What to Protect in Open Source Software

eldavojohn writes "I found a brief blog by Marc Fleury on something that seems to almost be an oxymoron — what you need to legally protect in Open Source Software. The short of it is that you should trademark your name and brand it. Which might explain Xen's stance on the use of the brand 'Xen'. Another short blog notes that you should also maintain control of your distribution channels. Fleury also states this interesting tidbit on protecting intellectual property in OSS, 'Short of filing patents, there isn't much you can do in OSS. Let's face it the IP is there for everyone to see. If you are in a mode where a lot of the value is the code itself then open sourcing under GPL or equivalent reciprocal license may be a good choice for you. At least you will make sure that ISV's that re-use your license get in contact with you and many of them will pursue dual-licensing, a strategy that is known to work to monetize an OSS user base (mySQL).' Is there anything else you should take measures to protect in open source software? Is it possible to maintain control of a project under the GPL or are you constantly faced with forks?"

The same as with anything

[andy666 (666062)]

You protect anything that is truly new and creative. Which is rare in most technology.

Re:

[dbIII (701233)]

The name is not creative and the name is what this is about. Naming some software after a computer in a TV show that was named after a philosophy and spelt with an "X" to be scifi is not creativity. Trying to prevent other people copying the name as well by legal action just looks silly and a waste of money. It looks like the organization got large enough to start employing Eloi instead of hungry Moorlocks - it may end in tears.

Duh,

[pb (1020)]

Didn't Red Hat already demonstrate this principle, years ago? Hopefully for his sake, they didn't trademark it too, pfft...

Re:

[BiggerIsBetter (682164)]

Red Hat owns JBoss, which Marc Fleury produces. We can assume he's got an idea of what he's talking about.

That said, given the way Centos has been taking off lately, I'm pretty sure the value of a Brand for things people aren't paying for will be shown to be fairly low. Certainly, if you're reaching people who's only knowledge of the product is the name and image then a brand is a big deal... but in technical and/or OSS circles, not so much.

Err, what?

[Penguinisto (415985)]

By the by - RedHat has had the same stance: you trademark the name and logos, no problem. That protects your name.

Otherwise... protect it from what? If somebody swipes the code and locks it down under proprietary license, you can go after them for violating copyright terms. Otherwise, the whole stinkin' point of Open Source is to share the code. Can the author of TFA say "duh" for us?

If what you're licensing as open source code is covered by software patents (blecch), then it's already covered under patent law.

If you're that worried about distribution, do what RH and nearly every other distro maker does - have official mirrors. Anything outside of that and you don't have to take responsibility for it.

Otherwise, unless you fully grok what it is you're getting into by doing so, maybe you shouldn't open the license on your source code? This ain't rocket science here...

/P

Re:Err, what?

[webmaster404 (1148909)]

Exactly, and if they are so worried about forking, make the code good in the first place. Other then ports and the like, most forks are caused by bad leadership or poor maintenance of the code. And also, a word to all potential "open source" businesses, if your code is open and not-proprietary and you let the community contribute and such you will succeed, if your just trying to make a Windows-like OS and sell it for $45 at a retailer with some proprietary things mixed in, chances are your going to fail. Only the truly open companies that are in Open Source will triumph otherwise, the hobbyists who collaborate will be better.

Re:

[djikster (1189729)]

RHEL, the major source of income for RedHat, has been distributed for free under the CentOS name. They simply take the RHEL source repository, and build everything, and create a "new" distro. Of course, most of the work is done by RHEL, and they're losing revenue because people don't buy RHEL due to the fact that they can get it for free as CentOS. However, RedHat does not seem to be doing too poorly recently, so I assume most of the money they make comes from support, which is odd, since AFAIK the level of

Re:Err, what?

[Penguinisto (415985)]

Of course, most of the work is done by RHEL, and they're losing revenue because people don't buy RHEL due to the fact that they can get it for free as CentOS.

You oughta talk to a CIO some time...

SysAdmin: "Sir, We don't need to buy RHEL subs. We can just use CentOS instead."
CIO: "Okay, and what happens a couple years down the road if the CentOS project goes 'splat' and all our mission-critical stuff is still on it? And how do we know it's exact RHEL code? And what about the apps and bits that only RedHat makes (like certificate tools for instance)? What happens when you're out on vacation or leave for another job, and we gotta get tech support on this thing?"
SysAdmin: "Umm, err, umm..."
CIO: "Who do we rely on if something isn't quite working on the hardware side? You do know that Dell and HP won't even touch an OS or software issue if you're not using an OS that they support, right? And if our Oracle RAC servers starts goofing up, how do we explain to their tech support that we're using an RHEL variant that they simply don't support?"
Sysadmin: " ... "

...you get the idea. It isn't for lack of tech know-how to run the day-to-day stuff that keeps most corporations buying RHEL in spite of CentOS, it's all those nasty little side issues that keep cropping up.

