Why the Sugar license is mad, bad and may be dangerous

[salesagility]

There have been extensive discussions on the OSI website about the use of non-approved licenses such as Sugar's and the rights of companies such as Sugar to call themselves Open Source.

Under such pressure, [another CRM provider] has moved from their own variant of a license to one that is truly Open Source and is approved by the OSI.

But there has been silence from SugarCRM on the issue. This is not sustainable. Pressure will build on organisations such as Sugar to either comply or to stop using the words Open Source in their marketing.

But why is the SPL a bad license ..... this is you guys who don't know a lot about Open SOurce and maybe don't care .... those of you who do, already know these things.

1. It's stupid .....

OK, if everybody in the Open Source movement carried an attribution license like Sugar's then we'd have applications with login screens like this ............ OR WORSE

[SugarForge admins: Removed image containing blatant advertisement of the other CRM. The image consisted of a login screen populated by several logos of well known open source providers (Apache, MySQL, Zend, etc.) as well as the competitive CRM product. It was meant to convey an overcrowded login screen presumably resulting from attribution requirements of all underlying components.]

2. It's hypocritical

Sugar has made extensive use of other Open Source libraries and components on a non-attributable basis .... clearly what's sauce for the goose is not sauce for the gander.

3. It's dangerous

Open Source will work mostly because of community. It's together we stand, divided we fall. Sugar is divisive. We have seen what Microsoft has tried to do with FUD tactics in the patent arena. If Open Source is to survive, it has to survive the threat from the proprietary vendors.

Sugar needs to decide:

Are we Proprietary .... in which case - be honest, go your own way and good luck

Are we Open Source - in which case, use an OSI approved license and fight the good fight.

There is no half way house.

[eggsurplus]

Open Source zealots drive me crazy. Just like any other type of zealot they always believe it's all or nothing; black or white. There are grays areas just like in any aspect in life. Learn to deal with the gray areas and even come to appreciate it. SugarCRM lives in this gray area and actually has a nice, unique model that works.

Also, there is no perfect license. I agree there's cons to the SPL (just like with any license) but if your only issue is attribution then that's small. However, SugarCRM does give attribution to those 3rd party libraries. Perhaps you over looked that in your zeal. It's on the website (http://www.sugarforge.org/content/co...tributions.php) as well as in the product. How is that hypocritical? It seems to go the extra step actually.

Perhaps you need a new hobby?

[andydreisch]

To all:

We've edited the initial post to eliminate blatant references to a competitive CRM product. The tone and message remains the same.

Sugar encourages frank discussions such as this as it benefits the decision-making process of any CRM implementor. But we do not provide and maintain our forums in order to highlight others' CRM products. Other, 3rd party forums, are more appropriate for comparisons of vendors.

Andy

[emanresu]

Andy

You did not answer the original point about how "Open Source" Sugar will be.

I am biased. I like the product. The community does a lot of real-life testing for you so a clear statement would be appreciated.

Roll on V5.0

[cyprus20]

Sugar is not at all an open source company. It's proprietary. It's like the Microsoft's shared source. They should call it a shared-source company.

(Wise) IT men already know it.

[salesagility]

Open Source zealots drive me crazy. Just like any other type of zealot they always believe it's all or nothing; black or white. There are grays areas just like in any aspect in life. Learn to deal with the gray areas and even come to appreciate it. SugarCRM lives in this gray area and actually has a nice, unique model that works.

Also, there is no perfect license. I agree there's cons to the SPL (just like with any license) but if your only issue is attribution then that's small. However, SugarCRM does give attribution to those 3rd party libraries. Perhaps you over looked that in your zeal. It's on the website (http://www.sugarforge.org/content/co...tributions.php) as well as in the product. How is that hypocritical? It seems to go the extra step actually.

Perhaps you need a new hobby?

Mmmmm, apart from demonstrating a lamentable ignorance about Open Source ..... you have conformed to the first principle of poorly thought out arguments which is to be insulting (you get extra points for spotting the irony).

Andy ..... removing the graphic, which was absolutely NOT about advertising, and absolutely WAS about the impact that a poorly considered proprietary license could have on Open Source software, does seem a trifle over-protective. My concern is that it wasn't the fact that there were other brand names on the graphic (would it help if I reconstituted it without competing CRM brands?), but that the graphic pointled out perfectly the dangers and stupidity of the Sugar License.

