Fatal flaw in BSD?

The Kerberos Affair shows weakness of BSD software license.

Heaven knows I've tried to be neutral whenever I've encountered any of the (not so) great debates between the GNU and BSD approaches to licensing. I've previously given positive attention to the OpenBSD and FreeBSD projects, and I thought (and still think) that the merger of the companies behind FreeBSD and BSDI was a pretty good idea.

But in light of what I see as a fairly serious hole in what was supposed to be an open standard, I'm having second thoughts on this neutrality.

In what has become fairly widespread news, Microsoft has taken the Kerberos security system and attempted to extend the protocol in a non-portable way while keeping the extensions secret. So far the biggest news surrounding this issue came from the following Slashdot-Microsoft exchange: a Slashdot reader posted the extensions; Microsoft, under the terms of its license, attempted to have the links removed; Slashdot subsequently told Microsoft where to stick its e-complaint.

Open sesame
Certainly one could take Microsoft to task for the ethics of taking an open standard and turning it proprietary. But why it was done, to me, is neither as interesting nor as genuine a source of concern as how it was done or how it can be prevented in the future.

You see, the Kerberos code that Microsoft "enhanced" is distributed under a BSD-style license similar to the one used by XFree86. This is the kind of license that generally allows anyone who legally obtains the source code to make modifications without requiring such modifications themselves to be open. Indeed, the copyright file that comes in the current Kerberos code explicitly says:

Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted.
In contrast, the GNU Public License, under which Linux and most of its tools are distributed, requires that all modifications must be as open as the original code.

Clearly, had Kerberos been distributed under the GPL rather than a less-restricted license, Microsoft wouldn't have been able to do what they did. Sure, the company could challenge the GPL or even try to flout it; but considering Microsoft's own paranoia about software licenses, that's unlikely.

Unless I'm badly misreading something -- and in the quagmire of legalese surrounding such issues, that's always possible -- this episode indicates a specific example of real harm to the free software community that occurred because a BSD license was used. Furthermore, the problem would have been prevented had the code in question been licensed under the GPL. If this is the case, then I'd have to say this event goes a long way in tipping the balance of the two licensing models' respective merits.

What do the labels really mean?
I've heard many an argument in which BSD license fans claim that their license is actually more free than the GPL.

Well, yeah. So it is. Whoopee. But what is really gained by winning this particular debating point?

If we want to pick nits, the most free license is no license. Yet you don't see BSD code released into the public domain -- its proponents favor some kind of restrictions on distribution, they just draw their line in a different place than the GNU folk.

But the Kerberos experience perhaps teaches a lesson that the Free Software Foundation got this part right. Making free software is indeed only half the battle, keeping it free is also a challenge the community must confront if we are to prevent the Kerberos problem from recurring. While most of the proprietary enhancements to BSD-licensed code (such as BSDI) have been benign, what Microsoft has done to Kerberos is clearly not in the interest of the community at large. Given that it could happen again, I must say I'm finding the Free Software Foundation approach to the issue (using the BSD-licensing of X Windows as an example) pretty compelling.

To FreeBSD leader Jordan Hubbard, it's more a matter of bully tactics than which license was used. "I don't think it has anything to do with licensing at all," he said. "It's just more of the same strong-arm tactics that Microsoft is famous for doing because they're Microsoft and big enough to get away with it." I can't agree. To keep to the terms of the GPL, Microsoft would have to publish any changes, leaving the rest of the community to determine whether its changes should become official. Microsoft's influence could not prevent its changes from going mainstream.

Of course, none of this negates the fact that BSD operating systems are of extremely high quality, and have their own communities of extremely skilled and dedicated users and developers. Nor does my preference for the FSF approach diminish my belief that Richard Stallman's jealousy (and misunderstanding) of Linux's success is an ongoing and unwelcome destabilizing factor. But it certainly looks from here as if, in the (generally) friendly rivalry between the fans of GPL and BSD distribution models, the BSD approach has been found wanting in a fairly serious way. BSD's supporters have a significant problem to overcome unless they want to see an increase of "embrace and extend" attacks.

Do you prefer the BSD license model? Let us know in the TalkBack below.


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All