Microsoft License Goes to OSI But Not From Redmond

An anonymous reader writes "eWeek is reporting that a Microsoft Shared Source license, the Microsoft Community License, was submitted to the Open Source Initiative for official approval, but it wasn't Microsoft who submitted it. The license it appears was submitted by John Cowan, who is a programmer and blogger and who also volunteers for the Chester County InterLink, a non-profit founded in 1993 by former OSI president Eric Raymond and Jordan Seidel. Needless to say, the OSI contacted Microsoft to see if it should evaluate the license anyway, and was told to drop it."

Why MS would drop it

They are probably too embarrassed about it being labeled as non OSI approved.

Re:Why MS would drop it

I wish there was more in thye explaination of microsoft saying drop it.

It would be interesting if they ever intended shared source to be anything other then an opensource riddin publicity show.

Re:Why MS would drop it

[Russ+Nelson]

My understanding is that Microsoft is interested in supporting their community of users with an open source license from a source they trust (which would be Microsoft, of course). They don't perceive much overlap between their community of open source users and the traditional unix-centric open source users. Thus, they don't (currently) see much value to them in seeking OSI approval.

Seems only reasonable to me. The proper course of action seems to be practicing patience.

Re:Why MS would drop it

[lord+sibn]

More to the point, I think Microsoft can already (correctly) guess what the OSI would say about their license in comparison to others. Personally, I think it says a lot about your software license if you are afraid of it being compared to others.

Re:Why MS would drop it

More to the point, I think Microsoft can already (correctly) guess what the OSI would say about their license in comparison to others.

Really? Have you actually looked at it? It's very like the Apache 1 licence which is OSI approved. What specifically do you see wrong with it?

Re:Why MS would drop it

[Russ+Nelson]

Don Giovanni made the same stupid mistake of assuming that we would play favorites. Should rip you a new asshole, too? Sheesh, what is with you people? From where comes the idea that we are biased towards one party or another? Is there any evidence of this? The Halloween Documents? Those were Microsoft behaving badly, and us pointing that out. So now that Microsoft is starting to release open source software (aka behaving nicely) somebody thinks we would treat them poorly? I'm like "What the fuck? Surely there's a LIMITED amount of stupidity in the world, why is there so much of it concentrated around this issue??"

I'm aghast. Really, I am. I hope you're blushing. Even if you have no intellectual prowess, at least you can feel badly about making such a world-class error.

Ahhhh, for the good old days of alt.flame.

Re:Why MS would drop it

[nuzak]

> The Halloween Documents? Those were Microsoft behaving badly, and us pointing that out.

Those were indeed unflattering of Microsoft ... but more than that, the interspersed commentary in those documents marked the beginning of a steep drop in my respect for ESR. He's damn near the Rob Enderle of Open Source these days.

Maybe they fear...

[sacarius1]

SCO will sue them? :)

Re:Maybe they fear...

Thats like the Das Kapital getting submitted to the US Congress
for ratification.

Re:Maybe they fear...

[morgan_greywolf]

SCO will sue them? :)

That would be like the Don worrying about the wiseguys knocking him off ...

And people wonder why ...

[Achromatic1978]

... certain elements "don't take open source seriously". What was the point of this, other than a stupid prank that no-one but a few geeks will laugh at?

What next, are "we" going to start submitting bogus press releases, and trying to hold Microsoft to them? (I know that one is a little of an extrapolation, but not a huge deal.)

Re:And people wonder why ...

[sumdumass]

What if this wasn't a stupid prank. What if it was just someone trying to prove to some one else that microsoft's opensource license isn't opensource.

Re:And people wonder why ...

I know that one is a little of an extrapolation

Your use of the word extrapolation is a bit of a stretch.

Re:And people wonder why ...

[killjoe]

Actually it brings up an interesting point. If the license is public (kind of) then why can't anybody submit it? The OSI is supposed to judge the license itself not who wrote it or why. I am also curious to know why MS told them to drop it. Why harm would it have caused them if it was approved?

Re:And people wonder why ...

[mabhatter654]

there is probably some provison that the licensor would have to guarantee that the license wouldn't change over it's life... most importantly couldn't change without notice. Things like BSD, GPL, MPL, AFSL all have standardized offical versions and either no change or methods of change defined right in the license. Example: Typical GPL is version 2 dated 1991. We all know exactly what that means. If you make any changes to that you MUST call them out and notice them from the published version. MS has no "standard" license to reuse over and over.

Microsoft licenses aren't worth the bits on the screen.. they can be changed at will by Microsoft and "paper" versions don't count. MS refuses to version or date their licenses.. it's all a game to them. If OSI was to approve a MS license, MS would have to guarantee that it wouldn't change without notice.. and they flatly refuse to do that!

Re:And people wonder why ...

[Chris+Pimlott]

I don't take Microsoft's "Shared Source" license seriously, and I won't until they start releasing under an OSI approved license.

Re:And people wonder why ...

And what if it's the exact opposite? Maybe there is "GASP" and actual independent developer that wants to license something not made by microsoft under this license and wants to be sure that it IS OpenSource!

BSD Licensed != Berkley University Code
MIT Licensed != MIT University code
GPL != FSF code

Re:And people wonder why ...

[Short+Circuit]

Or that it was?

Re:And people wonder why ...

[khallow]

I don't see a point to debating nonexistent what-ifs here. It was a stupid prank and your license being approved by the Open Source Initiative is not equivalent to being open source.

Re:And people wonder why ...

[John+Cowan]

The practical problem with a 3rd party (like me) submitting someone else's license is that if the OSI wants changes, the 3rd party has no authority to make them. It makes sense to deal directly with the license author.

I don't speak for the OSI, Microsoft, my employer, or anyone but me.

Re:And people wonder why ...

[EvanED]

Why would it have to guarantee that?

Couldn't the OSI say "here's the text of the license as of today, this version is/is not certified open source."

If MS then went and changed it, that version would be different from what the OSI approved, and the decision based on the old version would cease to be valid. However, the old version of the license wouldn't suddenly become invalid.

There might be some confusion as to the naming of them, but I think that could be easily overcome. The OSI could say "The MS Shared Source License as of Aug. 22, 2006" is approved, and as long as MS didn't come along and make changes later and say it was as of Aug. 22, 2006, there should be no confusion. (I'm not sure if I would put that last thing beyond MS or not.)

Re:And people wonder why ...

[evilviper]

What was the point of this, other than a stupid prank that no-one but a few geeks will laugh at?

Who knows? Who cares?

At WORST, it is a completely innocuous stunt. Why would someone judge a group harshly, over something so trivial?

I guess in commercial corporations, no "stupid pranks" ever happen. ANYWHERE!

Re:And people wonder why ...

[sumdumass]

The point of debating it is because we don't know it is a prank. You and probably some one before you just asumed it was a prank. Thats just a preconditioned "what if". Many more are availible.

But i would like to know why it was submited. I would also like to know how close it comes to being OSI compliant.

Re:And people wonder why ...

[I'm+Don+Giovanni]

MS probably told them to drop it because:
1. The OSI website frequently features anti-MS rhetoric (and they do even today). There's no way in hell OSI would do a fair evaluation. So they would "officially" reject MS licenses, which is what the submitter likely wanted.

2. MS doesn't really give a damn what a self-appointed priesthood has to say regarding their license, and don't want to kowtow to them.

Re:And people wonder why ...

[Richard_at_work]

Why does one body get to decide whats opensource and whats not? The OSI is not an international standards body by any measurement.

Re:And people wonder why ...

[kjart]

Microsoft licenses aren't worth the bits on the screen.. they can be changed at will by Microsoft and "paper" versions don't count. MS refuses to version or date their licenses.. it's all a game to them. If OSI was to approve a MS license, MS would have to guarantee that it wouldn't change without notice.. and they flatly refuse to do that!

Hunh? They might not be worth anything to you, but I imagine they are worth something to Microsoft, and I really don't think it's a game to them. I'm seriously puzzled why you seem so beligerent though - is it just because this is about Microsoft? Guess what - there are other licenses out there that are approved by OSI and (surprise) you can even use them yourself.

