SugarCRM 6 Released, But Is It Open Source?

darthcamaro writes "SugarCRM markets itself as a professional open source company and this week released version 6 of its Sugar platform. But the main new feature is a new user interface that isn't available to users of the community version — it's only available to paying users. No they don't claim to be open core either, they claim it's all open source, even if you have to pay for it. '"Open source doesn't mean free and was never really meant to mean free," Martin Schneider, senior director of communications at SugarCRM, said. "Open source runs through everything we do, it enables us to be transparent and gives customers more power. We are an open source company and it's why we're better than proprietary companies."'"

Want open source?

[kimvette]

Check out vtiger

SugarCRM has been guilty of decepting customers with their "open source" claims in the past. They originally released under a modified Mozilla public license (the Sugar Public License), with requirements that derivatives remove any and all SugarCRM branding. A few enterprising folks forked it to form vtiger, which supposedly led to SugarCRM threatening to file suit for actually exercising their rights outlined under the license, and the CEO publicly lambasting the vtiger folks for actually taking SugarCRM up on their offer extended by the original SPL.

http://forums.vtiger.com/viewtopic.php?t=11
http://blog.tmcnet.com/blog/rich-tehrani/crm/sugarcrm-vs-vtiger.html
http://developers.slashdot.org/comments.pl?sid=188554&cid=15541264
http://www.zdnet.com/blog/open-source/is-sugarcrm-open-source/867

I've posted previously about sugar vs. vtiger before:
http://slashdot.org/comments.pl?sid=223770&cid=18118754 (which drew out anti-F/OSS zealots and folks who didn't bother to read the licenses fully and obviously did not compare it to the previous SPL as it was originally written and released)

Now, the SugarCRM folks may have updated their licensing to remove the restrictions about moving to the free/community edition after having used the "enterprise" edition but honestly those folks were so scummy when they threw a fit after folks actually exercised their rights to create a derivative project that I can't be bothered to check.

Does vtiger functionality stack up well against SugarCRM's enterprise version? Not exactly. However, reverse is also true; vtiger offers some bells and whistles you don't get with Sugar - but in any event, vtiger does not use a license to try to restrict using your own data in another product.

Don't get me wrong: SugarCRM is a pretty good product, but I don't like to use products made by companies which engage in deceptive practices, even when some of the product editions may be "free."

Re:Well..

[ducomputergeek]

Depends, things like PA-DSS and HIPPA suddenly can throw a monkey wrench into things. We forked an opensource project with the goal of getting it PA-DSS certified so we could use it to continue processing credit cards after July 1st of this year. We've done the audit and now just waiting for the paperwork to go through to get it listed as "certified" software. However, only versions signed and distributed by our organization is certified. Like SugarCRM, we only give out the code to customers who are paying for support contracts.

They are free to download the code and they could even compile and use the code in house and be okay under PCI-DSS. However the monkey wrench comes if they decided to compile the application and then distribute their version to other parties. Technically those 3rd parties would not be able to use the software to process credit cards since the version would not be "PA-DSS certified". And while the software would still be functional, if you used the uncertified version to process credit cards, then one could lose their merchant account. And processing credit cards is a MAJOR feature of the product and too risky for a lot of businesses to consider using it without that certification.

So while one could have all the source code, the source code without the "PA-DSS Certification" certificate doesn't do folks much good in practice.

Magento is doing something similar. Only their "Enterprise" version is PA-DSS certified. The Community Edition is not. And I suspect we're going to start to see more of this as time goes forward. I'm not saying it will be impossible to do it, but it is extremely hard. PA-DSS certification requires a lot of documentation and about $25k up front to pay for auditing, the PCI-SSC, and the best part is the validation is only good for 3 years. That's either a lot of community donations or someone bank rolling the operation.

Re:He's right

[snowgirl]

Section 1 only requires that redistribution rights be granted to people when made a part of an aggregate work from multiple sources.

This means you are not guaranteed the right to just copy the code out to anyone and everyone... without created an aggregate work.

