Open Source in a SaaS World
About a year ago, I took part in a meeting where the question: "What does open source "mean" in a SaaS world?" came up in conversation.
A year later, that same question is becoming increasingly pertinent as the IT industry's move to Software-as-a-Service (SaaS) and cloud-based computing accelerates.
For Bungee Labs (I work there), where
- we provide an entire platform-as-a-service (PaaS)
- developers create, share and re-use code and deploy apps in the cloud
- developers "consume" and program against third party web apis and will create their own
...the "meaning" of FOSS is central within these different contexts and has many possible answers with many non-trivial implications...Three dimensional chess as it were.
For this post, I want to share some of the considerations relating to # 1) above: the context of open sourcing Bungee Labs' own system (Bungee Connect). Last month we stated that:
"Bungee Labs is evaluating several Free and Open Source Software (FOSS) licenses for the software components that comprise the complete Bungee Connect system. However, the task of reviewing the various FOSS licenses, and then identifying which of them best aligns with the software components and subsystems created by Bungee Labs–as well as ensuring compatibility with third-party components upon which Bungee Connect relies–requires considerable review and source code preparation. And we want to do this right, with the community’s involvement."
Since and before that announcement, Ted Haeger (who runs the Bungee Connect Developer Network) has been discussing some of the issues at hand and some of the options we see before us with some very "FOSS savvy" communities at events such as Socal Linux Expo, LugRadio Live USA and LinuxFest Northwest and of course with Bungee Connect's own growing developer community.
Today there's an interesting conversation going on between Ted and Simon Wardley, ex-COO of Zimki / Fotago who resigned last year over the company's decision not to open source their platform (the video of his announcement at a OSCON 2007 talk he gave "Commoditisation of IT and What the Future Holds" makes for entertaining and informative viewing all of its own...Simon discusses open source in a SaaS context. Update: Simon let me know of this video which also includes the slides
Anyway, back to the thread:
All three posts (and more to come no doubt) make an informative and interesting read, but I want to highlight one of the key issues in discussion.
The SaaS Loophole
The issue goes back to the question: "What does open source "mean" in a SaaS world?" and specifically the licensing issues. I'm going to quote and edit from Ted's post somewhat liberally (Ted owes me a Sushi, so we're quits now :P ) and isolate an (if not "the") open source licensing issue in the context of SaaS (my emphasis):
"Personally, I think that GPLv3 is the wrong license for freeing any SaaS or PaaS offering. The Free Software Foundation has a better license for this purpose.
GPLv3 is inadequate because it does not mandate that modifications that others make be opened. Originally, GPLv3 was planned to close up the “SaaS Loophole” (a.k.a. the “ASP Loophole”) in GPLv2. However, as I understand it, several large companies pressured the FSF to remove the key clause that would have closed the loophole.
What is the loophole? It’s this: if you take free software and offer it as a hosted service, then you are not conveying the software, and are therefore not obligated to reciprocate your modifications to the original code. In the context of service providers, GPLv3 is effectively the same as the BSD license. Many companies, Google among them, live inside this loophole. (For now, Bungee Labs is also in that camp.) Some remain there deliberately. Others are in it simply as a matter of course…that is, where they are in their business development process."
So that's the "SaaS loophole". Where's the loophole now? Ted explains:
"Perhaps the argument could have been made in the age of GPLv2 that the SaaS Loophole was an oversight, but now that GPLv3 has the loophole by design, it’s really no longer a loophole. The latest version of the license supports the practice. (And just to be clear, I am not advocating this for Bungee Connect.)
...Say Bungee Labs opens Bungee Connect under GPLv3. Is there a danger that small companies could replicate our offering? I don’t think that’s the case. But could a well-funded company do the same, fork the code, and then fund an engineering team to outpace the original inventors?
...The Free Software Foundation also provides the GNU Affero General Public License version 3, or AGPLv3. AGPLv3 specifically closes the SaaS loophole. Instead of being triggered by conveying the software, AGPLv3 is triggered by accessing the service. This helps to reduce the risk that a company could not branch the code and then out-engineer the originators, as the vulture company would be obligated to share-alike terms with their derivations."
So, is the AGPLv3 the right license for Bungee Labs to pursue? Is it the right license for SaaS providers? Is it enough on its own? (back to Simon Wardley's point in his post). Each company has their own unique circumstances and they each need to think through the 3D chess game. We're still working it out at Bungee Labs.
For us at least, I think some of the potential answers are becoming clearer, and others not yet. But it is the kinds of discussions that Ted is having with Simon that are a critical part of Bungee Labs' decision making process around FOSS. It cannot be an insular process.