Google recently launched the Open Usage Commons (OUC) foundation to offer open source projects “support specific to trademark protection and management, usage guidelines, and conformance testing,” according to the OUC’s website. Seems sort of bland, right? Well, maybe.
Depending on who you are, you either hate OUC or you love it. On the “hate” side seem to be IBM and the Linux Foundation on the record, and others off. On the “love” side seems to be just Google, though a rising chorus of experienced open sourcerors like Shaun Connolly and Adam Jacob have suggested that maybe, just maybe, this isn’t the end of open source as we know it.
However, if your response to a foundation to shepherd trademarks is “Huh?,” it’s worth trying to unpack what just happened with OUC, and why it matters.
Confused turtles all the way down
At issue in all of this is governance, though OUC doesn’t have anything to say about governance. Not directly, anyway. All OUC does is provide a place for open source projects to park their trademarks. Nor is OUC the first foundation to do so: the Linux Foundation, Software Freedom Conservancy, and others also provide this service.
The difference with OUC, however, is that trademark protection and management is all that it does. As OUC board member (and former Googler) Miles Ward put it:
[U]tility comes either in bundling or unbundling. We endeavor to decouple the trademark part from some of the other parts of a more typical foundation bundle, and see if that smaller unit is useful. Maybe it’ll help! We’ll see.
If such benevolent experimentation seems a bit too convenient, well, there’s no shortage of cynical or Oliver Stone-level conspiracy theories to explain it all. OUC, for example, is completely staffed by current or past Google employees, or academics who have received funding from Google. It’s hardly a neutral organisation.
With this in mind, some suspect Google instituted OUC as a way to ensure that a Kubernetes never happened again. Yes, Kubernetes has been an incredible success for Google, but it has also been an incredible success for Google’s competitors. Some believe that not enough of the financial rewards have gone to Google.
But if this is the suspicion, the OUC seems to go out of its way to allow others to profit from OUC projects. To wit, the OUC FAQ says:
[The OUC impacts] the companies that want to offer managed versions of these projects, or who have the project as part of their service and want to use the project brand to demonstrate quality/innovation/etc. Applying OSS [open source software] principles and neutral ownership of the trademark means that these companies can invest in offering “Project as a Service” because it’s a guarantee that they can use that mark; it won’t be suddenly taken away on a whim after they’ve built up an offering around it.
Well, what about governance? OUC explicitly disavows any impact on governance or source code licensing. According to Google’s open source chief Chris DiBona, OUC “doesn’t change anything [related to governance] for good or for bad. If your perception is that [Istio governance] needs to be fixed, then it still needs to be fixed.”
Does this mean that Istio or Angular or Gerrit, the three projects used to seed the OUC, could later be contributed to the Cloud Native Computing Foundation, or another foundation? It seems the answer is yes.
But doesn’t Google control these projects, with a new neutral-sounding but still-controlling lock on trademarks? Well, maybe. But if we look at the Istio steering committee it’s the same 60/40 split as before (Google has six members while IBM/Red Hat has four).
What about Angular? Yes, its contributor crowd is mostly made up of Googlers, but not exclusively so. Gerrit? Half of its maintainers don’t work for Google.
This needs to be kept in mind when reading open source legal expertAndy Updegrove’s comments to Steven Vaughan-Nichols: “A project that is primarily important to a single vendor and primarily staffed and controlled by developers employed by that employer can continue to exercise effective control while avoiding the market suspicion that might arise if the vendor owned the mark.”
He’s right, but there’s also an existing governance structure in place for these projects that OUC doesn’t eradicate.
Strip away all of the bilious bickering associated with OUC and it feels like the heart of the matter is unfulfilled expectations.
As CNCF executive Chris Aniszczyk stresses, this is “really about one company lying to their community partners and dragging their feet for a couple years. [Let’s] focus on the loss of trust here... and why a new gerrymandered org was necessary vs. ASF [Apache Software Foundation], EF [Eclipse Foundation], SPI [Software in the Public Interest], etc.” “Lying” is a strong accusation. What is Aniszczyk talking about?
For years vendors like IBM, a co-creator of Istio (one of the three projects Google contributed to OUC), worked on Istio under an implied (or actual) promise, as IBM’s Jason McGee writes:
At the project’s inception, there was an agreement that the project would be contributed to the CNCF when it was mature. IBM continues to believe that the best way to manage key open source projects such as Istio is with true open governance, under the auspices of a reputable organization with a level playing field for all contributors, transparency for users, and vendor-neutral management of the license and trademarks.
Whether OUC affects a project’s governance (it shouldn’t, at least as outlined in its charter), this allegedly broken promise is the issue. As much as I recognise this concern (and know, respect, and am friends with people on both sides of the issue), ultimately it may be too soon to predetermine OUC’s impact.
It’s quite possible, as John Mark Walker has noted, “there’s a large number of individuals with GitHub projects who have no desire to officially join a foundation,” but who would benefit from low-touch trademark protection.
It could be, as Shaun Connolly points out, that OUC could be a real boon for individuals with open source projects, without denting the need for larger projects to get white glove treatment from a foundation like the Linux Foundation.
So, could OUC be good? Sure. Could it be a veiled attempt by Google to control the universe? I guess? But we’re really not at a point where we can draw a final conclusion.
It will be worthwhile to watch how the governance of the Istio, Angular, and Gerrit projects evolves in light of OUC, as well as take note of the market adoption of OUC by other projects. Stay tuned.