Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

SQL-Ledger Relicensed, Community Gagged

Posted by kdawson on Sun Apr 15, 2007 01:38 PM
from the i-can't-heear-you dept.
Censorship Software
Ashley Gittins writes "Users of the popular accounting package SQL-Ledger were being kept in the dark about a recent license change. Two weeks ago a new version of the software was released but along with it came the silent change of license from GPLv2 to the 'SQL-Ledger Open Source License' — presumably in an effort to prevent future forks like LedgerSMB. As it turns out, the author was making deliberate attempts to prevent the community from finding out about the license change. No posts to the SQL-Ledger mailing lists asking about the license change were getting past moderation and direct questions to the author were going unanswered. Just recently the license was switched back to GPLv2. This behavior is not a first for this particular project, and is part of the reason for the original LedgerSMB fork. Does a project maintainer have an ethical obligation to notify his or her community of a license change? What about a legal obligation?"
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

SQL-Ledger Relicensed, Community Gagged 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Oh no! (Score:5, Funny)

    by rolfwind (528248) on Sunday April 15 2007, @01:40PM (#18742995)

    Nothing for you to see here. Please move along.
    The developer is in charge of /. too!
  • Of course! Being open is exactly what open source is about. Well, hopefully the LedgerSMB fork will be able to get beyond the personality defects of the SQL-Ledger guy...

      • couldn't there be a problem considering the license was GPL not some BSD or apache style license. once the base is GPL, shouldn't that mean the derivatives can't be more closed than the base? (anyway IANAL).


        No. There's only a problem if someone made a fork and tried to change it from GPL to something else. This was a move by the guy who holds the copyrights to the code. the copyright holder can, at anytime, decide he wants to move his code to another license. the catch is that all previously released code is still under the previous license. That is, if i release Foobar v1 under the GPL, then I release Foobar v1.1 under BSD, v1.0 remains licensed under the GPL, and you are free to take that code and start your own version, Forkbar v1.0. However, you must always keep it as GPL, because you don't own the copyright on the code; you only have access to it because of the GPL.

        • Re: (Score:3, Insightful)

          by gmack (197796)
          That only applies if he hasn't accepted any outside submissions and therefore is the copyright holder of the code or has had all copyrights assigned to him.
        • Having actually read TFA, it looks like the author was, in fact, trying to do exactly those two things he does not have the right to do with the existing code base:

          * Retroactively re-license existing versions from the GPL to the new version:

          The version published on the website at http://www.sql-ledger.com/source/license/COPYING [sql-ledger.com] takes precedence over any other version in circulation.
          * Unlaterally re-license code that includes third part submissions, since most of the translation packages were done by user submission.

          Ignoring those two actions, even if the license change is strictly legal, it's downright underhanded to pull a stunt like he did. He didn't just change the license on his software; he put out a point release on the primary distribution site, after having changed the license terms included with the package, then refused to let anyone bring it up on the official support mailing list. How many of us would notice if we downloaded and installed the lastest apache or postfix or whatever, and the license had silently and magically changed to a closed one?

        • Update and reply (Score:5, Informative)

          by einhverfr (238914) <chris.travers@gmail.com> on Sunday April 15 2007, @04:56PM (#18744435) Homepage Journal
          I am a core member of the LedgerSMB development team. The author of this post ran it by me as a courtesy before submitting it.

          In the time since this was submitted, Mr Simader has seen the light and reverted to the GPL, albeit very unhappily. Such is life.

          I don't actually begrudge Mr Simader the right to choose whatever copyright license he wants to have for his work. That is his moral right, and I have no problem with it. However, I was very unhappy with the fact that a lot of contributors' code, including all the translations, were still licensed under the GPL and since his new license was not compatable with it, I felt that he was causing problems for everyone including our project which is why I began contacting contributors privately about the whole thing.

          Also, in the event of a license change away from a specific and well-understood OSI-approved license, I think that the developer also needs to give users a heads-up before they install the new version. This is, however, as far as I see the ethical obligations. And even these were not followed.

          Finally, on the LedgerSMB project we are committed to rewriting the entire application, not just in order to prevent further conflict with Mr Simader but also in order to create a better program and one which can be more easily maintained. But we would be remiss if we didn't recognize that our success is in fact partly based on his.

