Three-Step Test for "Open Source"
To our elections official stakeholders, I want to cover a point that seems to be popping up in discussions more and more. There seems to be some confusion about what "open source" means in the context of software used for election administration or voting. That's understandable, because some election I.T. folks, and some current vendors, may not be familiar with the prior usage of the term "open source" -- especially since it is now used in so many different ways to describe (variously), people, code, legal agreements, etc. So, I hope to get us back to basics here.
To start, let's not argue or bicker over who has a better definition than who about the meaning of "open source project" or "open source license" or even "open source software." And we will dispense with a nuanced discussion about "open source" vs. "disclosed source" for now. (There is a huge distinction to discuss another time.) Instead, to just figure out "open source," I offer a suggestion for how you can determine whether a particular body of software is "open source" or not. In my view, it is a bright line that is not hard to find, at least in most cases.
Here goes, with an example of the well known open source Apache Web Server (one of the most commonly relied upon platforms for publishing web sites -- as of last February Apache was used by 38% of the Web, or some 352 million sites).
- Go find the source code for the software. For example, the Apache source code repository is on the Apache Software Foundation's web site, here.
- Look at part of the source code to determine the terms of use of the software. You do not have to be able to read the source code with any expertise, in order to do this. The terms of use are conventionally embedded in the source code at the top of every source code file. If you don't see any terms of use, then very likely the software is about as open-source as it gets -- not bound by any terms; anybody can do anything with it, including adding it to a proprietary software package and selling that package as a product. More likely, you'll see some terms language at the top. For example, look at this one very small part of the Apache source code, a single page where the terms are larger than the source code itself! There, you'll see text like "The ASF licenses this file to you under the Apache License, Version 2.0 ... You may obtain a copy of the License at ..." which is typical -- the actual license isn't embedded in the source code, just a short statement and a pointer to the full license.
- Go read the license. Again, you do not need to read the whole thing or be a lawyer to do this. You mainly just need to search for a particular word: "royalty." For example, in the Apache license you can see that you are granted a "perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license" to use the software in a surprisingly large (for non-lawyers) range of ways. The main point here is that you don't need to pay anybody to use the software, and that the source code is not secret.
- Pat yourself on the back ;-) Seriously, you've done plenty of work. If you found that the software is in fact publicly available in source code form, and that the terms of use require no payment, then you determined that the software is very likely to be "open source" in a sense that is shared by many people. However, if you've determined that use of the software requires you to pay a company that owns the software, then you've determined that it is not "open source" in any sense that is conventional in the industry. (Of course, there is a 3rd possibility, which is that it is not obvious whether usage requires payment; this little test isn't fool proof!)
And certainly there are other issues that are relevant, and may not be clear -- for example, whether it is OK to copy the source code, use it to make something, and sell that "something." That's an important part of "open source" for some -- but hardly all -- people.
But the bottom line is money. If you follow the steps above, and you can tell that usage definitely does or does not require payment, then you've determined whether "open source" describes the software that you might like to use - at least for the typical usage of the term in the world of non-proprietary software.
-- EJS