Slashdot Mirror
SQL-Ledger Relicensed, Community Gagged
Ashley Gittins writes "Users of the popular accounting package SQL-Ledger were being kept in the dark about a recent license change. Two weeks ago a new version of the software was released but along with it came the silent change of license from GPLv2 to the 'SQL-Ledger Open Source License' — presumably in an effort to prevent future forks like LedgerSMB. As it turns out, the author was making deliberate attempts to prevent the community from finding out about the license change. No posts to the SQL-Ledger mailing lists asking about the license change were getting past moderation and direct questions to the author were going unanswered. Just recently the license was switched back to GPLv2. This behavior is not a first for this particular project, and is part of the reason for the original LedgerSMB fork. Does a project maintainer have an ethical obligation to notify his or her community of a license change? What about a legal obligation?"
And if you don't like it, or can't find it to decide if you like it or not, then your choice is still the same... take the last version under the old license and fork it.
Of course! Being open is exactly what open source is about. Well, hopefully the LedgerSMB fork will be able to get beyond the personality defects of the SQL-Ledger guy...
In regards to future changes?
Perhaps the relicensing violates the licensing unless said licensing includes provisions for relicensing the licensing.
if you read the links, you will see that the author has already switched back to gpl v2
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
If the author is the sole author and/or owns all the copyrights, then they can do what ever they like. If, however, they have accepted third party submitions then they may have a legal obligation to remain GPLv2
A commie defector !! Keeellll Heeemm Noooowzzz!!
Legally you don't have to announce your business decisions in advance, ethically well... I can understand why you wouldn't, the day you came out and said it the GPL version is as good as yours - no reason to switch. You'd want to have some sort of carrot "New version with $foo and $bar" so people would actually change. Everyone producing anything OSS is entitled to stand up at any moment and say "Screw this, I'm going to try making money off it", assuming it's all their code of course. If you want reliability and future commitment, perhaps you should pay for it? As long as you rely on volunteer contributions you haven't really got a leg to stand on, should they disappear in a puff of smoke.
Live today, because you never know what tomorrow brings
Both the links to their "public support forum" and wiki bring up a HTTP password prompt.
Who gives a fuck?
couldn't there be a problem considering the license was GPL not some BSD or apache style license. once the base is GPL, shouldn't that mean the derivatives can't be more closed than the base? (anyway IANAL). but when someone does such an act, the usual dynamics of consumer-service_provider relation should take effect. you try to double cross your user, they ditch you for someone else. with a non-existent user base who really would care what license you use for ur private little project :)
Forcing people to accept a change in the license without telling them? Definitely unethical - kind of like forcing people to accept Windows Genunie Advantage if you want patches.
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
No. There's only a problem if someone made a fork and tried to change it from GPL to something else. This was a move by the guy who holds the copyrights to the code. the copyright holder can, at anytime, decide he wants to move his code to another license. the catch is that all previously released code is still under the previous license. That is, if i release Foobar v1 under the GPL, then I release Foobar v1.1 under BSD, v1.0 remains licensed under the GPL, and you are free to take that code and start your own version, Forkbar v1.0. However, you must always keep it as GPL, because you don't own the copyright on the code; you only have access to it because of the GPL.
my pet machine
The author of the work can always release his work under any license he sees fit. The problem would be any code contributed by others in this case.
c++;
Simader is a putz and always has been. That project is the worst of programming with Perl ever -- its a contraption. Its developed like any 'job security' program would be, using a rube goldberg approach when ever possible. Any attempt to integrate with that project with anything has always met with his poison. Much rather put my efforts into something like http://frontaccounting.com/ rather than SQLL. Even though I am a perl zealot.
Finally the death of his project.
members are seeing something, your seeing an ad
Does a project maintainer have an ethical obligation to notify his or her community of a license change? What about a legal obligation?
Ethical obligation: certainly, I would argue.
Legally, it's in the ballpark of something like this:
You cannot change the license on contributions to your project without permission of every contributor.
The enforceability of a license often depends in no small part on the notice of the change. For example, a quiet change of the license obligating you to make retroactive payments for usage, where you would never have predicted this, will likely be unenforceable. On the other hand, a small change in the license that requires redistributers to redistribute source code in an open format such as tarballs is probably enforceable.
