Although the General Public License version 3 draft process generated speculation that the OSS model would change dramatically, the current draft of the leading open source license would have little impact on most OSS users.
That was the general consensus of four leading industry experts who participated in a conference call about GPL v3 yesterday with IT Business Edge. On the call were:
Matt Asay, a vice president for Alfresco and a leading open source blogger now contributing to CNET.
Rob Enderle, an analyst and principal of the Enderle Group, and also a blogger with us at IT Business Edge.
Bernard Golden, founder and CEO of open source consulting firm Navica and a blogger for CIO.com.
Chris Maresca, founder and senior partner of the Olliance Group, a leading open source business consultancy.
Call participants agreed that pressure from leading OSS corporate users -- Maresca and others specifically noted Google, which employs large numbers of developers in the open community -- may well have influenced the Free Software Foundation, which administers the GPL, to re-open the license's so-called "ASP loophole." Closing the loophole -- which allows companies to modify open code but not release the source, so long as they do not directly re-distribute the software -- was a major element of early drafts of GPL v3.
Maresca and Golden both said they were surprised at changes in the draft, which now will have nominal impact on users, except for some vendors in the areas of Digital Rights Management (a focus point) and embedded devices. Golden said:
"From the perspective of the typical end user or organization, there will be no discernible difference between GPL3 and GPL2. I mean, the practical implications for people who use it are really nil. ... This is significantly changed from what it was in the first draft."
One of the more interesting segments of the conversation -- which begins at about the 25-minute mark of the podcast you can download from this post -- addressed how the open source community can compel companies that use open code as the backbone of their tech to contribute in a meaningful way.
"There's a certain segment of that community that has become rather annoyed by the fact that some companies successfully built astoundingly profitable business models on top of free software. There's been some question about what the quid pro quo is there. The real question is how does that actually play out."
Clearly, the "ASP loophole" has been good to, well, ASPs. Golden notes that open source has been fundamental to the success of the software-as-a-service model, which is so hot that the sexy "SaaS" has replaced "ASP" in most tech vocabularies. He says:
"If they had to write the stuff themselves or license the commercial alternative, it probably would have made their offerings uncompetitive, or price prohibitive. ... We had ASPs, we'll call it eight years ago ... and they really went nowhere because they were all based on a model that was basically, 'We're going to take these commercially licensed products and just host them remotely.' So the economics never worked out."
While concurring with the gist of Golden's comments -- and even suggesting that Jim Zemlin of the Linux Foundation, formerly of an ASP himself, would heartily agree -- Asay said the issue of the free ride some companies are taking on OSS will need to be addressed, if not through the GPL then some mechanism that compels contribution. And that doesn't mean bankrupting ASPs, he added:
"Let's say they actually license MySQL, so they pay $500 or $1,000 for MySQL or they pay $15,000 for Alfresco or they pay $20,000 for JBoss. You know what -- that's not going to break the bank. I would argue that it's true that giving the Web properties a free ride encouraged them to get started on a dime rather than a dollar; I'm not sure I'd go so far to say that Google would be out of business or never would have gotten off the ground if it had paid more than $69.99 to Red Hat ... "I think the Googles of the world would love to keep getting free software, and maybe they should, maybe no harm is done, but I do think, why can't they grow, and either contribute cash back, or code back? That tends to be the real choice facing these companies, or it would be if there was some way of closing this loophole. It's not that they would suddenly go out of business because they would have to pay millions of dollars to somebody. It's rather that they would have to contribute back code, like everybody else does, or they could contribute cash back ...
"The problem is that it's going to be a bigger and bigger segment of how we write and distribute software, will be done over the Web, and yet there currently are really no viable ways of capturing some of that value. And, so, tomorrow, if Funanbol had an ASP provision in there that forced them to give that back, maybe they would choose to use something else, or maybe they would pay Funanbol, or maybe they would use Funanbol and just contribute code back. Any one of those three is a good option; the only really bad option, I think, is the continued free riding on open source without giving anything back, or selectively giving back when it's non-strategic or not useful.
Both Maresca and Asay said that the Affero license, which some suggest as a way to close off the ASP loophole, probably doesn't have the clout to emerge as a viable alternative. (Asay said Alfresco is electing to stick with the "hefty brand" of the GPL).
Enderle, whose comments often draw the ire of open source advocates, asked Asay if either the GPL v2 or GPL v3 draft has a mechanism for weighing code vs. cash "contributions." Asay's reply -- prefaced by a perfectly civil comment to Enderle that "I can't tell if you're being facetious or sincere" -- was that this could be accomplished via commercial licensing deals that waive the copy-left provision, assuming that at some point a license does emerge to close the ASP loophole.
Exposing Your Own Company's IP to the GPL
A point of confusion surrounding the GPL v3 draft, particularly in its early life, concerned whether companies that integrate open source software in their networks are running the risk of exposing their intellectual property to the GPL.
Given that the ASP loophole is alive and well, the whole issue is a non-starter under the current draft, Asay said.
"I can only imagine that's it's well-intetioned FUD ... It really doesn't do anything in that realm that version 2 didn't already do ... For anybody worried about, and especially end customers worried about using GPL v3 software and it lobotomizing their IP, they have exactly zero cause for concern on that score -- just as they did, frankly, with v2. Version 3 doesn't change anything on that."
Enderle, who has blogged about concerns over IP and open source license management inside large corporations, said that while the "loophole" is still alive in GPL v3, clearly the open source community is interested in shutting it down. Moreover, open source licenses are just plain odd, from a business' point of view, because they deal with distribution and not use, and because anyone in the organization can expose the company to their terms by simply installing open software.
"This is a gray area and the bigger the gray area, whether it be a contract or a license, the more opportunity for concern, and if you want something, you are going to call that concern FUD, and if you don't want something, then it is a legitimate complaint, whether we are talking about politics or software. And in the end, as the business owner, you are left with a 'Hey, I can't figure this stuff out, I'm not an attorney' kind of problem. ... The practices for somebody getting shot for what they believe to be the right thing aren't in place."
Maresca replied that there is an emerging model for best practices for deploying open software in business -- his own firm published a white paper on the subject about three years ago, he said. Moreover, both he and Asay replied to Enderle's point that there is no solid case law regarding open source licenses by simply saying that the community is generally not litigious. (Asay noted this post by Michael Tiemann.)
The panel went on to discuss the highly publicized Medsphere fracas, which Golden said was really more an issue of basic corporate governance than any specific details of open source licensing.
Several other interesting topics, including Maresca's views on the common-sense restraint the FSF has shown when it comes to real-world issues like the potential for modified embedded devices crashing a network, are also covered in the hour-long podcast. It's well worth a listen.
A final quote from Asay on the possibility of open source license fragmentation:
"I doubt the Free Software Foundation will put out a license at the end of the day, when it's finally approved, that will be incompatible in any way with v2 that would then lead to fragmentation, say, of the Linux kernel ... there's just too much at stake. Despite Richard (Stallman)'s ideology, and I use that in both the postive and negative sense, around some of the politics of the GPL, I think the dropping of the loophole shows a fair amount of pragmatism within the Free Software Foundation, as well. So, I don't see the fragmentation happening.