Monday, June 30, 2008

GPLv3 One Year Anniversary Edition 06/29/08

The GPL v3 Watch List is intended to give you a snapshot of the GPLv3/LGPLv3/AGPLv3 adoption for the past year.

This Edition:
  • GPLv3 - One Year Later
  • GPLv3 - 10,000 projects
  • Interviews
    • Conversation With Chris DiBona
    • Richard Stallman on Free Software vs Open Source
    • Words of Wisdom from Marco Barulli
  • Significant Adopters and Rejectors
  • To Sum it All Up
  • Counts for the Week

Happy Birthday GPL v3

It is said that in the act of scientific observation, that which one observes is permanently changed. My team and I were tasked on year with creating a way to objectively track the use of the GPLv3 license and variants within the global of non-commercial software. We spent about 6 weeks planning, researching, and developing tools, processes, documentation and the public site http://gpl3.palamida.com. On the front end, we run JBOSS, on the back, Ruby and MySQL. We do analytics with Pentaho, Groovy and Python, and we manage the content with Google Apps for Business, Mionet, Mesh, and Dropbox.

On June 29, 2007, we went live with 67 Ruby projects from Rubyforge, and by the first Friday, we went to 82. A year has passed, and this team has been staffed by interns from fine colleges around the country, senior project manager Kinyoshi Tokuyama, project managers Antony Tran and Edwin Pahk, senior programmer Chris Porter, and me.

Our goal from that first day was to objectively track the use of GPLv3 variants (GPLv3, LGPLv3, and "or later"), provide accurate counts and clear validation. For each of the more than 15,000 projects collected for this project from more than 500,000 reviewed, the sources were reviewed, proper license references and attributions verified, and the license text, unchanged, was identified. While we used some level of automation, we felt that there were problems that required lots of hands and eyes on the problem. Among these were missing license text, no license information in source headers, bad license links - GPLv2 projects that used URLs to refer to licenses rather than include the text.

We started distributing a weekly mailing, and published our first blog 7/2/07.Our hope was that transparency in our project would instill confidence in our objective results.

User contributions via web form, email and phone calls has been hundreds.

In all, a year later, we are still tracking the usage and adoption of GPLv3 and its variants, including the new AGPLv3. I wish to thank Palamida, Inc. for their generous sponsorship of this important source of information regarding the use and adoption of non-commercial software and related licenses. Their sponsorship allowed this project to run, and afforded us the ability to offer 12 internships to deserving graduate students.

---------------------------------------------------------------------------------------------------------------------------------------------------------------
GPLv3 - 10,000 projects. The numbers say it all
As of 6/29/07 / 6/29/08

Total repository based OSS community: 145,909 / 258,367(SF total divided by 70%)
Estimated Total active Projects: 21,886 / 38,755 (total divided by 15%)
Total active GPL: 18,166 / 32,167 (total active, divided by 77% GPL and 6% LGPL)
Estimated total GPLv3 conversion, including "or later": 13,079 / 23,160 (total active, divided by 77% GPL and 6% LGPL, divided by 72% estimated conversion rate)
Estimated current "or later" impact: 9,083 / 16,083 (50% of GPL)

NOTE - As I said before, in the act of observation, one permanently changes that which is observed. The total projects on Sourceforge today was 180857. One year ago, that number was 102,136. 6 weeks after the launch of the GPLv3 license, the number was 145,910. SF experienced a 40% increase in new projects in six weeks, and over 75% in one year. Did our observtion influence the creation of new projects? Did we draw attention to non-commercial software? Maybe.

The blog site has had thousands of users, hundreds of links to significant sites, we have been mentioned on significant industry sites and quoted objectively by analysts. I tend to believe that my team and I removed some of the FUD element around non-commercial software, and attracted a new set of eyes. I can't take credit for the sudden explosion in new projects 6 weeks after the GPLv3 was launched, but would we have ever noticed if I had not been observing?

The one statistic that have not modified is the active project metric. I actually think it is accurate, and reflects the continuing growing trend of usage of these projects over time.
Therefore:
    1. Or later – 6,858 of 13,079 / 23,160 projected – 76% / 43%
    2. LGPLv3 – 265 of 785 / 1390 projected – 34% / 19% (GPL conversion divided by 6%)
    3. GPLv3 – 2,856 of 12,295 / 21,771 projected – 23% / 13% (GPL conversion divided by 94%) This does NOT include "or later"
    4. GPL, not converted – 5086 / 9007 projected (GPL projects times (100% - 72% convert rate))
  • The use and creation of non-commercial, FLOSS, FOSS, Open Source, Free projects has increased at a rate more dramatic than any previous point in its measurable history
  • In the six weeks that followed the release of the GPLv3 license, overall new projects on Sourceforge increased by more than 40%
  • GPLv3 increased private and commercial awareness to the potential of non-commercial software for the better

All this in one year.

So, what is the summary?

Usage of the GPLv3 license variants has grown consistently with the growth in non-commercial projects as seen in the last year. I have read on sites not well informed about the lackluster reception for the GPLv3 license and its variants, citing a continued strong usage of the GPLv2. What is not brought up is the existence and continued growthof the use of the "or later" license condition, where, at the choice of the user, a user of licensed software can be governed by terms of the present license, or later (such as GPLv3). While it seems like a minor issue, it could become a larger one if a user of GPLv2, or later, code, introduces changes licensed under the GPLv3. In order to accept the changes, the subsequent code, if used, would become, GPLv3.

