trivial fix. But things have changed, and its time to regain our turf. I have been on the board of the OSI for more than 5 years, and until last year it was fairly easy for us to police the term open source: once every 2-3 months we'd receive notice that some company or another was advertising that their software was "open source" when the license was not approved by the OSI board and, upon inspection, was clearly not open source. We (usually Russ Nelson) would send them a notice politely telling them "We are the Open Source Initiative. We wrote a definition of what it means to be open source, we promote that definition, and that's what the world expects when they see the term mentioned. Do you really want to explain to your prospective customers 'um...we don't actually intend to offer you these freedoms and rights you expect?'." And they would promptly respond by saying "Wow! We had no idea!" Maybe once or twice they would say "What a novel idea! We'll change our license to one that's approved by you!". Most of the time they would say "Oops! Thanks for letting us know--we'll promote our software in some other way." And they did, until last year. Starting around 2006, the term open source came under attack from two new and unanticipated directions: the first was from vendors who claimed that they have every bit as much right to define the term as does the OSI, and the second was from vendors who claimed that their license was actually faithful to the Open Source Definition (OSD), and that the OSI board was merely being obtuse (or worse) in not recognizing that fact. (At least one vendor has pursued both lines of attack.) This was certainly not the first attack we ever had to repel, but it is the first time we have had to confront agents who fly our flag as their actions serve to corrupt our movement. The time has come to bring the matter into the open, and to let the democratic light of the open source community illuminate for all of us the proper answer. Dana reports correctly when he says: Then there's open source, the only way in which CRM start-ups can elbow their way into the market today. And so it is for numerous classes of applications and numerous software markets. But I disagree completely with his next statement, which is logical but also fallacious: SugarCRM, SplendidCRM and now Centric have proven [sic] there's a place in the market for this (if you read your license carefully). It is logical precisely because there really is not room in the market for Yet Another Proprietary CRM system. It is fallacious because THESE LICENSES ARE NOT OPEN SOURCE LICENSES. This flagrant abuse of labeling is not unlike sweetening a mild abrasive with ethylene glycol and calling the substance Toothpaste. If the market is clamouring for open source CRM solutions, why are some companies delivering open source in name only and not in substance? I think the answer is simple: they think they can get away with it. As President of the OSI, I've been remiss in thinking that gentle but firm explanations would cause them to change their behavior. I have also not chased down and attempted to correct every reporter who propagates these misstatements (the way that Richard Stallman does when people confuse free software with free beer, or worse--to him--open source). I have now come to realize that if we don't call them out, then they will get away with it (at least until customers realize they've been fooled again, and then they'll blame both proprietary and open source vendors alike; they probably won't be particularly charitable with the press or careless industry analysts, either). If we don't respond to those in the press who fall (or are pushed) into these logical traps, we are betraying the community. So here's what I propose: let's all agree--vendors, press, analysts, and others who identify themselves as community members--to use the term 'open source' to refer to software licensed under an OSI-approved license. If no company can be successful by selling a CRM solution licensed under an OSI-approved license, then OSI (and the open source movement) should take the heat for promoting a model that is not sustainable in a free market economy. We can treat that case as a bug, and together we can work (with many eyes) to discern what it is about the existing open source definition or open source licenses made CRM a failure when so many other applications are flourishing. But just because a CEO thinks his company will be more successful by promoting proprietary software as open source doesn't teach anything about the true value of open source. Hey--if people want to try something that's not open source, great! But let them call it something else, as Microsoft has done with Shared Source. We should never put the customer in a position where they cannot trust the term open source to mean anything because some company and their investors would rather make a quick buck than an honest one, or because they believe more strongly in their own story than the story we've been creating together for the past twenty years. We are better than that. We have been successful over the past twenty years because we have been better than that. We have built a well-deserved reputation, and we shouldn't allow others to trade the reputation we earned for a few pieces of silver. Open Source has grown up. Now it is time for us to stand up. I believe that when we do, the vendors who ignore our norms will suddenly recognize that they really do need to make a choice: to label their software correctly and honestly, or to license it with an OSI-approved license that matches their open source label. And when they choose the latter, I'll give them a shout out, as history shows. Please join me, stand up, and make your voice heard--enough is enough.


I'm really glad you're speaking out, and I definitely hope the community joins you. OSI has been complacent about this too long, and this is a very positive step for the organization. But since you're a Red Hat VP, I can't ignore RHX (http://rhx.redhat.com/rhx/catalog/products.jspa), which just happens to sell both SugarCRM and Centric (among others). Red Hat should take a leadership role in this and give the store a good house-cleaning (after current contracts expire if needed). I think you recognize that rationalizations like "We realize that there is debate about which companies are truly open source." (http://rhx.redhat.com/rhx/support/article/DOC-1289) are no longer sufficient.

Your rant appears to carry even less weight when balanced with your Executive position in a company that doesn't share your view. "As President of the Open Source Initiative, I feel a certain amount of responsibility for stewardship of the open source brand, including both the promotion of the brand as well as the protection of the brand." Take responsibility. Does Red Hat include a logo when shipping ? Does your paycheck have that same Red Hat logo ?

It would be hypocritical of me to demand that others badge their software when I myself have argued against badgeware. But I am not. I am saying that if somebody says "XYZ is open source" and lo, XYZ is not available under an open source license, that such use of the term harms the movement. I try really hard to keep Red Hat out of my OSI-related writings, because I see my role at Red Hat and my role at the OSI as two separate roles. My experiences at Red Hat have certainly informed my understanding of open source, and I do bring that experience to the OSI, but I do not use the OSI to advocate for Red Hat or vice-versa (which would be a conflict of interest). I will say that as Pesident of the OSI, I'm a lot less agitated when company X, whose primary product is a proprietary database, says "we're an open source company" than I am when company Y making product Z says "our product is open source" when the license is either not OSI-approved, or worse, clearly a violation of the open source definition. To me, open source is something that applies to software, and so I don't need to worry very much when people use the term in non-software contexts.

I understand your point about the difference between an open source company and an open source product. However, CentricCRM and SugarCRM both call their /product/ Open Source CRM. So your point may apply to EnterpriseDB, but not to them. I also understand your role at Red Hat is separate from this one, but it does seem somewhat hypocritical for you to personally ignore RHX.

