采访了定义开源的那个人,他说:RMS有自闭症,开源不能单一仓库
文 | lola
出品 | OSC开源社区(ID:oschina2013)
写开源相关的文章,总是绕不开 Bruce Perens。写 Debian,他是 Debian 创始人钦点的第一任 Debian 领导人 ,起着关键性作用;写布道,他是 OSI(Open Source Initiative)的发起人之一,祖师爷级别;写协议,他是 OSD (Open Source Definition)的作者,就是他写下了十条定义,来定义“开源”是什么。
后来,我们又写了两篇与他紧密相关的文章:《Bruce Perens 二三事:真正的强者,剽悍的人生》和《开源怎么了?为什么连发起人都嫌弃它?》。
再后来,我们干脆请到了他,谈了谈最近开源世界的一些变化。
OSCHINA:2021 年,RMS 重归自由软件基金会(FSF),OSI(Open Source Initiative)董事会发文抵制。这是否有些反应过度?为什么会这样?二者之间有曾有何冲突吗?您是如何看待这件事的?
故事背景:
RMS(Richard Mattew Stallman)是 GNU 计划和自由软件基金会(FSF)的创始人。2019 年,RMS 为陷入性侵案件的工人智能之父 Marvin Minsky 辩护了几句,随后大众翻出 RMS 厌恶女性、攻击残疾人和变性人、为娈童辩护等一系列过往言论。舆论攻势下,RMS 不得不从 FSF 和 MIT 离职。
2021 年,RMS 计划回归,OSI 认为 RMS 在 FOSS 社区中担任任何领导职位都是不合适的,他(RMS)应该为过去的行为负责。同时,OSI 还呼吁 FSF 将 RMS 除名,并表示不会参与有 RMS 在场的任何活动,如果 FSF 不除名 RMS,OSI 也不打算和 FSF 合作了。
同一时期,反对和支持 RMS 的人分裂成两派。最后,FSF 还是决定任命 RMS。
BP:人们对 RMS 的看法总是极端的:要么爱极他,要么恨极他。四十多年前就是这样,只不过现在更多人关注到自由软件了而已。
我认为整件事的重点在于,RMS 其实是有缺陷的,我们应对不健全的人采取宽容的态度。我不知道他是否接受过正规医生的诊断,但认识他的人都知道他患有自闭症。(译者注:the Autism spectrum,由脑部发育障碍所致,表现为表达困难和社交障碍等,通常伴随有高智商。)RMS 无法理解人们会对他的言论和表现产生何种反应,当面对与他想法不同的人时他会变得非常沮丧。Ricahrd 其实并不反感女性,但出于病情的关系他会对女性表现出极其可憎的一面,我曾亲眼见识过这个。然而,(他的这些行为)从来都没有上升到暴力或者逼迫别人的那种地步。
随着 MeToo 运动的兴起,Richard 也因此受到了抵制。女性经受了很多不公平的对待,这必须被矫正过来,那些犯罪者是罪有应得。但问题是,这种抵制不像法庭上的判刑,它由盲目暴力的情绪引发,“乌合之众”的审判不会受到责任约束,也不会经过谨慎思考,而且毫无节制,被制裁的人没有任何机会去展示他们已经改过自新、可以停止制裁了。他们为了制裁而制裁,甚至不在意这是否能够让别人纠正自己的行为重新被社会所接受。
因此,没有人站出来说“Richard 已经受到应有的惩罚了,我们现在应该停止制裁他了”。FSF 曾试图站出来,却遭到了强烈抗议。在我看来,先不去想正义到底是什么,来仔细审视这些观点:女性需要获得公平,有人因为自身的缺陷冒犯了女性,在关注女性权利的同时,“残疾人”也同样需要关注和宽容。
