Are There Problems with the Perforce Open Source License?

troed asks: "Anyone signing up to be the maintainer of an Open Source project and wishing to use the Perforce revision control server under their Open Source license seems to agree to being financially liable for the actions of others. The penalty is steep - a project consisting of 20 developers would mean that the person running the Perforce server might have to shell out $15000, if one of the developers release the code in an unfinished state. Read on for more details."

"I've recently put some work into an Open Source project, and since a lot of other people displayed interest in participating I volunteered to set up a source control system. Having worked with Perforce at a previous employer I knew that there are systems a lot better than CVS out there, and since I had also heard about Perforce being free for Open Source development I decided to give it a shot.

Installation went almost without a hitch, you do notice it's a very professional package. I had the evaluation version up and running in no time on my Red Hat 9 server, and I happily checked in the code and the revisions I had already made as well as opening up the second evaluation account for a friend. All was well.

Next day at work I printed out their Open Source License (.pdf) and started filling it in. However, I do read what I sign, and after a while I became quite worried. What I read suggests that, if this license was sent in, I would suddenly become personally responsible (with hefty economic penalties) for what other developers or even other read-only users (which I am forced to give access to according to the license) would do with the source. I decided to write a mail to opensource@perforce.com voicing my concerns. I was quite sure that this Open Source thing was new to them and that we would have no problems reaching a revised license agreement.

Not! Their reaction to my questions was not what I had expected. The CEO answered, and basically said that yes - if I want to use their server, I have to accept the responsibility. That's ok with me - when it's about stuff I can control. In this case however, that's what I feel is missing. While developing Open Source it's not that uncommon to be non-compliant towards the chosen license (GPL, as an example) for brief times during the development. This is not something Perforce allows. According to them the software has to be 'released' at all times, and it has to be compliant to the chosen license at all times. If a rogue developer, or someone at Perforce, releases a non-compliant build the person responsible for running the Perforce server is in breach of the contract with Perforce.

The paragraphs in the license that I base my arguments on are:

• 6B - distributing the software in a non-OS way is a breach of the agreement.,
  6C - I must give read-only rights to anyone who uses a Perforce connection.
  13A - Here's where the figure $750 times number of users comes from.
  

From these, I've deduced that Perforce cannot be used for Open Source development. I know (Perforce has told me) that it is, and that's why I've brought this topic to your attention. Am I wrong in refusing to sign this license? My fear is that someone I give access to (this is Open Source development, I fully intend to let anyone who wants to branch off my development tree) will redistribute the software and not fully check that it's GPL compliant (it's not in its current state - I intend to change that).

My main objection is being economically responsible for the actions of others, and I also think that by requiring the application to be 'distributed' as soon as it enters Perforce a lot of valid Open Source projects cannot abide by this license since they at some point, even if just for a short while, might not qualify for the Open Source license the agreement with Perforce states (like, including BSD code temporarily in a GPL project with the intent of doing a rewrite before release).

Am I paranoid, or is this something Perforce need to go through in detail with the Open Source community, if they want us to use their software? They are of course doing this as a form of advertisment, and I applaud that. I do want to use Perforce for this project - but I don't want to create a license agreement between myself and each and everyone I can control using the server (do remember that I have no control over what people using Perforce computers might do) regulating what they can do and that they would be liable towards me, in the same way Perforce forces me to be liable to them. I do not want Perforce to feel that their gift to the Open Source community isn't appreciated, but I'm not at ease signing their license agreement - and if other Open Source projects have done it, I want to know if I'm the only one.

The mail from me to Perforce, and the answer from their CEO, can be viewed here until my ADSL-connected server melts down."