The problem is that some folks look at the phrase "open source" to mean "free to do whatever you want with this sourcecode - including changing it, making money off of it (if you can figure out how) and passing it on to everyone in the world if you want, including grandma". RIGHT ? - RIGHT. - That's the OSI definition at heart. And what Michael is trying to defend and good for him in that commitment. And then you have other folks saying that the phrase "open source" really just means "we make the code viewable to you, but you better not try to make money off of it, because that's what we are trying to do and develop a business model off of it... and so we feel we can use the phrase open source...and ignore the real principle and 1st definition of the phrase and just take it literally to mean 'viewable' and nothing more than that. And we can do this because it's just 2 english words put together that a lot of people find interest in and so we'll try to get interest in our company or product and use the damn thing, because we can, and further more, it's freakin legal, so lay off our backs, we're doing what WE want" Well, folks, I DO have a problem with those that think it means just "viewable". As many of you have stated, the term has grown to encompass more meaning, but at the same time others have given it less. Who is right ? Both are in the dictionary, and there lies the REAL problem. How do we fix the problem ? Easy. Force everyone to start using the 1st defined, historical PRINCIPLE use of the term and not the second! (But isn't that what OSI's original mission is supposed to be for Christ's Sake ? ) How do we do that ? By telling them that you will not download their limited rights software, use it, promote it, etc, if they don't want to use the 1st definition of "open source" or at least change their terminology to something else and stop confusing most folks that know and use the 1st definition of the phrase. Folks, this is so easy to fix! And OSI has GOT to do a better job of defending the 1st definition. Dear God, please ! Because many of us are tired of reading a long license just to find out if we can freely redistribute the damn stuff and make changes and make money ourselves, or not. Many of us may want to be lazy and just see the phrase "open source" and not have to read and read. But maybe WE are the problem here in that regard ? Lazy ? Maybe not... I myself read the damn license and if it limits my distribution rights, then it's not "open source" like their website says but just "viewable". And I may move on to something else I can use and learn from without penalty. Instead of messing around with their limited use product. It's a very easy choice for me as stated above. I let the vendor know they shouldn't use the phrase "open source" to mean just "viewable" Even if it is LEGAL, it's still cheating. And we ALL FREAKIN KNOW IT. Don't we all ! So stop using THAT phrase and start being honest and use something else or I won't even give you the time of day ! Thank you OSI and please defend this better, and that goes to all of you as well !

I am Richie from vtiger. I am glad this discussion is happening seriously now. vtiger is 100% Open Source CRM software (http://www.vtiger.com). In fact, our punchline, the "Honest Open Source CRM" is an adjective so that we state that we are genuinely open source. There are so many kinda,sorta open source products in the market that we have to go the extra mile in differentiating ourselves. The fakes have actually muddied the water quite a lot and most of the people who evaluate our product are very particular about the licencing part even when we are 100% Open Source. This doubt creation has been courtesy the fakes. Most of the times nowadays, the term 'Open Source' is being used as a marketing tool. This happens freely due to the lack of any strict governing body. Richie

I absolutely agree with you; while it is not easy to identify what an OSS company is (I wrote something about that at http://robertogaloppini.net/2007/05/29/open-source-firms-what-is-an-os-company-anyway/ ) I would really like a stronger protection from people claiming to be open when the license is clearly proprietary. The problem is that a faster approach should be implemented for the various new licenses, like "badgeware" like the many MPL+attribution clause that are used in many projects right now. This, coupled with stronger protection should help the market in separating true OSS from pretenders.

While I certainly share your enthusiasm, without a legal means to enforce this you are not likely to see much compliance. OSI should have never dropped the pursuit of a trademark for "Open Source". With the trademark this would be an easier problem to solve. I think that OSI might still be able to get a trademark in software based on usage for the mark but it will certainly be an uphill battle. It's still a course of action that I feel OSI should pursue without delay.

While the current US Administration rolls back decades of efforts to protect the environment, some of the top US companies, including companies that sell equipment used to destroy the Amazon rainforest, have made their own coalition to make environmental concerns part of their new, collective strategy. In that arena, there is no legal incentive to be green, but there are financial, economic, and social reasons why these large companies have agreed to act more responsibly than the law requires. My appeal is for the community to assert its own views so that those who wish to flout our standards can be called to account, at least in the marketplace of ideas. We may not win a legal injunction against bad business practices, but neither will they be very successful for very long by ignoring the people they purport to sell to.

OSI does not have a trademark on the phrase Open Source, whether it is spelled with capital or small letters. As such, there is no legal basis for you to dictate how that phrase should be interpreted, applied and/or marketed. You have no basis for defining or approving what constitutes an open source license, except through your name, public support and dedication. The term "open source" is in itself simply used to describe software where the source code is available to the public and/or end user. That's a very popular interpretation and carries no other notions about the license model under which the software has been released or how that source code might eventually be used. I will continue to release software and continue to label it as being open source, because that is precisely what it is. The source code is available for you to read. On top of that, my license might specify that you can only use my software if you telephone me and tell me a joke. My software would still be open source, even with such an absurd license. However, my software would not be Free Software, and Richard Stallman or the Free Software Foundation would surely shake their heads in disbelief at my license; But if you contacted me and demanded that I remove the words "open source" from my marketing material I would have a dazed and confused look on my face before my shoulders would shrug and I would go for a pint. I applaud your work and dedication, but they do not give you any basis on which to be the king of how generic words should be interpreted. Cheers Thor Larholm

That's probably "Readable Source" or "Available Source" software, "Open Source" software to me means anyone else got the right to modify and redistribute. -- Please, many projects already use the OSI approved and the LOGO for the license, if we want people to know something to rely on what is truly open source software then what is to be promoted is to use the OSI certified license logo. Since "Open Source" is unfortunately not trademarked.

It is true that the OSI did not trademark the term "Open Source". However, you seem to be unaware of the fact that the term "Open Source" was coined by Eric S. Raymond and Bruce Perens, who founded the OSI. So, in my mind, this gives the OSI the right to define the term as whatever they see fit. If you were to license software that required telling you a joke for use, it would not be open source, regardless of what you decided to call it. I like to call my '85 Dodge "Cadillac" but that doesn't make it so.

my software would not be Free Software, and Richard Stallman or the Free Software Foundation would surely shake their heads in disbelief at my license
Who made Richard Stallman king? From what I see, "Free Software" is as generic a term as "Open Source". You could call your software Free Software and shrug at Stallman's demand that you remove those words from your marketing material, possibly citing that your software is available for free (at zero price, excluding the cost of the phone call and opportunity cost of time spent thinking of and telling the joke). If you recognise Richard Stallman as "king" with respect to "Free Software", then you should recognise Eric Raymond as "king" with respect to "Open Source", otherwise you are inconsistent.