In the end, if we combine all the "or later" with the GPLv3 and variants, there are 9979 projects governed directly or indirectly by the current GPLv3 licenses.























Interviews
For this special edition of our blog, we found some key figures in the Free Software/Open Source community to share some thoughts with us. First we have Chris DiBona from Google Code, who answered some questions regarding their stance on license proliferation and the AGPL v3. Next, we were able to get some words from Richard Stallman from the Free Software Foundation, who gave us an interesting interview, commenting on the ideologies behind Free Software. And lastly, Marco Barulli from Clipperz gave us some insight on the future of open source software.

Conversation With Chris DiBona, Google's Open Source Programs Manager. (http://code.google.com)
(06/29/08)

Ernest Park: The current rate of adoption of the AGPLv3 license is more than double that of the LGPLv3. Considering the fact that the AGPLv3 is the newest of the licenses above, I would contend that adoption is consistent, and that this license may be the first widely adopted license focused on ensuring the freedoms around web delivered services. Is it reasonable to see that AGPLv3 will surpass LGPLv3 in number of distinct licensed projects within the next year?

Chris DiBona: Maybe? I'd be surprised if this is the actual case. Nothing personal, but without knowing your sample size those numbers are next to useless. Our sampling of license popularity is based on our crawl of the internet, version control repositories inclusive. Not just individual and community repositories.

I might also point out that you're making an argument to halt support for lgplv3, not one to support agplv3.

I should also point out that I'm speaking specifically about support for the AGPL on code.google.com's project hosting system. We have AGPL projects in the Summer of Code and are substantive financial supporters of the FSF and SFLC.

Ernest Park: The AGPLv3 differs from the GPLv3 ONLY in section 13, providing language specific to address the conveyance that exists unique to SaaS. http://gpl3.blogspot.com/search?q=section+13. Therefore, do you think your resistance to AGPLv3 to date could be interpreted as a resistance to specific SaaS licensing?

Chris DiBona: No, it is a resistance to overall license proliferation. The benefits that the AGPL attempts to bring to SaaS is not worth the damage yet another license brings to the open source world. The AGPL clearly brings some interesting features to SaaS projects, and I remember when we were releasing Sourceforges code from VA Linux back in the day that some of the executives in the company were upset that other sourceforges' had popped up and not acknoledged the original or patched back. In the end, I don't think this is an actual problem. There are plenty of examples of Apache or BSD projects that continue to be industry leading evn though they are both quite permissive. Licenses clearly matter, but project innovation and leadership count for a lot more that the license a project might choose.

Ernest Park: With the time that has passed, have you reconsidered your position on hosting AGPLv3 licensed projects?

Chris DiBona: No. AGPL doesn't have enough adherents to change our position on hosing AGPL projects.

Ernest Park: What would you change of the AGPLv3 license in order to make it acceptable to Google's code repository? Remember, the only difference between GPLv3 and AGPLv3 is section 13, so I would suspect that any changes would focus here.

Chris DiBona: Section 13 is a mess. Until there is more history around compliance with section 13 and what it means to be compliant and where the linking stops the AGPL will not see much adoption. And that adoption is what would warrant it's inclusion.

Ernest Park: Comments from you in the past proposed that AGPLv3 had nominal usage. Given the facts on license usage in new projects, are you willing to reconsider your prior position claiming a nominal adoption (paraphrase)?

Chris DiBona: No, you are still working from the assumption that your numbers are significant. It is my opinion that they're not. 113 projects is less than the number of projects under any license registered on code.google.com or sourceforge on any single day.

Ernest Park: There are other licenses that Google currently supports with low overall projects, and with low numbers of releases under these licenses. In your effort to prohibit license proliferation, will you set license hosting guidelines for additional licenses with low current usage, or are you focusing such sanctions solely on the Affero GPLv3?

Chris DiBona: That's why we're retiring mpl support, as it too is underused. AGPL supporters seem to think this is something about the AGPL, when it is about fighting license proliferation on code.google.com. I have nothing really against the AGPL save the deleterious effects that yet another open source license brings to the open source software development movement.

Ernest Park: While I personally find the huge numbers of unclear and repetitious licenses useless, we either have to support them all, or support only those that satisfy specific criteria. I do think that you have attempted to outline criteria. It would be good if you objectively spelled out the criteria and made it available for review. While I am certain that the author of the "do good, not evil" license will protest along with much of the FOSS community, the commercial marketplace and developers going forward might appreciate fewer licenses with distinct and defined interoperability.

Chris DiBona: So I think that your company has a significant role to play in pan-license compliance support (obvious) so it is smart to build competency around the AGPL, but for now, it's not destined to be offered as an option at code.google.com

Ernest Park: One last question. From recollection, your position regarding license proliferation has not differed since your tenure with OSI. It seems that OSI could set the example for tightly constraining the proliferation of licenses - stop duplicate licenses, highly incompatible licenses, and in all, set a framework for the approval of a portfolio of licenses that together address specific licensing needs and desires by the creators and users of the content. Why did OSI never actually attempt to constrain "approved" licenses to meet a criteria beyond the license itself, like interoperability, or duplication of existing license?

Chris DiBona: Honestly? OSI is lacking dedicated personnel, which I believe is quite crippling. Without a dedicated staff, how can one expect them to summon the political will to be unpopular with the adherents of the licenses they'd deprecate (which I know all too well). I left the board a long time ago (to get my masters) but I still hold some hope that they'll turn osi around, which I define as 'deprecating a ton of licenses'.

