The trend towards permissive licensing

Ian Skerrett last week suggested that there is a growing trend in favour of permissive non-copyleft licenses at the expense of reciprocal copyleft licenses. Ian asked “name one popular community open source project created in the last 5 years that uses the AGPL or GPL?”

The responses didn’t exactly come thick and fast. I certainly couldn’t think of one. But the question did prompt me to look for some evidence for the trend away from copyleft licenses.

License usage
The first port of call for evidence of trends related to open source license use is Black Duck’s Open Source Resource Center. The lastest figures show that GPLv2 is used for 45.33% of projects in Black Duck’s KnowledgeBase, while the GPL family accounts for roughly 61% of all projects.

While the GPL family is dominant, comparing the latest figures with those provided in June 2008, June 2009, and some previous CAOS research from March 2010 indicates a steady decline in the use of the GPL family and the GPLv2 in particular.

According to Black Duck’s figures the proportion of open source projects using the GPL family of licenses has fallen to 61% today from 70% in June 2008, while the GPLv2 has fallen to 45% from 58% three years ago.

It is worth noting that the number of projects using the GPL licenses has increased in real terms over the past few years. According to our calculations based on Black Duck’s figures, the number of GPLv2 projects rose 5.5% between June 2009 and June 2011, while the total number of open source projects grew over 16%.

We should expect to see slower growth for the GPLv2 given it has been superseded but even though the number of AGPLv3 and GPLv3 projects grew 90% and 85% respectively over the past two years, that only resulted in 29% growth for the GPL family overall (while A/L/GPLv3 adoption appears to be slowing).

In comparison the number of Apache licensed projects grew 46% over the past two years, while the number of MIT licensed projects grew 152%. Indeed Black Duck’s figures indicate that the MIT License has been the biggest gainer in the last two years, jumping from 3.8% of all projects in June 2009 to 8.23% today, leapfrogging Apache, BSD, GPLv3 and LGPLv2.1 in the process.

While the level of adoption of copyleft licenses remains dominant, and continues to rise in terms of the number of projects, there is no escaping the continuing overall decline in terms of ‘license share’.

UPDATE – Since some people dod not trust Black Duck’s data I also took a look at data collected by FLOSSmole. The results are remarkably similar. – UPDATE

Vendor formation
Black Duck’s data is not the only indication that the importance of copyleft licenses has decreased in recent years. The research we conducted as part of of our Control and Community report also indicated a decline in the number of vendors engaging with strong copyleft licensed software.

Specifically, we evaluated the open source-related strategies of 300 software vendors and subsidiaries, including the license choice, development model, copyright strategy and revenue generator.

By plotting the results of this analysis against the year in which the companies were founded (for open source specialists) or began to engage with open source (for complementary vendors) we are able to gain a perspective on the changing popularity of the individual strategies*.

Having updated the results to the end of 2010, our analysis now covers 321 vendors and shows that 2010 was the first year in which there were more companies formed around projects with non-copyleft licences than with strong copyleft licences.

The formation of vendors around open source software with strong copyleft licenses peaked in 2006, having risen steadily between 1997 and 2006 – although there have been gains since 2007. By comparison, the formation of vendors around open source software with non-copyleft licences has been steadily increasing since 2002.

The results get even more interesting in terms of Ian’s question if we filter them by development model. Looking at community-led development projects, we see that there have been significantly more companies formed around community-led projects with non-copyleft licenses than with strong copyleft licenses since 2007.

In fact, strong copyleft licenses have been much more popular for vendor-led development projects, but even here there was an increase in the use of non-copyleft licenses in 2010.

This last chart illustrates something significant about the previous dominance of strong copyleft licenses: that it was achieved and maintained to a significant degree due to the vendor-led open source projects, rather than community-led projects.

One of the main findings of our Control and Community report was the ongoing shift away from projects controlled by a single vendor and back toward community and collaboration. While some might expect that to mean increased adoption of strong copyleft licenses – given that they are associated with collaborative development projects such as GNU and the Linux kernel – the charts above indicate a shift towards non copyleft.

As previously noted, while free software projects utilize strong copyleft to ensure that the software in question remains open (or as Bradley M Kuhn recently put it, to keep developers “honest”), vendors using the open core licensing strategy use strong copyleft licenses, along with copyright ownership, to ensure that only they have the opportunity to take it closed.

Either way, strong copyleft is used as a means of control on the code and the project, and our analysis backs up Ian’s contention that there is a trend away from control and towards more permissive non-copyleft licenses.

This is part of what we called the fourth stage of commercial open source business strategies and is being driven by the increased engagement of previously closed-source vendors with open source projects.

The fourth stage is about balancing the ability to create closed source derivatives with collaborative development through multi-vendor open source projects and permissive licensing, and as such it not only avoids the need to control a project through licensing, it actively discourages control through licensing.

That is why, in my opinion, the decline of the copyleft licenses has only just begun.

*The method is not perfect, since it plots the license being used today against the year of formation, and as such does not reflect licensing changes in the interim. It does provide us with an overview of general historical trends, however.

451 CAOS Links 2011.02.25

UK Govt goes big on open source. DotNetNuke acquires Active Modules. And more.

# This week the UK Government confirmed that it really is serious about open source software adoption. Mark Taylor reported from the UK Cabinet Office’s Open Source System Integrator Forum, while ComputerWeekly rounded up the latest changes to the UK government ‘s strategy for open source.

# DotNetNuke acquired social collaboration solutions provider Active Modules.

# Acunu raised $3.6m in series A funding for its Apache Cassandra-based data storage software.

# Canonical and Banshee agreed to disagree on music store revenue.

# SAP’s HANA appliance runs SUSE Linus Enterprise Server.

# Vaadin released a Vaadin Pro subscription with set of commercial tools, components and support.

# Oracle Technology Network published an article on using Berkeley DB as a NoSQL data store.

# Quest Software is sponsoring the Sudo project.

# LINBIT’s DRBD replication software is now available for Red Hat Enterprise Linux.

# Marten Mickos discussed how open source impacts company culture.

# Openbravo introduced “Agile ERP” with Openbravo 3.

# The Chemistry open source implementation of CMIS is now a top level Apache project.

# The first release of Spring Gemfire integration is now generally available.

# Sencha introduced PhiloGL, an open source WebGL framework.

# A project has been started to create a Qt implementation for Android.

# Karmasphere updated its Studio and Analyst development and analytics products for Hadoop.

# Andy Updegrove discussed best practices in open source foundation governance.

# arstechnica explained why Microsoft was right to ban GPL apps from its app store, and why Apple should do the same.

# Yahoo plans to release its internal cloud computing engine using as open source license.

451 CAOS Links 2011.02.18

Much ado about open source licenses and Microsoft’s Windows Phone Marketplace. And more.

Follow 451 CAOS Links live @caostheory on Twitter and Identi.ca, and daily at Paper.li/caostheory
“Tracking the open source news wires, so you don’t have to.”

# Had Microsoft banned OSS from its Marketplace app store? Or was it just the GPLv3 family of licenses. The answer, predictably, was somewhere between the two, as Microsoft later clarified that BSD, MIT, Apache Software License 2.0, and MS-PL are allowed.

# Novell’s stockholders voted in favour of the Attachmate acquisition.

# eZ Systems secured €3.3 in a series C funding round.

# Open source graph database vendor Sones appointed former Novell Linux business exec Richard Doll as its new CEO.

# Karmasphere appointed former Omniture exec Gail Ennis as chief executive officer.

# DataDirect Networks announced a series of HPC funding initiatives around the Lustre open source file system.

# Rhomobile updated its Rhodes framework for building smartphone applications.

# Infobright released version 3.5 of its analytic database.

# Icinga released version 1.3 of its open source monitoring software.

# Terracotta added Ehcache Search to the standalone and distributed versions of Ehcache.

# Nicolas Pujol discussed the four capital mistakes of open source-related businesses.

# OStatic reported that Fedora, openSUSE haven given up on Unity.

# MontaVista claimed a Linux performance breakthrough with Bare Metal Engine.

# Google updated its Google Web Toolkit to version 2.2.

# 36 hours after launching a plan to reverse Nokia-Microsoft deal, Nokia Plan B called it quits.

Licensing matters again in open source or not, virtualization and the cloud

Just when you thought open source and its licensing were getting a bit dull (okay, that will probably never happen) … Sure, the GPL is giving up some of its dominance. OEM, embedded, mobile and other expansion areas for open source are keeping open source licenses relevant, as are virtualization and cloud computing, and these are all areas where open source licenses such as the AGPLv3 hold both promise and burden, depending on who you ask. It’s clear open source licensing is heating up again as a topic and as we assess what is really open and what is really not.

Matt recently asked about Google’s recently announced WebM, whether it is open source and what this tells us about the open source license definition and approval process. WebM, a Web video format that is available for free, is intended as open and even open source, but it is not actually licensed under an OSI-approved open source license, thus making it fall short of the definition of open source.

We may see Google get that OSI approval. It’s certainly not out of the ordinary, and even Microsoft has successfully lobbied and certified some of its own licenses as open source. However, for the time being, WebM falls under the category of ‘not open source,’ and I believe reflects Google’s challenge of getting open enough. On the other hand, Google’s Android OS, which is also backed by a broad consortium of other software, hardware, wireless carrier and other players, is sometimes criticized or questioned on its openness, particularly amid its recent progress. The fact of the matter is the kernel and core of the OS is based on Linux and the OS itself is licensed under the Apache 2.0, one of the top open source licenses we discuss in our report, The Myth of Open Source License Proliferation and one we see gaining use and prominence.

‘Open enough’ is another topic we’ve discussed on the CAOS Theory blog before, but I believe we are seeing cases of non open source software, such as Amazon’s APIs for EC2 and its cloud computing services, being open and available enough in many regards. Yet the fact these are not open standards and not open source brings persisting concerns about what the future might hold. This also highlights how lock-in, which we saw fade to some extent as a factor driving open source, is becoming more significant again. Although there has been an evolving acceptance of some lock-in, particularly as the debate has moved to open data, many early and established cloud computing users are worried if they have a single source for their infrastructure and services (vendor and product shutdowns, consolidation and rigid roadmaps are among the legitimate customer fears). In response, many are looking to ‘alternative’ software pieces and stacks for their private and hybrid cloud computing endeavors, and this is frequently, if not mostly open source.

Back to the licensing matter, we’re also seeing some friction on software licensing from virtualization and cloud computing, where the wants and needs of suppliers and consumers do not necessarily align. In terms of open source, this dilemma shows how flexibility and leverage — either with the vendor or with the software itself given the ability to access source code and build on it or influence its development — can help set open source apart as users contemplate their licensing and deployment strategy. Still, there are also challenges that come with open source software licensing, such as requiring the sharing of code and modifications and limited use of the open source code in combination with other software and in other products.

All of this highlights the ongoing need and importance of the OSI and broader industry definition of open source and its licenses, particularly as open source continues to blur and blend with non-open source in mobile and other electronic devices, virtualization, cloud computing and elsewhere.

451 CAOS Links 2009.11.17

Larry Augustin confirmed as SugarCRM CEO. Red Hat’s Fedora Project is 12. And more.

Follow 451 CAOS Links live @caostheory on Twitter and Identi.ca
“Tracking the open source news wires, so you don’t have to.”

For the latest on Oracle’s acquisition of MySQL via Sun, see Everything you always wanted to know about MySQL but were afraid to ask

# Larry Augustin was confirmed as full-time CEO of SugarCRM.

# Red Hat, by way of the Fedora Project, announced the launch of Fedora 12.

# Microsoft is to release the .NET Micro Framework under the Apache 2.0 license.

# Simon Phipps introduced the concept of his Software Freedom Scorecard. Plans to propose as joint OSI and FSF initiative.

# Microsoft admitted inadvertent GPLv2 violation in Windows download tool, plans to publish code.

# Lucid Imagination updated its LucidWorks Certified Distribution for Lucene 2.9.

# Nexenta Systems announced NexentaStor 2.2, based on the ZFS file system.

# Univa released version 5.0 of its UniCluster infrastructure and workload management software stack.

# A Canadian law firm suggested purchasers of tech companies are avoiding GPLv3 code to protect their patents.

# Fluendo updated its Codec Pack of multimedia Linux/Unix codecs.

# SGI launched the Altix UV Linux-based supercomputer.

# JetBrains announced the general availability of RubyMine 2.0, based on the open source IntelliJ Platform.

# BonitaSoft’s BPM software is being integrated into eXo Platform DMS’s document management module.

# Distributor Tech Data created Open Tech, a new program to attract open source ISVs and resellers.

# WSO2 launched Cloud Platform including Cloud Virtual Machines; Cloud Connectors; and Governance-as-a-Service.

# The QualiPSo Project released QualiPSo Factory, a SOA-based forge.

# Sourcesense partnered with Sonatype to provide training, support, and customization services for Maven, Nexus.

And the best open source license is …

UPDATE: The final vote is in and a winner has been declared, with Matt Asay and his arguments for the GPL taking the prize. You can see the debate or follow links to the other judges’ votes and thoughts here.

