SQL-Ledger Relicensed, Community Gagged

Ashley Gittins writes "Users of the popular accounting package SQL-Ledger were being kept in the dark about a recent license change. Two weeks ago a new version of the software was released but along with it came the silent change of license from GPLv2 to the 'SQL-Ledger Open Source License' — presumably in an effort to prevent future forks like LedgerSMB. As it turns out, the author was making deliberate attempts to prevent the community from finding out about the license change. No posts to the SQL-Ledger mailing lists asking about the license change were getting past moderation and direct questions to the author were going unanswered. Just recently the license was switched back to GPLv2. This behavior is not a first for this particular project, and is part of the reason for the original LedgerSMB fork. Does a project maintainer have an ethical obligation to notify his or her community of a license change? What about a legal obligation?"

Oh no!

Nothing for you to see here. Please move along.

The developer is in charge of /. too!

He did notify of the license change

And if you don't like it, or can't find it to decide if you like it or not, then your choice is still the same... take the last version under the old license and fork it.

Legal obligation? Probably not... Ethical?

Of course! Being open is exactly what open source is about. Well, hopefully the LedgerSMB fork will be able to get beyond the personality defects of the SQL-Ledger guy...

Re:Legal obligation? Probably not... Ethical?

couldn't there be a problem considering the license was GPL not some BSD or apache style license. once the base is GPL, shouldn't that mean the derivatives can't be more closed than the base? (anyway IANAL).

No. There's only a problem if someone made a fork and tried to change it from GPL to something else. This was a move by the guy who holds the copyrights to the code. the copyright holder can, at anytime, decide he wants to move his code to another license. the catch is that all previously released code is still under the previous license. That is, if i release Foobar v1 under the GPL, then I release Foobar v1.1 under BSD, v1.0 remains licensed under the GPL, and you are free to take that code and start your own version, Forkbar v1.0. However, you must always keep it as GPL, because you don't own the copyright on the code; you only have access to it because of the GPL.

Re:Legal obligation? Probably not... Ethical?

Having actually read TFA, it looks like the author was, in fact, trying to do exactly those two things he does not have the right to do with the existing code base:

* Retroactively re-license existing versions from the GPL to the new version:

The version published on the website at http://www.sql-ledger.com/source/license/COPYING [sql-ledger.com] takes precedence over any other version in circulation.

* Unlaterally re-license code that includes third part submissions, since most of the translation packages were done by user submission.

Ignoring those two actions, even if the license change is strictly legal, it's downright underhanded to pull a stunt like he did. He didn't just change the license on his software; he put out a point release on the primary distribution site, after having changed the license terms included with the package, then refused to let anyone bring it up on the official support mailing list. How many of us would notice if we downloaded and installed the lastest apache or postfix or whatever, and the license had silently and magically changed to a closed one?

Re:Legal obligation? Probably not... Ethical?

I bet they would, since should they give their code to the project leader under GPL, and then the project leader takes their code under GPL, and changes the license to X, he's in direct violation of the GPL. It would be ok if the entire project's code base were written solely by the project leader. In the likely event that it wasn't, the project leader doesn't own the copyright to the submitted code, and for him to use it in anything other than the GPL license given to him would be committing copyright infringement, which is illegal.

Update and reply

I am a core member of the LedgerSMB development team. The author of this post ran it by me as a courtesy before submitting it.

In the time since this was submitted, Mr Simader has seen the light and reverted to the GPL, albeit very unhappily. Such is life.

I don't actually begrudge Mr Simader the right to choose whatever copyright license he wants to have for his work. That is his moral right, and I have no problem with it. However, I was very unhappy with the fact that a lot of contributors' code, including all the translations, were still licensed under the GPL and since his new license was not compatable with it, I felt that he was causing problems for everyone including our project which is why I began contacting contributors privately about the whole thing.

Also, in the event of a license change away from a specific and well-understood OSI-approved license, I think that the developer also needs to give users a heads-up before they install the new version. This is, however, as far as I see the ethical obligations. And even these were not followed.

Finally, on the LedgerSMB project we are committed to rewriting the entire application, not just in order to prevent further conflict with Mr Simader but also in order to create a better program and one which can be more easily maintained. But we would be remiss if we didn't recognize that our success is in fact partly based on his.

Re:Legal obligation? Probably not... Ethical?

once the base is GPL, shouldn't that mean the derivatives can't be more closed than the base?

The author of the work can always release his work under any license he sees fit. The problem would be any code contributed by others in this case.

switched back

if you read the links, you will see that the author has already switched back to gpl v2

Relicensing...