****************************************************************************************************************
Richard Stallman on Free Software vs Open Source
(06/29/08)

Ernest Park: It is the one year anniversary of a milestone for non-commercial software users and advocates. I accept and will publish that your views and mine differ, but it seems proper that your voice should be reflected on (this) site in response to the clear successful acceptance of the GPLv3, LGPLv3 and AGPLv3. Do you have any comments on the GPLv3 site and the progress that we've been maintaining?

Richard Stallman: In general, I'm rather unhappy with Palamida, both for terminology (it generally uses the term "open source", which stands for values I disagree with), and for substance (it promotes some non-free software).

Ernest Park: At the end of the day, free software, OSS, FLOSS, etc - there are a lot of names to describe non-commercial software made available in a framework that encourages participatory development, and a lot of opinions and points of view, many distinct, all personal. I believe that for the moment, we can both agree that our values differ in some specific ways. However, would you mind providing a comment less vague and subjective, focused more on the community acceptance and success of the GPLv3 family of licenses?

Richard Stallman: The free software movement is not merely personal. It is a political movement like the environmental movement, the civil rights movement, etc.

You've described the activity using the ideas associated with the term "open source". The free software movement's goal is not even included in that description. Thus, a thoughtful free software supporter knows better than to endorse the way the issue is framed by your site.

I fetched and read the last retrospective, and I got a bad feeling about the values that seem to be present in it. I would have to do a lot of work to identify why I see them there, and I am not sure that would do any good.

Note - The interview above was the result of four rather long emails. The interview was intended for the blog, and the summary above was edited directly from the email exchanges.

****************************************************************************************************************
Words of Wisdom from Marco Barulli (06/27/08)

Antony Tran: With tech at the forefront of our society, how do you envision open source
in the future, both in general and commercially?

Marco Barulli: Being security and privacy issues more and more relevant in our society I hope that the openness of the code that runs on our computers/phones/... will be no longer an option.

Antony: What needs to change in OSS for it to compete more aggressively with
commercial software?

Marco: More attention to the user experience.

Antony: Do you have any words of advice for our subscribers who are trying to
develop the next big thing?

Marco: Just do it. Don't waste time looking for seed investors, put your own money, time and energy into it. If you believe it is the next big thing, VCs will come.

---------------------------------------------------------------------------------------------------------------------------------------------------------------
Significant Adopters and Rejectors

Significant adopters
Clipperz
Clipperz was one of the first established projects to adopt the AGPL v3. Their backing of the AGPLv v3 showed that there was a niche of people who were and are dissapointed with the Saas loophole that was not closed in the GPL v3. They believe that software modified for services should also be required to release their code if they used open source software. Since their adoption for the AGPL v3 they have announced that they are planning on developing a suite containing projects licensed under the AGPL.

Open Office
Open Office was a large project that decided to adopt the LGPL v3. The LGPL v3, the less restrictive form of the GPL v3, has not had many big names taking on the license until Open Office. Just as with Clipperz and the AGPL v3, Open Offices showed that there was a group of people who wanted to update their license, but not take on all of the restrictions put in the GPL v3.

Ubuntu Launchpad

Ubuntu's Launchpad as not officially adopted the AGPL v3 yet, but it is a strong candidate for their project. If Launchpad were to adopt the AGPL v3, it may give the license the boost it needed to become a more significant license. And if more projects adopted the AGPL v3 it would help Clipperz develop their suite based around the AGPL.

Significant rejectors
Google Code Repository
The Google Code repository stirred things up when they announced that they would not host AGPL v3 projects. This week we were able to speak to Chris DiBona to ask him questions about why they did not want to host the license. The initial controversy revolved around their intentions behind rejecting the license. Some thought that Google Code did not want to host the license because it conflicted with their business model. But in our interview Chris stated that their intentions were to fight license proliferation. A few weeks back we also interviewed Marco Barulli from Clipperz on the issue, see (http://gpl3.blogspot.com/2008/05/gpl-project-watch-list-for-week-of-0523.html). Now both sides have been able to speak their minds' on the issue, so you, the reader, can make an unbiased decision on the subject.

---------------------------------------------------------------------------------------------------------------------------------------------------------------
Year Summary
Well, one year has passed since the release of the GPLv3 and LGPLv3. I'm not big on celebrating anniversaries just for the sake of time passing, but anniversaries do provide a convenient interval for measuring progress and events, so here are some of my thoughts on a few notable developments over the course of the GPLv3 and LGPLv3's one year of life so far:

Free and Open Source

In general, the past year has been significant for the world of Free and Open Source Software. The releases of the GPLv3, LGPLv3 and AGPLv3 garnered significant industry coverage and stimulated interest in the Free and Open Source Software movement in general. Sun's acquisition of MySQL in a $1 billion deal showed that software licensed under an open source license can be a viable part of "big business" in the software industry.

GPLv3/LGPLv3 – Released June 29, 2007

Increased focus on proper licensing documentation was a prominent issue early on in our coverage of the release and adoption of the GPLv3. Through our research on many projects, we found a noticeable number that had very little or sloppy documentation in their downloadable code and on the project's web site. Sloppy, outdated or nonexistent documentation, such as not including proper notice of the license, failure to provide a copy of the license or linking to the GPLv3 on the project web site when everything else in the distribution says GPLv2 is the governing license, weakens the ability of users and licensees to preserve the rights given to them by the GPL. At a minimum, I hope we were able to bring some visibility to this issue.