This is my assessment as a judge of the recent open source license debate held by the FOSS Learning Centre. We’ll have to begin with some qualifications and definitions, starting with the fact that there is no ‘best’ open source software license. Still, a star-studded open source software panel provided a lively, informative debate on the merits of some top open source licenses. For that, I congratulate and thank the panelists, Mike Milinkovich from the Eclipse Foundation arguing for the Eclipse Public License, Matt Asay of Alfresco arguing in favor of the GPL and David Maxwell from Coverity arguing for BSD. All three put forth some of the most important attributes and shortcomings of the three open source licenses, as well as other, related open source licenses. However, using a complex, proprietary formula awarding points for goodness and minuses for badness, I was able to deem a winner: Mike Milinkovich and the EPL. Perhaps fitting that the license that can best be described as the middle of the spectrum should be the winner. Here’s why:

Matt Asay kicked off the discussion, which became more of a debate as it developed, with a consistent message about GPL’s dominance among open source software projects, which is 70% or more based on most accounts (and considering GPLv2 and GPLv3). He also referred to monetization and the fact that GPL serves as the basis for successful support and services models, such as Red Hat. However, Matt did not initially mention the strategic and defensive benefits of GPL, which is often chosen because it mitigates the threat of a fork that someone can make proprietary. I was also hoping for him to address how GPL can deliver benefits of open source without having to share as in the spirit of the license, based on whether and how the software is distributed. Nevertheless, Matt made his most compelling arguments around the fact that GPL is the primary open source model and the license that developers understand and trust most. He furthered his argument later by agreeing EPL may be better for lawyers, but GPL is better for developers. Matt reinforced these ideas with his reference to large companies using GPL software, such as Google or TiVO, that gets it to vast numbers of users.

Mike Milinkovich spoke second with some background on EPL, its origin as a ‘legal document’ and how it links open source software to commercial products. He also hit on the fact that EPL covers patent rights, which is certainly important to vendors and developers. He later referred to the meaninglessness of Matt’s 70% GPL figure, based on the idea that software on repository is something different than software in use (where other licenses do have greater representation). However, our research indicates that the most popular open source licenses among hosted code are consistent with the most popular open source licenses among code in use, with GPL, BSD and EPL all in the top. Mike also referred to commercialization and money, which is certainly important to commercial open source, but did not give equal mention to community until later. Still, Mike earned back a point when he referred to monetization of open source software among traditional vendors and organizations beyond VC-funded, open source startups, where we are seeing significant growth for open source software. While I would have liked to have heard an argument in favor of EPL based on compatibility, Mike also made a good case for EPL in government — another consistent theme of the discussion — where code would belong to the public with commercial opportunity on top.

David Maxwell signaled a more rebuttal-type response and gave it in his arguments for the BSD license, which he introduced as the oldest license given its roots to Unix and the ’80s. David scored a point for simplicity and straightforwardness when he read the actual license, something his peers would’ve had a hard time doing. David did somewhat jump the gun, though, on rebutting with his counterpoints about GPL’s strict copyleft requirements, which he called ‘enforcement-based.’ Still, David recovered with an argument for BSD based on its emulation, which he credited for other popoular licenses such as the Apache Public License and Artistic License.

The debate portion was followed by some good discussion of business models, open core and proliferation with questions from the live and Web audiences. So why does my vote for the winner go to Mike and the EPL? While it was certainly close on my card and all three made compelling arguments, Mike and his portrayal of the EPL were the most realistic and pragmatic to today’s open source software in the enterprise. Communities, copyleft and the sharing that allows developers and projects to sustain effective, productive open source efforts must be balanced with commercial interests, endeavors and aspiration. Neither open source communities nor open source commercialization would be nearly as significant without one another, and Mike’s arguments and statements seemed most closely attuned to that.

Thanks again to the panelists, participants and FOSS Learning Centre for putting on the event. Please get involved in the discussion and watch the debate, comment here or elsewhere.

GPLv2 decline and debate on open source licenses

Code scanning and management vendor Black Duck reports the GNU General Public License v2 (GPLv2) now dipping below 50% share of open source software. While we already knew that GPLv2 was somewhat in decline from its far greater share of open source code over the last 5-10 years, it is useful to know what pool of code we’re talking about. We must also remember that while GPLv2 may not be as dominant as it once was and that other licenses, particularly GPLv3, are quickly gaining share, GPLv2 is still quite relevant to enterprise open source software, is used in a variety of newer and popular applications across the enterprise stack and is likely to remain in the top 10 licenses for a long time.

Regarding GPLv2 and Black Duck’s findings, some folks are rightly asking what code and how much of it are we considering where GPLv2 accounts for half or less of the software? Well, the short answer is, I believe, hosted open source code. Black Duck draws its figures from open source software in its Software Knowledgebase, which draws on other repositories and includes more than 185,000 software projects.

For our recent report, The Myth of Open Source License Proliferation, we thought it would be useful to look at open source license representation in another cross-section of software that was more reflective of code in use. Thus, with the help of Airius Internet Solutions, we considered the open source licenses of software that was the subject of vulnerability reporting (arguably, a decent measure of the software’s use). What we found, somewhat surprisingly, was that the list of most popular open source licenses among hosted open source software was very consistent with the list of most popular open source licenses among open source software in use. Both lists have the GPLv2, GPLv3, Artistic, BSD and Apache licenses in their top six, albeit in somewhat different orders. The percentages for different licenses, however, were quite different, giving more share to other licenses further down the list in the case of software in use.

At the time of our report, May 2009, the GPLv2 license accounted for 50.49% of all projects documented in Black Duck’s Software Knowledgebase, which is more than 185,000 projects. During the same time frame, Airius reported that the GPLv2 license accounted for 36.34% of software subject to vulnerability reporting and the Airius Risk Report, which consists of more than 139,000 projects reviewed. GPLv2 still tops both lists for now, but it is clear that GPLv3 is rising fast. Black Duck reported in June that GPLv3 had moved past the Mozilla, MIT and Apache licenses to the fifth spot on its list with 5.10%, behind BSD. Our research with Airius indicated that GPLv3 was number two on the list of projects reviewed with 18.5% as of June 15, 2009. This reinforces the idea that GPLv2 is being used less while GPLv3 is gaining more use. Nevertheless, it is important to remember GPLv2 is still being used in many projects and products beyond Linux and MySQL (which are, nevertheless, among prominent uses of the GPLv2). Examples range from applications such as Jaspersoft BI to systems management software such as Likewise, to cloud computing pieces such as the Puppet server automation software.