An author can be prevented from suing you for breach of license if the author changed the license without telling you, and you reasonably relied upon the prior license not changing to do something reasonable under the prior license. This is the legal concept of estoppel - colloquially, the author is estopped from enforcing the license.
Another concept, unjust enrichment, may also apply. In this case, the author changed the license, and intentionally didn't tell his contributors who kept making valuable contributions, the author may be deprived of his enrichment, because it was unjust, and the contributors may have a right to withdraw their contributions, or have project remain under the old license insofar as those contributions apply (for example).
Mind you, these are common law concepts, and no doubt modified by statutory schemes (e.g. the UCC).
No, that wasn't emotional, that was a fact. Gagging in this case refers to posts querying the change or motive (or even mentioning the very fact) of the change were moderated out so the userbase was kept unaware.
I think the bottomline appears to be that the guy Open Sourced something and didn't quite understood the consequences. And it's easy to stack mistake on mistake once you're on the wrong foot..
Having followed both mailing lists I must say that the LedgerSMB one is very lively indeed - and has more people visible in development. That doesn't mean I don't feel sorry for the original author, but I think he may need a bit of a spokesperson between him and the rest of the world..
Insert
Community Gagged
Yes the community is Sooooooooo gagged that they get to complain about it on Slashdot.
Really you are not being silenced if you get to shout your complaints from the rooftop.
Just because the author of SQL-Ledger essentially told you to "talk to the hand, because I am not listening" doesn't mean you are being censored. It just means you are being ignored. Freedom of speech never meant to the person you are talking to/about had to care.
Ah, yes we live in the Baby Boomer's Narcissistic Me Generation world where if your infantile desires aren't ment it means Big Brother is oppressing you. You want censorship ask someone who lived in 60s Eastern Euriope or has been dragged in front of a no-attorney/no-recording inquiry panel for a violation fo the University's Speech Codes. There is censorship and the is being ignored.
The users aren't being gagged, they are screaming like a 2 year old havering a tantrum and they are being ignored.
absolutely! Yes!
The evidence of this is shown in the development of GPLv3
It's old school to bait and switch.
It up and coming to be Honest and open.
Perhaps honesty and openness was what was needed regarding the concerns that resulted in the flip flop?
Would the flip flop had happened?
"No posts to the SQL-Ledger mailing lists asking about the license change were getting past moderation" -- sounds exactly like the community is forbidden from saying something, no? A word like "gagged" is emotional language, but it's not inaccurate.
I thought slashdot readers, while not reading TFA, at least read the summaries :D
I would consider not being able to talk about it as being gagged. You seem to have missed the part where he blocked all discussions about the license on the forum.
c++;
I have been writing accounting software of my own lately (http://www.thinkcomputer.com) that also does taxes, and licensing has come up in the past week for me, as well. I used the PDFlib 6 library with PHP, which I paid over $1,400 for, to create PDF files so that my software could prepare tax returns, and all was working fine until my server crashed in March. I was forced to upgrade to new hardware, which I did, in the form of two Sun Fire X2200 servers running Linux. Installing PDFlib on my new setup didn't work, because even though my server had two processors, and I had a license for two processors, PDFlib detected four logical processors (each AMD CPU is dual-core). This was irritating on its own, but the fact that the newer version of PDFlib, version 7, uses a *different* system-based license (and of course they didn't tell anyone) that makes the number of logical processors irrelevant, means that the PDFlib acknowledge the flawed nature of their original license. When I asked them for assistance, since I needed to get my software up and running again, their response was that I should pay them $2,700 more in license fees for version 6 (more than the cost of the server) or $1,194 for a single-system upgrade to the new licensing scheme of version 7 (more than the cost of the original single-CPU license for version 6). To me, it sounded like extortion, but since the company is in Germany they can get away with it easier I suppose.
Needless to say, I'm never using PDFlib again, and I'm re-writing all of my code to use FPDF (http://www.fpdf.org), which is free, and works just as well. It's even easier to write code for. Stay away from PDFlib!
You're new here, aren't you? ;P
"Just recently the license was switched back to GPLv2...
This is what happens when you don't read the summary correctly ;)
The community being gagged refers to the fact that their messages were dropped from the associated mailing list. You probably didn't read the article, huh?
Considering people who tried to say something were moderated and removed, I'd say that's pretty gagged.
Actually, the forum and wiki have always been like that. You have to pay SQL-Ledger's author to get access. There used to be public trackers and the like on SourceForge, but he removed them a few months ago.
Thanks again, and keep up the good work! ;-)
There does seem to have been some 'gagging', although one could discuss the real meaning of that word further. However, the point: messages sent to the mailing list to discuss the licence issue were not approved for actual posting. Sounds like someone had something to hide.
"If you think the problem is bad now, just wait until we've solved it." --- Arthur Kasspe
True, that's why most projects require you to assign copyright for your contributions to them.
The guys at LedgerSMB had exactly the same problem, and they're busy cleaning up the code. Their stance is different as they provide a service, not software, and they make more sense re Open Source approach to code.
I think the root problem is that the SQL Ledger guy didn't realise what Open Source meant when he 'opened' it. LedgerSMB seems more focused on simply being a reasonable product, and their focus is the SME market who coul dnever afford the gazillion dollar programs..
Insert
That is one of the legal uncertainties with GPL - how do you manage copyright in a multiple-author environment? If you let other people report bugs or request features, and you fix the bugs or code the features yourself, that's unlikely to give the contributors partial ownership of the code, but if you also accept bug fixes from them, or certainly if you accept new feature code, that probably does.
The GPL3 license appears to be more restrictive than GPL2, not that I've spent much time examining the endless arguments about it (:-) Are GPL2 and GPL3 written in ways that you can use GPL2 code in GPL3 projects without permission? One of my concerns is that especially for larger projects such as the Linux Kernel, there are enough contributors that you really *can't* go asking them all for permission, even if the change control has always been good enough to identify them. There'll be people you can't find, people who think GPL3 is much better than GPL2, people who think it's much worse, and people who don't really care but don't like RMS for whatever reasons.
It's been a long time since I've done significant coding work. Most of it was internal projects at a previous employer, or work for hire we did for customers, so while some of it was general tools that could be reused outside my projects if people wanted to keep track of it (like printer drivers and termcaps and bug fixes), much of it was too customized to be useful outside of our environment. On the other hand, the code I've done on public projects has mostly been stuff that I'm really not attached to - teaching examples, or code that if I put any license on it it was a Netnews-style "It's Not My Fault" license. Help yourself...
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
ah yes, the mythical model of paid support to finance free software.
Unless your definition of gagging is rectal fisting.
the language seems pretty neutral, with enough flexibility for each person to inject their own tone/color.
obviously you are person prone to emotional outbursts and your coworkers think you're a bit bipolar.
that ever made sense to me.
"The party of the first part shall be known in this contract as the party of the first part."
What?
In this specific case, you can still pick the 1.1 release and GPL it back into, say, 1.1g.
If, on the other hand, 1.1 is under MS Shared Source License you should fork 1.0.
http://www.dieblinkenlights.com
The GPL says that any derivative works must also be GPL, so if version 1 is GPLv2 and version 2 is anything less than a complete rewrite, then surely it also must be GPLv2 (or later).
Am I missing something, or did this guy try to break the license of his own software?
Works pretty well if you're not an asshole. Was doing fine until this license change stuff came up.
That only applies if he hasn't accepted any outside submissions and therefore is the copyright holder of the code or has had all copyrights assigned to him.
I found this part rather funny from http://www.sql-ledger.org/cgi-bin/nav.pl?page=misc /terms.html&title=Terms%20%26%20Conditions
Licenses are there to protect intellectual property however there will always be people who abuse a license thinking that the license gives them a license to steal. You will find people who distribute forks thinking they do anyone good. In reality they are just stealing someone elses hard work and circulating as theirs. Most of the time you will hear that their's is an improved version of SQL-Ledger and the original is a piece of shit.
Notably the last part.
if you have any sense when buying software, and you're big enough to make the vendor agree, then a code escrowe agreement is critical in case the vendor folds (sometimes even have a release condition predicated on the vendor being bought by another company who may abandon the product).
if you're subcontracting the software to another company, then make sure that you have full rights over the code and that you get regular SCCS/RCS/CVS/Subversion snapshots (you need to have direct access to the contractor's repository, don't rely on them to send you dumps) and verify that you can build everything from scratch and get the fully working version.
