SugarCRM 6 Released, But Is It Open Source? 357
darthcamaro writes "SugarCRM markets itself as a professional open source company and this week released version 6 of its Sugar platform. But the main new feature is a new user interface that isn't available to users of the community version — it's only available to paying users. No they don't claim to be open core either, they claim it's all open source, even if you have to pay for it. '"Open source doesn't mean free and was never really meant to mean free," Martin Schneider, senior director of communications at SugarCRM, said. "Open source runs through everything we do, it enables us to be transparent and gives customers more power. We are an open source company and it's why we're better than proprietary companies."'"
Want open source? (Score:5, Informative)
Check out vtiger [vtiger.com]
SugarCRM has been guilty of decepting customers with their "open source" claims in the past. They originally released under a modified Mozilla public license (the Sugar Public License), with requirements that derivatives remove any and all SugarCRM branding. A few enterprising folks forked it to form vtiger, which supposedly led to SugarCRM threatening to file suit for actually exercising their rights outlined under the license, and the CEO publicly lambasting the vtiger folks for actually taking SugarCRM up on their offer extended by the original SPL.
http://forums.vtiger.com/viewtopic.php?t=11 [vtiger.com]
http://blog.tmcnet.com/blog/rich-tehrani/crm/sugarcrm-vs-vtiger.html [tmcnet.com]
http://developers.slashdot.org/comments.pl?sid=188554&cid=15541264 [slashdot.org]
http://www.zdnet.com/blog/open-source/is-sugarcrm-open-source/867 [zdnet.com]
I've posted previously about sugar vs. vtiger before:
http://slashdot.org/comments.pl?sid=223770&cid=18118754 [slashdot.org] (which drew out anti-F/OSS zealots and folks who didn't bother to read the licenses fully and obviously did not compare it to the previous SPL as it was originally written and released)
Now, the SugarCRM folks may have updated their licensing to remove the restrictions about moving to the free/community edition after having used the "enterprise" edition but honestly those folks were so scummy when they threw a fit after folks actually exercised their rights to create a derivative project that I can't be bothered to check.
Does vtiger functionality stack up well against SugarCRM's enterprise version? Not exactly. However, reverse is also true; vtiger offers some bells and whistles you don't get with Sugar - but in any event, vtiger does not use a license to try to restrict using your own data in another product.
Don't get me wrong: SugarCRM is a pretty good product, but I don't like to use products made by companies which engage in deceptive practices, even when some of the product editions may be "free."
Re:He's right (Score:3, Informative)
Not directly.
But (AFAIK) if you pay for an open source (as OSI defines it) product, you are allowed to copy and give it away at no cost.
That depends upon the license used. With the GPL and BSD, then you're absolutely right.
However, there could be an open source license that doesn't allow this. Find a counter-example is left as a problem for the reader.
Re:Use "gratis" not "free" (Score:2, Informative)
Public Domain (Score:1, Informative)
Actually, anything that NASA does is in the public domain for U.S. citizens.
Re:He's right (Score:2, Informative)
You deny Section 1, but claim Section 3.
Section 3 only requires the right to distribution to be granted when there is a modification or derivative work.
Section 3 cannot be used to justify simply copying the source code and sending it out to anyone.
Re:Well.. (Score:5, Informative)
Depends, things like PA-DSS and HIPPA suddenly can throw a monkey wrench into things. We forked an opensource project with the goal of getting it PA-DSS certified so we could use it to continue processing credit cards after July 1st of this year. We've done the audit and now just waiting for the paperwork to go through to get it listed as "certified" software. However, only versions signed and distributed by our organization is certified. Like SugarCRM, we only give out the code to customers who are paying for support contracts.
They are free to download the code and they could even compile and use the code in house and be okay under PCI-DSS. However the monkey wrench comes if they decided to compile the application and then distribute their version to other parties. Technically those 3rd parties would not be able to use the software to process credit cards since the version would not be "PA-DSS certified". And while the software would still be functional, if you used the uncertified version to process credit cards, then one could lose their merchant account. And processing credit cards is a MAJOR feature of the product and too risky for a lot of businesses to consider using it without that certification.
So while one could have all the source code, the source code without the "PA-DSS Certification" certificate doesn't do folks much good in practice.
Magento is doing something similar. Only their "Enterprise" version is PA-DSS certified. The Community Edition is not. And I suspect we're going to start to see more of this as time goes forward. I'm not saying it will be impossible to do it, but it is extremely hard. PA-DSS certification requires a lot of documentation and about $25k up front to pay for auditing, the PCI-SSC, and the best part is the validation is only good for 3 years. That's either a lot of community donations or someone bank rolling the operation.
Re:He's right (Score:3, Informative)
Section 1 only requires that redistribution rights be granted to people when made a part of an aggregate work from multiple sources.
This means you are not guaranteed the right to just copy the code out to anyone and everyone... without created an aggregate work.
Re:He's right (Score:5, Informative)
Has anyone here actually read the article (I know, stupid assumption). SugarCRM has a dual licence. There's a "Community Edition" and a "Professional Edition" (also an Enterprise Edition, but that's not different from Professional - it's just the support offers sort of thing as far as I recall).
Now the Professional Version is obviously not "closed source" because it's a great sprawling PHP application so they have to give you the source. But that doesn't make it "Free Software". It requires a licence on a per user basis. In contrast, the Community Version is what we call "Badgeware". You can download it free, you can deploy it free with whatever users you like and you're free to make and distribute plugins and such for it. But you can't remove the SugarCRM logo and weblink for example. (In fact, there are some amusing little attempts to prevent people from doing that in the code, e.g. the legal notice that comes up if you alter the SugarCRM image doesn't appear as text in the files, but encoded as base64).
Anyway, there's an open sourcish community around the Community Edition that write tools for it. But, IMO, the whole thing doesn't feel very open sourcey. What it comes down to is not an issue of programming, so much as it comes down to business needs. SugarCRM has a system of "modules" - pluggable business entities such as Contacts, Product Lists, Accounts, etc. The great big difference between the Community and Professional versions is that the Professional version comes with additional modules. And for most businesses (I would say), they're modules that you really need. There are various other bits and pieces like the Professional Edition supports workflows whereas the Community Edition does not.
What it comes down to, is that SugarCRM has a community edition which serves as a good bit of PR, a hook to get in new users and a source of occasional free bug-fixes. But most serious businesses - the ones who actually are potential customers - will end up needing the features of the non-Free Professional Edition. There are attempts to replicate some of what the Professional Edition does in the Community one, but from what I've seen they don't really compare and of course the company itself isn't helping much because primarily they want people to buy the Professional Edition to get those features. Their forums are also littered with unanswered technical questions. If you're a paying customer and you file a support request with them, you get fixes (in my limited experience with them), but if you're a Community type asking questions on the forums, you take your chances. It would also be pretty difficult to make any substantial changes to the code base because you're always tailing the Professional Edition which SugarCRM control. So if you write a wonderful new thing for it (the do-it-yourself Open Source way), expect there to be a good chance that it will be incompatible shortly.
I actually quite like the model of a free version of software and then a paid-for pro version with extra coolness. It's a model that works well. But when you combine that with Open Source, it becomes a little more dubious (maybe) because there's the possibility that you use the name of Open Source but create a system where in practice, people can't meaningfully participate and it's primarily a hook into the paid version. This is where I feel SugarCRM are. I have no doubt that there are people using the Community Edition for business purposes, but I think what I describe is the bird's eye view of the situation.
Re:He's right (Score:4, Informative)
http://opensource.org/docs/osd [opensource.org]
Requirement #1 is "Free Redistribution", i.e. that you have the freedom to, without limitation, redistribute the software.
Would you like ketchup with that ?
Re:Well.. (Score:3, Informative)
Sort of. MySQL has a really interesting clause in the community edition, you are not allowed to bundle the database with 3rd party applications. If we wanted to use MySQL and package it with our Point of Sale software, the cost is $500 per install last time I checked. (That was with Sun, god only knows with Oracle). Hence this was one of many reasons we elected to go with PostgreSQL as part of our installation.
My understanding is .... (Score:2, Informative)
Re:Microsoft also release MFC and the CRT library. (Score:3, Informative)
Well, Microsoft will certainly insist so.
Actually, no, it will not. MS is careful with OSS in general, and this extends to labeling its own products. It will only be called open source if it really is open source - e.g. IronPython or ASP.NET MVC, both released under licenses which OSI considers "open source", and FSF considers "Free software".
For other cases where code is available but there are strings attached (typically this means no redistribution) - MFC & ATL, .NET class library, Rotor etc - different terms, such as "shared source" and "reference source", are used.