We’ll be delving into these and related issues with a lively, live debate on OSS licenses coming this Monday, August 31. We’ll have Matt Asay argue for GPL, Eclipse Foundation’s Mike Milinkovich pull for EPL and Coverity’s David Maxwell for the BSD as they spar over which license is best. The audience and a panel including yours truly will judge who wins, and we’ll post our thoughts here and elsewhere for others to weigh in as well. Please join the discussion and the debate.

Microsoft contributes to Linux kernel: a CAOS Theory Q&A

Microsoft has announced that it is to contribute code to the Linux kernel development effort under the GNU General Public License (GPL) v2. What on earth does it all mean? Here’s our take on the situation. With thanks to Jay Lyman for his contribution to the following:

Flying Pig

Q. This is a joke, right?

A. Not at all, although if any announcement is better suited to the image above, we can’t think of one. Microsoft has announced that it is going to contribute code to Linux under the GPLv2.

Q. What code is Microsoft contributing?

A. Microsoft is offering 20,000 lines of its own device drivers to the Linux kernel that will enable Linux to run as a guest on its Hyper-V virtualization technology. Specifically, the contributed loadable kernel modules enable Linux to run in ‘enlightened mode’, giving it efficiencies equivalent to a Windows virtual machine running on Hyper-V.

Q. Why is Microsoft doing this?

A. Red Hat and Novell’s Linux distributions already support enlightened mode, thanks to the development work done by both in partnership with Microsoft. One benefit for Microsoft of contributing to the kernel is that it reduces duplication of effort and the cost of supporting multiple, unique implementations of Linux. Once the code has been accepted into the kernel, Microsoft will use the kernel tree code as the basis for future virtualization integration development.

It also means that community Linux distributions will be able to use the code, which opens up more opportunities for Microsoft in the hosting market, where adoption of community Linux distributions such as Ubuntu, Debian and CentOS is significant. It also therefore slightly strengthens the challenge those community operating systems can make to Red Hat and Novell, which are more direct commercial challengers to Windows.

Make no mistake about it, Microsoft’s contribution is driven by its own interests. While it must serve and respond to enterprise customers that continue to drive the use of multiple operating systems and mixed environments, Microsoft also benefits by differentiating its Hyper-V virtualization technology from virtualization leader VMware. We believe Microsoft sees an opportunity to make virtualization with Windows more Linux-friendly than VMware.

Q. What’s in it for Linux?

A. The interoperability benefits previously reserved for ‘approved’ Microsoft partners will now be available licensed under the GPLv2, and available for all Linux distributions – commercial or community – without the need for a formal partnership.

The contribution of device drivers to the Linux kernel as been a sticking point for the Linux development community in the past as developers have struggled to encourage vendors to contribute driver code to the kernel. Microsoft is therefore setting something of a precedent and could encourage other vendors that have been reticent to contribute their drivers to do so.

The seal of approval Microsoft has given to the GPLv2 is also not to be overlooked. If Microsoft can find a way to contribute to Linux projects, many other organisations may also be encouraged to do so.

Q. I guess Linux is no longer “a cancer” then?

A. Exactly. Back in 2001 Steve Ballmer told the Chicago Sun-Times* “Linux is a cancer that attaches itself in an intellectual property sense to everything it touches. That’s the way that the license works.”

Reviewing the statement in the context of today’s announcement demonstrates how much progress Microsoft has made in the intervening years to understand open source licenses. Contribution to Linux, or to any other project under the GPL, would have been unthinkable at the time, and is still barely believable today. The announcement is likely to challenge perceptions of Microsoft’s strategy when it comes to open source, Linux and the most popular open source license.

*The original article is no longer available online. Plenty of references are still available, however.

Q. What does this say about Microsoft’s overall strategy towards open source?

A. The contribution is a significant sign that Microsoft is now prepared to participate with open source projects on their own terms by using the chosen license of that project and making contributions directly to the chosen development forge of that project. Microsoft continues to use its own CodePlex project hosting site for code releases, but if an existing open source project uses SourceForge then Microsoft has acknowledged that the best way to engage with that community is on SourceForge. Don’t expect this to be the last contribution Microsoft does under the GPL.

Microsoft is now becoming more proactive in how it engages with open source under a strategy it describes as ‘Open Edge’ (which we have previously mentioned here and here. Whereas Open Core is used by commercial open source vendors to offer proprietary extensions to open source code, Open Edge is Microsoft’s strategy to encourage open source development and application deployment on top of its suite of commercial software: Windows, Office, Exchange, Sharepoint, SQL Server etc.

The Open Edge strategy is rooted in attempting to ensure Microsoft’s commercial products continue to be relevant to the ecosystem of developers and partners that the company has attracted to its software platform. It is also a continuation of the realization that if customers and developers are going to use open source software, Microsoft is more likely to retain those customers if it helps them use open source on Windows et al.

For more details on Microsoft’s strategy towards open source, its partnerships with open source vendors, and its contributions to open source projects, see The 451 Group’s formal report on the contribution to Linux (the report will shortly be available via this link ).

Q. How is the contribution to the Linux kernel being handled?

A. The contribution is being made via an alliance with the Linux Kernel Driver Project and its maintainer, Greg Kroah-Hartman, who will steward the contribution into the Linux kernel code base. (Greg has a post up about it here).

Q. What are the intellectual property issues?

A. The copyright for the code will remain with Microsoft, with the contributor credit going to its engineering lead, Hank Janssen, group program manager at Microsoft’s Open Source Technology Center.

Q. And patents?

A. If we were putting money on the most likely conspiracy theory to emerge in response to this news it would be that this is a Trojan horse and Microsoft is contributing code to Linux that it will later claim patent rights over. Whether that is even theoretically possible depends on your understanding of the GPLv2.

The GPLv2 contains an implicit patent promise that some would say makes a Trojan horse impossible. However, the FSF obviously thought it necessary to introduce a more explicit patent promise with the GPLv3 to remove any doubt.

Ultimately this is a question for a lawyer, or an eloquence of lawyers (yes it is ironic, apparently). In the meantime, it is our understanding that Microsoft’s understanding is that contributing code using the GPLv2 includes a promise not to charge a royalty for, or assert any patents covering, the code being contributed.

Q. What about Microsoft’s prior claim that Linux infringes its patents?

A. Microsoft really dropped the ball on its communication of the suggestion that free software infringes over 200 of its patents, and tensions with free and open source software advocates are likely to continue to be tested by Linux-related patent agreements, such as the one struck with Melco Holdings last week, which have driven scepticism and mistrust of Microsoft among some key open source supporters.

Absent the company giving up on software patents altogether, we believe that in order to convince those FOSS advocates that it is serious about co-existence, Microsoft needs to find a way to publicly communicate details about those 200+ patents in such a way that is not seen as a threat and would enable open source developers to license, work around, or challenge them. We also believe that the company is aware of this, although finding a solution to the problem will not be easy. But then neither was contributing code to Linux under the GPLv2.

UPDATE – It has subsequently become clear that there were two important questions that were not answered by our Q&A. Those have been covered by an addendum – UPDATE.

As license issues swirl, a new CAOS report

There has been no shortage of lively discussion on open source software licenses with recent shifts in the top licenses, perspectives on the licenses or lack of them for networked, SaaS and cloud-based software, increased prominence of a Microsoft open source license and concern over the openness (or closedness, depending on your perspedtive) of the latest devices. Amid all of it, we’re pleased to present our latest long-form report, CAOS 12 – The Myth of Open Source License Proliferation.

In the report, we cover how the spread and structure of open source software licenses has indeed led to some proliferation, but rather than a bad thing for the enterprise, we believe the variety and abundance of open source licenses has enabled broader enterprise use of open source. Furthermore, there has been an evolutionary natural selection of the most popular open source licenses, with the GNU GPL family, BSD family, Artistic, Apache and MIT licenses dominating both open source software hosted on repository and open source software in use, according to vulnerability reporting and analysis from Airius Internet Solutions. Another key finding in CAOS 12: vendors such as Sun Microsystems and IBM are contributing to license consolidation, retiring open source licenses in Sun’s case and for IBM, superseding the Common Public License with the Eclipse Public License, which similar to the Mozilla Public License is growing in types of software and popularity, particularly given mixed licensing within open source.

The report also carries on the themes of increased open core models, whereby open source software and licensing is combined with commercial licensing, that we covered in CAOS Nine – Open Source is Not a Business Model, as we consider how the need to generate revenue and reward investors can impact decisions on open source licenses. The report also identifies where different open source software licenses are most prominent, both in terms of the layer of the enterprise software stack and types of environments, from mobile and embedded software to SaaS environments to cloud computing.

Despite some recent doubts about it, we see GPLv2 still widely popular beyond its most prominent projects Linux and MySQL, which nonetheless help bolster its significance. Still, it is a once favorite license that may be fading as it is being used less in new projects, which are opting instead for more modern terms and coverage from GPLv3, AGPLv3, CPAL or other open source licenses. There is no question that GPLv3, by contrast, is on the rise and despite its lack of addressing what is commonly known as the ASP or network or SaaS loophole in GPLv2, is generally viewed as more modern. However, there is still strong resistance to GPLv3, particularly outside of the U.S., where we see the European Union turning to its own EUPL for more appropriate language and license coverage. This puts EUPL on our CAOS 12 list of licenses to watch, and another interesting license that joins it there is AGPLv3, which we’ve covered on the CAOS Theory blog before. As covered in the report, while AGPLv3 has failed to gain the same level of support and traction as its cousin GPLv3, it is the open source license of choice among some interesting new cloud plays, such as 10gen and Enomaly, which we’ve also covered here. If a project or vendor can demonstrate some development, distribution or collaboration advantages from AGPLv3, we believe it could lead to a broad embrace of the license in the enterprise. We should point out, however, this has yet to occur and at present, AGPLv3 is often viewed as onerous, to the extent that Google does not support the license in its Project Hosting.

With implications for vendors, both open source and proprietary competitors, for investors and for end users and customers of enterprise open source software, CAOS 12 is also intended as a guide to which open source licenses are most popular and appropriate, and why, for the many enterprise uses of open source software, whether in development, infrastructure, middleware or applications. Looking ahead, we don’t see the most popular open source license list changing much, as vendors tend to stick with the one or two licenses that suit them and rarely change. However, there will be some interesting jockeying among those top dozen licenses. The emergent models of virtual appliances, SaaS, virtualized and cloud environments will certainly impact license decisions and direction, but things will most likely follow the evolutionary path that open source licenses have traveled thus far.

451 CAOS Links 2009.06.30

Governments. Governance. Customers wins. And more.

Follow 451 CAOS Links live @caostheory
“Tracking the open source news wires, so you don’t have to.”

Governments
The Examiner provided a two part interview with Daniel Risascher, Office of the CIO, Department of Defense, on open source at the DoD, while Government Technology Magazine reported on how open source software and cloud computing can save government money. Similarly, The UK Conservative party delivered a paper on the future of open standards, open source, SOA and cloud for UK Government, while it was reported that Vienna to teach its public servants about open source desktop, and the Italian government is to increase use of open source in schools. Also, the H reported on LiMux, the Munich Linux project, and its imitators.

Governance
An OpenLogic survey offered insights into open source governance, while fossbazaar provided an overview of TiddlyGuv, an open source governance application under development at Osmosoft, an arm of BT.

Customer wins
# Healthplan Services is migrating from Solaris to Red Hat Enterprise Linux.

# Jaspersoft replaced Crystal Report for Orange Leap’s Guru reporting product for non-profits.

# InfoJobs.net selected Red Hat and JBoss for business platform.

# Coremetrics implemented SpringSource Hyperic HQ Enterprise.

# Cleanwise chose EnterpriseDB to complement Cleanwise’s existing Oracle deployment.

Best of the rest
# Red Hat announced its cloud provider certification and partner program.

# Sun released NetBeans IDE 6.7, featuring integration with Project Kenai hosting site.

# Sun Microsystems unveiled VirtualBox 3.0.

# Black Duck reported that GPLv3 licenses quadrupled in 2009, but GPL projects dropped by 5%.

# Linux Questions reported that Oracle hit a glitch in Sun Microsystems acquisition deal http://bit.ly/Cttdp while Oracle insisted it was no big deal.

# IBM announced the availability of Milepost GCC, an open source machine learning compiler.

# Matt Asay speculated whether The “cathedral + the bazaar” – or mixed models – are the only way to ensure open source is relevant for new markets, not just a commoditizer of old markets.

# Matt Asay also continued his campaign to get Oracle to certify its products with Ubuntu.

# Richard Stallman stated his view as to why free software shouldn’t depend on Mono or C#.

# Alfresco highlighted customer ROI with winners of Credit Crunch Innovation Awards.

# Arkeia and Mandriva announced the integration of Arkeia Network Backup with Mandriva Enterprise Server.

# Lucid Imagination and ISYS partnered to combine Lucene and Solr with the ISYS File Readers document filtering technology.

# The SourgeForge.net Web site served its four billionth download.

# Nexenta Systems released NexentaStor 2.0 a unified storage product based on the ZFS file system.

# Kineo Open Source reported on the impact of recession on open source.

# Are we mis-selling ‘open source’? Sirius provided a blog post about using child psychology to sell FOSS better.

# ScaleDB is looking for beta testers for its shared-disk clustering storage engine for MySQL.

451 CAOS Links 2009.06.02

Cloudera lands funding. SourceForge acquires Ohloh. Novell reports Linux growth. And more.

Follow 451 CAOS Links live @caostheory

Cloudera shows signs of progress

GigaOM reported that Cloudera raised $6m Series B funding from Accel and Greylock and is now looking beyond web applications to wider enterprise adoption of Hadoop. Cloudera also announced its first certification program for Hadoop.

Open source goes mainstream in the UK
There have been signs of change recently with regards to open source adoption in the UK, which has traditionally lagged behind the rest of Europe and the US. CBR Magazine provided an analysis of open source in the UK and the likely impact of the government action plan, while two good indicators of mainstream interest in open source came from The Economist’s evaluation the value of open source software in the recession and a documentary on BBC Radio 4 covering how how the open source model works and how its ethos is being applied to other kinds of business (the latter probably doesn’t work outside the UK).

Best of the rest
# SourceForge acquired Ohloh and published its, disappointing, Q1 results.

# Novell reported its Q1 results, with Linux providing a rare highlight. $37m came from Linux Platform Products in the quarter, up 25%, while total revenue declined to $216m from $236m. As InternetNews.com reported, the company’s focus on using Linux growth to encourage revenue from other products and services means that the Linux business still not profitable.

# Red Hat unveiled JBoss Open Choice strategy for enterprise middleware. More details here.

# Sun updated OpenSolaris, and launched support services for the open source variant.

# Canonical announced deals with SanDisk, and Intel and support for Moblin.

# Alfresco and EnterpriseDB forged a technology and business alliance.

# OStatic reported on the rumour that Amazon is going to open source its web services and cloud APIs.

# Adobe updated its Flash tools and open source Flex framework.

# Jim Zemlin: Canola Project’s GPLv3 Permissions are Worth a Look.

# Infobright and Pentaho delivered an integrated open source da6ta warehousing and business intelligence virtual machine.

# The fight over open source ‘leeches’. A good summary from InfoWorld of the issues related to (lack of) corporate contributions.

# Infobright appointed Bob Zurek as CTO, VP product management.

# Xandros announced that it is developing products based on Moblin Version 2 project for Intel Atom-based platforms.

# MontaVista announced supports for Moblin v2.

# LiMo foundation completed the LiMo Platform R2 specifications.

# Jahia unveiled United Content Bus as part of the new Jahia Enterprise Edition v6. (PDF)

# Hippo launched a product and support offering for Apache Jetspeed 2.2.

# Engine Yard announced JRuby support.

# Zmanda announced that Recovery Manager for MySQL now supports Amazon EC.

# Josh Berkus: PostgreSQL development priorities.

# Matt Asay reported on Jahia’s ‘pay or contribute’ model.

# Mike Hogan compared the numbers on traditional licensing, versus open source support business models.

# SiCortex is in trouble.

# Ntirety expanded its remote database administration services to include MySQL.

# SugarCRM updated its web services and improved mobile CRM tools.

# Ian Skerrett provided the results of the Eclipse community survey; as well as top six insights.

# Mike Hogan on GPL licensing and MySQL storage engines.

# Matt Asay on why open source may prove a more efficient way to find new customers than industry consolidation offers.

451 CAOS Links 2009.04.24

Oracle buys Sun. Sun previews MySQL update, makes GlassFish Portfolio, OpenSSO and OpenDS available on EC2. Numerous partner announcements from the MySQL conference. Red Hat maps open source adoption. And more.

Follow 451 CAOS Links live @caostheory

Oracle to acquire Sun
Unless you’ve been living under a rock (or like me you decided to take a few inappropriately-timed days off) you probably noticed that Oracle announced an agreement to acquire Sun this week. Jay delivered our assessment on Oracle’s open source credentials, while I followed up with some thoughts on the impact on MySQL, and its partners.

See also:
# The internal memo to Sun employees from Jonathan Schwartz, Sun’s chief executive.

# Marten Mickos explained to Forbes why Oracle won’t kill MySQL.

# Monty Widenius provided his assessment of the deal drivers and his ongoing attempts to “ensure that there always exists a free branch of MySQL that is actively develop[ed] in an open manner and has that trust and support of the MySQL customers, developers and users.”

# Kaj Arno detailed what has not changed with MySQL as a result of the planned acquisition.

# Brian Gentile explained why the deal is all about “the hearts and minds of the software development community.”

# Larry Augustin calculated that Oracle could sell off Sun’s storage, server and SPARC assets and effectively get MySQL and Java for free.

# Savio Rodrigues wondered what steps Oracle could take to meet its $1.5bn profit target for Sun.

# Matt Asay questioned whether Oracle will let MySQL retain its recently-added enterprise capabilities.

# Ars Technica: Oracle buys Sun: understanding the impact on open source.

# Matt Mullenweg explained why the deal need not necessarily have a significant impact on MySQL users.

# Rich Sands provided a round-up of some of the better analysis on the potential impact for Java.

# Jim Zemlin on what the acquisition means for Linux.

# Tim Bray provided a handy overview of the companies’ business strategies, products and cultures.

# InfoWorld: Ten ways Oracle could make money from Sun.

# Glyn Moody: Who Owns Commercial Open Source – and Can Forks Work?

# The 451 Group’s Steve Coplan on the identity angle.

# Oh, and the deal has prompted a proposed class-action lawsuit.

Business as usual
In other news, Sun made a series of MySQL-related announcements, including the preview release of version 5.4, the launch of MySQL Cluster 7.0, a new MySQL ‘Remote DBA’ partner program for consulting companies and service providers, a new new reference architecture for Glassfish and MySQL, and expanded interoperability between the Sun Identity Management Suite and MySQL.