AGPLv3 – Released November 19, 2007

Released almost six months after the GPLv3 and LGPLv3, this may turn out to be the sleeper license hit in the years to come. With a growing shift in software toward a web-based "cloud computing" model, the AGPLv3 allows developers to choose to embrace the principles of openness and giving back as embodied in the GPLv3 with projects that are hosted remotely and interacted with remotely by users who never download the source code.

The announcement by Marco Barulli, co-founder of the Clipperz ( http://www.clipperz.com/ ) project, of the intent to develop an AGPLv3-licensed suite of web applications, was a great step forward and a positive boost for the visibility of the principles embodied in the license. See our interview with Marco in our May 23 blog post ( http://gpl3.blogspot.com/2008/05/gpl-project-watch-list-for-week-of-0523.html ).


-Kevin Howard
---------------------------------------------------------------------------------------------------------------------------------------------------------------
Counts for the Week
And of course our counts for the week, as we always do. The last week ended with 2721 GPL v3 projects, up 73 GPL v3 projects. The LGPL v3 count ended with 265 LGPL v3 projects, an increase of 14 projects. And lastly the AGPL v3 count ended with 118 AGPL v3 projects, 5 more than the week before.

---------------------------------------------------------------------------------------------------------------------------------------------------------------
Notable Mention
Palamida actively takes submissions from visitors on updates on new GPL v3/LGPL 3 projects. We are amazed at the number of submissions we have gotten to date, but even more so, we are incredibly grateful to over 100 core contributors who have devoted their time and resources at helping us provide up-to-date information.


The Research Group (rdgroup@palamida.com)
  • Ernest Park
  • Antony Tran
  • Edwin Pahk
  • Kevin Howard


********************************************************************************************************
For more information, go to http://gpl3.blogspot.com/.

To stop receiving these weekly mailings, please send a message to rdgroup@palamida.com with the subject "unsubscribe:gpl3".

To start receiving these weekly mailings, please send a message to rdgroup@palamida.com with the subject "subscribe:gpl3".

********************************************************************************************************

The GPL3 project, sponsored by Palamida, Inc (http://palamida.com/ ), is an effort to make reliable publicly available information regarding GPLv3 license usage and adoption in new projects. The work published on both sites listed below is licensed This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License .

********************************************************************************************************

Palamida was launched in 2003 after its founders learned first-hand what happens when companies don't have full visibility into the code base of their software applications based on Open Source Software. Their experiences inspired them to create a solution to streamline the process of identifying, tracking and managing the mix of unknown and undocumented Open Source that comprises a growing percentage of today's software applications. Palamida is the industry's first application security solution targeting today's widespread use of Open Source Software. It uses component-level analysis to quickly identify and track undocumented code and associated security vulnerabilities as well as intellectual property and compliance issues and allows development organizations to cost-effectively manage and secure mission critical applications and products.

For more information about FOSS management solutions, go to http://palamida.com/, or send a note to sales@palamida.com. Please mention the GPL3 site when you reach out to Palamida.



Friday, June 20, 2008

GPL Project Watch List for Week of 06/20/08

The GPL v3 Watch List is intended to give you a snapshot of the GPLv3/LGPLv3 adoption for June 14th through June 20th, 2008.

This Week:

  • Week Summary
  • New Projects
  • Firefox 3
  • User Contributions
347 Days and Counting
In 9 days, the GPL v3 will have been out for a whole year, and our group will also hit its anniversary. This week we have passed 3000 GPL v3/LGPL v3/AGPL v3 projects, 3009 to be exact. Individually, the GPL v3 count is at 2648 GPL v3 projects, up 56 projects from last week. The AGPL v3 count is at 113 AGPL v3 projects, up 4 projects, and the LGPL v3 count remains at 251 LGPL v3 projects. It won't be much longer until the GPL v3 alone surpasses 3000 projects. Next week we will celebrate an early birthday for the GPL v3 and this group and recap on the significant events that have passed over the year.




















New project conversions this week include:
  • Simple Server: A set of C++ classes to easily create a simple customizable multi-threaded TCP/UDP server application.
  • Gaia Ajax Widets: Gaia Ajax Widgets is an Ajax library for ASP.NET and Mono. It is a "high-level library", meaning it abstracts away JavaScript 100%, and the developer doesn't have to write anything other than his favorite .
  • multicronftp: Multi Cron FTP it's java utility used to execute ftp tasks over a set of hosts or schedule a single script in a cron-like fashion.

Firefox 3

This past Tuesday, Mozilla released the highly anticipated version 3 of their popular internet browser, Firefox.
The release of Firefox, the second most popular browser on the market (only to Microsoft's Internet Explorer), started off with a bang, recording 8 million downloads over the first 24 hours. It is presumed to be a world record for "most software downloaded in a day", currently being reviewed by the Guinness Book of World Records. [1] Created only 4 years ago by a small community of developers, Mozilla Firefox is now challenging Microsoft's Internet Explorer's throne to the browser market, making an even broader statement of the emerging prevalence of open source software in today's market.

Along with a number of bug fixes, Firefox 3 boasts an improved and faster interface, a few design tweaks and a number of new innovations, most notably the search by title function. This feature allows the user to search for previously visited sites by not only the website address, but also the title of the site making it easier for users to find previously viewed sites. A criticism of Firefox in its older releases is that they could hog memory over time, eventually forcing a browser restart. Firefox 3 needs a little less memory and doesn't keep nibbling away at your computer's resources over the day.[2]Due to the open source nature of the browser, a key advantage of Firefox remains to be the availability of over 5000 add-ons on their site.