If the author is the sole author and/or owns all the copyrights, then they can do what ever they like. If, however, they have accepted third party submitions then they may have a legal obligation to remain GPLv2

Reading comprehension

The community being gagged refers to the fact that their messages were dropped from the associated mailing list. You probably didn't read the article, huh?

Legal: No, Ethical: Maybe...

Legally you don't have to announce your business decisions in advance, ethically well... I can understand why you wouldn't, the day you came out and said it the GPL version is as good as yours - no reason to switch. You'd want to have some sort of carrot "New version with $foo and $bar" so people would actually change. Everyone producing anything OSS is entitled to stand up at any moment and say "Screw this, I'm going to try making money off it", assuming it's all their code of course. If you want reliability and future commitment, perhaps you should pay for it? As long as you rely on volunteer contributions you haven't really got a leg to stand on, should they disappear in a puff of smoke.

Re:Legal: No, Ethical: Maybe...

If you want reliability and future commitment, perhaps you should pay for it?

That doesn't always work either. Just read the EULA for, well, pretty much any piece of commercial software. If the vendor disappears, decides not to support the product, if it vaporizes your computer and most of the building its in ... tough. Paying for it doesn't mean anything in and of itself. Consequently, you have no assurance of anything in the software world unless you're dealing with a vendor that has a significant track record of playing square with its customers. Still no guarantee, but that's about as good as it gets, and it is true whether it's open source or not, commercial or not.

Looks like the project is officially being killed.

Both the links to their "public support forum" and wiki bring up a HTTP password prompt.

Definitely unethical

Forcing people to accept a change in the license without telling them? Definitely unethical - kind of like forcing people to accept Windows Genunie Advantage if you want patches.

Simader

Simader is a putz and always has been. That project is the worst of programming with Perl ever -- its a contraption. Its developed like any 'job security' program would be, using a rube goldberg approach when ever possible. Any attempt to integrate with that project with anything has always met with his poison. Much rather put my efforts into something like http://frontaccounting.com/ [frontaccounting.com] rather than SQLL. Even though I am a perl zealot.

Finally the death of his project.

Licenses

Does a project maintainer have an ethical obligation to notify his or her community of a license change? What about a legal obligation?

Ethical obligation: certainly, I would argue.

Legally, it's in the ballpark of something like this:

You cannot change the license on contributions to your project without permission of every contributor.

The enforceability of a license often depends in no small part on the notice of the change. For example, a quiet change of the license obligating you to make retroactive payments for usage, where you would never have predicted this, will likely be unenforceable. On the other hand, a small change in the license that requires redistributers to redistribute source code in an open format such as tarballs is probably enforceable.

An author can be prevented from suing you for breach of license if the author changed the license without telling you, and you reasonably relied upon the prior license not changing to do something reasonable under the prior license. This is the legal concept of estoppel - colloquially, the author is estopped from enforcing the license.

Another concept, unjust enrichment, may also apply. In this case, the author changed the license, and intentionally didn't tell his contributors who kept making valuable contributions, the author may be deprived of his enrichment, because it was unjust, and the contributors may have a right to withdraw their contributions, or have project remain under the old license insofar as those contributions apply (for example).

Mind you, these are common law concepts, and no doubt modified by statutory schemes (e.g. the UCC).

The obvious answer to the question is ....

absolutely! Yes!

The evidence of this is shown in the development of GPLv3

It's old school to bait and switch.
It up and coming to be Honest and open.

Perhaps honesty and openness was what was needed regarding the concerns that resulted in the flip flop?
Would the flip flop had happened?

Not a Unique Phenomenon

I have been writing accounting software of my own lately (http://www.thinkcomputer.com) that also does taxes, and licensing has come up in the past week for me, as well. I used the PDFlib 6 library with PHP, which I paid over $1,400 for, to create PDF files so that my software could prepare tax returns, and all was working fine until my server crashed in March. I was forced to upgrade to new hardware, which I did, in the form of two Sun Fire X2200 servers running Linux. Installing PDFlib on my new setup didn't work, because even though my server had two processors, and I had a license for two processors, PDFlib detected four logical processors (each AMD CPU is dual-core). This was irritating on its own, but the fact that the newer version of PDFlib, version 7, uses a *different* system-based license (and of course they didn't tell anyone) that makes the number of logical processors irrelevant, means that the PDFlib acknowledge the flawed nature of their original license. When I asked them for assistance, since I needed to get my software up and running again, their response was that I should pay them $2,700 more in license fees for version 6 (more than the cost of the server) or $1,194 for a single-system upgrade to the new licensing scheme of version 7 (more than the cost of the original single-CPU license for version 6). To me, it sounded like extortion, but since the company is in Germany they can get away with it easier I suppose.

