Staff Writer, CNET News.com
BOSTON—The Open Source Initiative, an influential open-source organization, is devising ways to cut down on the rising number of open-source licenses attached to software.
The issue was on the front burner at this week's LinuxWorld conference here. Open-source software makers are concerned that a proliferation of licenses could hurt the spread of open source by creating compatibility problems and complicating potential sales.
The OSI, a nonprofit group that issues certifications for open-source licenses, has been investigating the topic since last year. Involved in the discussions are members of the OSI's board and of the Open Source Development Labs (OSDL), an industry group dedicated to making Linux better suited for corporate customers.
Sam Greenblatt, a member of the OSDL's board and senior vice president at Computer Associates International in charge of Linux strategy, told CNET News.com that he is actively working on a proposal for consolidating the number of open-source licenses down to three from the current figure of more than 50.
"You'll see some movement on that in the next six to eight weeks," he said Tuesday.
Although no specific plan has been put in place, the OSI considers the number of open-source licenses an industrywide problem, said Russell Nelson, who became president of the OSI earlier this month.
"Certainly a lot of people are upset about the license proliferation problem," Nelson said.
"Confusing as hell"
Incompatible licenses among different products prevent people from sharing code from different open-source projects. Having too many licenses complicates potential sales to corporate customers, which may have to do extensive legal reviews and manage multiple kinds of open-source contracts.
"It's confusing as hell to explain to customers," said Michael Olson, CEO of open-source database company Sleepycat Software. "It's confusing…because we are just wrapping our heads around what (different licenses) mean to us as businesspeople."
There are a handful of popular open-source licenses, such as the General Public License (GPL), which is used for Linux, and the Apache Software License, which is used for all products that come out of the open-source Apache Software Foundation, such as the Apache Web server.
The number of open-source licenses has been climbing steadily. Right now, there are more than 50 OSI-approved licenses, some of which are specific to different organizations or companies.
Sun Microsystems, for example, recently introduced the Common Development and Distribution License (CDDL) for its open-source version of Solaris.Greenblatt, and other industry executives, believe the number of licenses can be dramatically distilled down.
"Eventually there should be three licenses: The GPL, a commercial version of the GPL and, of course, there will be the BSD because you can't rid of it," he said. The Berkeley Software Distribution, or BSD, is a popular variant of Unix developed by the University of California, Berkeley, in the 1970s.
Greenblatt added that elements of other licenses, such as Sun's CDDL, could be used to form the short list of open-source licenses.
Computer Associates itself devised a separate license, called the CA Trusted Open Source License, when it created an open-source project around its Ingres r3 database. But it now regrets that decision, said Tony Gaughan, the company's senior vice president of development. "If we had taken more counsel, we might have done things differently," he said.
OSI's critical role
Working with Greenblatt on the effort to winnow the number of open-source licenses is Martin Fink, vice president of Linux at Hewlett-Packard and an OSDL board member, and Eben Moglen, a Columbia law professor and legal counsel for the Free Software Foundation that oversees the GPL.
At a keynote presentation at LinuxWorld on Tuesday, Fink, who is chair of the OSDL's intellectual property subcommittee, criticized the role the OSI has had in certifying licenses. He said he has asked OSDL Chief Executive Officer Stuart Cohen to work with the OSI to address the problem.
"Clearly, the OSI has not internalized its critical role to ensure that the licensing underpinnings upon which open source is built remain a force to be reckoned with," Fink said.
"This current path of approving licenses—based simply on the compliance to a specification rather than on the basis of a new license's ability to further innovate the business model of the open source industry—represents to me a clear and present danger to the very core of what makes open source work," Fink said. "If this is the path the OSI continues to choose, then it is choosing a path towards irrelevance."
For his part, OSI's Nelson said that he is still studying the issue. The OSI could set tougher standards for approving open-source licenses to discourage groups from creating their own. Also, cutting down on the number of licenses may not necessarily address the issue of code-sharing if organizations continue to choose incompatible licenses among a shorter list.
"If we said to Sun, 'No way, no how, are you going to get your license approved,' they probably would have gone with the MPL," Nelson said, referring to the Mozilla Public License, which governs the open-source Mozilla Web browser and related software. Sun's CDDL is a slight modification of MPL.
One idea that Nelson has considered is to have a tiered system of open-source license certifications. A "gold" license would apply to the top four or five licenses that are used in the great majority of open-source projects, he said, and a "silver" license would those that are used by fewer projects, such as the Apache Software License.
CNET News.com's Stephen Shankland contributed to this report.