Joomla! Discussion Forums

Ian - I agree. There have been expectations set that "providing extensions that can be sold and not redistributed" is acceptable. There are people who have counted on that expectation and rightfully moved forward. It does create a problem to change that now. It is also possible we were wrong to set that expectation and now we need to clear that up - before the problem gets even worse.

The license provides legal boundaries (provided we all understand it in the same way!), but knowing what we can expect from one another within the community is equally important. Since the issue was raised by Mixed, that's what the donations thread is about - not legal issues, but the expectations, trust, confidence, transparency that the OSM is working towards and doing well with. (But, let's not go into that here. There's plenty to chew on with this topic.)

My list of ideas were all BAD ideas. My intention was not to "solve" this problem but rather to suggest we might want to identify the real problem and then figure out how to resolve it within the GPL. Ian, when you look at the JED and start isolating the extensions that could be issues, then, IMO, that starts to get us at "what is the problem we are trying to solve."

But, this will be very sad if all we do is find the extensions and remove them. We are all in this together. No one did anything "wrong" (value judgment, not legal judgment.) So, along with trying to "legally" figure things out, let's also figure out a better way.

Websmurf just posted:



That's the problem we are trying to solve, within the GPL.

Mixed - we are honored to have you in our midst. Thanks for your contributions.

A long time ago with a mambo hat on I spent a considerable ammount of time researching this whole issue including contacting FSF and FSFEurope. Sadly I never got a definitive reply and I came to the conclusion that this was a deliberate policy of the FSF and that they felt it was better to let each project decide for themselves.

There recently was an interesting debate on this issue on the inux kernal mailing list and whilst not directly the same it is worth a read to those who are interested, specificaly the comments of a finnish gentleman
http://thread.gmane.org/gmane.linux.kernel/475727

Let me say at the outset, in case I am misinterpreted, that I am very appreciative of the work done by all the developers in the Joomla! community - both core developers and extension developers.  I use both open and closed source components.

I am not providing legal advice on specific issues in this thread, or saying that it is currently in breach of the GPL to release any extensions encrypted and not under a GNU GPL licence.  Nor am I passing a value judgment on people who want to make money from developing software that interacts with an open source product - as I said, I agree you can't expect people to do something for nothing (and you should be very grateful if they do)!

I am just trying to provide some background to the GNU GPL and flag that there is an issue here.

The great thing about open source projects is the ability of developers to access the code and just get on with writing good code and submitting it to the project (if they have the spare time/financial backing).  If other people start piggy-backing on that work by selling encrypted products that are dependent on the Joomla! core, then there is a risk that the core developers will lose interest/enthusiasm unless they are also being rewarded one way or another.

The draft GPL 3.0 (see the WIKI discussing the draft here: http://gplv3.fsf.org/gpl-draft-2007-03-28.html) is particularly anti-encryption because it can prevent people accessing and redistributing the source code - which is something the FSF feels very strongly about. (See section 3 of the draft in particular)

It is an issue for OSM as to how much it believes "Open Source Matters", and therefore what position it takes with respect to extensions to Joomla! that are encrypted.  It may choose to embrace and promote them alongside "open" and/or "free" extensions, it may choose to ignore them and only promote "open" and/or "free" extensions, or it may seek to actively prevent the practice (if it is in a legal position to do so).

It is really up to the copyright holders in Joomla! to decide how they want to approach it, and for us as a community to decide which products we will support with our time/money (whether donations or licence fees).

From my experience the "pure" approach that Debian takes can cause delays in development unless the project/developers are well funded (which Ubunutu seems to be and therefore appears to be developing more actively at present) - but you don't have to encrypt a component in order to license it on a "non-free" basis.  You can be "open source" without being "free".

I have had problems with a certain encrypted component that has broken because of a Joomla! security upgrade and left us in the unenviable position of having to tell a client that we had to either leave their site open to known security vulnerabilities or turn off a feature that would materially impact their site.  When they are used to us being able to just fix it, that is not a nice position to be in and they supported us moving to a less fully featured open source product instead.  Extension developers just have to decide how much they trust their licensees not to pirate their source code if they give them a source code licence rather than an encrypted code licence.  Template developers seem to survive OK (despite people that do the wrong thing), but in this global marketplace (or bazaar) where it is difficult to take action against a foreign pirate, it is easy to see why some extension developers resort to encryption.

