[Discuss] quick blog post on possible misconceptions re: Certification proposal

Wouter Tebbens wouter at freeknowledge.eu
Thu Oct 1 08:35:27 UTC 2015

Hi there,

On 01-10-15 07:18, Matt Maier wrote:
> On Wed, Sep 30, 2015 at 9:39 PM, abram connelly
> <abram.connelly at gmail.com <mailto:abram.connelly at gmail.com>> wrote:
>         So, in your mind, what are the core issues that certification is
>         trying to solve?
>     In my mind, certification is trying to give a guarantee that
>     hardware with an open source hardware certification has its design
>     files, along with supporting material, is available under a free
>     license, as described in  http://www.oshwa.org/definition/.
>         Personally, I think we should have clarity on what OSHW should
>         be, but I'm against fines. I'm also against co-opting terms that
>         describe the broad community to refer to what is, by definition,
>         a subset of the community. The general point of open source
>         hardware is to just share your work with others, so anyone who
>         does that is part of the community. The more effort they put
>         into it, and the more they give away, the better. It's silly
>         that most of the "open source" software on Github doesn't
>         actually have a license, and is therefore not open source at
>         all, but it doesn't mean the people who intend for their work to
>         be shared are not part of the open source software community in
>         spirit. Same for hardware.
>     In terms of code on GitHub, without a license it is not free for use
>     without explicit consent from the author.  Source code without a
>     license is not in the spirit of free and open source as it can't be
>     used without consent.  The point of the license is to indicate to
>     the public that consent is given without explicitly asking for it. 
>     Not putting an open source license on your code precisely means the
>     software is not open source.  Code is open source by putting an open
>     source license on the code.  Sharing your code so that others can
>     look at it is not the same as allowing for its use by others.
> The thing is that, it IS in the same spirit because only companies worry
> about getting in trouble for looking at, reproducing, or learning from
> code that is shared. Private developers just share. That's why there's a
> push to get people to apply licenses to their code, but it isn't a deal
> breaker. If a company really wants to do something with it they'll work
> out a license with the creator. In the rest of the cases people seem to
> just not worry about it much. The simple fact that someone posted their
> human-readable source code on a public repository means that they are
> okay with other people looking at and copying that code at a bare
> minimum, which is in the spirit of FOSS. If someone posts .stl's and
> instructions to build a RepRap to the wiki, then clearly they are okay
> with other people using those files even if they didn't explicitly post
> a license alongside the files. The spirit of the community is there.

Matt, at first sight you are right, if it is just for using the shared
documentation. But without a license one is not allowed to contribute
back or publish modified versions otherwise, just because the all rights
reserved by default doctrine.

Every week I remind one or a few people about that. Like: Yes it's great
that you share your code or documentation, but without the free license
people formally haven't got any rights to contribute back. Etc.

Now while in most cases the lack of the license is probably because many
people don't know much about licensing, it sometimes is also a strategy,
to build a community around it and then attach non-free conditions to it
at a later stage (e.g. when VCs come in).

Therefore we can't be sure about the real intentions and good faith of
the original developer until s/he states her/his principles in the form
of a license.

>     If a company uses free and open source software and does not provide
>     that source to the community they are most certainly subject to
>     legal ramifications.  Part of the job of the FSF is to make sure
>     that bad actors don't get away with violating the GPL.  I imagine
>     there would also be legal ramifications for a company that attaches
>     a GPL license to their product but that does not release their
>     source code.
Abraham, right, if a project is licensed under the GPL (or any free
license), publishing the source code is one of the requirements. So
they'd be cheating and we as a community should make sure they correct
or be named and shamed. Otherwise legal cases could be organised, but
are generally costly.

In the case of the OSHW Certification I understand penalties might apply
- in case the company doesn't correct and withdraw the OSHW logo from
their product communications.
>     The point of open source hardware is not just to share your work
>     with others but to make sure that work can be used by others.  The
>     enforcement portion of the certification is to make sure companies
>     who claim to follow the open source hardware principles actually do
>     so.  I believe the logistics of how this is enforced are very
>     reasonable, starting with an attempt at communication and allowing
>     the offending party to correct the issue without progressive action. 
> That's the thing, open source HARDWARE is actually fundamentally
> different from software. The licenses are the thing that make it "open
> source" and they do not apply to hardware at all. Not even a little bit.
> You are ALWAYS free to do whatever you want with the hardware (short of
> something that's patented, which is uncommon). It's the design files
> that can have copyrights.
Indeed, and a huge difference is then that the license that makes the
design OSHW is based in copyright, which doesn't apply to making the
hardware based on that. That's why a certification label like what
OHANDA.org tried years ago (are they still alive?) is very interesting IMHO.

> Ironically, because hardware is so much harder
> to work with than software, it's unusual for someone to actually publish
> enough detail for other people to use their work. That's why open
> hardware is still mostly recognized in electronics because almost all of
> the details of the hardware can be specified in one file. 
For me the best proof of something being sufficiently documented is when
people can replicate the original project and are therefore able to
contribute back to that work. (The license should of course allow for that.)
> We're having a hard enough time getting people to fully document their
> work that the most common reason someone's work isn't "truly" open
> source is simply that it isn't documented well enough. The license
> doesn't even matter if there isn't enough material to license. So the
> core, which is sharing, is always important because it's the first step
> on the path to open source. Getting people over the hump of
> documentation will mean more to open source than licensing.
Sure, but sharing is only sharing when it comes with the adequate set of
permissions, i.e. the four freedoms.

> I haven't gone into business for myself, but I assume a big part of the
> reasons companies are falling short on being truly open source is that
> good documentation is hard and there isn't an obvious connection between
> doing all that documentation and making more money. 
Yes, that's also my experience.

>     We have to start somewhere with a definition and the principles as
>     laid out by the open source hardware association seem reasonable to
>     me.  Open source hardware has its own set of constraints and
>     certification is a step towards in keeping with the spirit of the
>     ideals of free and open source.  The certification is an attempt to
>     make sure companies that claim to operate in the spirit of openness
>     actually do so.
> Yeah, that makes sense. It's a subset of the broader community that
> wants constraints enforced. I just think the distinction needs to be
> clearly labeled. Anyone who tries to share is part of the open source
> community. Putting more effort into it should allow them to further
> qualify it, like by publishing everything, and using an OSHW license,
> and even OSHWA certification. But trying to shrink "the community" to
> only the actors who are serious enough to track rules and fines is
> artificial and will simply be ignored by the actual community.
Yes, that makes sense to me. I think we can see the Certification as an
additional step to signal compliance; it is a label that can be attached
to a product.

It looks very much like the Open Hardware and Design Alliance -
http://www.ohanda.org/ -  has been doing since I believe 2009 (but
apparantely not very active any longer).

You would open an account on their web platform and publish your
documentation under your preferred free license and in the process you
agreed to conform to the certification conditions. Then you are allowed
to stick the OHANDA logo to it.

Now I wonder whether the OSHWA certification also involves a repository
where to find the details of the self-certification, which I imagine
should point to the documentation, license, community tools, authors etc.

In OHANDA every product has its webpage and an OHANDA key ("OKEY"), a
reference number that can be printed on the product, helps users get to
the source of the documentation easily.

Are things like that foreseen in the OSHWA certification?


>         On Wed, Sep 30, 2015 at 5:47 PM, abram connelly
>         <abram.connelly at gmail.com <mailto:abram.connelly at gmail.com>> wrote:
>             This post is really great, thanks for making it.
>             I think a lot of people get turned off when there's
>             standards committees, organizations and other bureaucratic
>             infrastructure mentioned, especially with a hacker friendly
>             type of crowd.  Though there still is a lot of FUD w.r.t.
>             free and open source, it used to be a lot worse.  I think
>             the same type of thing is happening with open hardware (and
>             certification) now and that it can get better in the future.
>             I think explaining in terms of what it is, why it was
>             created and what the implications are goes a long way
>             towards this. At the risk of kicking the hornets nest, I
>             think posts like Boldport's "The license is the license"
>             (http://www.boldport.com/blog/2015/9/22/the-license-is-the-license)
>             are really misguided and confused about what the
>             certification is proposing to solve.  I also think it's
>             important to reach out to the members of the open hardware
>             community that don't typically get a lot of attention and
>             make sure their voices are heard and concerns addressed. 
>             Maybe a FAQ could be written up addressing some of these
>             issues?  One that lists some of the common concerns that
>             have been coming up, in Boldport's post, the HaD comments
>             and elsewhere?  Maybe it could even be put up on a GitHub
>             page so that anyone could suggest additions by making pull
>             requests (there's always a Wiki as an alternative as well)?
>             Hardware is a different beast than software. I think we need
>             to make sure people understand why we have these mechanisms
>             in place for open hardware and why it needs to be different
>             from the software license model.  For me, addressing the
>             core issues of what the certification is trying to solve and
>             the motivation behind it is crucial for understanding.  I
>             think your article is a great and hopefully it's a start of
>             a larger trend of pushing back against a lot of
>             misunderstanding!
>             -Abram
>             On Wed, Sep 30, 2015 at 3:21 PM, Jeffrey Warren
>             <jeff at publiclab.org <mailto:jeff at publiclab.org>> wrote:
>                 Hi, all -- I dumped some of my thoughts on the
>                 certification into a post on my blog:
>                 http://unterbahn.com/2015/09/misconceptions-about-oshwas-open-source-hardware-certification-v1/
>                 IMO, there's plenty to worry about (or to work hard to
>                 do properly) without having to worry about some of these
>                 red herrings. Interested to hear folks thoughts.
>                 In particular I've been very interested in making it
>                 clear that not certifying does not mean your project is
>                 not open source hardware. It seemed very clear to me,
>                 but from comments "out there" I gather that that's not
>                 100% understood.
>                 +1 clarity!
>                 Jeff
>                 _______________________________________________
>                 discuss mailing list
>                 discuss at lists.oshwa.org <mailto:discuss at lists.oshwa.org>
>                 http://lists.oshwa.org/listinfo/discuss
>             _______________________________________________
>             discuss mailing list
>             discuss at lists.oshwa.org <mailto:discuss at lists.oshwa.org>
>             http://lists.oshwa.org/listinfo/discuss
>         _______________________________________________
>         discuss mailing list
>         discuss at lists.oshwa.org <mailto:discuss at lists.oshwa.org>
>         http://lists.oshwa.org/listinfo/discuss
>     _______________________________________________
>     discuss mailing list
>     discuss at lists.oshwa.org <mailto:discuss at lists.oshwa.org>
>     http://lists.oshwa.org/listinfo/discuss
> _______________________________________________
> discuss mailing list
> discuss at lists.oshwa.org
> http://lists.oshwa.org/listinfo/discuss

More information about the discuss mailing list