Copyleft and the Cloud: Where Do We Go From Here? (archive.org) 40
Free software evangelist Jeremy Allison - Sam (Slashdot reader #8,157) is a co-creator on the Samba project, a re-implementation of SMB/CIFS networking protocol, and he also works in Google's Open Source Programs Office. Now he shares his presentation at the Software Freedom Conservancy's "International Copyleft Conference." He writes: The Samba project has traditionally been one of the strongest proponents of Copyleft licensing and Free Software. However, in the Corporate Cloud-first world we find ourselves, traditional enforcement mechanisms have not been effective. How do we achieve the goals of the Free Software movement in this new world and how do we need to change what we're doing to be successful ?
Traditional license enforcement doesn't seem to work well in the Cloud and for the modern software environment we find ourselves. In order to achieve the world of Free Software available for all I think we need to change our approach. Both GPLv3 and the AGPL have been rejected soundly by most developers. I would argue that we need a new way to inspire developers to adopt Free Software goals and principles, as depending on licensing has failed as licensing itself has fractured.
Communication and collaboration are key to this. Stand-alone software is essentially useless. Software interoperability and published protocol and communication definitions are essential to build a freedom valuing software industry for the future
The talk's title? "Copyleft and the Cloud: Where do we go from here?"
Traditional license enforcement doesn't seem to work well in the Cloud and for the modern software environment we find ourselves. In order to achieve the world of Free Software available for all I think we need to change our approach. Both GPLv3 and the AGPL have been rejected soundly by most developers. I would argue that we need a new way to inspire developers to adopt Free Software goals and principles, as depending on licensing has failed as licensing itself has fractured.
Communication and collaboration are key to this. Stand-alone software is essentially useless. Software interoperability and published protocol and communication definitions are essential to build a freedom valuing software industry for the future
The talk's title? "Copyleft and the Cloud: Where do we go from here?"
For a long time the GPLv2 was rejected. (Score:3, Insightful)
Long ago before most slashdotters, the GPLv2 was criticised by the "BSD" crowd who told everybody that the GPLv2 (or for that matter GPLv1) was rejected and companies would never work with it. They built operating systems you may never have heard of such as 386BSD, NetBSD* and FreeBSD, but gradually their communities were sucked dry by companies (such as Apple) that built on their software but didn't give anything working back. Eventually only the GPL software was left and Linux now dominates the market.
It's a long game, and we are still in an early phase, but the tactic is the same. Create your software, put it under the AGPLv3, ignore the astroturfers from Amazon and Microsoft telling you that the users won't come. The users do not care about licenses as long as you don't break their doors down. Eventually your competition will die.
* You might have noticed funny posts on slashdot, "Netcraft now confirms: *BSD is dying" - these were about operating systems that actually existed at the time the joke posts were originally put up, some time before almost anyone here was born.
Re: (Score:3)
I have been around since "the early phase" of GPLv2. The adoption curve for GPLv3 and AGPL is different. It's unclear as to exactly why, although the co-opting of the most important FLOSS project (the Linux kernel) by corporations may be a big factor.
Remember, back when GPLv2 was created, gcc was one of the most important FLOSS (not that we called it that back then) projects and it was an early adopter of GPLv2. These days there is llvm as competitor. No compelling, category-defining GPLv3/AGPL programs exi
Re: (Score:3)
I suspect the massive existing ecosystem of GPL2 code that a GPL3 project is forbidden to draw on was a significant dissuasion - unless you had no intent to use pre-existing code in your project, or were willing to track down and cajole all the upstream GPL2 contributors to sign off on a license change, GPL2 was far more attractive, even if it did leave the door open for a few kinds of abuse.
GPL3 was also extremely aggressive about fixing the "problems" in GPL2 - I no longer recall the particulars, but as a
Re:For a long time the GPLv2 was rejected. (Score:4, Interesting)
GPL2 and GPL3 are free software licenses, AGPL is not. For starters, it imposes use restrictions (Freedom 0). It discriminates against fields of endeavor. It disallows using pieces of that code in programs that have no way to tack on advertising (eg. IMAP server, networked light switch, etc). It fails the Dissident Test (a blogging platform with two tiers of users: fellow dissidents who receive binaries and sources with the code for steganography of secret messages, and the ordinary crowd at large who doesn't receive binaries. For a state-level attacker, not having the source is only a mild speed bump).
Thus, problems with adoption of GPL3 are mostly about incompatibility with GPL2. Problems with AGPL are far, far bigger. See eg. libdb whose non-free (AGPLed) versions have been universally shunned by distributions.
Re: For a long time the GPLv2 was rejected. (Score:2)
that was the exact same argument the bsd crowd had. see where their little consulting firms are now, and compare to companies that embraced gpl2 and are now cloud Heavyweights
Ask Around, Jeremy (Score:5, Insightful)
Communication and collaboration are key to this. Stand-alone software is essentially useless. Software interoperability and published protocol and communication definitions are essential to build a freedom valuing software industry for the future.
You work for Google. Let me know when I can roll my own OpenGDocs or OpenGMail server. Whoever you're worried about firing you for releasing enough Docs/Gmail code on Github for me to do so would be a pretty good place to start to get your answers. The rest of us have a pretty solid idea.
Until then, don't act like it's some big mystery as to why OnlyOffice and Redmail and Piwik exist.
GPLv3 adoption/rejection and begged questions (Score:4, Informative)
Both GPLv3 and the AGPL have been rejected soundly by most developers.
That's a begged question.
Assuming "most developers" is more than 50.0% and "rejected" means "refused to adopt" then that just leaves two questions:
1. What is rejected "soundly". Did they make loud noises (on forums on LKML or wherever)?
2. What is any evidence whatsoever to support this assertion, or is it just someone with a religion saying everyone else rejects the other faiths?
I spent some time on Google looking up "gplv3 adoption" "gplv3 rejection" and while I didn't find statistics that would back or deny this possibly-absurd claim above, I did find good explanation of the politics:
https://opensource.com/article... [opensource.com]
If someone has a religious/political problem with the GPL (any version, really) just say so. Pretending that "most developers" "soundly reject" without any proof is just like saying "most Muslims are terrorists." They are not, and they are not.
Ehud Gavron
Tucson AZ
Re:GPLv3 adoption/rejection and begged questions (Score:5, Interesting)
I don't have *any* problem with the GPL. I was one of the people who helped author the GPLv3. I think it's a great license.
"rejected soundly" to me means the fact that the creators and curators of the license, the FSF, refuse to license some of their most important code under it (glibc for example).
If you think I have a "religious/political problem with the GPL" you don't know me very well :-).
Re: (Score:1)
Jeremy, thanks for the quick response. To be honest, I *don't* know you very well or at all :)
Software is what people (coders) write, and licenses is what other people (lawyers) write, and having worked as one and used the other I respect both.
I do tend to think like an analyst when I see a statement that has terms that are undefined. Hence my "request for clarification" -- thanks for your reply :)
Best regards from sunny Tucson AZ where inside is quarantine and outside is Crematoria.
Ehud
Re: (Score:3)
Here is a great retrospective on GPLv3 from a good friend of mine, Richard Fontana at Red Hat:
https://opensource.com/article... [opensource.com]
One of the things he notes (that to be honest I'd forgotten about for my talk) is that Red Hat and others have lead the charge to adopt the "forgiveness" provisions of GPLv3 (which as I recall was one of the primary concerns of corporate lawyers taking part in the GPLv3 drafting process) into GPLv2.
To quote from the linked article:
> "This in turn was followed by a Red Hat-led ser
Re: (Score:2)
A fellow Samba Team member and Red Hat engineer has just pointed out to me that it's unfair to call out Red Hat specifically for this, and in retrospect I agree with him and would like to apologize to Red Hat.
Many others including my own employer Google also signed on to this statement as well.
Sorry Red Hat. Hats off to you for all your sterling Open Source work :-).
Re: GPLv3 adoption/rejection and begged questions (Score:2)
all that is the same as dual licensing! why the double speak?
just call it double licensed under gplv3 and whatever-that-is-not-gplv3
Re: (Score:2)
Dual licensing isn't the same as adding the GPLv3 termination conditions to GPLv2.
If you dual license, then if it's accepted under GPLv3 terms that means you have the replacability and anti-DRM provisions along with the termination grant.
If you accept under GPLv2 then you don't get the termination grant from GPLv3 but don't have to obey the replability or anti-DRM provisions.
Dual licensing isn't an 'AND' of licensing terms, it's an 'OR'.
Re: (Score:2)
Re: (Score:2)
Maybe you're right. But consider:
The GPL v3 is about five single-spaced pages consisting 18 sections with ~4600 words. There's a preamble that summarizes things rather nicely, consisting of another 545 words.
The MIT license is a couple of paragraphs and 162 words. It pretty much just consists of "you can do whatever you want with this" and "you can't hold me liable for anything".
Which license do you think is more likely to be read and understood by programmers?
Re: GPLv3 adoption/rejection and begged questions (Score:2)
it is not that simple. the people claiming gplv3 was bad were all the people with vested interest in exploiting linux et all online.
think for a second, just how many companies today started at that time? how many were closed sources? how many run exclusively on linux servers?
yeah, there. you just found all those people saying gplv3 is baaaaad, hmmkay?
Re: GPLv3 adoption/rejection and begged questions (Score:2)
case in point: the guy hired by google to sell google's enterprise cloud storage to companies still stuck with samba clients, is affirming gplv3 is dead.
Re: (Score:2)
"companies still stuck with samba clients"
You mean running Windows :-). There are rather a lot of them by the way...
Re: (Score:2)
Re: (Score:3)
"Traditional license enforcement doesn't seem to work well in the Cloud"
No support for that statement either. I'm not concerning myself with this further.
Re: GPLv3 adoption/rejection and begged questions (Score:3)
I have experience with license enforcement. I have done quite a bit of it behind the scenes (think about my own project to understand where this experience may have come from). It isn't working. There is a great asymmetry between individual developers and corporate legal departments that makes it virtually impossible for developers to successfully enforce their rights.
Look at the VMware case for the latest sorry example.
Re: GPLv3 adoption/rejection and begged questions (Score:2)
what about vmware?
Re: (Score:2)
https://www.zdnet.com/article/... [zdnet.com]
Re:GPLv3 adoption/rejection and begged questions (Score:4, Informative)
One could look at the most popular chosen licenses on Github [github.blog]. The top ten are:
1 MIT 44.69%
2 Other 15.68%
3 GPLv2 12.96%
4 Apache 11.19%
5 GPLv3 8.88%
6 BSD 3-clause 4.53%
7 Unlicense 1.87%
8 BSD 2-clause 1.70%
9 LGPLv3 1.30%
10 AGPLv3 1.05%
I'm not sure whether that indicates "soundly rejected", but it's clear open source developers are choosing the highly permissive MIT by a fairly wide margin. I should also point out this data is five years old, but additional research shows the trend is currently moving slowly toward permissive rather than copyleft, at least in terms of sheer numbers.
Speaking for myself and my own (personal) open source work, I chose the MIT license for what I deem to be philosophical reasons, not for "religious/political" reasons. To put it simply, I don't think it's necessary that all software be free and open source. I'm not a fan of the "copyleft" concept in general, and don't really think it's necessary for a healthy open source ecosystem.
Re: (Score:3)
So an entirely new license ecosystem (AGPL, LGPLv3 and GPLv3 code are compatible) has achieved 11% adoption, almost overtaking the very long lasting GPLv2 ecosystem and the Apache license (arguably part of the same ecosystem - but usage is one way).
This is very far from a rejection of the GPLv3. That's actually amazing and shows that the future is pretty bright for the GPLv3 ecosystem.
MIT being at 44% is also actually a victory for the FSF who pushed the MIT license (with no advertising clause) over the
Re: (Score:2)
You can see the result comparing BSDs vs. Linux OS.
Re: (Score:2)
How do you reason that Linux's relative popularity is primarily due to its license? Surely the old correlation/causation maxim would apply here.
Re: (Score:2)
Because from BSD various companies were making proprietary products and OSes (including such as Apple OSX) without contributing back. All these proprietary products got forgotten with time and original BSD remains unchanged/unextended/poor.
In Linux all the companies are forced by its license to contribute back which makes the core Free Linux better for everyone.
IMO it is the reason, I understand someone may consider it just as a coincidence.
Re: (Score:1)
In Linux all the companies are forced by its license to contribute back which makes the core Free Linux better for everyone.
IMO it is the reason, I understand someone may consider it just as a coincidence.
Yes. The stats come from Github/Gitlab, which [despite its ownership] is primarily used by open-source projects.
https://about.gitlab.com/blog/... [gitlab.com]
That introduces a bias so that we get great numbers of
- contributor projects to Gh/Gl choosing an open source license, but not
- contributor projects to Gh choosing a closed source license
That's a bit of a statistical bias (also known as convenience sampling) kind of like asking everyone in one shopping mall in one time period how they would view a particular prod
FTFY (Score:3)
Both GPLv3 and the AGPL have been rejected soundly by most developers.
More than likely, those were rejected by developers working for large corps
Re:FTFY (Score:4, Informative)
Maybe. But not all software is written by large corps.
But this isn't the point of the talk, and I don't want people to get hung up on that one idea.
The main point of the talk is that the asymmetry in power between individual developers and corporate law departments means that even if you pick copyleft licenses, it's almost impossible to get them enforced. Most developers have given up - full disclosure, I'm on the Board of Directors of the Software Freedom Conservancy who is (I'm going to make another claim here) the *only* organization that still tries to enforce the GPL. The FSF have long since given up on enforcement.
So let's concentrate on things that have a better chance of working - concentrate on opening up the protocols between software components and not getting bogged down in the licensing.
Re: FTFY (Score:3)
Note that I'm not saying Conservancy shouldn't continue their enforcement efforts. Far from it. I just want to try other things as well.
Re: FTFY (Score:2)
nobody cares about enforcing the GPL2 because 1) companies already abused it enough to afford to write BSD/MIT alternatives (eg. llvm): 2) nobody ships anything physical anymore.
Now the figth for software progress is on online services! if you write code, figth for it to be GPL3. otherwise you are literally working for free against your interests.
Re: (Score:1)
Why we avoid GPLv*, AGPL (Score:2)
I'm a serial software startup entrepreneur - 5 successful exits since 2013, 4 of them were software centric. We had a hell of a time during due diligence for exits, so in the last startup to exit we made a decision, from the day we started coding (9 months before first external funding) to NOT use *any* GPL or Afero GPL or similar licenses. We went out of our way to use only MIT, BSD, and Apache licensed software; any software that we might've released (we were acquired by one of our first customers) woul
Re: (Score:2)
GPL is only a 'problem' if your own code isn't also GPL licensed.
Re: (Score:2)
GPL is only a 'problem' if your own code isn't also GPL licensed.
Correct -- it's the same issue as Apple and why they switched from bash to zsh as the default shell. That's why lawyers and M&A people don't like it.
From a philosophical point of view I believe that BSD-* and MIT are less restrictive than GPL* licenses.
My open source code is licensed almost always under BSD or MIT, some times under Apache, never under GPL (going all the way back to 1998, when I joined the open source movement). I never found the FSF/GPL/RMS philosophy compelling because it starts from
Re: Why we avoid GPLv*, AGPL (Score:2)
"I'm an asshat who used all that free software and guarded all mine under lock and key" .
If your companies were not investor scams, you could have a profit or a big exit by having loyal users, who knows? but I guess being a parasite is easier.