Top White Papers
Editor's Note: Open Source--Too Much of a Good Thing?Jan 28, 2005, 23:30 (8 Talkback[s])
(Other stories by Brian Proffitt)
By Brian Proffitt
How open do you want to be?
That seems to be the question asked of every developer on a new software project these days. It is a mark of the progress the concept of open source has made, that such a question is almost considered by default.
In the olden times, developers, particularly those working for large companies, rarely had any input into what the license was for the code they produced. They coded and the person signing their paychecks owned that code.
Today, more and more developers have a say in what the final licensing outcome of their code will be, regardless of who they are working for. Sure, there's plenty of developers sweatshops out there that still follow the old model, but progress is being made.
Part of the reason for this progress is that there are so many different ways to openly license software, it's become much easier for companies and individuals to swallow the open source red pill and discover the truth. According to the Open Source Initiative, which approves such licenses, there are currently 57 open source licenses listed at OSI to choose from.
Like the diversity of Linux distros, it seems that choice is a part of the license decision as well.
The common denominator for all of these open source licenses is the Open Source Definition, originally created by Bruce Perens for the Debian Project and later modified to become the more generic Open Source Definition. There are ten elements that an open source license must meet:
If a proposed license meets these requirements, the OSI Board of Directors will give it the official okey-dokey.
The gold standard for open source, and pretty much the most open of the licenses, is the GNU General Public License. This is the one that covers Linux and many many open source projects. It is so open that by definition, such licensed code is considered Free Software, not "just" open source. The GPL says your code always gets shared, and if anyone changes it, those changes are free for you to use as well.
Other open source licenses follow variations of this theme, and mostly seem to establish who gets to do what with your source code. Each has its own rationale for existing, usually to protect the special interests of the people who created the license in the first place. That may seem rather opportunistic, but hey, that's what licenses are for, right?
But are there too many open source licenses? Has the endless variety of OSS licenses diluted the overall strength of the open source movement?
This question has always rattled back in my mind, but it jumped to the forefront this week when the OpenSolaris Common Development and Distribution License (CDDL) was detailed. Many saw this license as a direct attack on Linux and the GPL, and wondered why such a license was allowed to exist in the first place. With so many other licenses available, why did Sun have to go out of its way to create one that seemed to hold GPL-centric developers at arms' length?
Well, to be fair, a lot of licenses are incompatible with the GPL. The OSI allows for such incompatibilities between licenses. The GPL is the most open, so any kind of additional restriction is immediately going to throw a wrench into the compatibility cogs. If that incompatibility is too much for a GPL developer to stomach, then they have every right to stay away. That's their choice.
More knowledgeable people than I are examining the CDDL and its inherent flaws and strengths, and I will leave that to them. My question here is, can there be such a thing as too many open source licenses?
My thinking is this: is it the choice of individual and corporate developers to choose how open they want their code to be. You can't argue for freedom of choice for operating systems, applications, desktops and the like and not allow freedom of choice for licensing choices. Even if the OSI were so inclined, I don't see how they could justify tighter regulation of open source licenses.
There are a lot of people who might disagree with me, particularly development shops that have code under multiple licenses and have to try to figure out how the heck all these licenses work with each other when all the code is put together at the end of the day. Doug Levin, President and CEO of Black Duck, has told me personally that he thinks there are too many open source licenses. Given that it's Black Duck's mission to help developers figure out license compatibility issues, I can see why this would be a big headache for him.
And I know that there are many free software advocates who would prefer to see the GPL held up as the One True License and be done with it.
While I think a strong case could be made that there are too many open source licenses, I do not think regulating the number is a feasible solution. I believe that proper education is the key to self-regulating the number of licenses. If someone wants to create a new license, they are encouraged by the OSI to research the existing stable of licenses to see if there's already one out there that fits their needs. Part of the application process is identifying similar open source licenses to yours and justifying why your unique license is necessary.
At the end of the day, of course, freedom allows for endless diversity of licensing choices, because what's good for the goose is good for the gander. We will just have to be ready to bear the responsibility--and the headaches--that any such freedom entails.
0 Talkback[s] (click to add your comment)