以上这些,OSI 都没有想过,才会有了 OSI 后来的那篇声明。一个像他们那样的组织,在大众的聚光灯下发表出那样的言论,是十分吸引人眼球的。事实上,这会造成一定的伤害。
因为 OSI 持续不断地接纳更多的新许可证进入开源,我和 OSI 曾有过不愉快。他们的做法伤害到了社区,这在加速开源许可证对开源精神的偏离。时至今日,OSI 还在继续加入更多的许可证,因为如果不这样做,那么他们存在的意义是什么?或许,针对 RMS 的那场宣言也是一样。
除了认证开源许可证,OSI 的确也摸索过其他开源相关的事业。Simon Phipps(译者注:Simon Phipps 2009 年进入 OSI,曾多次担任 OSI 总裁)所做的工作就曾影响到一些标准组织,让他们不准许特许授权的专利进入其标准,以打造更加开源友好的环境。
然而,这项工作受到了 OSI 赞助企业的反对。还在 OSI 时,我就曾遭遇过一个赞助企业坚决要求 OSI 不能在开放标准中推广开源。因此,OSI 几乎是不能全心全意地去追求开源事业的。
除了这些,OSI 所做的更多的是布道,这的确曾是必要的工作。但随着更多热情充沛的布道师加入进社区,OSI 就显得黯然失色了。
OSCHINA:最近,GitHub 封锁了受美国制裁公司的俄罗斯开发人员账户,这一举措也导致部分开源项目的重要 PR、Issue 和 Comment 丢失,对开源造成不良影响。对此,您怎么看?
故事背景:
2022 年 4 月,部分俄罗斯账号被 GitHub 禁用,因这部分俄罗斯开发人员所在的公司遭到美国制裁。不久后,Quick 和 Nimble 的首席维护者 Jesse Squires 发文控诉,因这一举措,多名贡献者账户被封,导致项目遭遇危机。
BP:这是个有趣的难题。一方面,开源运动涌起了一阵“道德许可证”的浪潮,他们想要禁止开源软件被用于压迫等不好的用途。我拒绝过这些许可证,它们根本不可能奏效。在俄罗斯法庭诉讼版权侵权的手段就能阻止普京吗?这多么可笑。
另一方面,美国的确有一些法律上的有效途径去惩罚俄罗斯。这些都已经通过法律机制被付诸实践了。那些被 GitHub 禁止的俄罗斯开发者都是与被制裁机构有关的,美国因为这场战争而制裁了他们。
这是美国法律要求 GitHub 去做的,我们不能去表示任何反对,正如我们也理解中国公司也必须在中国的法律框架下行事是一样的。对于 GitHub 来说,我相信第一次去封禁开发者账户,这也是一件非常尴尬的事情。人们第一次做某件事,难免会犯错误。
然而,我可以保证:这件事对开源来说,绝对不会有什么大影响。首先,这些被制裁的用户如果想继续贡献开源,他们可以寻求其他国家的另一个代码仓库,他们的代码将仍然是开源的。其次,出于安全的考虑,我们绝不希望任何软件只存在于单一网站上,鉴于存在如此多的其他代码托管平台,我们的选择是很多的。因此,开源社区不会受到任何威胁。
要说 GitHub 真的有啥问题,最近很多开发者都在讨论 —— GitHub 的管理正在越界,他们想通过日常的管理手段从项目中拿到更多权利,这是开发者不愿意看到的。过去几周,非常多的项目都开始迁移到其他平台上去了,毕竟有那么多的代码托管平台可选。
OSCHINA: 您是如何看待源码可见许可证,例如 SSPL 和 BSL 的?似乎,越来越多的开源创企开始倾向于源码可见,而不是地地道道、完全符合 OSD (Open Source Definition)的开源。您认为 OSD 会有过时的那一天吗?您是如何看待这种现象的?