Aside from the humour value this seems pretty much like a non-story.

Re:And people wonder why ...

[Russ+Nelson]

That's exactly what it was. John wanted to know if we would approve the licenses, because as far as he could see, they are approvable. Looks like it to me too, yet .... we'd prefer to have the steward submit the license hence my request that he withdraw them.

Re:And people wonder why ...

[Russ+Nelson]

Are you stupid or is this your best impression of a moron? Just curious.

Re:And people wonder why ...

[Russ+Nelson]

Oh, oops, hi John.

Re:And people wonder why ...

[Fred_A]

I just see OSI as a dyslexic ISO.

Re:And people wonder why ...

[smittyoneeach]

SOI un perdedor...

Re:And people wonder why ...

[Secrity]

Organizations don't have to be an international standards body in order for people to respect their standards. There are many organizations, such as the ARRL and EIA/RETMA, that work this way, and some eventually gain status as an international standards body. Many engineering associations, such as the IEEE and SAE; and equipment manufacturers associations, such as ECMA, have gained international standards body recognition. If enough of the right people respect OSI standards, the OSI could also become an international standards body.

Re:And people wonder why ...

Ohnoes, whatever will they do without your recommendation.

Re:And people wonder why ...

I agree, especially given that ESR is a wank.

Re:And people wonder why ...

Tell me again why Microsoft needs, or would even benefit from, OSI's imprimatur? Hasn't MS effectively proven your utter irrelevance by not submitting the licenses to you?

It's really pretty bizarre: you'd think that OSI would have already learned this by virtue of Stallman's refusal to acknowledge the authority of OSI. But no, having already lost on the Free Software front, you guys decided to pick a fight with the commercial side of the industry? Wow. OSI's stupidity has few parallels in modern industrial history.

Are there any members of SCO's board of directors on the OSI board?

Re:And people wonder why ...

[khallow]

The point of debating it is because we don't know it is a prank. You and probably some one before you just asumed it was a prank. Thats just a preconditioned "what if". Many more are availible.

Well, I guess we can read the motivation from the guy himself. I suppose I still will characterize it as a stupid prank even after reading this, but I can see how someone might disagree.

I would also like to know how close it comes to being OSI compliant.

Didn't even start apparently.

Re:And people wonder why ...

[John+Cowan]

Well, of course I don't agree that it was a prank. I was quite serious.

I also don't agree that the license "doesn't even start to come close to being OSI compliant." OSI-approved licenses are a subset of OSI-compliant ones.

Re:And people wonder why ...

[khallow]

I also don't agree that the license "doesn't even start to come close to being OSI compliant." OSI-approved licenses are a subset of OSI-compliant ones.

I was just noting that OSI didn't even start the process. So this gives us no information.

Traditional Business Plan

[virtuald]

At the moment, it doesn't seem like Microsoft is really open to the idea of 'true' open source a la GPL or BSD. Though really, they have so much money it probably wouldn't matter in the short run whether they used open source or not.

On the plus side, open source windows would probably have a TON of exploits at first, but eventually get secured to some degree -- despite the fact that the security model is fundamentally flawed..

Re:Traditional Business Plan

[babbling]

Wait, wait, wait... You're jumping to conclusions here. Perhaps Microsoft told them to drop it because Microsoft would rather have their license evaluated by the Free Software Foundation, instead. I mean, I can understand that. I don't care much for "open source", but I do value my freedom. Maybe Microsoft values freedom, too?

Re:Traditional Business Plan

[pimpimpim]

Anyone should be able to evaluate the license, it's not like they're asked to show the source of their kernel, they're asked to show the license which is the contract any person that deals with the software has to follow (and the other way around). A license is a public thing. How about you getting a mortgage at bank A, and the bank won't tell you their coniditions because it's part of their secret business plan. Would you deal with them, or go to bank B which tells you exactly what they are doing?

Come to think of it, a bank will/has to be very open about how they will invest your money. If they wouldn't, you wouldn't think about investing your money there. By doing so, other banks could just copy their ideas, but that is not the main concern of the costumers, because they'll stick to the bank that has the correct service etc. Software should be like this. Full disclosure, because it's where your money goes and you have the right to know what's in your hand. The fact that in many cases it isn't, probably shows that the costumers in IT (the people responsible for buying in IT solutions for their company), have less long-term financial insight than those at the financial department. Maybe because it't tought to be not important there, but who knows, maybe it'll change in the future, it would be about time!

Re:Traditional Business Plan

Sure, Windows would be secure, but then the GUI would look like shit and it would be impossible for end users to use and all the corporate users would drop it because most Open Source programmers have no idea how things need to work in a large corporation.

Seriously now, compared to Linux, Windows is _easy_. Ever tried to install a driver in Linux? I have. I spent about 4 hours one day trying to get my wireless card working before I just said screw it. Windows? I point it at an INI file and click Next and it works. (For the record, my card _was_ supported under linux (atheros chipset), and I'm not really an idiot. I've been using BSD for a long while, so I know Unix, I just don't know Linux.) And before anyone points out that newer distros have the driver installed already, that is _not_ a solution to the problem. Drivers are still hard to install, and no matter how hard you try there will always be hardware that you don't have the drivers bundled for. Anyone who seriously thinks that Linux is _easy_ is just a fan boy.

Let's all be honest with each other. Open Source is written by programmers _for programmers_. Very few OS programmers give a flying fuck about the user, they write the software for themselves and if someone else happens to want to use it, they can. (Okay, Slashdot, point out the exceptions to the rule for me! That'll prove me wrong! Yup!) When was the last time you found an Open Source programmer that was also a usability expert, or even just a designer? Sure, there are some, but most aren't. Most programmers (even propriatry ones) have no idea what constitutes a good design or a usable application. Microsoft likely has huge labs and departments of people devoted to this specific purpose.

You know what else they'll have huge departments devoted to? Finding out what the customer needs. When was the last time you saw some Open Source programmer asking the end user what features they need? Again, it happens, but not as often as it needs to.

Open Source programmers are programming for much different reasons than the Microsoft programmers and this is what gives most of them a different attitude (or maybe people with that kind of attitude just gravitate to open source?). Regardless, the elitist attitude most Open Source programmers and projects have is why Open Source Windows isn't going to happen.

What is Microsoft going to get out of the deal? A bug fix here, a security patch there? They'll have to spend massive amounts of time wading through garbage to even get those. They'd have problems with programmers maliciously trying to insert security holes and bugs into the codebase at the same time (all the people who hate Microsoft aren't going to disappear if Windows is open sourced, they'll just find some other reason to hate it). Now, what is Microsoft going to lose? Well, do you seriously think the big OEMs are going to keep paying Microsoft if Windows is truly Open Sourced? They can just re-brand it "Dell OS" and ship that on machines. They're providing the support for the end users anyways, why do they need to keep paying Microsoft?

So, uh, to try and relate my long and retarded rant to the parent post in some way: Fixing some of the security holes in Windows is really _not_ a huge incentive for Microsoft to Open Source Windows considering all the down sides.

ND
(Posted anonymously for karma's sake.)

Re:Traditional Business Plan

[real_b0fh]

Ever tried to install a driver in Linux? I have. I spent about 4 hours one day trying to get my wireless card working before I just said screw it. Windows? I point it at an INI file and click Next and it works. (For the record, my card _was_ supported under linux (atheros chipset), and I'm not really an idiot. I've been using BSD for a long while, so I know Unix, I just don't know Linux.) And before anyone points out that newer distros have the driver installed already, that is _not_ a solution to the problem. Drivers are still hard to install, and no matter how hard you try there will always be hardware that you don't have the drivers bundled for. Anyone who seriously thinks that Linux is _easy_ is just a fan boy.

woooa there! linux is definitely *NOT EASY*, but installing drivers is trivial. Either the device is supported, or not, and if it is supported, it *WORKS*.

I guess I know what your problem was. I had similar issues with wifi. The problem is, our beloved wifi card manufacturers have a nasty habit of producing totally different cards, but all of them have the same 'name' and sometimes even the same part number... the only thing differentiating them is some obscure shit like 'rev A', or 'v2'.

That happened to me. Did my homework, got a list of supported cards under the linux kernel, went shopping... Eventually I found a 3com '3CRWE154G72', bought it, went home, plugged it, and... the firmware would not load... i tought... wtf... Long story short, the card I bought is 'v2' and, despites having the same chipset, it has not enough memory to store the 802.11 firmware, that stuff needs to be done in the driver now, like in a winmodem. Way to go! Fortunately, that piece of shit works well with ndiswrapper (which by the way works like you seem to like : point to the .INF file and forget about it).

Re:Traditional Business Plan

Insightful?

A. off topic
B. flamebait

Re:Traditional Business Plan

> Either the device is supported, or not, and if it is supported, it *WORKS*.

Tell that to ALSA. Sound in Linux is still a goddam mess. On Linux, my Realtek AC97 -- the SINGLE MOST COMMON sound chipset there is -- cannot use coax SPDIF and headphones at the same time. It supports both through the means of (believe it or not) an arcane and brittle config file with no syntax checking (sound just fails if you typo it). Apparently the wretched lousy driver architecture prevents them from coexisting.

DMA still isn't enabled on most cdroms, resulting in lousy burning and playback experience.

Re:Traditional Business Plan

[real_b0fh]

too damn true. But considering most of the linux/bsd drivers are done by reverse engineering and hacking, since the hardware companies mostly don't give a rat's ass, I am happy that they at least can produce some sort of sound / connect to my AP / connect to ethernet / display video.

if *all* hardware makers would release specs for people to write drivers for their stuff, this situation would be mucho improved.

Re:Traditional Business Plan

[NuclearDog]

The card wasn't the problem. I've run it under Linux since then (the Auditor distro among others now ship with the driver installed by default). I know 100% that the card uses the Atheros chipset and is compatible with the ath driver under FreeBSD and whatever the equivilant is under Linux.

"but installing drivers is trivial"

Let's see:

• Update kernel because the driver needs 2.6.23423413.41341343 not 2.6.23423413.41341342 or something.
• Fix all the shit that I broke attempting to do that.
• Re-install because I've FUBAR'd something.
• Go back to step 1 and repeat several times.
• Finally get the new kernel running.
• Install about 14 different tools, half of which I couldn't find in the apt repository and had to spend multiple hours finding all over the net and installing.
• Compile the driver.
• Install the driver.

With each of those steps having a hundred fracking steps involved to accomplish them, and about 40 different places to branch based on what goes wrong.

Linux has this amazing ability to start me off simply wanting to accomplish something simple (playing a song), and ending up with me updating the kernel or something so I can update gcc so I can compile some library that needs a newer gcc that is required by some other library that is required by the music playing app. (not a real nor necessarily realistic example, just trying to make a point) Hell, by the time I give up, I've often forgotten what my original goal was.

ND

I wish they had evaluated it.

[shaitand]

Undoubtedly the reason it was submitted is so that the license will be officially recognized as not achieving OSI compliance. I don't think they should have asked Microsoft at all.

Re:I wish they had evaluated it.

[gdamore]

Have you looked at the license. I confess I had not before I read this,but then I check it out at http://www.microsoft.com/resources/sharedsource/li censingbasics/communitylicense.mspx

The license itself is short and sweet, and easy to understand. Or at least so I deem, but of course IANAL.

I have no idea what software Microsoft has licensed under this license, but a casual read of it looks like the license should be certifiable by OSI. As far as I can tell, the only potentially confusing issue is the patent retaliation clause.

In most other respects, it looks like a simpler version of the GPL, including being viral. I can't imagine why MS wouldn't want it blessed by OSI. Probably they just don't want to be recognized for giving source away even when they do so. Heck, they might be worried that it would scare off investors who consider Microsoft's IP portfolio as a reason for buy MS shares. :-)

Now, it probably is a Good Thing that it isn't blessed, because the last thing we want is another viral license that also happens to be incompatible with GPL. (The patent retaliation makes it GPL-incompatible.) Life is hard enough figuring out Open Source license as it is.

Re:I wish they had evaluated it.

[minus_273]

you can download C# CLI source from MS with this licence.

Re:I wish they had evaluated it.

[CODiNE]

Now, it probably is a Good Thing that it isn't blessed, because the last thing we want is another viral license that also happens to be incompatible with GPL. (The patent retaliation makes it GPL-incompatible.) Life is hard enough figuring out Open Source license as it is.

I highly doubt that. More likely they're hoping someone else like you will think it's innocent and OSI compliant, and accidentally taint the Linux kernel with some of it's code. Having the OSI go over it would give programmers a clear warning to not mix licenses with this code.

Re:I wish they had evaluated it.

[SeaFox]

In most other respects, it looks like a simpler version of the GPL, including being viral. I can't imagine why MS wouldn't want it blessed by OSI.

Microsoft seeking OSI certification would be admitting that Open-Source is a viable alternative way of writing software. It would be placing a certain amount of respect and recognition to other open source licences if they seeked an equal certification for their own.

That and, as someone pointed out earlier, they don't want their license being offical stamped non-compliant, makes it a lot harder to argue that they do release software as "Open-Source" for the PR department.

Re:I wish they had evaluated it.

[mabhatter654]

problems I see.

#1...MS requires the license to USE the software. Most of the others only require the license to reproduce or modify + distribute software. They demand something, however small, just to USE the software as it's given to you. It's an EULA, not a license. Notice they think you don't have the right to even PREPARE deritive works without permission.

Section 3 part A looks simpler than GPL, but combine with part C looks like BSD... except Microsoft always keeps it's mits in your work and all the work that follows. Where as BSD and GPL the orginal author's say ends as long as your new copy follows the rules. And again, they following users would appear to be required to accept Microsoft's EULA as well. GPL binds no progam license to any company in this manner.

And of course, Microsoft has a more restrictive patent clause than even GPL 3. Where as GPL 3 says you must ensure you have patent rights, and grant rights to downstream users, it doesn't try to take away from you for suing somebody. I know there was talk, but it's not in the license. Microsoft removes your license if you think you need to sue them.. or even counter/cross sue in defense of them sueing you! So if this was to become widespread, anybody that MS sued would loose all rights to the 'community' software when they tried to defend themselves.

I do notice 1 glaring ommisson for a microsoft license... They didn't leave themselves the right to revise/extend/revoke the license at will they usually include in every other license they write. I guess they're not all bad.

Re:I wish they had evaluated it.

[keeboo]

In most other respects, it looks like a simpler version of the GPL, including being viral.

Sorry, but I have to say something about this.
This kind of derogatory description of the GPL doesn't help a thing for the FOSS movement, and only help to widen its divisions.

Re:I wish they had evaluated it.

[afaik_ianal]

This kind of derogatory description of the GPL doesn't help a thing for the FOSS movement, and only help to widen its divisions.

Yes - how dare he mock the gospel of Richard.

Re:I wish they had evaluated it.

[EvanED]

MS requires the license to USE the software.

Not by my reading. Where does it say that redistributions of it must require users to agree to the licenses to use the software?

Even if MS puts a click-through license at the beginning of the installations or whatever of the software doesn't mean that you have to comply.

(Note that the grant of priviledge to use patents is different.)

except Microsoft always keeps it's mits in your work and all the work that follows.

How so? There's the patent clause, but that's all I see. We'll get to that in a minute.

Microsoft removes your license if you think you need to sue them.. or even counter/cross sue in defense of them sueing you!

Only as it relates to the software that's covered by this license.

Regardless of how you feel about this clause, I see nothing that conflicts with the OSI definition of open source.

Re:I wish they had evaluated it.

[coonsta]

There is a list of Microsoft software released under their shared source licenses (of which the community license is one of three) at http://www.microsoft.com/resources/sharedsource/li censing/getsource.mspx

Re:I wish they had evaluated it.

[EvanED]

You seem sure.

Here's the definition of open source per the OSI.
Here's the MS "Community License".

What is in conflict?

Re:I wish they had evaluated it.

[xenocide2]

I'm no lawyer, but this liscence seems awfully specific in all the wrong places. Lots of stuff specific to Microsoft, like suing them for patents etc. It's fine to sue users and derivate software distributers, just not MS. Moreover, it grants you liscence to use their copyrights and patents, so long as you grant a specific set of copyrights and patents ("you must grant all recipients the copyright and patent licenses in sections 2(A) & 2(B) for any file that contains code from the software"), likely including things you don't own. You don't have the authority to liscence Microsoft's patents to other people directly. I imagine that Microsoft intends that their offer is extended to anyone who might recieve this software down the chain, but it isn't made clear whether this is good enough. These two oddities combined basically means distributing the software, which MS inevitably holds a patent on, requires you to grant a liscence you don't own (and must seek from MS) and still allows them to sue to your users for infriging on their patent.

Re:I wish they had evaluated it.

[EvanED]

so long as you grant a specific set of copyrights and patents ("you must grant all recipients the copyright and patent licenses in sections 2(A) & 2(B) for any file that contains code from the software"), likely including things you don't own

If you don't have the authority to grant patent use, then you don't have the authority to distribute the part of the software that infringes that patent. This ensures that you don't distribute supposedly Free software that is, in fact, encumbered in patents, and thus for all intents and purposes not Free. (Because you can't exercise your rights without infringing the patents.) Some OSS liceneses have patent provisions, some don't, there's not really anything wrong with this one I think.

At least in theory... Rereading it the wording is a little off though. It's very clear (I think anyway) what the spirit of that part ("you must grant all recipients the copyright and patent licenses in sections 2(A) & 2(B) for any file that contains code from the software") is, and I think that even the letter of the wording could hold up to that interpretation, but I could see some lawyer try to argue that secondary distributers can't grant the copyright and patent rights held by the primary author. I doubt it would fly.

(Not all of that is directed at you... it seems you have the knowledge in the first paragraph.)

Re:I wish they had evaluated it.

[Tim+C]

t's an EULA, not a license.

I know what you mean, but you do realise what that L stands for, right?

Re:I wish they had evaluated it.

[moonbender]

Not by my reading. Where does it say that redistributions of it must require users to agree to the licenses to use the software?

I'm not saying you're wrong, but the license says: This license governs use of the accompanying software. If you use the software, you accept this license. If you do not accept the license, do not use the software.

and

(C) If you distribute the software in source code form you may do so only under this license (i.e., you must include a complete copy of this license with your distribution), and if you distribute the software solely in compiled or object code form you may only do so under a license that complies with this license.

Re:I wish they had evaluated it.

Like DRM? Nothing about Rights Management.

The End User doesn't need a license to use the software: even the act of copying in installation has several issues about needing a license:
1) You aren't copying, the installer is, which isn't your code
2) If you need to copy to use, the Berne Convention says this is not copying controlled by copyright

therefore there is no grant given, only rights taken away. Only a contract can do that. The EULA is a contract, no matter what the L means.

If the End User is distributing, then they need a license, but then for that purpose, they are not an End User any more.

Re:I wish they had evaluated it.

[julesh]

#1...MS requires the license to USE the software. Most of the others only require the license to reproduce or modify + distribute software. They demand something, however small, just to USE the software as it's given to you. It's an EULA, not a license. Notice they think you don't have the right to even PREPARE deritive works without permission.

These are, in fact, necessary. The GPL is an interesting license for claiming that you don't have to accept it to use the software, but it's worth noting that outside of the US, using computer software is often an act which is protected by copyright law (because a transient copy is created in RAM), so you do need a license for it. Therefore, those of us using GPL software in non-US countries have to accept the GPL in order to use. The MS license is no different in this regard, but it is explicit about it, whereas the phrasing of the GPL is actually misleading in non-US countries, and could result in people using GPL software without a license to do so (e.g. because they refuse to accept the GPL terms but don't realise that where it says you don't need to accept them doesn't apply to them). MS's lawyers are probably more internationally-minded than the FSF's are.

You also need a license to prepare a derivitive work. Creating derivitive works is an act protected by copyright in many countries. It's good that the license grants this right.

The rest of your analysis does make it sound like a poor license, but these things you mentioned in the first paragraph really are useful to those of us who aren't in the US.

Re:I wish they had evaluated it.

[John+Cowan]

"Undoubtedly"? *I* doubt it. In fact, it isn't true.

I would never abuse the OSI process by submitting a license for consideration unless I thought that license met the Open Source definition. Life is too short for such machinations.

Re:I wish they had evaluated it.

[NickFortune]

It does seem to have some interesting use cases. Suppose MS decide that a one of their patents is not covered by the licence after all, and start demanding royalties. If they set it up right, you'd have to sue them for breach of the licence agreement, and thereby invalidate the licence.

It would mean they could terminate the licence at any time, or at least force licencees to pay insupportable royalties.

Although I too am not a lawyer, so there my be good reasons why this would not work.

Re:I wish they had evaluated it.

[pavon]

It's an EULA, not a license.

I know what you mean, but you do realise what that L stands for, right?

I know you were joking,but you do realize what that A stands for, right? :) It is an Agreement between two parties, AKA a contract, in which you agree to both the terms of the copyright license, and several other terms which are outside the scope of copyright law.

Re:I wish they had evaluated it.

[tehcyder]

(i)t's an EULA, not a license.
I know what you mean, but you do realise what that L stands for, right?

It's Lesbian isn't it?

Re:I wish they had evaluated it.

> It's an EULA, not a license.

EULA - End User License Agreement

Re:I wish they had evaluated it.

[EvanED]

I don't think that's true, for a couple reasons, and even if it were, it's not enough to get the MS license thrown out of the OSI-approved arena.

Point 1: MS claiming infringement based upon use of the software would be self contradictorary. If it's possible to infringe one of MS's patents by using their software, then that patent is covered by 2(B) and there's no infringement. The only thing that would make this possible would be if you added 3rd party functionality that infringes on the patent that MS originally thought was covered by 2(B) but then decided that the software they were distributing didn't use that patent and thus rights were not granted.

Point 2: It's not MS's decision to make as to which patents are being infringed; it's the courts'.

Point 3: You wouldn't have to sue them immediately when they start demanding royalties; just don't pay them. When and if they sue you, you can make your claim that the original software uses the functionality covered by the patent they are demanding royalties for. If you word it right, I think you bypass the invalidation claim.

Point 4: Even throwing all this out, the existance of this clause I think is *still* not enough to disqualify this license. Many other approved licenses have very similar clauses to the one in question. (Okay, looking back through the last three might be almost the same, but on the other hand, I only went through about 1/5 of the licenses.) The main difference is that they limit the revocation clause to MS. I don't think that this would be enough to get it disqualified though. It's objectively in between other licenses; it's less powerful than the ones linked above (which revoke rights if you sue any contributor for patent stuff) but more powerful than other licenses that are patent neutral (BSD, GPL, etc.). The situation is subjectively unfair though, and I think it would hurt the license's chances. (But again, not enough to get it disqualified.)

Re:I wish they had evaluated it.

[Random832]

There are plenty of OSI-approved licenses that can't be mixed with each other. See GPL-Incompatible, Free Software Licenses for a list of such licenses that can't be mixed with the GPL (and thus with the linux kernel. the GPL v3 will likely also be incompatible with the GPL v2, for programs that explicitly pick a version, in at least one direction)

Re:I wish they had evaluated it.

[Tim+C]

1) You aren't copying, the installer is, which isn't your code

Oh come now, that's no argument at all. You can equally well say that when I copy anything, unless I do it by hand, I'm not doing it, the equipment I use is.

2) If you need to copy to use, the Berne Convention says this is not copying controlled by copyright

I'm not familiar enough with the Berne Convention to comment on this. If it is the case, however, and if it trumps local law (which are two big ifs), then you're free to simply ignore the EULA and use hte software as you like, so what does it matter what they say? If not, or if local law wins out, then you're stuffed.

The chances of actually being prosecuted for a violation are vanishingly small, of course, as there's generally nothing in an EULA that you can violate without definitely infringing copyright. (At least in my experience, but then IANAL and I've not studied very many EULAs)

The EULA is a contract, no matter what the L means.

