MySQL mistake is a wake-up call on open source ownership

So-called contributor agreements give corporate sponsors of open source projects too much power

There was a moment of panic in the open source community this week when a developer on the MariaDB fork of MySQL discovered that Oracle had quietly changed the license on all the man pages for MySQL from GPL to a restrictive proprietary license two months earlier. Prompted by the bug report, Oracle's staff quickly discovered that an error had been made in the build system and promised to immediately undo the change and restore the GPL to all of MySQL. Problem solved!

All the same, the incident was a wake-up call to many. Although there's no reason why they should and have promised not to do so, Oracle could change the license for MySQL, or indeed any of the open source projects it owns, at any time without notice. Oracle is able to do this since, unique among the rest of the open source community around each project, they are not themselves bound by the open source license.

[ Simon Phipps tells it like it is: Why software patents are evil. | Stay ahead of the key tech business news with InfoWorld's Today's Headlines: First Look newsletter. | Track the latest trends in open source with InfoWorld's Technology: Open Source newsletter. ]

This unique power exists in turn because Oracle owns the entire copyright to MySQL, even to parts of it the company has not written. Why is that? It's because all contributors to the code have to sign a "contributor agreement" assigning ownership of the copyright to Oracle, which is not alone in this. Sun before them used contributor agreements to get full source ownership, and many other projects do the same.

What are contributor agreements, and why do they exist? The need for them often arises from the interaction with open source and certain approaches to business. They meet a need, but they can come at a significant cost to the health of the project. If you're starting a new project, it's worth understanding the bigger picture with a practical guide to the assumption that "everyone uses contributor agreements" because not everyone does. I'm by no means the first to tread this ground; this old but comprehensive article by LibreOffice developer Michael Meeks ends with a useful list of other articles.

Dual licensing

One of the dimensions of the business of open source has been the dual-licensing business model. The name is a little confusing since there is (usually) only one open source license used; the second arrangement is usually a proprietary license or contract exempting the customer from some of the terms of the open source license. This can be better described as selling exceptions to the open source license, and it is commonly done in conjunction with the GNU GPL, which has clauses some businesses regard as hard to accept.

Under this model, open source software is genuinely present, guaranteeing the freedoms of its users, but the business owning the copyright makes money by selling benefits, such as the right to make derivatives under a different license, commercial terms that offer additional guarantees and (most famously) anything-but-the-GPL as the license under which the software is used. This last option means that dual licensing has often been associated with shady sales tactics along the lines of "it would be a shame if your business got infected with that evil GPL viral license ..."

Copyright aggregation

In order to use this model, the business owning the copyright has to own the entire copyright to the software they are distributing. As a consequence, when any community member wants to add a modification or enhancement to the source code for the software, the owner demands the contributor must also hand over their rights to the addition. To achieve this, the copyright owner requires the contributor to sign a legal document for any involvement in the community that involves co-development.

Usually called a "contributor agreement" (to the detriment of older arrangements that use that term for community participation agreements that don't actually aggregate copyright), the document gives rights amounting to ownership of the copyright in the new work to the copyright aggregator. It may also include other clauses, such as a statement of originality ("this is my work and I didn't plagiarize it"), a grant of patent rights, and even an indemnity ("if you get sued you can blame me"). In most cases the author retains rights to any individual work in some form or receives a license back, but it's only the aggregator who owns the copyright to the whole system.

So what's the problem?

Open source can be defined as the co-development of software by a community of people who choose to align a fragment of their self-interest in order to do so. The commons in which they work contains software free from usage restrictions, with guaranteed freedoms to use, study, modify, and distribute it -- in other words, "free software." The community members each work at their own expense in order to achieve a shared outcome that benefits all, including themselves. When they create an enhancement, fix a defect, or participate in a design, they are not "working for free" or "donating their work" so much as they are "participating in co-development."

1 2 Page
Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies