The trend towards permissive licensing

Ian Skerrett last week suggested that there is a growing trend in favour of permissive non-copyleft licenses at the expense of reciprocal copyleft licenses. Ian asked “name one popular community open source project created in the last 5 years that uses the AGPL or GPL?”

The responses didn’t exactly come thick and fast. I certainly couldn’t think of one. But the question did prompt me to look for some evidence for the trend away from copyleft licenses.

License usage
The first port of call for evidence of trends related to open source license use is Black Duck’s Open Source Resource Center. The lastest figures show that GPLv2 is used for 45.33% of projects in Black Duck’s KnowledgeBase, while the GPL family accounts for roughly 61% of all projects.

While the GPL family is dominant, comparing the latest figures with those provided in June 2008, June 2009, and some previous CAOS research from March 2010 indicates a steady decline in the use of the GPL family and the GPLv2 in particular.

According to Black Duck’s figures the proportion of open source projects using the GPL family of licenses has fallen to 61% today from 70% in June 2008, while the GPLv2 has fallen to 45% from 58% three years ago.

It is worth noting that the number of projects using the GPL licenses has increased in real terms over the past few years. According to our calculations based on Black Duck’s figures, the number of GPLv2 projects rose 5.5% between June 2009 and June 2011, while the total number of open source projects grew over 16%.

We should expect to see slower growth for the GPLv2 given it has been superseded but even though the number of AGPLv3 and GPLv3 projects grew 90% and 85% respectively over the past two years, that only resulted in 29% growth for the GPL family overall (while A/L/GPLv3 adoption appears to be slowing).

In comparison the number of Apache licensed projects grew 46% over the past two years, while the number of MIT licensed projects grew 152%. Indeed Black Duck’s figures indicate that the MIT License has been the biggest gainer in the last two years, jumping from 3.8% of all projects in June 2009 to 8.23% today, leapfrogging Apache, BSD, GPLv3 and LGPLv2.1 in the process.

While the level of adoption of copyleft licenses remains dominant, and continues to rise in terms of the number of projects, there is no escaping the continuing overall decline in terms of ‘license share’.

UPDATE – Since some people dod not trust Black Duck’s data I also took a look at data collected by FLOSSmole. The results are remarkably similar. – UPDATE

Vendor formation
Black Duck’s data is not the only indication that the importance of copyleft licenses has decreased in recent years. The research we conducted as part of of our Control and Community report also indicated a decline in the number of vendors engaging with strong copyleft licensed software.

Specifically, we evaluated the open source-related strategies of 300 software vendors and subsidiaries, including the license choice, development model, copyright strategy and revenue generator.

By plotting the results of this analysis against the year in which the companies were founded (for open source specialists) or began to engage with open source (for complementary vendors) we are able to gain a perspective on the changing popularity of the individual strategies*.

Having updated the results to the end of 2010, our analysis now covers 321 vendors and shows that 2010 was the first year in which there were more companies formed around projects with non-copyleft licences than with strong copyleft licences.

The formation of vendors around open source software with strong copyleft licenses peaked in 2006, having risen steadily between 1997 and 2006 – although there have been gains since 2007. By comparison, the formation of vendors around open source software with non-copyleft licences has been steadily increasing since 2002.

The results get even more interesting in terms of Ian’s question if we filter them by development model. Looking at community-led development projects, we see that there have been significantly more companies formed around community-led projects with non-copyleft licenses than with strong copyleft licenses since 2007.

In fact, strong copyleft licenses have been much more popular for vendor-led development projects, but even here there was an increase in the use of non-copyleft licenses in 2010.

This last chart illustrates something significant about the previous dominance of strong copyleft licenses: that it was achieved and maintained to a significant degree due to the vendor-led open source projects, rather than community-led projects.

One of the main findings of our Control and Community report was the ongoing shift away from projects controlled by a single vendor and back toward community and collaboration. While some might expect that to mean increased adoption of strong copyleft licenses – given that they are associated with collaborative development projects such as GNU and the Linux kernel – the charts above indicate a shift towards non copyleft.

As previously noted, while free software projects utilize strong copyleft to ensure that the software in question remains open (or as Bradley M Kuhn recently put it, to keep developers “honest”), vendors using the open core licensing strategy use strong copyleft licenses, along with copyright ownership, to ensure that only they have the opportunity to take it closed.

Either way, strong copyleft is used as a means of control on the code and the project, and our analysis backs up Ian’s contention that there is a trend away from control and towards more permissive non-copyleft licenses.

This is part of what we called the fourth stage of commercial open source business strategies and is being driven by the increased engagement of previously closed-source vendors with open source projects.

The fourth stage is about balancing the ability to create closed source derivatives with collaborative development through multi-vendor open source projects and permissive licensing, and as such it not only avoids the need to control a project through licensing, it actively discourages control through licensing.

That is why, in my opinion, the decline of the copyleft licenses has only just begun.

*The method is not perfect, since it plots the license being used today against the year of formation, and as such does not reflect licensing changes in the interim. It does provide us with an overview of general historical trends, however.

On the fall and rise of the GNU GPL

In preparation for my presentation at OSBC tomorrow I’ve been looking back at some of the key trends that influenced the commercial open source landscape in 2009. One of those is the decline in the use of the GNU GPL as a proportion of all open source projects.

The decline was highlighted by figures from Black Duck Software in June 2009, which indicated a 5% decline in the use of the GPL, compared to the previous year.

At the time that reduction was put down to the move to Web applications and cloud computing, where the reciprocity of the GPL does not come in to play.

