[bunderbunder]

So, yes, technically, OSI does not own the term open source, and it could be that this license does comply with everything set out in the Open Source Definition (https://opensource.org/osd), and that means that, technically, "(the latest version of) MongoDB is not open source" is overstating the case.

Except that, as a non-lawyer developer who generally agrees with the Open Source Definition, "under an OSI-approved license" is my working definition of "open source". I believe the same is true for many others. And, under that definition, if Ms. Brasseur doesn't consider it to be open source (yet), I'm happy to fall in line with that.

She went on to say the magic words that mean so much more to me on this front than any debate about who gets to own the term: "It's probably best to limit your legal risk," and, "at this point." OSI's recommendations are a key part of how I limit my legal risk, and they're working on vetting it as we speak. My best course of action is to sit on my hands and wait for their advice.

[geoelectric]

Between Cygnus/Red Hat and Mozilla, I've worked for open-source-based companies for 7 years of my career, and never once heard or believed "open source" in lowercase to mean "OSI-approved."

I appreciate what OSI does, and do value an OSI review and endorsement, but you're seriously reaching here and trying to double-down on it.

Edit:

To be clear, I think the OSD captures what open source is, but OP tried to say "We haven't reviewed it, so it's not open source," not "We haven't reviewed it, so WE don't know it's still open source." Whether or not and when OSI gets around to reviewing something has zero bearing on whether something meets the OSD, even if we are going to assume that's the de facto definition.

I find the idea the VP thinks we need to wait on them to deliver their judgment from on high to be, frankly, offensive. OSI didn't successfully get the trademark on "open source" for a reason, and I can read a license myself.

[bad_user]

> Between Cygnus/Red Hat and Mozilla, I've worked for open-source-based companies for 7 years of my career, and never once heard or believed "open source" in lowercase to mean "OSI-approved."

That bullshit.

If that wasn't the case then Microsoft's Shared Source licenses could also be considered "open source", licenses which completely restricted commercial usage. Thankfully the world did not fall in that trap.

Without a working legal definition, the term "open source" becomes (1) meaningless and (2) a legal minefield.

Basically you've been spoiled by OSI approved licensing because our industry rejected anything else. We could've had a different industry and yes, all those bullshit projects on GitHub without a license are a legal minefield.

[threeseed]

Open source for most people means whether you can see and modify the source code.

Not whether OSI gives it some arbitrary stamp of approval.

[jkrems]

Yeah, but that's a really dangerous position to take and if they'd work with me I'd be quick to set them straight. Because that path leads to legal adventure.

What you are describing is "source available", not "open source". And that's a huge difference in practice. https://en.wikipedia.org/wiki/Source-available_software

[tlrobinson]

I'd add "redistribute" to the GP's definition, but the point stands that the definition of "open source" is not "licensed using an OSI approved license"

[azmenak]

A “source available” example

https://github.com/highcharts/highcharts

[patmcc]

Whether or not it's OSI approved or not isn't relevant, but if it doesn't meet their definition or something similar (https://opensource.org/osd) then it probably isn't what most of us would call open source.

How about I create a license called the ABA (anyone but amazon) license. If you're not Amazon/AWS/a subsidiary, it's just the MIT license. If you are, then you have no rights to use the software. Would you call that an open source license? I wouldn't. An important point (I thought) of open source was that the rules are the same for all, whether you're using it for personal projects or the biggest business on earth, whether you charge money for it or do it for free.

[bunderbunder]

That's a fine interpretation of the term for amateurs.

By which I mean, it's probably fine to think of things that way when you're working in an amateur capacity. If you're working in a non-amateur capacity, thinking about things that way could result in unwittingly exposing yourself to more legal risk than you want.

[tlrobinson]

I don't think simply checking that the license is "OSI approved" gives you many legal guarantees. There are currently 83 "OSI approved" licenses containing a variety of terms, from aggressively copyleft to extremely permissive: https://opensource.org/licenses/alphabetical

[bunderbunder]

I don't either. . . we might be playing a game of moving goalposts here. I was specifically responding to the observation that, "Open source for most people means whether you can see and modify the source code.", and saying that that, while that is a workable definition, it's probably not one that most people want to use.

[jfoutz]

You might want to be a little tighter with that definition. You can find the source for all sorts of crazy stuff. And with that, you can modify it.

Oracle or Microsoft or any other copyright holder that didn’t release that is going to be ticked off at you.

There has to be some element of the author wants you to have it.

I know this sounds silly and pedantic. I think there have been organizations that ignored copyright and released stuff they didn’t control the rights to.

You might want to tack on something about the authors want me to have access to this.

[Freso]

… And I think this has exactly been @bunderbunder's argument from the start? That the "definition" put forth by threeseed is naïve and could at best be usable on an amateur level, but as soon as you start having money involved, you really want a more in-depth/verbose/specific definition (like the one the OSI provides), rather than simply being "I can read (and thus modify) the source."

[cmroanirgo]

> That's a fine interpretation of the term for amateurs.

That's a seriously polarizing statement that you've made.

While I understand that your argumentation is from points of law, I think you need to realize that the term open source, was pushed by us, the developer community and so I feel that it is us amateurs that have the right to maintain the heart of the law. So, revisiting the heart of the matter:

"We had identified free software as a promising approach to improving software security and reliability and were looking for ways to promote it. Interest in free software was starting to grow outside the programming community, and it was increasingly clear that an opportunity was coming to change the world. However, just how to do this was unclear, and we were groping for strategies." [0]

So, what MongoDB has done is in fact increased (imho) the open source aspect of their offering by attempting to curtail corporate abuse. You should be thanking them.

[0] https://opensource.com/article/18/2/coining-term-open-source...

[nulagrithom]

No, it has nothing to do with "amateurs". Whether the source is open and what the license dictates are two wholly different things. The danger is exactly in conflating the two.

Take for example the NPOSL-3.0:

A variant of the Open Software License 3.0, this license requires that the organization using it is a non-profit and that no revenue is generated from sale of the software, support or services.

https://tldrlegal.com/license/non-profit-open-software-licen...

The source is open, but you can't use it outside of non-profit orgs. It's "Open Source™", it's approved by OSI, and it can still get you in legal trouble.

[cyphar]

Huh, how on earth did that get approved. It violates Section 6 of the definition: "No Discrimination Against Fields of Endeavor" (which specifically has the example of discrimination by disallowing software use within a business).

Personally I never liked the OSI's definition of "open source", and the FSF definition of free software has always felt (for me) to be far more fundamental.

[candeira]

If you never liked the OSI's definition of "open source", what do you think about the Debian Free Software Guidelines?

About the discrimination of fields of endeavour, please read the sibling comment to yours. I think you and the grandparent have both misunderstood the license.

[cyphar]

I went and re-read Section 17 (the only section that is different from the OSLv3) and yeah it looks like tl;dr legal misrepresents what the license requires. Effectively, it requires that if you redistribute it and want to do so under the NP-OSLv3 you must make a declaration that you're a non-profit and so on -- otherwise you must distribute it under the OSLv3 and clearly state this is the case. (I don't really see the benefit of such a license, but each to their own.)

Looks like I was wrong. Regarding the DFSG, I think it was necessary (according to Bruce Parens it was the DFSG which convinced Stallman to distribute his four freedoms definition more widely). I think the DFSG is a decent set of guidelines that help avoid legal trouble for Debian by having clear requirements, but I don't think it's a good definition for a movement's primary purpose. In many ways the DFSG and OSD can be seen as re-statements of the four freedoms but without any strong justification for why these particular conditions are necessary for a license to be good -- the four freedoms can be explained by explaining how each freedom is necessary to ensure that users have control over their computers.

For an example of why having strong fundamentals is important, the OSD doesn't really have a stance on DRM -- while the free software definition clearly does (even though it predates any modern concepts of DRM).

[candeira]

You've misinterpreted the license. What it says is that the licensOR (not the licensEE) is a non-profit. That is, by publishing your original software under the NPOSL, you claim that you are a non-profit organisation. That's it.

Nowhere does the license say that you can't use the code outside non-profit orgs. In fact 17.d says very clearly that if you're not a non-profit, you are allowed to distribute your modified works, but under the original OSL license, not the NPOSL. So you can use, modify it and distribute it, only with a complication in the licensing.

The other amendment the NPOSL adds is where the original OSL gives a grant of patents and a warranty of provenance, and the NPOSL explicitly doesn't, because it's designed for non-profit companies, which have no money, so it's intended to reduce legal exposure.

It's a Free Software license in my opinion, and I bet you a drink that Stallman and the FSF would consider one too, even if they would not recommend using it.

Also note that the license's author is Laurence Rosen, who was General Counsel of the OSI, knows more about software licensing than most people, and who explains the details and rationale of the NPOSL in [1]

[1] https://rosenlaw.com/OSL3.0-explained.htm

If you have any other license that's OSI-certified and you think is non-free according to the principles of the FSF, I'm interested in learning about it.

One thing to take into account, though, is that the OSI is a certification body, and the FSF isn't.

Thhis means that the list of Open Source (according to the OSI) licenses is closed and published on their site. The FSF gives a set of principles and also publishes a list of licenses with some analysis, but the FSF's list is non-exhaustive, nor does it pretend to be. There are infinite potential free licenses that the FSF will not list, because its doesn't count license certification as one of its goals.

[threeseed]

If I am using an open source project I make sure to understand the license rather than blindly trusting some organisation.

Seems pretty amateur not to do this.

[Intermernet]

>Open source for most people means whether you can see and modify the source code.

Do you mean legally? If not, Windows 2000 is open source. If so, then that's what the OSI tries to ensure.

[icebraining]

No, the OSD according to the OSI requires much more than seeing and modifying.

[Intermernet]

Yes, the OSD tries to include legality in "seeing and modifying". If you regard Open Source as just "seeing and modifying" the source then anything that you can get the source code for is Open Source. This is most definitely not the case, as illustrated by my previous example of Windows 2000. Please see [0] and [1] for more info. Confusingly, there are still copies of the W2K source on github which have an MIT license in the root which is, I assume, false and unauthorized by MS [2].

[0]: https://news.microsoft.com/2004/02/12/statement-from-microso...

[1]: https://torrentfreak.com/microsoft-takes-pirated-windows-nt-...

[2]: https://github.com/pustladi/Windows-2000/blob/master/LICENSE

[mindcrime]

No, most people accept the OSD as the de-facto definition of "open source".

[bad_user]

I think you've been spoiled by Open Source licenses, due to the people that actually fight for that definition.

Would you consider Microsoft's Shared Source licenses as being "open source"?

https://en.wikipedia.org/wiki/Shared_Source_Initiative#Restr...

[nunobrito]

On my side those cases are categorised as "Public source" and the respective license terms are then labelled as freeware for most cases, as a sub-variant of Proprietary license types. The other two variants would be Purchase or Subscription.

From a licensing compliance/verification perspective, being OSI approved is a good help to guide developers and reduce the effort of processing the applicable terms. For the auditor itself, the OSI stamp is OK but not something critical.

Looking better, we simply don't even use the terms Open Source nor FOSS on our procedures to be inclusive of the commercial/closed 3rd party products.