故事背景:
BSL(Business Source License) 是 MariaDB 创建的一种商业许可证,一些开源企业采用 BSL 用于阻止云厂商在没有获得授权的情况下将其产品以商业形式提供为云服务。
同样为了防止云厂商“搭便车”,2018 年,MongoDB 创建 SSPL(Server Side Public License),该协议规定:如果你将产品作为服务提供给他人,则需要公开发布任何修改以及管理层的源代码。
因为不符合“OSD”,该两个许可证均未通过 OSI 认证,被认为不是真正的开源,而仅是源码可见(source-available)。
BP:关于 BSL,我曾经帮助过 MySQL&MariaDB 的创始人 Monty Widenius。BSL 保证,采用 BSL 的软件在经过一段时间后会自动地变成完全开源的状态。而 SSPL 就没有这样的承诺了。
开源并不意味着我们的开发者就必须过着“苦行僧”样的生活。AWS(Amazon Web Services)从 MairaDB 类似的公司“占到了便宜”,他们既不贡献又不资助,反而通过运行和售卖相关服务从开源软件中获利。我认为,BSL 是一个很好的折中方案,但其他的那些(非开源)许可证我就没那么高的评价了,它们中的一些根本不打算任何让步。
一些创业公司采用了那些不能保障一定会开源的许可证,我认为这就与开源不再相关了。开源社区要比他们壮大且有力量得多!开源社区每天发行的代码数量是 MongoDB 和类似公司的 1000 倍。
重点在于,一些大型且高技术含量的项目是大多数公司仅凭自身力量根本无法办到的,而开源社区就能。比如说,用于音频和视频压缩的 CODECs 项目的开发,有哪家电话制造商愿意在实验室花个十亿美元来做高清音频,以作为他们下一款手机的主要卖点?没有一家。而 Jean-Marc Valin 的 the Speex CODEC 在做,它是开源的。(译者注:Speex是一个声音编码格式,用于网络电话、在线广播使用的语音编码,以 BSD 开源。)
是哪家手机芯片制造商在研发软件用于 5G 原型系统吗?不是,而开源的 GNU Radio 在做。(译者注:GNU Radio 是免费开源的软件开发工具套件。它提供信号运行和处理的模块,被广泛用于业余爱好者,学术机构和商业机构用来研究和构建无线通信系统。)
IBM 或者其他电脑公司有做出一款操作系统,能像 Linux 一样被运行在如此多样的不同硬件上吗?没有任何一家公司做到,哪怕只是靠近一点。
OSCHINA:据知,您开设了一家开源咨询公司,能具体介绍一下吗?比如商业模式、是否盈利、运转得如何?如今,中国已经涌现了一批开源力量,然而大多数人们是缺乏相应的开源知识的,关于开源治理您有何见解?
BP:现在我主要的收入渠道就是我的咨询业务,我管这叫做“Legal Engineering”。我帮助律师事务所和他们的客户,一旦他们一不小心触犯到开源软件相关的版权问题。我介入在企业与开源项目之间,来协调双方,让两者都能满意。
同时,我也将这些案例报告给律师,成为了律师和软件开发者之间的桥梁。我已经有了很多公司这类问题的成功案例,不得不说这让我收入颇丰,我很感激我能以此谋生,还能留出时间来发展自己的项目。
我也有一些来自中国的客户,这些企业因为在开源上走了错路而成为我的顾客。其实,这不仅仅是中国企业的问题,全球皆是如此。
而且,公司们在开源上遇到的问题,并非仅靠开源治理就能解决的。最大的问题在于,工程师们接受了 4 年的高等教育,拿到了软件工程的高等学位,却没有上过一门叫做“版权”的第一课!于是,他们整日忙于将别人拥有版权的代码拆分重组进自己的产品中,缺乏独创性。这是他们的主要工作内容,但他们却对“版权”这一概念一无所知!