I've seen the results of failing to do this and the results can get pretty ugly!
I think it's pretty clear to most people from the summary that the word "gagged" isn't being used in the strict legal or even literal sense, but rather in the figurative sense:
Having the moderators (or sole moderator, if that is the case) of what is probably the main "community" discussion forum blocking any and all posts asking or making statements about a particular topic seems to fit pretty nicely into this definition. Doesn't seem all that emotional either, more like an accurate, factual description, although not written in the technically precise legal terms you would have preferred. Any emotional reaction should come from your abhorrence, hatred, loathing, detestation, execration, revulsion, disgust, repugnance, horror, odium, or aversion to the entire concept of censorship in even the most minor situation relating to the legal rights of others.
Hopefully this project will now die a horrible death after being forked yet again by people who are actually interested in maintaining and improving it for current users without attempting to exercise control over the behavior of the users. No one should put up with this behavior from the developer of any software you rely on to do something as important as keeping your business running.
"That doesn't mean I don't feel sorry for the original author, but I think he may need a bit of a spokesperson between him and the rest of the world.."
Deiter may have switched the license back to GPLv2, but at this point, why bother ... he's done more to promote the competing fork as being the "legit, safe" one than anything else.
First of all, the community wasn't "gagged", when you are gagged you are forbidden from saying something
What part of "posts didnt make moderation" did you not see? To preempt it, a private (exclusivist) entity used moderation to remove objection. That's gagging, no matter how the entity was grouped. No "liberty to exclude" excuses can explain it.
Read the following:
No posts to the SQL-Ledger mailing lists asking about the license change were getting past moderation and direct questions to the author were going unanswered.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
This was the topic at the recent Toronto Linux User Group meeting.
http://tlug.ss.org/wiki/Meetings:2007-04
The talk was by a Ledger SMB core developer.
I bought what he said... Ledger SMB is now on Source Forge, reacts to security issues,
accepts patches, is converting to a saner architecture, uses CURRENCY instead of FLOAT for money.
Seems like its a winner.
No a project CAN NOT switch from GPLv2 to GPLv3 unless EVERYONE who contributed code agrees.
However - the reality is if a majority agree and a minority do not then what happens is that minorities code is removed from the project and re-implemented by those who do.
Now of course this only works if the minority is very small. If the minority is large enough to make it unfeasible then such a license change does not take place. Which is the way things SHOULD be.
I have been a contributor to projects that subsequently changed their license and I was always contacted.
* Retroactively re-license existing versions from the GPL to the new version: * Unlaterally re-license code that includes third part submissions, since most of the translation packages were done by user submission.
Ignoring those two actions, even if the license change is strictly legal, it's downright underhanded to pull a stunt like he did. He didn't just change the license on his software; he put out a point release on the primary distribution site, after having changed the license terms included with the package, then refused to let anyone bring it up on the official support mailing list. How many of us would notice if we downloaded and installed the lastest apache or postfix or whatever, and the license had silently and magically changed to a closed one?
It gets a little more sticky too when you try to relicense code like this. Outside contributors who submitted patches may have objections to the GPL code they donated being changed without their permission.
Even if they were 'gagged', its his software, his forum, his mailing list... We arent talking about a government here.
---- Booth was a patriot ----
I am a core member of the LedgerSMB development team. The author of this post ran it by me as a courtesy before submitting it.
In the time since this was submitted, Mr Simader has seen the light and reverted to the GPL, albeit very unhappily. Such is life.
I don't actually begrudge Mr Simader the right to choose whatever copyright license he wants to have for his work. That is his moral right, and I have no problem with it. However, I was very unhappy with the fact that a lot of contributors' code, including all the translations, were still licensed under the GPL and since his new license was not compatable with it, I felt that he was causing problems for everyone including our project which is why I began contacting contributors privately about the whole thing.
Also, in the event of a license change away from a specific and well-understood OSI-approved license, I think that the developer also needs to give users a heads-up before they install the new version. This is, however, as far as I see the ethical obligations. And even these were not followed.
Finally, on the LedgerSMB project we are committed to rewriting the entire application, not just in order to prevent further conflict with Mr Simader but also in order to create a better program and one which can be more easily maintained. But we would be remiss if we didn't recognize that our success is in fact partly based on his.
LedgerSMB: Open source Accounting/ERP
There are actually rather a lot of free and open source accounting packages around.
* Front Accounting
* Ledger SMB
* WebERP
* OpenAccounting
* TurboCash
o Windows
* GnuCash
* Personal
o HomeBank
o jGnash
o GFP
o Grisbi
* CK-Ledger
* Compiere
* Lazy8
* Quasar
o Linux Canada
* phpCOIN
* opentaps
* Bambooinvoice
* GnuAccounting
* phpOrganisation
* OpenBravo
They are in various states of repair and different markets from the personal to the one man band to the multinational.
Deleted
I never even tried SQL ledger, simply because while researching different Linux accounting packages I came across some post by one of the head guys, possibly this "Dieter" doorknob, replying to a user with something very much like the following:
"Well, I wouldn't worry about it. We are not that concerned with security because there's nothing that SQL Ledger works with that would be of interest to anyone except an accountant, and I don't think we need to worry about a bunch of rogue accountants."
That statement alone made me not want to touch the packae, even though it looked very nice otherwise.
Yeah, the summary is heavy on the language, but the fact is that several community members tried to bring up on the mailing list the fact that the license was changed, but their posts were censored. I would say that meets your definition of Gagged. To date there have still been no posts allowed through to the list regarding the license change. The point now is mostly moot however, as the license has changed back to GPL so the remainder of the community will probably continue on never knowing what has transpired.
We are starting to address the architecture. Hopefully in a year, we will be architecturally opposite where we began.
Our new architecture rocks and makes for *easy* integration.
LedgerSMB: Open source Accounting/ERP
contributed to the author under the GPL.
LedgerSMB: Open source Accounting/ERP
If you want reliability and commitment you *should* pay for it. If you buy a subscription ot RHEL update services, that is one way. You could also pay members of the core teams for support accounts, and the like.
But it doesn't mean you need to pay for the software license.
LedgerSMB: Open source Accounting/ERP
Agree on the first part (about not being an asshole). On the second part I wonder if it really was working well, and if the license change was related to other problems.
However, I think the paid support model works well provided that you define support to include further development. This is one thing Mr Simader does right.
LedgerSMB: Open source Accounting/ERP
This guy's words are (if quoted correctly, elsewhere):
;-)
"Most of the time you will hear that their's is an improved version of SQL-Ledger and the original is a piece of shit."
I'd guess that he's likely been feeling under pressure from some quarter(s), even before deciding to re-license his IP.
(eg, tax problem(s)? demand from someone close for more ? embarrassment from not reading/getting GPL v2's
implications before embracing it? etc. - does anybody know what might be happening in this guy's life, such as it is?)
But - as we say - "A Deal's A Deal" - even in licensing your IP "children"...
So, let's see what happens next...
I bet they would, since should they give their code to the project leader under GPL, and then the project leader takes their code under GPL, and changes the license to X, he's in direct violation of the GPL. It would be ok if the entire project's code base were written solely by the project leader. In the likely event that it wasn't, the project leader doesn't own the copyright to the submitted code, and for him to use it in anything other than the GPL license given to him would be committing copyright infringement, which is illegal.
---FourChannel---
In a similar vein:
I'm still trying to figure out why the Anti-Grain Geometry library went from BSD-like to GPL a few months ago with no code change. http://www.antigrain.com/
I haven't found any information on why the switch occurred and the author doesn't appear to have explained his motivations. I find myself working on a project in which I can employ 2.4, but I can't upgrade to 2.5 due to the licensing restriction, so I must either fork and maintain what I am using from 2.4 or abandon the library.
The bait-and-switch nature of the change is somewhat troubling to me, though I admit the principal author of AGG doesn't appear to be gagging inquiries like in the SQLLedger/LedgerSMB case.
Sanity is a sandbox. I prefer the swings.
einhverfr wrote the parent message. You could have read about the license change in his Slashdot journal post a week ago: LedgerSMB 1.2 released, SQL-Ledger changes licenses.
If you are interested in this subject, I suggest you make einhverfr your friend on Slashdot. Then you will receive notice of all his journal entries.
einhverfr makes a very good case that you should use LedgerSMB, not SQL-Ledger.
--
Remarkable Occurrences Involving the Bush Family
If there are no third party contributions to the software, then the author can change the license in whatever way he wants to (of course, not retroactively--old GPL'ed copies remain GPL).
If there are third party contributions, it depends on whether the contributors assigned the copyright to him. If they did not, he can't change the license. If they did, it depends on what the copyright assignment forms imposed on him.
In many cases, I wouldn't consider a GPL->proprietary license change a big deal for a package like this; basically, it means that the maintainer cannot, or doesn't want to, maintain the software under the GPL anymore. Whether he just stops it altogether or tries to make a go at it commercially doesn't make such a big difference to people interested in open source.
GPL->proprietary changes (or similar license shenanigans) are a big problem for infrastructure products (libraries, virtual machines, compilers), because they have a lot of downstream dependencies, and they pose the conundrum whether one should stay with "the standard" or with the open source version.
True, that's why most projects require you to assign copyright for your contributions to them.
Which could be problematic - since the copyright holder could decide to release the code under a non-GPL license as well; make revisions to that and be under no license obligation to make them available under the GPL. Granted, most projects wouldn't do that but it's still a possibility.
Also, assigning the copyright limits the creator's ability to resell their code seperately should someone want to use it in a non-GPl'd project.
In either case, licensing code under the GPL is a better approach than assigning copyright, IMHO.
I'm a consultant - I convert gibberish into cash-flow.
SQL-leger is written in perl - the write only language. We are going for webERP instead.
- there are perl threaded bugs thatthey never would fix...
To your first point: yes, that is the whole point. Commercial companies in particular require this for their dual OSS/commercial products. Novell Hula, MySQL come to mind quickly..
Second point: Copyright assignment, not transfer.. Though, of course, you did create competition for yourself.
If your goal is to fix a bug in project X, then you may need to do this to have your 1000 line patch accepted. If you want to share that fix/enhancement, getting the upstream to accept and maintain it is likely your best bet, regardless of what license you need to release it under. Up to you, of course, but its not black or white. Very much also dependent on the goals of the patch.
From the article, it really doesn't sound like the developer really understands what Open Source or the GPL is all about. Let him go and good riddance - I understand there's a pretty good fork out there anyway. :+>
Let's start with the premise that SQL Ledger was very obviously scratching a well spread itch - it did have quite a take up and even I was looking at it. So credit to Dieter for addressing a need in a way that obviously got him 'customers'.
:-) ), and communicates openly (they don't moderate as soon as you register). The whole tone inspired more confidence.
However, the accounting system is the financial heart of a company so I decided to lurk on the mailing list and see what was going on, and eventually I asked a few questions where I felt there were issues. There are 2 things to note here:
(1) the list if fully moderated, so no post will go online unless approved by Dieter (AFAIK).
(2) I was simply asking from the perspective of a potential user.
There were two results:
(1) I didn't really get the answers that I was looking for
(2) I was emailed privately that it could be worth it for me to look at LedgerSMB.
When I looked at LedgerSMB I noticed that, first of all, they fully acknowledged the origin of their code and credited the author for the work and, secondly, that their stated aim was to make it even better, with a roadmap I couldn't find in SQL Ledger.
So, I don't actually know how the original author was character wise until I saw that message in the "new" GPL2 license, but by that time I'd already decided for LedgerSMB because their mailing list is far more active (lively, even
So, up until that point I had a little preference for LedgerSMB. After what Dieter did with the license, however, there is no way I would use SQL Ledger. I already have MS to contend with (until I get every desktop on Linux), I don't need another business risk - especially when you then later discover that there are security issues with the SQL Ledger where the author appears to have the idea that the insider threat is nothing to worry about.
Well, I have first hand experience of that being the wrong stance.
So, yes, Dieter has shot himself in the foot with this. Stupid.
Insert
You can still host the old software on your new box, just by running it under VMWAre or Xen and configuring the VM to have less CPUs than your real box. You may need a bit more RAM, but RAM costs less than PDFLIb upgrades.
Well, that is assuming that outside code was used and that the copyright owners of that code didn't agree to the change.
If Compiere would run on something like PostgreSQL I'd be very interested in it. The Oracle requirement took it straight out of my list.
Any of the above capable of handling weekly timesheets, with authorisation?
