Re: draft of a new Open Source Commercial License

[David Chisnall]

On 18 Sep 2013, at 13:52, Pirmin Braun <pb@intars.de> wrote:

> Am Wed, 18 Sep 2013 09:50:48 +0100
> schrieb David Chisnall <David.Chisnall@cl.cam.ac.uk> :
> 
>> Hi,
>> 
>> On 17 Sep 2013, at 22:45, Pirmin Braun <pb@intars.de> wrote:
>> 
>>> we plan to license the upcoming IntarS 7 under this license.
>>> What do you think about it?
>> 
>> What is your goal with this license?  I don't think that it will work to 
>> encourage contributors, because I certainly wouldn't send patches to a 
>> project where I might suddenly find that I'd have to pay if I started using 
>> it a lot.  I'd also have the same reaction to using it: if I build a program 
>> using it and deploy it, I don't want to suddenly find that I'd have to pay 
>> extra if it became popular.
> 
> The goal is to earn additional money from those power users that make 
> themselves lots of money from using the software and on the other hand 
> preserve the LGPL conditions for all others.
> There have been no contributors so far except professional programmers 
> working for money.

Okay, so your goal is to make money.  Open source release is not a requirement 
for this.

> You only have to pay extra when it turns out that you've become a company 
> using the product permanently with more than 5 concurrent named users. 
> Normally you grow into this situation.

5 concurrent named users doesn't sound like very much.  

> You won't "suddenly" find out since you'll be informed about this very 
> clearly on every login. When you're a company and planning to hire another 
> employee who will
> - use the software
> - under an own login name
> - concurrently with at least 5 others
> - permanently
> then you will need this 900,-- EUR additional investment. Which is peanuts 
> compared to the other costs associated with creating a new work place.

Assuming each login is a single real human, yes.  What if I want different 
logins for different roles, some of which will be left logged in?  It's a 
requirement to structure usage of the software around a licensing model.  

You are trying to combine a COTS business model (charging per use) with open 
source and that simply doesn't work.  You need to either sell proprietary COTS 
software, or adopt a business model that works with open source.

And there's no guarantee that the next version will be released under the same 
terms, so if I built my business on this what's to stop you from saying 'well, 
now you have to pay €900/seat' for the next release?  Given the strange 
interaction between the EULA and the open source-like part of the license, it's 
not obvious to me that I could keep running a fork.  And if your company goes 
out of business or is bought, then who do I have to pay?  If I got the software 
as a package from my OS of choice, am I now responsible for working out who the 
current copyright holder is and paying them?  I've never met a corporate lawyer 
who wouldn't have nightmares at the prospect of his employers accepting a 
license like this.

>> Is the goal simply to allow people to port it to other systems?  Again, I'm 
>> not sure why I'd put the effort into putting this in the FreeBSD ports tree 
>> and ensuring that it worked (nor why Sebastian would do the same for 
>> OpenBSD) if we'd end up having to pay if we used it in anything other than a 
>> very small scale.  
> 
> The point is commercial usage. Edu, privat, non profit usage is free in any 
> scale. Additionally you are free to license your port under your own license 
> and also earn license fees (with different conditions) as you like - as long 
> as we get our share from our defined power users. It's the end user's 
> responsibility to pay all affected licensors in the license chain their 
> share. For such a value added derived work that wants extra license fees from 
> the end user we reduce our claim to 30% (or whatever) to give partners more 
> room for their own business model.
> So a partner might sell his derived work well below our price of the original 
> work. But in no case a contributor has to pay us. We don't sell OEM licenses.

That sounds like a set of caveats that would make me very hesitant to 
redistribute it.  

>> As others have pointed out, it is not OSI or FSF compliant.  This may also 
>> mean that it would be hard to distribute in binary form.  As it's currently 
>> written, it's an end-user license agreement, and so we'd have difficulty 
>> distributing it, because we'd need to have a framework in place that would 
>> require the user to accept the license before installing it.  We do this 
>> with the Oracle / Sun JDK and a few other packages already, and it requires 
>> manual intervention and prevents us from distributing binary builds.
> 
> with the proposed draft of the IntarS license this is not the case. You can 
> install the binary and use it. No need to accept anything.

I think you need to talk to a lawyer about this.  If I don't need to accept the 
license, then it is not legally binding and so there is no requirement for me 
to pay you for anything.  If I do need to accept the license and it restricts 
my use (not distribution) of the code then it's an end-user license agreement, 
not an open source license, and you must have infrastructure in place to ensure 
that people accept the license at the correct time.

> Even when you're a commercial company you can work with up to 5 concurrent 
> named users for years. You even can do load tests or evaluation with more 
> users. Only when you permanently (longer than 1 month) have more than 5 
> concurrent commercial named users there is a decision to be made: either pay 
> license fees or use IntarS with less users or at least make users login with 
> the same name or at different times.

So it's an EULA.

> Besides all that, the FSF has created the LGPL to address certain cases. 
> Since then the world has changed a lot. Open Source has beome ubiquitous. The 
> war is won. Just have a look in your Android device Settings/About .../Legal 
> Notices/Open Source Licenses. There are now more "certain cases" that should 
> be honored. One of these is that there are Billion-Dollar-Companies taking 
> advantage of Open Source software while the programmers have nothing more 
> than a mention in the "About" section. Attending Open Source meetings is 
> always a special low budget experience. Source Forge is crowded with 
> abandoned projects and there are so few that can earn their living from doing 
> Open Source.
> Does it have to be that way? I think it's time to discuss a CLGPL (C like 
> "Commercial"). 

Well, the last two open source meetings I organised were both here in 
Cambridge, one for GNUstep and one for FreeBSD.  The bigger-budget one was the 
FreeBSD one, but both had very nice dinners that were paid for by donors.  In 
the case of FreeBSD, those commercial donors include big companies that 'take 
advantage of our work', like Google, NetApp, Juniper, WhatsApp, and so on.  
Many of these companies do other things to fund development, including 
employing consultants and full-time employees who push patches up stream, to a 
project that is released under a license that does not require anything other 
than attribution (that mention in the 'about' section that you refer to).  Many 
of them would not have used the software if it were under a more restrictive 
license.  They wouldn't have paid for it either, they'd just have developed 
something else in-house.  

Big companies would rather employ developers to rewrite a project from scratch 
than employ lawyers to work out exactly what the terms are.  

David




-- Sent from my brain