Is SugarCRM open source?

Is SugarCRM open source?

Summary: John Roberts says you do need his badge. Or you're violating his SugarCRM license. Which is still open source, even though OSI hasn't approved it. It doesn't have the OSI badge of approval. It don't need no stinking badges either. But you do.


David Berlind has a long interview, available as a podcast, with SugarCRM President John Roberts today.

The key question -- is SugarCRM really open source?

Roberts insists it is. The SugarCRM license merely combines elements from two existing open source licenses -- the Mozilla Public License and the Attribution Assurance License.

Trouble is, Roberts pushed the new license out there before getting OSI approval for it. He believes that will come. But if it doesn't, it doesn't. He's still standing with the license he has. And he will continue calling his company "Commercial Open Source."

What's mainly at stake is a logo Sugar insists its customers display in their user interfaces, which identifies SugarCRM as the application "powering" their service.

Bruce Perens derides this as "badgeware." Roberts calls it "attribution."

Whatever. Sugar is demanding that its customers essentially market for it, if they wish to remain its customers. Which could, if it becomes common, leave user screens looking like NASCAR uniforms. (Or Talladega Nights.)

The term, as Ross Mayfield explains, comes from The Treasure of Sierra Madre, where a bandit (Alphonso Bedoya) claims to Humphrey Bogart he's the police, and Bogart notes he has no badge. "We ain't got no badges. We don't need no badges! I don't have to show you any stinking badges!!" (The picture, originally from the movie, was pulled off Ross's blog.)

Yeah, well John Roberts says you do need his badge. Or you're violating his SugarCRM license. Which is still open source, even though OSI hasn't approved it. It doesn't have the OSI badge of approval. It don't need no stinking badges. But you do. Gringo. (The Spanish for friend is amigo.)

The question to my mind is not whether Roberts is right or wrong. The question is whether this will impact anyone's decision to use SugarCRM, or contribute to SugarCRM. It's a question for the market. SugarCRM indeed does not need no stinking badges, but then you don't have to respect or contribute to it.


[poll id=21]

Topic: Legal

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • SugarCRM is not open source

    Want prove? simple follow this link where John Roberts goes off on the guys from vtiger crm earlier this year for using code from SugarCRM

    Quote from John:
    vtiger is a lie - the legal product is called SugarSales from SugarCRM Inc.
    We do not think it very cool of you to claim ownership to something you did not write one line of code for.
    Best regards,
    The SugarSales development team.

    Response from vtiger crm:
    This is surprising; may be you need a primer on what "Open Source" means. We do not claim ownership to your copyrighted and open sourced code; we have explicitly stated the origin and the copyrights of all the components of the distribution we are shipping in numerous prominent places. We package Apache, MySQL, PHP and your code, each with its own copyright. We have put in several intensive weeks of effort to get everything assembled, packaged and tested, on 4 different platforms (Win2K/XP, RedHat/Suse/Debian), which is not trivial in terms of effort. So your claim that "without a single line of code" is the lie here. Our contribution based on all this effort is going up in SourceForge (we just received permission from them to do so) this weekend, under Mozilla Public License.

    We are proud of our contribution. You will see a lot more from us real soon. Let us focus our energies on attacking the real enemy here, namely the big expensive CRM vendors we all love to hate. Your name-calling is not helpful to that mission.

    We have also clearly, publicly and gratefully acknowledged SugarCRM's contribution, and have made it clear we are not affiliated with SugarCRM in anyway, to protect your trademarks. In spite of your calling us a lie, we will continue to acknowledge this gratefully.

    vtiger was formed with a mission to provide multiple products based on open source components. CRM is one of them, and we are working on other products too. We had been working on a CRM package for over 9 months, and coincidentally, we noticed your project; after running your license through our legal (your license posted below), we felt it was easier to build on top of your contribution, which your open source license grants everyone the rights to.

    I don't understand your point about the "the legal product". We have run your SPL open source license through our legal, and we comply with every legal requirement stated in your license. Are you issuing a threat here? You may want to consult a lawyer about it - and be sure we have consulted ours too.

    We are sending this whole thread to the Open Source Development Labs (whose trademarked logo you so prominently display in your site), to clarify your license. Realize that you are using their trademarked logo, and therefore claiming that your license complies with Open Source guidelines. I will let them comment on the legality of what we are doing and what you are trying to do here.

    Your SPL development license, pulled from your site as of Tuesday Aug 27, is at
    and pasted below.

    Elaborate on what portion of the license we are not complying with.

    vtiger Team
    • So, when F/OSS rabies strikes, anyone is a target?

      SugarCRM is one of the success stories of F/OSS, and now it is being attacked.

      F/OSS will certainly never be accused of being "a victim of its own success", but it COULD be accused of playing an active part in its own failure...
      • You seem to have missed the point

        [b][i]SugarCRM is one of the success stories of F/OSS, and now it is being attacked.[/i][/b]

        The post to which you are responding makes it clear that SugarCRM is the attacking party. As they seem to be unaware of the terms of their own license, it's not easy to have sympathy for them.
  • The blurring of "open source" or proprietary software in disguise ...

    Part of the problem is that the term "open source" has become widely identified with free software. By definition the term "open source" simply means "not closed source". In other words, any vendor who releases their source code, regardless of restrictions, can call thier product "open source" and be technically correct. By that clasical definition (which was extant long before the appearance of free software), Microsoft could refer to their shared source and being "open source". But they wisely chose not to further confuse the issue by assigning a new designation of "shared source". Other vendors are not going to be so scrupulous. There is huge temptation to try to hop on to the open source bandwagon, even if ones product doesn't quite meet the contemporary definition of open source. To some degree we see the same thing happening with Sun. Open software with Proprietary type restrictions is not open software. It may technically be "open source", but it is not open at all in the free software sense. Over time, with companies like Sun and Novell, plus a lot of smaller players like Sugar, this is going to confuse things to the point that the term "open source" becomes meaningless in terms of free v proprietary software. But perhaps, in a sense, it always has been.
    George Mitchell
    • A good point

      This is why the OSI definitions are considered to be so important by people like Bruce Perens.

      But I would argue that it's the consensual understanding of what it means to be open source that is important. Because those are the rules the community will follow. Proprietary attempts to violate the spirit of those rules will cause bad publicity.

      It think this story counts as bad publicity, although I have great admiration for both John Roberts and SugarCRM
    • "Open Source" vs "Source Available"

      Prior to the Bruce Perens, we used to call proprietary source "Source Available" in my neck of the woods. For quite some time (beginning in the early 90s) I was a reseller of SBT Database Accounting and developed around this platform for vertical markets (primarily medical). At the time SBT simply used the phrases "includes modifiable source code" and "source code version" (I'm looking at the documentation now).

      SBT rigorously defended its copyrights. The proprietary license notwithstanding, the availability of the code gave small resellers like myself an enormous competitive leg-up in the market. This made the switch to Open Source a no-brainer for me. The (second) biggest advantage to SBT came as a result of the source availability: SBT had at its disposal many hundreds of vertical market packages created by the resellers. SBT published a directory of these in their Vertical Markets catalog. It was a lovely symbiotic relationship.

      The problem with SBT came when they sold the company to folks who didn't understand this [i]at all.[/i] The prices went through the roof, and the vertical developers were told, in effect, "all you base are belong to us." The developer network fell apart, and the product became just like all the other crap out there. In fact it IS the other crap out there. It was bought by Sage and has morphed into a web-based product under the Accpac label. (Sage, of course, also owns PeachTree, MAS, and many other accounting packages. So much for proprietary competition.)