Addressing Proliferation: Deeds not just Words

When I started getting the new Open Source Office ready a while back, my attention was drawn to the topic of license proliferation as being a crucial issue for the community of open source communities. Sun has already made an important contribution to reducing license proliferation by providing a new, OSI-approved open source license that renders continued cloning of the Mozilla Public License unnecessary. That license - CDDL - may have had a controversial first outing but in fact is a well-received license that makes any future attempt to build yet another MPL-clone vanity license much less likely.

Back in the early days of the Open Source Initiative, Sun created an open source license called the Sun Industry Standards Source License (SISSL). It's actually a very fine license, designed to encourage forks and derived works to support the same file formats and standards as the original work. However, it's not been used by very many projects and I don't think having it on Sun's list of preferred licenses is appropriate any longer.

Announcement: SISSL Retired

I'm therefore announcing today that Sun is 'retiring' the SISSL. I'm writing to OSI to ask them to place the license on the "not recommended" list being created by the License Proliferation Committee. It's my intention that Sun will not use the license again for future projects. Furthermore, I'd encourage any project that's currently using it to make other plans at the time of their next major release.

I spoke with Laura Majerus, who is OSI's Director of Legal Affairs, and asked her about the step. As well as giving me the appropriate OSI form to complete and return, she told me that reducing needless diversity and simplifying license choice is a key objective of the OSI and she told me I could quote her: "Sun's move is a welcome step that we'd like to see copied by the originators of many other OSI-approved licenses."

Promoting Best Practice

I consider license proliferation a key issue for open source. We need unnecessary licenses to be retired in favour of a smaller number of more modern ones, and we need the sort of consensus that Laura's committee is building to create best practice. The sort of erudite comment Larry Rosen is encouraging is essential. In my view, best practice involves:

  1. keeping license choices simple,
  2. helping communities each build a code commons that promotes contribution while protecting from patent attacks, and
  3. making inter-community re-use as simple as possible.

Steve Mills may not think it's worth his time to worry about this - he considers it "wishful thinking" - but I plan to devote some time and attention to the issue of license proliferation. Shallow and attention-grabbing rhetoric like that employed by Martin Fink is not the answer either - no single license addresses all open source models. We're taking a practical step today, the first of several I hope, and committing Sun to actually help with the issue. I'd encourage other companies to do the same.


Let me see, Sun added a license (CDDL), and retired one (SISSL). For all who didn't fail Math 101 this makes:

1 - 1 = 0

So were is the beef? You didn't make things better, you just ended up even. Oh, and you produced some marketing hot air.

Posted by Karol on September 04, 2005 at 02:34 AM PDT #

Karol: If you think that, you don't understand the problem. The proliferation of licenses has been largely caused by the fact that the (otherwise laudable) Mozilla license cannot be re-used as-is - it has explicit mentions of the name of the licensor and the choice of law and venue, to start with, which mean that every company that wants a Mozilla-style license has to create their own copy of it (termed a "vanity" license) and get it approved by OSI. The vast majority of the licenses OSI has approved are vanity licenses.

The CDDL is essentially a 'templatised' version of the MPL, with the licensor name and choice of law and venue turned into parameters that are defined externally. That means there is no reason anyone needing a Mozilla-style license should continue to proliferate copies. So while to the Slashdot level of thinking it looks like a matter of mathematics, in fact CDDL has made a huge contribution to putting the brakes on proliferation.

The retirement of SISSL then offers a lead-by-example to other license creators to start to reduce the overall number of licenses too. So these anti-proliferation steps are different in character but still both help address the problem.

Posted by Simon Phipps on September 04, 2005 at 04:10 AM PDT #

The CDDL is just a bad case of not-invented-here-syndrom by Sun lawyers. As of this writing there are almost 60 OSI-approved licenses. Are you claiming that Sun is so special, so solitare in the word that non of these licenses could fit? Millions of companies happily use them, but they are not good enough for Sun layers. Mind you, the same bunch of Sun lawers who came up with the ten page gliberish in the JSPA (for contributiong via the Java "Community" Process) or the Mustang SCA (70+ word sentences) on top of the JRL. Ups, three more Sun licenses from recent years. What did you say? You are worried about license proliferation?

If you want less licenses, stop inventing new ones. It's that simple. But don't think people are to stupid to do the simple math.

BTW: Your attempt to insult me by calling the simple math, which seems to be over your head, Slashdot math has been noted. Are you really so unsure about your argumentation that you have to sink to such low rethoric tricks?

Posted by Karol on September 04, 2005 at 10:43 PM PDT #

Hi Karol,

Where exactly did I insult you or use the phrase "Slashdot math"? It seems you just want a fight, so unless you actually want a reasonable conversation I'll end it here by suggesting you re-read my reply with less hostile eyes and note that it explains why one more license was necessary (there was no suitable variant of the MPL, our chosen license, so we created one more to prevent the creation of many more, addressing the root cause - "millions of companies" do <em>not</em> use an unaltered MPL).

Posted by Simon Phipps on September 05, 2005 at 12:25 AM PDT #

Good work getting SISSL out of the licensing equation at Sun, Simon. I enjoyed the podcast a few days ago, and reading the rationale for doing so. May I assume that the utility of the Sun Public License (used by NetBeans) will be re-evaluated as well?

As for CDDL putting a break on MPL-style license proliferation, I have my slight doubts about that, after hearing about's OVPL and OVLPL, which are apparently both based on CDDL.

I don't blame Sun for that, though ... it's bound to happen. The MPL-style licenses look too much like a legalese-burdened contract for a lawyer to pass up the opportunity to tweak them ;)

cheers, dalibor topic

Posted by Dalibor Topic on September 05, 2005 at 10:46 AM PDT #

Ah yes, OVPL. I do wish they'd call me before that goes too much further. And yes, I'm considering SPL :-)

Posted by Simon Phipps on September 06, 2005 at 12:38 PM PDT #

Post a Comment:
Comments are closed for this entry.

Thoughts and pointers on digital freedoms and technology markets. With a few photos too.


« July 2016