Open Source Initiative head suggests licenses should meet three new requirements to gain seal of approval.
Staff Writer, CNET News.com
Russ Nelson, the new president of the Open Source Initiative, floated a proposal Wednesday to address what several believe to be a significant problem: the proliferation of open-source licenses.
The OSI is the organization that grants official open-source status to licenses that meet its 10-point open-source definition. Nelson, who took the OSI helm from co-founder Eric Raymond in February, proposed adding three new requirements to that definition.
In a posting to an open-source mailing list, Nelson said the new proposed provisions would require that a license not duplicate existing licenses; that it be clearly written, simple and understandable; and that it be reusable by moving the names of specific individuals, projects or organizations into an accompanying attachment.
Concrete measures to reduce the number of open-source licenses—currently there are more than 50—have been expected. Open-source licenses cover thousands of projects, including the heart of the Linux operating system, the Firefox Web browser, the Apache server software collection and soon, Sun Microsystems' Solaris version of Unix.
The proliferation of licenses poses practical problems for the open-source movement, which has made major progress in building a collaborative programming mechanism that lets anyone share, modify and redistribute a program's source code.
The move won a qualified endorsement from Bruce Perens, the OSI cofounder who wrote the Open Source Definition but resigned from OSI in 1999.
"I think those are good terms for OSI to adopt. But I think they belong in a certification guideline of OSI, rather than in the definition of an open-source license," Perens said.The 11th commandment?
Those who have been working to reduce the number of licenses—including intellectual-property attorney Larry Rosen, Hewlett-Packard's Martin Fink and Computer Associates' Sam Greenblatt—argue that having numerous licenses leads to numerous islands of incompatible open-source code. That means programmers can't share as much of their work. And, of course, it means those thinking of participating must spend more time understanding new licenses.
But Nelson's proposal triggered some criticism Wednesday. In one response, Joel West of San Jose State University's Silicon Valley Open Source Research Project said that requiring licenses not to be duplicative is "an administrative detail, not a principle of the open-source movement."
"It would be like Moses adding, "Thou shalt file thy taxes on time" to be the 11th commandment," West said.
In a follow-up response, Ernest Prabhakar suggested the open-source definition could remain unchanged, but the new terms could be required separately only through the process by which OSI certifies licenses.
Nelson said in an interview that the new terms require OSI board approval before they can go into effect.Board members have seen the proposal, but there's no schedule to vote on it.
OSI doesn't plan to decertify licenses that already have been approved, Nelson said. But he suggested the idea of an "OSI Gold" certification that might have that same effect.
And the extent to which the new terms curtail license proliferation depends on how rigidly they're enforced, he added.
"Unfortunately, these things are judgment calls," Nelson said. "What I think will make the process more transparent is to go through all the existing licenses and say, 'This one would have failed OSD (requirement) No. 11.' If we do that, then people will see what the precedents are, and they'll have some sense of the boundaries."
One problem in curtailing license proliferation is that new licenses emerge for a reason. Though some are the product of philosophical exploration, many new licenses are written by companies such as Apple Computer, Lucent, Sun Microsystems or IBM, which have specific legal needs.
Even Computer Associates, which opposes license proliferation, wrote and introduced the CA Trusted Open Source License to govern its Ingres database.