Looking at those figures again, and comparing them with the latest Black Duck numbers, I’m not convinced the answer is that simple. 50.06% of projects tracked by Black Duck in June 2009 were using the GPLv2, and that percentage has continued to decline, to 48.86% today.

However, a few quick calculations indicates that the number of projects using the GPLv2 has actually increased in real terms from 94,254 in June 2009 to 97,148 in March 2010. That 3% increase is less than the overall 6% increase in open source projects during the same period, but not alarmingly so.

If we assume that Web applications and cloud computing played a significant role in the proportional decline of the GPLv2, we would expect to see a significant rise in the use of the AGPLv3. While the use of the AGPLv3 has indeed risen 16% between June 2009 and today, in real terms the rise is from 198 projects to 231 – still an insignificant amount compared to the GPLv2.

Indeed the GPLv3 appears to be having a much more significant impact on the GPLv2, rising 14% from 9,541 in June 2009 to 10,887 in March 2010. Overall the use of the GPL family of licenses has risen 4.1% from 103,993 to 108,266.

To be clear, in the long-term I do still expect cloud computing and software services to have a negative impact on the use of the GPL, but it appears that we may have been a bit premature in seeing a causative link last year.

We have also pointed to increased use of more permissive licenses, either in order to encourage widespread adoption and rapid community formation, or to enable easier integration with proprietary software. And those are two key trends that we expect to see applying ongoing pressure on the GPL in the future.

Every time I write about licensing and community I am reminded that licensing is just one of a number of factors that can influence the health of an open source community. It is also true to say that the increased use of cloud and Web applications is just one of a number of factors that are influencing the health of the GNU GPL.

451 CAOS Links 2009.11.17

Larry Augustin confirmed as SugarCRM CEO. Red Hat’s Fedora Project is 12. And more.

Follow 451 CAOS Links live @caostheory on Twitter and Identi.ca
“Tracking the open source news wires, so you don’t have to.”

For the latest on Oracle’s acquisition of MySQL via Sun, see Everything you always wanted to know about MySQL but were afraid to ask

# Larry Augustin was confirmed as full-time CEO of SugarCRM.

# Red Hat, by way of the Fedora Project, announced the launch of Fedora 12.

# Microsoft is to release the .NET Micro Framework under the Apache 2.0 license.

# Simon Phipps introduced the concept of his Software Freedom Scorecard. Plans to propose as joint OSI and FSF initiative.

# Microsoft admitted inadvertent GPLv2 violation in Windows download tool, plans to publish code.

# Lucid Imagination updated its LucidWorks Certified Distribution for Lucene 2.9.

# Nexenta Systems announced NexentaStor 2.2, based on the ZFS file system.

# Univa released version 5.0 of its UniCluster infrastructure and workload management software stack.

# A Canadian law firm suggested purchasers of tech companies are avoiding GPLv3 code to protect their patents.

# Fluendo updated its Codec Pack of multimedia Linux/Unix codecs.

# SGI launched the Altix UV Linux-based supercomputer.

# JetBrains announced the general availability of RubyMine 2.0, based on the open source IntelliJ Platform.

# BonitaSoft’s BPM software is being integrated into eXo Platform DMS’s document management module.

# Distributor Tech Data created Open Tech, a new program to attract open source ISVs and resellers.

# WSO2 launched Cloud Platform including Cloud Virtual Machines; Cloud Connectors; and Governance-as-a-Service.

# The QualiPSo Project released QualiPSo Factory, a SOA-based forge.

# Sourcesense partnered with Sonatype to provide training, support, and customization services for Maven, Nexus.

451 CAOS Links 2009.10.16

JetBrains goes open source. Jeremy Allison on Mono, Samba and Microsoft. And more.

Follow 451 CAOS Links live @caostheory on Twitter and Identi.ca
“Tracking the open source news wires, so you don’t have to.”

# JetBrains announced the free Community Edition of its Java IDE, IntelliJ IDEA under the Apache license.

# Jeremy Allison provided his views on Mono, Samba, Microsoft and patents.

# Joe ‘Zonker’ Brockmeier raised the question: open source marketing – lead with Free or benefits?

# Mark Radcliffe clarified his view that the GPLv2 is not legally unsound, but it has challenges.

# Alfresco launched its Records Management Module for governance and retention, certified by the US DoD.

# Oracle updated its Xen-based VM Server virtualization software.

# Nuxeo updated its document management software with Nuxeo DM 5.3.

# Carlo Daffara argued that COMmunity+COMpany is a winning COMbination.

# Lina Software released the beta version of LINA 1.0, its software to run Linux apps on any operating system.

# The VAR Guy reported that open source IP PBX vendor Digium is profitable and growing.

# A UK education partnership was launched with the intention to save £60m a year using open source software.

# Matt Asay reported on the logic of balancing proprietary and open source software.

# Brian Prentice reported on open source’s dying romantic narrative.

# Seth Gottlieb provided his views on open core.

# Nicholas Goodman asked What if Hot Dog vendors sold you Power Tools?

# Clustercorp created Rocks+Hybrid, a commercial Rocks Cluster distribution for dual-boot Linux and Windows systems.

# Engine Yard released the source code that runs its Rails Development Directory.

# Pharmaceutical distributor, 3A Pharma, is replacing its legacy ERP system with Compiere ERP.

# Banca IFIS adopted open source database software and 24-hour support services from Ingres.

# The Apache Software Foundation’s president dissected the “Apache Way”.

# Olliance pondered open source software’s lack of success in the SMB market.

# The VAR Guy reported on how the channel is fueling Compiere’s 50% growth rate.

And the best open source license is …

UPDATE: The final vote is in and a winner has been declared, with Matt Asay and his arguments for the GPL taking the prize. You can see the debate or follow links to the other judges’ votes and thoughts here.

