SQL-Ledger Relicensed, Community Gagged

Ashley Gittins writes "Users of the popular accounting package SQL-Ledger were being kept in the dark about a recent license change. Two weeks ago a new version of the software was released but along with it came the silent change of license from GPLv2 to the 'SQL-Ledger Open Source License' — presumably in an effort to prevent future forks like LedgerSMB. As it turns out, the author was making deliberate attempts to prevent the community from finding out about the license change. No posts to the SQL-Ledger mailing lists asking about the license change were getting past moderation and direct questions to the author were going unanswered. Just recently the license was switched back to GPLv2. This behavior is not a first for this particular project, and is part of the reason for the original LedgerSMB fork. Does a project maintainer have an ethical obligation to notify his or her community of a license change? What about a legal obligation?"

Oh no!

[rolfwind (528248)]

Nothing for you to see here. Please move along.

The developer is in charge of /. too!

Legal obligation? Probably not... Ethical?

[erroneus (253617)]

Of course! Being open is exactly what open source is about. Well, hopefully the LedgerSMB fork will be able to get beyond the personality defects of the SQL-Ledger guy...

Re:Legal obligation? Probably not... Ethical?

[no reason to be here (218628)]

couldn't there be a problem considering the license was GPL not some BSD or apache style license. once the base is GPL, shouldn't that mean the derivatives can't be more closed than the base? (anyway IANAL).

No. There's only a problem if someone made a fork and tried to change it from GPL to something else. This was a move by the guy who holds the copyrights to the code. the copyright holder can, at anytime, decide he wants to move his code to another license. the catch is that all previously released code is still under the previous license. That is, if i release Foobar v1 under the GPL, then I release Foobar v1.1 under BSD, v1.0 remains licensed under the GPL, and you are free to take that code and start your own version, Forkbar v1.0. However, you must always keep it as GPL, because you don't own the copyright on the code; you only have access to it because of the GPL.

Re:

[gmack (197796)]

That only applies if he hasn't accepted any outside submissions and therefore is the copyright holder of the code or has had all copyrights assigned to him.

Re:Legal obligation? Probably not... Ethical?

[KutuluWare (791333)]

Having actually read TFA, it looks like the author was, in fact, trying to do exactly those two things he does not have the right to do with the existing code base:

* Retroactively re-license existing versions from the GPL to the new version:

The version published on the website at http://www.sql-ledger.com/source/license/COPYING [sql-ledger.com] takes precedence over any other version in circulation.

* Unlaterally re-license code that includes third part submissions, since most of the translation packages were done by user submission.

Ignoring those two actions, even if the license change is strictly legal, it's downright underhanded to pull a stunt like he did. He didn't just change the license on his software; he put out a point release on the primary distribution site, after having changed the license terms included with the package, then refused to let anyone bring it up on the official support mailing list. How many of us would notice if we downloaded and installed the lastest apache or postfix or whatever, and the license had silently and magically changed to a closed one?

Update and reply

[einhverfr (238914)]

I am a core member of the LedgerSMB development team. The author of this post ran it by me as a courtesy before submitting it.

In the time since this was submitted, Mr Simader has seen the light and reverted to the GPL, albeit very unhappily. Such is life.

I don't actually begrudge Mr Simader the right to choose whatever copyright license he wants to have for his work. That is his moral right, and I have no problem with it. However, I was very unhappy with the fact that a lot of contributors' code, including all the translations, were still licensed under the GPL and since his new license was not compatable with it, I felt that he was causing problems for everyone including our project which is why I began contacting contributors privately about the whole thing.

Also, in the event of a license change away from a specific and well-understood OSI-approved license, I think that the developer also needs to give users a heads-up before they install the new version. This is, however, as far as I see the ethical obligations. And even these were not followed.

Finally, on the LedgerSMB project we are committed to rewriting the entire application, not just in order to prevent further conflict with Mr Simader but also in order to create a better program and one which can be more easily maintained. But we would be remiss if we didn't recognize that our success is in fact partly based on his.

Re:Legal obligation? Probably not... Ethical?

[fourchannel (946359)]

I bet they would, since should they give their code to the project leader under GPL, and then the project leader takes their code under GPL, and changes the license to X, he's in direct violation of the GPL. It would be ok if the entire project's code base were written solely by the project leader. In the likely event that it wasn't, the project leader doesn't own the copyright to the submitted code, and for him to use it in anything other than the GPL license given to him would be committing copyright infringement, which is illegal.

Re:Legal obligation? Probably not... Ethical?

[pipatron (966506)]

once the base is GPL, shouldn't that mean the derivatives can't be more closed than the base?

The author of the work can always release his work under any license he sees fit. The problem would be any code contributed by others in this case.

Relicensing...

[mlwmohawk (801821)]

If the author is the sole author and/or owns all the copyrights, then they can do what ever they like. If, however, they have accepted third party submitions then they may have a legal obligation to remain GPLv2

Re:

[pla (258480)]

If the author is the sole author and/or owns all the copyrights, then they can do what ever they like.

They can do whatever they like in the future. And anyone can take the entire GPL'd code base from the day before the license change and tell the "owner" to go fork himself.

That in itself counts as one of the best reasons to use GPL'd software - Eternal compatibility, as long as someone, anyone, continues work on the older codebase (which may mean nothing more than compiling it as-it-stands once every

Reading comprehension

[Hrothgar The Great (36761)]

The community being gagged refers to the fact that their messages were dropped from the associated mailing list. You probably didn't read the article, huh?

Legal: No, Ethical: Maybe...

[Kjella (173770)]

Legally you don't have to announce your business decisions in advance, ethically well... I can understand why you wouldn't, the day you came out and said it the GPL version is as good as yours - no reason to switch. You'd want to have some sort of carrot "New version with $foo and $bar" so people would actually change. Everyone producing anything OSS is entitled to stand up at any moment and say "Screw this, I'm going to try making money off it", assuming it's all their code of course. If you want reliability and future commitment, perhaps you should pay for it? As long as you rely on volunteer contributions you haven't really got a leg to stand on, should they disappear in a puff of smoke.

Re:Legal: No, Ethical: Maybe...

[ScrewMaster (602015)]

If you want reliability and future commitment, perhaps you should pay for it?

That doesn't always work either. Just read the EULA for, well, pretty much any piece of commercial software. If the vendor disappears, decides not to support the product, if it vaporizes your computer and most of the building its in ... tough. Paying for it doesn't mean anything in and of itself. Consequently, you have no assurance of anything in the software world unless you're dealing with a vendor that has a significant track record of playing square with its customers. Still no guarantee, but that's about as good as it gets, and it is true whether it's open source or not, commercial or not.

Looks like the project is officially being killed.

[Ant P. (974313)]

Both the links to their "public support forum" and wiki bring up a HTTP password prompt.

Definitely unethical

[$RANDOMLUSER (804576)]

Forcing people to accept a change in the license without telling them? Definitely unethical - kind of like forcing people to accept Windows Genunie Advantage if you want patches.

Simader

[hpavc (129350)]

Simader is a putz and always has been. That project is the worst of programming with Perl ever -- its a contraption. Its developed like any 'job security' program would be, using a rube goldberg approach when ever possible. Any attempt to integrate with that project with anything has always met with his poison. Much rather put my efforts into something like http://frontaccounting.com/ [frontaccounting.com] rather than SQLL. Even though I am a perl zealot.

Finally the death of his project.

Re:

[daeg (828071)]

I came here to say the exact same thing. We have another OSS project that "integrates" with SQL-Ledger (I use that term very loosely) and I am replacing both with, uh, real programming. I am convinced that SQL-Ledger and other hobbled-together "open source" projects are merely fronts for greedy developers that hook businesses with the prospect of free, open source packages that can replace commercial packages that can run into the thousands for even the smallest of businesses. Then, when the company wants t

Where to you think the LedgerSMB form came from?

[cheros (223479)]

The guys at LedgerSMB had exactly the same problem, and they're busy cleaning up the code. Their stance is different as they provide a service, not software, and they make more sense re Open Source approach to code.

I think the root problem is that the SQL Ledger guy didn't realise what Open Source meant when he 'opened' it. LedgerSMB seems more focused on simply being a reasonable product, and their focus is the SME market who coul dnever afford the gazillion dollar programs..

Not a Unique Phenomenon

[ThinkComp (514335)]

I have been writing accounting software of my own lately (http://www.thinkcomputer.com) that also does taxes, and licensing has come up in the past week for me, as well. I used the PDFlib 6 library with PHP, which I paid over $1,400 for, to create PDF files so that my software could prepare tax returns, and all was working fine until my server crashed in March. I was forced to upgrade to new hardware, which I did, in the form of two Sun Fire X2200 servers running Linux. Installing PDFlib on my new setup didn't work, because even though my server had two processors, and I had a license for two processors, PDFlib detected four logical processors (each AMD CPU is dual-core). This was irritating on its own, but the fact that the newer version of PDFlib, version 7, uses a *different* system-based license (and of course they didn't tell anyone) that makes the number of logical processors irrelevant, means that the PDFlib acknowledge the flawed nature of their original license. When I asked them for assistance, since I needed to get my software up and running again, their response was that I should pay them $2,700 more in license fees for version 6 (more than the cost of the server) or $1,194 for a single-system upgrade to the new licensing scheme of version 7 (more than the cost of the original single-CPU license for version 6). To me, it sounded like extortion, but since the company is in Germany they can get away with it easier I suppose.

Needless to say, I'm never using PDFlib again, and I'm re-writing all of my code to use FPDF (http://www.fpdf.org), which is free, and works just as well. It's even easier to write code for. Stay away from PDFlib!

Re:Not a Unique Phenomenon

[dinther (738910)]

So the lesson is:

Never, ever, ever buy third party libraries without source. Without source you no longer own the solution you create. I have seen it happen many times before and these days I put a lot of pressure of the library vendor with the hard rule, "No source no Sale". Many of these third party library providers have gone out of business or shifted focus to other products. Without source I would be in trouble.

Never, ever, ever buy any software at all that licenses against a specific set of hardware.

Lately I more often contemplating switching OS to get away from the worst black box of all... "Windows" With Vista and the brain dead security rules introduced it becomes impossible to write software.

TLUG

[hey (83763)]

This was the topic at the recent Toronto Linux User Group meeting.
http://tlug.ss.org/wiki/Meetings:2007-04 [ss.org]
The talk was by a Ledger SMB core developer.
I bought what he said... Ledger SMB is now on Source Forge, reacts to security issues,
accepts patches, is converting to a saner architecture, uses CURRENCY instead of FLOAT for money.
Seems like its a winner.

Other Accounts Packages

[Colin Smith (2679)]

There are actually rather a lot of free and open source accounting packages around.

        * Front Accounting
        * Ledger SMB
        * WebERP
        * OpenAccounting
        * TurboCash
                    o Windows
        * GnuCash
        * Personal
                    o HomeBank
                    o jGnash
                    o GFP
                    o Grisbi
        * CK-Ledger
        * Compiere
        * Lazy8
        * Quasar
                    o Linux Canada
        * phpCOIN
        * opentaps
        * Bambooinvoice
        * GnuAccounting
        * phpOrganisation
        * OpenBravo

They are in various states of repair and different markets from the personal to the one man band to the multinational.
 

Re:Can we please lay off the emotional language

[cheros (223479)]

No, that wasn't emotional, that was a fact. Gagging in this case refers to posts querying the change or motive (or even mentioning the very fact) of the change were moderated out so the userbase was kept unaware.

I think the bottomline appears to be that the guy Open Sourced something and didn't quite understood the consequences. And it's easy to stack mistake on mistake once you're on the wrong foot..

Having followed both mailing lists I must say that the LedgerSMB one is very lively indeed - and has more people visible in development. That doesn't mean I don't feel sorry for the original author, but I think he may need a bit of a spokesperson between him and the rest of the world..

Re:Can we please lay off the emotional language

[tomhudson (43916)]

"That doesn't mean I don't feel sorry for the original author, but I think he may need a bit of a spokesperson between him and the rest of the world.."

... like Theo de Raadt? ... or maybe Hans Reiser? ... or (to keep it even) Monkeyboy chair(throwing)man "the Balminator" "I'm gonna fucking kill google" Ballmer?

Deiter may have switched the license back to GPLv2, but at this point, why bother ... he's done more to promote the competing fork as being the "legit, safe" one than anything else.

Re:

[Bananatree3 (872975)]

good point. I wasn't aware that it had changed during that time. That would explain why he didn't notice the change, as he had read the summary while it was still in the firehose.