Do We Need to Change our OSS Licenses For The Cloud and SaaS?

By not distributing the software used in SaaS and Cloud engagements, Cloud and SaaS providers do not have to contribute their code changes back to the community. Do we need to change our OSS licenses to reflect this?

There has been a bit of debate lately over which is more important for the cloud, open standards or open source. As part of a guest blog post I wrote over on Secure Cloud Review on open source security in the cloud, I had a chance to delve into this issue a little deeper. But it wasn't until I read a comment on that article by Nick Powers, that the light bulb went off. As Nick points out, without a transfer of the software to the end user, there is nothing triggered by licenses such as the GPL to release source code and any changes, enhancements or modifications made to that code.

First on the issue of open standards or open source. In my mind the question is both.  There was a good panel discussion on this at The Linux Foundation Collaboration Summit of which the video is available here. Be warned though, it is about 60 minutes long.

You can read the Cloud Ave or Secure Cloud Review post for more details. To summarize, one camp believes that as long as we have open standards, APIs and interoperability, the actual open source of the code and licensing provisions are not as relevant. The other camp says you need the code to remain open to foster innovation, evolution if you will and is important to help prevent vendor lock in. (I think both are important but not mutually exclusive.)

As Powers pointed out in his comment, if you are a cloud provider or SaaS provider and you have made some modifications to the open source code you are using, but you never "distribute" that code or transfer a license to anyone, under most common OS licenses, you are not obliged to contribute that code back to the community. Now while this seems counter to the spirit of open source, the license terms are the license terms.

This could impact the continued development and improvement of open source products in the cloud that count on code contribution back to the community to foster innovation and improvement.  If a new generation of SaaS and Cloud providers can side step this requirement so easily, what should we do?

It would seem to me that we need to perhaps change our OSS licenses to recognize the new environments that open source is playing in. Don't make a transfer of the software or license the trigger event.  If you make any changes to the open source software you should be obligated to contribute that back to the community. 

What do you think?  Is this too stringent?  How else would you deal with this issue?

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT