Vice President of the Open Source Initiative here.
MongoDB submitted this new license for approval by OSI at the same time that they announced that they'd relicensed all of their code. We wish they'd started the process prior to the announcement, but what's done is done. The result, however, is that at this moment, MongoDB is under a non-approved license and therefore IS NOT OPEN SOURCE.
As the license review process only started this morning, there's no way to estimate how long the process will take. There also is no guarantee that the license will be found to obey the Open Source Definition, and therefore no guarantee that it will be approved.
Hopefully this will all be resolved soon, but there are far too many question marks around this license (and therefore also around any software using it) right now. It's probably best to limit your legal risk by not upgrading to an SSPL-licensed MongoDB at this point. The previous AGPL-licensed version should always be available.
On the other comments in this thread, even though MongoDB have "submitted" to having the OSI review their license, OSI still aren't capable of restricting anyone's rights on the use of the phrase "open source" including MongoDB's.
I can see your organization tries to make sure that there is an approved set of principles that identify libre/free software which is good. The phrase "open source" has been used in myriad ways since its early days, and not just for software.
I'm a programmer who has written open source since 2000. I would defend you when it comes to the benefits of libre software, but you can't restrict others over using something that you don't legally own.
So, yes, technically, OSI does not own the term open source, and it could be that this license does comply with everything set out in the Open Source Definition (https://opensource.org/osd), and that means that, technically, "(the latest version of) MongoDB is not open source" is overstating the case.
Except that, as a non-lawyer developer who generally agrees with the Open Source Definition, "under an OSI-approved license" is my working definition of "open source". I believe the same is true for many others. And, under that definition, if Ms. Brasseur doesn't consider it to be open source (yet), I'm happy to fall in line with that.
She went on to say the magic words that mean so much more to me on this front than any debate about who gets to own the term: "It's probably best to limit your legal risk," and, "at this point." OSI's recommendations are a key part of how I limit my legal risk, and they're working on vetting it as we speak. My best course of action is to sit on my hands and wait for their advice.
Between Cygnus/Red Hat and Mozilla, I've worked for open-source-based companies for 7 years of my career, and never once heard or believed "open source" in lowercase to mean "OSI-approved."
I appreciate what OSI does, and do value an OSI review and endorsement, but you're seriously reaching here and trying to double-down on it.
Edit:
To be clear, I think the OSD captures what open source is, but OP tried to say "We haven't reviewed it, so it's not open source," not "We haven't reviewed it, so WE don't know it's still open source." Whether or not and when OSI gets around to reviewing something has zero bearing on whether something meets the OSD, even if we are going to assume that's the de facto definition.
I find the idea the VP thinks we need to wait on them to deliver their judgment from on high to be, frankly, offensive. OSI didn't successfully get the trademark on "open source" for a reason, and I can read a license myself.
> Between Cygnus/Red Hat and Mozilla, I've worked for open-source-based companies for 7 years of my career, and never once heard or believed "open source" in lowercase to mean "OSI-approved."
That bullshit.
If that wasn't the case then Microsoft's Shared Source licenses could also be considered "open source", licenses which completely restricted commercial usage. Thankfully the world did not fall in that trap.
Without a working legal definition, the term "open source" becomes (1) meaningless and (2) a legal minefield.
Basically you've been spoiled by OSI approved licensing because our industry rejected anything else. We could've had a different industry and yes, all those bullshit projects on GitHub without a license are a legal minefield.
Yeah, but that's a really dangerous position to take and if they'd work with me I'd be quick to set them straight. Because that path leads to legal adventure.
I'd add "redistribute" to the GP's definition, but the point stands that the definition of "open source" is not "licensed using an OSI approved license"
Whether or not it's OSI approved or not isn't relevant, but if it doesn't meet their definition or something similar (https://opensource.org/osd) then it probably isn't what most of us would call open source.
How about I create a license called the ABA (anyone but amazon) license. If you're not Amazon/AWS/a subsidiary, it's just the MIT license. If you are, then you have no rights to use the software. Would you call that an open source license? I wouldn't. An important point (I thought) of open source was that the rules are the same for all, whether you're using it for personal projects or the biggest business on earth, whether you charge money for it or do it for free.
That's a fine interpretation of the term for amateurs.
By which I mean, it's probably fine to think of things that way when you're working in an amateur capacity. If you're working in a non-amateur capacity, thinking about things that way could result in unwittingly exposing yourself to more legal risk than you want.
I don't think simply checking that the license is "OSI approved" gives you many legal guarantees. There are currently 83 "OSI approved" licenses containing a variety of terms, from aggressively copyleft to extremely permissive: https://opensource.org/licenses/alphabetical
I don't either. . . we might be playing a game of moving goalposts here. I was specifically responding to the observation that, "Open source for most people means whether you can see and modify the source code.", and saying that that, while that is a workable definition, it's probably not one that most people want to use.
You might want to be a little tighter with that definition. You can find the source for all sorts of crazy stuff. And with that, you can modify it.
Oracle or Microsoft or any other copyright holder that didn’t release that is going to be ticked off at you.
There has to be some element of the author wants you to have it.
I know this sounds silly and pedantic. I think there have been organizations that ignored copyright and released stuff they didn’t control the rights to.
You might want to tack on something about the authors want me to have access to this.
… And I think this has exactly been @bunderbunder's argument from the start? That the "definition" put forth by threeseed is naïve and could at best be usable on an amateur level, but as soon as you start having money involved, you really want a more in-depth/verbose/specific definition (like the one the OSI provides), rather than simply being "I can read (and thus modify) the source."
Part of why I originally used the term "non-amateur" instead of "professional" when I described people who shouldn't work under that definition is that, while students and maintainers of open source projects might not be getting paid for what they're doing, they still have compelling reasons to be more careful about licensing.
One worst-case scenario for a student might be that some software licensing snafu threatens their academic work, and, by extension, their whole career. And open source project maintainers have an ethical responsibility not to get users of their work into legal hot water.
For those people, falling in line with OSI offers a huge advantage: You can't avoid crossing the software licensing legal tightrope. But, by sticking to working with OSI-approved licenses, you can at least ensure that you're working with a net.
> That's a fine interpretation of the term for amateurs.
That's a seriously polarizing statement that you've made.
While I understand that your argumentation is from points of law, I think you need to realize that the term open source, was pushed by us, the developer community and so I feel that it is us amateurs that have the right to maintain the heart of the law. So, revisiting the heart of the matter:
"We had identified free software as a promising approach to improving software security and reliability and were looking for ways to promote it. Interest in free software was starting to grow outside the programming community, and it was increasingly clear that an opportunity was coming to change the world. However, just how to do this was unclear, and we were groping for strategies." [0]
So, what MongoDB has done is in fact increased (imho) the open source aspect of their offering by attempting to curtail corporate abuse. You should be thanking them.