          • Re:Legal obligation? Probably not... Ethical? (Score:4, Informative)

            by fourchannel (946359) on Sunday April 15 2007, @06:02PM (#18744949) Homepage
            I bet they would, since should they give their code to the project leader under GPL, and then the project leader takes their code under GPL, and changes the license to X, he's in direct violation of the GPL. It would be ok if the entire project's code base were written solely by the project leader. In the likely event that it wasn't, the project leader doesn't own the copyright to the submitted code, and for him to use it in anything other than the GPL license given to him would be committing copyright infringement, which is illegal.

      • once the base is GPL, shouldn't that mean the derivatives can't be more closed than the base?

        The author of the work can always release his work under any license he sees fit. The problem would be any code contributed by others in this case.

        • True, that's why most projects require you to assign copyright for your contributions to them.
          • True, that's why most projects require you to assign copyright for your contributions to them.

            Which could be problematic - since the copyright holder could decide to release the code under a non-GPL license as well; make revisions to that and be under no license obligation to make them available under the GPL. Granted, most projects wouldn't do that but it's still a possibility.

            Also, assigning the copyright limits the creator's ability to resell their code seperately should someone want to use it in a non-

          • Re: (Score:3, Insightful)

            by einhverfr (238914)
            LedgerSMB does not require copyright assignment precisely because we don't want to send the message that we will change the license unilaterally. Copyright ownership is power, and decentralizing power means stability.

            Of course in this case stability means that it would be hard to change the license, which is partially the whole point.

            As a project, though, we are apolitical, and committing to a single license can be a political thing. It is possible down the road that parts of the project could be under LG
  • if you read the links, you will see that the author has already switched back to gpl v2
    • You'll see the same if you read the summary.

      It's too late now though. The damage has been done and the apparent intent to keep people in the dark about major changes which could have a negative impact on their use of the software will no doubt see a lot of users lose faith and switch to an alternative.
      • good - i emailed the editor when i saw the story was going to hit the front page. nice to see it wasn't for nothing. when i read the summary after it went live, i missed that they had made the change, so i appreciate your pointing it out.

  • Relicensing... (Score:5, Insightful)

    by mlwmohawk (801821) on Sunday April 15 2007, @01:44PM (#18743041)
    If the author is the sole author and/or owns all the copyrights, then they can do what ever they like. If, however, they have accepted third party submitions then they may have a legal obligation to remain GPLv2
    • As you say, if it's the author's own work, that's fine, but if there's contributor content, they may have extra constraints, and that also applies to using packages with GPL or other licenses as a platform or component of your code. That was certainly one of the goals of the GNU Public Virus approach - if you're using Free Software, you can't make the Free parts non-Free, and if you're doing things the way RMS would really like, all of your contributions would also be Free. If you want to be able to late

    • Re: (Score:3, Insightful)

      by pla (258480)
      If the author is the sole author and/or owns all the copyrights, then they can do what ever they like.

      They can do whatever they like in the future. And anyone can take the entire GPL'd code base from the day before the license change and tell the "owner" to go fork himself.

      That in itself counts as one of the best reasons to use GPL'd software - Eternal compatibility, as long as someone, anyone, continues work on the older codebase (which may mean nothing more than compiling it as-it-stands once every
      • Not necesarily. If users submitted code those users retain copyright unless they stated that they gave them up. Relicensing under these conditions is illegal. And complaining that your copyrighted code has been stolen is not just crying... Of course unless your one of those people who claim you have every right to copy others copyrighted works -wink, wink-
        • It actually depends on the nature of the submission. Trivial submissions, such as one-line bug fixes don't need explicit copyright assignment. Large submissions like new classes, do. The boundary line is not clear but my sense is that less than ten lines of ordinary code without an explicit copyright do not taint the original.

          Of course, many vehemently disagree. Some viciously maintain that a patch that changes "n++" to "++n" is sufficient to to kick in the GPL viral clauses.

      • Reading comprehension (Score:4, Insightful)

        by Hrothgar The Great (36761) on Sunday April 15 2007, @02:26PM (#18743367) Journal
        The community being gagged refers to the fact that their messages were dropped from the associated mailing list. You probably didn't read the article, huh?

  • Legal: No, Ethical: Maybe... (Score:4, Insightful)

    by Kjella (173770) on Sunday April 15 2007, @01:46PM (#18743055) Homepage
    Legally you don't have to announce your business decisions in advance, ethically well... I can understand why you wouldn't, the day you came out and said it the GPL version is as good as yours - no reason to switch. You'd want to have some sort of carrot "New version with $foo and $bar" so people would actually change. Everyone producing anything OSS is entitled to stand up at any moment and say "Screw this, I'm going to try making money off it", assuming it's all their code of course. If you want reliability and future commitment, perhaps you should pay for it? As long as you rely on volunteer contributions you haven't really got a leg to stand on, should they disappear in a puff of smoke.
    • Sorry to respond to my own post but that should read "Screw this, I'm going close the source and try making money off it", clearly you can make money of an OSS product too.

    • Re:Legal: No, Ethical: Maybe... (Score:5, Insightful)

      by ScrewMaster (602015) on Sunday April 15 2007, @02:32PM (#18743405)
      If you want reliability and future commitment, perhaps you should pay for it?

      That doesn't always work either. Just read the EULA for, well, pretty much any piece of commercial software. If the vendor disappears, decides not to support the product, if it vaporizes your computer and most of the building its in ... tough. Paying for it doesn't mean anything in and of itself. Consequently, you have no assurance of anything in the software world unless you're dealing with a vendor that has a significant track record of playing square with its customers. Still no guarantee, but that's about as good as it gets, and it is true whether it's open source or not, commercial or not.

      • if you have any sense when buying software, and you're big enough to make the vendor agree, then a code escrowe agreement is critical in case the vendor folds (sometimes even have a release condition predicated on the vendor being bought by another company who may abandon the product).

        if you're subcontracting the software to another company, then make sure that you have full rights over the code and that you get regular SCCS/RCS/CVS/Subversion snapshots (you need to have direct access to the contractor's

  • Looks like the project is officially being killed. (Score:3, Informative)

    by Ant P. (974313) on Sunday April 15 2007, @01:47PM (#18743065) Homepage
    Both the links to their "public support forum" and wiki bring up a HTTP password prompt.

  • Definitely unethical (Score:5, Insightful)

    by $RANDOMLUSER (804576) on Sunday April 15 2007, @01:57PM (#18743149)
    Forcing people to accept a change in the license without telling them? Definitely unethical - kind of like forcing people to accept Windows Genunie Advantage if you want patches.
    • There is no ethical problem here. (At least the way I see it and my ethics does not necessary = other's ethics). As the author of the project he can change the license as he pleases. What others see as deliberate attempt at not disclosing the change can just be laziness. If the license is included with the distribution and clearly readable it is the responsability of the user to check it.

      BUT if the software was GPL before then that old version is still GPL (imagine it has been forked or integrated in other

      • " What others see as deliberate attempt at not disclosing the change can just be laziness"

        Yes, it *can* be laziness. But in this case, as long as the summary states it, it can't be laziness since the project leader took the effort of not aproving for being published any comment relating to such decision.

        "if someone downloaded it within that hour can they treat it as GPL even though now it has a different license but it is the same software?"

        Of course. It took *his own copy* under the GPL. He can do with
    • No one's being forced to accept any changes. If you don't like the new license, don't use the new software. Stick with the old GPLv2 version. It's simple really.

  • Simader (Score:4, Informative)

    by hpavc (129350) on Sunday April 15 2007, @02:01PM (#18743181)
    Simader is a putz and always has been. That project is the worst of programming with Perl ever -- its a contraption. Its developed like any 'job security' program would be, using a rube goldberg approach when ever possible. Any attempt to integrate with that project with anything has always met with his poison. Much rather put my efforts into something like http://frontaccounting.com/ [frontaccounting.com] rather than SQLL. Even though I am a perl zealot.

    Finally the death of his project.

    • Re: (Score:3, Interesting)

      by daeg (828071)
      I came here to say the exact same thing. We have another OSS project that "integrates" with SQL-Ledger (I use that term very loosely) and I am replacing both with, uh, real programming. I am convinced that SQL-Ledger and other hobbled-together "open source" projects are merely fronts for greedy developers that hook businesses with the prospect of free, open source packages that can replace commercial packages that can run into the thousands for even the smallest of businesses. Then, when the company wants t
      • The guys at LedgerSMB had exactly the same problem, and they're busy cleaning up the code. Their stance is different as they provide a service, not software, and they make more sense re Open Source approach to code.