Although, the new features of Firefox 3 appear impressive, questions about the browser's security are somewhat left unanswered. Just hours after the release, security tool vendor TippingPoint was notified of a "critical vulnerability" affecting Firefox 3.0 and 2.0. The flaw could enable an attacker to run malicious code on a computer, the company said. Like other browser-based vulnerabilities, a person would have to click on a link in an e-mail or visit a malicious Web page to get infected.[3] Although these issues may be somewhat alarming, it is a common misconception that because of the availability of its code as open source software, it is less secure than browsers like Microsoft's Internet Explorer.

Currently, Firefox garners 18.41% of the browser market, still significantly less than Internet Explorer's 73.75%, the most popular browser in the world.[4] Although there is still a long way to go for Firefox to compete for the top spot, the fact that it has only been 4 years since Firefox's conception, as well as Microsoft's decided advantage by packaging Internet Explorer with Windows, makes Firefox's popularity and usage statistics that much more impressive. More so than the usage statistics, what was perhaps the most impressive aspect of Firefox 3's release was the coverage it received not only by tech and internet media, but by the major media outlets as well.

The progression and speed at which Firefox has been developing is a testament to the strength and benefits of the open source software market. Perhaps the most recognizable open source software name next to Linux, Firefox's importance in defining the future of software development will continue to be written by developers around the world. Thanks Mozilla, and keep up the good work.

-Edwin Pahk

References:

1 Associated Press. "Firefox 3: 8 Million Downloads in one day". The Dallas Morning News. 18 June 2008 <http://www.dallasnews.com/sharedcontent/dws/bus/ptech/stories/06_19_08dnbusDownloads.177b873f.html>

2 Pegoraro, Rob. "Building a Better Browser: Firefox Keeps Innovating". The Washington Post. 19 June 2008 <http://www.washingtonpost.com/wp-dyn/content/article/2008/06/18/AR2008061802731.html>

3Gonsalves, Antone. "Firefox 3 Bugs Reported". InformationWeek. 19 June 2008 <http://www.informationweek.com/news/internet/browsers/showArticle.jhtml?articleID=208700715&subSection=All+Stories>

4 "Browser Market Share". May 2008 <http://marketshare.hitslink.com/report.aspx?qprid=0>


Thanks for the Continued Support and Contributions
Our database is partly maintained by our team of researchers as well by the contributions that are received from the community. Here is a submission we received last week through email:

****************************************************************************

Sino

"http://www.austlii.edu.au/techlib/software/sino/

I noticed it had been released under GPLv3 after I downloaded the sources and
checked the licence.

This software has been developed and used for production purposes by Austlii
(http://www.austlii.edu.au/) for a number of years, and they ought to be
congratulated for making it available now under the GPL.

-Jason White"


Description:
Sino (short for "size is no object") is a high performance free text search engine written and maintained by Andrew Mowbray. It was originally written in 1995 and has been mainly used to provide production level search facilities for most of the Legal Information Institutes that form part of the Free Access to Law Movement.

Newest Release:
Sino Source (3.1.17)

****************************************************************************
We appreciate all the contributions that have been made, either through our form on our web page or by email, and we also like to hear why you are changing your project's license as in the email above. It gives us more insight into which direction license trends are moving. We will continue to post up user contributions to our blog each week, and we may quote parts of your emails. If you wish the email to remain private, just mention so and we will not disclose any part of it.

Much Appreciated,

Palamida R&D Group


Notable Mention
Palamida actively takes submissions from visitors on updates on new GPL v3/LGPL 3 projects. We are amazed at the number of submissions we have gotten to date, but even more so, we are incredibly grateful to the almost 100 core contributors who have devoted their time and resources at helping us provide up-to-date information.


The Research Group (rdgroup@palamida.com)
  • Ernest Park
  • Antony Tran
  • Edwin Pahk
  • Kevin Howard


********************************************************************************************************
For more information, go to http://gpl3.blogspot.com/.

To stop receiving these weekly mailings, please send a message to http://www.blogger.com/rdgroup@palamida.com with the subject "unsubscribe".

********************************************************************************************************

The GPL3 project, sponsored by Palamida, Inc (http://palamida.com/ ), is an effort to make reliable publicly available information regarding GPLv3 license usage and adoption in new projects. The work published on both sites listed below is licensed This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License .

********************************************************************************************************

Palamida was launched in 2003 after its founders learned first-hand what happens when companies don't have full visibility into the code base of their software applications based on Open Source Software. Their experiences inspired them to create a solution to streamline the process of identifying, tracking and managing the mix of unknown and undocumented Open Source that comprises a growing percentage of today's software applications. Palamida is the industry's first application security solution targeting today's widespread use of Open Source Software. It uses component-level analysis to quickly identify and track undocumented code and associated security vulnerabilities as well as intellectual property and compliance issues and allows development organizations to cost-effectively manage and secure mission critical applications and products.

For more information about FOSS management solutions, go to http://palamida.com/, or send a note to http://www.blogger.com/sales@palamida.com. Please mention the GPL3 site when you reach out to Palamida.




Saturday, June 14, 2008

GPL Project Watch List for Week of 06/13

The GPL v3 Watch List is intended to give you a snapshot of the GPLv3/LGPLv3 adoption for June 7th through June 13th, 2008.