No, it has nothing to do with "amateurs". Whether the source is open and what the license dictates are two wholly different things. The danger is exactly in conflating the two.
Take for example the NPOSL-3.0:
A variant of the Open Software License 3.0, this license requires that the organization using it is a non-profit and that no revenue is generated from sale of the software, support or services.
The source is open, but you can't use it outside of non-profit orgs. It's "Open Source™", it's approved by OSI, and it can still get you in legal trouble.
Huh, how on earth did that get approved. It violates Section 6 of the definition: "No Discrimination Against Fields of Endeavor" (which specifically has the example of discrimination by disallowing software use within a business).
Personally I never liked the OSI's definition of "open source", and the FSF definition of free software has always felt (for me) to be far more fundamental.
If you never liked the OSI's definition of "open source", what do you think about the Debian Free Software Guidelines?
About the discrimination of fields of endeavour, please read the sibling comment to yours. I think you and the grandparent have both misunderstood the license.
I went and re-read Section 17 (the only section that is different from the OSLv3) and yeah it looks like tl;dr legal misrepresents what the license requires. Effectively, it requires that if you redistribute it and want to do so under the NP-OSLv3 you must make a declaration that you're a non-profit and so on -- otherwise you must distribute it under the OSLv3 and clearly state this is the case. (I don't really see the benefit of such a license, but each to their own.)
Looks like I was wrong. Regarding the DFSG, I think it was necessary (according to Bruce Parens it was the DFSG which convinced Stallman to distribute his four freedoms definition more widely). I think the DFSG is a decent set of guidelines that help avoid legal trouble for Debian by having clear requirements, but I don't think it's a good definition for a movement's primary purpose. In many ways the DFSG and OSD can be seen as re-statements of the four freedoms but without any strong justification for why these particular conditions are necessary for a license to be good -- the four freedoms can be explained by explaining how each freedom is necessary to ensure that users have control over their computers.
For an example of why having strong fundamentals is important, the OSD doesn't really have a stance on DRM -- while the free software definition clearly does (even though it predates any modern concepts of DRM).
Thanks for changing your mind on receiving new information.
DFSG and the OSD are essentially the same thing, having been written both of them by Bruce Perens. Main difference is that Debian doesn't certify licenses: they ship software, so they look at the whole packages, so to speak. OSI only certify licenses, they don't ship software.
As to what the DFSG and OSD do that the FSF four principles don't, I think they are more detailed set of rules one can apply when trying to figure out whether some software is free or not. IMHO, the FSF principles are less operationally useful, despite describing categorically the same set of software.
> DFSG and the OSD are essentially the same thing, having been written both of them by Bruce Perens.
Right, and I knew this is what you were getting at. I guess my main point is that having a working guideline for acceptable licenses for a distribution makes complete sense (after all of the moral viewpoints have been debated to death you have to ship some code eventually), but using those guidelines as the basis of a movement doesn't really (at least not as much as basing a movement on an a set of ethical axioms). So I would say I favour the DFSG over the OSD purely because of what it is used for and represents, rather than because of the (almost non-existent) differences between the two texts.
But of course, I'm biased since I'm far more in the "free software" camp than I am in the "open source" camp -- purely because I think bringing it back to discussions of ethics is quite important (perhaps more than ever).
You've misinterpreted the license. What it says is that the licensOR (not the licensEE) is a non-profit. That is, by publishing your original software under the NPOSL, you claim that you are a non-profit organisation. That's it.
Nowhere does the license say that you can't use the code outside non-profit orgs. In fact 17.d says very clearly that if you're not a non-profit, you are allowed to distribute your modified works, but under the original OSL license, not the NPOSL. So you can use, modify it and distribute it, only with a complication in the licensing.
The other amendment the NPOSL adds is where the original OSL gives a grant of patents and a warranty of provenance, and the NPOSL explicitly doesn't, because it's designed for non-profit companies, which have no money, so it's intended to reduce legal exposure.
It's a Free Software license in my opinion, and I bet you a drink that Stallman and the FSF would consider one too, even if they would not recommend using it.
Also note that the license's author is Laurence Rosen, who was General Counsel of the OSI, knows more about software licensing than most people, and who explains the details and rationale of the NPOSL in [1]
If you have any other license that's OSI-certified and you think is non-free according to the principles of the FSF, I'm interested in learning about it.
One thing to take into account, though, is that the OSI is a certification body, and the FSF isn't.
Thhis means that the list of Open Source (according to the OSI) licenses is closed and published on their site. The FSF gives a set of principles and also publishes a list of licenses with some analysis, but the FSF's list is non-exhaustive, nor does it pretend to be. There are infinite potential free licenses that the FSF will not list, because its doesn't count license certification as one of its goals.
Yes, the OSD tries to include legality in "seeing and modifying". If you regard Open Source as just "seeing and modifying" the source then anything that you can get the source code for is Open Source. This is most definitely not the case, as illustrated by my previous example of Windows 2000. Please see [0] and [1] for more info. Confusingly, there are still copies of the W2K source on github which have an MIT license in the root which is, I assume, false and unauthorized by MS [2].
On my side those cases are categorised as "Public source" and the respective license terms are then labelled as freeware for most cases, as a sub-variant of Proprietary license types. The other two variants would be Purchase or Subscription.
From a licensing compliance/verification perspective, being OSI approved is a good help to guide developers and reduce the effort of processing the applicable terms. For the auditor itself, the OSI stamp is OK but not something critical.
Looking better, we simply don't even use the terms Open Source nor FOSS on our procedures to be inclusive of the commercial/closed 3rd party products.
Not sure anyone actually thinks "open source" is a term owned by an organization and the gp didn't say they were restricting Mongo, so I'm not sure if your clarification is necessary.
It's like someone claiming certain software doesn't scale. There is no need to clarify that the author doesn't own the word "scalability".
Op is speaking for the OSI's opinion on whether it's open source or not.
The OSD may not be the de-jure definition of "open source", but it is the de-facto definition. The statement above is correct in all but a trivial, pedantic sense.
Not just trivial and pedantic, this has been a common avenue of attack over the years in an attempt to dilute the meaning of the term. Such as when Microsoft made a concerted effort to try to redefine open source as "non commercial" source available software.
> because the OSI don't appear to have a right to restrict use of the phrase
You are really hung up on this. Where did they say they were restricting the use of the phrase? If they said: "MongoDB is not good software" would you be saying they aren't allowed to restrict MongoDB from saying they are good software?
This VP specifically states MongoDB "IS NOT OPEN SOURCE" presumably referencing their own organization's definition of open source. What's worse is their current definition technically qualifies MongoDB as open source. She conflates a non-OSI-approved license with the definition of open source very blatantly.
As someone just above said open source for many simply means the source code is open (can be viewed).
Edit: Realizing now that "open source" may be a genericized trademark held by one of their board and we may need to ignore their assertions in this thread.
> What's worse is their current definition technically qualifies MongoDB as open source.
I don't agree, the modified section 13 appears (at least to me) to violate the spirit, if not the letter, of section 9 of the OSD:
> 9. License Must Not Restrict Other Software. [...] For example, the license must not insist that all other programs distributed on the same medium must be open-source software.
The new SSPL requires that all of your server configuration and tools be distributed under the terms of the SSPL. This is so badly worded that it could include your operating system kernel (which, on Linux, would not be possible since GPLv2 is incompatible with this new license).
Also, the scope of "providing a service" isn't limited to network services (which is what you'd think). No, it applies to any service "includ[ing], without limitation [...] offering a service the value of which entirely or primarily derives from the value of the Program or modified version, or offering a service that accomplishes for users the primary purpose of the Software or modified version.".
I'm sure you can easily come up with some examples whether this concept of "providing a service" will run into strange consequences when your accountant is giving you a download link for MongoDB as well as all of Windows.
Open source is mostly objective, unlike 'good software'. The parent comment stated in caps that MongoDB is not open source, which is objectively untrue. It's a silly thing to bicker about, but the original should have probably said something along the lines of 'OSI approved open source license'.
The only objective definition of Open Source I know of is OSI's. Everything else is a hodge-podge of whatever the user of the word feels it's open. Is it reading the code? Modifying it? Redistributing it? There's no consensus besides OSI.
But their definition does not restrict it to OSI approved licenses, so their assertion its not open source because it hasn't been approved is not valid.
> I can see your organization tries to make sure that there is an approved set of principles that identify libre/free software which is good.
The OSI doesn't define what Free/Libre software is, the Free Software Foundation does. The OSI is in charge of the common definition of "Open Source" software, which is accepted outside of non-software or idiosyncratic usages (such as "open source is when I show my references" or "open source is when I derive my conclusion from publicly available information" which is becoming the common definition in the intelligence field.)
It's good when we have a common definition, and discuss that definition rather than the label; it's a waste of time to argue "of course it's organic; it's carbon based!"
One thing that we can both agree on is that more people are familiar with the OSI's definition of "open source" than are familiar with your personal definition, so it's probably more productive to talk about the one more people are familiar with.
While OSI may have coined the term "open source" as a reaction to the word "free software" in the past, it did not invent the idea of free software. Rather, the term open source was a reaction to the desire for commerical enterprises to avoid saying software was free.
Now it rejects the same argument from developers of software to make a profit, which I find ironic relative to the founding mission.
Previously, Commons Clause was called out in aggressive terms in twitter, rather than seeking to understand the underlying rationale.
I am left to believe OSI views this as a useful political time to self-market, or otherwise sees licenses like this - which intend to fairly compensate software developers - as something that does not promote the interests of those that primarily fund it.
I'm sorry, but we don't need a gatekeeper anymore.
But we do need a gatekeeper - that's where you're wrong. Without it, we don't get a fair review of licenses by people most adept at understanding what Open Source is. Without it, we will go back to the wild west of licensing where we have hundreds of OSS licenses that each have their own little clauses and are written by developers, not lawyers, so they don't really hold up in court.
Open Source is for corporations to benefit from FOSS without the need to spend exorbitant amounts to acquire such functionality. But corporations are bound by a set of rules to operate, and as such, so should OSS licenses.
If open source were to revert to the old-style, write your own license if you want to, corporations will have a much more difficult time accepting the new software. OSS will probably die a nasty death, and we will go back to tons of proprietary software running the biggest apps.
The OSI is non-political and for you to argue such is silly. The organization has one goal: to make open source easier for business. What political nature can you see in there? Do they ever restrict anyone from making money off their creations? (The answer has always been NO)
So some developers want to make money on the more advanced features of their open source project. Well, if it happens after software has been around a long time (ala Redis) then people are going to complain. It sucks to have to go from a free model to a for-pay model, but I understand the motivations. I don't think any developer should be kept from making money for their work, but if they want to make money off of something AND control the source, DON'T call it open source, call it proprietary because that's what it is. The source is provided, yes, but that doesn't make it open source. To truly be open source it has to abide by the OSD and Commons Clause definitely does not.
So, is it time for new open source licenses? Maybe, but they should be governed by some committee and the OSI exists so why not them? You're arguing that we should move into an anarchist style of releasing open source... The time has come to make money!! Well, again, that's basically what proprietary software is all about.
There is absolutely zero reason why the concept empowering open source software, the free and open exchange of code and software, can't apply to the licenses themselves.
The reason I believe in open source software is that it empowers the communities and users behind the software, despite (and sometimes, in spite of) the leadership, nobody controls open source software. If the linux kernel went in a direction I didn't like, either with how they approve code change requests, or by adding in code that I don't like, I can subvert their control over the codebase with my own fork, with blackjack and hookers, and compete, because they ultimentally have no control over their codebase, it belongs to the community.
This should apply to licenses as well, there should be no authority, no gatekeeper, just the community.
You're right. There's no reason at all why the concept empowering open source and the free exchange of code can't apply to licenses. After all, software is shared freely by people with the skills to handle it, why can't we do the same with licenses?
Of course, this does kind of require that the people working with license experimentation know enough about law to provably know what they're doing. So perhaps the community might not be as large as might be hoped, as there are limits to what a self-taught not-lawyer can do when it comes to having legal standing.
Having observed this area for 18 years now, I'll say that gatekeeper (a party which has unwaveringly observed and stuck to delivering the principles of software freedom) is the Free Software Foundation. This is the only reason why users gravitate to "open source" - not its sexy name, but the freedoms such software provides when a user wants to use/apply it.
Back in the day, the founding president of OSI justified VA Linux making the "alexandria" project closed source (the software that ran Sourceforge.net back in the day - back when sourceforge.net was a good citizen). The remains of "alexandria" was forked to form other projects such as GNU savannah, and there was a later fork named GForge IIRC.
There is only one organization that has unwaveringly sought freedoms for users of software. I've firsthand heard it being accused of promoting communism, and sometimes have wondered if it went too far. At least, they haven't wandered in their principles.
For all his craziness, you've got to admire Stallman for his unwavering conviction of his version of what free software should be and allow. I don't know whether he'd be frothing at the mouth, or quietly thinking "I told you so..." about the current antics at Redis and Mongo...
The code for windows has been leaked and people could get the source. Sometimes companies have agreements for viewing the source of software they produce. These are two examples where the source code is visible, but this alone does not make them open source. There must be other attributes beyond just being able to see the source code.
If I give you some source code, with the license that you cannot run the software, modify the code or copy or use the code in any way, it follows your definition and is still useless.
Well, besides OSI's definition -- which I understand is being questioned in this comments section, so I suppose mentioning it is begging the question -- most of the bibliography and articles out there use "open source" in the sense I mentioned.
Microsoft was also aware of the accepted meaning, which is why they introduced their "Shared Source Initiative" back in the old days (note how deviously careful they were about the naming).
Honestly, this comment section is the first time I've heard about the OSI, I guess whenever I read articles that use "open source" I've assumed a definition that may not be technically correct. I would hazard a guess that my definition is probably more widely held but that could just be my personal bias.
The OSI is a respected organization that defends basic and non-controversial rights in open source. The underlying reasons behind the Anti-Commons Clause are unimportant if the execution leads to such an egregious violation of these principles. I support the OSI and their mission is important. Getting angry with them for protecting open source from bad actors who try to subvert its freedoms while reaping its benefits is ridiculous.
I'm not saying that MongoDB is in the wrong here. The new license is perhaps misguided in that it seems functionally equivalent to the AGPL, but after I read it I think it meets the OSD. However, MongoDB should have spoken to the OSI before switching their license to be sure.
> OSI was specifically created to subvert freedoms that the Free Software Foundation protects
This is one of those spots where knowledgeable people can disagree, because they're working with a different set of values.
To someone who prefers the Free Software model, OSI was created to subvert freedoms that the FSF wants to preserve. To someone who prefers the Open Source model, OSI preserves freedoms that the FSF is trying to restrict.
To the other 99% of humanity, this particular debate probably sounds a whole lot like the Judean People's Front vs. the People's Front of Judea.
(Edit: s/intelligent/knowledgeable/ -- better choice of words.)
This isn't really true. The FSF and OSI have subtly different goals but the definition of open source and free software are nearly identical. The OSI exists to be a non-political entity so that people who want to work on open source have resources to do so without necessarily participating in the politics of the FSF.
> The OSI exists to be a non-political entity so that people who want to work on open source have resources to do so without necessarily participating in the politics of the FSF.
In what way is the FSF any more political than the OSI, beyond trying to protect the defined freedoms of free software?
By inserting itself as the only legitimate body to define what "open-source" is, it is by definition engaging in politics, no less than the FSF.
> The OSI is a respected organization that defends basic and non-controversial rights in open source
It is rather assuming that the OSI is "respected" or that it defends "non-controversial rights in open source".
The right to take my code, profit from it and not share back is essentially what the OSI stands for and is thus not respected by me.
>In what way is the FSF any more political than the OSI, beyond trying to protect the defined freedoms of free software?
The OSI only concerns itself with defining open source and publishing a list of open source licenses. The FSF unquestionably concerns itself with much more.
>The right to take my code, profit from it and not share back is essentially what the OSI stands for and is thus not respected by me.
No, this is what open source stands for. If you don't want to write open source software, then don't. That's your choice. But the right to do exactly this is protected by both the OSI and the FSF, and I doubt you can find another authority which disagrees.
> The OSI only concerns itself with defining open source and publishing a list of open source licenses. The FSF unquestionably concerns itself with much more.
The FSF concerns itself with defining/defending free software, same as OSI does for open-source.
If FSF "concerns itself with much more", I assume you would not have a problem listing some of these things.
> No, this is what open source stands for. If you don't want to write open source software, then don't. That's your choice. But the right to do exactly this is protected by both the OSI and the FSF, and I doubt you can find another authority which disagrees.
The difference here is that the OSI was historically created as a response to FSF for this exact purpose, whereas the FSF was primarily created to defend copyleft, later adopting some non-copyleft licenses as well, so the exact reverse of what OSI did.
Ask the FSF yourself. Richard Stallman can be reached via rms@gnu.org and usually responds to emails within a day. The FSF defends the right for others to sell your software, and has wide-reaching political ambitions. Don't just take my word for it, ask them.
YOU have asserted that the FSF has "wide-reaching political ambitions", therefore it is upon you to provide evidence for this.
> has wide-reaching political ambitions
I am asking what "political" ambitions does it have, beyond protecting free software.
> Don't just take my word for it
The thing is, you didn't provide any evidence of the "political ambitions" you speak of and so you're quite right, I don't take you word for it, unless you list at least some of these ambitions.
Looking at both links it is completely obvious which is the political of the two. You are really stretching calling the Advocate Circle the same as the various FSF campaigns. Some of the FSF campaigns listed are "surveillance", "upgrade from Windows" and DRM.
> Some of the FSF campaigns listed are "surveillance", "upgrade from Windows" and DRM
All of these restrict your freedoms, so that someone else is in control of the program and not the user. This is very much what free software stands for. So in reality, you're disagreeing with the principles of free software themselves.
> surveillance
Directly interferes with you being in control of the program, if it spies on you, violating the principle of free software that the user should be in control of the program and not the other way around.
> upgrade from Windows
So the Free Software Foundation advocating for the adoption of Free Software. Isn't that what it should be doing?
> DRM
DRM, by its very definition, restricts the freedom of the user to run the software in any way they wish, thus violating the free software principles.
None of these imply a "wide-reaching" political agenda.
>> The right to take my code, profit from it and not share back is essentially what the OSI stands for and is thus not respected by me.
Nope. You are so very wrong here. The OSI defines open source so that licenses comply with the terms... that's all. They don't have any other agenda, period. Stating so shows a complete lack of understanding OSS and the OSI.
Stating so shows a complete lack of understanding of why and by whom OSS/the OSI was started and popularized.
It ignores by who the OSI was co-founded and promoted by, (ESR, O'Reilly etc.) and why, (as a response to FSF to make free software more appealing to corporations for the exact purpose I outlined in my original post).
You repeatedly became uncivil in your posts to this thread. We ban accounts that do that. Please review https://news.ycombinator.com/newsguidelines.html and follow the rules when posting here.
(That includes not using uppercase for emphasis. That's basically online yelling.)
> Open Source was a way to make free software acceptable to businesses, not subvert the FSF.
Read my comment again please.
I didn't say subvert the FSF, but some of the things the FSF stands for. This, as you correctly point out, in order to make it more appealing to businesses, which I didn't dispute.
The Open Source Definition provides a single point of reference for what it means for a project to be "open source."
Licenses are submitted for approval by those who wish to prove that the license provides the benefits and freedoms assured by the Open Source Definition and therefore by open source.
Licenses that do not provide each benefit and freedom in that definition are not not approved and are not—literally by definition—open source.