This is my assessment as a judge of the recent open source license debate held by the FOSS Learning Centre. We’ll have to begin with some qualifications and definitions, starting with the fact that there is no ‘best’ open source software license. Still, a star-studded open source software panel provided a lively, informative debate on the merits of some top open source licenses. For that, I congratulate and thank the panelists, Mike Milinkovich from the Eclipse Foundation arguing for the Eclipse Public License, Matt Asay of Alfresco arguing in favor of the GPL and David Maxwell from Coverity arguing for BSD. All three put forth some of the most important attributes and shortcomings of the three open source licenses, as well as other, related open source licenses. However, using a complex, proprietary formula awarding points for goodness and minuses for badness, I was able to deem a winner: Mike Milinkovich and the EPL. Perhaps fitting that the license that can best be described as the middle of the spectrum should be the winner. Here’s why:

Matt Asay kicked off the discussion, which became more of a debate as it developed, with a consistent message about GPL’s dominance among open source software projects, which is 70% or more based on most accounts (and considering GPLv2 and GPLv3). He also referred to monetization and the fact that GPL serves as the basis for successful support and services models, such as Red Hat. However, Matt did not initially mention the strategic and defensive benefits of GPL, which is often chosen because it mitigates the threat of a fork that someone can make proprietary. I was also hoping for him to address how GPL can deliver benefits of open source without having to share as in the spirit of the license, based on whether and how the software is distributed. Nevertheless, Matt made his most compelling arguments around the fact that GPL is the primary open source model and the license that developers understand and trust most. He furthered his argument later by agreeing EPL may be better for lawyers, but GPL is better for developers. Matt reinforced these ideas with his reference to large companies using GPL software, such as Google or TiVO, that gets it to vast numbers of users.

Mike Milinkovich spoke second with some background on EPL, its origin as a ‘legal document’ and how it links open source software to commercial products. He also hit on the fact that EPL covers patent rights, which is certainly important to vendors and developers. He later referred to the meaninglessness of Matt’s 70% GPL figure, based on the idea that software on repository is something different than software in use (where other licenses do have greater representation). However, our research indicates that the most popular open source licenses among hosted code are consistent with the most popular open source licenses among code in use, with GPL, BSD and EPL all in the top. Mike also referred to commercialization and money, which is certainly important to commercial open source, but did not give equal mention to community until later. Still, Mike earned back a point when he referred to monetization of open source software among traditional vendors and organizations beyond VC-funded, open source startups, where we are seeing significant growth for open source software. While I would have liked to have heard an argument in favor of EPL based on compatibility, Mike also made a good case for EPL in government — another consistent theme of the discussion — where code would belong to the public with commercial opportunity on top.

David Maxwell signaled a more rebuttal-type response and gave it in his arguments for the BSD license, which he introduced as the oldest license given its roots to Unix and the ’80s. David scored a point for simplicity and straightforwardness when he read the actual license, something his peers would’ve had a hard time doing. David did somewhat jump the gun, though, on rebutting with his counterpoints about GPL’s strict copyleft requirements, which he called ‘enforcement-based.’ Still, David recovered with an argument for BSD based on its emulation, which he credited for other popoular licenses such as the Apache Public License and Artistic License.

The debate portion was followed by some good discussion of business models, open core and proliferation with questions from the live and Web audiences. So why does my vote for the winner go to Mike and the EPL? While it was certainly close on my card and all three made compelling arguments, Mike and his portrayal of the EPL were the most realistic and pragmatic to today’s open source software in the enterprise. Communities, copyleft and the sharing that allows developers and projects to sustain effective, productive open source efforts must be balanced with commercial interests, endeavors and aspiration. Neither open source communities nor open source commercialization would be nearly as significant without one another, and Mike’s arguments and statements seemed most closely attuned to that.

Thanks again to the panelists, participants and FOSS Learning Centre for putting on the event. Please get involved in the discussion and watch the debate, comment here or elsewhere.

451 CAOS Links 2009.08.28

Novell reports Linux revenue up 22%. GPLv2 in decline. And more.

Follow 451 CAOS Links live @caostheory on Twitter and Identi.ca
“Tracking the open source news wires, so you don’t have to.”

# Novell reported Q3 Linux platform revenue of $38m, up 22%. Total Q3 revenue was $216m, down from $245m, prompting Matt Asay to note that Novell’s use of Linux as a loss-leader to promote proprietary products is not working.

# GPLv2 usage has dropped below 50% of all OSS projects tracked by Black Duck.

# “On licenses, communities, business models”, an excellent post from Carlo Daffara on the debate about GPL usage.

# DotNetNuke acquired Snowcovered, an online market for DotNetNuke modules, skins, services and related products.

# Cray acquired SiCortex’s PathScale compiler assets. The PathScale technology is to be open sourced via partnership with NetSyncro.com, which is rebranding itself PathScale.

# AdMob plans to release acquired AdWhirl assets as open source ad mediation product for mobile platforms.

# Nokia unveiled its Maemo-based N900 handset due for release in October.

# Tuxera, NTFS-3G file system provider, signed a patent agreement with Microsoft and joined exFAT driver program.

# Opengear announced revenue growth based on its open source-based console server and KVM over IP products.

# Linux Pro Magazine published a series of interviews with women in open source.

# OSOR.eu now offers federated search of national and regional public administration open source forges in Austria, France, Italy and Spain.

# Groklaw reported that SCO Group’s Chapter 11 trustee has been appointed and approved.

# rPath announced support for The RackSpace Cloud.

# Gear6’s distribution for Memcached is now available on VMware.

# The H Open reported that Microsoft has released an open source SDK to create Bing apps on Mac OS X and iPhone.

On the GPL, Apache and Open-Core

Jay has already provided a good overview of the debate related to the apparent decline in the usage of the GPLv2. I don’t intend to cover the same ground, but I did want to quickly respond to a statement made by Matt Asay in his assessment of the reasons for and implications of reduced GPLv2 usage.

He wrote:

“as Open Core becomes the default business model for ‘pure-play’ open-source companies, we will see more software licensed under the Apache license”

I don’t doubt that we will see more software licensed under the Apache license, and also more vendors making use of permissively-licensed code, but I don’t see a correlation with the Open-Core model.

In our report, “Open Source is Not a Business Model“, report we found that 23.7% of the 114 vendors we covered were using Open-Core as a vendor licensing strategy. Looking at the stats, over 70% of Open-Core strategy users also used a variant of the GPL or LGPL.

The main reason for the correlation of the L/GPL and Open-Core is, as Matt notes, that “the GPL makes sense in a world where vendors hope to exercise control over their communities”. Carlo Daffara agrees: “the GPL is not a barrier in adopting this new style of open core model, and certainly creates a barrier for potential freeriding by competitors”.

Carlo cites as an example the use of the GPL by the usually Apache-focused SpringSource for its SpringSource dm Server as a means of restricting the commercial opportunities for potential rivals, something that we covered here.

As Matt explains, however, “if the desire is to foster unfettered growth, Apache licensing offers a better path”. Savio Rodrigues offers an example of a usually L/GPL-focused company – Red Hat/JBoss – choosing the Apache License for its new HornetQ messaging software because “the project team felt that the Apache license would ensure that the project’s code could be more easily included into products from the ecosystem.”

1-1 then. But this isn’t about point scoring. What the examples demonstrate is that vendors choose licenses for individual projects/products based on pragmatic business reasons rather than dogmatic commitment to licensing philosophy, and that – as we previously suggested – there is actually some benefit in the proliferation of different licenses.

Of course it is also important to remember that many vendors don’t have the luxury or choosing a license for the project they attempt to commercialize. Mike Olson notes that adoption has been a factor related to the Apache licensed Hadoop project – but what came first commercialization or adoption?

I believe we are seeing increased adoption of permissively-licensed open source software by both new open source specialists, such as Mike’s Cloudera, and also proprietary vendors such as Oracle, SAP and – as recently discussed – Day Software.

In these cases, the commercial vendor doesn’t choose the Apache license for software to encourage widespread adoption, it is encouraged to choose Apache-licensed software because of widespread adoption (not to mention the low cost and high quality advantages of being part of a true developer *community*).

That has more to do with the patron model, as discussed by Day Software’s chief marketing officer, Kevin Cochrane, than it does Open-Core.

Additionally, as Carlo notes, it is a product of the shift towards what he calls “consortia-managed projects”. Or as I previously stated: “if Open-Core was a significant revenue strategy of open source 3.0 (vendor-dominated open source projects such as MySQL, JasperSoft), then Embedded [as I was referring to the patron model at the time] is one of the commercial open source strategies of open source 4.0 (vendor-dominated open source communities such as Eclipse, Symbian).”

So while we expect Open-Core to remain a significant business model for ‘pure-play’ open-source companies, and we expect to see more software licensed under the Apache license, we don’t see the two as being directly related.

Anyway, this was supposed to be a quick post. That’s enough for now.

GPLv2 decline and debate on open source licenses

Code scanning and management vendor Black Duck reports the GNU General Public License v2 (GPLv2) now dipping below 50% share of open source software. While we already knew that GPLv2 was somewhat in decline from its far greater share of open source code over the last 5-10 years, it is useful to know what pool of code we’re talking about. We must also remember that while GPLv2 may not be as dominant as it once was and that other licenses, particularly GPLv3, are quickly gaining share, GPLv2 is still quite relevant to enterprise open source software, is used in a variety of newer and popular applications across the enterprise stack and is likely to remain in the top 10 licenses for a long time.

Regarding GPLv2 and Black Duck’s findings, some folks are rightly asking what code and how much of it are we considering where GPLv2 accounts for half or less of the software? Well, the short answer is, I believe, hosted open source code. Black Duck draws its figures from open source software in its Software Knowledgebase, which draws on other repositories and includes more than 185,000 software projects.

For our recent report, The Myth of Open Source License Proliferation, we thought it would be useful to look at open source license representation in another cross-section of software that was more reflective of code in use. Thus, with the help of Airius Internet Solutions, we considered the open source licenses of software that was the subject of vulnerability reporting (arguably, a decent measure of the software’s use). What we found, somewhat surprisingly, was that the list of most popular open source licenses among hosted open source software was very consistent with the list of most popular open source licenses among open source software in use. Both lists have the GPLv2, GPLv3, Artistic, BSD and Apache licenses in their top six, albeit in somewhat different orders. The percentages for different licenses, however, were quite different, giving more share to other licenses further down the list in the case of software in use.