Insert
Second point: Copyright assignment, not transfer.. Though, of course, you did create competition for yourself.
As I understand it there is very little difference - you are assigning ownership of the copyrighted work to another party. At that point they are free to do what they want with the work.
I can see this becoming an issue with GPLv3 - assignment of copyright allows wholesale transfer of code to v3; which means you either accept the more restrictive license or fork the code. Without such an assignment every copyright owner would need to agree to the change or their code would need to be pulled making such a switch extremely difficult.
I'm a consultant - I convert gibberish into cash-flow.
SO who wrote this SQL ledger thing?
Bill Gates?
Sounds like it.
Today's "GPL license" page reads like it.
Sure the community was (and continues to be) gagged. If you shut off the mailing list, and only let through messages that say positive things then you have effectively gagged the community. That being said, though, the community is very used to this. Whenever any bug surfaces, or something new is disliked then Dieter shuts off the mailing list until people stop talking about it. It's the classic "it's my ball and I'm taking it home" situation.
LedgerSMB does not require copyright assignment precisely because we don't want to send the message that we will change the license unilaterally. Copyright ownership is power, and decentralizing power means stability.
Of course in this case stability means that it would be hard to change the license, which is partially the whole point.
As a project, though, we are apolitical, and committing to a single license can be a political thing. It is possible down the road that parts of the project could be under LGPL or similar licenses, but we do promise that we will only use OSI-approved licenses.
LedgerSMB: Open source Accounting/ERP
Google claims to have found a 1.36 million hits for "ADepmiere", which seem incredible to me, as in "not credible." However, a slightly more credible indicator of commercial support in my opinion is that I see different google advertisements keyed on this word.
The first thing that I wondered is:
Does this software use any GPL'ed components (modules, code portions, etc). If so, then even the author cannot go and just swap to a non-GPL license unless that license is in itself GPL-compliant... otherwise he himself may be in violation of the GPL in regards to using GPL'ed code without making his own source properly available.
There is a difference between distributing and re-licensing.
What this is saying, is someone can take the work, submit new modifications under the **GPL v3 license**, and then distribute the work and other changes **under the V3 license***. But you can't take the work and change it's license wholesale.
It's like saying, you could download the whole Linux kernel, fork it, re-license it under GPLv3, and start distributing it. No problem. You just can't say, of your own volition, that the GPlv3 is the *only* license the code falls under, because I never agreen to that, I as the copyright holder only agreed to GPLv2 and later versions.
Think of it this way - the GPL license is forward-compatible. It is not however backward-compatible. You can run GPlv2 apps under Gplv3, but not vice-versa.
I am well aware that the BSD license provides pretty much no protection for the users of a library and in no way ensures that continued development will also be made public.
However, most every application is a house of cards built over other people's code. One of the decisions you have to make in any library-use scenario is whether or not you feel the community will be there in the long run. I started a project under the assumption I could use AGG because the direction that AGG was going in was compatible with my long term goals and would avoid duplicating effort. I started my project based on the past performance of the AGG community and that it would continue on into the future in a similar vein.
While the developer was perfectly within his rights to change the license in this case and to continue his development under the GPL, I am also free to bitch about it and to find alternatives because what he is providing is no longer something I can use.
An anology would be Theo D.R. having a sudden change of heart and next week deciding to release OpenBSD under the GPL. He may be perfectly within his rights to do so, but not many of the commercial users of the OpenBSD code base would be able to go along with the change, and there would probably be a lot of complaining.
Sanity is a sandbox. I prefer the swings.
'LedgerSMB does not require copyright assignment precisely because we don't want to send the message that we will change the license unilaterally.'
'It is possible down the road that parts of the project could be under LGPL or similar licenses, but we do promise that we will only use OSI-approved licenses.'
What happens if you are unable to contact someone who submitted a patch to ask his permission? It isn't as if you can just announce and then change. If you don't hold the copyrights, you can't change the license without written authorization from everyone who submitted a patch. For a patch submitted yesterday that is probably not that big an issue, for a patch submitted 2 years ago it can be a non-trivial task.