OSI does not have a trademark on the phrase Open Source, Actually, we do. Saying that we do not reflects an ignorance of how trademarks are formed. The only question is how strong is the trademark, not whether it exists or not. If you think "Open Source" is generic, then explain the huge increase in usage of the term following February 1998 without reference to anything OSI board members and sympathizers have done.

Hello, the same issue is with Zimbra Collaboration Suite (ZCS), which uses (AFAIK) the same license as Sugar CRM. Anton.

What about Scilab (www.scilab.org), which for years on its home page has claimed to be "The open source solution for numerical computation" despite the fact that their license prohibits commercial redistribution of modified versions? If you google "scilab open source" you'll find numerous articles in the press and other sources that don't distinguish Scilab's "open source" from the community-consensus OSI version. And yet I've never heard of an OSI effort to convince Scilab to either relicense its software or stop using the term "open source" to promote it. I hope you will start now.

As I said in my post, the OSI policy had been one of private lobbying which was almost always successful. I apologize that Scilab was never on my radar, but now that you've put it there, I'll follow up. We have a board meeting coming up next month, and we will be at Tim O'Reilly's OSCON in Portland the third week in July. I would love to receive input as to how we should use our newfound voice to address other companies that flout the term open source. I think it would be an extreme measure for us to keep a public list of flouters on our website, at least initially. But I do think it is time that we took a position that more strongly represents broad community opinion, and thus become a stronger voice for the community.

Unfortunately, without a legal claim to the term "open source", you don't have a leg to stand on. Either you get a legal trademark on the term and its definition, or you get a lgal trademark on another term that the open source community can rally around and begin using it as the standard bearer for open source as it is understood within the community. To try and restrict or even shame companies that use a term you don't have a legal claim to only opens up OSI for liability to any copmpany that can claim lost business as a result.

Open Source software should provide transparency, access to code, freedom to modify and distribute..... on and on and on. If you offer all that with an OSI approved license and then simply require your logo be displayed... is that such a mortal crime ? I am not sticking up for any particular vendors but just don't see how you can equate free software distributed with source to proprietary closed vendors. You just made a lot of press and wasted it with a poorly written release. You come across from the start as misguided and arrogant, mentioning companies by name but offering no specifics on their 'gross manipulation'

Red Hat Exchange is now selling subscriptions for "Open Source Software", but some of the software they are selling (such as SugarCRM) is not OSI approved. I suggest that the OSI target this as an example of misuse of the term "Open Source".

I understand your point about the difference between an open source company and an open source product. However, CentricCRM and SugarCRM both call their /product/ Open Source CRM. So your point may apply to EnterpriseDB, but not to them. If no company can be successful by selling a CRM solution licensed under an OSI-approved license, then OSI (and the open source movement) should take the heat for promoting a model that is not sustainable in a free market economy. We can treat that case as a bug, and together we can work (with many eyes) to discern what it is about the existing open source definition or open source licenses made CRM a failure when so many other applications are flourishing. Thanks Cris - web tasarım

Michael, thank you for posting this. I agree almost entirely with what you say, I think it's *extremely* important to reject attempts to co-opt the phrase "Open Source" to cover licensing terms that do not meet the OSD. However, I disagree with your attempt to define "Open Source" as specifically "OSI Approved licenses only". There are licenses that meet the OSD that are still in limbo in the OSI process, there are licenses that have been rejected for reasons that do not prevent them from actually being Open Source (license proliferation, for example) and there are licenses that have not been properly submitted for consideration at all, but still meet the OSD (I'm thinking particularly here of Microsoft's Permissive License; generally regarded as meeting the OSD/DFSG but the OSI has thus far declined to evaluate it). We *have* an Open Source Definition that has been tuned over many years now. I'm not keen on the OSI's proposal to replace that definition with "it's open source if we say so".

First, thanks for the mention. I was confused over what to say about the licenses in question, since they call themselves open source. So perhaps I wrote inelegantly. I'm unclear as to how we're all supposed to know who is and who isn't open source by your lights. I have PR folks contact me all the time, flogging "open source" stories, and I tend to take them at their word. Should I no longer cover Sugar or Centric? How you think my editor would feel if I did that, or spent time on each Sugar and Centric story arguing about whether I should be doing it? Maybe you could send out a press release stating those "open source" products you're writing out of the movement, so I'll have something to show my editor next time Sugar or Centric call me. Or anyone else whose license is not OSI-approved. Oh, and it looks like you run Drupal here. Good stuff. Especially Version 5.0. We run that at voic.us, a site I do on southern politics, and it works well. Dana Blankenhorn ZDNet Open Source http://blogs.zdnet.com/open-source/

By our lights, software is open source when it is covered by an OSI-approved license. When you consider that there are approximately 60 licenses, and that the GPL alone covers well more than half of all software comprising a typical Linux distribution, that's a fairly long and non-discriminatory tail. And though the OSI is working to address the problem of license proliferation, we continue to approve licenses that are submitted through our process, and I have blogged numerous times that I look forward to reviewing the GPLv3 when it is submitted in its final form--so it is by no means a closed club. I think you are welcome to cover whatever software you think is informative to your readers. For my own editorial purposes, I prefer not to cover specific proprietary software, but rather to refer to it en masse as "proprietary software". But I'm sure there are many interesting postings to be made about how a given piece of software raises the bar in or for the open source community, and if the license is not OSI-approved, well, [email protected] can always be relied on for a choice comment as to why. Yes, we do run drupal, and we are happy that there are other open source alternatives we could run if we ever need to. So to be clear: I have no beef with you writing about any software package you choose. I just ask that if you represent something as open source (or if somebody represents it to you as open source), please check that their license is one approved by the OSI. If that's too onerous, I'm sure we can hack something up on our side to make it easier--right Steve? ;-)

I, for one, would like to know what exactly is wrong with their licenses. I haven't read them myself, but I'm not good at reading legalese. So far you've asked people to stand up because OSI has not approved there licenses, but you haven't told us what's wrong with them, and why you won't approve them.

I, for one, would like to know what's wrong with the licenses. Why are they not 'Open Source'? other than you say they aren't. How does this affect us? So far all I've seen are statements but nothing backing them up. I don't know legalese and can't effectively read through all the licensing myself. I'm not saying your wrong, I'd just like some reasoning behind your statements.

If you cannot be bothered to read the licenses (one of which clearly violates the Open Source Definition, one of which has caused a tremendous amount of debate), then you have to take somebody's word for it. A major task of the OSI is to review licenses. We do this in the open, in consultation with the hundreds of people who subscribe to [email protected], which itself is to which anybody can subscribe. When the list reaches a consensus (even a consensus that there's no agreement), the license approval committee chair (who is a board member) makes a recommendation, and the full board then discusses the recommendation and votes. Like any public process and like any endeavor that requires human interpretation, we are subject to error, both small and large. We do our best to correct the errors, or at least publish them, and we try to use the sum total of all our experience to inform our judgments in the future. If you think we're reading our own definition incorrectly, or if you think the definition does not sufficiently represent what the term open source should mean, you can contact us through our public mailing address: [email protected]

I think companies like V-Tiger are the real reason why companies like Queplix and Centric choose not to go with OSI license model. I believe V-Tiger is also the reason why Sugar has chosen to get away from the OSI license and switch to SPL license. It is easy to be an "honest" open-source company, when you basically take the work-product of another vendor, change the logo and claim it as your own, without any disclosures. While V-Tiger is certainly not violating any laws, there is something inherently "vulturesque" in their approach. Bloggers like Dana Blakenhorn might see themselves as knights in shining armor defending the purity of open-source. What Dana and others seem to ignore however are the market forces behind the open-source phenomena. Ultimately (as already stated by Steve Yaskin from Queplix and David Richards from Centric), there are only two parties that will determine the future of the open source license: The Vendor (because the developers will demand an adequate compensation for their labor) and the consumer (because they will determine the ultimate terms and price under which they will be willing to license the software to support their business structure). The companies that WILL benefit from the negative publicity regarding modified open-source license are NOT open-source vendors like RedHat/Jboss, but propriatory vendors like Microsoft and Oracle.

I have had the same arguments levelled at my company. I was involved in the LedgerSMB fork of SQL-Ledger from day one and our fork actually caused the author of SQL-Ledger to try to move away from the GPL (forgetting that there were still files of code contributed by others licensed under the GPL!). Why did we fork from SQL-Ledger? The basic issue is that there was a security issue that the vendor refused to fix which allowed anyone to forge login credentials. After a *year* of fighting with the author, I finally decided I had customers to support and forking was the only option (he "fixed" the problem four weeks after we went public and two weeks after we released our own fix). What people usually overlook in these cases is that nearly all forks die quickly. You can't just rip off the code and make a go for it. You have to build a community and you start off at a disadvantage. I am aware of three other SQL-Ledger forks, and two of them are dead (the third one broke off a long time ago and was not an option for me to move my customers too). Software does not live or die based on its codebase. It lives or dies based on its community. The mere existance of a fork is a warning sign. A success of one means you are failing in the area of listening to your users and would-be contributors. BTW, we will eventually offer the basis for a CRM solution, and it will be open source, and depend only on (OSI approved and/or Debian approved) FOSS components.

Certain parts of this "initiative" (forgive the pun) I support. The description, by others, of projects as meeting OSI standards without OSI's approval - this is something that should be curtailed. Regarding the use of the term open source on projects that you assert do not meet the OSI's definition, well it is my understanding is that Bruce Perens failed to be able to register "open source" as a service mark. If the OSI wanted a term they could control, they should have (at that time) come up with a new term. Soliciting the public's help to form a de facto trademark when it is not a de jure trademark violates the principals of fairness that trademark law is supposed to embody. In essence it is an attempt to relitigate, this time in the so-called "court of public opinion", the earlier failure to trademark the term. You are trying to get elements of the public to support your right to control a term that belongs to everyone. In short, my suggestion is to come up with a term you /can/ trademark, or let people use the term as they see fit.

The term "open standards" came into common use--and began to be adopted in procurement legislation by sovereign governments--before there was any objective definition of the term. Not even the OSI had its own opinion about what should distinguish a so-called "open standard" from a non-open standard until last year. Do you think it is too late for the term, now legislated to have any meaning, or, can you have enough faith in democracy that the people, ultimately, can determine what the language means, and if they ultimately determine that there is no way to fix the language (as happened with "standard"), demand new language. I think that both "open source" and "open standards" are in a good position for broad groups of people to say "we like these terms--we want to you to use them correctly and carefully" rather than to try to make trademark the only mechanism for proper conduct. Moreover, a trademark on open source would make matters quite difficult for governments who want to write laws about open source. Open source is a principle--we want that principle to stand for something. If we did trademark the term, I don't see how governments could use the term in procurement legislation and not look as ridiculous as if they legislated for a particular proprietary product.

Since you've failed to read your own trademark, allow me to post it. Pretty much your only hope to using the term 'open source' for your own use is if the community compiles. Which I would guess is the purpose of this letter. However the term 'open source' is not yours, nor does it belong to you. http://tess2.uspto.gov/bin/showfield?f=doc&state=pvk263.2.13 Emphasis added: Word Mark OPEN SOURCE INITIATIVE APPROVED LICENSE Goods and Services IC 035. US 100 101 102. G & S: Promotion of computer software which is distributed under agreements meeting certain requirements for distribution and redistribution of the software Mark Drawing Code (3) DESIGN PLUS WORDS, LETTERS, AND/OR NUMBERS Design Search Code 14.11.08 - Locks ; Locks and key holes; padlocks; combination locks; Locks, combination; Padlocks 26.01.03 - Circles, incomplete (more than semi-circles); Incomplete circles (more than semi-circles) 26.01.17 - Circles, two concentric; Concentric circles, two; Two concentric circles 26.01.21 - Circles that are totally or partially shaded. Serial Number 78813707 Filing Date February 13, 2006 Current Filing Basis 1B Original Filing Basis 1B Published for Opposition October 10, 2006 Owner (APPLICANT) Open Source Initiative, Inc. PUBLIC BENEFIT CORPORATION CALIFORNIA P.O. Box 460008 San Francisco CALIFORNIA 94146 Attorney of Record Allyn Taylor, Esq. ###### Disclaimer NO CLAIM IS MADE TO THE EXCLUSIVE RIGHT TO USE "OPEN SOURCE" and "APPROVED LICENSE" APART FROM THE MARK AS SHOWN ###### Type of Mark SERVICE MARK Register PRINCIPAL Live/Dead Indicator LIVE

Michael, I'm very pleased to see your newly invigorated (and correct) energy around the proper use of the term open source, as it applies to licensing. I've just posted a supportive quote in my blog - andyastor.blogspot.com - as well, which also begins the discussion about another question... What is an open source company? Thanks again for taking up the mantle.

First of all, it is well-established that you can have a trademark even if you do not register it. Even if there is no trademark, though, the public can still choose to use a consistent name. Michael is asking (without threat of legal action) that people in the open source community use "open source" to refer to software with OSI-approved licenses. That request does not require ownership of a trademark.

Can the OSI set themselves up as the ultimate judge of what is or is not open source and yet also take a stand against license proliferation? Is a project any less open source just because the specific wording of the license has not been endorsed by the OSI? Many projects arising from BSD-type distributions use permissive licenses which have not been specifically approved. Examples which come to mind include BIND, OpenSSL, OpenBSD (much of which uses the ISC License), X.org (whose license slightly differs from the MIT license), and so forth.

According to Matt Asay's latest post http://blogs.cnet.com/8301-13505_1-9733850-16.html?tag=head, Centric CRM is going to ship a new product under the OSL 3.0 next week. An OSI-approved license, in other words. It sounds as if they are not relicensing their CRM, just the new product. Is this a moral victory for the OSI? What do you say about a company that uses a range of licenses, some of them OSI-approved, some of them not, but all of them incorporating some kind of open element?

I wish you the best of luck, Michael, with your fight against proprietary software posing as open source solutions simply to cash in on the popularity of the open source brand. The Joomla! core team and copyright holders are also working to required open source licensing for third party extensions and are feeling serious push back from those efforts. On the plus side, open source is *hot.* On the *not so plus side*, it's not always clear what open source means and why that matters. Lead on!

Being an open source* company (*pending approval by OSI) we at Queplix Customer Care see a lot of enterprise prospects asking us to bring our legal team along with the technical team to help them sort through our license. It is becoming a number one talking point for us when working with large enterprises, which are most of our customers. However, when their legal finally gets to *read* our Mozilla-based license - it is not that hard to see how it is SO MUCH more simplified then a typical proprietary software license, with which lawyers had dealt for many years. There are no escrows, vendor lock-in, non-compete clauses, etc. etc. that they usually have to struggle with for months before they can even start evaluating the software. Granted, there is a lot of buzz today about what it means to be Open Source and the confusion about the licenses; but at the end it WILL be accepted as norm and the standards will be defined in the market economy we all live in. It is hard for me to understand the single authority which will define what is a best standard. There is one commonly accepted authority already doing so: it is called a free market. Whatever people will choose to buy - will be the standard. Especially ironic when RH or Dana B. from ZD publishing try to define standards for us all the while promoting SugarCRM an Centric and largely ignoring (or even bad mouthing) other open source companies. Talking about being unbiased when setting standards. But I am all for it - even bad mouthing and entertaining PR callers only (what they call in business being "coin operated"); after all I am for market economy, the survival of the fittest! Hoping that creating competition (even unfair) in the free market is exactly what drives and motivates us. As Gandhi said: "First they ignore you, then they ridicule you, then they fight you, then you win." Competition for companies that raised VC money and companies with superior products - at the end its only about whether the customer will use your software and come back for more. But I am really happy the Open Source movement is becoming stronger and stronger, using anybody's definition of it.