MongoDB recognises the value that a consistent worldwide definition of open source provides to the entire software development ecosystem and is seeking approval for their license to show their support and respect for the definition.
1. "Licences that conform to the OSD are open source". Agreed.
2. "Licences that do not conform to the OSD are not open source". Ok, let's run with that for now.
That is not what you said upthread. You said "MongoDB is under a non-approved license and therefore IS NOT OPEN SOURCE". Nope. Even for those who accept the OSD as the sole definition of open source, you haven't yet established whether MongoDB's new licence is 1 or 2. You cannot categorically (capitally!) say "IS NOT OPEN SOURCE" until you establish that.
Using basic context clues and inference, it's obvious she meant "IS NOT OPEN SOURCE [currently]". The license has not been approved as open source. It may be eventually, but it is not at present.
No. She's conflating "an OSI-approved licence" with "open source". The Open Source Definition does not contain a requirement that a licence must be OSI-approved.
And who is the trusted organization that makes the determination whether a license adheres to OSD? Unless you want to hire your own lawyer and make the determination yourself, the world must wait on OSI's review of the license. Until further proof is put forth, I also would not consider the new license to be open source. That is, it is not yet safe to say that this license is open source. This holds true for me, because OSI guidelines are organizationally justifiable and makes my life easier when dealing with auditors.
Rather than pontificating about terms and hilariously claiming unenforcable rights to commonly-used words, the OSI should look at the reason Redis, Mongo, and soon others seek to update their license terms. It's because development is simply not sustainable in times of cloud providers. Who does the OSI represent? Is their intent that nobody except cloud providers can earn a living, by commoditizing software?
1. The idea that OSI seriously thinks it gets to decide what counts as open source is laughable. This is akin to Linux being released for the first time, and Microsoft issuing a warning that they have not yet verified that Linux is a "real" operating system, and to stay tuned for their final judgement. The arrogance here is hilarious. I've been working in open source for years and I've never, ever heard of OSI.
2. All "open source" really means is that the source code is available in some way/shape/form, with no implication whatsoever made about the license of said code. "Free and open source" on the other hand implies a permissive license.
3. I don't know anything about the MongoDB license before or after these changes, I just despise the tone of this message.
So to recap. OSI is just some random organization with no bearing on what society decides open source is or isn't, and therefore what they say DOES NOT MATTER.
Open source is a term of art with an agreed upon definition, and it has been for 20 years which, not-so-coincidentally, is also when the Open Source Initiative was founded.
The fact that you've never heard of OSI means we've been doing our job well enough that you've never needed to know about it.
The fact that you've never heard of OSI does NOT mean that it's not legitimate, and frankly, that kind of rhetoric is just silly.
Something is "closed source" if you literally can't get a copy of the source code. What is the antonym of "closed source"? The opposite of "closed source" is "open source" and it means that the general public can get a copy of the source code. "A permissive open source license" on the other hand implies the things that OSI is trying to confer on the word "open source".
You are so off base. You may have been writing source-available software, but it's not open source unless you know the OSI's definition. THAT is what everybody abides by to make sure that the licenses are fair and in the spirit of open source software.
Open source is an agreed upon definition for software provided under an OSI or FSF approved license. To state anything else shows that you DON'T understand what open source is.
You see, for corporations to operate they follow a set of rules. Rules designed to keep them on the right side of the law. As such, without the OSD we wouldn't have any rules to understand what open source is. Do you understand that?
Open source isn't just for hobbyist programmers, it's used to run the worlds biggest software platforms.
I can't tell whether this is serious or sarcastic. It lacks the "/s" at the end, so I'll assume that you're serious.
> but it's not open source unless you know the OSI's definition.
> Open source is an agreed upon definition for software provided under an OSI or FSF approved license.
Open source software (by today's standards) existed before the OSI or even the term "Open Source" existed - the creators of BSD *nix, X11 and TeX all chose a liberal, open source license before a cabal around Eric S. Raymond would decide on a definition of Open Source and the term itself. The idea came after the actual thing existed, and the definition after the idea. So it would be weird to call something Open Source that doesn't fit the Open Source Definition (because the latter was conceived together with the term), but it would absolutely be possible for a software/license to be Open Source without knowing about the Open Source Definition, as is the case with BSD, X11, TeX and many Free Software programs.
Next, there is the idea of the Open Source Initiative approving Open Source licenses, which is a good thing because people can trust any OSI-approved license to be an Open Source license. However, not every Open Source license is OSI-approved, because OSI applies additional criteria (e.g. being reusable).
So, yes, it's possible for a license to be Open Source but not OSI approved, when it fits the Open Source Definition but hasn't been submitted, not reviewed, or doesn't meet the additional criteria set forth by the OSI.
The fact that your employer's legal department will mistrust your personal judgement of software fitting the Open Source Definition (for perfectly sensible reasons) doesn't make software not Open Source (any more than a US State can decide to make Pi a rational number or to make dolphins be fish).
I'm one of those guys running businesses with open source for 20 years - not once have I given a shit about OSI or FSF or their definition, and neither do the other folks I know that control very large budgets.
So no, it's not some universally-agreed on definition and trying to hawk it as such is dishonest.
Did the FSF & OSI help establish the framework that's allowing us to have this conversation? Yes. Do they get to dictate that conversation in 2018? Nope.
Regarding number 2: by that definition of yours, Microsoft Shared Source Initiative in the early 2000s was also "open source". See the problem with not having a precise and standardized definition?
People wouldn't say "free and open source" or "a permissive open source license" if "open source" was already sufficiently descriptive, so I think in the back of their minds people already believe what I put forward here, at least a little bit. If the source code is available to the general public, it is open source. The source code is in the open. If a company decides to release source code with no license at all to redistribute or modify, solely so people can verify that their software does what they say it does, they still should be applauded for at least sharing their code rather than keeping it closed source, and what they would be doing would in my book still be "open source". Once again, if the source code is open, it is open source. If this wasn't the common definition, then people would never say "permissive open source license" because it would be implied.
Instead we have created this environment where if you aren't willing to "go all the way" and give people the right to modify/redistribute your code in some permissive way, you are basically pressured to not release your code at all. As a community we would have access to more code bases if this wasn't true. I totally agree that companies should embrace permissive open source licenses, but when that doesn't make sense, I totally think they should embrace non-permissive open source licenses. This is a minority opinion, however.
> All "open source" really means is that the source code is available in some way/shape/form
I think that, in practice, there are very few people who have been around the block a few times, and still see things that way.
As a concrete example, consider the Microsoft Shared Source Initiative. That particular (arguable) boodoggle is the closest I can think of to a real test of whether there's a broad consensus on what "open source" really means. My impression is that most everyone who's looked into it agrees that a couple of the SSI family of licenses are "open source", and the rest are not, and that they generally agree on exactly which ones are and are not.
I would say that if "some way/shape/form" means I have to be a licensed user of the executable code who signs an NDA in blood to get the source code, and may not even share modifications with others who have similarly obtained the code, then it's probably not "open source". It's just "source".
Code that is available because someone leaked it is also available in some way/shape/form, yet probably doesn't count as "open source".
Not every situation in which second or third party outsiders have access to source code is "open".
We don't have to accept OSI's exact definition with all its quirks (WTF is "technology-neutral"), but the salient features of OSI's definition jive with the widespread understanding that open source allows basically allows free redistribution and use of a program in source code form, with or without modifications.
MongDB submitted their license for approval, so obviously it matters to them. Whether you think it matters or not is irrelevant, you're just some random HN user with no bearing on what society decides open source is or isn't.
The OSI is the founder and DEFINER of the term "open source" so saying that it's open source without an OSI approved license is like saying your app's an approved Android app without it first being reviewed. Get it??
But it was done coincidentally with the discussions that ultimately led to the OSI and the OSD.
>> Bruce Perens has applied to register "open source" as a trademark and hold it through Software in the Public Interest. The trademark conditions will be known as the ``Open Source Definition'', essentially the same as the Debian Free Software Guidelines.
Bruce attempted to register a certification mark (a type of trademark), but the application lapsed in 1999 after OSI discovered that there was virtually zero chance of registering the term "open source" as a mark, as the term is too descriptive.
No. Even if you accept the Open Source Definition as the sole arbiter of what's open source, "approved by the OSI" is not one of its 10 criteria. It is possible for a licence to meet the OSD whether or not the OSI has approved it.
Bruce attempted to register a certification mark (a type of trademark), but the application lapsed in 1999 after OSI discovered that there was virtually zero chance of registering the term "open source" as a mark, as the term is too descriptive.
OSI has "OSI Certified" as a registered trademark (a certification mark).
> The OSI is the founder and DEFINER of the term "open source"
No it's not. It's some random group of people that usurped the term and tried to take control of the marketing of a larger movement that was already underway and would have happened with or without them.
Ok so they coined it but if they wanted to police who used the term they should have trademarked it and sued everyone who used it without their approval. Of course they wouldn't get very far with that strategy, but then they shouldn't expect to eat that cake.
I wasn't aware that the OSI was the only one who could declare something to be "OPEN SOURCE". Is there a certification fee to have my license / code blessed with the designation?
I don't see anything on that page with gives you, the OSI, the legal right to declare things as being opensource or not. You categorically stated it wasn't opensource. Had you stated that in your opinion it wasn't opensource it would be different.
Nope. I just dislike it when someone tries to claim control over a simple English words. They don't have a trademark on open source so they don't get the right to go around saying what is / isn't open source.
They made up the term and their definition is what most people associate with "open source". This is not a legal right, it's just "let's not redefine words because we don't like their common meaning".
> I brainstormed this with some Silicon Valley fans of Linux (including Larry Augustin of the Linux International board of directors) the day after my meeting with Netscape (Feb 5th). We kicked around and discarded several alternatives, and we came up with a replacement label we all liked: "open source". [0]
Also note, that the OSI didn't exist when they came up with this new label.
> Their OSD is what defines open source. You didn't define it. It wasn't defined at some party or demo-conf. It was defined by the OSI - they defined Open Source Software.
Isn't the OSD basically the DFSG? Therefore one could argue that it was actually defined by Debian, not the OSI.
You may be talking past another. I guess what GP was asking is whether OSI has a trademark, copyright, or something else for the term "open source"? The term "open source" has been generically used for much longer than OSI's existence.
Big difference between a "party" and a strategy session. So it wasn't literally defined at a party. And, even if it were, I guess it doesn't matter. The OSI owns the OSD which is what defines what Open Source is.
The process I underwent for The License Zero Reciprocal Public License last year, and the process described to me by participants affiliated with OSI during those discussions, did not match the process described on the page you linked at the time, especially its "What Will Happen" section. At least one participating member of the board seemed to be learning, as well.
Best I can tell, the process page was prepared by a former board member pushing to reform the process and make it transparent. It was and remains aspirational. But those aspirations aren't shared by remaining participants with sway.
The most straightforward summary of the process I received was that discussion proceeds on the mailing list until it reaches consensus, and then it's entirely within the board's discretion what it does or does not do. It was also written repeatedly that the board may not approve professionally drafted, novel, OSD-conformant licenses, for unspecified policy reasons.
Is it your companies official stance that they have the sole right to determine what is OPEN SOURCE code? From an outsider who reads this phrase in countless contexts, this feels like an incredibly naive and non-legally binding opinion
The OSI defined "Open Source" so they kinda get to put the rules to it. There is an Open Source Definition (OSD) which states what the license to the software can and cannot do. It's primarily about licensing at the OSI, not about open source itself. The definition clarifies what can be considered "open source" so organizations that need structure have something to follow.
As for apps, there's no approval process for an application - only the license applied. And if you use one of the 83 OSI-approved licenses, you can be guaranteed that your software falls under the Open Source Definition, stewarded by the OSI.
It's been a big help to me in both understanding what freedoms I have as a consumer of software, as well as providing me with thoroughly vetted, top-quality licenses to work with when I'm trying to give freedoms to the people who consume my software. OSI is incredibly useful, and have probably saved me needing to consult with a lawyer at least couple of times already. Now spread that benefit across an entire industry to get an idea the amount of value they provide!
I certainly learned some things today. I didn’t realise ‘open source’ had such a specific meaning, and I understand why it’s useful to establish the definition so there is no ambiguity.
Reading the replies to this thread is like watching hippies fight over the definition of free love.
Open source doesn’t mean anything unless we all agree on one definition, and while idealistic developers might reject the idea of central authorities to uphold the meaning of things now, they forget that it was idealistic developers just like them that realised an agreed definition was required and established the OSI 20 years ago to uphold it.
The OSI is not the man telling you what you can and can’t do - a shared and agreed definition of what open source is clearly benefits all of us, and if you just invent your own definition through ignorance or sheer bloody mindedness then you’re not legally in the wrong, but you could find yourself embarassed, exploited, or otherwise screwed through not understanding what the consensus definition is.
We are arguing over rather or not a body saying they haven't reviewed rather or not something fits a definition qualifies as not fitting that definition.
The answer is no, it does not, hence why OSI's statement is inaccurate.
The Open Source Definition is plenty ambiguous. It's not even internally consistent. Read the introduction, which sets us up for rules about license terms, and then criterion 2, which talks about source availability. What LICENSE says for the binary doesn't guarantee the distributor source.
