With apologies to Planet MySQL readers. This post is about MySQL, but it is not technical, and probably not at all interesting to many of my usual readers. But it didn't fit in a tweet...
The Open Invention Network announced that its members have agreed to broaden the scope of the "protection" that it offers its members against software patent attacks against "The Linux System". Simon Phipps, a former Sun collague whom I follow on Twitter, covered the OIN in a very informative InfoWorld piece:
That's why the news, announced Tuesday, that OIN would open its umbrella wider was so welcome. The 700 new software packages include KVM, Git, OpenJDK, and WebKit, which by themselves represent a dramatic extension of scope.
It's a balanced article, probably the best I've ever read about the OIN. He also points out that a lot of FOSS software many of us would consider a "Linux System", notably Android, is still not covered. Oracle, an OIN member, is of course in software patent litigation against this particular variant of Linux, against Google, another OIN member.
But increased coverage is always increased coverage. So far so good. The following tweets were then uttered:
First article I've ever read about OIN that a) provides real info, b) I understand. by @webmink Unfortunately FOSS databases still not there
@h_ingo @webmink OIN "Linux system" used to include MySQL and PostgreSQL. See https://www.cbronline.com/news/oracle_gives_open_source_a_patent_pass, which I wrote. And https://www.linux-mag.com/id/2497/
@maslett And https://web.archive.org/web/20110516125614/https://www.openinventionnet… - MySQL I get, PostgreSQL going I don't.
@maslett Are you sure? They are listed in the covered component list: openinventionnetwork.com/pat_linuxdefpo…
It was at this point I resorted to blogging as a reply to Matthew and others.
Ok, so the OIN "protection" (what the protection actually consists of is also unclear to me, but let's assume it is something good) is only offered for a specific list of specific versions of specific software, which they call the "The Linux System". It is available at https://www.openinventionnetwork.com/pat_linuxdefpop_table3.php . Apparently this list is valid as of May 1st, 2012. Why it is already published, I don't know.
If you've ever used a Linux distribution, you will notice that it is essentially a list of package names and versions. So for instance, you might wonder why someone would list separately mod_php, mod_python and not just "Apache web server", but it all makes sense when you know that this is basically a listing of the packages from some imaginary Linux distribution. When I looked at this list in 2009, it looked awfully lot like a listing of the then current RHEL 5. Today's list is much updated.
So then to the main question. Are MySQL and PostgreSQL part of this protected system or not? You can scroll down to a nice and even number, line 1024, and you will find "mysql" there. Later down you will find PostgreSQL. Now, what is confusing is when you read what it actually says. Both entries are confusing, but let's use MySQL as an example.
And let's go back in time and start from 2007. When Aslett writes that "Oracle has vowed not to assert its patents against open source projects such as the Linux operating system kernel and the MySQL and PosgreSQL databases by entering into a licensing agreement with the Open Invention Network." That sounds great!
Ok, now let's see what the OIN list of covered software said in 2007:
mysql | 5.0.16 | https://dev.mysql.com/get/Downloads/MySQL-5.0/mysql-5.0.16.tar.gz | https://www.mysql.com/ | https://dev.mysql.com/get/Downloads/MySQL-5.0/mysql-5.0.16.tar.gz | MySQL client programs and shared library.
So it looks a lot like MySQL is there, and maybe that was even someone's intention. But then you remember that this is really not referring to "MySQL" as we know it, but it is actually from a list of RPM packages in Red Hat Enterprise Linux. And then you remember that the "mysql" package will install the mysql client library and client console. This is of course what the description says too. There is another package called "mysql-server" that contains the actual MySQL database. That one is not on the list.
Of course, the link to the MySQL source release actually points to a source package of both the server and the client. But I suppose if you need a link to find the source code for the client, then that is the link. There is no separate tar package to download just the client.
I was told that lawyers are pedantic and everything. I wish they had been more pedantic on this one. But given that the explanation text says "client programs and shared library", I wouldn't be as bold as Aslett was and assume that the actual MySQL server is covered. Of course, I can easily see how someone would be led to believe that, but it doesn't sound like a legally safe assumption to me.
Ok, fast forward to 2012. All the way to May 2012... so I mean really fast :-) One would hope they have clarified this situation by now... er... by then? ...in the current list of protected software:
1024 | mysql | 5.5.14 | https://www.mysql.com | https://www.mysql.com/ | https://dev.mysql.com/get/Downloads/MySQL-5.0/mysql-5.0.16.tar.gz | a WWW interface for the TCX mySQL database www-mysql is a web interface for the mySQL database. SQL commands can be embedded into web pages; these are executed on the server by www-mysql and the resulting web page sent to the browser. All SQL commands and queries supported by mySQL can be used via www-mysql. From Debian 3.0r0 APT
I believe WTF!? is the appropriate expression.
Ok, so they've updated from 5.0 to 5.5. Under the theory that this actually means MySQL server, that is great news since 5.0 is obsolete by now. (But what about MySQL Cluster?) On the other hand the download link still points to 5.0. The description text is a complete facepalm - I have no idea which package it comes from - it sounds like a tongue-in-cheek MySQL centric description of PHP :-) It's certainly not describing any part of MySQL, whether client or server.
On rare occasions that OIN is discussed, I've usually said that my main problem with OIN is that nobody has been able to explain to me what they protect, and how, and when, and why. But I suppose with this most updated list I'm more inclined to say that I don't see any evidence that OIN itself knows what it is doing either.
The good news in all this is that quite likely both MySQL and PostgreSQL are intended to be covered, server and all. (The PostgreSQL entry is equally WTFish.) If the OIN folks could just manage to correctly copy paste a few sentences from one place to another, then we could feel legally much safer about it too.