Re:He's right

[h4rm0ny]

Has anyone here actually read the article (I know, stupid assumption). SugarCRM has a dual licence. There's a "Community Edition" and a "Professional Edition" (also an Enterprise Edition, but that's not different from Professional - it's just the support offers sort of thing as far as I recall).

Now the Professional Version is obviously not "closed source" because it's a great sprawling PHP application so they have to give you the source. But that doesn't make it "Free Software". It requires a licence on a per user basis. In contrast, the Community Version is what we call "Badgeware". You can download it free, you can deploy it free with whatever users you like and you're free to make and distribute plugins and such for it. But you can't remove the SugarCRM logo and weblink for example. (In fact, there are some amusing little attempts to prevent people from doing that in the code, e.g. the legal notice that comes up if you alter the SugarCRM image doesn't appear as text in the files, but encoded as base64).

Anyway, there's an open sourcish community around the Community Edition that write tools for it. But, IMO, the whole thing doesn't feel very open sourcey. What it comes down to is not an issue of programming, so much as it comes down to business needs. SugarCRM has a system of "modules" - pluggable business entities such as Contacts, Product Lists, Accounts, etc. The great big difference between the Community and Professional versions is that the Professional version comes with additional modules. And for most businesses (I would say), they're modules that you really need. There are various other bits and pieces like the Professional Edition supports workflows whereas the Community Edition does not.

What it comes down to, is that SugarCRM has a community edition which serves as a good bit of PR, a hook to get in new users and a source of occasional free bug-fixes. But most serious businesses - the ones who actually are potential customers - will end up needing the features of the non-Free Professional Edition. There are attempts to replicate some of what the Professional Edition does in the Community one, but from what I've seen they don't really compare and of course the company itself isn't helping much because primarily they want people to buy the Professional Edition to get those features. Their forums are also littered with unanswered technical questions. If you're a paying customer and you file a support request with them, you get fixes (in my limited experience with them), but if you're a Community type asking questions on the forums, you take your chances. It would also be pretty difficult to make any substantial changes to the code base because you're always tailing the Professional Edition which SugarCRM control. So if you write a wonderful new thing for it (the do-it-yourself Open Source way), expect there to be a good chance that it will be incompatible shortly.

I actually quite like the model of a free version of software and then a paid-for pro version with extra coolness. It's a model that works well. But when you combine that with Open Source, it becomes a little more dubious (maybe) because there's the possibility that you use the name of Open Source but create a system where in practice, people can't meaningfully participate and it's primarily a hook into the paid version. This is where I feel SugarCRM are. I have no doubt that there are people using the Community Edition for business purposes, but I think what I describe is the bird's eye view of the situation.

Re:He's right

[Eivind]

http://opensource.org/docs/osd

Requirement #1 is "Free Redistribution", i.e. that you have the freedom to, without limitation, redistribute the software.

Would you like ketchup with that ?

Re:He's right

[tapanitarvainen]

No. It used to be fairly common to sell software with source code, with explicit restriction that it may not be redistributed: source was only provided for in-house use. That is certainly not open source.

I remember those days, believe it or not. :)

So do I (yeah, I'm old). Did you really use the term "open source" then? I'm sure I didn't, the vendors certainly didn't, actually I'm pretty sure I never heard the term back then.

Of course I may have missed someone using it, but it certainly wasn't a common term.

As far as I can tell, the very term was invented as a generic term for freely redistributable source - as a substitute for "free software", which had too heavy political and philosophical connotations.

Seriously, if you want to refer to software that is both open source and includes the right to distribute and modify, call it "Free Software" like the FSF, or "Libre" software. It's nice, unambiguous, is an existing term and doesn't confuse half the software world which is still filled with people like me who recall Open Source meaning only that the source code is available.

Can you point out any references to "Open Source" that predate the current common meaning (that includes free redistributability)?

Commercial software WITH source code

[Rsriram]

Many commercial software developers provide their software along with the source code. But they do not qualify as "open source". If there is a restriction on forking the source code or maintaining it yourself, it is not open source.

"Open Source" Software is different from "Source Available" software.

Re:He's right

[icebraining]

You can't do neither, because you need a key for each copy of the paid version - you pay by the user. It's not OSI approved in any way, it's just a marketing abuse, imho.