一旦工程师们不知如何下手时,他们就会借鉴一下开源项目,再来动手写他们自己的。很有可能,无形之中他们就使用了相同的逻辑思路来撰写自己的项目,尽管他们没有一行代码相同,使用的语言也不一样,但这仍是抄袭!这被称为“non-literal copying”,法院对这一情况早就熟门熟路了,而且还有特定的检测方法,叫做“抽象过滤比较法”。当然,还有“literal copying”,也就是直接从开源项目中复制粘贴。一不小心,这些工程师所在的公司就会成为我的客户。
我认为每一家中国企业都应该确保自家的软件开发者都明白该 copy 哪些、不该 copy 哪些。这些知识必须在公司层面上补课上了,尽管我认为这应该是在拿到一个计算机科学学位时就应该具备的。
我用英文给一些公司上课,一上就是半天。一些经理还不情愿我占据工程师们这么长的工作时间,但是这往往能够为公司在效率和法律方面省下数百万的成本。
公司内的开源治理还有一个办法:成立开源审查委员会(Open Source Review Board)。在产品的设计阶段,就把懂版权、安全和合规性的人组织起来,以确保不会侵权,即使侵权也可以避免浪费所做的工作,来确保交付出去的代码都是开源合规的。
我可以帮助企业设计和运行这一整套合规过程,当然如果你不需要我的帮助,Linux 基金会还有个组织也能帮助到你:https://www.openchainproject.org/。
最后, Bruce Perens 还谈起了自己的家庭情况,其妻子名叫 Valerie,她在加州大学伯克利分校任职,两人在一起已经 30 年了。2000 年,他们的孩子 Stanley 出生。在 Bruce 眼里,Stanley 是个英雄,他在高中就选修了急救和消防课程,并且身体力行。在新冠、暴乱、火灾中,Stanley 冲在一线去帮助受伤的警察和民众。
小编用血泪教训告诉大家,常常严格要求自己,头上三尺有神明,谨记“造谣一张嘴,辟谣跑断腿”。
Q1:
In 2021, RMS attempted to return the FSF, and the OSI Board of Directors had shown their resistance to RMS. (https://opensource.org/OSI_Response). Was it overact ? Why? Was there any conflict/contradictions between them? What do you think about it?
BP:People tend to polarize around their opinions of Richard Stallman: they either love him or hate him. It's been that way for about 40 years, it's just that more people know about Free Software now. I think the most important part of this issue is that Richard has a disability, and we should make accomodations for disabled people. I have not heard that he has an official doctor's diagnosis of being on the Autism spectrum. But it is obvious to people who know him. He is often unable to understand how people will react to his words and actions, and he can become very upset by people who think differently from him. Richard likes women, but because of his handicap he can be obnoxious to them, it has happened in my presence. But I have never seen it reach the level of violence or forcing. I guess encouraged by the rise of the MeToo movement, Richard was shunned. There has been much injustice toward women, and this must be corrected, and the perpetrators often deserve their shunning. The trouble with shunning is that it is not like a penalty from a court. It is imposed by a mob rather than a jury of people who understand their responsibility and think carefully. It doesn't have any defined ending, and there is not any opportunity for the shunned person to show that they have reformed their actions and to have the shunning end. It doesn't even admit to the possibility of reform, it is just punishment for the sake of punishment rather than as a means of correcting a person's behavior and having them again accepted by society.
So, there is nobody in the mob who says "Richard has had his penalty and we can stop shunning him now". FSF tried to do that, and there was lots of outcry, and in my opinion: not much thinking about what justice would really be. We need to consider opinions carefully: Women need justice, someone's handicap was the cause of the offense. We need to be fair to both the women and the handicapped person.
When the Open Source Initiative issued their opinion, they weren't thinking about that as hard as I would have liked them to. It is very tempting for an organization like theirs to make this sort of statement to take a moment in the spotlight of publicity, and this can actually do harm. I have problems with OSI because I think their continuing acceptance of new licenses as Open Source does damage to the community and fuels a slide toward licenses that are farther from the spirit of Open Source. And yet they continue to do it because without that, they would not be very relevant at all. And perhaps the RMS statement was more of the same. There is one relevant thing that OSI does, which is the work of Simon Phipps in influencing standards organizations to be more accomodating of Open Source by not allowing royalty-bearing patents in their standards. But even this work is restricted by OSI's corporate sponsors, for example when I was in Simon's role, one insisted that OSI not promote its own definition of Open Standards. So, OSI can't even wholeheartedly pursue our own cause. The rest of what OSI does is evangelism, and while that might once have been necessary, they are eclipsed by the very many enthusiastic evangelists we have in the community.