That doesn't mean OSD was bunk or busted. It means we've preserved it for historical relevance, not operative function. Else we'd've revised a great deal more in 20 years.
Instead, in discussion of new license submissions, we routinely see readings of OSD criteria that would exclude the very set of contemporaneous, popular licenses the original Debian Free Software Definition was meant to generalize. For example, that criterion 6 prohibits discrimination against proprietary development as a field of endeavor. OSD isn't a consensus, exactly because it invites so many such readings. There's consensus only insofar as interest groups agree to disagree in OSD terms, as a framework. Some don't. Notably FSF, with its own "definition".
The trouble with open source is that it's a movement, a community idea, not an entry in any formal lexicon, not a fixed point. License terms are only incidental to that movement, that community idea. A zeitgeist and a name. And there's nothing particularly legal about OSD criteria, apart from the expectation they'll be implemented in the legal medium of public license terms. Legal's no magic font of rigor here.
As I'm led to believe, "Free Love" never suffered such discipline as OSI claims now. Free Love was something people were into, stood for, practiced. There was never any organization proffering a definition of Free Love as definitive, official in some sense, and telling folks their particular love didn't count, wasn't free enough. "Free Love" meant something because of how it was used and understood, variously, not how it was defined. It was always contested, and contestable.
Pretending that the OSD, or more accurately OSI approval, represents consensus for new proposals clearly benefits only those who like the particular status quo that a select subset wish to preserve by clout right now. Circa 2002, OSI was approving plenty of licenses in the vein of Mongo's new terms, to welcome smaller businesses challenging more powerful incumbents on behalf of the open approach. Notably RPL and QFPL and Watcom. The permissive-industrial complex hastens to elide or deprecate those approvals now. Even though today very arguably wasn't reachable without accepting strong reciprocal licenses for dual licensors, as a waystation.
I don't think that an appeal to authority is a very good way to make this argument. It's the blatant restriction to the field of endeavor which makes this license quite obviously not open source, because there's nothing open about something which certain people are not allowed to use.
But the OSD is maintained by the OSI, so an appeal to "authority" is a great way to make this argument. The OSI gets to decide what fits their OSD (which you quote) so it's really a non-issue.
If you later approve the license, then under your company's own definition of "open source" that means it was always open source, even now, so saying they are not open source when you admit you have not reviewed the license fully yet, is inaccurate, and could very well lead your company into legal liability if your statement turns out to be untrue and mongodb sues for slander.
furthermore: If you later deny the license, that may mean it was always not open source. May.
Your board is not the gatekeeper to the open source community, you are not the controller, authority, or president of the open source community, and the open source community as a whole is the only body that can decide what is "Open Source"
While you're reviewing the license, I'd be interested in the OSI's opinion as to whether or not the SSPL retains compatibility with GPL software in light of the striking of the relevant paragraph in section 13—and what the implications would be of adding it back in.
Your opinion isn't the only one out there. I recognize the OSI as the authority on the term open source.
On a more practical level: who do you consider be the authority? If the answer is 'nobody' (except yourself) then that makes the term essentially meaningless because there is no standardization, which means that one should stop using that term.
MongoDB recognizes OSI as an authority as well, which is why they submitted their license to OSI for approval. Which led us to this moment, where OSI has not (/yet) granted that approval, and that apparently raised gp's hackles for some reason.
MongoDB recognizes that OSI approval is a nice thing to have as a selling point. I very much doubt that they accept the OSI as an authority that can make binding rules and regulations about who gets to call their software "open source".
I was addressing OP's suggestion that RMS is the authority on "Open Source" (which was the question further up the thread). He'd rather have you use/contribute (to) Free software instead.
Yes, I understood that, I assume the OP meant that he is an authority on "open-source" in that "free software" was the original "open-source" and thus "open-source" has RMS a lot to thank for. Otherwise I agree.
It might be the original "open source" but it ISN'T open source, per the definition. Open Source was coined for software LONG AFTER the FSF had declared what free software meant.
Going back and saying "Well, RMS might have MEANT open source, so it's actually the original open source" is very subjective and not historically accurate.
> Open Source was coined for software LONG AFTER the FSF had declared what free software meant
I know, you COMPLETELY misunderstood my comment.
> Going back and saying "Well, RMS might have MEANT open source, so it's actually the original open source"
I don't think he meant open-source and I am not saying he did, as free software defines greater freedoms. I am not a big fan of open-source myself, much prefer free software.
What I am actually trying to say, is that "free-software" was the original way to share code and work on it collaboratively for the commons, ie the thing open-source got inspired by.
What I am saying, is that in certain sense, you could say that Ken Thompson has a grandfatherly hand in Linux, despite him technically not. It's a spiritual hand, if you will.
RMS has an ideal: All software should be free and open.
This doesn't work for businesses that need to profit from what they do. Keeping things proprietary, while benefiting from source-available software is impossible if a company has to release their source. Competition goes out the window.
So while RMS has a nice ideal, it doesn't generally apply.
> " Keeping things proprietary, while benefiting from source-available software is impossible"
That's a tragedy of the commons, not something any company is entitled to (BSD-style licenses excepted). Enjoying the benefits of an ecosystem while not contributing to it is not a thing to laud.
> So while RMS has a nice ideal, it doesn't generally apply.
...and here we are, with a MongoDB pulling a bait-and-switch on licensing because they want to have their cake and eat it. You shouldn't expect to only get the kudos (and higher adoption rate) that result from your open-source license and not run the risk of someone (possibly a competitor) forking your code. That is the price of admission into the open-source world.
Dictionaries reflect common usage and shared understanding, they're not some infallible source. If the technology community started using the term "open source" in a different way, the dictionary would have to be updated to reflect the new meaning.
The definitions in a dictionary are for general purposes and not used, necessarily, in legal battles. There are legal definitions for things like Intellectual Property, Copyrights, Patents, and Trademarks. These definitions are what will be used when it comes to determining, legally, what open source is - not some wordsmith.
Noah Webster did use a strongly prescriptive approach when he wrote his dictionary. His decision to use alternate or simplified spellings of some words is still seen today as the differences between American English and British English. Linguistic prescription - the idea that there is a single "correct" language and other uses of language are somehow inferior or improper - was used to intentionally to give American English it's own identity.
Fortunately, most modern dictionaries recognize that languages evolve, using a descriptive approach, updating definitions when needed to reflect how words are actually used.
So by me saying that the term might be interpreted differently by different people - since it can't be owned by anyone now that it's in wide use (and hence implying there's different opinions out there) you assume that I fail to see there's a multitude of different opinions on the matter? That's exactly the point I was making.