If your assertion that use of software does not require a licence due to the Berne Convention is true, then the EULA is irrelevant, contract or not, as there is nothing compelling you to agree to it. That's perfectly fine by me; let the fools make their empty demands.

Re:I wish they had evaluated it.

[NickFortune]

Point 3: You wouldn't have to sue them immediately when they start demanding royalties; just don't pay them. When and if they sue you, you can make your claim that the original software uses the functionality covered by the patent they are demanding royalties for. If you word it right, I think you bypass the invalidation claim.

Interesting, isn't it? The problem becomes one of making the other party sue. Or counter-sue, of course; the patent disqualifiaction clause is one-sided. MS don't lose a thing if they sue you.

I agree that this might not be enough to derail OSI validation. I just think it would take a braver coder than myself to invest any significant time and effort into a project licenced under these particular terms.

degrees of separation

But, while Microsoft does not have a problem with one of its licenses being OSI-approved, the challenge is that the OSI has previously positioned itself as "anti-Microsoft," Hilf said, pointing to the fact that even though the OSI has removed the controversial Halloween Documents from its Web site, a link on the site still points to former OSI president Eric Raymond's Web site, where the documents are available.

Uh oh... IEEE Computer Society links to OSI's site (first sentence, "Open Source"), which links to ESR's site which links to the Halloween docs.

Re:degrees of separation

[ral315]

More importantly:

IEEE links to OSI which links to ESR which links to the Halloween docs. Halloween starred Jamie Lee Curtis, who was in Queens Logic with Kevin Bacon. HA!

John Cowan did cool lojban stuff

[Cybert4]

Lojban is a constructed language that can be parsed like computer languages! He did a major book on the subject. Anyone in lojban is pretty cool.

Pfft....

In all honesty, this is little more than a gimmick and frankly few give a damn about OSI.

As far as I'm concerned it just shows how much OSS advocates are out of touch with the software community at large.

In other words; it shows that loudmouths in the OSS community are really just small minded jackasses and those who see this as "important" are easily dismissed as fanatics and zealots.

The more I see of open source as a community the more I want to distance myself from it.

Re:Pfft....

[mabhatter654]

OSI is working to clear up the mess of "free" licenses out there to make interoperation of various modules allowable without relicensing every time you ship a project. Even the FSF is willing to work with them to allow things like AFSL, MPL, etc to coexist with GPL or LGPL as approperiate and just agree they are good enough without splitting hares over fine print. What they are doing will make Open source really viable and help smooth the edges for commercial developers. But they have to honor the orginal licenses when they make recommendations how they interact, that's the law.

Free Software advocates may seem out of touch, but it's NOW when times are good that you have to stay on the path. The whole "free software" movement rides the thin line between academic/hobby project and real, live commercial copyright. If they make the license too loose, they set bad precedent. If they don't actively define their position when they see a "violation" then they may miss something and again,set bad precedent. If they don't keep an active copyright push, then they risk a judge throwing all GPL code into "pubic domain". Especially because they aren't a "real" company, but a "club" it makes it easier for others to say FSF meant the code to be "public" and they let it lose.

Also, when times are good, they have to be careful of imposter licenses. Ones that look "free" enough, but have gottchas that let an orginating company swoop in, or a downstream company lock-up the code later on. Things like Sun's OpenOffice.org fall in that catagory. Again, it's important to not let the "free software" brand if you will be diluted so that it doesn't become a free for all.

Re:Pfft....

[CortoMaltese]

...without splitting hares over fine print.

The official recommendation of PETA is to split hairs, not hares. Preferrably human hairs, from your own head.

In fact, they even had a campaign with supermodels such as Christy Turlington and Naomi Campbell posing naked, with their heads shaved, on billboards, with the slogan "I'd Rather Go Bald than Split Hares" emblazoned across their chests.

Re:Pfft....

[lachlan76]

Things like Sun's OpenOffice.org fall in that catagory.

LGPL is an imposter?

Re:Pfft....

[Dragonslicer]

The official recommendation of PETA, however, is definitely to split hares.

A quick rundown--

[Lord+Aurora]

From TFA, quote from an official of OSI followed by a quote from the guy who submitted MS's stuff:

"I think that the general principle should be that authors have preference over third parties when it comes to submitting licenses," he said.

"Microsoft has said neither that it will nor that it won't submit its two licenses.

"They've said that they're not submitting them at this time. Perhaps they have revisions to make? If so, then approving draft licenses would be a serious wrongo. If you insist, we can take it to the next board meeting, but I'm reasonably confident that the board's decision will be to defer approval," Nelson said in the e-mail string.

Cowan then responded that "I defer to your vast expertise."

Translated as:

"Hey, look Cowan, we need to actually work this out legally."

"Oh shit."

Honestly, what was the guy thinking?

Re:A quick rundown--

[John+Cowan]

What I was thinking was that the license is a decent license no matter who wrote it, and worth approving *because* of who wrote it. Nelson pointed out a potential issue, and I withdrew my recommendation, but not the judgments it's based on -- I stand by those.

Re:A quick rundown--

[Lord+Aurora]

Ok, that I respect. Awesome to see you balls-to-the-wall and defending your own decisions, seriously; I think I'm even going to provide a little translation of our own little encounter:

"Man, Cowan, what were you thinking?"

"This is exactly what I was thinking, actually. So there."

"Oh, sweet!"

Even though I might not agree with you entirely, /props for the response. (^_^)

Microsoft's possible fear

[jkrise]

Upon audit, the license was found to contain non-final wordings.

Re:Microsoft's possible fear

[gbobeck]

Upon audit, the license was found to contain non-final wordings.

It also appears that someone forgot to install service pack 2 and the most recent critical updates to the license.

Question

Why doesn't microsoft allow a trusted security company to do a code audit of windows and office? What have they got to loose? They would have everything to gain from an external code audit.

Re:Question

You have a gross conceptual error as to the level of programming skill that would be required to "do a code audit of windows and office". Have you ever done a code audit of a multi-thousand-lines of code project? How about a multi-100K lines of code project? Do you think it can be automated? Have you looked at the available tools that would help automate it?

I'm not an MS apologist and I don't run Windows on any systems where I don't absolutely have to--but let's be reasonable here. You're talking about a *lot* of work for a benefit which I would agree is both concrete and worthwhile but most CxO types would not care about.

Disclaimer: I don't have access to MS source code but I work for a company that does. I'm a security guy. If I were tasked to do what you've recommended, I would have major issues about how to proceed as outlined above.

Re:Question

[andreyw]

The sheer size and scope of the project? Never mind exposing their own and licensed IP??

Re:You can't spell Micro-soft without...

Nice HTML skills, skippy. Thanks for regurgitating a really limp joke too. The OSS community is such a waste.

This is the Clue Stick

[mpapet]

I'm tired of reading yet another story about microsoft and OSS cozying up. Though in this case it's a sad joke, the rest of the time it's a coordinated attack on OSS. (mozilla devs, black hat testing, etc)

If it doesn't work they'll buy the best developers and hide them away. If that doesn't work, they'll drop more litigation bombs.

It's all about maintaining the monopoly people. There's no maybe, that's it.

Re:This is the Clue Stick

[jt2377]

dude...STFU! if you read the Fucking article, MS sharesource is still a draft. it is not final. it's very clear that the guy jump the gun. jeebus, if you don't like MS then don't fucking use their software or technology. if you just want to bash MS then keep it to the usual bashing.

not networking class again!

[crashelite]

i dont like the OSI model :\ it was on every test and i could never remember it. So leaves me at the question, why did they choose OSI as the abbreviation? other then the fact that it is Open Source Initiative but WHY, in calling it Open Source Initiative means that MS will want to get a peice of it dew to the Initiative part. concidering the deffinition is (or one of them) "the power or opportunity to act or take charge before others do" or if u really want to get into it "the ability to assess and initiate things independently " meaning they really wouldnt need approval to get an "OSI" approval except from their own self. oh well,...

Re:not networking class again!

