So if I don't call myself 'open source vendor', then everything is fine? (yes)
A lot has been written for and against open core now. Yet in the end, a couple tweets can catch all that is needed:
This is that blog post.
I'm fully aware that what I'm about to write will sound like someone is trying to tell you how to live your life. Like the pope, say. This is not the point of this post, but I know I will be blamed for that. Even so, I think it is a fair question to ask: So you complain a lot that open core is unacceptable, please rather define what is acceptable?
The below is an attempt to answer that question. It is my first attempt at doing so, and in general I believe it is anyone's first attempt at writing it up in public. I hope this can be a useful starting point for instance in the assumed scenario that the OSI needs to articulate some points in opposition against open core. Also, I will be aiming for completeness, so the list may contain some points which I may not even personally feel strongly about.
Comparing Apache vs MySQL brands with a User Story
Before going to the actual guidelines, I will introduce a useful tool from software develepment methodology: the concept of a User Story.
Let's consider a user that has heard about open source software and wants to find some, download it and use it. It is useful to compare Apache and MySQL software here, both well known open source brands, yet one is a fully open source community project (non-profit foundation) and the other a commercial company that in recent years developed into an open core vendor.
So here goes...
1. If you sell (mainly) closed source software, then you are not an open source vendor
...and if you're not a real open source vendor, don't market yourself as one. Don't call yourself "open source vendor", "leading open source vendor" or "open source company".
The open source community, both the individual activists and commercial companies who are true open source vendors have spent more than a decade of time and marketing dollars promoting open source. This has been very successful so that today open source software has a good reputation among IT users and customers and seen to have many unique benefits. In fact, the commercial companies benefit from the goodwill and evangelization done by individual volunteers who want to help promote open source vendors. It should be no surprise that these individuals and companies have an incentive to protect this valuable brand. In this case we want to protect the open source brand from being watered down by accepting that an 'open source vendor' could also be a company that (mostly) sells closed source software - the direct anti-thesis of what open source is all about.
The user who wants to perhaps purchase commercial support for his open source software, would of course look for open source vendors to do so. From the users point of view it amounts to deceit if after purchasing such a support subscription, from a company claiming to be the world leading open source vendor in its field, the user suddenly realizes he is being offered closed source software again.
It seems that the inventor of the term "open core", Andrew Lampitt, actually had exactly this solution in mind when he coined the term. Unfortunately, his idea did not materialize, rather open core vendors still today continue to market themselves as open source companies. (Presumably this is because they want to associate themselves with the open source brand to enjoy the same benefits and value as true open source companies get from it.)
2. Don't mix closed source software and open source software into the same product name or brand
...or if you do, the end result of the mix is closed source, not open source, so don't call it open source.
Here again, the user story is instructive. Suppose the user asked me: Is Apache open source? Then the answer would be: Yes, it is.
Then ask: Is MySQL open source? Unfortunately the answer here is ambiguous at best: No, unfortunately not everything known as "MySQL" is open source, only some parts are.
To compare, a closed source software which includes also code from the Apache project - such as IBM's Websphere - has a different name, so it is never confused with actual Apache software, and nobody has ever erroneously claimed it to be open source.
To continue the user story... if the user goes to apache.org to download software, he is guaranteed to find only open source software there. By contrast, when he goes to mysql.com, he will actively be offered closed source software which is also called "MySQL Something". Thus, for an open source activist, it is questionable if he even wants to recommend his friends to visit mysql.com website.
As with the previous point, if the vendor markets his open core product as open source, it adds up to deceit and it waters down the open source brand in general.
I fully expect this point to be met with furious resistance. The main value in the open core model is precisely that the vendor builds a strong and ubiquitous brand with the open source part, which he then wants to monetize by selling closed source products under the same brand. Even so, it is this practice that is a threat to the open source brand in general, since the user gets the impression that also closed source can be open source. (From here an interesting further study could be made into companies that have been essentially open core, but did separate the open and closed parts into separate brands, such as PHP and Zend, OpenOffice and StarOffice, or PostgreSQL and EnterpriseDB.)
