Slashdot Mirror
SQL-Ledger Relicensed, Community Gagged
Ashley Gittins writes "Users of the popular accounting package SQL-Ledger were being kept in the dark about a recent license change. Two weeks ago a new version of the software was released but along with it came the silent change of license from GPLv2 to the 'SQL-Ledger Open Source License' — presumably in an effort to prevent future forks like LedgerSMB. As it turns out, the author was making deliberate attempts to prevent the community from finding out about the license change. No posts to the SQL-Ledger mailing lists asking about the license change were getting past moderation and direct questions to the author were going unanswered. Just recently the license was switched back to GPLv2. This behavior is not a first for this particular project, and is part of the reason for the original LedgerSMB fork. Does a project maintainer have an ethical obligation to notify his or her community of a license change? What about a legal obligation?"
Of course! Being open is exactly what open source is about. Well, hopefully the LedgerSMB fork will be able to get beyond the personality defects of the SQL-Ledger guy...
If the author is the sole author and/or owns all the copyrights, then they can do what ever they like. If, however, they have accepted third party submitions then they may have a legal obligation to remain GPLv2
Legally you don't have to announce your business decisions in advance, ethically well... I can understand why you wouldn't, the day you came out and said it the GPL version is as good as yours - no reason to switch. You'd want to have some sort of carrot "New version with $foo and $bar" so people would actually change. Everyone producing anything OSS is entitled to stand up at any moment and say "Screw this, I'm going to try making money off it", assuming it's all their code of course. If you want reliability and future commitment, perhaps you should pay for it? As long as you rely on volunteer contributions you haven't really got a leg to stand on, should they disappear in a puff of smoke.
Live today, because you never know what tomorrow brings
Both the links to their "public support forum" and wiki bring up a HTTP password prompt.
Forcing people to accept a change in the license without telling them? Definitely unethical - kind of like forcing people to accept Windows Genunie Advantage if you want patches.
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
No. There's only a problem if someone made a fork and tried to change it from GPL to something else. This was a move by the guy who holds the copyrights to the code. the copyright holder can, at anytime, decide he wants to move his code to another license. the catch is that all previously released code is still under the previous license. That is, if i release Foobar v1 under the GPL, then I release Foobar v1.1 under BSD, v1.0 remains licensed under the GPL, and you are free to take that code and start your own version, Forkbar v1.0. However, you must always keep it as GPL, because you don't own the copyright on the code; you only have access to it because of the GPL.
my pet machine
The author of the work can always release his work under any license he sees fit. The problem would be any code contributed by others in this case.
c++;
Simader is a putz and always has been. That project is the worst of programming with Perl ever -- its a contraption. Its developed like any 'job security' program would be, using a rube goldberg approach when ever possible. Any attempt to integrate with that project with anything has always met with his poison. Much rather put my efforts into something like http://frontaccounting.com/ rather than SQLL. Even though I am a perl zealot.
Finally the death of his project.
members are seeing something, your seeing an ad
No, that wasn't emotional, that was a fact. Gagging in this case refers to posts querying the change or motive (or even mentioning the very fact) of the change were moderated out so the userbase was kept unaware.
I think the bottomline appears to be that the guy Open Sourced something and didn't quite understood the consequences. And it's easy to stack mistake on mistake once you're on the wrong foot..
Having followed both mailing lists I must say that the LedgerSMB one is very lively indeed - and has more people visible in development. That doesn't mean I don't feel sorry for the original author, but I think he may need a bit of a spokesperson between him and the rest of the world..
Insert
I have been writing accounting software of my own lately (http://www.thinkcomputer.com) that also does taxes, and licensing has come up in the past week for me, as well. I used the PDFlib 6 library with PHP, which I paid over $1,400 for, to create PDF files so that my software could prepare tax returns, and all was working fine until my server crashed in March. I was forced to upgrade to new hardware, which I did, in the form of two Sun Fire X2200 servers running Linux. Installing PDFlib on my new setup didn't work, because even though my server had two processors, and I had a license for two processors, PDFlib detected four logical processors (each AMD CPU is dual-core). This was irritating on its own, but the fact that the newer version of PDFlib, version 7, uses a *different* system-based license (and of course they didn't tell anyone) that makes the number of logical processors irrelevant, means that the PDFlib acknowledge the flawed nature of their original license. When I asked them for assistance, since I needed to get my software up and running again, their response was that I should pay them $2,700 more in license fees for version 6 (more than the cost of the server) or $1,194 for a single-system upgrade to the new licensing scheme of version 7 (more than the cost of the original single-CPU license for version 6). To me, it sounded like extortion, but since the company is in Germany they can get away with it easier I suppose.
Needless to say, I'm never using PDFlib again, and I'm re-writing all of my code to use FPDF (http://www.fpdf.org), which is free, and works just as well. It's even easier to write code for. Stay away from PDFlib!
The community being gagged refers to the fact that their messages were dropped from the associated mailing list. You probably didn't read the article, huh?
the summary changed between when the story was first up in the 'mysterious future' and when it went live. which is how it is supposed to work - but could also explain the confusion.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
The guys at LedgerSMB had exactly the same problem, and they're busy cleaning up the code. Their stance is different as they provide a service, not software, and they make more sense re Open Source approach to code.
I think the root problem is that the SQL Ledger guy didn't realise what Open Source meant when he 'opened' it. LedgerSMB seems more focused on simply being a reasonable product, and their focus is the SME market who coul dnever afford the gazillion dollar programs..
Insert
good point. I wasn't aware that it had changed during that time. That would explain why he didn't notice the change, as he had read the summary while it was still in the firehose.
that ever made sense to me.
"The party of the first part shall be known in this contract as the party of the first part."
What?
That only applies if he hasn't accepted any outside submissions and therefore is the copyright holder of the code or has had all copyrights assigned to him.
if you have any sense when buying software, and you're big enough to make the vendor agree, then a code escrowe agreement is critical in case the vendor folds (sometimes even have a release condition predicated on the vendor being bought by another company who may abandon the product).
if you're subcontracting the software to another company, then make sure that you have full rights over the code and that you get regular SCCS/RCS/CVS/Subversion snapshots (you need to have direct access to the contractor's repository, don't rely on them to send you dumps) and verify that you can build everything from scratch and get the fully working version.
I've seen the results of failing to do this and the results can get pretty ugly!
"That doesn't mean I don't feel sorry for the original author, but I think he may need a bit of a spokesperson between him and the rest of the world.."
Deiter may have switched the license back to GPLv2, but at this point, why bother ... he's done more to promote the competing fork as being the "legit, safe" one than anything else.
This was the topic at the recent Toronto Linux User Group meeting.
http://tlug.ss.org/wiki/Meetings:2007-04
The talk was by a Ledger SMB core developer.
I bought what he said... Ledger SMB is now on Source Forge, reacts to security issues,
accepts patches, is converting to a saner architecture, uses CURRENCY instead of FLOAT for money.
Seems like its a winner.
* Retroactively re-license existing versions from the GPL to the new version: * Unlaterally re-license code that includes third part submissions, since most of the translation packages were done by user submission.
Ignoring those two actions, even if the license change is strictly legal, it's downright underhanded to pull a stunt like he did. He didn't just change the license on his software; he put out a point release on the primary distribution site, after having changed the license terms included with the package, then refused to let anyone bring it up on the official support mailing list. How many of us would notice if we downloaded and installed the lastest apache or postfix or whatever, and the license had silently and magically changed to a closed one?
It gets a little more sticky too when you try to relicense code like this. Outside contributors who submitted patches may have objections to the GPL code they donated being changed without their permission.
I am a core member of the LedgerSMB development team. The author of this post ran it by me as a courtesy before submitting it.
In the time since this was submitted, Mr Simader has seen the light and reverted to the GPL, albeit very unhappily. Such is life.
I don't actually begrudge Mr Simader the right to choose whatever copyright license he wants to have for his work. That is his moral right, and I have no problem with it. However, I was very unhappy with the fact that a lot of contributors' code, including all the translations, were still licensed under the GPL and since his new license was not compatable with it, I felt that he was causing problems for everyone including our project which is why I began contacting contributors privately about the whole thing.
Also, in the event of a license change away from a specific and well-understood OSI-approved license, I think that the developer also needs to give users a heads-up before they install the new version. This is, however, as far as I see the ethical obligations. And even these were not followed.
Finally, on the LedgerSMB project we are committed to rewriting the entire application, not just in order to prevent further conflict with Mr Simader but also in order to create a better program and one which can be more easily maintained. But we would be remiss if we didn't recognize that our success is in fact partly based on his.
LedgerSMB: Open source Accounting/ERP
There are actually rather a lot of free and open source accounting packages around.
* Front Accounting
* Ledger SMB
* WebERP
* OpenAccounting
* TurboCash
o Windows
* GnuCash
* Personal
o HomeBank
o jGnash
o GFP
o Grisbi
* CK-Ledger
* Compiere
* Lazy8
* Quasar
o Linux Canada
* phpCOIN
* opentaps
* Bambooinvoice
* GnuAccounting
* phpOrganisation
* OpenBravo
They are in various states of repair and different markets from the personal to the one man band to the multinational.
Deleted
I never even tried SQL ledger, simply because while researching different Linux accounting packages I came across some post by one of the head guys, possibly this "Dieter" doorknob, replying to a user with something very much like the following:
"Well, I wouldn't worry about it. We are not that concerned with security because there's nothing that SQL Ledger works with that would be of interest to anyone except an accountant, and I don't think we need to worry about a bunch of rogue accountants."
That statement alone made me not want to touch the packae, even though it looked very nice otherwise.
Yeah, the summary is heavy on the language, but the fact is that several community members tried to bring up on the mailing list the fact that the license was changed, but their posts were censored. I would say that meets your definition of Gagged. To date there have still been no posts allowed through to the list regarding the license change. The point now is mostly moot however, as the license has changed back to GPL so the remainder of the community will probably continue on never knowing what has transpired.
We are starting to address the architecture. Hopefully in a year, we will be architecturally opposite where we began.
Our new architecture rocks and makes for *easy* integration.
LedgerSMB: Open source Accounting/ERP
I bet they would, since should they give their code to the project leader under GPL, and then the project leader takes their code under GPL, and changes the license to X, he's in direct violation of the GPL. It would be ok if the entire project's code base were written solely by the project leader. In the likely event that it wasn't, the project leader doesn't own the copyright to the submitted code, and for him to use it in anything other than the GPL license given to him would be committing copyright infringement, which is illegal.
---FourChannel---
True, that's why most projects require you to assign copyright for your contributions to them.
Which could be problematic - since the copyright holder could decide to release the code under a non-GPL license as well; make revisions to that and be under no license obligation to make them available under the GPL. Granted, most projects wouldn't do that but it's still a possibility.
Also, assigning the copyright limits the creator's ability to resell their code seperately should someone want to use it in a non-GPl'd project.
In either case, licensing code under the GPL is a better approach than assigning copyright, IMHO.
I'm a consultant - I convert gibberish into cash-flow.
yeah, i often think, if they ever changed the licence of apache, i'll just fork it, and devote every minute of my spare time learning how to maintain the codebase of a fully featured webserver. That should be really practical.
(1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons
LedgerSMB does not require copyright assignment precisely because we don't want to send the message that we will change the license unilaterally. Copyright ownership is power, and decentralizing power means stability.
Of course in this case stability means that it would be hard to change the license, which is partially the whole point.
As a project, though, we are apolitical, and committing to a single license can be a political thing. It is possible down the road that parts of the project could be under LGPL or similar licenses, but we do promise that we will only use OSI-approved licenses.
LedgerSMB: Open source Accounting/ERP