[salesagility]

Here is the poorly constructed proprietary license working in a theoretical world where the creators of the components that Sugar uses also required attribution. EVERY Sugar page would look like this. Just imagine what Red Hat or Ubuntu would look like. It's madness and it's also not sustainable. It's either an Open Source license approved by the OSI, or it's a proprietayr license and it's not Open Source.

One of the previous posters has asked for a definitive comment on this. The OSI is pressuring Sugar. The community is pressuring Sugar. The media is pressuring Sugar. I think that the community deserves one.

[salesagility]

Hello all,

Following my recent post on the SugarCRM licence issue, I received this email:

Greg,

I am a developer, and I respect what SugarCRM has done to date. I don't respect
their licensing muddle, but your post only partly addressed the reason why.
If I look at the SugarCRM code (whether to fix something or to borrow something)
and I subsequently work on some other web application, I am then at legal risk
of somebody enforcing the licence against me -- regardless of how deep down the
lines of code I looked at are, and regardless of how unrelated my other web
application is.

And in fact this is not something SugarCRM may always want, have they truly
thought it through?

For example, let's say I decided to modify one of the many PHP photo albums
around using a little SugarCRM code in the depths, specifically for
legal pornography and other interesting things such as found in large quantities
at http://bayimg.com/cloud . And let's say many other programmers decided that
was a good thing and they used and re-used my code and hosted instances elsewhere.

Now what is the licensing situation of all these porn galleries? The SPL states
in 1.9.B that it covers
"Any new file that contains any part of the Original Code or previous Modifications. "

And Exhibit B II SugarCRM and Logo demands that every page on every one of these
porn sites has "Powered by SugarCRM". And at the author's discretion, potentially
a lot larger than 106x23 pixels.

What could SugarCRM do? It could modify the license to require explicit permission
before using the logo and therefore the source code, but that is administratively
impossible. Or it could add a condition that says "Not for any pornographic sites".
So then we do it with Nazi concentration camp photos, or US Iraq war insider photos,
with "Powered by SugarCRM" interleaving every blood-soaked image on the page and making sure
that it is in close juxtaposition to accurate but unpleasant text and identifying Sugar in
the tags. There is no way Sugar could win such a battle, the marketing
would be lost long before the legal battle was lost, but the legal
battle is not winnable either.

I don't necessarily think anyone should go at and do this -- my business
depends on the good name of SugarCRM! -- but it does illustrate the
foolishness and lack of business acumen shown by the current situation.

[andydreisch]

Hi salesagility, we appreciate your removing the reference to Sugar's competition in your example.

Andy

[dfs]

It's pretty clear to me that most of the Sugar license was carefully written by lawyers... except for Exhibit B. Let's take a look:

B.II says "However, in addition to the other notice obligations, all copies of the Covered Code in Executable and Source Code form distributed must, as a form of attribution of the original author, include on each user interface screen (i) the "Powered by SugarCRM" logo and (ii) the copyright notice in the same form as the latest version of the Covered Code distributed by SugarCRM, Inc. at the time of distribution of such copy."

We use SugarCRM, but we do not distribute it. So presumably *we* can remove the logos and links from our internal copies. Presumably also, you could distribute SugarCRM with a script to remove them, but not actually do the removal yourself.

"In addition, the "Powered by SugarCRM" logo must be visible to all users and be located at the very bottom center of each user interface screen."

What does "very bottom center of each user interface screen" mean? Center of the active area of the Web browser? Center of the entire Web browser window counting tabs and sidebars? Center of the physical screen?

What does "visible to all users" mean? Blind users too? People who have moved their browser window so it's partly obscured?

"In addition, the copyright notice must remain visible to all users at all times at the bottom of the user interface screen."

That requirement is not even met by our bog-standard copy of SugarCRM. Some pages are too long and the copyright notice is below the page; you have to scroll to see it. It's not visible "at all times."

So apart from the irritation aspect of the license, it's sloppy and badly-written. Lawyers make a living tearing apart sloppy wording; it would behoove SugarCRM to hire a lawyer to correct the sloppiness in their license (or better yet, remove the silly attribution requirement altogether.)