Putting the Genie Back in the Bottle: More RedHat Legal Shenanigans with CentOS


As we celebrate the 10th anniversary of CentOS, the Community Enterprise Operating System, all is not well in Open Source Land. If you haven’t heard, CentOS “joined forces” with Red Hat while you were enjoying the Christmas holiday. And RedHat wasted little time attempting to morph CentOS into a Trademark Minefield much as RedHat has done with its other “open source” projects. If you look at the new CentOS.org web site, RedHat proclaims a New Look and New CentOS. New, indeed. You won’t see many changes other than a healthy mention of RedHat and a vast new Legal section proclaiming RedHat’s ownership of the CentOS trademark and severely restricting acceptable use of the CentOS product. It’s more than a little ironic that RedHat actually pulled off a similar stunt against CentOS back in 2005. The initial problem this time around is that RedHat doesn’t actually own the trademark, nor has RedHat attempted to register it. There are some good reasons why, and we’ll get to those in a minute.

The RedHat Legal Theory of Trademarks goes something like this. We just don’t want people to confuse other products with our brand even though we all use the same, freely available open source brands. Get it? Well let’s try again. RedHat doesn’t mind using Apache’s brand name, and SendMail’s, and MySQL’s, and about 40,000 other trademarked and copyrighted products of open source developers. But God help you if the word “RedHat” appears anywhere in your open source software aggregation.

Now RedHat would like to extend this philosophy to CentOS for the betterment of the community, of course. If successful, RedHat bullying would wipe out virtually all of the current CentOS packages available from the following providers, and thousands more would disappear as well. Here’s the list from CentOS’ own web site, but don’t expect the list to remain around very long. The mere existence of this list proves CentOS acquiescence in the development methodology employed by Amazon Linux AMIs that include CentOS as part of the AMI, AsteriskNOW, BlueOnyx, BlueQuartz, CactiEZ, CentServer, ClarkConnect, ClearOS, Elastix, FAN, FreePBX Distro, OpenNode, OpenVZ, OS Office, OVH, Parallels Virtuozzo Containers, PBX in a Flash, Proxmox images that include CentOS, SipX, SME Server, Snaplogic, trixbox, trixswitch, VicidialNOW, most of the Virtual Machines and hosted platforms that rely upon CentOS with any other included application. And the list goes on. To give you some idea of how pervasive CentOS is in the products of other developers, try Googling: built atop centos which returns over 21 million results.

In a nutshell, the new RedHat Terms of Service outlaw use of CentOS in any productunless the combined distribution is an official CentOS distribution.” In short, the open source community would be transformed into the functional equivalent of the Windows and Mac platforms. End-users could independently install CentOS and then acquire apps to run under CentOS, but CentOS could no longer be included with the application itself. Well, not so fast, Mr. RedHat.

Even though the evidence trail is quickly disappearing, there’s still plenty of CentOS history that suggests things may not work out quite as well for RedHat this time around. First, there is the CentOS “Social Contract” with the Open Source Software Community and The cAos Foundation’s Open Source Software Guidelines, both of which have conveniently disappeared from the CentOS web site. For history buffs, the cAos Foundation was the developer of the CentOS aggregation. If there’s one overriding principle in both trademark law and open source software development under the GPL, it’s this: YOU CAN’T UNRING A BELL. A license once given cannot be withdrawn at the whim of a new owner, even RedHat. Here’s an excerpt from their “Social Contract.” Pay particular attention to the last paragraph:

Another problematic issue is ownership of the trademark itself. You can certainly own a trademark without registering it with the U.S. Patent & Trademark Office. But… since inception, the cAos Foundation has gone to great lengths not to ever enforce, proclaim™, or protect its trademark in CentOS. The reason is simple. They viewed CentOS as a community project which was free for everyone in the community to use and integrate as they saw fit. Thus it is more than a little puzzling that a single developer would finally file a USPTO trademark application for “CENTOS” (note the capitalization and compare to RedHat’s view of the universe) six months ago claiming that he individually owned the mark. Quite the contrary, the cAos Foundation referenced its CentOS brand as early as 2004.

This, of course, raises some additional problems with RedHat’s claim of CentOS trademark and service mark ownership. From a legal standpoint, owners of trademarks are obligated to police the use of their marks to avoid Dilution either by third parties or by tarnishment. Without delving too deeply in the legal weeds, suffice it to say the CentOS mark suffers from dilution on both counts over a period of almost 10 years! This is as it should be actually. CentOS was intended to be a community resource for everyone in the community to be able to use, integrate, and build upon. Because of its inherent non-commercial character, it was never intended to be a brand for independent marketing.

A third trademark infirmity for the CentOS brand is the fact that it’s suffering from genericide. In Plain English, CentOS has become a household word. In the Linux community, it signifies a generic open source Linux operating system. Just as with aspirin and thermos bottles, “a majority of the relevant public [has] appropriated the name of the product… [and, in essence,] the owners are victims of their own success.”