Needless to say, I'm never using PDFlib again, and I'm re-writing all of my code to use FPDF (http://www.fpdf.org), which is free, and works just as well. It's even easier to write code for. Stay away from PDFlib!

Re:Not a Unique Phenomenon

So the lesson is:

Never, ever, ever buy third party libraries without source. Without source you no longer own the solution you create. I have seen it happen many times before and these days I put a lot of pressure of the library vendor with the hard rule, "No source no Sale". Many of these third party library providers have gone out of business or shifted focus to other products. Without source I would be in trouble.

Never, ever, ever buy any software at all that licenses against a specific set of hardware.

Lately I more often contemplating switching OS to get away from the worst black box of all... "Windows" With Vista and the brain dead security rules introduced it becomes impossible to write software.

Here is the only license

that ever made sense to me.

"The party of the first part shall be known in this contract as the party of the first part." [searchlores.org]

TLUG

This was the topic at the recent Toronto Linux User Group meeting.
http://tlug.ss.org/wiki/Meetings:2007-04 [ss.org]
The talk was by a Ledger SMB core developer.
I bought what he said... Ledger SMB is now on Source Forge, reacts to security issues,
accepts patches, is converting to a saner architecture, uses CURRENCY instead of FLOAT for money.
Seems like its a winner.

Other Accounts Packages

There are actually rather a lot of free and open source accounting packages around.

        * Front Accounting
        * Ledger SMB
        * WebERP
        * OpenAccounting
        * TurboCash
                    o Windows
        * GnuCash
        * Personal
                    o HomeBank
                    o jGnash
                    o GFP
                    o Grisbi
        * CK-Ledger
        * Compiere
        * Lazy8
        * Quasar
                    o Linux Canada
        * phpCOIN
        * opentaps
        * Bambooinvoice
        * GnuAccounting
        * phpOrganisation
        * OpenBravo

They are in various states of repair and different markets from the personal to the one man band to the multinational.
 

SQL-Ledger = Cavalier Security

I never even tried SQL ledger, simply because while researching different Linux accounting packages I came across some post by one of the head guys, possibly this "Dieter" doorknob, replying to a user with something very much like the following:

"Well, I wouldn't worry about it. We are not that concerned with security because there's nothing that SQL Ledger works with that would be of interest to anyone except an accountant, and I don't think we need to worry about a bunch of rogue accountants."

That statement alone made me not want to touch the packae, even though it looked very nice otherwise.

AGG 2.4 BSD - AGG 2.5 GPL

In a similar vein:

I'm still trying to figure out why the Anti-Grain Geometry library went from BSD-like to GPL a few months ago with no code change. http://www.antigrain.com/ [antigrain.com]

I haven't found any information on why the switch occurred and the author doesn't appear to have explained his motivations. I find myself working on a project in which I can employ 2.4, but I can't upgrade to 2.5 due to the licensing restriction, so I must either fork and maintain what I am using from 2.4 or abandon the library.

The bait-and-switch nature of the change is somewhat troubling to me, though I admit the principal author of AGG doesn't appear to be gagging inquiries like in the SQLLedger/LedgerSMB case.

maybe no obligation

If there are no third party contributions to the software, then the author can change the license in whatever way he wants to (of course, not retroactively--old GPL'ed copies remain GPL).

If there are third party contributions, it depends on whether the contributors assigned the copyright to him. If they did not, he can't change the license. If they did, it depends on what the copyright assignment forms imposed on him.

In many cases, I wouldn't consider a GPL->proprietary license change a big deal for a package like this; basically, it means that the maintainer cannot, or doesn't want to, maintain the software under the GPL anymore. Whether he just stops it altogether or tries to make a go at it commercially doesn't make such a big difference to people interested in open source.

GPL->proprietary changes (or similar license shenanigans) are a big problem for infrastructure products (libraries, virtual machines, compilers), because they have a lot of downstream dependencies, and they pose the conundrum whether one should stay with "the standard" or with the open source version.

Look at webERP instead

SQL-leger is written in perl - the write only language. We are going for webERP instead.

- there are perl threaded bugs thatthey never would fix...

Clueless

From the article, it really doesn't sound like the developer really understands what Open Source or the GPL is all about. Let him go and good riddance - I understand there's a pretty good fork out there anyway. :+>

License's fork?

http://eniv.blogspot.com/2007/04/license-for-gpls- text.html [blogspot.com] -- Now which license's fork is SQL-Ledger Open Source License? :D

Re:Can we please lay off the emotional language

No, that wasn't emotional, that was a fact. Gagging in this case refers to posts querying the change or motive (or even mentioning the very fact) of the change were moderated out so the userbase was kept unaware.