Sure, with a bit of forethought, you can actually get around all the hypotheticals I put up there. Problem is, it'll eat more time and energy to do so than to simply use something that the hardware and app makers support - and invalidating support (either by warranty or contract) is going to be seen as wasteful by the PHB's - cost savings in subs-not-bought be damned.

Personally and professionally, I like CentOS. I squeeze it in wherever there's a need for a non-mission-critical Linux server, and the hardware isn't still under warranty or service contract. This way I save the beancounters some dough but still fill the needs as they arise.

OTOH, there are perfectly real reasons why RH makes so much dough off of RHEL (same with SuSE).

/P

Re:

[dbIII (701233)]

I squeeze it in wherever there's a need for a non-mission-critical Linux server

Personally I prefer not to have mission critical servers if I can help it. If you have a few machines for some other purpose, have the software installed so things can switch roles and enough disk capacity for copies on different servers then losing any single server doesn't slow you down much.

Re:

[webmaster404 (1148909)]

Red Hat isn't losing much money on Cent OS because they target two separate demographics. While RHEL is targeting the business who needs solid tech support and a business to stand by them with pointless patent lawsuits and the like, Cent OS is for the home user or for trial at businesses to make sure their hardware is detected and that the business can function under Linux. When there is Fedora which is also a RHEL-based distro from Red Hat and Ubuntu and Mandirva has better hardware detection in my opinion

Re:

[allcar (1111567)]

Also, Red Hat has by allowing Cent OS has gained much more respect as a business

I'm not sure what you mean by "allowing". The license allows Cent OS to do what they do, not Red Hat. This is a triumph for the whole OS system, not one particular company.

Re:

[sm62704 (957197)]

If somebody swipes the code and locks it down under proprietary license, you can go after them for violating copyright terms. Otherwise, the whole stinkin' point of Open Source is to share the code. Can the author of TFA drool some more for us?

There, fixed that for ya ;)

-mcgrew

PS: Your sig- I'm so old I was a beta tester for dirt. They never did get all the bugs out.

Re:

[Schraegstrichpunkt (931443)]

If you're that worried about distribution, do what RH and nearly every other distro maker does - have official mirrors.

Or sign your releases, like Debian does (not per-package signing, like RPM-based distros usually do).

Re:Err, what?

[houghi (78078)]

By the by - RedHat has had the same stance: you trademark the name and logos, no problem. That protects your name.

Novell did the same and went one step further. If you want to make a distribution based on openSUSE [opensuse.org], all you need to do is remove the trademarks and such. Now how do you do that? Novell has kindly made rembrand which removes the branding. [opensuse.org]

That way it is fairly easy to make your own distribution. No need to recompile, unless you want to. If you so desire, you CAN recompile everything and then use makeSUSEdvd to make your ISO.

All the rest of the packages has their own licences and regulations.

Why "protect" it?

[webmaster404 (1148909)]

Why even "protect" it? First off, the most you should do is trademark your name or possibly your logo, the problem is, if you have a large enough base of people using your software, and you go out of your way to make it "protected" chances are someone is going to fork it into a more free version such as what happed with Firefox and Debian. As for forks, very, very, very few people are going to fork your code unless either there is a leadership disagreement, your work is not free enough, there is serious problems with the code or it is unmaintained, those are just about the only cases where it actually "forks" now if it is big enough of a project, there is going to be forks, however probably 80% die out within the first year and the 20% that remains are either lagging behind the main version or have very limited appeal. People will be quick to point out such things such as Cent OS and Red Hat Linux, however Cent OS is aimed for hobbyists or small businesses who don't need commercial support. Red Hat sells support, not Red Hat Linux. So moral to this post is, don't over "protect" your work, its no big deal if someone forks it, in Open Source, may the best code win.

Re:

[mattcasters (67972)]

I couldn't agree more.

Personally I think that the best line of defense for any open source project is constant innovation and a good (nice & big) community.
Those will do the job of keeping your project alive, well and un-forked much better than any other measure you can think off.

Cheers,
Matt

Re:

[VENONA (902751)]

"if it is big enough of a project, there is going to be forks,"

I don't see that. OK, CentOS, white box linux from RHEL, but I can't call that a fork, which would imply taking the code in a new direction, not just stripping out some branding.

The only serious forks I've seen have been in the security space--vulnerability scanners and such. As a security guy, that hits close to home. But still, that's a very small piece of the puzzle, in the overall scheme of things. If you were to include innumerable small PH

Fork... the nightmare of the OSS developer..

[xtracto (837672)]

Is there anything else you should take measures to protect in open source software? Is it possible to maintain control of a project under the GPL or are you constantly faced with forks?"

FORK!! FORK!! there, run scared... haha

It is really funny how open source developers are so afraid of a fork. It seems that it would be the worst thing that can happen to their precious software/idea... imagine some forking Linux and making it so good that Linus does not matter any more? or what about apache, or any other project.

Recently, I was in a talk given by the founder of Moodle, and when asked which where the treats of his project, he named, maybe competitors, lack of interest and almost as if he did not want do acknowledge it, with a very weak voice, he said "forks".

Of course a fork would mean that the oh great lords and owners of the source (Linus, Theo, Miguel, etc...) would be put aside and they could end as simple coders...

Sorry for the flame :) have a nice day

Re:Fork... the nightmare of the OSS developer..

[mmcuh (1088773)]

Of course a fork would mean that the oh great lords and owners of the source (Linus, Theo, Miguel, etc...) would be put aside and they could end as simple coders...

Linus Torvalds has said many times that he thinks that forks are a good thing, and he don't mind Linux forks at all (although he'd of course want to merge back any good ideas and good code from them). Theo de Raadt started OpenBSD himself as a fork of NetBSD (the entire *BSD family is a tree of forks originating from the original Berkeley software). People in these positions in the free software world have usually thought enough about "free software" to understand that forking is very seldom bad, most of the time harmless, and sometimes very good.

Re:

[init100 (915886)]

or what about apache

It is interesting that you mention Apache when discussing the alleged fear of forks, as Apache is itself a fork of the NCSA httpd. The name Apache even stems from "A Patchy Server", in that Apache initially was distributed as a set of patches for the NCSA httpd.

Re:

[Kjella (173770)]

The reason they're rightfully afraid of forks is that most of those trying to make a business selling service and support get the majority of service and support because they're the company behind the product. Red Hat gets RHEL support because they're Red Hat and not someone else. If someone forked it off and made a better $foo-Linux, then company $foo would get the service and support. Same goes for those in it for recognition, being the guy "who made some software which another company took over and now e

Freedom immigrants vs freedom natives

[wikinerd (809585)]

Free/libre and open-source software is a product of freedom natives, people who regard freedom as a fundamental non-negotiable human value. Many freedom natives have been born in environments where they were in interaction with lots of other freedom natives.

A freedom native will make money with free software by offering great user support.

Now people who believe in control (control freaks) have learnt about the free software community and try to monetise by building upon its spectacular success. But being freedom immigrants, and keep being in interaction with other control freaks, they cannot comprehend how you can make money without using control. They think that the essence of capitalism is to squeeze the customer, lock users in proprietary platforms, etc. Thus, even though they adopt the free software insignia (they may use the GPL and place wikis on their sites), their mindset is still that of a control freak (they use their trademarks abusively, etc). They aren't true freedom natives.

So, a freedom immigrant will try to make money with free software by maintaining a dual-licensing scheme for corporate clients, by maximising as much as possible their grip on their trade marks, by making shadow deals with distributors, etc. And if they succeed to create a cash flow with these methods, their user support may suck.

When I evaluate a free software application for use in my personal and business machines, I try to understand whether it is made by a freedom native or a freedom immigrant. I prefer software written and supported by freedom natives, even if the freedom immigrants use the same licence.

Re:

[s.bots (1099921)]

Xenophobe!

Re:

[photon317 (208409)]

Your "freedom immigrants" sound like MySQL AB :)

Re:

[cdrguru (88047)]

A useful software product needs no "user support". If the user has to call for help, the product is incomprehensible or it fails when the user needs it the most.

Some very complicated products require training (e.g., Oracle) to use properly. However, once trained nothing further is required other than using the product.

Re:

[jhoger (519683)]

Your mistake is assuming all users have the interest and are qualified or with short-term training can become qualified to install, maintain or extend this "useful software product." Quite often this is simply not the case. For the vast majority of businesses, IT is a cost center, not a profit center. Businesses will look outside their company for support rather than build up the expertise inside the company. That's why selling support around most any software product above a certain level of complexity, h

Re:

[TheRaven64 (641858)]

It depends on what you mean by support. The lowest level of support is answering the phone and helping people with problems. Good (which includes well documented) software does not need this.