As background, I'm the CEO of Centric CRM, one of the vendors of open source software that has been at the fulcrum of these recent discussions. While I normally stay out of such verbal jousts, I decided I ought to share our view point if only given the tone of some of the recent postings. Specifically, to address the sentiment of some that vendors using the term “open source”, but whose offerings differ from the strict OSI definition, are either disingenuous at best, dishonest at worst. Let me begin by saying we are supporters in many respects, though not all, of the OSI and we spend considerable time and effort in groups like the OSA (www.opensolutionsalliance.org) actively supporting concepts almost inherent in the notion of “open” technologies. And with respect to the OSI specifically, as Matt Asay recently shared in his blog (http://blogs.cnet.com/8301-13505_1-9733850-16.html?tag=more) we are about to release a sizable piece of code named Team Elements under the OSL, an OSI-endorsed license authored by Larry Rosen, whom I believe was the original counsel for the OSI. The reason for our use, in this case, of an OSI license couldn't be simpler. The OSL is a good license for our customers and, we believe, a smart business decision for ourselves. That's it. Neither religion nor dogma is driving us in this regard – though admittedly we do feel a sense of satisfaction that in this case the license and our business model align with the OSI definition. However, if the only reason we chose the OSL was to comply with the OSI we'd be standing on shaky ground, especially with our shareholders. And because one is my wife and another Intel Capital – one of which is volatile, though I'll not say which – business considerations must trump dogma. For identical reasoning to the above, we will continue releasing our CRM product under our own, open source license. This one, the CPL (Centric Public License) is not one endorsed by the OSI. And at least in the near term (as also pointed out in Matt's blog) we will continue to license it so. Rightly or wrongly, we evaluate licenses by their ability to help us support our customers, and by extension, our other stakeholders. While the latter might sound somewhat self serving (it is) it's also important to our Job 1 – satisfied customers; they demand we remain commercially viable. Ending up on the scrap heap like a host of proprietary CRM vendors is not in their best interest. They've been clear in this regard. Without going into too much detail – though some detail is important – the major difference between our CRM license, the CPL, and any one of many good ones endorsed by the OSI is that the CPL limits EXTERNAL redistribution. That's pretty much it. So while our source code is available and is for free, while we allow it to be modified and the modifications licensed however the authors dictate (think BSD), and while it can be freely distributed internally by user organizations, we run afoul of the OSI because we do not allow, without our consent, external redistribution. (To be clear, we want companies to redistribute CRM and many are doing so, but they're doing so as commercial partners.) That's pretty much the extent of the differences. Is this a burden to our partners? No. In fact, it's viewed as a good thing in that it protects the time and effort they invest in us. Is the restriction on external redistribution an issue to end customers? No. They're in the business of using software internally, not in the business of redistributing it externally to others. Is it an issue to the OSI? Yes. Therein lies the rub, especially given we claim the right to call Centric CRM open source. With that as background, let's talk for a second on the ethics of us (or the OSI for that matter) using the term “open source”. We have no problem with the OSI not approving our license as OSI-approved. That's their prerogative. They've come up with a definition they think is valuable and we respect that right. What we find offensive is the notion, based on some supposed higher ethical framework, that vendors using the term open source without an OSI-approved license are somehow being dishonest, duplicitous, or otherwise stealing the good work of the OSI. This is nonsense, both legally and historically. First, legally. This is easy. The legality of use of the term “open source” is not in doubt. It is not trademarked and, IMHO, never will be for the purposes we are discussing. It's too common now and was back in the late 90's when the so-called common law use of the term was supposedly established. Which is an obvious lead in to the second point. And that's the concept of prior use – I'm no lawyer here, so if I'm using it somewhat wrong, be somewhat charitable. Anyway, many people, myself and my associates included, at times used the term open source well before such luminaries as O'Reilly, Perens and Raymond hitched their commercial and non-commercial band wagons to the phrase in the late 90's. While it may be a true statement that they put the most effort behind “coining” it, it's not accurate to say they were the first to use it. (I believe the current legal standing bears this out.) The two words were commonly used independently, and though certainly less so, in conjunction way back when. I became active in the early to mid-90's with the Internet – and several of my partners 10 or 15 years before this while in the military – and all sorts of terms were used to explain what is now almost generically called open source. We variously called it shareware, at other times free software, or as likely open code, open source, and many variants on such themes. Why? They were generally descriptive and reflected the attributes of the types of software we were talking about. They also, admittedly, lacked rigor. The world continued to evolve and in the late 90's along comes the Open Source Summits and the evolution of the OSI. Perhaps naively I remember thinking at the time, what a good thing. Finally, common terminology is evolving and a group of smart people is getting behind it. “Open source” seemed to be a good phrase for us all to get behind. I also remember thinking, wow, what naivete if these folks really believe they were the first to mouth the phrase as they seemed to be saying. They most certainly weren't. At the time, it wasn't important enough for me (or probably any body else) to get into an argument over who first used the phrase so long as it didn't affect us in the negative and promoted a good cause in the positive – the continued evolution of open software. Which leads me to my final point; I was glad then, and I'm very glad now, that no legal marks were given on the term “open source”. A faction of this movement of which we're all a part seems to have turned reactionary, versus visionary and revolutionary. The world of open software, not surprisingly, has continued to evolve. I'm hoping those in our community who early on put effort behind it recognize that institutions must also continue to evolve. Likely even including the OSI. The single greatest document, in my opinion, of self government is the US Constitution. It shouldn't be forgotten that almost immediately AFTER it was ratified came the Bill of Rights. And well after them several of its most fundamental improvements were amended. This isn't to suggest the OSI hasn't evolved – the proliferation of licenses are a testament to that. But they seem more like statutes. Perhaps what we need is something more akin to the 13'th and 19'th Amendments. Improvements, if you will, that fundamentally enfranchised those the Founders effectively forgot, but which society collectively and eventually determined worthy of being considered.

David, First, let me thank you for stepping forward into this discussion. Second, let me applaud you for choosing the OSL as a license for your Team Elements software. I sincerely hope that you find that to be a successful choice, and I sincerely believe that over time, you will see the dividends that the open source model affords (as compared to a proprietary model). Third, I appreciate your appeal to the history of the Bill of Rights in your argument. I like a well-constructed (or at least well-referenced) argument! And the OSI will be ramping up discussions (which will be kicked off at OSCON) on how we can better be the self-governing, representative body we always intended to be. If you come to OSCON, I'd welcome your participation in that meeting. But finally, let me say that I do not accept the proposition that "because we cannot fit our business to the model stipulated by the open source definition, we will arbitrarily ignore the stipulations of that definition while retaining the power and promise of the conepts it embodies." It would be like a member of the executive branch of the US government declaring themselves to be free from oversight, free from accountability, or free even from the law, because they believe such oversight, such accountability, and such laws are an inconvenience to their policy and in conflict with their personal interpretation of their sworn sovereign duties. At the risk of not giving a fuller elaboration here, I will instead create a new blog posting as to why I think that all of the conditions of the OSD, not just a convenient few, are essential to the notion of what is open source, and perhaps we can carry on our discussion of this more specific topic there.

Michael I/we appreaciate the opportunity to be involved in this discussion, be it at OSCON or in another blog. It's an important issue for us all. We will keep our eyes (and mind) "open" as I know you will, as well. There are many relevant and compelling historical models we all might consider. I'd only ask the OSI not view companies as ourselves like South Carolina of 1861, but perhaps rather Scotland of 1604. So the analogy isn't lost on some, we honestly don't believe we're trying to secede from any legally (or ethically) binding agreement of which we're a part. Quite frankly, we've never been included in the process nor is there a legal claim to be fighting over. (Can't help myself: to us this strikes a little bit like taxation without respresentation) Rather, I'm suggesting there is enough common grounds for us to form a greater Union. I look forward to seeing how we might move forward. dr