Re:Do something else then. (Score:3, Informative)
Honestly, it's their business model.
That is not an issue. But them claiming that they're OSS when they really do not conform to the conventional definition is deceiving their customers.
SugarCRM definition of `Open Source' (Score:1, Informative)
-------
The Open Source Definition (Annotated)
Version 1.9
The indented, italicized sections below appear as annotations to the Open Source Definition (OSD) and are not a part of the OSD. A plain version of the OSD without annotations can be found here.
Introduction
Open source doesn't just mean access to the source code. The distribution terms of open-source software must comply with the following criteria:
1. Free Redistribution
The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license shall not require a royalty or other fee for such sale.
Re:He's right (Score:4, Informative)
I remember those days, believe it or not. :)
So do I (yeah, I'm old). Did you really use the term "open source" then? I'm sure I didn't, the vendors certainly didn't, actually I'm pretty sure I never heard the term back then.
Of course I may have missed someone using it, but it certainly wasn't a common term.
As far as I can tell, the very term was invented as a generic term for freely redistributable source - as a substitute for "free software", which had too heavy political and philosophical connotations.
Seriously, if you want to refer to software that is both open source and includes the right to distribute and modify, call it "Free Software" like the FSF, or "Libre" software. It's nice, unambiguous, is an existing term and doesn't confuse half the software world which is still filled with people like me who recall Open Source meaning only that the source code is available.
Can you point out any references to "Open Source" that predate the current common meaning (that includes free redistributability)?
Commercial software WITH source code (Score:3, Informative)
Many commercial software developers provide their software along with the source code. But they do not qualify as "open source". If there is a restriction on forking the source code or maintaining it yourself, it is not open source.
"Open Source" Software is different from "Source Available" software.
Re:Open source (Score:3, Informative)
A bit of poking around indicates that the community edition is released under GPL v3 and the paid edition is released under this [sugarcrm.com] variation of the Mozilla PL. Someone want to dig through it and work it out?
The Pro edition is being licensed under a proprietary EULA [sugarcrm.com], which even contains Bitkeeper-like non-competition clauses regarding the community edition. It that sense it is even worse than MS-EULA, which at least allows you to mess around with the few open source components Microsoft has released.
Re:He's right (Score:4, Informative)
You can't do neither, because you need a key for each copy of the paid version - you pay by the user. It's not OSI approved in any way, it's just a marketing abuse, imho.
Re:He's right (Score:2, Informative)
Note: "The program must (...) allow distribution in (...) compiled form". No mention it has to be derived.
Re:SugarCRM could do it (Score:2, Informative)
This is from MS-Public License:
2. Grant of Rights
(A) Copyright Grant- Subject to the terms of this license, including the license conditions and limitations in section 3, each contributor grants you a non-exclusive, worldwide, royalty-free copyright license to reproduce its contribution, prepare derivative works of its contribution, and distribute its contribution or any derivative works that you create.
This is from SugarCRM public licence:
2. Source Code License.
2.1. The Initial Developer Grant.
The Initial Developer hereby grants You a world-wide, royalty-free, non-exclusive license, subject to third party intellectual property claims: (a) under intellectual property rights (other than patent or trademark) Licensable by Initial Developer to use, reproduce, modify, display, perform, sublicense and distribute the Original Code (or portions thereof) with or without Modifications, and/or as part of a Larger Work; and
Finally, this is from Open Source Definition:
2. Source Code
The program must include source code, and must allow distribution in source code as well as compiled form.
3. Derived Works
The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software.
Its clear all of those give the right to modify and/or redistribute the work as source or binary.
Re:Well.. (Score:3, Informative)
then one paying customer can take the source and fork it back out to everybody else for gratis.
And that's vTiger [vtiger.com], see a comparative review [taragana.com] between the two.
SugarCRM is Faux-pen Source at best (Score:2, Informative)
Re:He's right (Score:3, Informative)
Quite an insightful and valid assessment, as I have worked on it. The major work I ended up doing aside from configuring the basic objects involved lots and LOTS of jQuery to make the UI more responsive and add in non-Sugar JS widgets (which were fed json with a seperate data model layer I wrote myself). Overall, this suite really pales in comparison to Salesforce, but is useful if you need something good OSS wise, I'd go with a smaller lightweight CRM like Fat-Free CRM (RoR), or small/medsize CRM like SalesLogix (Sage).