At the time of our report, May 2009, the GPLv2 license accounted for 50.49% of all projects documented in Black Duck’s Software Knowledgebase, which is more than 185,000 projects. During the same time frame, Airius reported that the GPLv2 license accounted for 36.34% of software subject to vulnerability reporting and the Airius Risk Report, which consists of more than 139,000 projects reviewed. GPLv2 still tops both lists for now, but it is clear that GPLv3 is rising fast. Black Duck reported in June that GPLv3 had moved past the Mozilla, MIT and Apache licenses to the fifth spot on its list with 5.10%, behind BSD. Our research with Airius indicated that GPLv3 was number two on the list of projects reviewed with 18.5% as of June 15, 2009. This reinforces the idea that GPLv2 is being used less while GPLv3 is gaining more use. Nevertheless, it is important to remember GPLv2 is still being used in many projects and products beyond Linux and MySQL (which are, nevertheless, among prominent uses of the GPLv2). Examples range from applications such as Jaspersoft BI to systems management software such as Likewise, to cloud computing pieces such as the Puppet server automation software.

We’ll be delving into these and related issues with a lively, live debate on OSS licenses coming this Monday, August 31. We’ll have Matt Asay argue for GPL, Eclipse Foundation’s Mike Milinkovich pull for EPL and Coverity’s David Maxwell for the BSD as they spar over which license is best. The audience and a panel including yours truly will judge who wins, and we’ll post our thoughts here and elsewhere for others to weigh in as well. Please join the discussion and the debate.

CAOS Theory Podcast 2009.07.24

Topics for this podcast:

* The Myth of Open Source License Proliferation
* Microsoft contributes Linux kernel drivers under GPLv2
* Linux and open source loom large in cloud computing

iTunes or direct download (29:45, 6.9 MB)

Microsoft GPLv2 code – donation or obligation?

Earlier this week Microsoft announced that it was contributing driver code to the Linux kernel under the GPLv2, and we published a CAOS Theory Q&A to discuss the implications. It has subsequently become clear that there were two important questions that were not answered by our Q&A:

Q. Is this a donation, or an obligation?

A. In discussing the motivations for the Linux Integration Components (Linux IC) release, Microsoft cited enhancing the performance of Linux as a guest operating system where Windows Server is the host, and that the GPLv2 is “the Linux community’s preferred license”.

An alternative viewpoint began to emerge that suggested that perhaps Microsoft had little choice in the decision to release the code, however. It started with the publication of a post written by Stephen Hemminger, a principle engineer at Vyatta, which stated:

“This saga started when one of the user’s on the Vyatta forum inquired about supporting Hyper-V network driver in the Vyatta kernel. A little googling found the necessary drivers, but on closer examination there was a problem. The driver had both open-source components which were under GPL, and statically linked to several binary parts. The GPL does not permit mixing of closed and open source parts, so this was an obvious violation of the license. Rather than creating noise, my goal was to resolve the problem, so I turned to Greg Kroah-Hartman.”

Kroah-Hartman runs the Linux Kernel Driver Project and is working with Microsoft to introduce the Linux IC code to the Linux kernel. He appeared to confirm Hemminger’s perspective when he wrote “Steve gives a little more of the backstory of what caused me to start talking to Microsoft in the first place,” and then told Mary Jo Foley that her suggestion that “Hemminger is claiming Microsoft put the LIC code under the GPL because it was in violation of the GPL” was “accurate”.

Cue stories such as “Linux community pushed Microsoft to hand over its code” and “Microsoft opened Linux-driver code after ‘violating’ GPL“.

Before commenting on these stories I took the opportunity to speak to Sam Ramji, who seemed genuinely surprised by the perspective that the driver code had violated the GPL and maintained that he was not aware of the account provided by Hemminger prior to its publication.

The two viewpoints are not necessarily mutually exclusive. In his exchange with Foley, Kroah-Hatmann notes that he “didn’t have to ‘suggest'” that Microsoft was in violation, he “only had to merely point out the obviousness of the situation”.

Additionally, Vyatta’s vice president of strategy and marketing, Dave Roberts, has noted that “nobody ‘accused’ anybody of anything. Stephen merely called the situation to Microsoft’s attention… There were no threats, no screaming, no broken fingers, no frothing at the mouth. Just a few calm phone-calls placed behind closed doors, out of the limelight and media focus. And that was that. Microsoft noodled on things. And then it decided to open source the drivers and contribute them to the kernel.”

I also put it to Ramji that if, *hypothetically*, Microsoft were to have discovered it was inadvertently in violation of the GPL, then from a PR standpoint, the company would have much more to gain by being seen to have responded appropriately than by trying to cover it up. He agreed.

(And I don’t think this can be understated actually, if you consider what the open source group within Microsoft is trying to achieve you begin to understand why they would be hyper-sensitive to the fact that trying to claim credit for something they didn’t do would be counter-productive).

Anyway, Ramji has subsequently posted his views on the issue, including:

“Microsoft’s decision was not based on any perceived obligations tied to the GPLv2 license. For business reasons and for customers, we determined it was beneficial to release the drivers to the kernel community under the GPLv2 license through a process that involved working closely with Greg Kroah-Hartman, who helped us understand the community norms and licensing options surrounding the drivers.

The primary reason we made this determination in this case is because GPLv2 is the preferred license required by the Linux community for their broad acceptance and engagement. For us to participate in the Linux Driver Project, GPLv2 was the best option that allowed us to enjoy the tremendous offer of community support.”

Q. So was Microsoft in violation of the GPLv2?

A. Of course, “not being accused of being in violation of the GPL” is not the same thing as “not being in violation of the GPL” but it is not completely clear whether that was actually the case.

