Slashdot Mirror

← Back to Stories (view on slashdot.org)

SugarCRM 6 Released, But Is It Open Source?

Posted by kdawson on from the depends-what-the-meaning-of-open-is dept.

darthcamaro writes "SugarCRM markets itself as a professional open source company and this week released version 6 of its Sugar platform. But the main new feature is a new user interface that isn't available to users of the community version — it's only available to paying users. No they don't claim to be open core either, they claim it's all open source, even if you have to pay for it. '"Open source doesn't mean free and was never really meant to mean free," Martin Schneider, senior director of communications at SugarCRM, said. "Open source runs through everything we do, it enables us to be transparent and gives customers more power. We are an open source company and it's why we're better than proprietary companies."'"

11 of 357 comments (clear)

  1. He's right by iplayfast · · Score: 4, Insightful

    There's nothing about open source that means no cost.

    1. Re:He's right by h4rm0ny · · Score: 5, Informative


      Has anyone here actually read the article (I know, stupid assumption). SugarCRM has a dual licence. There's a "Community Edition" and a "Professional Edition" (also an Enterprise Edition, but that's not different from Professional - it's just the support offers sort of thing as far as I recall).

      Now the Professional Version is obviously not "closed source" because it's a great sprawling PHP application so they have to give you the source. But that doesn't make it "Free Software". It requires a licence on a per user basis. In contrast, the Community Version is what we call "Badgeware". You can download it free, you can deploy it free with whatever users you like and you're free to make and distribute plugins and such for it. But you can't remove the SugarCRM logo and weblink for example. (In fact, there are some amusing little attempts to prevent people from doing that in the code, e.g. the legal notice that comes up if you alter the SugarCRM image doesn't appear as text in the files, but encoded as base64).

      Anyway, there's an open sourcish community around the Community Edition that write tools for it. But, IMO, the whole thing doesn't feel very open sourcey. What it comes down to is not an issue of programming, so much as it comes down to business needs. SugarCRM has a system of "modules" - pluggable business entities such as Contacts, Product Lists, Accounts, etc. The great big difference between the Community and Professional versions is that the Professional version comes with additional modules. And for most businesses (I would say), they're modules that you really need. There are various other bits and pieces like the Professional Edition supports workflows whereas the Community Edition does not.

      What it comes down to, is that SugarCRM has a community edition which serves as a good bit of PR, a hook to get in new users and a source of occasional free bug-fixes. But most serious businesses - the ones who actually are potential customers - will end up needing the features of the non-Free Professional Edition. There are attempts to replicate some of what the Professional Edition does in the Community one, but from what I've seen they don't really compare and of course the company itself isn't helping much because primarily they want people to buy the Professional Edition to get those features. Their forums are also littered with unanswered technical questions. If you're a paying customer and you file a support request with them, you get fixes (in my limited experience with them), but if you're a Community type asking questions on the forums, you take your chances. It would also be pretty difficult to make any substantial changes to the code base because you're always tailing the Professional Edition which SugarCRM control. So if you write a wonderful new thing for it (the do-it-yourself Open Source way), expect there to be a good chance that it will be incompatible shortly.

      I actually quite like the model of a free version of software and then a paid-for pro version with extra coolness. It's a model that works well. But when you combine that with Open Source, it becomes a little more dubious (maybe) because there's the possibility that you use the name of Open Source but create a system where in practice, people can't meaningfully participate and it's primarily a hook into the paid version. This is where I feel SugarCRM are. I have no doubt that there are people using the Community Edition for business purposes, but I think what I describe is the bird's eye view of the situation.

      --

      Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
    2. Re:He's right by Richard_at_work · · Score: 5, Insightful

      That's *an* open source definition, not *the* open source definition.

    3. Re:He's right by harlows_monkeys · · Score: 4, Funny

      That's nice. However, there are other sections besides section 1. They aren't there just to help with the feng shui of the site.

    4. Re:He's right by hey! · · Score: 4, Insightful

      I actually installed the community edition of SugarCRM a few years ago. My take on it is that it's got the right problem (a big, big, big part of creating a great piece of software), but that the system design and implementation is painfully amateurish. The database schema was an incoherent joke, the code meandering, verbose and inarticulate. There's no reason for code (even PHP) to be that bad.

      Obviously a huge amount of work went into the thing. The kind of work you do when you've got a poorly thought out system and real customers to satisfy. The thing about that kind of work is that if you hack away at a system long enough *in response to customer needs*, eventually it will fill those needs fairly well. Being badly engineered doesn't preclude providing value to users. We certainly found it useful, but whenever I had to fix a bug or tweak something, I was constantly amazed that the system worked at all.

      Now we all know there are two schools of thought about software development: the incrementalist (make the software work even if it is ugly) and the purist (make it elegant even if you have to rewrite it). The reason these two schools persist is that they are both right in different situations. There are times you have to live with less than elegant, and times when you have to bite the bullet and do major rewrites. I think most successful programmers balance these impulses, tidying up and refactoring as they fix bugs and meet customer's needs. The sign of a skillful programmer is that the more he works on a body of code, the simpler and more elegant it becomes. But when you have a gawdawful mess like SugarCRM, it makes no sense to invest anything more than occasional trivial effort unless you're willing to commit to a complete fork. You'd have to do major refactoring unless you were willing to spend all your time hacking your way through cruft, and the SugarCRM folks probably wouldn't because they actually understand all that unnecessary complexity.

      Overall I'd say that SugarCRM is a useful, but mediocre piece of software. If you can live with its limitations, it is an asset, particularly in a small business where you have to introduce management to the novel concept of CRM before getting them to part with money. SugarCRM is not much of an asset to F/OSS, because it's not likely to attract many talented contributors to the core system, yet discourages them from developing competing solutions because it is "good enough" for not-too-demanding users.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  2. Well.. by ak_hepcat · · Score: 4, Insightful

    Sure, if it's open source, then one paying customer can take the source and fork it back out to everybody else for gratis.

    That's what open source means.

    Trying to disguise commercially licensed software as open source is setting yourself up for failure.

    --
    Support FSF: Stop thinking with your wallet, and think with your imagination. (cc/non-commercial)
    1. Re:Well.. by ducomputergeek · · Score: 4, Informative

      Depends, things like PA-DSS and HIPPA suddenly can throw a monkey wrench into things. We forked an opensource project with the goal of getting it PA-DSS certified so we could use it to continue processing credit cards after July 1st of this year. We've done the audit and now just waiting for the paperwork to go through to get it listed as "certified" software. However, only versions signed and distributed by our organization is certified. Like SugarCRM, we only give out the code to customers who are paying for support contracts.

      They are free to download the code and they could even compile and use the code in house and be okay under PCI-DSS. However the monkey wrench comes if they decided to compile the application and then distribute their version to other parties. Technically those 3rd parties would not be able to use the software to process credit cards since the version would not be "PA-DSS certified". And while the software would still be functional, if you used the uncertified version to process credit cards, then one could lose their merchant account. And processing credit cards is a MAJOR feature of the product and too risky for a lot of businesses to consider using it without that certification.

      So while one could have all the source code, the source code without the "PA-DSS Certification" certificate doesn't do folks much good in practice.

      Magento is doing something similar. Only their "Enterprise" version is PA-DSS certified. The Community Edition is not. And I suspect we're going to start to see more of this as time goes forward. I'm not saying it will be impossible to do it, but it is extremely hard. PA-DSS certification requires a lot of documentation and about $25k up front to pay for auditing, the PCI-SSC, and the best part is the validation is only good for 3 years. That's either a lot of community donations or someone bank rolling the operation.

      --
      "The problem with socialism is eventually you run out of other people's money" - Thatcher.
  3. Use "gratis" not "free" by El_Muerte_TDS · · Score: 4, Insightful

    Can we please stop using "free" when we mean "gratis". You know, when something doesn't cost anything. "free" is too ambiguous.

  4. Want open source? by kimvette · · Score: 4, Informative

    Check out vtiger

    SugarCRM has been guilty of decepting customers with their "open source" claims in the past. They originally released under a modified Mozilla public license (the Sugar Public License), with requirements that derivatives remove any and all SugarCRM branding. A few enterprising folks forked it to form vtiger, which supposedly led to SugarCRM threatening to file suit for actually exercising their rights outlined under the license, and the CEO publicly lambasting the vtiger folks for actually taking SugarCRM up on their offer extended by the original SPL.

    http://forums.vtiger.com/viewtopic.php?t=11
    http://blog.tmcnet.com/blog/rich-tehrani/crm/sugarcrm-vs-vtiger.html
    http://developers.slashdot.org/comments.pl?sid=188554&cid=15541264
    http://www.zdnet.com/blog/open-source/is-sugarcrm-open-source/867

    I've posted previously about sugar vs. vtiger before:
    http://slashdot.org/comments.pl?sid=223770&cid=18118754 (which drew out anti-F/OSS zealots and folks who didn't bother to read the licenses fully and obviously did not compare it to the previous SPL as it was originally written and released)

    Now, the SugarCRM folks may have updated their licensing to remove the restrictions about moving to the free/community edition after having used the "enterprise" edition but honestly those folks were so scummy when they threw a fit after folks actually exercised their rights to create a derivative project that I can't be bothered to check.

    Does vtiger functionality stack up well against SugarCRM's enterprise version? Not exactly. However, reverse is also true; vtiger offers some bells and whistles you don't get with Sugar - but in any event, vtiger does not use a license to try to restrict using your own data in another product.

    Don't get me wrong: SugarCRM is a pretty good product, but I don't like to use products made by companies which engage in deceptive practices, even when some of the product editions may be "free."

    --
    The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
    1. Re:Want open source? by bigsteve@dstc · · Score: 5, Insightful
      Here's an excerpt from the current Evaluation License, copied from the SugarCRM website.

      Licensee shall not bifurcate the source code for any SugarCRM open source licensed products into a separately maintained source code repository so that development done on the original code requires manual work to be transferred to the forked software or so that the forked software starts to have features not present in the original software.

      That smells of "not open source" to me.

  5. Re:Open source by jamesh · · Score: 4, Insightful

    "open source" is one of those terms made up of two words who's meaning appears to be redefinable to suit the needs of any given agenda. That's why terms like 'GPL' and 'BSD' are more useful as they define what the terms of the 'openness" are. On slashdot "open source" and "GPL" are mostly synonymous but not necessarily in some industries.

    but if there are restrictions on redistribution, it's not open source.

    Well even GPL fails at that. It places the restriction that if you distribute the binary then you must make the source available too. That's kind of the opposite kind of restriction to what you were saying but it's still a restriction in that it limits your freedom to do what you want with the code, but only in as far as you can't deny others the freedom you were granted, which is widely considered to be a good restriction.

    Even Microsoft open their source to various organisations (academic mostly). I think they don't ever refer to it as "open source" though but "shared source" instead, so I guess they are off the hook.