The above is a general discussion only and should not be relied on as legal advice.

Perhaps because many have a subscription based service? Might a similar business model allow developers to move away from encoding?

Yes, I think that can be a good idea.

It is basically a "support and maintenance" model that lots of traditional software vendors use.  It gives the developer some certainty of income while they develop.  For example by providing a members only support forum and only allowing subscribers to access the downloads area to access new versions of extensions.

If the extension is not Free, then the developer can keep an eye out for whether it starts getting distributed outside their member site (through Google etc) and write nasty letters if they come across an infringer.

Mixed -

Good points in your "Let me say at the outset" post. You are speaking to the GPL, not against anyone, that's pretty clear.



I'm confused on the distribution. How can there be "infringers" either distributing or receiving the code when it has been liberated under the GPL? I think that is the problem, right?

But, clearly, any type of "value added" approach, like "support and maintenance" makes sense. And there is certainly nothing against charging for the distribution (the download.) MOST people will not use pirated software.

I think there are also good opportunities for a group of developers to work in unison, provide reports on security testing (perhaps even offering certification to a specific criteria set) of their extensions and documentation on interoperability between extensions and support. That, alone, could advance Joomla! and strengthen our extensions.

I have a question - if a developer builds an extension that can be used in multiple applications, not just Joomla!, is that then a good measuring stick for the type of application not subject to the GPL? That gets back to some of the embedded apps. Asked a bit differently, if the extension can only be used by Joomla!, then the GPL is extended to also cover that extension. But, if the extension can be used in many applications, would it have to then be licensed for each "host" environment? Or, is that when it could stand on it's own license?

Thanks...Amy

Hi Amy



The source code that I was referring to here is source code for an extension that is released under a non-Free licence, so that licensees can do their own maintenance/development but are not authorised to redistribute.




This is where it gets tricky and as Brian has mentioned, there is a fair bit of "grey" around this.  I don't think it is as simple as saying "If this extension works with Joomla! and Drupal then I can release it under a non-GPL license," as it may just be switching one GPL code dependency for another.  It is an issue of how the application integrates with those products and what code from other projects it incorporates.  If the application can stand alone from any other software and doesn't incorporate code from any other software, then I believe that it generally could be licensed under a non-GPL licence even if there is a bridge that enables a GPL'd piece of software to share authentication and/or templates with it.  It is really how you (or more to the point, the courts) interpret "independent and separate work" in the GPL within the context of your local IP laws.

A fairly clear point is that you would want to avoid distributing your non-GPL extension pre-installed in a Joomla! package.

The above is a general discussion only and should not be relied on as legal advice.

See also the FAQ on aggregation:

http://www.gnu.org/licenses/gpl-faq.html#MereAggregation

And here is an FAQ that deals with the hosted applications issue I discussed earlier (and which also refers to the Affero GPL):

http://www.gnu.org/licenses/gpl-faq.html#UnreleasedMods

Here is an FAQ dealing specifically with templates:

http://www.gnu.org/licenses/gpl-faq.html#WMS

One of the main questions is in my opinion, where does Joomla! want to go and what does it want to be?

Is it aiming at being a solution for businesses and "hobby" users or just "hobby" users?

With making encryption impossible it could be Joomla! gets less attractive for professionals to invest a lot of time and money in building  a solution that rises above the many "hobby" solutions.
Another thing is that overall the Joomla! universe is pretty cheap, a full blown component for $100 is already expensive and a custom template should cost no more than $50 if not less. With that comes the point of financial matters for company's that distribute their software with open code. With prices that cheap it is hard work to make a full time living, suppose I have my code open and someone does something bad with it, lawyers are not working for $50 an hour to help you get that person on the other side of the world with different laws.

It is a tough discussion, does Joomla! want a professional level which in some cases want to encrypted their software or does Joomla! take the risk of staying at a certain level because no one is willing or the risk is to big to make that extra step.