Over on Cnet, Gordon Haff got some more technical details from Hemminger:

“According to Stephen, the issue revolves around a feature of the Linux kernel called EXPORT_SYMBOL_GPL that allows for interfaces to be marked as only available to modules with a GPL-compatible license. From Stephen’s perspective, Microsoft’s proprietary code had to use some of these interfaces that ‘the kernel did not want to offer to non-GPL [code].’

If that all seemed a bit geeky technical, well it is. Very possibly a violation of the GPL but hardly one that is simply flagrantly flouting the law.”

UPDATE – The Software Freedom Law Center’s Bradley Kuhn has told SDTimes that Microsoft *was* likely in violation of the GPL:

“It seems to me that Sam [Ramji] is likely correct when he says that talk inside Microsoft about releasing the source was under way before the Linux developers began their enforcement effort,” said Bradley Kuhn, a policy analyst and tech director at the SFLC.

“However, that talk doesn’t mean that there wasn’t a problem. As soon as one distributes the binaries of a GPL’d work, one must provide the source for those binaries, so Microsoft’s delay in this regard was a GPL violation.”

However, Ramji continues to deny that a GPL violation was the significant issue. “Greg’s coaching on how to get it contributed was invaluable, but it was not the original driver of our plan or decision,” he told SDTimes. “That’s the beauty of the real world. Different people have different perspectives, and that is what causes them to act. We appreciate Greg’s coaching regardless of his motivation.” – UPDATE

2ND UPDATE – Sam Ramji has once again denied that Microsoft violated the GPL. In a podcast published at Network World he points out (from 15.30) that the code did not statically link to libraries in the Linux kernel, but to the header files, and that Linux developers are split on whether that constitutes a violation of the GPL. “The act of compiling to a header file doesn’t generate a GPL obligation to my knowledge, that was never a consideration in our process.” – 2ND UPDATE

In his initial blog post, Hemminger stated that the saga was started by an inquiry about supporting Hyper-V network driver in the Vyatta kernel, presumably this one, from March, when Hemminger has said the issue was bought to his attention. Hemminger’s response at the time is that “Msft hyper-v driver is not open source, and redistributing it would require agreement with them”.

The driver cited in that query would appear to be the original Linux Integration Components for Hyper-V, which were released in September 2008, the same components that The H reported were previously withdrawn from release candidate distribution in July 2008 for a licensing review.

As Patrick O’Rourke noted at the time, “Licensing is tricky when open source and proprietary software are packaged.” No kidding.

A quick note while we are on the subject of timing, Hank Janssen says he proposed that Microsoft open source Linux IC driver code in October 2008. Sam Ramji told me Microsoft started seriously considering it in January this year and first heard from Greg Kroah-Hartman in May.

While Hemminger started that Microsoft’s release of the code under the GPLv2 “”took longer than expected”, Gordon Haff notes that Hemming “said that he first discovered this in March, so four months is actually fairly rapid resolution as such things go in large companies.”

Q. Anything more to add?

A. Probably. If anything new does arise, we’ll post details here.

451 CAOS Links 2009.07.21

Microsoft contributes to Linux. Acquia raises $8m. And more.

Follow 451 CAOS Links live @caostheory on Twitter and Identi.ca
“Tracking the open source news wires, so you don’t have to.”

Microsoft contributes to Linux
Microsoft announced that it is to contribute device driver code to the Linux kernel under the GPLv2. Prompting us to publish a CAOS Theory Q&A. Answering one questioning we failed to ask, ZDnet reported that Microsoft’s Linux contributions should find their way into the 2.6.32 release.

Acquia raises $8m
Mass High Tech reported Acquia has picked up an $8m second funding round from existing investors. The funding was later confirmed by the company.

# Adobe released Flash Platform Media and Text Frameworks as open source.

# Red Hat replaced CIT in the S&P 500.

# The recent spate of posts about licensing continued as Dirk Riehle argued that every license has its time and place and examined the intellectual rights imperative of single-vendor open source. Meanwhile Matt Asay noted that the right business strategy is openness, but defining that strategy is variegated, while Tarus Balog explained why reports on the death of the GPL are greatly exaggerated.

# Bradley Kuhn described Microsoft’s patent deal with Buffalo as free software-targeted patent aggression.

# Engine Yard launched Cloud services platform and GA of Flex, a cloud service plan for Rails apps.

# City of Chicago selected SpringSource Hyperic HQ Enterprise to run and manage IT and Web operations.

# Take Off Technology is sponsoring two new support for Solaris/and integration with the ZFS filesystem in openQRM.

# Alfresco’s Nancy Garrity presented the case for community involvement with commercial open source.

# “I’m giving [Microsoft] its divorce papers,” says City of Edmonton CIO, according to an Information Exec report.

# Canonical has released the source code for Launchpad.

# Percona released v6 of its XtraDB storage engine for MySQL.

# HadoopDB is a new open source project combining DBMS and MapReduce technologies to target analytical workloads.

# Dr Dobbs Q&A with MySQL’s creator, Michael “Monty” Widenius.

# Accenture announced that it is to acquire Symbian professional services operations from Nokia.

Microsoft contributes to Linux kernel: a CAOS Theory Q&A

Microsoft has announced that it is to contribute code to the Linux kernel development effort under the GNU General Public License (GPL) v2. What on earth does it all mean? Here’s our take on the situation. With thanks to Jay Lyman for his contribution to the following:

Flying Pig

Q. This is a joke, right?

A. Not at all, although if any announcement is better suited to the image above, we can’t think of one. Microsoft has announced that it is going to contribute code to Linux under the GPLv2.