This Week:

  • Week Summary
  • New Projects
  • FOSS licenses based on US Copyright law
  • User Contributions

Two More Weeks...

Only two weeks until the anniversary of the GPL v3 license and the creation of this tracking project. We have come a far way and continue to bring relevant and accurate license information. We hope you have made use of our data and have enjoyed reading our blog.

This week our GPL v3 count is at 2592 GPL v3 projects, and increase of 59 GPL v3 projects. There was speculation as to whether the AGPL v3 would draw projects from the GPL v3 conversion rates, but this does not seem to be happening. The AGPL v3 count is up 7 projects bringing it to 109 AGPL v3 projects. The LGPL v3 number is at 251 LGPL v3 projects, up 9 projects from last week.






















New project conversions this week include:
  • EasyVote: EasyVote is a new easy to use, secure and transparent cryptographic online voting scheme for small elections (up to 500 voters).
  • ERP4U: ERP4U / ERP for You / Enterprise Resource Planning for You -- Enterprise Resource Planning web based platform implemented on top of Ruby on Rails.
  • Bluetooth Remote: Control your computer using a bluetooth enabled mobile phone. Move the mouse cursor send key strokes and control the most common applications such windows media player, internet explorer, firefox.

The Open Source "Market" Killed the Tools Market
Though open source tools can be sold, many are offered for free by developers. The open source market is an odd one since the price of the code is, for the most part, just the time to download the software. The fact the most open source code is offered for free makes competition extremely hard you can imagine, which is a gripe of some commercial developers.

In a recent article, John De Goes argued that
"The tools market is dead. Open source killed it." Open source has cut costs exponentially for developers, however they are restricted to the licensing terms of the code, which usually keeps it free and open. With so many open source tools now available for free, it restricts commercial companies from using price as a competitive tool since the open source alternative cost zero. So to be able to charge anything for a developer tool, the product would have to be significantly better than the open source alternative. Goes says that this also has a catch to this as well. The cost to learning a new IDE is quite high for most developers, since they are already use to the workings of their current one.

But is killing the tools market really such a bad thing. The death of the tools market was brought about from the birth of the open source market, and those in the open source market would argue that the benefits outweigh the loss. With open source, sharing code has eliminated countless hours rewriting code to do the same exact thing. And though this makes it nearly impossible to charge for your software, the creation of it is significantly easier.

Ohloh is a good site to put things into perspective. On their site, they show the projected cost of the project if it was done from scratch. Right away you can see that some projects would cost millions if not for open source. Subversion, for example, is projected to cost 5.2 million if a team was to write the code themselves. With these gains in cost efficiency, I would say the death of the tools market isn't so sad.

References:
http://www.ohloh.net/projects/subversion
http://tech.slashdot.org/article.pl?sid=08/06/10/0228220&from=rss

-Antony Tran


Thanks for the Continued Support and Contributions
Our database is partly maintained by our team of researchers as well by the contributions that are received from the community. Here is a submission we received last week through our web interface:

****************************************************************************
ApacheMap


Description:
The perl script parses a apache or apache2 combined access log for the IP addresses. It then looks up a Geo-Tag for those locations and if successful it adds them to a data file which the Google maps API then displays. So you get all your unique resolvable hits plotted on a map. From 0.3a onwards new style blue markers are used which contain information about the location when clicked on.


Newest Release:
apache-geo-map-0-6b.tar.gz

****************************************************************************
We appreciate all the contributions that have been made, either through our form on our web page or by email, and we also like to hear why you are changing your project's license as in the email above. It gives us more insight into which direction license trends are moving. We will continue to post up user contributions to our blog each week, and we may quote parts of your emails. If you wish the email to remain private, just mention so and we will not disclose any part of it.

Much Appreciated,

Palamida R&D Group


Notable Mention
Palamida actively takes submissions from visitors on updates on new GPL v3/LGPL 3 projects. We are amazed at the number of submissions we have gotten to date, but even more so, we are incredibly grateful to the almost 100 core contributors who have devoted their time and resources at helping us provide up-to-date information.


The Research Group (rdgroup@palamida.com)
  • Ernest Park
  • Antony Tran
  • Kevin Howard

********************************************************************************************************
For more information, go to http://gpl3.blogspot.com.

To stop receiving these weekly mailings, please send a message to rdgroup@palamida.com with the subject "unsubscribe".

********************************************************************************************************

The GPL3 project, sponsored by Palamida, Inc (http://palamida.com ), is an effort to make reliable publicly available information regarding GPLv3 license usage and adoption in new projects. The work published on both sites listed below is licensed This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License .

********************************************************************************************************

Palamida was launched in 2003 after its founders learned first-hand what happens when companies don't have full visibility into the code base of their software applications based on Open Source Software. Their experiences inspired them to create a solution to streamline the process of identifying, tracking and managing the mix of unknown and undocumented Open Source that comprises a growing percentage of today's software applications. Palamida is the industry's first application security solution targeting today's widespread use of Open Source Software. It uses component-level analysis to quickly identify and track undocumented code and associated security vulnerabilities as well as intellectual property and compliance issues and allows development organizations to cost-effectively manage and secure mission critical applications and products.

For more information about FOSS management solutions, go to http://palamida.com, or send a note to sales@palamida.com. Please mention the GPL3 site when you reach out to Palamida.






Saturday, June 7, 2008

GPL Project Watch List for Week of 06/06

The GPL v3 Watch List is intended to give you a snapshot of the GPLv3/LGPLv3 adoption for May 31st through June 6th, 2008.

