Letter to the Community concerning Bareos
DISCLAIMER:
Please keep in mind that what I discuss here are my own personal thoughts and not those of Bacula Systems. Bacula Systems statements and positions will be communicated on the Bacula Systems web site or by other official Bacula Systems communications.
I am obliged to write about Bareos. Many or most of the things that I will write are statements of facts, but certain are allegations that myself and Bacula Systems have made. In the case of the allegations, particularly the most serious, they are yet to be determined by a court of law.
When I use the terms Bacula Systems or Bacula Enterprise Edition, I am referring to the code which is proprietary, and when I refer to Bacula, unless otherwise stated, I am referring to the fully open source community version.
END DISCLAIMER.
Since the whole story is a bit long, I will break it into smaller pieces as follows:
1. General Background.
2. The theft of proprietary software and unfair competition that led to the Bacula Systems lawsuit against Bareos.
3. The fork itself and what went wrong — copyright violations, plagiarism, moral wrong doing, and attempts to destroy Bacula and me personally through abusive language.
4. The Future of Bacula
====
1. General Background.
Most of you already know that I am a founder of two companies: Autodesk Inc, in 1982 and Bacula Systems SA in 2008. However, more importantly, I consider myself as a developer — mostly in C/C++ of system applications. I took an early retirement in 1995, and since 1998, I have been a full time passionate open source developer. I started with the APCUPSD project then in 2000 started
the Bacula project, which I released to Source Forge in April of 2002. Since 2000 all my available time has been devoted to making Bacula the best open source backup program possible. In January, it will be 14 years that I have been working on it, and for the moment I see no end in sight.
I created Bacula Systems in 2008 with 7 other founders to ensure the long term growth and success of Bacula the community version. The concept was to earn money to fund development by providing enterprises with support for Bacula as a much less expensive alternative to existing commercial software. Most of these founders were and are passionate open source fans, each invested their own money in Bacula Systems to fund development and today a number of them depend on salaries from Bacula Systems to live.
Bacula Systems hasn’t in the least diminished my or the other founder’s dedication to open source software. It has just provided a means to ensure that Bacula evolves faster with a corporation behind it. The state of maturity of Bacula is like a dream come true for me.
2. The theft of proprietary software and unfair competition that led to the Bacula Systems lawsuit against Bareos.
The arrival of Bareos early this year is like the worst nightmare I can imagine in a dream come true and has led to the lawsuit mentioned at the following link:
http://www.baculasystems.com/blog/bacula-systems-sa-files-lawsuit-against-bareos-gmbh-co-kg
Now that Bacula Systems has announced the lawsuit I can be more open about what has been going on.
How and why have we gotten there?
The basis of the problem is related to a community developer who began working with Bacula in 2008, and then as a consultant helped Bacula Systems in 2010 with the Solaris packaging. To work with the Solaris packaging, he requested access to the Bacula Enterprise software. To have this access, he signed an NDA, which is normal when you give a “consultant” access to proprietary software.
This consultant did the Solaris packaging for Bacula Systems, then later continued developing the community version, all the while with access to the Enterprise code. He even had a SIP telephone that connected directly into the Bacula Systems corporate telephone system including the internal conference centers. He continued working on the community version where he was responsible for applying patches to the Bacula community version, since he had full write permission, while at the same time, he also helped port code from the Enterprise version into the community version.
On the 27th of February 2013, I learned that Bareos had been created and that this consultant/developer was a managing director as well as CTO of Bareos, and that they had a competing commercial fork of Bacula that he had been working on since 2010.
You can imagine my stupefaction since the consultant had never mentioned that he had created a commercial fork of Bacula to me or anyone in Bacula Systems, nor did Bacula Systems learn about this fork from the Bacula Systems partner DassIT, which apparently created Bareos and with which it shares their headquarters and the four managing directors. Furthermore until Bacula Systems removed his git access to our Enterprise source code, the consultant continued daily downloads of the Enterprise software it even after Bareos was up and running.
Bacula Systems immediately wrote to the consultant requesting him to delete the Enterprise source code and stop using it, which in a rather emotional email, he refused to do.
At that point, what would you do? We looked more carefully at the Bareos source code and determined that it included a few very important enterprise enhancements that were only in the Bacula Enterprise code. So, the only conclusion possible is that the consultant had taken pieces of the enterprise code and used them in the Bareos release. In addition, there were many serious copyright problems in the Bareos code that I will elaborate more later in this letter.
Bacula Systems then took two approaches to resolving these problems. One was to make it clear that Bareos did not have the right to possess or use the Bacula Enterprise code, and the other was to request the Free Software Foundation Europe to resolve the copyright issues with Bareos. From my personal point of view, working with Bareos was very frustrating since they essentially put up every kind of obstacle possible including denying everything, which complicated and dragged out the discussions. In the end, both the Bareos lawyer and the consultant’s lawyer wrote letters asserting that their clients claimed to have destroyed the Enterprise source or in the case of Bareos that they have never had it. This whole process took many months, and in August Bacula Systems believed that the problems with Bareos were mostly resolved.
My next surprise was in late September. In a rather massive several thousand line commit, we found over four hundred lines of Bacula Enterprise code that were also buried in that commit. This code was very obviously copied directly from the Enterprise code and not simply written by the author of the commit, who is another of the managing directors of Bareos. This also meant that despite the fact that both the consultant and Bareos claimed to not have the Enterprise code, they did. This put a whole new dimension to the Bareos release, because there was clear new theft of Bacula Systems proprietary code despite Bareos’ and the consultant’s claims not to possess it. This was very serious as the code the consultant had contains a considerable amount of other Bacula Systems code that could also be copied and released to the public. At this point Bacula Systems had no choice but to file a lawsuit, which was prepared and filed on the 6th of December 2013 in the Swiss Cantonal court.
Given that it is clearly published on the Bareos web site that the Bareos code has been under development since 2010, one can only imagine that the whole affair was planned from the beginning and it appears that it is industrial espionage and software piracy that was planned and executed in secret for during two or three years.
For me personally, it was a real deception since this consultant had stayed in my house, then myself and other colleagues from Bacula Systems had spent considerable time and effort working with the consultant helping him improve his programming and more particularly how to program within Bacula. It is even more painful to think that he did this secretly for apparently many years.
What follows is my discussion of the fork and the copyright violations that do not form a part of the lawsuit, but are very important for the future of Bacula and more in general for the future of open source.
3. The fork itself and what went wrong — copyright violations, plagiarism, moral wrong doing, and attempts to destroy Bacula and me personally through abusive language.
As mentioned above, on the 27th of February, Bacula Systems and myself became aware of a fork called Bareos, so obviously, I was interested in what they were doing. Aside from the negative attitude they openly postulated toward Bacula on their web site (since removed), I was rather surprised by the copyright violations in the source code, that they describe on their web site as:
“We had some minor formal issuse [sic] regarding version history and header files at the beginning of our project”.
In fact the copyright violations consisted of the following items:
- In the original release, they added the Bareos copyright (as well as others) to all the original Bacula files, including those that they had not changed.
- They removed all the copyright on all the binaries and replaced them with: “Copyright (C) 2013-2013 Bareos GmbH & Co. KG”
Both of these are serious copyright violations. Bareos’ first attempt at fixing the violations was what I would call minimal and had to be redone later with far more significant changes.
In addition to the copyright violations, there are still clear examples of plagiarism (in other terms copyright violations) that exist in their code that were added more recently. For example, the file bacula/src/stored/fd_cmds.c from the original Bacula source code was copied into sd_cmds.c and then modified to replace all references to the fd or File daemon by sd or Storage daemon respectively. This is normal, but what was not normal was despite probably 80-90% of the code remaining identical to the original including comments, they totally stripped the Free Software Foundation Europe copyright and replaced it with a Bareos copyright. This is probably one of the most common form of copyright violation, and it is very hard to detect without spending a large amount of time examining the code.
In addition, they removed my name from the source code, which was
Kern Sibbald, MM
and replaced it by:
Marco van Wieringen, November 2012
This is clearly plagiarism, and it still exists in their source code today. As far as I can tell, there are several other such cases, where significant portions of an original Bacula file have been copied into a new file (or even the whole file taken and edited as in the case of sd_cmds.c). The result is a totally new file with the old copyright and accreditation removed. In my opinion, this practice is extremely serious for the future of open source and Bacula, because imagine carrying this a bit farther. If they continue this procedure on other files, one could imagine that in a few years after numerous releases and changes, the whole code body gets shuffled around, put in new files, and all the Free Software Foundation Europe’s copyrights disappear. Then the source code can be taken proprietary, and Bareos could have their own proprietary copy of code that was previously open source. This is, of course, speculation but it is possible.
Now I would like to discuss moral wrong doing. This is not a legal point because as far as I can tell these are not violations of the law, but they are in my opinion moral violations of standard practices particularly among open source programmers.
The original Bacula source code header includes the following statement inside the copyright section:
“The main author of Bacula is Kern Sibbald, with contributions from many others, a complete list can be found in the file AUTHORS.”
Although the AUTHORS file is in the Bareos release, they totally stripped all the references to it from the header files, thus effectively hiding the AUTHORS. I was rather surprised by this, because that eliminated the most important part of attributions to both myself and everyone else.
To my surprise, under the GPL according to the Free Software Foundation, this is legal.
They removed a number of other accreditations as well including the word Bacula from all the code.
Removing accreditations in this way, to me seems rather brutal, and is something I feel is, at the least, morally wrong.
Concerning the point about attempts to destroy Bacula and me personally through abusive language. I take two simple examples:
Maik Aussendorf
Fri 4 October 2013 15:30
Presentation at Open Source Developers Conference (OSDC)
Since a few years (uh) we have seen (that only uh) that features were only (uh) developed in the closed source enterprise edition … and it (uh) even happened that (uh) patches that were submitted by community developers were rejected by the project leader for the reason (uh) that he said he wanted to have this feature only in the enterprise version, which is (uh) not open source.
My comments are:
1. It is patently false that for a “few years (uh) … (uh) that features were only (uh) developed in the close source enterprise edition”. Bacula Systems has the right to develop code and has contributed a lot of it back to Bacula and will continue to do so. Bacula Systems’ development takes nothing away from the community but adds great value to it.
2. To say that patches submitted by the community were rejected by me (Kern) because they were enterprise features is a totally false. This is a shameless, untrue personal attack that is designed to discredit me as well as Bacula.
3. Since Mr. Aussendorf has never worked with me or the Bacula community, in the quote above, one can only assume that he is repeating something that he heard from someone else, and either has misunderstood the information or purposely has distorted it. In any case, a person that makes statements of such importance without first hand knowledge is not very credible.
The second example is:
Bruno Friedmann
Email to Bacula-users 2 June 2013
… My personal frustration started with the creation of Bacula Enterprise, which has until now never (from what I’ve seen) reversed an Enterprise feature back to the community.
It is very surprising that Bruno Friedmann who knows Bacula would say that Bacula Systems has never “reversed” an Enterprise feature back to the community since the Bacula manual clearly documents many (but not all) of the features that Bacula Systems has contributed to Bacula over the years or simply look at the long list of Bacula Systems contributed fixes of the 20 February 2013 release on the News section of the web site.
I have a hard time understanding why people feel they have to publicly make such ridiculous remarks. I use a lot of open source software, and some of it is produced by open core companies that offer better and nicer commercial features that I would really like to have, but I don’t have any sense that these companies are taking anything away from me or are in any way doing something wrong. On the contrary, most of them are fixing bugs and enhancing the community version.
I guess this sort of verbal abuse is a sign of the times. Instead of trying to tear down years of work, why can’t these people just be content with what has been given to them free.
4. The Future of Bacula
Obviously at this point, Bacula Systems does not know what the outcome of the lawsuit will be, but I hope that at a minimum it stops the theft of the Enterprise code, the copyright violations, and that it puts a stop to the public smear campaign against Bacula, myself, and Bacula Systems that the managing directors of Bareos have maintained for the last nine months.
Although the Bacula project has been on hold since February while trying to sort out these issues, the future looks very bright since Bacula Systems has continued developing new features in the Enterprise version at an even faster pace, and since Bacula Systems feels that the differentiation between the community version and the Enterprise version is sufficient, you can expect over the next three to four months to see several things:
1. An improved bacula.org web site with a new design sponsored by Bacula Systems, and with the help of a long time community supporter.
2. More new features back ported to the community version of Bacula.
3. An annual Bacula Conference with the first one in Berlin starting with a dinner the evening of 20 March and taking place on the 21st of March.
4. Long term continuation of Bacula through sponsorship by Bacula Systems which has always contributed significant pieces of code that it developed to the community version and will continue to do so. This has always been our stated objective, but now it is more formal since Bacula Systems has an agreement with the Free Software Foundation Europe wherein it states that Bacula Systems will contribute back to the community version all new features developed by Bacula Systems after at most five years that are not encumbered by third party proprietary agreement. The maximum delay of five years is important to allow Bacula Systems to grow and thus continue to contribute to the community version. Being an open core company is not a new business strategy — companies such as: RedHat, MySQL, Zimbra, SugarCRM, Eucalyptus, Pentaho, and Carafe (note, at one time I argued for RedHat as an open source company, but I was arguing with a highly placed FSF person, who was probably right). However, I don’t think that any other open core company has yet made such a strong open source commitment.
I plan additional blogs on these subjects particularly as important events happen, but I hope this helps you understand what myself and Bacula have been through for the last nine months, and that my commitment remains as strong as ever to make Bacula the best open source backup program.
Thank you for your understanding and for using Bacula.
Kern Sibbald
Bacula Project Manager