And then there’s the matter of licensing. In addition to the “Social Contract” referenced above and upon which many developers relied, there’s also a financial angle. Individual developers reportedly have been given either express or implied authorization to integrate CentOS into their software products in exchange for financial contributions to the “CentOS project.” We’ll have more to say about that in our Petition for Cancellation and Opposition to Registration of the CentOS trademark, if the trademark is ever approved for publication. We trust many other developers will file petitions as well. You can review the procedure here. You can follow the CentOS trademark saga here. Be advised that an Opposition to Registration (section 202) must be filed with the Trademark Trial and Appeal Board within 30 days of the date a mark is approved for publication in the USPTO’s Official Gazette. A sample Petition for Cancellation (section 307) is available here. You do not have to be a lawyer to file it. You do have to pay the $300 filing fee. The safest way to monitor approval is by regularly checking the Status of the CENTOS Trademark and Service Mark Application.

Licensing issues aside, there’s a more serious issue moving forward. Most companies used CentOS so they wouldn’t have to pay for Red Hat Enterprise Linux. Now Red Hat has bought CentOS. Guess what? Is it just a matter of time until CentOS is crippled so that it cannot serve as a drop-in replacement for Red Hat’s Cash Cow? Duh! Did the CentOS development team care about this? Probably not. Might not have even considered it. They got money and cushy jobs out of the deal. But, just because Red Hat offers financial rewards to a handful of CentOS developers is no reason to scuttle the development efforts of thousands of independent developers over the last decade. Better think twice, RedHat. The open source community will be watching.

Originally published: Monday, January 20, 2014




Need help with Asterisk? Visit the PBX in a Flash Forum.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for all of us.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity. 


Some Recent Nerd Vittles Articles of Interest…

Be Sociable, Share!

3 Responses to “Putting the Genie Back in the Bottle: More RedHat Legal Shenanigans with CentOS”

  1. Skavoovie says:

    Actually, Red Hat has stated just the opposite of your summary/final paragraph. They have stated it will remain a viable drop-in replacement, with added SIG options to provide even greater benefits to those who want them.

    Given Red Hat’s track record with buying open source projects and keeping them open and available, and rapidly and drastically improving them, I think the chances are strong that this will actually happen.

    For example, how has Red Hat’s acquisition of Qumranet worked out for you? I’ve seen some good articles regarding KVM virtual machines, and I know I can do a lot more with my KVM VMs today than I could in 2008.

    Another example — look at GlusterFS. There are more examples, but those 2 are off the top of my head.

    If for some reason, if Red Hat suddenly decides to change its track record and doesn’t hold true to its word, anyone is free to grab the Open Source source RPMs from Red Hat’s FTP server, just like CentOS did, and just like Oracle does, just like Scientific Linux does, recompile them, and make a new distro. That’s the beauty of Open Source, or in the case of Oracle, the way to re-brand someone else’s product and try to steal their customers.

    Thus far, as far as Red Hat is concerned I know that I personally have gotten a heck of a lot more than I have paid for, being a Red Hat user since Red Hat 5.2, Fedora since Fedora Core 3, and CentOS since CentOS 4. How much has that cost me? I spent $30 back in 1998 to buy a commercial version of Red Hat 5.2 in CompUSA. (This excludes what my daytime job provider pays to RH for RHEL licenses, and what they paid RH for a training class and certification exams.)

    As far as the trademark is concerned, it seems silly that the CentOS name hasn’t already been registered.

    I read through the legal terms on the new CentOS site, and with my layman eyes, didn’t see anything that looked overtly inappropriate or different from just about every other Open Source project name.

    With as many people using it, preventing people from naming their projects and products in such a way as to imply association with CentOS is a good thing — no matter who owns the name.

    Case in point, if NV decided to rename PIAF to RedHatAsteriskInaBox, or CentOSAsterisk, I think that would confuse a number of people into thinking there was an official association with the OS distributions.

    As a long-time RH software user with no association with the company, I am going to adopt a wait-and-see attitude, with hopeful expectations based upon their long-standing track record. I think this change is actually a very good thing.

    [WM: I hope you're right. Brand confusion with a trade name is very different than the concerns that have been raised in this article. Once you release a product with a GPL license, the public has a right to copy the code and add to it so long as the original GPL license including the licensor's copyright is preserved together with your copyright if you choose to add one. The original licensor cannot restrict the pieces of the product that can be used unless some of the components can stand on their own and have been specifically excluded from the grant of the GPL license to use "the product." In other words, you can't sprinkle trademarks and copyrighted works throughout the GPL code and then claim that nobody can use them. You licensed that use when you released the code under the GPL unless you specifically excluded independent "works." In the case of Red Hat, they really had no choice but to release the entire work as GPL because you can't add more restrictive items to a GPL work in order to restrict future copying of the original GPL creations. And most of the code under the Red Hat umbrella was GPL creations of others!]

