For open-source software developers, coding is the easy part. Trying to find the right open-source license is where things get painful. It’s like standing in line at Starbucks trying to decide whether to buy latte or mocha. Soy milk or regular? Tall or grande? Don’t even get me started on ice cream. Baskin Robbins wants us to believe they only have “31” flavors. The real number is over 1000.
In “The Paradox of Choice: Why More is Less,” psychologist Dr. Barry Schwartz said, “The presumption is, self-determination is a good thing and choice is essential to self-determination. But there’s a point where all of this choice starts to be not only unproductive but counter-productive — a source of pain, regret, worry about missed opportunities and unrealistically high expectations.”
Can too many choices cause people to be so conflicted that they are less likely to take risks? Can it lead people to ignore the right choice in favor of the one that’s most simple?
Ignore Risks Until You Get Sued?
Dr. Schwartz’s theory may not be too far off from reality, as Eric Raymond observed in a LinuxInsider response to the license proliferation problem. Raymond said “the only strategy that makes sense in the crazed and toxic environment created by modern IP law (especially patents) is to do just enough of a pro forma review to have it on the record that you did one, then basically ignore your risks until and unless you get sued.” According to Raymond, “this is exactly the advice patent lawyers give you.”
Now I don’t believe any patent lawyer worth his or her salt would ever advise clients to ignore their risks — a big part of my job as a patent attorney is to help my clients evaluate the risks of patent infringement and help them navigate through the patent thicket. It is possible that a client will decide to take no action, but that is after they have evaluated the risks using a business and cost analysis. Of course, simplifying the analysis allows clients to get to a decision point sooner and license proliferation makes the analysis more complicated.
Trimming Down the Fat
Fortunately, there are less extreme ways to address the license proliferation problem than to ignore software licenses. One way is for license proponents to lead the way by voluntarily withdrawing redundant licenses. Intel did just that, with their much-lauded self-initiative to request the “de-approval” from OSI list of its Intel Open Source License.
When examined closely, that license is really a BSD license with an additional clause on export laws. According to Intel, there are approximately 25 projects using the license, most of which appear to have been able to use just the plain BSD license.
My License is Better than Yours
The voluntary delisting by Intel only solves part of the license proliferation problem. What about the other corporate license creators on the OSI list who have not jumped on the bandwagon? The OSI executive summary on this issue noted that “licenses have emotive and symbolic significance beyond their instrumental functions as legal documents … there is more tradition of license disputes becoming proxies in ideological wars. Hackers can get intensely, even pointlessly, territorial about their licenses.”
The CDDL-MPL-GPL rivalry is a good example of how charged the debate can get. Sun Microsystems recently slammed the General Public License (“GPL”) as being “unfair and predatory” and “wrongly used as a way to force developers to share their work when the creators have a hidden agenda of forcing a social model on the world.” Feelings were reportedly hurt when the OSI stated that “the ‘middle way’ represented by Mozilla and other corporate open source licenses is not a stable effective solution even from the point of view of selfish corporate agents.”
Computer Associates, Sun and IBM are said to be working together to create a common commercial open source license for future projects and using Sun’s Common Development and Distribution License (“CDDL”) as a template, and it is too early to tell if this will replace other licenses for a net reduction.
In an attempt to address the issue, the OSI recently announced a set of criteria it will use to audit license submissions. From now on, all licenses must satisfy three criteria: (1) it must not be duplicative, i.e., a license must solve a problem that is not sufficiently addressed by an approved license; (2) it must be clearly written, simple and understandable (to people who are not attorneys); and (3) it must be re-usable (i.e., can be used without changing the terms, for example, no proper names).
To complement the criteria, the OSI will begin to classify the licenses under three categories: “Ordinary,” “Preferred” and “Deprecated.”
Teething Problems Take Time
The OSI approach is a good starting place, but there will be teething problems. For example, it allows the OSI the right to deny approval to licenses which are “so obscure and complicated that an intelligent layperson cannot be assured of knowing his or her rights and liabilities after reading them.”
Even some attorneys reading the GPL, MPL and the CDDL might find that they are obscure and complicated enough that even they cannot “be assured of knowing his or her rights.” And, while I might get heat for this, sometimes it is more important that a legal document be precise enough to avoid legal disputes, even if that makes for complicated reading.
Some view this license trimming exercise with suspicion, as evidenced by this comment from an unhappy blogger: “Notice the people that are participating in said recommendations? Is it Jon Smith who uses OSS to develop software on his desktop? Nay, it is Intel and HP. It’s large corporations. It’s only needed by businesses that want to save money and get something done for free at someone else’s expense.”
These teething problems should be ironed out in due course. The OSI set up a License Proliferation Committee with a charter “to identify and lessen or remove issues caused by license proliferation.” Some of the steps the committee proposed include encouraging license stewards to “deprecate” existing licenses for which they are responsible (this will not remove OSI’s approval), work on “tiering” existing approved licenses and providing educational materials (such as a matrix) to describe the traits of some or all existing approved licenses.
In the meantime, we are stuck with over fifty licenses while the license proliferation problem gets sorted out. With so many options, what do we do?
According to Nobel Laureate Dr. Herb Simon, people generally choose the “satisficing” option: the first decent choice that fits their preference as opposed to exhaustively scanning all options until finding the perfect one.
In the open-source context, it means that you need to know what you want. If you are choosing a license, evaluate your business objectives. Are you seeking return on your investment, promotion of widespread adoption to further some other benefit, or is the key goal having a vibrant body of contributors and commentators? If a return is essential and your business model requires it, limit incorporation to just code that can be taken proprietary (like the BSD).
For widespread promotion and a community, go with the GPL for out-licensing your code and, depending on the in-licensed code licenses, use a dual-licensing model to allow for the community and commerce to co-exist (see my earlier column on dual licensing).
If you are thinking of drafting another license, resist that thought for as long as you can. Examine your motivation. Ask yourself if you honestly say that none of the current assortment of open source licenses suits your objective.
Some say that variety is the spice of life. They argue that stemming license proliferation takes away people’s choices. However, if Dr. Schwartz’s “more is less” theory is true, the current movement against license proliferation is a move in the right direction.
Phil Albert, a LinuxInsider columnist, is a patent attorney and partner with the San Francisco office of the intellectual property law firm Townsend and Townsend and Crew LLP.