The next level of support means fixing bugs. Perfect software has no bugs, but almost no software is perfect (some is designed using formal methods, but it costs a few orders of magnitude more and so is very rare). Ideally, however, software should contain very few bugs and so fixing them for money is not a viable

Re:

[trifish (826353)]

Linux, Firefox, and other big open source names are all registered trademarks. They protect the brand. Software is not the same as brand.

no protection against forks except excellence

[markhahn (122033)]

being GPL means, most of all, that there is no protection against forks. after all, GPL _is_ the ability to fork (ignore RMS's politics and all the other noise.)

how do you avoid forks? by being on the right side - everyone pulls in slightly different directions, and any project would be a mess if it accepted all of them. it's also not just a matter of choosing - ideally, if a fork is threatened, the mainstream would trump the fork. that is, instead of some little feature X, develop a bigger, more general thing that is a superset of X. turn the fork into a trivial an unappealing, limited special case. I'm not advocating hyper-featurism, but to embrace big-picture generalizations.

Re:

[Nazlfrag (1035012)]

Why would you want to avoid forks? If it splits the community evenly, well in time there will hopefully be two strong communities. If it splits for a specific purpose and forms a small dedicated community (eg. IceWeasel) it does little harm to the main package, and provides for improvements to be fed back via merging (like Cegega with WINE). The whole 'forks are bad' concept is flawed, some forks fail, some work fine independently, some create a symbiotic system of dozens of forks that interoperate (eg. Lin

That's really disgusting

[gambolt (1146363)]

It's either missing the point or is 100% targeted at the "how to exploit open source for personal gain" crowd.

In the ear. With a rake. Sideways.

Re:

[Antique Geekmeister (740220)]

Or perhaps he agrees with Theo de Raadt and other BSD license users that you should be able to lock away your own locally developed software bits and not share? I disagree with their licensing, but the model does have some followers.

Of course, when they get caught with their fingers in the cookie jar, as an OpenBSD got caught importing the GPL licensed Broadcom drivers and refused to cooperate with dual licensing, they can get quite upset about anyone *else* not simply handing over their toys to put in the

No.

[WestCoastJTF (1192081)]

Is it possible to maintain control of a project under the GPL or are you constantly faced with forks?

No. It is utterly impossible. That's why Linux and the GNU project had to close up shop.

I didn't see the second blog advocate control

[einhverfr (238914)]

over distribution.

However, I think that projects should try to position their official site as the primary point of distribution (i.e. have the project actually manage getting packages for main distros up), and control main distribution points through the project. This doesn't mean you can control secondary distribution points, but it does mean you should try to influence and coordinate the distribution channels so that new updates get pushed out fast.

This is a major issue with licenses like Mr Rosen's OSL and the AGPL. Forced distribution makes it more difficult to protect your trademark and ensure that people are getting the most secure versions from you.

It's very important to protect...

[tttonyyy (726776)]

...the comments. They get bullied by the rest of the code because they're "different". Even the compiler excludes them, the poor little buggers.

Forks not neccesarily bad

[Todd Knarr (15451)]

One of the selling points of open source is, I'm afraid, precisely that the creator doesn't have final control over it. This is what gives users assurance that they'll be able to maintain the software even when the creator's interests diverge from theirs. If adding a particular feature or fixing a particular bug wouldn't be of any benefit to the creator, or worse might actually go counter to the creator's plans for the software, but would be of major benefit to me as a user it's a good thing for me when the creator can't assert control and prevent me from adding that feature or fixing that bug.

Knife the Fork -- Listen to Users

[darkonc (47285)]

The only real reason for successful forks is that you're not listening to the users and the developer community. If you're listening to the developers' comments, providing wanted changes and accepting good quality patches, then you're not going to face much in terms of parellel forks.

Ubuntu is an exception that proves the point. It went off in a very different direction than Debian. -- as such, I don't consider it as much a parallel fork as a symbiotic tangent.

Re:

[houghi (78078)]

Ubuntu is not an exeption. It is how forks work. At a certain moment you have a large enough user base that different people will see things differently. At that moment one or the other will say, hey we will fork. In an ideal situation this would mean that 50% use the old version and 50%.

It is evolution, one could say. Not forking is the unnatural way. It would mean no diversity. I leave it to the reader as an excersise wether this is a good or bad thing.

A developers community can only listen to so many peo

sounds like....

[3seas (184403)]

..some mental exercise out of the 90's

OSS developers really should secure patent rights

[The Empiricist (854346)]

Maison Fleury glosses over patent protection too glibly. The Open Source Software community has been aware of the threats from software patents [mit.edu] for years, yet has done little more than argue that software should not be patentable. During this time, OSS developers have created countless innovations. Had some of these innovations been patented, software patents would not pose as much of a risk because the OSS community would have powerful leverage. Even the risk from patent trolls would be somewhat mitigated because OSS developers could withhold licenses for key innovations from potential licensors of the patent trolls' technologies, drying up all streams of revenue. OSS would also have greater political leverage because it would be easier for groups like the FSF and the OSI to point to the patents as evidence that OSS spurs innovation, not just high-quality craftsmanship.

Patent protection is known to be expensive. But, a lot of money has been invested in OSS. Some of that money could go to paying the costs of securing and maintaining patent rights for OSS innovations. Furthermore, many law firms encourage pro bono work. The OSS community could probably leverage those free legal hours as easily as it leverages developers' hours. The real obstacle to securing patent protection for OSS is political: OSS developers tend to boycott the entire patent system and hope that it will just go away. Unfortunately, ignoring the value of this form of intellectual property protection is a mistake.

Some of the rights that can be secured through software patents are much better suited to OSS goals than copyrights or trademarks. Some OSS developers try to bend copyright and trademark protection in ways that, if accepted, would be harmful to the OSS community, if not the entire software industry. For example, "[s]ome have claimed that an application program that needs a library for its operation is a derivative work of that library." [digital-law-online.info] This line of thinking would make Gimp for Windows a derivative work of the Win32 API, making Gimp a product that is ultimately owned by Microsoft. Using patent rights to exclude use of a library by non-OSS would produce the desired result of encouraging the development of OSS without distorting copyright law in such a self-destructive manner.

The GNU GPL actively prevents forks

[Jessta (666101)]

The GNU GPL actively prevents forks by removing the point of forking. Nobody forks the linux kernel because it's too much work and you generally get the same benefits by making your own patchsets and applying them to the code in the main tree.

giving it away may be better

[m0llusk (789903)]

To grow markets for new products as quickly as possible, giving away all the key elements may be the best strategy. Keeping prices at zero means the barriers to adoption and marketing through personal networks are negated. Money can be made from selling distributions, instructions, and customizations, and this approach is also competitive from the start. Instead of creating a kind of dam for intellectual properties where flow is controlled and limited, letting innovations flow free while taking fractiona

Something I suspect Trolltech do with qt..

[lpontiac (173839)]

Keep your test suites to yourself. That's a significant advantage over anyone else when it comes to maintenance of the codebase.

Litmus Test

[3.2.3 (541843)]

Is it possible to maintain control of a project under the GPL or are you constantly faced with forks?

It isn't truly open source until it's been forked.

Re:Repeat After Me

[calebt3 (1098475)]

Have a weekend

No thanks, I'm full.

Re:

[dbIII (701233)]

Personally I think it made it look Debian look stupid - the deliberate and childish insult of "iceweasel". Eventually whoever is playing schoolyard politics on the Debian "board" will get bored and go away and perhaps developers can run it again instead of wasting time fighting over a logo for someone else's software.

Childish?

[Nursie (632944)]

The very point of debian is free software. If they can't use the firefox name on their own build then using something else is fine.

Why is iceweasel bad?

Do you know the Matt Groening quote about iceweasels? (Have you been reading your /usr/games/fortune?)
Where's the insult?

It's not schoolyard politics. Debian has a philosophy and criticising them for sticking to it is the childish thing.

Re:

[dbIII (701233)]

They made it very obvious at the time in my opinion. Check out some mailing list archives and form your own opinion.

to paraphrase "If we didn't review the code it doesn't get our logo" sounds fair enough to me and not the action of a weasel and does not merit calling people names in a schoolyard fashion.

Re:

[Schraegstrichpunkt (931443)]

Personally I think it made it look Debian look stupid

Please. Go research what actually happened, then please tell us all what you think Debian's options were, realistically. The Mozilla Foundation was the one that suddenly said, "you can't use our trademarks anymore".

Re:

[RotateLeftByte (797477)]

I see that the poster was doing so as an AC. I do also understand that there are some times when posting like this is required. Comments like this should not be done as an AC. It could be taken as 'Trolling'

Just to clear up any misunderstanding, here is the final paragraph from the boss of JBoss in response to the accusations.
"... As a company we are growing rapidly to meet the expert professional services needs of our customers and partners. We want to be role models for open source developers around the w