  2. Skavoovie says:

    Reviewing the full sentence you partially quoted for better understanding and context:

    “Use of the CentOS MARKS to identify software that combines any portion of the CentOS software with any other software , unless the combined distribution is an official CentOS distribution. FOR EXAMPLE, you MAY NOT distribute a combination of the CentOS software with software released by the FooStack project under the name ‘CentOS FooStack Distro’.” [emphasis added]

    Additionally, I would like to point out items #2 and #4 from the same URL, their “Acceptable Uses” section, and a portion of the opening paragraph:

    “2. You MAY USE the Word Mark, but NOT the Logos, to truthfully describe the origin of the software that you are providing but not the software itself, WHERE WHAT YOU ARE DISTRIBUTING IS MODIFIED OFFICIAL CENTOS SOURCE CODE OR is a build COMPILED FROM MODIFIED OFFICIAL CENTOS SOURCE CODE. You MAY SAY, for example: ‘This software is derived from the source code for the CentOS distribution.’ However, you MAY NOT SAY that the software is CentOS.” [emphasis added]

    “4. You may use the ‘Powered by CentOS’ logo to truthfully state that your application runs on or uses an official CentOS release.”

    “The CentOS Project is by its nature a noncommercial community project that provides software free of charge…”

    To my layman eyes, this would seem to explicitly contradict the claims of this article, in that:

    1. You cannot use the word mark “CentOS” as part of your project name.

    2. You cannot use the CentOS logo in your project description IF you have altered the CentOS source code. You can however say that it is derived from CentOS if you did alter source code.

    3. You CAN use the “powered by CentOS” logo if your project sits on top of CentOS in its unaltered (as in source code) form — it is my understanding that PIAF and Incredible PBX are the exact type of projects to which this is referring. Perform a base install of CentOS, and then stick your custom project on top of CentOS, just like PIAF/Incredible PBX does.

    4. The software is still as free (as in beer) as CentOS has always been, and as RHEL has been (sans pre-compilation for RHEL of course).

    No where do I see any mention whatsoever about the preclusion of the use of CentOS _software/code_ as the base of any other Open Source project. Furthermore, the entire page is only referring to the “Word Mark” and “logos” of CentOS, as explained in the opening sentence of the page. No where do I see a single item listing reference use of the software itself.

    Red Hat and CentOS have made it clear that, “the CentOS Linux platform isn’t changing” , and that this change will actually increase the community involvement for the distro because they no longer have to worry about the Red Hat [intellectual property] “firewall” as they refered to it. ( http://lists.centos.org/pipermail/centos-announce/2014-January/020100.html )

    Protection of the CentOS work mark and logo are, in my opinion, an asset to the community of users under the provisions laid out in this document. It means we can trust the logo when we see it.

    Off the top of my head, thinking of restrictions within other Open Source projects, I see no difference between these conditions and any other major Open Source project work mark or logo restrictions. I think it allows for reasonable and fair use in the description of projects that utilize CentOS, while preventing its deceptive or confusing use in a negative way.

    If your argument is not in fact about use of the software/code, but rather the use of the CentOS logo or word mark as part of a project name (as opposed to “powered by CentOS”), then I don’t see how this goal would be of benefit to the community or its users.

    Lastly, I’m glad that most of the CentOS team is now getting paid for what they’ve been doing in their spare time for several years now (on top of their $dayjob).

    [WM: You raise some good points. Let me clarify some of the can'ts and musts in the article and my previous comment. Statutory construction is often a slippery slope. The GPL license walks a fine line between patent, trademark, and copyright law. Think of it as a "live and let live" license. The example given in the license itself has to do with patent enforcement, but the same applies to trademarks and copyrights by the express language of the license.

    Let's go back to the original fight between Red Hat and CentOS for a moment. Yes, technically, the licensor (in this case Red Hat) had the right to insist that CentOS not use its marks or its copyrighted artwork in the CentOS build. But the GPL makes very clear in section 7 what the penalty is for imposing such conditions on the use of a product that you've released under a GPL license (and Red Hat had no choice about that since it incorporated thousands of other GPL works). Under section 7, the licensor forfeits their rights to publish the original work at all and forfeits the right to use the GPL code of others in the product since the product can no longer be distributed as a GPL product. Thus, the appropriate response by CentOS originally would have been to ask a court to enjoin further distribution of the Red Hat Enterprise Linux product on which CentOS was based.

    Moving to the current situation with CentOS, if the trademark situation is resolved in Red Hat's favor down the road, then the appropriate response from a third party if Red Hat were to insist upon removal of marks and copyrighted images would be to enjoin further distribution of the CentOS product under section 7 of the GPL. As Brer Rabbit taught us, that might be exactly what Red Hat would want. The short answer to that is nothing would preclude any third party from building another distribution directly off the Enterprise Linux code base without removing the marks and artwork. Under section 7, this would force Red Hat to make the Hobson's Choice of enforcing the trademarks and copyrights or forfeiting the Enterprise Linux product itself. The practical answer is that a developer such as RedHat that wishes to add its custom artwork and marks to an open source product should document the process of removing and replacing those components so that others who wish to use the product can do so with their own branding. Then we wouldn't be having this discussion. See also these Guidelines for Free System Distributions.

    Hope that clarifies the interplay of the GPL with the consequences of patent, trademark, and copyright enforcement.]

  3. Nerd Uno says:

    Mr. Singh recently assigned his trademark interest (whatever it may be) to Red Hat. Here’s the link.

Leave a Reply

Ringbinder theme by Themocracy