This morning I received an email from Rufo Guerreschi of the Telematics Freedom Foundation. I honestly never heard of this organization - until today - but it looks like a very interesting initiative. And it is based in Italy, which makes me proud ;-)
Rufo wrote a post on his blog about a model for the democratic control of telematic services. In a nutshell, he is trying to close the ASP loophole of GPL (v2 and v3...) with something quite more elaborate than a simple license.
He is envisioning a world of free services based on Software as a Service (SaaS), where Reviewers can be appointed as Auditors for the software behind the service. And Modifiers can modify the code of the service and obtain free or at cost hosting.
It is a very interesting approach. The issue behind the reasoning seems to be enforcement of the license. I heard about it before, many times. If your software runs behind a firewall, how can you (the user) know what really is the service running? What if they change the code and do not tell you? What about your freedom as a user to see the code?
Rufo's answer is: let's appoint Auditors. Mimicking the voting process, where Auditors are making sure nobody votes twice. These people might have conflicts of interests, but the entire system usually works (unless you live in Florida).
I have never been a fan of enforcement. Maybe because I trust people by nature. Or because I am just pragmatic. Enforcement is tough to achieve. For example, the Affero license has a provision that forces the hosting service to give a user a way to download the entire source code while accessing the service. I always found it too restrictive. Forcing software implementations through a license seems odd and hardly applicable to the millions of different cases we are going to see in the future (think about a mobile phone accessing email on a Funambol server... How can I give you the entire source code to download on your device?) .
Is the old good GPL enforceable? In theory... If I take a GPL library in C, modify it and I compile it with my product, then ship the binary in a commercial product, who can tell I am violating the GPL? Probably nobody. Does it mean GPL is useless? No, it is based on trust. If you do not GPL your code, you are violating the license. We could catch you and enforce it.
The same for SaaS. If you run a service based on HPL, you must open source your code. If you don't, you are violating the license. We could catch you and enforce it.
To me, a piece of paper that says YOU HAVE TO, is enough. It is practical. It is based on trust. It simply works. Anything more complex would work as well, and maybe limit open source thieves, but adds so much complexity to also limit adoption. Which would turn people to use something else, less restrictive, even giving up copyleft (which would mean the death of open source). I am willing to give up on enforceability, to see open source also thrive in the SaaS world. That's where the world is going.
Copyleft is based on trust. It would work in SaaS as well. Trust me ;-)