Licensing issues aside, I wish you guys the best on LedgerSMB. I haven't tried LedgerSMB but I did try SQL-Ledger about a year ago. It was a terrible experience. The interface was cluttered and non-intuitive. When a transaction was entered I had to put in all the corresponding entries in other parts of the program manually. Another huge problem is that I had to install Postres. I know many are fans of Postgres and that Postgres supposedly performs better at high load. But every other app of this type uses MySQL. I don't like running both.
http://eniv.blogspot.com/2007/04/license-for-gpls- text.html -- Now which license's fork is SQL-Ledger Open Source License? :D
If I write a Perl module to interface with something else, I can choose the LGPL at that time. I cannot, however, relicense an existing module. Our new architecture is clean enough that one could even write add-ins using non-GPL-compatable licenses provided that our code is not used. While we do not encourage such behavior, it is quite possible to do without violating the GPL (just as it is not a licensing violation to connect Excel to MySQL even though the latter is under the GPL).
If something really needs to be done, we can review the changes, see if they still apply, and if so, re-engineer the appropriate sections.
LedgerSMB: Open source Accounting/ERP
'Our new architecture is clean enough that one could even write add-ins using non-GPL-compatable licenses provided that our code is not used.'
That sounds refreshing and gives me hope. I looked at the project roadmap and it looks like you guys are doing quite a bit of cleanup under the hood. How long do you think it will be before we can start to see improvements in end-user experience? I would love to have an open solution to recommend to my customers and myself rather than Quickbooks.
The current codebase is... less than ideal. The Perl generates HTML code fragments which are printed to STDOUT, generating a page. Redesigning the user experience is something that is going to require first being able to get the interface separate from the mechanism (which ATM it is not). We are working on providing the infrastructure for 1.3, but it is unlikely that we can really fix the entire application before 2.0.
You will see improvements soon, but it will take perhaps up to a year or two before we can really get it where we want it.
LedgerSMB: Open source Accounting/ERP
Thanks for that, will have a look. Interesting to see that any FOSS project that starts to sprout commercial locks end up creating a fork. That's actually quite a wasteful bit of duplication :-(.
Insert
We take security very seriously. We aren't where we would like to be yet but give us a few months. We are already pretty far ahead of SQL-Ledger.
Prior to the fork, we discovered it was possible to manufacture credentials (he was using timestamps as session id/auth tokens and not even storing them on the server. Any sufficiently recent timestamp was accepted), execute arbitrary code on the web server, manufacture user accounts (still works once you are logged in), and more. Every one that we have fixed we have pointed SQL-Ledger towards before reporting it to bugtraq.
Dieter does at least make an effort to fix problems that don't require a valid login to exploit. Once you are in, though, all bets are off. Do a search on Bugtraq sometime.
LedgerSMB: Open source Accounting/ERP
> I am also free to bitch about it
...
no
> and to find alternatives
yes
> I started a project under the assumption
Assumptions without discussion and negociation are dangerous. Did you talk to the community? Did you ask them how they felt? Maybe your application was what caused them to realise the dangers of the BSD license. What was your input to the community. If you had put in much code over a long time to the application then you may even have legal redress against a license change. If you had put in nothing then you fail to have a claim on the "community".
> An anology would be Theo D.R. having a sudden change of heart
Not really. Theo rants (no deep offense intended) on about wanting "no more stuff" in a way which makes RMS seem a master of public relations. If Theo suddenly started using the GPL then you would have a real reason to be surprised and offended and accuse him of hypocrisy. If on the other hand Theo a) got a demanding girfriend or b) fell under a bus or c) decided to go for a few years to tour Asia, you would have no claim whatsoever on him. In your case, you haven't shown any reason whatsoever for your feeling of betrayal. You have been given something nice for free. You should be greatful for the previous versions (something I really don't see in your posts so far). Unless you can clearly show that the author of AGG clearly stated that he intended to stick with the BSD license forever, you really can't complain.
This really isn't different from traditional IT. When you buy a library from a supplier, you should make 100% sure you have the source code to it; the right to continue distributing it if they go bankrupt and the capability to take over maintainance. When you rely on a free software project you should negociate support with someone who's able to continue to maintain it. You should make sure you have a backstop (one of the reasons Oracle supporting RedHat is actually good for RedHat). The only difference is that you don't have to go through the difficult part of negociating source code access. We often end up paying much extra and having to use escrow services for that when we use proprietary software. That makes it very expensive compared to getting a Free Software library.