3. Don't call "open core" an "open source business model"
This point is in line with the two previous ones, but targets the analysts and bloggers such as myself who like to categorize different models. I have the impression that management at least in many of the recent startups believes they are following an open source business model with open core, after all "[we] are just doing what MySQL did". For educational purposes it would be important to clean up our language so it becomes clear that this is not an open source business model.
This shouldn't be confused with the fact that nowadays also proprietary software companies all use open source. It is certainly useful to analyze and categorize how companies such as Google, IBM or Microsoft use open source in their products. This just shouldn't be confused to imply that Microsoft has an open source business model.
I'm personally also guilty of this point (even in this blog post I'm calling MySQL an open source company, which it of course once truly was, before going open core). I also don't have a good suggestion what to call it instead, possibly something like "open source strategy". (-> "Our strategy is to tactically use open source in our proprietary products when it gives us savings in R&D.")
4. Don't take an open source project and then drive it into a closed source direction
Many of the best known open core brands started as pure open source projects and were then "taken over" by investors and management that started driving it into a closed source direction (making it open core).
It can be argued that we have no right to make this kind of claim. After all, we all agree that the copyright owner has the right to license his software as he wishes, including taking it closed source. Even so, from an open source perspective, it is of course sad when that actually happens. I suggest here it is reasonable that the open source community at least not encourage and idolize such behavior. (More drastic measures would of course be things like forking the project just to change the name.)
(By comparison, it is usually met with rejoicement and positive commentary, if a product that was previously closed source, is made even partially open source. Of this there are many examples.)
5. Linux distributions and download sites (such as Sourceforge) shouldn't promote the open core brand by distributing the open part
The 3 main Linux distributions (Red Hat, Ubuntu, Debian) are all fully open source enterprises as are many smaller distributions. Hence it is in their interest to defend the open source brand against attempts to water it down to include also closed source software. (Being "more open" is a competitive edge for these companies and projects.)
The main Linux distributions are perhaps the most important channel also for an open core vendor. If distributions wanted to actively combat the open core trend, they could forcefully do so by shutting out the open core brands. (This would make sense especially in the scenario that I don't expect open core vendors to pick up on my advice from point 2. above.)
There is some precedent for distributions doing this. Red Hat has always been very strict in keeping its distribution free from closed source kernel modules and other software. It is obvious that by strongly promoting only open source software, Red Hat also gains an advantage as they cannot be held hostage by, say, a closed source nVidia module. Debian has taken a stance against Mozilla's restrictive trademark policies and simply renamed Firefox to make the issue go away. This is what could be done with open core packages too, we obviously want to continue using and promoting the software that is open source, but it would be technically quite easy to rename packages to use only "truly open source" names and trademarks. Like one commenter said: I don't see that Canonical would keep pushing Eucalyptus crippleware for long.
I personally think this is a very radical though perfectly realistic step, and it is not yet necessary to go this far. At this point the wider FOSS community is still waking up to the realization of what open core is. (The discussion on groklaw can probably be taken as a good estimate for what the average FOSS enthusiast currently thinks: "I started reading and had no idea what "Open Core" meant.")
So what needs to be done now is to educate the community to first know what open core is, then identify the vendors that are doing it. Probably many executives of the smaller startups don't even know their business model doesn't qualify as open source, they are just copying what MySQL and others did before them. Once people know about this issue, it will already have some effect as open core vendors need to reconsider if the closed source software is so valuable to them that it offsets the loss of community goodwill. Some will probably start rethinking their business model (it's not difficult, after all, if you just choose to care), and there will perhaps not be a need for the big artillery.
Epilogue: So if I do all the above, then it's actually ok to do open core?
Well, yes. I mean, there is still plenty of proprietary software in the world. User and customers for the most part continue to use and buy it. Nobody will hate you if you do it too.
What's better, most of us in the open source community will still feel positively about the fact that you publish part of your software as open source, even if you are not prepared to go all the way with it. Big software companies like IBM, Oracle and Microsoft all contribute to some open source projects, and their collaboration is well appreciated, even if their main software business is proprietary. So if you feel that open core is a good model for you, then by all means try it out, just understand that it is not an open source model.
Or, like I said in my next tweet: