Real Open Source

It really bothers me when people decide to redefine terms to suit their interests. I tried to stay out of this squabble but I decided to need to defend something in which I believe: Open Source. Open Source has a definition. It has licenses. The words Open Source mean something. To quote:

Open source doesn't just mean access to the source code.

If you want to call your project Open Source, you have two options.

  1. Release your project under an approved license.

  2. Create your own license and submit it for approval. If approved, congratulations. You can now use option 1.


Creating your own license and calling it "open source" is not an option. It's not a good marketing tactic either. Any "halo effect" you think you might get from bearing the "open source" label is going to be removed when people realize your project is not really Open Source.

If you want to see what got me fired up, read Matasano Blog. I don't feel the need to give any publicity to the "project" which made me post this story.

Comments

Scott Dier said…
Note that truecrypt also fails the DFSG, at least when I looked at it.

http://lists.debian.org/debian-legal/2006/06/msg00295.html

and more, in that thread.
It's not on the OSI list, so simple -- not open source. "Exposed source" perhaps.
Anonymous said…
I like Thomas' comment:

"Call it something else besides “open source”. Microsoft calls it “shared source”. That works! "
Anonymous said…
Richard,

The fact that some people have claimed ownership of the words "Open Source" doesn't give them the exclusive right to define it. In fact, there was an attempt to trademark it, which failed on the basis that the phrase is too descriptive.

"Open Source" doesn't mean "something covered by an OSI-approved license". It means whatever people use the phrase to mean.
Paul Bramscher said…
Well, there's a libertarian/American pro-capitalist take (Eric S. Raymond) and then there's an anarchistic/communitarian angle (Richard M. Stallman). Open source in the narrowest sense means nothing more than the fact that the source code was available. RMS takes it a step further and insists on additional freedoms. Check out http://www.gnu.org/.
Colin, you said:

"Open Source" doesn't mean "something covered by an OSI-approved license". It means whatever people use the phrase to mean.

I'm afraid I totally reject this argument. Using that reasoning I could use the term open source for anything because I would be the person defining what it means. It could mean I provide source to you on stone tablets, one character at a time. Hey, it's "open" and it's "source"!

We have to draw a line in the sand somewhere. I think OSI is the right place to do that.
Anonymous said…
Using that reasoning I could use the term open source for anything because I would be the person defining what it means.

Well, the phrase is still descriptive; I can't imagine how something could ever be described as "open source" if you don't provide source code.

But you're right that the phrase isn't very meaningful. If you mean "available under an OSI-approved license", you should say that.
Chris Rohlf said…
There has to be a generally accepted definition for the term. I think that generally accepted definition is still fuzzy. IMHO it means the source is 'open for people to see', but doesnt neccessarily have anything to do with the GPL or licensing terms. If its your code you can call it whatever you want, and everyone is going to just have to deal with that.
Chris,

I am not implying the project in question needs to use the GPL. Sguil, for example, uses QPL (one of the OSI licenses). OSI lists nearly 60 licenses it considers Open Source.

There is a name for code you can see. It's called "uncompiled."

Do you consider Windows open source? With the proper arrangement with Microsoft you can see it.
Unknown said…
Well it is what the FSF/GNU people have been doing with free and the GPL fo decades. Nothing new here move along.

Popular posts from this blog

Zeek in Action Videos

MITRE ATT&CK Tactics Are Not Tactics

New Book! The Best of TaoSecurity Blog, Volume 4