In conversation with an open source vendor’s CEO the other day I was reminded that in 2007 there was a relatively large fuss about the creation/approval of two new open source licenses designed to close what was known as the ASP loophole.

It occurred to us that in hindsight perhaps the issues that drove that fuss had been overblown. Certainly a look at the adoption rates for the licenses in question suggests that they were not as essential as we were led to believe, although market momentum could change all that in years to come.

A bit of history:

The CPAL (Common Public Attribution License) was approved by the OSI in July 2007 while the AGPL (GNU Affero General Public License) v3 was published by the Free Software Foundation in November 2007 (and approved by the OSI in March this year).

These licenses were developed separately to deal with the loophole that allowed third parties to make use of open source software in Software-as-a-Service or hosted environments without attribution or triggering the distribution mechanism of the GNU GPL that requires modifications to be distributed under the same license.

The two licenses approached the problem from different perspectives. The FSF considered dealing with the loophole in the GPL itself but removed the provisions that would have done so in the third draft and instead decided to adopt and rewrite the existing Affero General Public License to address the issue separately.

The GNU AGPLv3 requires anyone that modifies the software and offers its for use “remotely through a computer network” to make the source code available to those users.

CPAL, created and submitted for approval by SocialText, was concerned more with attribution, although also borrowed terms from the Open Software License that make it clear that “external deployment” triggers the same conditions as distribution.

The Open Software License (OSL), incidentally, is a license created by Larry Rosen in 2005 and approved by the OSI in 2006 that, arguably, already closed the loophole that the AGPLv3 and CPAL were designed for.

History lesson over.

Given the importance that was placed on creating these licenses, we would have expected to see rapid take up by open source vendors during 2007/8. That hasn’t happened. In fact an executive from one vendor told me today that it seriously considered adopting the AGPLv3 but decided it ultimately wasn’t worth the hassle.

In our recent report Open Source is Not a Business Model, we looked at the licenses used by open source vendors today. Just three of the vendors that responded to our survey expressed a preference for using the AGPLv3 - Funambol, WaveMaker and KnowledgeTree - while the same number expressed a preference for using CPAL - SocialText, MuleSource and XTuple. Additionally two vendors were using the OSL - Concursive and SpikeSource.

A look at Black Duck’s Open Source Resource Center indicates that neither the AGPLv3 nor CPAL has made it into the list of the top 20 licenses, although it does indicate that 159 projects have adopted the AGPLv3 (Palamida’s latest count is 181).

Digging deeper into Black Duck’s figures reveals the projects that have migrated, most of which are small individual projects rather than larger vendor-backed products. Two names do standout, however, that indicate how the AGPLv3 could yet see wide adoption.

Cloud computing platform vendor 10gen has adopted the AGPLv3 for its Application Server, Mongo Database, and Grid Management System, while Enomaly chose the license for its Elastic Computing Platform.

Additionally, CPAL has also picked up some users outside the core open source software market. Reddit picked CPAL in June, just days after Facebook released its Open Platform under the license.

While adoption of AGPLv3 and CPAL has not been rapid, those examples point to the theory that the licenses will become more relevant as businesses increasingly make use of browser-based applications and cloud platforms.

Last month Bradley Kuhn argued that steady and measured adoption is better than vendors rushing in without thinking, while Fabrizio Capobianco this week explained how the community needs to adjust its thinking to address more promotion of the AGPLv3.

In fact, perhaps the lack of adoption is purely a branding problem. The “ASP loophole” is so last century. Call it the “cloud loophole” or the “social networking loophole” and vendors will be falling over themselves to close it. Of course I am being facetious. Or am I?