About paying "core" and or 3pd developers, thats a huge black hole I think. Who will pick who gets payed? Who will be part of the "core"? When does a "core" member has to leave and who will judge about that? Should there be a time limit for "core" members so there will always be fresh blood running?
This should be a whole new topic and there is certainly something to discuss about that.

Just some thoughts.

Arno

Professional. No doubt.

This is a recent article from InformationWeek on the need for a solid business plan. (I *detest* the tone towards community but appreciate the overall points of this article.)


Again, I think the problem we are trying to solve is a business case -- it's revenue; not the GPL.

We need good business minds to consider how to leverage this enormous community -- our core and third party developer ranks and end users -- to make that step into an enterprise application.

It's not the GPL that is limiting that. It's the lack of an overall business strategy and (don't kill me here) roadmap, dependable timelines, specific deliverables, support options, database abstraction, ACL... You know, the stuff that comes with discipline in business. (I'd say "professionalism" but someone I like very much would kill me.)

Changing the license doesn't mean profits will happen. Joomla!'s success at that level will come when Joomla! can deliver a dependable, scalable, popular, well-supported application that meets the needs of business and integrates / has formed partnerships with other open source applications - with a sea of developers world wide ready to take it into local businesses - that's going to catapult Joomla! from "hobby" to "enterprise."

That's what these open source projects: Hyperic, JasperSoft, Mule, and Spring have figured out. And, that's right where we are; at the cusp of that.

OK... reading this thread took a while. 

I'm going to sleep on most of it for now and answer in the morning, but on the inclusion of encrypted/commercial extensions in the extensions site.

Leaving the legal issues to one side for a moment... I would argue that they should be there. The extensions site is not so much for developers as it is for users of Joomla!. Users should be able to find everything they need for a Joomla! site in one place. Irrespective of its licensing and/or use of encryption. The users can then make their own decision as to what they will or won't use based on their own wishes. IMO its not our place to start making that decision for them. Excluding commercial extensions would be nothing less than censorship and I'm not in favour of that... let the users decide for themselves.

Time for bed now... cya's all in the morning 

Cheers
Shayne

I think I agree with Shayne (and not just because he used to be my team leader )

I'm all for seeing a new business model that will encourage open source extensions development.  But I'm not sure I want to see this business model forced on 3PDs.

I am leaning towards permitting 3PDs to develop extensions that are sold under commercial licenses similar to that used by the big evil corporations.  I would steer away from them and choose to support GPL extensions, but I think they ought to have the freedom to choose to sell their extensions if they want.

They are not selling the Joomla! source code.

This may be in contradiction to the GPL, but I think it falls under the border case.  Isn't PHP GPL?  Would that mean that all PHP programs would have to be GPL as well?  Joomla! is moving in a direction such that it is not only a CMS but also a framework.  What are the implications of this?

Ian

Ian -

Are there other examples of projects that are doing it the way you are suggesting?
Interestingly, some proprietary projects are GPLing their products, like Alfresco. Check their license FAQ. 

I agree completely with Shayne's comment on wanting to stay out of the way of end user choice - with the caveat he applied - "Leaving the legal issues to one side for a moment." Mixed's first post, though, hints at the possibility that OSM can't be so passive.

Examples of others doing something similar will be good, I think.
Amy

Alfresco probably has a steady client base and serious company backing, they are in control up to a certain point which is totally different than what companies which do the Joomla! have. For business there is a risk using Joomla! like with the launch of 1.5 which some may have delayed projects for and where they now have to switch back to 1.0 or move to another platform because their client can't wait any longer.

Alfresco does already have a real management and Joomla! doesn't so "business" decision making is very very hard.

I would to choose for an open source free version where possible but sometimes there is no free open source solution available or just not good enough. In that case I would be very happy when there was a commercial version, encrypted or not with solid backing I could buy for a client. Same thing counts for templates, I am very outspoken about the fact that a company or a brand representing site shouldn't use a template from a club or a color changed version of solarflaire, that means a custom template and a well thought about and designed custom template simply costs a lot more than $50 and people who take their site serious will pay that extra money for something special just like they would buy a component that does a very good job and has a serious service level even if it's encrypted.
Joomla! is so big that it needs commercial activity and with that comes the price of company's having to pay the bills and a need to protect the time and money they've put into development.

I don't say encryption is a great thing but taking that option away could keep a certain professional level away.

Another thing is that even if something, that super great idea a company has come up with, did market research on and build it, in the end is encrypted, there will most likely pop-up an open source "hobby" version which does the same thing but on a lower level. For that version bills don't have to be payed and no or little research has to be done because thats is already done by the company that build the original version.

Arno

Im using a CC license for my free component. Can you explain why you mean with CC being wrong? I personally believe it are great licenses: you can release something free, but are still able to add limitations.

I´d like to suggest to go step by step, question by question. We are mixing a lot of things, IMO, and you will get no useful answers. If you take a look at some licenses mailing lists you will know what I am talking about: we are all discussing valid points but those points are mailing lists "feeders", each single point has a lot of questions and answers.

May be it´s time to wait a couple of days more, just time enough to see if this thread should be splitted and a new board put in place.

Ian - Here's the PHP license, it's an OSI license, but not GNU GPL. It clearly does not require derivative work be GPL'ed.

Arno -

I think you make very good points. Alfresco certainly had a solid revenue stream when they GPL'ed their product. But, I think (?) their License FAQ speaks to this dilema between GPL-compliant and using Joomla! in a more proprietary fashion. They appear to do both -- somewhat like Jasper -- they have a "community-GPL license" and a "commercial-proprietary license." How, I don't understand.

OK - from the Alfresco FAQ


I guess I don't look at this discussion as "allowing" or "not allowing" third party developers from doing something - but, rather, figuring out what license fits what Joomla! wants to do. So, Arno, does the GPL allow for encrypted, non-redistributable extensions? I don't think it does. No matter how much someone might want the GPL to allow it or think the GPL is unfair or wish it weren't so, I don't think this type of extension fits into the GPL. Do you?

But, this is not a unique challenge to Joomla! - it certainly appears that Alfresco is facing it, too - and they are utilizing two different licenses for two different purposes. I think (?) Jasper uses this same type of model.

I'll ask you what I asked Ian - do you know of other GPL'ed project that allow for encrypted, non-redistributable extensions (applications that only work with the base code)? Examples of these projects will be helpful, I think.

Also, an excellent article Open Source Licensing and Governance from OSI.

Amy

Nicholai -

From what I have readyou can further liberate beyond the GPL, but you cannot license in such a way that it is more restrictive than the GPL. (Keep in mind, I know *next to nothing* about this.)

Amy

Joomla! had some additions to the GPL in the license that where added to make commercial use more easy, they where put there to make it possible for companies to use joomla and sell 3pd applications based on Joomla without problems if I remember correctly. But I think they are removed for review reading the changelog.

For the same reasons Shane gives for having all 3pd extensions on the extension site you could say everyone should be free to choose the extension they want whether that is encrypted or not. With limiting the license and with that protection for companies that invest a load of money and time in developing professional extensions and services Joomla! gets into politics I think where it should be very carfull.
Joomla! should be happy that there is a commercial use growth because that takes it to a higher level. Joomla itself should it my eyes just be a great project where fun is very important and it should function as a learning school for young developers to learn how to create great software and manage a great project, it shouldn't be a project that plays a political role by limiting it's unique fact that people are very free to make money with it in some way.

Arno

wow, that was a long read! thanks to all contributors for sharing some very interesting thoughts, Jinx for your time, Ian for your concerns which I share, mixed for the insights, Amy.. you know ;) and anyone I forgot after post x.

Here's a few ideas: I've been using Mambo / Joomla! for a few years now, just as a hobby, for my own site and pleasure mostly. During those years, I have used many extensions, both free and pay-for. I bought many extensions I don't even use to support the dev(s). One I'm most happy with, in usage for a long time on my site, and not to nazme it is SEF Advance, which has been much discussed because of these same matters before.
I bought 2 copies of this component (it's not cheap) while it was encoded but not yet using ioncube, which I hate because it requieres an extra step on the server.. where's the easy of use? And even though there are decompiled or whatever that's called versions "out there". And they work.
And I bought many! other extensions. Used free ones. The main problem I see: if an extension I like and which is a main feature of my site needs fixes and updates because of J! evolution, will I get them from the dev? If the dev decides to discountinue the extension, is someone else able to provide updates / support? In case code is encoded, I don't think so.. In case it's a free extension, will another dev be willing to take up unknown code, work himself into it and dedicate his time to keep it alive (see OpenSEF / Simple~=>Fireboard for a nice "yes" example)?
My point here is: I don't mind paying for an extension if it works, gets fixed if it breaks, and gets updated (you know, those "free updates for lifetime" where you find out it's not your lifetime, but the extensions -which is ended whenever the dev says so ). I also don't mind "giving" money to a dev to help him continue work on an interesting project. I don't know much php, but sometimes I do want to look at the code, and maybe change / fix something (thanks to advice found around here for ex.). We've seen examples of extensions "calling home"/sending emails without telling the user before.. Bad, unacceptable imho.
I'd like the freedom of choice on the extensions site, but I'd like to know exactly what I'm getting, and would not buy an encoded extension again -except if I know (as much as is possible in the virtual online world) the dev (Adam, Vimes et all). I'd still feel annoyed.
What about: the hobbyist sites: if you don't make money from it, use for free, Commercial usage: please proceed to cash register?
[quote="GPL"]Templates are minor enough that it is not worth using copyleft to protect them.[/quote] Makes me wonder: why does everybody separate templates and extensions as if they were completely distinct add-ons -they used to be referred to as "CMTs" before: components, modules, templates?! Why is it ok for everyone people make $ from the main thing a visitor sees of your site: the template which presents and lays out all the data, but not from the logic that drives additional capacities of the system (com_, mod_, plug/bot)? Ok, they're not encrypted, still..

I hope this isn't going to remain just another discussion on such an important topic, and real solutions and resolutions will be made known after everything is thought through and clearer for all of us.

Thanks all for the feedback so far, it's nice to see that this is turning out in a very constructive discussion. I realise that this is a difficult discussion as it touches on legal subjects that most of us don't have a complete understanding off.

Multiple people in this thread already slightly mentioned the fact that we need to be carefull not to mix the GPL with our community values. The GPL really only enforces a narrow, technically defined slice of what it means to operate ethically within the general world of software freedom.  Because the GPL is a one-size-fits-all software license, it can't begin to cover the complexity of a specific and unique environment like the Joomla ecosystem.

I feel it's important we reach a common understanding about what 'open source matters' and 'jumla' mean to us as a community. Does it mean we allow for non GPL licensed extensions and under what terms, can people encrypt their code or not and why not ? The last thing I would like to see happening is that OSM makes certain decisions on these topics that are not shared by the community. Afterall that is what Joomla! means to me, we work together to move the project forward.

I will let this thread run for a couple more days and then we can see if we split it off into a seperate forum and divide it into multiple threads. In the mean time feel free to voice you opinion.



I contacted the SFLC about this, here is their feedback.

CC licenses are NOT intended for software use.  Larry Lessig (the man who started CC) himself has said so. CC is a content license.  It's merits as a content license are debatable, but everybody agrees that it's not a good choice for software, primarily because it's not intended for such use.

Jick, Free Software doesn't mean "hobby" software (just ask the core developers!).  Linux has successfully fought off that stigma long ago as it is predominantly built on Free Software.

Free Software (as in open source and redistributable) provides professional users with the confidence that they can fix the source code if something goes wrong and that someone else can pick up the code and run with it if the original project starts going in what is perceived as a wrong direction or just dies.

People familiar with the philosophy of all this know that there is a difference between "Free" and "Open Source" software.  Given the name of the Foundation, perhaps the starting point (putting the licence to one side) is that "Open Source Matters", rather than "Free Software Matters".  Consequently I refer readers to the Open Source Initiative website (whose logo is used on the foundation website) and particularly the section that defines Open Source http://www.opensource.org/docs/osd.  Given the foundation's name and the quote on its website, would it be consistent to encourage or promote extensions that don't comply with this definition?

