​Javascript Tool Maker Relents After Mixing Immigration Politics with Open Source Licensing

In very short order, Lerna, a company that offers some Javascript tooling, has learned the hard way not to mess with the integrity of an open source license. In other words, don’t decide you’re going to take an existing OSI-certified open source license, modify it to suit your agenda, license your code under the newly derived license, and still continue to refer to your offering as "open source.”

First, this analysis piece is really just a follow up to my previous post about why it’s time to reject the latest attack on open source software (OSS). The main point of that post was to point out that all of us who have experienced the benefits of open source (ok, that’s nearly all human beings) should play a role in defending it. Otherwise, it will whither and so too will the benefits most of us have come to enjoy, blind to the fact that open source is playing such an important role in our lives.  

Why should we defend it? 

Because as sure as the sun is going to come up tomorrow, someone or some organization will attempt to pervert the meaning of open source by deriving a license of their own making, and calling it open source without seeking the blessings of the Open Source Initiative (OSI); the organization that’s globally recognized as one and only arbiter of what is, and what is not an open source license. Similar central governance regimes exist in other areas of life (ie: organics) where consumers demand assurances that they're getting the real thing. 

Over the years, there have been several attempts to distort the definition of open source. Some might even say to hijack it. Invariably, these boil down to rogue efforts that are looking to skirt the OSI. If left unchecked, the meaning of “open source” is irrevocably harmed (pushing it towards “meaningless') and the OSI’s central role in insuring the authenticity of open source licensing is eroded. But if also left unchecked, it invites other interlocutors to take their own swipe, causing further harm and erosion.

So, it came as no surprise how, even before “ink” on my last post was dry, another provacatuer — this time Lerna — took its turn at circumventing the norms of open source by modifying the MIT license in pursuit of its agenda. And again, as with the other attempt (covered in detail on ZDNet), the modification looked to exclude a certain class of constituents. Only this time, it was political. 

Over on Github where the repository for the source code is maintained, there’s an explanation that starts with “Over the last year I've been really disturbed to see what ICE has done to American immigrants, to an extreme with what has happened to children.” And then, after several paragraphs, you can see where it’s heading: "Recently it has come to my attention that many of these companies which are being paid millions of dollars by ICE are also using some of the open source software that I helped build….For the companies that are known supporters of ICE: Lerna will no longer be licensed as MIT for you. You will receive no licensing rights and any use of Lerna will be considered theft. You will not be able to pay for a license, the only way that it is going to change is by you publicly tearing your contracts with ICE.”

The companies are listed.

It is often said that the road to hell is paved with good intentions. The reaction was swift and drew an immediate response via Twitter from OSI president Simon Phipps who wrote "Fake GNUs - removing the four freedoms from licensing - is not a new issue for open source free software. Banning commercial use as RedisLabs have done [and] exclusions expressing political views like [Lerna] were both denounced by [Richard] Stallman years ago.” Stallman, as many followers of open source know, is the founder of the Free Software Foundation and the author of the GNU General Public License; one of the most popular of the many licenses that the OSI has put its stamp approval on (the Linux operating system — officially “GNU Linux” — is licensed under the GPL). 

In that tweet, Phipps links to Stallman’s treatise on "why programs must not limit the freedom to run them.” In that treatise, Stallman wrote "Some developers propose to place usage restrictions in software licenses to ban using the program for certain purposes, but that would be a disastrous path. This article explains why freedom 0 [the first of four principle freedoms] must not be limited.”

As if Stallman anticipated Lerna’s attempt to modify an open source license as a means to a certain political end, he goes on to say "What if the condition were against some specialized private activity? For instance, PETA proposed a license that would forbid use of the software to cause pain to animals with a spinal column.”  

Stallman makes it clear that “conditions to limit the use of a program would achieve little of their aims, but could wreck the free software community.” To be clear, Stallman’s choice of language is very deliberate and phrases like “the free software community” should not be viewed as 100% synonymous with “the open source community.” In other words, he didn’t say “wreck the open source community.” But as Phipps alludes to in his tweet, there’s enough spiritual and legal overlap that the ideals of one are largely simpatico with the ideals of the other and were you to make the substitution yourself, the statement would still be true for reasons I previously stated.

But Phipps’ tweet wasn’t the only rebuke of Lerna’s move to modify the MIT license in an attempt to achieve a political agenda. While some responders applauded the stand that Lerna was taking, the comment thread on Github that followed the announcement also expressed condemnation from open source advocates who understand why such behavior must be wholly rejected. 

Reflecting on the fact that a self-modified version of any OSI-certified open source license is no longer an open source license, one comment says "Please make sure that you amend your page on npmjs.org so that it does not state that the license of the project is “MIT.” Ironically, and proving what a slippery slope custom exclusions are, another comment said "I'm adding it to all my repos to prevent the lerna project from being used in any of those projects, both open source and commercial. Just as a matter of principal.” 

Bowing to the pressure, Lerna relented which is why the post now has a large red “X” emblazoned across the top of the page. The license change was “reverted” and now points to a "chore" to “Restore [the] unmodified MIT license.” It includes a heartfelt mea culpa in which Daniel Stockman writes "First, I apologize for making the rash decision to support the addition of an unenforceable clause to the project's MIT license. I failed to accurately assess the impact of this change, which led me to (incorrectly) focus on the intent.”

Phipps, being the unflappable statesman that I’ve always known him to be, wasted no time responding in kind "Delighted to see that @lernajs has rethought their move to Fake GNUs - and the announcement is brilliantly written.”

While it was an important victory for open source software, it’s also a reminder that all of us who benefit from open source (and, as I said before, that’s pretty much all of us) must take a stand when a so-called purveyor of open source decides to take matters into their own hands. Sadly, it's been happening for many years and is not likely to stop any time soon.

 

Comments (0)