Only if you're completely ignoring the context, which is MongoDB asked OSI to approve their license as "Open Source" - OSI isn't in a position to do so immediately, and so in OSI's estimation, MongoDB isn't "Open Source"
As OSI hasn't yet reviewed the license, perhaps it would have been better for the OSI VP to explain that "MongoDB may not meet the OSI definition of Open Source" than to announce (in CAPITALS, no less) that "MongoDB...IS NOT OPEN SOURCE".
> "MongoDB may not meet the OSI definition of Open Source"
That's just euphemism for "MongoDB is not (certified) Open source". It either is, or isn't; and presently it isn't, for reasons that were entirely under MongoDB's control.
If it doesn't fit the OSD (https://opensource.org/osd) it IS NOT OPEN SOURCE. The license has not been reviewed by the OSI, and there isn't any "Approved until shown otherwise" clause to refer to. So, in the OSI's eyes (and really anyone who knows what open source actually is) it's NOT OPEN SOURCE anymore.
Well, that presupposes that the OSD is the One True Definition of the term "Open Source"; although the OSD is widely accepted and respected, that's a rather bold claim over an English phrase.
> it's NOT OPEN SOURCE anymore
That claim doesn't seem justified at this point. It would be more accurate to say that it is not currently CERTIFIED BY THE OSI as being Open Source -- because the OSI has not yet reviewed the new license. Maybe it will turn out that it is Open Source (as per the OSD), maybe not. Until the license is properly reviewed, we simply don't know.
The only people who interpret the term open source differently from the OSI definition are either wrong or deliberately trying to sow discontent in the open source community.
In a funny way, I actually don't think ownership of the term, or even who gets to decide that, is what really matters. Mongo can release their software under a license they term "open source", or "special mongo license", or "license X" -- they're under no obligation to use any commonly-accepted licenses or terms. They are certainly free to call themselves "open source" under any new license, and make their arguments as to why they believe that term applies.
However, what really matters here is whether, if they choose to do that, developers would still be willing to freely contribute to Mongo's code base, and whether companies who use open source software will continue to use their product. Because _that's_ the reason Mongo cares about being "open source". If most developers and organizations recognize the OSI, with their license approval process, as the arbiters of what constitutes an open source license, then that's the reason the OSI's opinion here really counts. Not because they have some divine right to that term, but simply because if they say "after review, we don't consider this project to be open source by our definition of open source", developers and organizations may hesitate to contribute to, or use, this project.
The OSI owns the definition, yes. You are incorrect.
See https://opensource.org/osd which is what DEFINES open source. The term has been around for 20 years. Your lack of understanding the history doesn't make you any kind of an expert.
No, OSI doesn't own the definition and doesn't get to define open source. Some people agree with that definition, some don't. Nobody has to though. You can't really own what other people think, you can only try to agree on some definition during interaction. No need to pretend there is some universal truth that they just don't know about. It's an agreement, not truth.
And OSI might become irrelevant anyway if it doesn't change in light of recently emerged licenses with more restrictions and doesn't certify them in some way. People will just stick to a handful of popular known licenses and call them open source.
Yes, they do! They are the ones that put together the OSD (https://opensource.org/osd) which they derived from the DGSL. No one else has defined open source, not even Richard M. Stallman. His definition is for "Free Software", not "Open Source".
So when it comes to who owns the definition, the definitive answer is the OSI. Anything else is just subjective opinions.
You must not work. Because businesses that do REAL BUSINESS and use Open Source are happy that there is the OSD and approved OSI licenses. That way, we can make real, LEGAL decisions. For individual developers, they might have a different idea of what the definition is, but the actual reference to what defines it is at: https://opensource.org/osd
Reading that will clarify what open source is and isn't. Anything else is just "free software" and should hunt down the FSF for licenses and such. RMS has a very different opinion on software that DOES NOT WORK for large corporations.
I think what I'm seeing over and over in this thread is people talking past each other because the grandparent shouldn't have assumed we were all working in the same context.
I agree, in the legal context of business decisions, OSI has a very specific claim to the term 'open source' and declaring that mongoDB "IS NOT OPEN SOURCE" is a warning directed towards people making business judgements around legal risk.
To everyone else, we use the term 'open source' because we heard someone else say it, and when we write software we say 'oh it will be open source' without getting into the nitty gritty of what license it will use and whether that's OSI approved.
> in the legal context of business decisions, OSI has a very specific claim
But it doesn't. In the legal context of business decisions conformance to an OSI definition of "Open Source" means exactly nothing and OSI-certified "Open Source" even less than nothing. It doesn't help you with anything and doesn't protect you from anything.
Honest question. If I write some code and release it on Github with an MIT license, do I need permission from OSI to call my project "Open Source"? Is there a legal requirement? I am confused.
Fair question :-) And the answer is no, you would not need OSI's permission to call your project open source -- because you'd be using the MIT license which has been reviewed and approved by the OSI.
You can find the list of approved licenses, along with information about the review and approval process, over at https://opensource.org/licenses
You can call your software open source no matter what license you use. People may harrass you, but there is no legal restriction on the use of the term and OSI cannot sue you.
You don't need anyone's permission to call anything "open source". There's certainly no legal requirement.
Note, however, if this language starts making its way into contracts, and you're calling something "open source" that isn't actually open source by any standard meanings of the term, then you could be in trouble. But releasing something under a common open source license is prima facie open source, so no problems there.
> There also is no guarantee that the license will be found to obey the Open Source Definition, and therefore no guarantee that it will be approved.
This shouldn't be surprising -- it blatantly violates the spirit of section 9 (if not the actual wording). I would be quite shocked if the OSI decides the new license is "open source".
> 9. License Must Not Restrict Other Software. The license must not place restrictions on other software that is distributed along with the licensed software. For example, the license must not insist that all other programs distributed on the same medium must be open-source software.
I wonder what RMS / the FSF have to say about it...
>> MongoDB is under a non-approved license and therefore IS NOT OPEN SOURCE
Hey, that's not true - neither yourself nor OSI or anyone else gets to decide that. If the nice folks at MongoDB continue to release their source code, then it's open source. End of story.
MongoDB submitted this new license for approval by OSI at the same time that they announced that they'd relicensed all of their code. We wish they'd started the process prior to the announcement, but what's done is done. The result, however, is that at this moment, MongoDB is under a non-approved license and therefore IS NOT OPEN SOURCE.
As the license review process only started this morning, there's no way to estimate how long the process will take. There also is no guarantee that the license will be found to obey the Open Source Definition, and therefore no guarantee that it will be approved.
Hopefully this will all be resolved soon, but there are far too many question marks around this license (and therefore also around any software using it) right now. It's probably best to limit your legal risk by not upgrading to an SSPL-licensed MongoDB at this point. The previous AGPL-licensed version should always be available.