I think the bottomline appears to be that the guy Open Sourced something and didn't quite understood the consequences. And it's easy to stack mistake on mistake once you're on the wrong foot..

Having followed both mailing lists I must say that the LedgerSMB one is very lively indeed - and has more people visible in development. That doesn't mean I don't feel sorry for the original author, but I think he may need a bit of a spokesperson between him and the rest of the world..

Re:Can we please lay off the emotional language

"That doesn't mean I don't feel sorry for the original author, but I think he may need a bit of a spokesperson between him and the rest of the world.."

... like Theo de Raadt? ... or maybe Hans Reiser? ... or (to keep it even) Monkeyboy chair(throwing)man "the Balminator" "I'm gonna fucking kill google" Ballmer?

Deiter may have switched the license back to GPLv2, but at this point, why bother ... he's done more to promote the competing fork as being the "legit, safe" one than anything else.

Re:Can we please lay off the emotional language

I would consider not being able to talk about it as being gagged. You seem to have missed the part where he blocked all discussions about the license on the forum.

I see you didn't RTFS

The summary says:

"Just recently the license was switched back to GPLv2...

This is what happens when you don't read the summary correctly ;)

Re:Can we please lay off the emotional language

There does seem to have been some 'gagging', although one could discuss the real meaning of that word further. However, the point: messages sent to the mailing list to discuss the licence issue were not approved for actual posting. Sounds like someone had something to hide.

Moderated and Removed Means Gagging Dipshit

Unless your definition of gagging is rectal fisting.

Re:What?

Quite a few people care.

If no one cared, there wouldn't have been a fork a while ago.

But that said, it *is* Deiter's software, so he can change the licensing if he wants. ( and we can all go about our merry way with the fork too.. )

Re:If it's GPL, doesn't it have to stay that way?

That rules does not apply to the owner of the copyright; it only applies to licensees.

Re:Can we please lay off the emotional language

When you feel the urge to be pedantic it helps to actually be well-informed regarding your subject matter. Since you like that sort of thing you should enjoy this:

I think it's pretty clear to most people from the summary that the word "gagged" isn't being used in the strict legal or even literal sense, but rather in the figurative sense:

gag: verb, figurative (of a person or body with authority) prevent (someone) from speaking freely or disseminating information : the administration is trying to gag its critics.

Having the moderators (or sole moderator, if that is the case) of what is probably the main "community" discussion forum blocking any and all posts asking or making statements about a particular topic seems to fit pretty nicely into this definition. Doesn't seem all that emotional either, more like an accurate, factual description, although not written in the technically precise legal terms you would have preferred. Any emotional reaction should come from your abhorrence, hatred, loathing, detestation, execration, revulsion, disgust, repugnance, horror, odium, or aversion to the entire concept of censorship in even the most minor situation relating to the legal rights of others.

Hopefully this project will now die a horrible death after being forked yet again by people who are actually interested in maintaining and improving it for current users without attempting to exercise control over the behavior of the users. No one should put up with this behavior from the developer of any software you rely on to do something as important as keeping your business running.

Lay off the echo chambers?

First of all, the community wasn't "gagged", when you are gagged you are forbidden from saying something
What part of "posts didnt make moderation" did you not see? To preempt it, a private (exclusivist) entity used moderation to remove objection. That's gagging, no matter how the entity was grouped. No "liberty to exclude" excuses can explain it.

Read the following:
No posts to the SQL-Ledger mailing lists asking about the license change were getting past moderation and direct questions to the author were going unanswered.

Re:Can we please lay off the emotional language

Even if they were 'gagged', its his software, his forum, his mailing list... We arent talking about a government here.

Re:Can we please lay off the emotional language

Yeah, the summary is heavy on the language, but the fact is that several community members tried to bring up on the mailing list the fact that the license was changed, but their posts were censored. I would say that meets your definition of Gagged. To date there have still been no posts allowed through to the list regarding the license change. The point now is mostly moot however, as the license has changed back to GPL so the remainder of the community will probably continue on never knowing what has transpired.

Re:Can we please lay off the emotional language

Sure the community was (and continues to be) gagged. If you shut off the mailing list, and only let through messages that say positive things then you have effectively gagged the community. That being said, though, the community is very used to this. Whenever any bug surfaces, or something new is disliked then Dieter shuts off the mailing list until people stop talking about it. It's the classic "it's my ball and I'm taking it home" situation.