This Week:

  • Week Summary
  • New Projects
  • FOSS licenses based on US Copyright law
  • User Contributions

Almost A Year Has Passed
The year has gone by quite quickly since the GPL v3 was first released. We have just entered into the month of the release, and it is only 23 days until a complete year has passed. It doesn't seem like we have been tracking the GPL v3 and its derivatives for a year, but it is more believable when you look at the count. Cumulatively, the GPL v3 and its derivatives have gained over 2800 adopters, which is an impressive number. Thousands of projects have, and now we can more confidently say thousands more will adopt the GPL v3, proving its significance in the open source community. The GPL v3 alone is now at 2533 GPL v3 projects, an increase of 62 GPL v3 projects. The AGPL v3 has gained 2 new projects, and is now at 102 AGPL v3 projects. And the LGPL v3 is now at 242 LGPL v3 projects. These numbers are considerably large and are still growing by the day. We will do a year summary to review all the key points over the past year for the anniversary of the GPL v3.






















New project conversions this week include:
  • kjscompress: Command line tool to compress and obfuscate Javascript code and compress CSS code. (Based on KJS -- Javascript library included in KHTML.)
  • IT-Inventory: IT Inventory is a web based system for inventorying computers and other IT based equipment. You can also track repair orders for computers.
  • MySXP Open Platform: Application SAP like for win32, based on MySQL,and mixed with the egroupware politics and database compatibility.

FOSS licenses based on US Copyright law

Since most, if not all, US-based FOSS licenses are based on US Copyright law as defined in the US Constitution, all have this same "life of the creator plus 70 years" term, so length alone is not an advantage. Also, a work or creation is considered to be "copyrighted," at least under US law, as soon as it is "fixed in a tangible medium," which can mean bits saved on a magnetic disk. So while something may be "copyrighted," it is more difficult to enforce a copyright without a written registration with the US Copyright Office. Compare proving in a court of law that you "own" electronically distributed code merely by saying that you created it with being able to have documented proof that you are the author and registered the work on a particular date. To be in technical compliance with US Copyright law, and to maintain a copyright registration, the creator of a software project would probably have to periodically re-register the work as it grew and progressed, since adding new code is adding new "creative elements" which are in themselves copyrightable, but also change the original work enough so that it is something entirely different, thus requiring a new copyright.

In my opinion, it is actually a disadvantage to not license a work and leave it up to US Copyright law. If you look at the rights granted under US Copyright law ( http://www.copyright.gov/circs/circ1.html#wci ) you can see that the first three of those rights (right to reproduce, right to prepare derivative works, and right to distribute copies) seem to be pretty easily applicable to software code, but were obviously not originally conceived with electronic bits traveling around the Internet in mind.

So, not only do they not quite fit, they are fairly restrictive in terms of only granting any of these rights to the original creator of the work. So, before anyone can perform any of the "rights" related to the "work" granted to the original copyright holder, the original copyright holder must give permission. Combine the clunkiness of this method of permission with the instantaneous worldwide distribution system of the Internet and you have an unmanageable mess of trying to coordinate and keep track of who has what rights. Remind you of anything? Digital music?

FOSS licenses are written specifically for software code and define, to varying degrees, what can be done with that code and by whom. FOSS licenses are used by the holder of an original copyright in a creative software "work" to grant the permission ("license") mentioned above to others for others' use. FOSS licenses actually improve the efficiency of the open source movement. Keep in mind that the same rights granted under US Copyright law that are the foundation of FOSS licenses are the same rights that are the foundation of closed-source and proprietary licenses, so you can see that the structure of any given license can lead to dramatically different outcomes for what happens to software code depending on how various rights are granted or restricted.

-Kevin Howard


Thanks for the Continued Support and Contributions
Our database is partly maintained by our team of researchers as well by the contributions that are received from the community. Here is a submission we received last week through our web interface:

****************************************************************************
Gloss


Description:
Gloss is intended to be a drop-in replacement for the existing MythTV frontend. It is written in Python however uses the Clutter OpenGL framework with the intent of producing a visually richer interface than the existing MythTV frontend.

Newest Release:
gloss-0.1-rc1.tar.gz
****************************************************************************
We appreciate all the contributions that have been made, either through our form on our web page or by email, and we also like to hear why you are changing your project's license as in the email above. It gives us more insight into which direction license trends are moving. We will continue to post up user contributions to our blog each week, and we may quote parts of your emails. If you wish the email to remain private, just mention so and we will not disclose any part of it.

Much Appreciated,

Palamida R&D Group


Notable Mention
Palamida actively takes submissions from visitors on updates on new GPL v3/LGPL 3 projects. We are amazed at the number of submissions we have gotten to date, but even more so, we are incredibly grateful to the almost 100 core contributors who have devoted their time and resources at helping us provide up-to-date information.


The Research Group (rdgroup@palamida.com)
  • Ernest Park
  • Antony Tran
  • Kevin Howard





Monday, June 2, 2008

GPL Project Watch List for Week of 05/30

The GPL v3 Watch List is intended to give you a snapshot of the GPLv3/LGPLv3 adoption for May 24th through May 30th, 2008.

This Week:

  • New Projects
  • Clipperz Follow Up
  • AGPL v3 Hits 100 Projects
  • User Contributions

Congrats to the Grads
For those of you in school or have children that are, graduation has just passed for some or is soon approaching. We would like to congratulate all the graduates and wish you the best of luck in you career, especially if it involves open source *wink*.

This week our GPL v3 projects has grown to 2471 GPL v3 projects, which is in increase of 44 new GPL v3 projects. Our AGPL v3 count has just hit its first benchmark of 100 AGPL v3 projects, with the 5 new AGPL v3 projects that were added over the past week. And lastly, the LGPL v3 count is now at 236 LGPL v3 projects, in increase of 16 new LGPL v3 projects.



















New project conversions this week include:
  • pion-platform: a development platform for Complex Event Processing (CEP)
  • freyrms: Based on OdinMS, FreyrMS strives to improve the functionality of the OdinMS Project.
  • domac: text edit/macro language, similiar to awk,sed, or m4. It can be embedded in other languages and allows comments anywhere, even inside instructions.

Follow up:
What is "zero-knowledge", and what does it mean to the growth of web services and information security?
From Marco Barulli, Clipperz

Dear Ernest, I'm happy to inform you that Richard Stallman finally agreed with the

"call for action" that I published on the Clipperz blog today.

It's a three step plan that combines free software (AGPL)

and the
zero-knowledge architecture.

http://www.clipperz.com/users/marco/blog/2008/05/30/freedom_and_privacy_cloud_call_action
I am glad to say that you saw it here first.

Is this important? Sure it is. Marco Barulli is taking the risk of blazing the trail for web services developers to come. Is AGPLv3 the right license? Who knows. Is "zero-knowledge" the right architecture? Maybe yes, maybe no.
  • Zero-knowledge architecture is a web services framework in which secure information is distributed only to the endpoint, the service, through a secure and reliable framework that does not allow disclosure or residual existence of any user specific information.
  • In a service framework, providers enabling the connection from a user to the target service may have access to secure and potentially user specific data.
  • The zero knowledge architecture is one in which programmatic architecture and tools are put in place to hide and encrypt data in a format only usable by the intended service.
  • The AGPLv3 assures that the architecture and the source code is transparent and available for scrutiny, thereby insuring a clear implementation of secure practice that can be monitored and verified by the community.
  • While we as users get in the practice of complacency and trust, the idea of "zero-knowledge" allows the user to validate the secure and reliable implementation of security and data protection practices.
An interesting key point is the browser, our gateway to an OS neutral world of services.
  • The browser would need to let the user control how web service code, in this case, Javascript, is loaded, validated and run. While I can go into more detail here, Mr. Barulli does an excellent job of explaining here.
What is new here?
Clipperz is trying to provide an architectural guideline for how to develop and deploy web services that have an inherent high security, and a set of tools as a valuable starting point. Additionally, the idea that a user does not have to trust the developer or service provider for the protection of private data is smart. Is this novel? No. Is it needed? Of course. "Zero-knowledge" architecture is based on old ideas applied to a new web services paradigm. Trust nobody, encrypt, and double check everything. Clippers and the zero-knowledge concept is an old idea finding a proper place to start talking about transparent architecture which puts the responsibility of information security in the hands of the users. Is it perfect? Maybe yes, maybe no. It is licensed under AGPLv3, so Marco Barulli is inviting the community to grow what he started. Simple idea, great initiative. Well done.


AGPL v3 Hits 100 Projects
As stated in our project summary, the AGPL v3 has hit 100 projects by our count as of this week. This is an important benchmark for the license, seeing as it was uncertain if projects would want to adopt this derivative of the GPL3. 100 projects is by no means a large support group, out of the hundreds of thousands of projects, but it is a first step. This benchmark shows that the extra clause in the AGPL v3 that closes the ASP loophole, which requires "software as a services" to also release its code modifications is an important issue. Hitting this benchmark along with Clipperz proposed AGPL suite might just act as a catalyst to make the AGPL v3 a significant license in the open source community.


Thanks for the Continued Support and Contributions
Our database is partly maintained by our team of researchers as well by the contributions that are received from the community. Here is a submission we received last week through our web interface:

****************************************************************************
Sinatra


Description:
Sinatra is a free karaoke game for GNU/Linux. Sinatra puts your voice on top of the note sheet and gives you score for matching it good. Beat your own scores or battle in a duet, trio or quartet with friends and several microphones and sound cards. Sinatra was released February 16.

Newest Release:
Sinatra 1.0
****************************************************************************
We appreciate all the contributions that have been made, either through our form on our web page or by email, and we also like to hear why you are changing your project's license as in the email above. It gives us more insight into which direction license trends are moving. We will continue to post up user contributions to our blog each week, and we may quote parts of your emails. If you wish the email to remain private, just mention so and we will not disclose any part of it.

Much Appreciated,

Palamida R&D Group


Notable Mention
Palamida actively takes submissions from visitors on updates on new GPL v3/LGPL 3 projects. We are amazed at the number of submissions we have gotten to date, but even more so, we are incredibly grateful to the almost 100 core contributors who have devoted their time and resources at helping us provide up-to-date information.


The Research Group (rdgroup@palamida.com)
  • Ernest Park
  • Antony Tran
  • Kevin Howard

The GPL3 project, sponsored by Palamida, Inc (http://palamida.com ), is an effort to make reliable publicly available information regarding GPLv3 license usage and adoption in new projects. The work published on both sites listed below is licensed This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License .

For more information, go to http://gpl3.blogspot.com.
To stop receiving these weekly mailings, please send a message to rdgroup@palamida.com with the subject "unsubscribe".