        I think the root problem is that the SQL Ledger guy didn't realise what Open Source meant when he 'opened' it. LedgerSMB seems more focused on simply being a reasonable product, and their focus is the SME market who coul dnever afford the gazillion dollar programs..

    • Re: (Score:3, Informative)

      by einhverfr (238914)
      First, I would not run *any* accounting db on MySQL 4.x... Google "MySQL Gotchas" for good reasons why. So Frontaccounting is pretty much out.... (I am not sure I would trust MySQL 5.x either but that is another matter).

      Second, Simader's Perl is pretty much as you describe (\%$form?), and his db design isn't any better. We have spent six months doing what mostly amounts to security patches and now we are ready to re-engineer in place. By 2.0, LedgerSMB will have no code left from SQL-Ledger.
  • Does a project maintainer have an ethical obligation to notify his or her community of a license change? What about a legal obligation?

    Ethical obligation: certainly, I would argue.

    Legally, it's in the ballpark of something like this:

    You cannot change the license on contributions to your project without permission of every contributor.

    The enforceability of a license often depends in no small part on the notice of the change. For example, a quiet change of the license obligating you to make retroactive paymen
    • and intentionally didn't tell his contributors who kept making valuable contributions

      To be fair to the guy, he wasn't very keen to take in contributions so that doesn't seem to be a huge problem. I think he could have just been a bit clearer about his intentions, and that includes the realisation that Open Sourcing may not have been quite what he intended to do.

      Oh, and acting when angry isn't a good thing either, but we've all been there, I think :-).

      The prime problem I can see is that he did something su

  • absolutely! Yes!

    The evidence of this is shown in the development of GPLv3

    It's old school to bait and switch.
    It up and coming to be Honest and open.

    Perhaps honesty and openness was what was needed regarding the concerns that resulted in the flip flop?
    Would the flip flop had happened?

  • Not a Unique Phenomenon (Score:4, Informative)

    by ThinkComp (514335) on Sunday April 15 2007, @02:12PM (#18743257)
    I have been writing accounting software of my own lately (http://www.thinkcomputer.com) that also does taxes, and licensing has come up in the past week for me, as well. I used the PDFlib 6 library with PHP, which I paid over $1,400 for, to create PDF files so that my software could prepare tax returns, and all was working fine until my server crashed in March. I was forced to upgrade to new hardware, which I did, in the form of two Sun Fire X2200 servers running Linux. Installing PDFlib on my new setup didn't work, because even though my server had two processors, and I had a license for two processors, PDFlib detected four logical processors (each AMD CPU is dual-core). This was irritating on its own, but the fact that the newer version of PDFlib, version 7, uses a *different* system-based license (and of course they didn't tell anyone) that makes the number of logical processors irrelevant, means that the PDFlib acknowledge the flawed nature of their original license. When I asked them for assistance, since I needed to get my software up and running again, their response was that I should pay them $2,700 more in license fees for version 6 (more than the cost of the server) or $1,194 for a single-system upgrade to the new licensing scheme of version 7 (more than the cost of the original single-CPU license for version 6). To me, it sounded like extortion, but since the company is in Germany they can get away with it easier I suppose.

    Needless to say, I'm never using PDFlib again, and I'm re-writing all of my code to use FPDF (http://www.fpdf.org), which is free, and works just as well. It's even easier to write code for. Stay away from PDFlib!

    • Re:Not a Unique Phenomenon (Score:4, Insightful)

      by dinther (738910) on Sunday April 15 2007, @02:47PM (#18743493) Homepage
      So the lesson is:

      Never, ever, ever buy third party libraries without source. Without source you no longer own the solution you create. I have seen it happen many times before and these days I put a lot of pressure of the library vendor with the hard rule, "No source no Sale". Many of these third party library providers have gone out of business or shifted focus to other products. Without source I would be in trouble.

      Never, ever, ever buy any software at all that licenses against a specific set of hardware.

      Lately I more often contemplating switching OS to get away from the worst black box of all... "Windows" With Vista and the brain dead security rules introduced it becomes impossible to write software.

  • TLUG (Score:4, Informative)

    by hey (83763) on Sunday April 15 2007, @04:24PM (#18744175) Journal
    This was the topic at the recent Toronto Linux User Group meeting.
    http://tlug.ss.org/wiki/Meetings:2007-04 [ss.org]
    The talk was by a Ledger SMB core developer.
    I bought what he said... Ledger SMB is now on Source Forge, reacts to security issues,
    accepts patches, is converting to a saner architecture, uses CURRENCY instead of FLOAT for money.
    Seems like its a winner.

  • Other Accounts Packages (Score:5, Informative)

    by Colin Smith (2679) on Sunday April 15 2007, @04:58PM (#18744445)
    There are actually rather a lot of free and open source accounting packages around.

            * Front Accounting
            * Ledger SMB
            * WebERP
            * OpenAccounting
            * TurboCash
                        o Windows
            * GnuCash
            * Personal
                        o HomeBank
                        o jGnash
                        o GFP
                        o Grisbi
            * CK-Ledger
            * Compiere
            * Lazy8
            * Quasar
                        o Linux Canada
            * phpCOIN
            * opentaps
            * Bambooinvoice
            * GnuAccounting
            * phpOrganisation
            * OpenBravo

    They are in various states of repair and different markets from the personal to the one man band to the multinational.
     

  • SQL-Ledger = Cavalier Security (Score:3, Interesting)

    by The Breeze (140484) on Sunday April 15 2007, @05:10PM (#18744545) Homepage
    I never even tried SQL ledger, simply because while researching different Linux accounting packages I came across some post by one of the head guys, possibly this "Dieter" doorknob, replying to a user with something very much like the following:

    "Well, I wouldn't worry about it. We are not that concerned with security because there's nothing that SQL Ledger works with that would be of interest to anyone except an accountant, and I don't think we need to worry about a bunch of rogue accountants."

    That statement alone made me not want to touch the packae, even though it looked very nice otherwise.

    • Re:Can we please lay off the emotional language (Score:4, Informative)

      by cheros (223479) on Sunday April 15 2007, @02:02PM (#18743189)
      No, that wasn't emotional, that was a fact. Gagging in this case refers to posts querying the change or motive (or even mentioning the very fact) of the change were moderated out so the userbase was kept unaware.

      I think the bottomline appears to be that the guy Open Sourced something and didn't quite understood the consequences. And it's easy to stack mistake on mistake once you're on the wrong foot..

      Having followed both mailing lists I must say that the LedgerSMB one is very lively indeed - and has more people visible in development. That doesn't mean I don't feel sorry for the original author, but I think he may need a bit of a spokesperson between him and the rest of the world..

      • "That doesn't mean I don't feel sorry for the original author, but I think he may need a bit of a spokesperson between him and the rest of the world.."

        ... like Theo de Raadt? ... or maybe Hans Reiser? ... or (to keep it even) Monkeyboy chair(throwing)man "the Balminator" "I'm gonna fucking kill google" Ballmer?

        Deiter may have switched the license back to GPLv2, but at this point, why bother ... he's done more to promote the competing fork as being the "legit, safe" one than anything else.

    • I would consider not being able to talk about it as being gagged. You seem to have missed the part where he blocked all discussions about the license on the forum.
    • There does seem to have been some 'gagging', although one could discuss the real meaning of that word further. However, the point: messages sent to the mailing list to discuss the licence issue were not approved for actual posting. Sounds like someone had something to hide.
    • The summary says:

      "Just recently the license was switched back to GPLv2...

      This is what happens when you don't read the summary correctly ;)

      • Re: (Score:2, Informative)

        by stoolpigeon (454276) *
        the summary changed between when the story was first up in the 'mysterious future' and when it went live. which is how it is supposed to work - but could also explain the confusion.

        • Re: (Score:3, Informative)

          by Bananatree3 (872975) *
          good point. I wasn't aware that it had changed during that time. That would explain why he didn't notice the change, as he had read the summary while it was still in the firehose.
    • yeah, i often think, if they ever changed the licence of apache, i'll just fork it, and devote every minute of my spare time learning how to maintain the codebase of a fully featured webserver. That should be really practical.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.