Additionally:
# Kaj Arno detailed the changes taking place within Sun designed to improve the commitment to MySQL Community users.

# James Dixon noted that for the first time at the annual MySQL conference he “encountered people who understood databases and business intelligence, but did not understand anything about open source”. A sure sign of MySQL’s maturity.

The best of the rest
# Sun also announced the availability of GlassFish Portfolio, OpenSSO and OpenDS on Amazon EC2 Cloud, and a new Sun OpenSSO Express release, providing federated single sign-on for Google Apps Premier Edition.

# Sun and Kickfire announced a joint marketing agreement for Kickfire’s MySQL data warehousing appliance (PDF).

# Zmanda added a visual log analyzer to its Zmanda Recovery Manager (ZRM) for MySQL backup and recovery software.

# Virident announced its two new GreenCloud Servers, for MySQL and Memcached.

# Calpont repositioned as an open source MPP data warehousing engine for MySQL.

# Infobright and Jaspersoft partnered on an open source project to feature end-to-end BI, extract-transform-load (ETL), and data warehousing capabilities.

# EnterpriseDB licensed its Oracle compatibility functionality (which isn’t actually open source, for the record) to IBM.

# Zenoss added former BMC, IBM and Accenture executives to its board of directors.

# Pentaho delivered Pentaho Data Integration 3.2 for the cloud.

# Carlo Dafarra on the procurement advantage test for the “purity” of commercial open source.

# Red Hat revealed its Open Source World Map.

# While Glyn Moody wondered what on Earth it could be used for.

# Matt Asay examined the strength of Red Hat’s business.

# Aaron Fulkerson explained the process for adding new features under the Open-Core Licensing strategy.

# Christopher Keene highlighted WaveMaker’s ongoing successes.

# The Defense Department’s open source software development tool, Forge.mil, may now be used for unclassified work in DOD, FederalComputerWeek reported.

# Microsoft is sponsoring research at the University of Michigan’s Center for Information Technology Integration (CITI) to develop an open source Network File System client for Windows.

# Is the Microsoft-TomTom settlement a wake-up call for GPLv3 migration?

# James Dixon provided his interpretation of Microsoft’s strategy towards open source.

# While ComputerWorld wondered whether Microsoft has lost its war on open source.

# Linux Magazine: Linus on Linux: The Linus Torvalds Interview Part 1.

# Ulteo released the first version of its Open Virtual Desktop.

# Continuent delivered Tungsten Enterprise for database clusters supporting MySQL, PostgreSQL and Oracle.

# ONStor announced that it has integrated the Zettabyte File System (ZFS) and other open source technology into its Pantera LS series systems.

# PrismTech announced the availability of OpenSplice DDS Open Source on OpenSplice.org.

# CodeFutures delivered dbShards, a true shared-nothing scalability offering for open source databases.

451 CAOS Links 2009.02.13

The open source vendor definition debate rumbles on. How open source could save the US government $3.7bn. Red Hat plans MASS migration to JBoss. Open source content management invades the US. Exploiting the attribution loophole in the GPLv3. And more.

Definition debate rumbles on
Roberto Galoppini joined the open source vendor definition debate, with a perspective looking at the impact on community engagement, and also caught up with David Dennis, senior director of product marketing at Groundwork, about the company’s strategy, noting that not all open source core vendors are created equal.

Meanwhile Tarus Balog of OpenNMS, who started off the whole discussion, explained the theoretical contradiction at the heart of the open-core model in the context of the request from open source vendors, including some open core advocates, for open source to be included in President Obama’s economic stimulus plans.

Stimulating
Speaking of stimulus packages, Meritalk estimated that open source technology could save the Federal government $3.7bn, based on an assessment of the IT infrastructure budgets of 30 agencies, backed by Red Hat and DLT Solutions.

MASS migration
Meanwhile Red Hat updated JBoss Enterprise Portal and launched a migration project to encourage migrations to JBoss from other middleware stacks. Rich Sharples, Product Management Director with Red Hat and JBoss MASS project lead, explained more.

Open source content management: coming to America
eZ Systemsincreased focus on the US, following announcements from Nuxeo and Hippo last week about movements Stateside. Incidentally, The 451 Group’s Kathleen Reidy wrote a great piece (451 Group clients only) last week on open source content management invading the US.

Flowplayer seeks attribution
Is Flash video player Flowplayer the next open source success asked ArcticStartup, while Roberto Galoppini (again) noted that it appears to exploit an attribution loophole in the GPLv3.

The best of the rest
# eWeek reported on the future of MySQL within Sun including comment from Sun’s new MySQL and infrastructure boss, Karen Tegan Padir.

# Sendmail claimed 100% sales growth over the past 24 months and 25% growth year-over-year in the fourth quarter.

# Novell’s Moonlight, which provides access to Mocrosoft Silverlight content on Linux, went 1.0.

# Snakebite network will enable testing of open source software on heterogeneous network, reported Computerworld.

# 14 new Symbian Foundation members were announced, including MySpace and HP.

# Penguin Computing is making waves in HPC, reported HPCwire.

# Sun’s chief open source officer, Simon Phipps explains the third wave of free and open source software. On video.

# “Open Source in India Today” by Alolita Sharma

# “Open Collaboration within Corporations Using Software Forges” by Dirk Riehle.

# Arjen Lentz: Open Source and your business and development models.

# Bdale Garbee: Collaborating Successfully with Large Corporations.

# David Rowe: Open Hardware business models.

On the adoption of CPAL and the AGPLv3

In conversation with an open source vendor’s CEO the other day I was reminded that in 2007 there was a relatively large fuss about the creation/approval of two new open source licenses designed to close what was known as the ASP loophole.

It occurred to us that in hindsight perhaps the issues that drove that fuss had been overblown. Certainly a look at the adoption rates for the licenses in question suggests that they were not as essential as we were led to believe, although market momentum could change all that in years to come.

A bit of history:

The CPAL (Common Public Attribution License) was approved by the OSI in July 2007 while the AGPL (GNU Affero General Public License) v3 was published by the Free Software Foundation in November 2007 (and approved by the OSI in March this year).

These licenses were developed separately to deal with the loophole that allowed third parties to make use of open source software in Software-as-a-Service or hosted environments without attribution or triggering the distribution mechanism of the GNU GPL that requires modifications to be distributed under the same license.

The two licenses approached the problem from different perspectives. The FSF considered dealing with the loophole in the GPL itself but removed the provisions that would have done so in the third draft and instead decided to adopt and rewrite the existing Affero General Public License to address the issue separately.

The GNU AGPLv3 requires anyone that modifies the software and offers its for use “remotely through a computer network” to make the source code available to those users.

CPAL, created and submitted for approval by SocialText, was concerned more with attribution, although also borrowed terms from the Open Software License that make it clear that “external deployment” triggers the same conditions as distribution.

The Open Software License (OSL), incidentally, is a license created by Larry Rosen in 2005 and approved by the OSI in 2006 that, arguably, already closed the loophole that the AGPLv3 and CPAL were designed for.

History lesson over.

Given the importance that was placed on creating these licenses, we would have expected to see rapid take up by open source vendors during 2007/8. That hasn’t happened. In fact an executive from one vendor told me today that it seriously considered adopting the AGPLv3 but decided it ultimately wasn’t worth the hassle.

In our recent report Open Source is Not a Business Model, we looked at the licenses used by open source vendors today. Just three of the vendors that responded to our survey expressed a preference for using the AGPLv3 – Funambol, WaveMaker and KnowledgeTree – while the same number expressed a preference for using CPAL – SocialText, MuleSource and XTuple. Additionally two vendors were using the OSL – Concursive and SpikeSource.

A look at Black Duck’s Open Source Resource Center indicates that neither the AGPLv3 nor CPAL has made it into the list of the top 20 licenses, although it does indicate that 159 projects have adopted the AGPLv3 (Palamida’s latest count is 181).

Digging deeper into Black Duck’s figures reveals the projects that have migrated, most of which are small individual projects rather than larger vendor-backed products. Two names do standout, however, that indicate how the AGPLv3 could yet see wide adoption.

Cloud computing platform vendor 10gen has adopted the AGPLv3 for its Application Server, Mongo Database, and Grid Management System, while Enomaly chose the license for its Elastic Computing Platform.

Additionally, CPAL has also picked up some users outside the core open source software market. Reddit picked CPAL in June, just days after Facebook released its Open Platform under the license.

While adoption of AGPLv3 and CPAL has not been rapid, those examples point to the theory that the licenses will become more relevant as businesses increasingly make use of browser-based applications and cloud platforms.

Last month Bradley Kuhn argued that steady and measured adoption is better than vendors rushing in without thinking, while Fabrizio Capobianco this week explained how the community needs to adjust its thinking to address more promotion of the AGPLv3.

In fact, perhaps the lack of adoption is purely a branding problem. The “ASP loophole” is so last century. Call it the “cloud loophole” or the “social networking loophole” and vendors will be falling over themselves to close it. Of course I am being facetious. Or am I?

Ubuntu Remix stirring Linux netbooks

I’ve written quite a bit recently about netbooks, MIDs, UMPCs and the general category of sub-notebook/greater-than smartphone, and while I had planned on taking a break from the subject, it keeps coming up. The latest splash in this new form factor pond, where Linux enjoys greater deployment and significant cost and technical advantages, comes from none other than Linux desktop leader Ubuntu and Canonical CEO Mark Shuttleworth. Despite the development of an Ubuntu version for netbooks, I had held off on including Ubuntu in most previous blogs on the topic. However, based on Shuttleworth’s disclosure of the Ubuntu ‘netbook remix’ in response to OEM interest, it’s clearly time to talk about how Canonical and Ubuntu fit into the netbook screen.

We have joined others in wondering about Ubuntu on the server. Canonical highlighted broad OEM support with its release of 8.04 Hardy Heron, but has failed to translate its desktop deal with Dell into a server-side arrangement and has yet to announce any major OEM server deal. However, Ubuntu continues to dominate Linux desktop use, positioning it with the kind of popularity required in broader, consumer markets. The Linux server market is still growing, and Canonical will no-doubt look to leverage corporate and consumer desktop use to continue its push into servers. However, it may have an even greater opportunity at present to with its OS and custom development and services for this hot market.

One of the best things about Ubuntu Remix is that it is clearly following the same successful recipe that has fueled Ubuntu on the desktop: open, transparent development, GPL licensing (GPLv3 for a new netbook launcher and other software) and inclusive of feedback from developers as well as users. Shuttleworth would not give names of OEMs, some of which are working on ‘more radical user interface innovation,’ or dates for when we can expect certified Ubuntu netbooks. However, based on the comments and consumer reaction to these devices, it seems clear this is a big opportunity for Linux and Canonical will be among the players involved.

SpringSource’s GPL move highlights commercial concerns

Given the previous discussion on this blog and elsewhere about the commercial benefits of the GPL versus more permissive open source licenses it is fascinating (if you’re in to that sort of thing) to see that SpringSource has chosen the GPLv3 for its new Application Platform.

Due for release in June the SpringSource Application Platform combines the Spring Framework, Apache Tomcat, Eclipse Equinox and other OSGi-based technologies with the new SpringSource Dynamic Module Kernel backbone. All of these are available under Apache or Eclipse, however, the SpringSource Application Project itself will be under the GPLv3.

As Rod Johnson explains, the choice of license is very much designed to protect the commercial interests of SpringSource:

“Creating an application platform that makes the benefits of OSGi available to end users was a huge investment for us. There’s a lot of technical innovation under the hood which won’t be immediately apparent but which enables us to make a generational leap. If we’re giving that technology away in open source, we wanted others who build on it to also give away the results in open source.”

TheServerSide discussion shows that not everyone is happy with the company’s decision to go GPL and it is interesting to see the company using the GPL to restrict the commercial opportunities for potential rivals (although at least the code is still open source, it could after all have changed it to a proprietary license). Marc Fleury, meanwhile, describes it as “the same thing you had yesterday for free, except it is now under the GPL and a proprietary subscription license.”

To clarify, the Spring Framework itself remains under the ASL 2.0, and it is also worth noting that the change SpringSource has made (like it or not) is only possible thanks to the GPLv3’s compatibility with the Apache license (although the Eclipse Equinox tools are another matter).