Quoting Luis Villa (l...@lu.is): > So... if someone asked you to justify OSD #6, what's the best rationale > you've seen (or could provide yourself)? I'd love links or answers.
OSD #6 draws a line preventing resumed use of the oldest and most persistent abridgements of open source of all: Commencing the process of proprietising a codebase by withholding/encumbering the right of commercial use. I would remind OSI readers of the state of publicly redistributable software in the 1980s, and specifically the software emerging from academia. Out here on the Left Coast of the USA, we had Computer Science Research Group, producing BSD. On the other coast, a group at MIT was producing X Window System and Kerberos. But those were the two great exceptions. The standard model at universities was that the source code would be made available to the public for non-commercial use in order to make it useful and ubiquitous, but the university regents would retain copyright title and monetise the commercial rights by selling separate commercial-usage licences. At the beginning of the 1990s, you could see this situation if you did a survey of security software. (I won't be getting to my main point until I discuss the history of PGP and SSH, but first, some security-scanning and IDS packages.) o COPS (Computer Oracle and Password System) vulnerability scanner: Written by Dan Farmer and Gene Spafford when they were at Purdue University. Now obsolete. Purdue sold commercial-usage rights separately. o SATAN (Security Administrator Tool for Analyzing Networks). Dan Farmer and Wietse Venema's follow-on to COPS, a similar tool, likewise now obsolete. Used same licence model. o SARA (Security Auditor's Research Assistant), competitor, also obsolete, same licence model. o SAINT (Security Administrator’s Integrated Network Too), same story. o Tripwire, a Gene Kim and Gene Spafford production at Purdue, initially using the standard univerity reservation-of-commercial-rights with the same model (IIRC). In the late 90s, Gene Kim bought the copyright from Purdue and (IIRC) stopped releasing source code at all. (The history is more complex than this. I have notes with the full course of events on my Web server, but think they're not that interesting, here.) Some years later, he and Tripwire, Inc. executives approached my employer VA Linux Systems in some concern (2000), aware that they were massively losing mindshare to open source competitors such as AIDE, Samhain, Integrit, and Prelude-IDS. Tripwire, Inc. at this point started maintaining 'Tripwire Academic Source Release' under GPLv2, functionally equivalent to the binary-only product but without some extras, with help from my firm making the codebase ready for public release again. The likes of COPS, SATAN, SAINT, and SARA have all been unable to compete with open source Nessus, nmap, and the above-cited Tripwire competitors, among others. o PGP. Originally open source, but the first thing that changed after Phil Zimmerman sold the rights was very gradually clamp down on rights, starting with reserving rights for commercial use, then various other restrictions culminating with stopping the release of source code entirely starting in the year 2000. o SSH. Tatu Ylönen's (SSH Communications Security's) original version was open source (permissive licence), but around 1995 SSH Communications Security signed a commercial distribution agreement with Data Fellows, Ltd. (now F-Secure Corporation). Ylönen's 1.2.13 came out 1996-02-10 (increments ssh version to 1.3). 1.2.12 came out 1995-12. SSH 1.0 issued 1995-07-12. Right around the issuance of 1.2.13, the files for 1.2.1 through 1.2.12 were removed from the main SSH ftp site and its mirrors. Some restrictive licensing wording was added to version 1.2.13. The licence was changed again starting with 1.2.28, requiring payment for any use in a commercial setting. Eventually, source code availability was removed completely. How we ended up with a thriving market for open source SSH implementations is, I think, instructive: Someone named Björn Grönvall in Sweden found a third-party-hosted tarball of source code for Ylönen's SSH v. 1.2.12, the final open source version (i.e., the removal of 1.2.1 through 1.2.12 tarballs hadn't found them all). He updated the code and maintained it as a fork he called ossh. OpenBSD Foundation noticed Grönvall's worked, and forked his fork to create OpenSSH and Portable OpenSSH, developing ssh protocol v. 2.0 modules for it. Newer open source workalikes such as Dropbear, LSH, FreSSH, Erlang SSH, Twisted.Conch, Paramiko, and PuTTY have been able to build on, study, and borrow from Grönvall's and OpenBSD Foundation's work. I would maintain that the history of SSH shows that the _first_, most obvious, and most remunerative move taken in proprietising codebases is very typically quietly adding a reservation of commercial rights -- which is also why proprietary-leaning concerns like Canonical, Ltd. typically ask for assignments of copyright title on code contributions, so that they remain sole copyright holders and can start withholding rights and monetising a 'commercial version'. > An ideal answer would address the perceived ongoing challenge of building > sustainable models for maintainers/projects (possibly including the > challenge of bringing the less economically privileged into our > communities). > > I'm writing/thinking about this topic right now and want to make sure I'm > not arguing with strawmen, so the best/most serious answers will be deeply > appreciated. Above is obviously not your ideal answer. However, I hope its review of some relevant software history will be useful to you. -- Cheers, "The crows seemed to be calling his name, thought Caw." Rick Moen -- Deep Thoughts by Jack Handey r...@linuxmafia.com McQ! (4x80) _______________________________________________ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss