Features Download
From: Luke Kanies <luke <at> madstop.com>
Subject: [Puppet Users] Licensing and Copyright
Newsgroups: gmane.comp.sysutils.puppet.user
Date: Monday 6th April 2009 19:15:44 UTC (over 9 years ago)
Hi all,

I fear this discussion will quickly devolve into a recursive flame- 
fest, but it needs to be broached, so here we go.  Note that I kind of  
think this is more of dev topic than users, but I want to make sure  
everyone knows the conversation is happening and can easily  
participate.  This is also likely to be the first of a series of  
conversations I'll be starting to try to paper over the lack of  
organization and process we've had in the past.

First, I want to be clear that this is me seeking your input - we  
haven't decided on anything, and I'm starting this thread so we have  
the necessary data to make a decision.  We have to be conscious that  
Reductive Labs is a commercial company, though.  My development of  
Puppet and the money I make around it feeds my family and keeps us  
housed, allowing me to focus on it full time.

I think our focus on building community stands on its own, but the  
contributor list is an equally clear indication that being paid to  
work on Puppet results in a lot more work being done on Puppet - of  
the top ten Puppet contributors (http://www.ohloh.net/p/puppet/contributors

), 5 have been paid by their companies to do the work, and 4 have been  
paid specifically by Reductive Labs (me, Andrew, Rick, and Ben/ajax).   
One of my goals in this discussion is to figure out the best way to  
pay more people to work on Puppet, by having enough money to hire  
them.  (Incidentally, I should be posting a job description for a full- 
time programmer at Reductive Labs this week.)

Finally, if you have concerns about this topic that you don't feel  
comfortable voicing publicly, feel free to contact me directly.


We've never done a very good job of having much of a licensing or  
copyright strategy for Puppet and the tools around it.  While all of  
the projects have a license, there's no documentation on how to  
maintain the license (e.g., whether every file should have a license  
header), and there's a bit of confusion around the license itself  
since Puppet's current license file says 'GPL2 or later'.

As to copyright, we're *pretty* good at maintaining that, especially  
since we switched to Git, since everyone who commits has their email  
address recorded with the commit, but we don't have an official  
project policy published anywhere one way or another, and we just  
haven't been tracking copyright.

For both the project and my company, I think we need to develop  
complete policies around these two topics, and then spend time  
actually maintaining them.

Given that we have a license but no policies or history around it, I  
think it's worth revisiting the basics, and assessing what's best for  
the project.  I expect that Reductive Labs would fund any work that  
needs to be done to enact these policies, but as always, I'll do what  
I can to encourage community involvement.

I think there are essentially two decisions to make, with some details  
around them:

1) Should we use a completely open Apache-style license, or a  
reciprocal/viral GPL-style license?
2) Should we require copyright assignment of any kind?

Going with those questions, we have two priorities:

1) Maximize ability to grow and sustain a community
2) Enable Reductive Labs to increase its funding of development

This second point is important to be obvious about - like Pixar (http://www.nytimes.com/2009/04/06/business/media/06pixar.html

), we make money so we can write software, and Puppet clearly needs  
more development time than we're spending on it right now.  There are  
further tools beyond Puppet that we also want to create, but we need  
enough developer manpower to be able to do so.

I expect this point to be the biggest source of contention, so all I  
can really say is, Reductive Labs isn't suddenly morphing into an anti- 
community commercial vendor who uses open source for marketing but  
doesn't actually believe in it.  I'm asking *you*, right now, how we  
can tune our licensing and copyright policy to best meet your needs.   
If that doesn't satisfy you, I'll be glad to fly out and discuss it  
with you for $5,000 USD per day. :)

Really, though, one of my other goals here is to be more transparent  
about how Reductive Labs hopes to make money and continue funding  
development.  Many people in the community are curious on this front  
for many reasons, and I think it's important it be clear.

Here is some reading on this subject, to kind of set the context:

(This article came out much more in favor than Open Core than it was  
supposed to; the article was supposed to be a question, rather than an  




Fundamentally, I see three basic choices:

1) Leave them like they are.  No copyright assignment, no real  
copyright maintenance, GPL2 or later.  This means that every  
contributor ever must give permission for things like license changes,  
we can't easily protect against license infringement (http://www.gnu.org/licenses/why-assign.html

), no one can ever dual license, and essentially no commercial  
software can ever be produced that integrates with Puppet.

2) Stick to a viral/reciprocal license (probably AGPLv3) but require  
Sun-style copyright contribution (which provides the project a non- 
exclusive license to the copyright).  This provides a single  
organization with a license for all copyright, and allows that license  
holder (Reductive Labs) to protect against license infringement,  
provide patent indemnity (which I've already been asked about by  
others but cannot currently offer), relicense Puppet (and produce  
commercial software that integrates with that relicensed product),   
and probably more.

3) Switch to a non-reciprocal license (e.g., Apache) and don't require  
copyright coassignment.  This allows anyone to do anything with the  
code, so there's no real concern about license infringement and anyone  
can make commercial add-ons.  This is both good and bad, though, in  
that even those with no commitment to Puppet's community could build  
commercial products on it, which I think is not so great.

After spending the last month thinking about it, and talking with many  
people (e.g., Tarus Balog, Matt Asay, Marten Mickos, Mark Radcliffe,  
and many more), I think #2 is the best option.  It provides the best  
combination of openness for the community and opportunity for  
Reductive Labs.  It hurts to say this, because I've always thought  
copyright assignment was evil, but I've been convinced otherwise,  
mostly by the links above and conversation with Tarus of OpenNMS.

The problem I have with #1 is that is explicitly limits Puppet's  
ability to integrate with other commercial software, which I think is  
unfortunate and makes it hard to build Puppet into an ecosystem,  
rather than just being a stand-alone tool.  The problem I have with #3  
is that I have a hard time seeing how Reductive Labs can add more  
programmers to the project with it.

What do you think?

It is said that power corrupts, but actually it's more true that power
attracts the corruptible. The sane are usually attracted by other things
than power. -- David Brin
Luke Kanies | http://reductivelabs.com | http://madstop.com

You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en
CD: 4ms