Q2:
Recently, GitHub suspended the accounts of some Russian devs that were sanctioned, which has had a really bad influence on Open Source. It seems like GitHub is losing the open source spirit (or geek spirit) by doing this. To some degree, there are more and more incidents of "geopolitical influence on open source"(also called "the weaponization of open source") in recent years, what do you think?
BP:Well, this is an interesting conundrum. On the one side, we have voices calling for "Ethical licenses" which would prohibit the use of Open Source to oppress people. I have objected to these licenses because they can't be enforced: Are we going to stop Putin by charging him with copyright infringement in a Russian court? That's more than silly.
On the other side, we do have a viable way to discourage Putin with our laws and courts. We can make sure he and his cronies don't profit in our economies, and we can damage the economy of Russia by excluding it. And this was done through real legal mechanisms, not mobs or un-enforceable extensions of Open Source licenses. The developers who were turned away from Github were connected with organizations that the United States sanctioned for bad actions connected with the war. If they contributed to Open Source, their code is still Open Source, and they can find a git repository web site in some other nation.
I think we can't disapprove of Github acting as required by United States law, just as we have to understand that Chinese companies don't have that much opportunity to publicly disregard the law of China. We can disapprove of the law, and work to reform the law if we think it's wrong, but I have no reason to believe this one is wrong and I don't disapprove so far.
I have no doubt that excluding developers was an awkward, first-time thing for github, and that they made mistakes as people often do when they do something for the first time. Of course there has been some discussion about it, but I can assure you this is not a big issue in the Open Source community. For security reasons we never wanted every bit of software on one site, and so there are other git repository web sites and we have lots of choices. And thus the community is not threatened.
What if there really was a problem with Github? We had a problem with a web site that almost all developers used for online discussions recently. The usual thing of the management trying to have more power than any project wanted them to have. In a few weeks, very many projects moved to another web site. Everyone in management at Github knows that we would do the same with them if they were a problem. Gitlab and a dozen others would love to have the business. But I see no reason that projects should move at this time.
Q3:
What do you think about the source-avaible license SSPL and BSL? It seems like more and more open-source startups trend to use source-avaible license, rather than open-source licenses which is suitable for OSD. So, do you think OSD will become an obsolete concept one day? How do you think about this phenomenon?
BP:I helped Monty Widenius (the author of MySQL and MariaDB) with the BSL. Software under the BSL automatically becomes fully Open Source after a time. The BSL text guarantees that. The SSPL offers no such guarantee. Open Source doesn't mean that our developers should take oaths of poverty, like monks, and live on handouts. Amazon Web Services was eating the lunch of companies like MariaDB. [use another metaphor if that doesn't work in Chinese] AWS ran the Open Source software and sold it as a service, without significantly contributing to its development or funding the developers. I thought the BSL was a good compromise. I don't think as highly about some of the other licenses, some are not compromises at all.
There are startups that do that, without a guarantee that the software will eventually become Open Source like that in the BSL. I don't think they are very relevant. The Open Source community is so much larger and more capable than them. We release 1000 times as much code as MongoDB and similar companies every day.
It has gotten to the point that there are some very large or highly technical projects that companies mostly can't do at all if they work alone, that the Open Source community does well. For example the development of CODECs, software for compressing voice and video. Did telephone manufacturers spend a billion dollars in their labs making the HD Audio for new phones, their major selling point? No, that is the Speex CODEC by Jean-Marc Valin, and it's Open Source. Did the cell phone chip manufacturers make the software that they used to prototype 5G systems? No, that's GNU Radio, and it's Open Source. Has IBM or any other computer company made an operating system as capable, that runs on as much different hardware, as Linux? No company ever got close to doing that.
Q4:
As we know, you found an open-source consulting company. Could you please give some details about it, like what is your business model? Does it profitable? How is it going well? Nowadays, China has emerged some open-source strength. However, most of people have insufficient knowledge about Open Source. Would you please share some experience?
BP:I am developing a web business that I can't talk about yet, but I think it will be big. There is still a lot of low-hanging fruit [things that people aren't doing yet that aren't that hard] on the web.
The main way I make money today is my consulting business, which I call Legal Engineering. I help law firms and their customers when they have accidentally infringed on the copyrights of Open Source software. My assignment is always to fix the infringement so that both the company and the Open Source project are satisfied. I always report to a lawyer, and I am the interface between lawyers and software developers. I have successfully resolved this sort of problem for many companies. I am happy to say that it pays well, which I appreciate because it allows me to make a living and still have time left over for my projects.
I am so happy to have Chinese customers! It's too bad that all of those companies became my customers by making mistakes with Open Source, but I get them fixed.
Let's start by saying this is not a China problem. I meet it in every country.
Companies face bigger problems with Open Source than governance. The biggest is that programmers can take an advanced degree in software engineering, spending 4 years or more in college, without having the first class in copyright. And then they spend every day at work combining other people's copyrighted works into a product, which is producing a derivative work. That is a copyright concept that they know nothing about, and it's their main job!
And when a programmer doesn't know how to do something, they might look at some Open Source software that does it, before they write their own version. And they might type in the exact same logic as the software they saw, without typing the same words or writing them in the same language, but that is still copying - it's called non-literal copying, and the courts know it very well and have a method of detecting it called Abstraction-Filtration-Comparison. Or, they might just cut and paste from the Open Source program into their own, that's literal copying. This is how the company they work for becomes my customer.
So, I would like every company in China to make sure their software developers understand what they should, and should not, copy. This has to be taught in companies for now, but I think it should be required for a computer science degree. When I do this in English, it's a half-day training, and managers hate to take programmers away from their work for so long. But it saves companies Millions in wasted work and legal issues.
The next step in governance of Open Source use within a company is to develop an Open Source Review Board. This is a way for software developers to involve people who understand copyright, and security, at the design phase of a product, so that copyrights are not infringed, so that work is not wasted because it turns out to be infringing; and so that when there is a security problem with Open Source, every copy in customer's hands gets fixed. I help companies design and operate this entire process, but if you don't want my help, the Linux Foundation has https://www.openchainproject.org/ which will get you started.
About Family
I want to tell a story. I was exhibiting at an amateur radio conference, and I had my wife and son helping out in the booth. People in our community are used to us being very nerdy, and not so well-developed socially. A man walked up and said "Of course I've heard of you from Open Source. But I didn't know you were a normal person with a wife and child!" My wife found that hysterical, and for weeks would say "I didn't know you were a normal person who did..." whatever I was doing at the time. You can imagine.
So, there are things that are more important than my consulting business. My wife is Valerie, and we have been together for 30 years. Valerie works for the Haas School of Business at UC Berkeley, where she helps them get the donations that keep the school alive. She's also an author, and recently has been writing about OKRs, a system for understanding business performance, for John Doerr's whatmatters.com . Together we enjoy travel, walks, the Bay area's many restaurants, and camping in our trailer. My son is Stanley, and he's a hero. Here in Berkeley, the high school offers elective classes to be an emergency medical technician, and a fire science class that prepares students to enter a firefighter academy. Stanley doesn't want to spend his time behind a desk, and so he graduated high school with his Emergency Medical Technician license, moved out of our home, and got right to work in ambulances. And this was just the time when COVID started. So, Stanley has taken care of the people in Alameda County, California (around the San Francisco Bay) for all of COVID, fires, riots, taking care of cops who have been shot when the shooter isn't caught yet, providing the medical help to mass vaccination sites in case someone has a reaction to the vaccine. He puts himself at risk to help other people every day. He has finished his training as a Paramedic now, which qualifies him to do more to help sick and hurt people. To do that, he worked in a hospital emergency room, and he's especially interested in cardiology so he appreciated being able to spend time assisting a heart doctor and learning from him.
推荐阅读