Q. What code is Microsoft contributing?

A. Microsoft is offering 20,000 lines of its own device drivers to the Linux kernel that will enable Linux to run as a guest on its Hyper-V virtualization technology. Specifically, the contributed loadable kernel modules enable Linux to run in ‘enlightened mode’, giving it efficiencies equivalent to a Windows virtual machine running on Hyper-V.

Q. Why is Microsoft doing this?

A. Red Hat and Novell’s Linux distributions already support enlightened mode, thanks to the development work done by both in partnership with Microsoft. One benefit for Microsoft of contributing to the kernel is that it reduces duplication of effort and the cost of supporting multiple, unique implementations of Linux. Once the code has been accepted into the kernel, Microsoft will use the kernel tree code as the basis for future virtualization integration development.

It also means that community Linux distributions will be able to use the code, which opens up more opportunities for Microsoft in the hosting market, where adoption of community Linux distributions such as Ubuntu, Debian and CentOS is significant. It also therefore slightly strengthens the challenge those community operating systems can make to Red Hat and Novell, which are more direct commercial challengers to Windows.

Make no mistake about it, Microsoft’s contribution is driven by its own interests. While it must serve and respond to enterprise customers that continue to drive the use of multiple operating systems and mixed environments, Microsoft also benefits by differentiating its Hyper-V virtualization technology from virtualization leader VMware. We believe Microsoft sees an opportunity to make virtualization with Windows more Linux-friendly than VMware.

Q. What’s in it for Linux?

A. The interoperability benefits previously reserved for ‘approved’ Microsoft partners will now be available licensed under the GPLv2, and available for all Linux distributions – commercial or community – without the need for a formal partnership.

The contribution of device drivers to the Linux kernel as been a sticking point for the Linux development community in the past as developers have struggled to encourage vendors to contribute driver code to the kernel. Microsoft is therefore setting something of a precedent and could encourage other vendors that have been reticent to contribute their drivers to do so.

The seal of approval Microsoft has given to the GPLv2 is also not to be overlooked. If Microsoft can find a way to contribute to Linux projects, many other organisations may also be encouraged to do so.

Q. I guess Linux is no longer “a cancer” then?

A. Exactly. Back in 2001 Steve Ballmer told the Chicago Sun-Times* “Linux is a cancer that attaches itself in an intellectual property sense to everything it touches. That’s the way that the license works.”

Reviewing the statement in the context of today’s announcement demonstrates how much progress Microsoft has made in the intervening years to understand open source licenses. Contribution to Linux, or to any other project under the GPL, would have been unthinkable at the time, and is still barely believable today. The announcement is likely to challenge perceptions of Microsoft’s strategy when it comes to open source, Linux and the most popular open source license.

*The original article is no longer available online. Plenty of references are still available, however.

Q. What does this say about Microsoft’s overall strategy towards open source?

A. The contribution is a significant sign that Microsoft is now prepared to participate with open source projects on their own terms by using the chosen license of that project and making contributions directly to the chosen development forge of that project. Microsoft continues to use its own CodePlex project hosting site for code releases, but if an existing open source project uses SourceForge then Microsoft has acknowledged that the best way to engage with that community is on SourceForge. Don’t expect this to be the last contribution Microsoft does under the GPL.

Microsoft is now becoming more proactive in how it engages with open source under a strategy it describes as ‘Open Edge’ (which we have previously mentioned here and here. Whereas Open Core is used by commercial open source vendors to offer proprietary extensions to open source code, Open Edge is Microsoft’s strategy to encourage open source development and application deployment on top of its suite of commercial software: Windows, Office, Exchange, Sharepoint, SQL Server etc.

The Open Edge strategy is rooted in attempting to ensure Microsoft’s commercial products continue to be relevant to the ecosystem of developers and partners that the company has attracted to its software platform. It is also a continuation of the realization that if customers and developers are going to use open source software, Microsoft is more likely to retain those customers if it helps them use open source on Windows et al.

For more details on Microsoft’s strategy towards open source, its partnerships with open source vendors, and its contributions to open source projects, see The 451 Group’s formal report on the contribution to Linux (the report will shortly be available via this link ).

Q. How is the contribution to the Linux kernel being handled?

A. The contribution is being made via an alliance with the Linux Kernel Driver Project and its maintainer, Greg Kroah-Hartman, who will steward the contribution into the Linux kernel code base. (Greg has a post up about it here).

Q. What are the intellectual property issues?

A. The copyright for the code will remain with Microsoft, with the contributor credit going to its engineering lead, Hank Janssen, group program manager at Microsoft’s Open Source Technology Center.

Q. And patents?

A. If we were putting money on the most likely conspiracy theory to emerge in response to this news it would be that this is a Trojan horse and Microsoft is contributing code to Linux that it will later claim patent rights over. Whether that is even theoretically possible depends on your understanding of the GPLv2.

The GPLv2 contains an implicit patent promise that some would say makes a Trojan horse impossible. However, the FSF obviously thought it necessary to introduce a more explicit patent promise with the GPLv3 to remove any doubt.

Ultimately this is a question for a lawyer, or an eloquence of lawyers (yes it is ironic, apparently). In the meantime, it is our understanding that Microsoft’s understanding is that contributing code using the GPLv2 includes a promise not to charge a royalty for, or assert any patents covering, the code being contributed.

Q. What about Microsoft’s prior claim that Linux infringes its patents?

A. Microsoft really dropped the ball on its communication of the suggestion that free software infringes over 200 of its patents, and tensions with free and open source software advocates are likely to continue to be tested by Linux-related patent agreements, such as the one struck with Melco Holdings last week, which have driven scepticism and mistrust of Microsoft among some key open source supporters.

Absent the company giving up on software patents altogether, we believe that in order to convince those FOSS advocates that it is serious about co-existence, Microsoft needs to find a way to publicly communicate details about those 200+ patents in such a way that is not seen as a threat and would enable open source developers to license, work around, or challenge them. We also believe that the company is aware of this, although finding a solution to the problem will not be easy. But then neither was contributing code to Linux under the GPLv2.

UPDATE – It has subsequently become clear that there were two important questions that were not answered by our Q&A. Those have been covered by an addendum – UPDATE.

As license issues swirl, a new CAOS report

There has been no shortage of lively discussion on open source software licenses with recent shifts in the top licenses, perspectives on the licenses or lack of them for networked, SaaS and cloud-based software, increased prominence of a Microsoft open source license and concern over the openness (or closedness, depending on your perspedtive) of the latest devices. Amid all of it, we’re pleased to present our latest long-form report, CAOS 12 – The Myth of Open Source License Proliferation.

In the report, we cover how the spread and structure of open source software licenses has indeed led to some proliferation, but rather than a bad thing for the enterprise, we believe the variety and abundance of open source licenses has enabled broader enterprise use of open source. Furthermore, there has been an evolutionary natural selection of the most popular open source licenses, with the GNU GPL family, BSD family, Artistic, Apache and MIT licenses dominating both open source software hosted on repository and open source software in use, according to vulnerability reporting and analysis from Airius Internet Solutions. Another key finding in CAOS 12: vendors such as Sun Microsystems and IBM are contributing to license consolidation, retiring open source licenses in Sun’s case and for IBM, superseding the Common Public License with the Eclipse Public License, which similar to the Mozilla Public License is growing in types of software and popularity, particularly given mixed licensing within open source.

The report also carries on the themes of increased open core models, whereby open source software and licensing is combined with commercial licensing, that we covered in CAOS Nine – Open Source is Not a Business Model, as we consider how the need to generate revenue and reward investors can impact decisions on open source licenses. The report also identifies where different open source software licenses are most prominent, both in terms of the layer of the enterprise software stack and types of environments, from mobile and embedded software to SaaS environments to cloud computing.

Despite some recent doubts about it, we see GPLv2 still widely popular beyond its most prominent projects Linux and MySQL, which nonetheless help bolster its significance. Still, it is a once favorite license that may be fading as it is being used less in new projects, which are opting instead for more modern terms and coverage from GPLv3, AGPLv3, CPAL or other open source licenses. There is no question that GPLv3, by contrast, is on the rise and despite its lack of addressing what is commonly known as the ASP or network or SaaS loophole in GPLv2, is generally viewed as more modern. However, there is still strong resistance to GPLv3, particularly outside of the U.S., where we see the European Union turning to its own EUPL for more appropriate language and license coverage. This puts EUPL on our CAOS 12 list of licenses to watch, and another interesting license that joins it there is AGPLv3, which we’ve covered on the CAOS Theory blog before. As covered in the report, while AGPLv3 has failed to gain the same level of support and traction as its cousin GPLv3, it is the open source license of choice among some interesting new cloud plays, such as 10gen and Enomaly, which we’ve also covered here. If a project or vendor can demonstrate some development, distribution or collaboration advantages from AGPLv3, we believe it could lead to a broad embrace of the license in the enterprise. We should point out, however, this has yet to occur and at present, AGPLv3 is often viewed as onerous, to the extent that Google does not support the license in its Project Hosting.

With implications for vendors, both open source and proprietary competitors, for investors and for end users and customers of enterprise open source software, CAOS 12 is also intended as a guide to which open source licenses are most popular and appropriate, and why, for the many enterprise uses of open source software, whether in development, infrastructure, middleware or applications. Looking ahead, we don’t see the most popular open source license list changing much, as vendors tend to stick with the one or two licenses that suit them and rarely change. However, there will be some interesting jockeying among those top dozen licenses. The emergent models of virtual appliances, SaaS, virtualized and cloud environments will certainly impact license decisions and direction, but things will most likely follow the evolutionary path that open source licenses have traveled thus far.

451 CAOS Links – 2008.06.07

EnterpriseDB hires new CEO. Pentaho embraces GPL. AddCore moves into open source. (and more)

EnterpriseDB Names Ed Boyajian Chief Executive Officer, EnterpriseDB (Press Release)

Pentaho Releases Pentaho Business Intelligence Platform Under GPL License, Pentaho (Press Release)

AdaCore Announces “Project Coverage”, AdaCore (Press Release)

SugarCRM Announces Support of Jigsaw’s Open Data Initiative, SugarCRM (Press Release)

Google’s I/O conference: an open source perspective, Ars Technica – #open.ended, Kris Kowal (Article)

Fixing the broken OSS business model, InfoWorld Open Sources, Savio Rodrigues (Blog)

Strategic Use of Collaborative Development in South Africa – Follow Up, Matusow’s Blog, Jason Matusow (Blog)

5 Reasons Why JBoss Founder Marc Fleury is My Hero, Socialized Software, Mark Hinkle (Blog)

Microsoft & Sourceforge, Microsoft – Port 25, Jamie Cannon (Blog)