When we last checked in on the Audacity community, privacy-minded users of the free and open source audio editor were concerned over proposed plans to add telemetry reporting to the decades old open source audio editing software. More than 1,000 comments were left on the GitHub pull request that would have implemented this “phone home” capability, with many individuals arguing that the best course of action was to create a new fork of Audacity that removed any current or future tracking code that was implemented upstream.
For their part, the project’s new owners, Muse Group, argued that the ability for Audacity to report on the user’s software environment would allow them to track down some particularly tricky bugs. The tabulation of anonymous usage information, such as which audio filters are most commonly applied, would similarly be used to determine where development time and money would best be spent. New project leader Martin “Tantacrul” Keary personally stepped in to explain that the whole situation was simply a misunderstanding, and that Muse Group had no ill intent for the venerable program. They simply wanted to get a better idea of how the software was being used in the real-world, but after seeing how vocal the community was about the subject, the decision was made to hold off on any changes until a more broadly acceptable approach could be developed.
Our last post on the subject ended on a high note, as it seemed like the situation was on the mend. While there was still a segment of the Audacity userbase that was skeptical about remote analytics being added into a program that never needed it before, representatives from the Muse Group seemed to be listening to the feedback they were receiving. Keary assured users that plans to implement telemetry had been dropped, and that should they be reintroduced in the future, it would be done with the appropriate transparency.
License Shell Game
A little more than a week after our previous Audacity article went out, Daniel Ray, Muse Group’s Head of Strategy, dropped a new bombshell on GitHub in the form of a new Contributor License Agreement (CLA). He explained that past and future contributors would be bound by the agreement, which gives Muse Group unlimited rights over how contributed code is used and licensed. The document makes clear that the original contributor is still technically the owner of said code, and that they were free to use it in other projects, but they would have no say in its fate once folded into the Audacity project.
If there was any doubt to what Muse Group had in mind by implementing this CLA, Ray was clear that they were indeed positioning themselves to relicense the project. In the short-term they want to move Audacity from GPLv2 to GPLv3, which he explained would open up compatibility with various libraries and technologies the team had their eye on. This wouldn’t necessarily be a bad thing, and while some contributors might not have agreed with all the changes made in the later revision of the GPL, it’s unlikely the upgrade would have made too many waves.
The real trouble started when he admitted that Muse Group eventually intended to dual-license the code as well. This would mean that in some situations, and at their sole discretion, Muse Group could offer up a version of Audacity that was bound by an entirely different and yet-to-be-named license. Ray cites issues with listing GPL-licensed projects on the Apple App Store as an example of why this clause is necessary, as it would allow Muse Group to use a more permissive license to satisfy a vendor’s requirements for redistribution.
If that wasn’t enough, the FAQ for the new CLA specifically states that code contributed to Audacity may be used in future closed source projects by Muse Group:
It’s not an exaggeration to say that this is the antithesis of what the open source community, or at least the GPL, stands for. Few individuals who are looking to submit their code for inclusion to a program that’s spent more than 20 years licensed under the GPLv2 would approve of their work ending up as part of a commercial closed source project. When a commenter asked Ray how Muse Group intended to get past contributors to agree to such a document, he replied that only major contributors needed to sign off; the team decided that rewriting what he described as “trivial” contributions would be more efficient than getting the original authors to agree to the new terms.
You Must Be This Tall to Ride
Many commenters expressed concerns that Audacity’s new age requirement would mean the free tool could no longer be used in educational settings, forcing schools to find an alternative program. Others pointed out that both the GPLv2 and GPLv3 specifically forbid any limitations being placed on who can run the program. If it was Muse Group’s intent to leverage the CLA to supersede this clause of the GPL, it would be a dangerous precedent; limiting the age at which a user can run a program is a slippery slope towards other forms of discrimination, another inexcusable affront to the values of the open source community.
In the latter case, we may have our answer. A fork of Audacity aimed at undoing the changes being made by Muse Group, appropriately named Tenacity, has already amassed more than 4,000 stars on GitHub. Of course there’s no guarantee as to the longevity of such rebellious projects, or critically, whether or not major software repositories will eschew the upstream version in favor of “de-Mused” builds. But there’s an undeniable momentum behind it, fueled purely by the way Muse Group has bungled their interactions with the Audacity community since taking the reins just three months ago.
If this really is the beginning of a hard fork for the legendary open source audio editor, there’s no question as to who should take the blame. In the end, though, if the new Tenacity crew picks up the Audacity torch and runs with it, in a year’s time, we might find ourselves wondering what all the fuss was about.