[EvanED]

Please (Physical)
Do (Data link)
Not (Network)
Throw (Transport)
Stale (Session)
Pizza (Presentation)
Away (Application)

I do not know why this is still in my brain, I learned it 5+ years ago and have essentially never used it. It's like what Dave Barry said: "[W]hen I was in college, I had to memorize -- don't ask me why -- the names of three metaphysical poets other than John Donne. I have managed to forget one of them, but I still remember that the other two were named Vaughan and Crashaw. Sometimes, when I'm trying to remember something important like whether my wife told me to get tuna packed in oil or tuna packed in water, Vaughan and Crashaw just pop up in my mind, right there in the supermarket. It's a terrible waste of brain cells."

Re:not networking class again!

[HBI]

All people some time need data processing.

Re:not networking class again!

[yuna49]

For me it's old songs like the Beach Boys' "California Girls" popping up in my mind. Seems especially to happen while I'm standing over a six-foot putt.

Why MS don't want OSI's Blessings

[EqualSlash]

Apparently, the MS word spell-checker doesn't recognise 'OSI'.

Re:Why MS don't want OSI's Blessings

[NotQuiteReal]

You are right - OSI is not recognised... suggested "correct" spellings are:

Obi
Osier
Soy
Soil
Oasis

Oh, that's easy.

[jd]

It would be hard for Microsoft to claim that they were taking Open Source seriously if they had their "open" license officially skewered by a license review board.

Since Microsoft aren't required to use any specific license for any specific product, and since a product can be "open source" and under multiple licenses that include non-open ones (eg: the Windows version of the Qt toolkit, for the longest time) and "non-free" ones (virtually all other dual-licensing cases), the argument that Microsoft would be limited in some way obviously doesn't apply.

Furthermore, since if the license HAD been deemed acceptable by the OSI, Microsoft could have claimed a massive PR coup over competitors who claim it is hostile to opening up code in any kind of meaningful way (as per EU lawsuit), it follows that Microsoft either did not want to claim such openness (which would make no sense, given how busy they are in claiming that they are perfectly open enough) OR they feared a bad PR reaction in the event of a rejection OR the license is deliberately intended NOT to be OSI-compliant but is intended to confer that impression to those corporations, countries, continents, etc, that have demanded greater openness in the software industry.

Those Slashdotters living in Europe whose European MPs are sympathetic to Open Source (or hostile to Microsoft - works in either case) may wish to notify their EuroMPs of Microsoft's request that the OSI not look closely at their terms and conditions. At worst, the EuroMP won't do anything, so it can't hurt. At best, it may be very useful ammunition the EU can use against Microsoft in Microsoft's tedious appeals - it's going to be harder for Microsoft to claim compliance with the EU court ruling on providing technical information for analysis if they won't even provide the license for the technical information to be analysed and prohibit the analysis even when the license is provided anyway.

(Hey, the EU does a lot of crappy things, makes strange drug-induced choices, and is rife with power-plays and nefarious dealings. The least we can do is exploit all that so that one of the few sensible rulings is actually upheld.)

Re:Oh, that's easy.

[EvanED]

You didn't answer the poster's question. You answered why MS wouldn't want it submitted, and how EU people might go about applying pressure to get it submitted. You didn't, however, talk AT ALL about why the OSI needs MS's go-ahead to review it, why it can't review licenses at the request of people other than the author of the license, or why the OSI can't even just spontaneously review licenses even without someone's request.

Re:Oh, that's easy.

[aminorex]

Obviously they can. No can't is involved, merely a won't. Piss on them then.

Re:Oh, that's easy.

[Random832]

or why the OSI can't even just spontaneously review licenses even without someone's request.

I'll field this one.

You see, impersonal entities like "the OSI" lack a certain important quality known as sapience (though commenly mistakenly called sentience - it also lacks that, but that's rather beside the point) - without which, it's incapable of making decisions on its own without the help of an individual or group of individuals that do have that quality. In the OSI's case, as with many others, that group is called a board of directors.

You did the right thing, John.

There will be many here who belittle you over this, and otherwise slander your fine name. Do not waste your time listening to them. They are fools.

I want you to know that you did do the right thing, even if the results may not have been what you expected. You are correct, it is of interest to many developers whether or not the various licenses from Microsoft do qualify as being of an open source nature.

While there are likely many who would avoid them altogether, there are developers out there who do like the terms of those Microsoft licenses. Your efforts toward this matter are much appreciated, and have no doubt helped out those who have been considering the use of the Microsoft licenses for their own works.

damage to OSI's credibility

[m874t232]

Microsoft has claimed that their various licenses are pretty open, and it makes sense to put that to the test. The OSI is the natural organization to do that. There is a good chance that there are hidden traps in their licenses and potential users need to know about that. And, of course, it is just the case where a company has deliberately hidden something in their licenses that they would object to having their license reviewed by OSI.

OSI's decision erodes confidence in OSI. If they want to be seen as a dependable arbiter of whether licenses comply with open source principles, they must evaluate licenses that have some importance in the market, no matter who actually submits the license for review. Asking the original author of the license for permission is not acceptable.

Re:damage to OSI's credibility

[Russ+Nelson]

Actually, I don't remember asking Microsoft what they thought. Perhaps Bill Hilf is remembering something that didn't happen. According to TFA, he was pretty hazy about John Cowen's name.

Anyway, we certainly would have evaluated them had John not withdrew the approval request. Approval was just not the best of all possible courses of action, which is why we asked him to withdraw.

Re:damage to OSI's credibility

[idlake]

Anyway, we certainly would have evaluated them had John not withdrew the approval request. Approval was just not the best of all possible courses of action, which is why we asked him to withdraw.

As I see it...

If Microsoft's shared source license is OSI compliant, then OSI should make that determination publicly so that Microsoft's change in behavior is recognized and people can feel secure in using the software.

If Microsoft's shared source license is formally OSI compliant, but you don't think it is actually in the interest of open source developers, then you should change your compliance criteria.

And if Microsoft's shared source license is not OSI compliant, then people need to know urgently, because the code is out there and people may start using it.

If you think that Microsoft's license is legitimate but you don't approve it because you think it would look bad for OSI to approve a Microsoft license, then I think you really are biased.

I really just want to know: is Microsoft's shared source license compatible with open source principles? I hope OSI will answer that question and do so soon.

Depends on your definition

[Sycraft-fu]

The OSS zealot of open source is "Source code that anyone can get for free." However a more literal definition might be "Source code that is available to others than the people that wrote it." Just because someone doesn't give you their code for free, or allow you to do what you please with it doesn't mean that it isn't open. There are many open standards like that. They are open, in that anyone can get them, but you've got to pay for licensing.

However that's not really relevant here. MS's Shared Source license isn't OSS and they don't bill it as such. It's there so that certain groups, mostly governments and research institutions but also software partners, can get a license of MS's code to look at. They aren't licensing it for resale, it's for research and testing.

In the case of the Community License here it would mostly be for companies wishing to make extensions to MS software. If you wanted to make something that needed source access (for example Diskeeper back in the NT 3.1 days) and waned to sell that, you'd need to get this particular license.

None of their Shared Source things are shall-issue. You contact them and talk about why you want it and what for. If they like that, they'll discuss costs.

MS has no interest in its licenses being used by other people. They aren't in the business of writing a license for everyone, or dealing with potential fallout of that. It is for them to license their software when they wish to do so. Thus they aren't interested in the OSI picking it up. It doesn't benefit them at all to have a standard made of it.

Nothing is stopping you from using it as a reference for writing your own license, of course.

Re:Depends on your definition

[MrMr]

However a more literal definition might be "Source code that is available to others than the people that wrote it." Just because someone doesn't give you their code for free, ....

But with that definition all source is open; If I want to look at the Vista code I just buy this company called Microsoft, and all its code is available to me.

Re:Depends on your definition

[Sycraft-fu]

Look I'm not interested in playing the overly pedantic game here. The point is that the GPL version of open source isn't the only one that can exist. I've seen software (compilers mostly) that include full source code with their product. However it's not GPL'd. There's a limit to what you can use it for, usually building your own binary works and not a new version of the compiler. My point is that just because the code isn't free for all doesn't mean it's not open. MPEG-4 would be similar, though it's an algorithm not code really (there is reference code as well). It's an open standard, but not a free one. You have to pay to implement it. The free implementations that get built in many OSS programs are actually illegal (they are legal as source as a research project, just not legal to build and use).

My point is there's not one and only one definition of open source that people have to meet. There may be one you like, but that's not relevant. Hell, some BSD people could go all zealot on you and say that the GPL isn't open source. Sure you can get the source code, but you aren't free to use it however you want, there's restrictions. Their license is far more open, as you can reuse it even without distributing your mods.

Re:Depends on your definition

[anotherone]

You're trying to purposefully break his analogy, but it didn't work. If you buy Microsoft, then you've become part of the entity that has written the code.

I guess you could say that you could buy Microsoft and then GPL the Vista code and then sell Microsoft and look at it but that's kind of a silly extreme, wouldn't you agree?

Re:Depends on your definition

However that's not really relevant here. MS's Shared Source license isn't OSS

I've got to agree with Sycraft-fu on this point. Thers is nothing in the Shared Source license that says I can share or release the MS code.

BUT...

Now I know why my driver keeps crashing... the MS documentation was wrong! (yea like that was a big suprise)

Strengthening OSI's credibility

[I'm+Don+Giovanni]

When the author of a license submits his license to be approved by a body such as OSI, the intent is to get that body to approve the license. Part of the process is that if the body rejects the license, the body informs the author of the reasons so that the author can, if he wishes, make adjustments to the license and resubmit it. This is an interactive process between the author and the license-approving body. At no point in the process does the license-approving body declare to the world, "WE HAVE REJECTED THIS LICENSE!!"; "WE HAVE REJECTED THIS RESUBMITTED VERSION OF THE LICENSE"; "WE HAVE REJECTED THIS RE-RESUBMITTED VERSION OF THE LICENSE"; and so on. Rather, they communicate privately with the author on the problems they have with the license and resubmissions and so-on.

What you wanted to happen was for OSI to, on its own, evaluate an MS license, reject it, and declare, "WE HAVE REJECTED THE MICROSOFT LICENSE", without giving MS any chance to alter the license to address the problems that OSI might have with it.

OSI has featured anti-MS rhetoric on its site. If they had decided to evaluate an MS license without MS submitting it, and publicly rejected the license, then it would have been seen as no more than an anti-MS hit-job. That they didn't do that actually strengthens their credibility, not weaken it.

Re:Strengthening OSI's credibility

[Russ+Nelson]

Rather, they communicate privately with the author on the problems they have with the license and resubmissions and so-on.

Exactly.

Re:Strengthening OSI's credibility

[idlake]

OSI has featured anti-MS rhetoric on its site.

And why shouldn't they? Microsoft's behavior is a matter of public record, and there are numerous instances where strong condemnation of their corporate behavior is clearly justified.

What you wanted to happen was for OSI to, on its own, evaluate an MS license, reject it,

No, what I want to happen was for OSI to review it against their criteria and publish their conclusions, whatever they may be. I would welcome it if their license complied with OSI requirements because it would mean that there is more software that I can build on.

When the author of a license submits his license to be approved by a body such as OSI, the intent is to get that body to approve the license. Part of the process is that if the body rejects the license, the body informs the author of the reasons so that the author can, if he wishes, make adjustments to the license and resubmit it.

It is a very real possibility that Microsoft's various "shared source" initiatives contain traps and are a publicity stunt. In that case, they have no interest in having anybody review it or make changes to it, but users still need to know.

OTOH, Microsoft may simply have chosen not to submit the license to OSI because of PR considerations. In that case, failure by OSI to review the license would deprive many people of the use of their open source software unnecessarily.

If they had decided to evaluate an MS license without MS submitting it, and publicly rejected the license, then it would have been seen as no more than an anti-MS hit-job.

The purpose of evaluating a license is not, as you seem to think, some kind of PR stunt, it is to give people like me information about whether a particular license is safe to use or not.

That they didn't do that actually strengthens their credibility, not weaken it.

The basis for OSI is the open source community, and if OSI is seen to shy away from warning users about dangerous license terms in order to improve their relationships with companies like Microsoft, then OSI loses credibility with its community.

If OSI rejects the license based on a reasoned analysis, then that is not an indication of bias. If you interpret it as such, then the problem is with you, not OSI.

Re:Strengthening OSI's credibility

[Mr.+Jaggers]

Dude, that's not what the OSI does. I think that the OSI's credibility isn't what is at stake here; rather, it's purpose, mission, and to some extent, it's public appearance. The OSI's web site (while puzzling and frustrating to navigate) makes that particular information no big secret (spend 20-30m over lunch reading their policy docs... doesn't take that long, as their charter is pretty short and simple). They have the OSI certification and mark program, a 'non-proliferation treaty' (joke), and an awards program. Essentially, other than straight advocacy on the website, that is all the scope they claim to cover.

I kind of wish that their bylaws, and any amendments to them as time goes on, were posted. They are a 503(c), after all, and "open", in general, should indicate transparency. Either I can't find them on the site, or they aren't there (though I admit their absence probably more of an oversight, or perhaps the lack of desire on the part of the site maintainer to type & format pages of legalese).

If you want an opinion without input from microsoft, submit the license for review to RMS. He already posted an analysis of their "shared source" license (the one for the c-sharp cli code, etc). Of course, you'll get an answer orthogonally related to the GPL, but GPL-compatibilty (in my opinion) is the best (and most useful) basic rubric for openness, since "open" is a subset of "free".

If RMS is good at anything (besides writing code and stirring up controversy) it's reviewing licenses with the good folks at the FSF.

For what it's worth, a cursory reading of the license leads me to believe that this microsoft community license is an open source licence. Specifically, it seems to fall under the category of "free" but "GPL-incompatible", because of the patent clauses (which may not be inherently a bad idea, but may, nonetheless, be incompatible with the GNU GPL :).

Actually... look at section 3(D): "If you begin patent litigation against Microsoft over patents that you think may apply to the software (including a cross-claim or counterclaim in a lawsuit), your license to the software ends automatically." I'm pretty sure that's a deal-breaker, putting it in the non-free waters (possibly for similar reasons as the sgi free software license).

Well, there it is. From an armchair paralegal. BTW, this post is licensed under the GPL2.0, just in case it's wrong...

Re:Strengthening OSI's credibility

[idlake]

They have the OSI certification and mark program, a 'non-proliferation treaty' (joke), and an awards program. Essentially, other than straight advocacy on the website, that is all the scope they claim to cover.

I don't see your point. Not-for-profits do certifications for third parties all the time. Why should OSI refuse to do what other such organizations regularly do?

For what it's worth, a cursory reading of the license leads me to believe that this microsoft community license is an open source licence.

I think an OSI stamp of approval would be a bit more useful, both because they have a lot more experience, and because people have experience with what OSI is looking for in a license.

Re:Depends on your definition NOT!

[Alphager]

The OSS zealot of open source is "Source code that anyone can get for free." However a more literal definition might be "Source code that is available to others than the people that wrote it." Just because someone doesn't give you their code for free, or allow you to do what you please with it doesn't mean that it isn't open. There are many open standards like that. They are open, in that anyone can get them, but you've got to pay for licensing.

Open Source has a crystal-clear definition (visit OSI for the definition); the meaning of the term "Open Source" is nothing zealots can change.

Who submitted the GPL?

[ebcdic]

I bet it wasn't the FSF, since they're not interested in "open source".

Re:Depends on your definition NOT!

[kjart]

Open Source has a crystal-clear definition (visit OSI for the definition); the meaning of the term "Open Source" is nothing zealots can change.

They may define "Open Source" (which appears to be a trademark), but not necessarily open source - I'll leave that to a good dictionary. Also, it seems possible that some people might consider the members of OSI to be zelots themselves as much as say, Steve Ballmer would be for his respective cause.

Not Consistent

[Morosoph]

Open Source has a crystal-clear definition (visit OSI for the definition); the meaning of the term "Open Source" is nothing zealots can change.

The criteria are not objective; here, Microsoft's opinion on a licence determines whether or not it counts as "open source".

Re:Not Consistent

[Alphager]

The criteria are not objective; here, Microsoft's opinion on a licence determines whether or not it counts as "open source".

Not correct. Microsoft does not want that the OSI examines the license. According to the rules of the OSI, only the creator of the license can start the examination-process. It is not decided if the license is open source or not; MS blocked a decision.

Re:Not Consistent

[Morosoph]

Well okay, but my point is that you can't tell open from closed source by looking at their list, as there are other criteria for being on that list.

The definition may be consistent, but it is not the criterion for OSI approval.

Re:Not Consistent

[Alphager]

You have to meet two criteria to be on that list: a)Comply to the open source definition b) ask the OSI to review you No hidden agenda.

FSF's opinion

[DrYak]

Because OSI complied to microsoft's demand and didn't evaluate the license, we won't know their stance about it.
On the other hand the FSF has shown what they're thinking about it.

Although both institutions (read: ESR and RMS) are known to have divergent point of view, this hints about how much this license can be free, and what one should think before starting his own project using this kind of licensing (something for which knowing OSI, FSF and DFSG's stance can be genuinly useful, as some other /. signaled).

I know that most /.ers think that it's best to stick to known licenses that are widely used, documented and proven (including tested in court), and most of the time the debate is only about the duality BSD vs. GPL (Should we allow the code to be forked into a proprietary branch or not), and that's maybe what most home-brewed projects do.

But there are a lot of place (I've whitnessed some), particulary those big places that are new to the open-source concept, that don't automatically trust GPL and consider it proven (they've usually never heard of Groklaw, or the numerous cases of GPL-violation that were successfuly resolved). They don't start with a small subset of preferences (BSD/GPL), but do extensive - but, alas, sometime un-educated - researchs about everything they can encounter, they often start considering obscure licenses that the average OSS user has never heard of, often on the account of some higher hierarchy member or some beancounter that are affraid to 'lose control', and may end up using a solution that will turn up to be not as useful as expected.

It is in such case that organisations like OSI can come handy to help choose and discern among the huge diversity of licensing scheme.

Re:FSF's opinion

[Random832]

On the other hand the FSF has shown what they're thinking about it.

Funny that the anchor you linked to is "non-free documentation licenses", given that the gnu "free documentation license" doesn't itself pass the DFSG, on which the OSD was based.

No Hidden Agenda

[Morosoph]

Okay, I agree with you there.

My point is that the criteria are partly subjective on the part of the licencor, not that there's anything sneeky going on.

OT: Clarification

[Secrity]

I showed that EIA/RETMA was not an international standards body. EIA provides standards to ANSI, which as a member of ISO is an international standards body. Not all EIA standards become international standards. RETMA, the predecessor of the EIA, was not an international standards body, the standards that it set were not widely adopted outside of North America and parts of Asia.

Re:Depends on your definition NOT!

[John+Cowan]

"Open Source" is not a trademark, nor is "open source", for various technical reasons. "OSI Approved" *is* a trademark, and you can slap it on your software if you are 1) making source code available and 2) using a license on OSI's list.

A license doesn't have to be OSI-approved in order to be an open-source license. An OSI-approved license is one that is an open-source license in the judgment of various people, not just the OSI board members.

Copyright infringement?

[houghi]

Microsoft [...] told to drop it.

On what grounds? Just by asking politely, or have they a right to do this? Do they own the copyright on that licence? Seriously. If I write a sort of GPL, must the license also not be released under a sort of GPL?

Re:Copyright infringement?

[John+Cowan]

Of course Microsoft owns the copyright on those licenses: they wrote them. And no, not even the GPL is released under the GPL: the GPL's license says "Anyone may copy and distribute this license, but changing it is not allowed." This is presumably to prevent proliferation of lots of just-slightly-modified copies of the GPL.

Mod Up

[shaitand]

If you are the John Cowan then I hope someone mods you up as informative.

With that said I would only change my post to read "the best reason for submitting" instead of "undoubtedly the reason for submitting".

Whether this license meets the letter of the definition is something best left to the lawyers but this EULA (or any EULA) is definately a violation of the spirit of open source.

I also still maintain that OSI evaluation of a license should not be dependant upon consent by the author. Either a license is OSI compliant or not and people have a right to know that.

Not to defend, but...

[Thomas+Charron]

Microsoft didn't say 'Drop it'. They said they need to consider it.

    Not to defend them, but FUD is FUD, even if it's against the 'other' side of the Open Source fence.

Re:Not to defend, but...

[Shadyman]

Microsoft didn't say 'Drop it'.

Nooo. They said 'Drop it like it's HOT!'

MS license is likely to meet OSI compliance

[I'm+Don+Giovanni]

"Undoubtedly the reason it was submitted is so that the license will be officially recognized as not achieving OSI compliance. I don't think they should have asked Microsoft at all."

You didn't read the article; nor did I until just now.
First, the reasons for OSI not evaluating licenses that aren't formally submitted by the license authors are detailed in the article.

Second, the MS license was NOT submitted so that it would officially be rejected by OSI. In fact, the opposite is the case. It was submitted because the submitter felt that the license is *likely* to achieve OSI compliance.

Third, OSI appears to feel the same way. Quoting from the article:

Asked if he would like to see Microsoft submit its Shared Source licenses for OSI approval, Nelson [OSI's Russ Nelson] questioned whether "the world needs yet another open-source license," but added, "We've all read the licenses, and they're reasonable, succinct and very likely to pass muster, so why not?"

The article also says that MS hasn't closed the door on submitting the licenses themselves. It would behoove them to to so, as it would be good PR when these licenses are approved (which, after reading the article, is more likely than them being rejected).

Re:MS license is likely to meet OSI compliance

[shaitand]

"You didn't read the article; nor did I until just now."

I still haven't. I will remain a proper and upstanding member of the slashdot community. ;)

"First, the reasons for OSI not evaluating licenses that aren't formally submitted by the license authors are detailed in the article."

I haven't read the article but I have read some of Russ' comments here and also John (the submitter) reply'd to me as well. It certainly seems that my post is due an overrated mod.

With that said I still think the OSI should evaluate publically available licenses regardless of who they are submitted by when the author is claiming or implying that the licenses are open. A good example of this is the shared source license that came before this particular discussion. Having a list of licenses that have been evaluated and failed to meet OSI criteria publically available is more than just a way point a finger at the author and say "HA!". If a license is not on the list then it only means that license has not been evaluated but the terms might be safe to use. If a license is on the rejected list it means that the license should not be used, period.

I also think the OSI should seriously reconsider revising their definition if it allows EULAs, since they fall outside the scope of the rights granted the author by copyright law.

Nothing about this is wrong.

[Plug]

Everything in this makes sense. Someone wants to see if the license fits the criteria, so they submit it. No malice. The OSI report that they require the owner/licence author to submit it - with good reason, no malice. They contact Microsoft, who, according to the article, say "We aren't going to report anything to the OSI while they still align themselves with the Halloween documents", and point out that they reflect the state of the company some years ago. If they are trying to change, which submission of an licence to OSI surely should be recognised as a step towards, then they deserve an (official) break from their past.

They're not asking for the documents to be erased from history, just a very anti-Microsoft link removed from the OSI President's web site.

WARNING: Wrong anchor, sorry

[DrYak]

Funny that the anchor you linked to is "non-free documentation licenses"

Sorry, I mixed up the links : THIS is the link to the non-free software license.
Thank you for pointing out my error.

Re:WARNING: Wrong anchor, sorry

[Random832]

Regardless (should have mentioned this in my original reply, since I did find it), your link does not have any mention of the Microsoft Community License. The MCL does not have the restriction on commercial use to which the FSF objects, the term "non-commercial" does not even appear in it at all. It is, at first glance, apparently non-GPL-compatible due to a patent clause, but that doesn't make it non-free - several licenses at http://www.fsf.org/licensing/licenses/index_html#G PLIncompatibleLicenses (such as the Apache license) are non-gpl-compatible for similar reasons.

This is getting noticed NOW?!

[SwashbucklingCowboy]

I subscribe to that reflector: this happened MONTHS ago and yet it's getting public notice NOW?