I have to admit, that’s I’ve been brooding about this for two days now. On July 9, 2020, Google announced the creation of the Open Usage Commons organization. On the surface, the OUC (pronounced “uc”? Ooc?) seems like just another one of the many not-for-profits formed to assist an open source community to develop and license software created by many companies together. They announced three projects would be part of OUC: Istio, Angular, and Gerrit. So far. pretty normal for moving open core to real open-source with independent governance.
Except it’s not. What seemed redundant at best is much more nefarious. The OUC (oh you cee? It’s a bad name…) only holds the trademarks of these open source projects. The copyrights and, potentially, patents are held elsewhere. It’s like owning a car but someone else owns the paint. Why would anyone want this?
To get to why this is so odd, we need to talk about intellectual property. There are three main types of intellectual property (IP) in the US system, trademarks, copyrights, and patents. All three are meant to protect a different form of intellectual output or ‘art”. A software product may be protected by a patent but it’s not that common. Patents need to be unique inventions and are typically physical products. There is a type of patent, a process patent, that applies to some software, but it is not how the majority of software is protected. This has been an ongoing issue with software for 30+ years. Patents don’t really work for software.
Copyrights protect artistic works such as art and writing. Software is typically protected by copyrights since it is an ephemeral “written” work. The ability to use a copyrighted work, including open-source software, is controlled by licenses. In fact, what differentiates open-source from proprietary software is the license, which grants the right to use and modify the software for free as long as you follow the license. A typical component of an open-source license is the requirement to submit changes made to the software to the community to see if they can benefit everyone.
Finally, trademark protections are for the outward identification of an entity or product within a domain. Logos, names, graphics that identify something, these are trademarks. This blog is protected by copyright, as a written work, and the site name and logos via trademarks.
Software as a product is protected primarily by copyrights and trademarks. The code is protected by copyright and the name and accompanying identifying graphics via trademarks.
Now this is where things get weird. The OUC (Oh oo cay? I really hate the name…) exists to manage only the trademarks of open source projects. This means that the copyrights for Istio, Gerrit, and Angular are held by some other organization or company, and the trademarks by OUC (I’ve run out of jokes about the name). Separating the IP into multiple organizations, and hence multiple licenses, seems confusing at best. This is like financial derivatives where mortgage interest and principle are stripped apart from each other and sold separately. We remember how well that worked in the 2000s.
At worst, this is a way to control who can actually use open source software without actually saying so publicly. You may have the right to use and productize software such as Istio, as Red Hat, Rancher, and others have done, but not be given the rights to use the name without a second license. That has two effects.
First, it requires separate licenses and hence negotiations for different parts of the total IP. The open-source license will give the licensee rights to the copyright but the OUC can refuse the trademark license.
Second, it creates a situation where licenses may not always agree and could hinder the ability to market the software. You could then have your open-source ducks in a row but be stuck in negotiations with OUC. While all of that is possible, that’s not even the worst part. What’s worse is that it allows Google through the OUC to claim independent governance for the projects when it’s really only the trademarks.
Istio is a prime example of this problem. The cloud-native community has, for some time, been expecting that the Istio software would be given to the CNCF, just like Kubernetes. The fact that this hasn’t happened yet has been a drag on Istio’s adoption and called into question its future viability. Needless to say, the cloud-native community is perplexed and annoyed by this move. CNCF is very much capable of managing both the copyrights and trademarks of Istio, along with the project itself. Even if the copyrights for Istio eventually end up with the CNCF or Apache Software Foundation or some other established foundation, the OUC will have the trademarks. That means two licenses for anyone trying to productize Istio, something CNCF can accomplish with one. At best, it’s needless complexity.
So, here’s my advice to the communities that have been working on these projects. If at all possible, immediately fork the software into another project and join an established not-for-profit. If that’s not possible then abandon it. Vendors will have to create new distributions. While that’s lousy, it’s worse to be a part of something as suspicious and with such a monumentally bad name as OUC. You know, maybe the name is code for Owned Universally by Corporations.
If you are considering an Istio, Angular, or Gerrit-based project and would like to work with Amalgam Insights on due diligence of the project, please contact us at sales@amalgaminsights.com to learn how to work with us. And please read Petrocelli’s prior research on repositories, microservices, CI/CD, Service Mesh, and other DevOps topics at https://www.amalgaminsights.com/research-store/