NOTE: This is a response to Michael's larger post in his other related blog ("Pro-Competition...") that he began on this topic. It's a good read........ Wow, where to begin. You make a host of good points and, in fact, I probably agree with a majority. To begin with, it's obvious that we share many common goals, three important ones of which are great software, total transparency of code, and control for end customers. But not all. So, while differences exist we are more alike than we are different. I'll go even further; while the powers-that-be at the OSI might not think so, we actually see ourselves as only a different denomination of the same, basic religion. That religion being open software – now almost generically referred to by the uninitiated as open source. To follow this analogy a bit further, the interesting situation is: If the OSI wants to claim itself to be the established church of such a religion, we'd like to belong. Honestly. But we're unable to if our core needs and rights are not respected. One of these being as fundamental as what we can call ourselves. The use of vocabulary (icons, if you will) matters – the obvious historical example being the split of the Orthodox Church from Rome over just such an issue. So, if the OSI wants to include others in its church, it's in your power to control that. What you can't control and call your own is the name of the underlying religion, any more than Catholics could bar Protestants from claiming themselves to be Christians, or Sunnis could keep Shiites from being Muslims. IMHO, all had equal claims. (Editorial aside: the fact they're often killing one another over the same might be a lesson we take to heart) But let me comment specifically on a few of your points: You say: “The open source community experience is that competition is a good thing...” and then effectively refer to that competition in terms of engineering and code. You finish by saying, “The best code wins”. (A bit of a friendly dig here, but the dominance of Microsoft might suggest otherwise. Might we amend that to say, “It would be best if the code that wins is open”?) We value competition at both the global and market-specific level as much as anybody. Our collective wealth as a society depends on this -- no Marxists in these households. We perhaps see competition more broadly and believe it has dimensions that are as important as just the way code is licensed. Competition must (and does) apply to all aspects of business. Commercial cooperation and collaboration are just as central to the notions of competition as the way a bunch of bits are licensed. And here's the rub: one of the attributes of licenses you're compelling us to use greatly ties our hands in our ability to form commercial relationships. You guys may not see this as an issue. I can assure you a significant group of open source application vendors disagree. Who knows, maybe you guys are right over some long period of time. But that's not your call to make. So our limiting of redistribution, which you see as a tactic that stifles competition, we see as a legitimate tactic to build a cooperative environment that nourishes us in our ability to compete. And personally, we're not worried about competing with SugarCRM. I hope they do really well. If they do, the tide for open source rises for us all. The collective market share of all open source application companies combined (regardless of how you define them) is smaller than what Ellison and Balmer waste on golf junkets, boats and booze for their buddies. The competition shouldn't be amongst ourselves. It's with them. And to your point about building a community, we agree with you; we have a healthy, growing community of mature contributors to Centric. They include both individuals and large organizations. But we work together because it's in our mutual interest and it's codified in a contract. Not only because a license forces us to. You say: “The main point is that the casual hybridization of proprietary models and open source (or free software) models is as sensible as the proverbial screen door on a submarine”. (BTW, nice visual, and kudos to your brother). I'm not sure you're right, though. You might be. You might not be. We're more circumspect and, I guess, believe that nuance almost always matters. To wit, are there any areas in life that are so black and white as you seem to suggest? At a simplistic level, I personally don't know if there are. I can think of few maxims that are so absolute that in a discussion (of lawyers) a good old fight won't break out. For example, the taking of human life by another. Generally, reasonable people will agree that killing is a bad thing – we even have a policy about that here. But if my only choice in joining a society was to agree that ALL killing was immoral, I'd have some issues signing on that dotted line. As would a majority of Americans. Most nation's laws allow for a more nuanced approach and thus take special circumstances into account – with killing, self-defense being the obvious case. So my point is, if nuance is appropriate in even such an extreme case, perhaps the hybridization that you worry about at some appropriate level isn't all that bad. It could be that the evolution of open software, and the economic forces that should ultimately come into play for some classes of it, require an approach other than which the current OSI definition allows. Is it even remotely possible that the Ten Commandments of the OSI regarding its definition could require amending in order to be appropriate for? Personally, to think otherwise is almost the definition of being reactionary. Or non-open (minded). Regardless of opinions, what is obvious is that a large faction of open source application vendors believe that a better approach to redistribution is warranted. You say: “Does Intel Capital have deep enough pockets to ride out this difference?” Now that's just plain not fair, throwing out the investor FUD thing so early in my relationship with them :) So a disclaimer: the nice folks at Intel Capital bear absolutely no responsibility for either the foolish or patently foolish things I might say as the CEO of one of their portfolio companies, now, in the past, or in the future. You also say: “...just because a conventional venture capitalist with a mandate to 'invest in open source companies' does not understand how the open source model works, and just because your paycheck now depends on you sharing that non-understanding, doesn't mean we should change our codes or change our advocacy about what open source really is”. Wow. A lot to react to. (As an editorial aside, I should say that it's statements like that that polarize discussions.) That said, we're not asking you to change anything you're doing. The beautiful part of our system is you're free to do what you want within the rights our legal system prescribes. So evangelize all you will. Next, I can only assume, by inference, you're referring to Intel given that I'm referred to in the latter part of that very long, compound sentence. I have neither the intent nor the authority to speak for Intel. I can factually note, however that it was that “non-understanding... conventional venture capitalist” that was an early investor in the same company that writes your paycheck today. Hey, we're cousins! More seriously, I can't believe you're suggesting that Intel is not a valued, corporate contributor to whatever it is we call this movement. And finally, with respect to me, pejorative observations such as the “paycheck” thing aren't really very effective if only because those who know me best, like my wife and kids, frequently suggest much worse. But simply as a factual matter, I started this firm in 2000 when I paid myself and a number of others. We had the same vision then. Further back still ('96?) I introduced your employer's founding CEO (Bob Young) to his initial, substantive outside investor. And it wasn't a VC. They came in later after the open source model was clear. (The thanks I got – other than a great friendship with Bob and the investor – was to have my name misspelled in his book. So much for my 15 minutes of fame). Though I so hate hubris, my current partners and I don't feel we need to take a back seat to you or anybody else in terms of either our experience with, or love for, open source software – by whatever standard you put on it. Where we differ is in our approach. And perhaps in our tolerance for diversity and the value that such diversity might ultimately bring such a religion. Having said all of that, I'd be happy to continue such discussions at OSCON or elsewhere. I believe the OSI has a wonderful opportunity to continue being relevant and helping to lead the movement forward. If, however, y'all choose to define your denomination of this religion in a way that we don't fit in, that's fine. No hard feelings. It's your choice. You'll ultimately be excluding a large congregation and we for one will continue trying to build a church made up of others like ourselves.

No doubt your use of the word "religion" is to imply that the OSI definition was mysteriously "found" on stone tablets and has no rational thought behind it. On the contrary, each of the four fundamental freedoms has been subject to extensive consideration, discussion and rational discourse. The OSI definition has been based on the four fundamental freedoms (see the FSF website) and based on study of a very large number of candidate licenses.
Is it even remotely possible that the Ten Commandments of the OSI regarding its definition could require amending in order to be appropriate for?
Yes, it is possible. It would require a good reason and widespread consensus. Saying that it suits you (and your wife and kids) in your chosen money-making strategy is unlikely to be a good enough reason.
We perhaps see competition more broadly and believe it has dimensions that are as important as just the way code is licensed. Competition must (and does) apply to all aspects of business.
There's nothing wrong with competition but the free market needs a rulebook. I for one do not accept dishonest advertising as legitimate competition. Just as I do not accept non-payment of debts, cheating and other similar activity as legitimate business competition. Similarly, there's nothing wrong with competition between licenses either. However, every license must clearly explain to the user what it does and make no pretense of being something that it is not. The good name of the term "Open Source" is something that many people have worked hard on. We have taken the time and the trouble to educate the wider community as to precisely what "Open Source" stands for and why those principles are important. I may ask why so many non-OSI approved licenses are determined to keep calling themselves "Open Source" rather than any other name and the only logical conclusion is that the "Open Source" branding has value in the market and is respected by the consumer. This respect will be deflated if no one can figure out what "Open Source" actually stands for anymore. From a technical point of view, license proliferation is an additional burden for everyone -- more work reading the details of terms, more consideration of compatibility, more risks, more lawyers, etc. This is a practical concern for everyone in the industry.

You quote Michael as saying, “The main point is that the casual hybridization of proprietary models and open source (or free software) models is as sensible as the proverbial screen door on a submarine.” This is an area where Mr Tiemann couldn't be more right. The issue isn't just between what is truly open source and what is not open source. The larger struggle is between community-developed software and company-developed software. The latter may or may not be open source, but the former is where we need to be. This is exactly what my business does.

I've been evaluating Open Source CRMs since a while. I've tried both SugarCRM and Vtiger, right after the fork, but I'm not affiliated or have any stake with any of them. For every history, there are two sides. When I started evaluating CRM - about two years ago, if my memory does not fail me - I found references to both projects after a few Google searches. Reading the forums, I've read a lot of "flaming", mostly attacking VTiger's developers for having "stolen SugarCRM's code". In open source terms, if you take someone's eles code (that is "open source") and take it another direction, but keep it open, this is not a "steal" - this is a "fork". I doubt that a fork can be done peacefully (although I'm sure there may be a few exceptions to the rule), so it's understandable that the SugarCRM folks felt robbed by VTiger's ones. As always, truth is more complicated. For what I have personally read at the time, SugarCRM had some code which was "open source", but lots of components and features were available only for the commercial product. It was more like a "demoware open source", because it was far from usable as it was being provided. That was the basis for the fork; and, in my opinion, what VTiger did is perfectly acceptable in "Open Source terms", and is part of the beauty of it: if you aren't satisfied with the direction the product is taking, you are totally free to take it and give it your own direction. From this point, free market dynamics take control, and the best project wins. If SugarCRM folks are bothered by VTiger's behavior, it's the case to ask: why nobody does the same for the Linux kernel, or for the Apache project? The reason is: these are strong projects, with strong leaders, which are doing their job so well as to leave little space for anyone willing to take on them. So if you think you are better than Linus Torvalds, you can just take a snapshot of the source code and start working on it. *You can*. And if you're better than him, people will follow you, not him. In my opinion - having done a thorough read of many websites after it happened - VTiger was able to "fork" SugarCRM successfully because SugarCRM weren't listening to the community as they should. Were they listening, they would see that the community was demanding "true open source", not "demoware open source". Most of the flames that I have read claimed that VTiger was misappropriating SugarCRM's code; however, the original copyright notices in the code were preserved (I've checked in the copies I have downloaded, SugarCRM original copyright notice was still there). Perhaps VTiger could have been a little bit clearer in their communications and marketing; but in "legal" terms (quoted because IANAL), it seems that what they did was fair. Interestingly enough, SugarCRM seems to have learned the lesson and is building a thriving community of their own. The project seems to be evolving faster and better than VTiger did over the last few months. VTiger had numerous problems launching their 5.0 version, which is a radical departure from the original SugarCRM code. It's hopefully stable by now. So we now have two different projects, with solid code and growing communities around them; both based on the same original code, but each one on their own path. The free market dynamics will decide who wins.

Michael - I like the way you phrased this: "If no company can be successful by selling a CRM solution licensed under an OSI-approved license, then OSI (and the open source movement) should take the heat for promoting a model that is not sustainable in a free market economy. We can treat that case as a bug, and together we can work (with many eyes) to discern what it is about the existing open source definition or open source licenses made CRM a failure when so many other applications are flourishing." I've written up what seems to me, from the outside, to be a "bug" at length here, but to quote myself in brief: "The “bug” in the OSI licensing model is that it does not account for this lifecycle view of software development, and does not provide a viable way for start-ups, particularly start-ups developing end-user applications without an existing code based to build upon, to attract the capital required to reach maturity. I would like to see the OSI talk to start-ups and VCs and find a way to accommodate the needs of start-ups. My concern is that, if they stick to their current stance, the current wave of software start-ups will end up reinforcing the view that open source is not economically viable for end-user applications, but only applies to commodity OSes and middleware." I'd be interested in your thoughts and feedback. Thanks!

I have spoken with many VCs in the past, and I believe that rights to exclude others from the code is way down on the list of their concerns. The first question they want answered is "how much revenue can you earn at what margin over what period of time?" The second question is "who is the management team, and how are they the right people to get this opportunity up to critical mass state (at which time the VC can cash out)?" Open source is helpful when trying to explain critical mass, developer leverage, standards and interoperability, responsiveness to new requirements, and, if that's your strategy, how you plan to commoditize a market.


To promote and protect open source software and communities...

For over 20 years the Open Source Initiative (OSI) has worked to raise awareness and adoption of open source software, and build bridges between open source communities of practice. As a global non-profit, the OSI champions software freedom in society through education, collaboration, and infrastructure, stewarding the Open Source Definition (OSD), and preventing abuse of the ideals and ethos inherent to the open source movement.

Open source software is made by many people and distributed under an OSD-compliant license which grants all the rights to use, study, change, and share the software in modified and unmodified form. Software freedom is essential to enabling community development of open source software.