Code that is developed under a "closed" licence will often not benefit from the support of a rapidly growing development community because there is no incentive to help develop code that could become a dead end whenever the owner hits misadventure or is no longer supportive (which is why customers always like to get source code escrow in contracts for large proprietary systems).  The "closed" licence will therefore slow development of the extension and force people who want to help with developing the relevant functionality in Joomla! to start from scratch.  A few encrypted important extensions that are poor quality and/or get dumped by their 3PDs can do a lot to damage the reputation of Joomla!

I agree that there are a lot of issues that need to get teased out of this broad discussion.

The threshold issue for Joomla!/OSM is whether it is even in a position to change licence, based on the origins of its code base, if it decides it wants to make it easier for extension developers to release extensions that are not an "independent and separate work", under a non-GPL compatible licence.  The SFLC can no doubt advise on this, keeping in mind that they "provide legal representation and other law-related services to protect and advance Free and Open Source Software", so they may not be interested in helping take Joomla! in a direction away from that.

If Joomla!/OSM cannot easily change licence, or decides it doesn't want to in order to secure its ongoing "Freedom", then it is a question for 3PDs to work out technically how to develop their extensions as "independent and separate works" or find the business model that will enable them to prosper in a Free and Open Source Software development environment.

The above is a general discussion only and should not be relied on as legal advice.

Hi Mixed,

With "hobby" I don't mean free software but software developed by people who are students or have a steady job and do some development on the side. I've been a Mambo core member and am one of the founders of Joomla! so I've been there. I've also been part of a team that has almost spend an entire year on developing a piece of software build on top of Joomla!, thats right, almost a year and that was more than full time for the whole team so I know what the investment in building a product can be.

The problem with Joomla! is that there is a huge mix in levels of development and services but there is not really a layer that does real corporate level development. Of course there are exceptions but overall Joomla! extensions are pretty low quality. With 1.5 there comes a point where Joomla! gets more attractive for building large and high quality applications and hopefully that will happen and Joomla! gets a layer on top of the what I call "hobby" layer where people or business won't think a component for $100 and a template for $50 is already way expensive.
And again, I'm not a fan of encryption but if that in some cases can help get Joomla! 3pd to a higher level I think that option should be there. The community will filter the bad "encrypted" software and services out.

Arno

From what I can summarize from this topic is there really only one question that needs to be addressed, and that is "can third party extensions be licensed differently then gpl?" It is clear that commercial components can exist, and that under gpl they can not be encrypted. What OSM needs to determine is do extensions need to follow under the gpl.

just my 2 cents

This topic is founding Mambo'' with new license.
I'm verry worry, because i have two projects base on Joomla1.5, one is free, one is commercial. I should stop my job???

I agree with this comment:


Joomla 'd become frame for set of opensource and commercial components

Sorry, i do'nt throw stones at this topic, but i'm worry!

fadine, it is my understanding that you are able to create commercial components for joomla, and release them for a nominal charge, that should not change. What is up for debate here is the licensing that should be allowed for 3pd components, and the ability or inability to encrypt source. If your commercial ventures' are gpl and not encrypted you should be fine.

Thank for quick reply  . This is only my counsel in a important topic.
Em có ném đá các bác đâu, các bác cứ bàn bạc đi.

Yikes, now forum posts seem to get partly encrypted ;-)

Quite right the name is "Open" not "Free" Source Matters and that was deliberate. If for no other reason than the ambiguity related to the meaning and understanding of the word "free" in the english language.(Far better to use the french word Libre which translates as freedom)

As to the issue at hand personaly I will never use any encrypted software but I defend the right for others to do so. Its all about choice for me. I have no problem with the concept of paying for GPL software,you only need to look in your history books to see that the very first pieces of GPL software all had a price tag.

The bigger issue is can an extension author write code for Joomla that is not GPL. (Of course I would prefer it if they did, or use some other "open" license).

My understanding, and IANAL, is that at the end of the day the copyright holder of Joomla eg OSM can chose to give specific permission to allow this.

Is thisa good idea. Personaly I say that it is as it allows the maximum freedom of choce forthe users of Joomla